/* given a reader and a reader arg, calculate and validate the the hash
* signature of a NIST leap second file.
*/
int
leapsec_validate(
leapsec_reader func,
void * farg)
{
isc_sha1_t mdctx;
sha1_digest rdig, ldig; /* remote / local digests */
char line[50];
int hlseen = -1;
isc_sha1_init(&mdctx);
while (get_line(func, farg, line, sizeof(line))) {
if (!strncmp(line, "#h", 2))
hlseen = do_leap_hash(&rdig, line+2);
else if (!strncmp(line, "#@", 2))
do_hash_data(&mdctx, line+2);
else if (!strncmp(line, "#$", 2))
do_hash_data(&mdctx, line+2);
else if (isdigit((unsigned char)line[0]))
do_hash_data(&mdctx, line);
}
isc_sha1_final(&mdctx, ldig.hv);
isc_sha1_invalidate(&mdctx);
if (0 > hlseen)
return LSVALID_NOHASH;
if (0 == hlseen)
return LSVALID_BADFORMAT;
if (0 != memcmp(&rdig, &ldig, sizeof(sha1_digest)))
return LSVALID_BADHASH;
return LSVALID_GOODHASH;
}
static void
openssldsa_destroyctx(dst_context_t *dctx) {
isc_sha1_t *sha1ctx = dctx->opaque;
if (sha1ctx != NULL) {
isc_sha1_invalidate(sha1ctx);
isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t));
dctx->opaque = NULL;
}
}
static void
openssldsa_destroyctx(dst_context_t *dctx) {
#if USE_EVP
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
if (evp_md_ctx != NULL) {
EVP_MD_CTX_destroy(evp_md_ctx);
dctx->ctxdata.evp_md_ctx = NULL;
}
#else
isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
if (sha1ctx != NULL) {
isc_sha1_invalidate(sha1ctx);
isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t));
dctx->ctxdata.sha1ctx = NULL;
}
#endif
}
static void
opensslrsa_destroyctx(dst_context_t *dctx) {
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx = dctx->opaque;
if (md5ctx != NULL) {
isc_md5_invalidate(md5ctx);
isc_mem_put(dctx->mctx, md5ctx, sizeof(isc_md5_t));
}
} else {
isc_sha1_t *sha1ctx = dctx->opaque;
if (sha1ctx != NULL) {
isc_sha1_invalidate(sha1ctx);
isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t));
}
}
dctx->opaque = NULL;
}
void
isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
isc_sha1_invalidate(&ctx->sha1ctx);
memset(ctx->key, 0, sizeof(ctx->key));
memset(ctx, 0, sizeof(ctx));
}
static void
opensslrsa_destroyctx(dst_context_t *dctx) {
#if USE_EVP
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
#endif
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1 ||
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
#if USE_EVP
if (evp_md_ctx != NULL) {
EVP_MD_CTX_destroy(evp_md_ctx);
dctx->ctxdata.evp_md_ctx = NULL;
}
#else
switch (dctx->key->key_alg) {
case DST_ALG_RSAMD5:
{
isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
if (md5ctx != NULL) {
isc_md5_invalidate(md5ctx);
isc_mem_put(dctx->mctx, md5ctx,
sizeof(isc_md5_t));
dctx->ctxdata.md5ctx = NULL;
}
}
break;
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
{
isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
if (sha1ctx != NULL) {
isc_sha1_invalidate(sha1ctx);
isc_mem_put(dctx->mctx, sha1ctx,
sizeof(isc_sha1_t));
dctx->ctxdata.sha1ctx = NULL;
}
}
break;
case DST_ALG_RSASHA256:
{
isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
if (sha256ctx != NULL) {
isc_sha256_invalidate(sha256ctx);
isc_mem_put(dctx->mctx, sha256ctx,
sizeof(isc_sha256_t));
dctx->ctxdata.sha256ctx = NULL;
}
}
break;
case DST_ALG_RSASHA512:
{
isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
if (sha512ctx != NULL) {
isc_sha512_invalidate(sha512ctx);
isc_mem_put(dctx->mctx, sha512ctx,
sizeof(isc_sha512_t));
dctx->ctxdata.sha512ctx = NULL;
}
}
break;
default:
INSIST(0);
}
#endif
}