145 lines
4.5 KiB
Text
145 lines
4.5 KiB
Text
https://github.com/tobez/validns/pull/71
|
|
|
|
Index: rrsig.c
|
|
--- rrsig.c.orig
|
|
+++ rrsig.c
|
|
@@ -26,7 +26,7 @@
|
|
struct verification_data
|
|
{
|
|
struct verification_data *next;
|
|
- EVP_MD_CTX ctx;
|
|
+ EVP_MD_CTX *ctx;
|
|
struct rr_dnskey *key;
|
|
struct rr_rrsig *rr;
|
|
int ok;
|
|
@@ -180,7 +180,7 @@ void *verification_thread(void *dummy)
|
|
if (d) {
|
|
int r;
|
|
d->next = NULL;
|
|
- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
|
+ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
|
if (r == 1) {
|
|
d->ok = 1;
|
|
} else {
|
|
@@ -232,7 +232,7 @@ static void schedule_verification(struct verification_
|
|
} else {
|
|
int r;
|
|
G.stats.signatures_verified++;
|
|
- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
|
+ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
|
if (r == 1) {
|
|
d->ok = 1;
|
|
} else {
|
|
@@ -250,21 +250,22 @@ static int verify_signature(struct verification_data *
|
|
struct rr *signed_rr;
|
|
int i;
|
|
|
|
- EVP_MD_CTX_init(&d->ctx);
|
|
+ if ((d->ctx = EVP_MD_CTX_new()) == NULL)
|
|
+ return 0;
|
|
switch (d->rr->algorithm) {
|
|
case ALG_DSA:
|
|
case ALG_RSASHA1:
|
|
case ALG_DSA_NSEC3_SHA1:
|
|
case ALG_RSASHA1_NSEC3_SHA1:
|
|
- if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1)
|
|
+ if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1)
|
|
return 0;
|
|
break;
|
|
case ALG_RSASHA256:
|
|
- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1)
|
|
+ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1)
|
|
return 0;
|
|
break;
|
|
case ALG_RSASHA512:
|
|
- if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1)
|
|
+ if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1)
|
|
return 0;
|
|
break;
|
|
default:
|
|
@@ -274,7 +275,7 @@ static int verify_signature(struct verification_data *
|
|
chunk = rrsig_wirerdata_ex(&d->rr->rr, 0);
|
|
if (chunk.length < 0)
|
|
return 0;
|
|
- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
|
|
+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
|
|
|
|
set = getmem_temp(sizeof(*set) * signed_set->count);
|
|
|
|
@@ -294,12 +295,12 @@ static int verify_signature(struct verification_data *
|
|
chunk = name2wire_name(signed_set->named_rr->name);
|
|
if (chunk.length < 0)
|
|
return 0;
|
|
- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
|
|
- b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2);
|
|
- b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2);
|
|
- b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4);
|
|
- b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2);
|
|
- EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length);
|
|
+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
|
|
+ b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(d->ctx, &b2, 2);
|
|
+ b2 = htons(1); /* class IN */ EVP_VerifyUpdate(d->ctx, &b2, 2);
|
|
+ b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(d->ctx, &b4, 4);
|
|
+ b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2);
|
|
+ EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length);
|
|
}
|
|
|
|
schedule_verification(d);
|
|
@@ -371,49 +372,12 @@ static void *rrsig_validate(struct rr *rrv)
|
|
return rr;
|
|
}
|
|
|
|
-static pthread_mutex_t *lock_cs;
|
|
-static long *lock_count;
|
|
-
|
|
-static unsigned long pthreads_thread_id(void)
|
|
-{
|
|
- unsigned long ret;
|
|
-
|
|
- ret=(unsigned long)pthread_self();
|
|
- return(ret);
|
|
-}
|
|
-
|
|
-static void pthreads_locking_callback(int mode, int type, char *file, int line)
|
|
-{
|
|
- if (mode & CRYPTO_LOCK) {
|
|
- pthread_mutex_lock(&(lock_cs[type]));
|
|
- lock_count[type]++;
|
|
- } else {
|
|
- pthread_mutex_unlock(&(lock_cs[type]));
|
|
- }
|
|
-}
|
|
-
|
|
void verify_all_keys(void)
|
|
{
|
|
struct keys_to_verify *k = all_keys_to_verify;
|
|
int i;
|
|
struct timespec sleep_time;
|
|
|
|
- ERR_load_crypto_strings();
|
|
- if (G.opt.n_threads > 1) {
|
|
- lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
|
|
- lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
|
|
- for (i = 0; i < CRYPTO_num_locks(); i++) {
|
|
- lock_count[i] = 0;
|
|
- pthread_mutex_init(&lock_cs[i],NULL);
|
|
- }
|
|
-
|
|
- CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
|
|
- CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
|
|
-
|
|
- if (pthread_mutex_init(&queue_lock, NULL) != 0)
|
|
- croak(1, "pthread_mutex_init");
|
|
- }
|
|
-
|
|
while (k) {
|
|
freeall_temp();
|
|
for (i = 0; i < k->n_keys; i++) {
|
|
@@ -440,6 +404,7 @@ void verify_all_keys(void)
|
|
if (k->to_verify[i].openssl_error != 0)
|
|
e = k->to_verify[i].openssl_error;
|
|
}
|
|
+ EVP_MD_CTX_free(k->to_verify[i].ctx);
|
|
}
|
|
if (!ok) {
|
|
struct named_rr *named_rr;
|