summaryrefslogtreecommitdiffstats
path: root/usr.sbin/bind/lib
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/bind/lib')
-rw-r--r--usr.sbin/bind/lib/dns/dst_api.c206
-rw-r--r--usr.sbin/bind/lib/dns/dst_parse.c196
-rw-r--r--usr.sbin/bind/lib/dns/dst_parse.h6
-rw-r--r--usr.sbin/bind/lib/dns/hmac_link.c162
-rw-r--r--usr.sbin/bind/lib/dns/opensslecdsa_link.c46
-rw-r--r--usr.sbin/bind/lib/dns/opensslrsa_link.c127
6 files changed, 11 insertions, 732 deletions
diff --git a/usr.sbin/bind/lib/dns/dst_api.c b/usr.sbin/bind/lib/dns/dst_api.c
index caf80f97cae..007e68e3499 100644
--- a/usr.sbin/bind/lib/dns/dst_api.c
+++ b/usr.sbin/bind/lib/dns/dst_api.c
@@ -33,7 +33,7 @@
/*
* Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.19 2020/01/22 13:02:09 florian Exp $
+ * $Id: dst_api.c,v 1.20 2020/01/26 11:22:33 florian Exp $
*/
/*! \file */
@@ -92,8 +92,6 @@ static dst_key_t * get_key_struct(dns_name_t *name,
unsigned int bits,
dns_rdataclass_t rdclass,
dns_ttl_t ttl);
-static isc_result_t write_public_key(const dst_key_t *key, int type,
- const char *directory);
static isc_result_t buildfilename(dns_name_t *name,
dns_keytag_t id,
unsigned int alg,
@@ -367,32 +365,6 @@ dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
return (pub->func->computesecret(pub, priv, secret));
}
-isc_result_t
-dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
- isc_result_t ret = ISC_R_SUCCESS;
-
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key));
- REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
-
- CHECKALG(key->key_alg);
-
- if (key->func->tofile == NULL)
- return (DST_R_UNSUPPORTEDALG);
-
- if (type & DST_TYPE_PUBLIC) {
- ret = write_public_key(key, type, directory);
- if (ret != ISC_R_SUCCESS)
- return (ret);
- }
-
- if ((type & DST_TYPE_PRIVATE) &&
- (key->key_flags & DNS_KEYFLAG_TYPEMASK) != DNS_KEYTYPE_NOKEY)
- return (key->func->tofile(key, directory));
- else
- return (ISC_R_SUCCESS);
-}
-
void
dst_key_setexternal(dst_key_t *key, isc_boolean_t value) {
key->external = value;
@@ -1385,182 +1357,6 @@ dst_key_read_public(const char *filename, int type,
return (ret);
}
-static isc_boolean_t
-issymmetric(const dst_key_t *key) {
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key));
-
- /* XXXVIX this switch statement is too sparse to gen a jump table. */
- switch (key->key_alg) {
- case DST_ALG_RSASHA1:
- case DST_ALG_NSEC3RSASHA1:
- case DST_ALG_RSASHA256:
- case DST_ALG_RSASHA512:
- case DST_ALG_ECCGOST:
- case DST_ALG_ECDSA256:
- case DST_ALG_ECDSA384:
- case DST_ALG_ED25519:
- case DST_ALG_ED448:
- return (ISC_FALSE);
- case DST_ALG_HMACSHA1:
- case DST_ALG_HMACSHA224:
- case DST_ALG_HMACSHA256:
- case DST_ALG_HMACSHA384:
- case DST_ALG_HMACSHA512:
- return (ISC_TRUE);
- default:
- return (ISC_FALSE);
- }
-}
-
-/*%
- * Write key timing metadata to a file pointer, preceded by 'tag'
- */
-static void
-printtime(const dst_key_t *key, int type, const char *tag, FILE *stream) {
- isc_result_t result;
- const char *output;
- isc_stdtime_t when;
- time_t t;
- char utc[sizeof("YYYYMMDDHHSSMM")];
- isc_buffer_t b;
- isc_region_t r;
-
- result = dst_key_gettime(key, type, &when);
- if (result == ISC_R_NOTFOUND)
- return;
-
- /* time_t and isc_stdtime_t might be different sizes */
- t = when;
- output = ctime(&t);
-
- isc_buffer_init(&b, utc, sizeof(utc));
- result = dns_time32_totext(when, &b);
- if (result != ISC_R_SUCCESS)
- goto error;
-
- isc_buffer_usedregion(&b, &r);
- fprintf(stream, "%s: %.*s (%.*s)\n", tag, (int)r.length, r.base,
- (int)strlen(output) - 1, output);
- return;
-
- error:
- fprintf(stream, "%s: (set, unable to display)\n", tag);
-}
-
-/*%
- * Writes a public key to disk in DNS format.
- */
-static isc_result_t
-write_public_key(const dst_key_t *key, int type, const char *directory) {
- FILE *fp;
- isc_buffer_t keyb, textb, fileb, classb;
- isc_region_t r;
- char filename[ISC_DIR_NAMEMAX];
- unsigned char key_array[DST_KEY_MAXSIZE];
- char text_array[DST_KEY_MAXTEXTSIZE];
- char class_array[10];
- isc_result_t ret;
- dns_rdata_t rdata = DNS_RDATA_INIT;
- isc_fsaccess_t access;
-
- REQUIRE(VALID_KEY(key));
-
- isc_buffer_init(&keyb, key_array, sizeof(key_array));
- isc_buffer_init(&textb, text_array, sizeof(text_array));
- isc_buffer_init(&classb, class_array, sizeof(class_array));
-
- ret = dst_key_todns(key, &keyb);
- if (ret != ISC_R_SUCCESS)
- return (ret);
-
- isc_buffer_usedregion(&keyb, &r);
- dns_rdata_fromregion(&rdata, key->key_class, dns_rdatatype_dnskey, &r);
-
- ret = dns_rdata_totext(&rdata, (dns_name_t *) NULL, &textb);
- if (ret != ISC_R_SUCCESS)
- return (DST_R_INVALIDPUBLICKEY);
-
- ret = dns_rdataclass_totext(key->key_class, &classb);
- if (ret != ISC_R_SUCCESS)
- return (DST_R_INVALIDPUBLICKEY);
-
- /*
- * Make the filename.
- */
- isc_buffer_init(&fileb, filename, sizeof(filename));
- ret = dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory, &fileb);
- if (ret != ISC_R_SUCCESS)
- return (ret);
-
- /*
- * Create public key file.
- */
- if ((fp = fopen(filename, "w")) == NULL)
- return (DST_R_WRITEERROR);
-
- if (issymmetric(key)) {
- access = 0;
- isc_fsaccess_add(ISC_FSACCESS_OWNER,
- ISC_FSACCESS_READ | ISC_FSACCESS_WRITE,
- &access);
- (void)isc_fsaccess_set(filename, access);
- }
-
- /* Write key information in comments */
- if ((type & DST_TYPE_KEY) == 0) {
- fprintf(fp, "; This is a %s%s-signing key, keyid %d, for ",
- (key->key_flags & DNS_KEYFLAG_REVOKE) != 0 ?
- "revoked " :
- "",
- (key->key_flags & DNS_KEYFLAG_KSK) != 0 ?
- "key" :
- "zone",
- key->key_id);
- ret = dns_name_print(key->key_name, fp);
- if (ret != ISC_R_SUCCESS) {
- fclose(fp);
- return (ret);
- }
- fputc('\n', fp);
-
- printtime(key, DST_TIME_CREATED, "; Created", fp);
- printtime(key, DST_TIME_PUBLISH, "; Publish", fp);
- printtime(key, DST_TIME_ACTIVATE, "; Activate", fp);
- printtime(key, DST_TIME_REVOKE, "; Revoke", fp);
- printtime(key, DST_TIME_INACTIVE, "; Inactive", fp);
- printtime(key, DST_TIME_DELETE, "; Delete", fp);
- }
-
- /* Now print the actual key */
- ret = dns_name_print(key->key_name, fp);
- fprintf(fp, " ");
-
- if (key->key_ttl != 0)
- fprintf(fp, "%u ", key->key_ttl);
-
- isc_buffer_usedregion(&classb, &r);
- if ((unsigned) fwrite(r.base, 1, r.length, fp) != r.length)
- ret = DST_R_WRITEERROR;
-
- if ((type & DST_TYPE_KEY) != 0)
- fprintf(fp, " KEY ");
- else
- fprintf(fp, " DNSKEY ");
-
- isc_buffer_usedregion(&textb, &r);
- if ((unsigned) fwrite(r.base, 1, r.length, fp) != r.length)
- ret = DST_R_WRITEERROR;
-
- fputc('\n', fp);
- fflush(fp);
- if (ferror(fp))
- ret = DST_R_WRITEERROR;
- fclose(fp);
-
- return (ret);
-}
-
static isc_result_t
buildfilename(dns_name_t *name, dns_keytag_t id,
unsigned int alg, unsigned int type,
diff --git a/usr.sbin/bind/lib/dns/dst_parse.c b/usr.sbin/bind/lib/dns/dst_parse.c
index a33c0bf90a8..9329614750c 100644
--- a/usr.sbin/bind/lib/dns/dst_parse.c
+++ b/usr.sbin/bind/lib/dns/dst_parse.c
@@ -33,7 +33,7 @@
/*%
* Principal Author: Brian Wellington
- * $Id: dst_parse.c,v 1.10 2020/01/22 13:02:09 florian Exp $
+ * $Id: dst_parse.c,v 1.11 2020/01/26 11:22:33 florian Exp $
*/
@@ -140,18 +140,6 @@ find_value(const char *s, const unsigned int alg) {
return (-1);
}
-static const char *
-find_tag(const int value) {
- int i;
-
- for (i = 0; ; i++) {
- if (map[i].tag == NULL)
- return (NULL);
- else if (value == map[i].value)
- return (map[i].tag);
- }
-}
-
static int
find_metadata(const char *s, const char *tags[], int ntags) {
int i;
@@ -563,186 +551,4 @@ fail:
return (ret);
}
-isc_result_t
-dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
- const char *directory)
-{
- FILE *fp;
- isc_result_t result;
- char filename[ISC_DIR_NAMEMAX];
- char buffer[MAXFIELDSIZE * 2];
- isc_fsaccess_t access;
- isc_stdtime_t when;
- uint32_t value;
- isc_buffer_t b;
- isc_region_t r;
- int major, minor;
- mode_t mode;
- int i, ret;
-
- REQUIRE(priv != NULL);
-
- ret = check_data(priv, dst_key_alg(key), ISC_FALSE, key->external);
- if (ret < 0)
- return (DST_R_INVALIDPRIVATEKEY);
- else if (ret != ISC_R_SUCCESS)
- return (ret);
-
- isc_buffer_init(&b, filename, sizeof(filename));
- result = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory, &b);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = isc_file_mode(filename, &mode);
- if (result == ISC_R_SUCCESS && mode != 0600) {
- /* File exists; warn that we are changing its permissions */
- int level;
-
- level = ISC_LOG_WARNING;
- isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
- DNS_LOGMODULE_DNSSEC, level,
- "Permissions on the file %s "
- "have changed from 0%o to 0600 as "
- "a result of this operation.",
- filename, (unsigned int)mode);
- }
-
- if ((fp = fopen(filename, "w")) == NULL)
- return (DST_R_WRITEERROR);
-
- access = 0;
- isc_fsaccess_add(ISC_FSACCESS_OWNER,
- ISC_FSACCESS_READ | ISC_FSACCESS_WRITE,
- &access);
- (void)isc_fsaccess_set(filename, access);
-
- dst_key_getprivateformat(key, &major, &minor);
- if (major == 0 && minor == 0) {
- major = DST_MAJOR_VERSION;
- minor = DST_MINOR_VERSION;
- }
-
- /* XXXDCL return value should be checked for full filesystem */
- fprintf(fp, "%s v%d.%d\n", PRIVATE_KEY_STR, major, minor);
-
- fprintf(fp, "%s %u ", ALGORITHM_STR, dst_key_alg(key));
-
- /* XXXVIX this switch statement is too sparse to gen a jump table. */
- switch (dst_key_alg(key)) {
- case DST_ALG_RSAMD5:
- fprintf(fp, "(RSA)\n");
- break;
- case DST_ALG_DH:
- fprintf(fp, "(DH)\n");
- break;
- case DST_ALG_DSA:
- fprintf(fp, "(DSA)\n");
- break;
- case DST_ALG_RSASHA1:
- fprintf(fp, "(RSASHA1)\n");
- break;
- case DST_ALG_NSEC3RSASHA1:
- fprintf(fp, "(NSEC3RSASHA1)\n");
- break;
- case DST_ALG_NSEC3DSA:
- fprintf(fp, "(NSEC3DSA)\n");
- break;
- case DST_ALG_RSASHA256:
- fprintf(fp, "(RSASHA256)\n");
- break;
- case DST_ALG_RSASHA512:
- fprintf(fp, "(RSASHA512)\n");
- break;
- case DST_ALG_ECCGOST:
- fprintf(fp, "(ECC-GOST)\n");
- break;
- case DST_ALG_ECDSA256:
- fprintf(fp, "(ECDSAP256SHA256)\n");
- break;
- case DST_ALG_ECDSA384:
- fprintf(fp, "(ECDSAP384SHA384)\n");
- break;
- case DST_ALG_ED25519:
- fprintf(fp, "(ED25519)\n");
- break;
- case DST_ALG_ED448:
- fprintf(fp, "(ED448)\n");
- break;
- case DST_ALG_HMACMD5:
- fprintf(fp, "(HMAC_MD5)\n");
- break;
- case DST_ALG_HMACSHA1:
- fprintf(fp, "(HMAC_SHA1)\n");
- break;
- case DST_ALG_HMACSHA224:
- fprintf(fp, "(HMAC_SHA224)\n");
- break;
- case DST_ALG_HMACSHA256:
- fprintf(fp, "(HMAC_SHA256)\n");
- break;
- case DST_ALG_HMACSHA384:
- fprintf(fp, "(HMAC_SHA384)\n");
- break;
- case DST_ALG_HMACSHA512:
- fprintf(fp, "(HMAC_SHA512)\n");
- break;
- default:
- fprintf(fp, "(?)\n");
- break;
- }
-
- for (i = 0; i < priv->nelements; i++) {
- const char *s;
-
- s = find_tag(priv->elements[i].tag);
-
- r.base = priv->elements[i].data;
- r.length = priv->elements[i].length;
- isc_buffer_init(&b, buffer, sizeof(buffer));
- result = isc_base64_totext(&r, sizeof(buffer), "", &b);
- if (result != ISC_R_SUCCESS) {
- fclose(fp);
- return (DST_R_INVALIDPRIVATEKEY);
- }
- isc_buffer_usedregion(&b, &r);
-
- fprintf(fp, "%s %.*s\n", s, (int)r.length, r.base);
- }
-
- if (key->external)
- fprintf(fp, "External:\n");
-
- /* Add the metadata tags */
- if (major > 1 || (major == 1 && minor >= 3)) {
- for (i = 0; i < NUMERIC_NTAGS; i++) {
- result = dst_key_getnum(key, i, &value);
- if (result != ISC_R_SUCCESS)
- continue;
- fprintf(fp, "%s %u\n", numerictags[i], value);
- }
- for (i = 0; i < TIMING_NTAGS; i++) {
- result = dst_key_gettime(key, i, &when);
- if (result != ISC_R_SUCCESS)
- continue;
-
- isc_buffer_init(&b, buffer, sizeof(buffer));
- result = dns_time32_totext(when, &b);
- if (result != ISC_R_SUCCESS) {
- fclose(fp);
- return (DST_R_INVALIDPRIVATEKEY);
- }
-
- isc_buffer_usedregion(&b, &r);
-
- fprintf(fp, "%s %.*s\n", timetags[i], (int)r.length,
- r.base);
- }
- }
-
- fflush(fp);
- result = ferror(fp) ? DST_R_WRITEERROR : ISC_R_SUCCESS;
- fclose(fp);
- return (result);
-}
-
/*! \file */
diff --git a/usr.sbin/bind/lib/dns/dst_parse.h b/usr.sbin/bind/lib/dns/dst_parse.h
index 5f92eeb2a85..29a40f238fa 100644
--- a/usr.sbin/bind/lib/dns/dst_parse.h
+++ b/usr.sbin/bind/lib/dns/dst_parse.h
@@ -31,7 +31,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dst_parse.h,v 1.4 2020/01/20 18:51:52 florian Exp $ */
+/* $Id: dst_parse.h,v 1.5 2020/01/26 11:22:33 florian Exp $ */
/*! \file */
#ifndef DST_DST_PARSE_H
@@ -142,10 +142,6 @@ isc_result_t
dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
dst_private_t *priv);
-isc_result_t
-dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
- const char *directory);
-
ISC_LANG_ENDDECLS
#endif /* DST_DST_PARSE_H */
diff --git a/usr.sbin/bind/lib/dns/hmac_link.c b/usr.sbin/bind/lib/dns/hmac_link.c
index fad68975fba..9f3be1e5eed 100644
--- a/usr.sbin/bind/lib/dns/hmac_link.c
+++ b/usr.sbin/bind/lib/dns/hmac_link.c
@@ -33,7 +33,7 @@
/*
* Principal Author: Brian Wellington
- * $Id: hmac_link.c,v 1.9 2020/01/22 13:02:09 florian Exp $
+ * $Id: hmac_link.c,v 1.10 2020/01/26 11:22:33 florian Exp $
*/
@@ -244,36 +244,6 @@ hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
static isc_result_t
-hmacsha1_tofile(const dst_key_t *key, const char *directory) {
- int cnt = 0;
- dst_hmacsha1_key_t *hkey;
- dst_private_t priv;
- int bytes = (key->key_size + 7) / 8;
- unsigned char buf[2];
-
- if (key->keydata.hmacsha1 == NULL)
- return (DST_R_NULLKEY);
-
- if (key->external)
- return (DST_R_EXTERNALKEY);
-
- hkey = key->keydata.hmacsha1;
-
- priv.elements[cnt].tag = TAG_HMACSHA1_KEY;
- priv.elements[cnt].length = bytes;
- priv.elements[cnt++].data = hkey->key;
-
- buf[0] = (key->key_bits >> 8) & 0xffU;
- buf[1] = key->key_bits & 0xffU;
- priv.elements[cnt].tag = TAG_HMACSHA1_BITS;
- priv.elements[cnt].data = buf;
- priv.elements[cnt++].length = 2;
-
- priv.nelements = cnt;
- return (dst__privstruct_writefile(key, &priv, directory));
-}
-
-static isc_result_t
hmacsha1_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
@@ -332,7 +302,7 @@ static dst_func_t hmacsha1_functions = {
hmacsha1_destroy,
hmacsha1_todns,
hmacsha1_fromdns,
- hmacsha1_tofile,
+ NULL, /* hmacsha1_tofile */
hmacsha1_parse,
NULL, /* cleanup */
NULL, /* fromlabel */
@@ -534,36 +504,6 @@ hmacsha224_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
static isc_result_t
-hmacsha224_tofile(const dst_key_t *key, const char *directory) {
- int cnt = 0;
- dst_hmacsha224_key_t *hkey;
- dst_private_t priv;
- int bytes = (key->key_size + 7) / 8;
- unsigned char buf[2];
-
- if (key->keydata.hmacsha224 == NULL)
- return (DST_R_NULLKEY);
-
- if (key->external)
- return (DST_R_EXTERNALKEY);
-
- hkey = key->keydata.hmacsha224;
-
- priv.elements[cnt].tag = TAG_HMACSHA224_KEY;
- priv.elements[cnt].length = bytes;
- priv.elements[cnt++].data = hkey->key;
-
- buf[0] = (key->key_bits >> 8) & 0xffU;
- buf[1] = key->key_bits & 0xffU;
- priv.elements[cnt].tag = TAG_HMACSHA224_BITS;
- priv.elements[cnt].data = buf;
- priv.elements[cnt++].length = 2;
-
- priv.nelements = cnt;
- return (dst__privstruct_writefile(key, &priv, directory));
-}
-
-static isc_result_t
hmacsha224_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
@@ -622,7 +562,7 @@ static dst_func_t hmacsha224_functions = {
hmacsha224_destroy,
hmacsha224_todns,
hmacsha224_fromdns,
- hmacsha224_tofile,
+ NULL, /* hmacsha224_tofile */
hmacsha224_parse,
NULL, /* cleanup */
NULL, /* fromlabel */
@@ -818,36 +758,6 @@ hmacsha256_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
static isc_result_t
-hmacsha256_tofile(const dst_key_t *key, const char *directory) {
- int cnt = 0;
- dst_hmacsha256_key_t *hkey;
- dst_private_t priv;
- int bytes = (key->key_size + 7) / 8;
- unsigned char buf[2];
-
- if (key->keydata.hmacsha256 == NULL)
- return (DST_R_NULLKEY);
-
- if (key->external)
- return (DST_R_EXTERNALKEY);
-
- hkey = key->keydata.hmacsha256;
-
- priv.elements[cnt].tag = TAG_HMACSHA256_KEY;
- priv.elements[cnt].length = bytes;
- priv.elements[cnt++].data = hkey->key;
-
- buf[0] = (key->key_bits >> 8) & 0xffU;
- buf[1] = key->key_bits & 0xffU;
- priv.elements[cnt].tag = TAG_HMACSHA256_BITS;
- priv.elements[cnt].data = buf;
- priv.elements[cnt++].length = 2;
-
- priv.nelements = cnt;
- return (dst__privstruct_writefile(key, &priv, directory));
-}
-
-static isc_result_t
hmacsha256_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
@@ -906,7 +816,7 @@ static dst_func_t hmacsha256_functions = {
hmacsha256_destroy,
hmacsha256_todns,
hmacsha256_fromdns,
- hmacsha256_tofile,
+ NULL, /* hmacsha256_tofile */
hmacsha256_parse,
NULL, /* cleanup */
NULL, /* fromlabel */
@@ -1102,36 +1012,6 @@ hmacsha384_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
static isc_result_t
-hmacsha384_tofile(const dst_key_t *key, const char *directory) {
- int cnt = 0;
- dst_hmacsha384_key_t *hkey;
- dst_private_t priv;
- int bytes = (key->key_size + 7) / 8;
- unsigned char buf[2];
-
- if (key->keydata.hmacsha384 == NULL)
- return (DST_R_NULLKEY);
-
- if (key->external)
- return (DST_R_EXTERNALKEY);
-
- hkey = key->keydata.hmacsha384;
-
- priv.elements[cnt].tag = TAG_HMACSHA384_KEY;
- priv.elements[cnt].length = bytes;
- priv.elements[cnt++].data = hkey->key;
-
- buf[0] = (key->key_bits >> 8) & 0xffU;
- buf[1] = key->key_bits & 0xffU;
- priv.elements[cnt].tag = TAG_HMACSHA384_BITS;
- priv.elements[cnt].data = buf;
- priv.elements[cnt++].length = 2;
-
- priv.nelements = cnt;
- return (dst__privstruct_writefile(key, &priv, directory));
-}
-
-static isc_result_t
hmacsha384_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
@@ -1190,7 +1070,7 @@ static dst_func_t hmacsha384_functions = {
hmacsha384_destroy,
hmacsha384_todns,
hmacsha384_fromdns,
- hmacsha384_tofile,
+ NULL, /* hmacsha384_tofile */
hmacsha384_parse,
NULL, /* cleanup */
NULL, /* fromlabel */
@@ -1386,36 +1266,6 @@ hmacsha512_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
static isc_result_t
-hmacsha512_tofile(const dst_key_t *key, const char *directory) {
- int cnt = 0;
- dst_hmacsha512_key_t *hkey;
- dst_private_t priv;
- int bytes = (key->key_size + 7) / 8;
- unsigned char buf[2];
-
- if (key->keydata.hmacsha512 == NULL)
- return (DST_R_NULLKEY);
-
- if (key->external)
- return (DST_R_EXTERNALKEY);
-
- hkey = key->keydata.hmacsha512;
-
- priv.elements[cnt].tag = TAG_HMACSHA512_KEY;
- priv.elements[cnt].length = bytes;
- priv.elements[cnt++].data = hkey->key;
-
- buf[0] = (key->key_bits >> 8) & 0xffU;
- buf[1] = key->key_bits & 0xffU;
- priv.elements[cnt].tag = TAG_HMACSHA512_BITS;
- priv.elements[cnt].data = buf;
- priv.elements[cnt++].length = 2;
-
- priv.nelements = cnt;
- return (dst__privstruct_writefile(key, &priv, directory));
-}
-
-static isc_result_t
hmacsha512_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t result, tresult;
@@ -1474,7 +1324,7 @@ static dst_func_t hmacsha512_functions = {
hmacsha512_destroy,
hmacsha512_todns,
hmacsha512_fromdns,
- hmacsha512_tofile,
+ NULL, /* hmacsha512_tofile */
hmacsha512_parse,
NULL, /* cleanup */
NULL, /* fromlabel */
diff --git a/usr.sbin/bind/lib/dns/opensslecdsa_link.c b/usr.sbin/bind/lib/dns/opensslecdsa_link.c
index acbe57cf143..2008f3a9c6f 100644
--- a/usr.sbin/bind/lib/dns/opensslecdsa_link.c
+++ b/usr.sbin/bind/lib/dns/opensslecdsa_link.c
@@ -439,50 +439,6 @@ opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
static isc_result_t
-opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
- isc_result_t ret;
- EVP_PKEY *pkey;
- EC_KEY *eckey = NULL;
- const BIGNUM *privkey;
- dst_private_t priv;
- unsigned char *buf = NULL;
-
- if (key->keydata.pkey == NULL)
- return (DST_R_NULLKEY);
-
- if (key->external) {
- priv.nelements = 0;
- return (dst__privstruct_writefile(key, &priv, directory));
- }
-
- pkey = key->keydata.pkey;
- eckey = EVP_PKEY_get1_EC_KEY(pkey);
- if (eckey == NULL)
- return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
- privkey = EC_KEY_get0_private_key(eckey);
- if (privkey == NULL)
- DST_RET (ISC_R_FAILURE);
-
- buf = malloc(BN_num_bytes(privkey));
- if (buf == NULL)
- DST_RET (ISC_R_NOMEMORY);
-
- priv.elements[0].tag = TAG_ECDSA_PRIVATEKEY;
- priv.elements[0].length = BN_num_bytes(privkey);
- BN_bn2bin(privkey, buf);
- priv.elements[0].data = buf;
- priv.nelements = 1;
- ret = dst__privstruct_writefile(key, &priv, directory);
-
- err:
- if (eckey != NULL)
- EC_KEY_free(eckey);
- if (buf != NULL)
- free(buf);
- return (ret);
-}
-
-static isc_result_t
ecdsa_check(EC_KEY *eckey, dst_key_t *pub)
{
isc_result_t ret = ISC_R_FAILURE;
@@ -599,7 +555,7 @@ static dst_func_t opensslecdsa_functions = {
opensslecdsa_destroy,
opensslecdsa_todns,
opensslecdsa_fromdns,
- opensslecdsa_tofile,
+ NULL, /* opensslecdsa_tofile */
opensslecdsa_parse,
NULL, /*%< cleanup */
NULL, /*%< fromlabel */
diff --git a/usr.sbin/bind/lib/dns/opensslrsa_link.c b/usr.sbin/bind/lib/dns/opensslrsa_link.c
index 3bc8daa9d78..d12da971262 100644
--- a/usr.sbin/bind/lib/dns/opensslrsa_link.c
+++ b/usr.sbin/bind/lib/dns/opensslrsa_link.c
@@ -560,131 +560,6 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
static isc_result_t
-opensslrsa_tofile(const dst_key_t *key, const char *directory) {
- int i;
- RSA *rsa;
- dst_private_t priv;
- unsigned char *bufs[8];
- isc_result_t result;
- const BIGNUM *n = NULL, *e = NULL, *d = NULL;
- const BIGNUM *p = NULL, *q = NULL;
- const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
-
- if (key->keydata.pkey == NULL)
- return (DST_R_NULLKEY);
- rsa = EVP_PKEY_get1_RSA(key->keydata.pkey);
- if (rsa == NULL)
- return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
- memset(bufs, 0, sizeof(bufs));
-
- RSA_get0_key(rsa, &n, &e, &d);
- RSA_get0_factors(rsa, &p, &q);
- RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-
- if (key->external) {
- priv.nelements = 0;
- result = dst__privstruct_writefile(key, &priv, directory);
- goto fail;
- }
-
- for (i = 0; i < 8; i++) {
- bufs[i] = malloc(BN_num_bytes(n));
- if (bufs[i] == NULL) {
- result = ISC_R_NOMEMORY;
- goto fail;
- }
- }
-
- i = 0;
-
- priv.elements[i].tag = TAG_RSA_MODULUS;
- priv.elements[i].length = BN_num_bytes(n);
- BN_bn2bin(n, bufs[i]);
- priv.elements[i].data = bufs[i];
- i++;
-
- priv.elements[i].tag = TAG_RSA_PUBLICEXPONENT;
- priv.elements[i].length = BN_num_bytes(e);
- BN_bn2bin(e, bufs[i]);
- priv.elements[i].data = bufs[i];
- i++;
-
- if (d != NULL) {
- priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT;
- priv.elements[i].length = BN_num_bytes(d);
- BN_bn2bin(d, bufs[i]);
- priv.elements[i].data = bufs[i];
- i++;
- }
-
- if (p != NULL) {
- priv.elements[i].tag = TAG_RSA_PRIME1;
- priv.elements[i].length = BN_num_bytes(p);
- BN_bn2bin(p, bufs[i]);
- priv.elements[i].data = bufs[i];
- i++;
- }
-
- if (q != NULL) {
- priv.elements[i].tag = TAG_RSA_PRIME2;
- priv.elements[i].length = BN_num_bytes(q);
- BN_bn2bin(q, bufs[i]);
- priv.elements[i].data = bufs[i];
- i++;
- }
-
- if (dmp1 != NULL) {
- priv.elements[i].tag = TAG_RSA_EXPONENT1;
- priv.elements[i].length = BN_num_bytes(dmp1);
- BN_bn2bin(dmp1, bufs[i]);
- priv.elements[i].data = bufs[i];
- i++;
- }
-
- if (dmq1 != NULL) {
- priv.elements[i].tag = TAG_RSA_EXPONENT2;
- priv.elements[i].length = BN_num_bytes(dmq1);
- BN_bn2bin(dmq1, bufs[i]);
- priv.elements[i].data = bufs[i];
- i++;
- }
-
- if (iqmp != NULL) {
- priv.elements[i].tag = TAG_RSA_COEFFICIENT;
- priv.elements[i].length = BN_num_bytes(iqmp);
- BN_bn2bin(iqmp, bufs[i]);
- priv.elements[i].data = bufs[i];
- i++;
- }
-
- if (key->engine != NULL) {
- priv.elements[i].tag = TAG_RSA_ENGINE;
- priv.elements[i].length = strlen(key->engine) + 1;
- priv.elements[i].data = (unsigned char *)key->engine;
- i++;
- }
-
- if (key->label != NULL) {
- priv.elements[i].tag = TAG_RSA_LABEL;
- priv.elements[i].length = strlen(key->label) + 1;
- priv.elements[i].data = (unsigned char *)key->label;
- i++;
- }
-
-
- priv.nelements = i;
- result = dst__privstruct_writefile(key, &priv, directory);
- fail:
- RSA_free(rsa);
- for (i = 0; i < 8; i++) {
- if (bufs[i] == NULL)
- break;
- free(bufs[i]);
- }
- return (result);
-}
-
-static isc_result_t
rsa_check(RSA *rsa, RSA *pub) {
const BIGNUM *n1 = NULL, *n2 = NULL;
const BIGNUM *e1 = NULL, *e2 = NULL;
@@ -897,7 +772,7 @@ static dst_func_t opensslrsa_functions = {
opensslrsa_destroy,
opensslrsa_todns,
opensslrsa_fromdns,
- opensslrsa_tofile,
+ NULL, /* opensslrsa_tofile */
opensslrsa_parse,
NULL, /*%< cleanup */
opensslrsa_fromlabel,
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.