SecBSD's official ports repository
This commit is contained in:
commit
2c0afcbbf3
GPG key ID:
F42C07F07E2E35B7
64331 changed files with 5339189 additions and 0 deletions
145
net/validns/patches/patch-rrsig_c
Normal file
145
net/validns/patches/patch-rrsig_c
Normal file
|
|
@ -0,0 +1,145 @@
|
|||
https://github.com/tobez/validns/pull/71
|
||||
|
||||
Index: rrsig.c
|
||||
--- rrsig.c.orig
|
||||
+++ rrsig.c
|
||||
@@ -26,7 +26,7 @@
|
||||
struct verification_data
|
||||
{
|
||||
struct verification_data *next;
|
||||
- EVP_MD_CTX ctx;
|
||||
+ EVP_MD_CTX *ctx;
|
||||
struct rr_dnskey *key;
|
||||
struct rr_rrsig *rr;
|
||||
int ok;
|
||||
@@ -180,7 +180,7 @@ void *verification_thread(void *dummy)
|
||||
if (d) {
|
||||
int r;
|
||||
d->next = NULL;
|
||||
- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
||||
+ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
||||
if (r == 1) {
|
||||
d->ok = 1;
|
||||
} else {
|
||||
@@ -232,7 +232,7 @@ static void schedule_verification(struct verification_
|
||||
} else {
|
||||
int r;
|
||||
G.stats.signatures_verified++;
|
||||
- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
||||
+ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
||||
if (r == 1) {
|
||||
d->ok = 1;
|
||||
} else {
|
||||
@@ -250,21 +250,22 @@ static int verify_signature(struct verification_data *
|
||||
struct rr *signed_rr;
|
||||
int i;
|
||||
|
||||
- EVP_MD_CTX_init(&d->ctx);
|
||||
+ if ((d->ctx = EVP_MD_CTX_new()) == NULL)
|
||||
+ return 0;
|
||||
switch (d->rr->algorithm) {
|
||||
case ALG_DSA:
|
||||
case ALG_RSASHA1:
|
||||
case ALG_DSA_NSEC3_SHA1:
|
||||
case ALG_RSASHA1_NSEC3_SHA1:
|
||||
- if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1)
|
||||
+ if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1)
|
||||
return 0;
|
||||
break;
|
||||
case ALG_RSASHA256:
|
||||
- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1)
|
||||
+ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1)
|
||||
return 0;
|
||||
break;
|
||||
case ALG_RSASHA512:
|
||||
- if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1)
|
||||
+ if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1)
|
||||
return 0;
|
||||
break;
|
||||
default:
|
||||
@@ -274,7 +275,7 @@ static int verify_signature(struct verification_data *
|
||||
chunk = rrsig_wirerdata_ex(&d->rr->rr, 0);
|
||||
if (chunk.length < 0)
|
||||
return 0;
|
||||
- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
|
||||
+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
|
||||
|
||||
set = getmem_temp(sizeof(*set) * signed_set->count);
|
||||
|
||||
@@ -294,12 +295,12 @@ static int verify_signature(struct verification_data *
|
||||
chunk = name2wire_name(signed_set->named_rr->name);
|
||||
if (chunk.length < 0)
|
||||
return 0;
|
||||
- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
|
||||
- b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2);
|
||||
- b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2);
|
||||
- b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4);
|
||||
- b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2);
|
||||
- EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length);
|
||||
+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
|
||||
+ b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(d->ctx, &b2, 2);
|
||||
+ b2 = htons(1); /* class IN */ EVP_VerifyUpdate(d->ctx, &b2, 2);
|
||||
+ b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(d->ctx, &b4, 4);
|
||||
+ b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2);
|
||||
+ EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length);
|
||||
}
|
||||
|
||||
schedule_verification(d);
|
||||
@@ -371,49 +372,12 @@ static void *rrsig_validate(struct rr *rrv)
|
||||
return rr;
|
||||
}
|
||||
|
||||
-static pthread_mutex_t *lock_cs;
|
||||
-static long *lock_count;
|
||||
-
|
||||
-static unsigned long pthreads_thread_id(void)
|
||||
-{
|
||||
- unsigned long ret;
|
||||
-
|
||||
- ret=(unsigned long)pthread_self();
|
||||
- return(ret);
|
||||
-}
|
||||
-
|
||||
-static void pthreads_locking_callback(int mode, int type, char *file, int line)
|
||||
-{
|
||||
- if (mode & CRYPTO_LOCK) {
|
||||
- pthread_mutex_lock(&(lock_cs[type]));
|
||||
- lock_count[type]++;
|
||||
- } else {
|
||||
- pthread_mutex_unlock(&(lock_cs[type]));
|
||||
- }
|
||||
-}
|
||||
-
|
||||
void verify_all_keys(void)
|
||||
{
|
||||
struct keys_to_verify *k = all_keys_to_verify;
|
||||
int i;
|
||||
struct timespec sleep_time;
|
||||
|
||||
- ERR_load_crypto_strings();
|
||||
- if (G.opt.n_threads > 1) {
|
||||
- lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
|
||||
- lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
|
||||
- for (i = 0; i < CRYPTO_num_locks(); i++) {
|
||||
- lock_count[i] = 0;
|
||||
- pthread_mutex_init(&lock_cs[i],NULL);
|
||||
- }
|
||||
-
|
||||
- CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
|
||||
- CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
|
||||
-
|
||||
- if (pthread_mutex_init(&queue_lock, NULL) != 0)
|
||||
- croak(1, "pthread_mutex_init");
|
||||
- }
|
||||
-
|
||||
while (k) {
|
||||
freeall_temp();
|
||||
for (i = 0; i < k->n_keys; i++) {
|
||||
@@ -440,6 +404,7 @@ void verify_all_keys(void)
|
||||
if (k->to_verify[i].openssl_error != 0)
|
||||
e = k->to_verify[i].openssl_error;
|
||||
}
|
||||
+ EVP_MD_CTX_free(k->to_verify[i].ctx);
|
||||
}
|
||||
if (!ok) {
|
||||
struct named_rr *named_rr;
|
||||
Loading…
Add table
Add a link
Reference in a new issue