]> CyberLeo.Net >> Repos - FreeBSD/releng/9.0.git/blob - contrib/bind9/lib/dns/openssldsa_link.c
projects / FreeBSD / releng / 9.0.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
[FreeBSD/releng/9.0.git] / contrib / bind9 / lib / dns / openssldsa_link.c
1 /*
2  * Portions Copyright (C) 2004-2009, 2011  Internet Systems Consortium, Inc. ("ISC")
3  * Portions Copyright (C) 1999-2002  Internet Software Consortium.
4  *
5  * Permission to use, copy, modify, and/or distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
10  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
11  * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
12  * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
15  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  *
17  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
18  *
19  * Permission to use, copy, modify, and/or distribute this software for any
20  * purpose with or without fee is hereby granted, provided that the above
21  * copyright notice and this permission notice appear in all copies.
22  *
23  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
24  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
25  * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
26  * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
27  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
28  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
29  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
30  */
31
32 /* $Id: openssldsa_link.c,v 1.20.10.1 2011-03-11 06:47:04 marka Exp $ */
33
34 #ifdef OPENSSL
35 #ifndef USE_EVP
36 #define USE_EVP 1
37 #endif
38
39 #include <config.h>
40
41 #include <string.h>
42
43 #include <isc/entropy.h>
44 #include <isc/mem.h>
45 #include <isc/sha1.h>
46 #include <isc/util.h>
47
48 #include <dst/result.h>
49
50 #include "dst_internal.h"
51 #include "dst_openssl.h"
52 #include "dst_parse.h"
53
54 #include <openssl/dsa.h>
55
56 static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data);
57
58 static isc_result_t
59 openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) {
60 #if USE_EVP
61         EVP_MD_CTX *evp_md_ctx;
62
63         UNUSED(key);
64
65         evp_md_ctx = EVP_MD_CTX_create();
66         if (evp_md_ctx == NULL)
67                 return (ISC_R_NOMEMORY);
68
69         if (!EVP_DigestInit_ex(evp_md_ctx, EVP_dss1(), NULL)) {
70                 EVP_MD_CTX_destroy(evp_md_ctx);
71                         return (ISC_R_FAILURE);
72         }
73
74         dctx->ctxdata.evp_md_ctx = evp_md_ctx;
75
76         return (ISC_R_SUCCESS);
77 #else
78         isc_sha1_t *sha1ctx;
79
80         UNUSED(key);
81
82         sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
83         isc_sha1_init(sha1ctx);
84         dctx->ctxdata.sha1ctx = sha1ctx;
85         return (ISC_R_SUCCESS);
86 #endif
87 }
88
89 static void
90 openssldsa_destroyctx(dst_context_t *dctx) {
91 #if USE_EVP
92         EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
93
94         if (evp_md_ctx != NULL) {
95                 EVP_MD_CTX_destroy(evp_md_ctx);
96                 dctx->ctxdata.evp_md_ctx = NULL;
97         }
98 #else
99         isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
100
101         if (sha1ctx != NULL) {
102                 isc_sha1_invalidate(sha1ctx);
103                 isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t));
104                 dctx->ctxdata.sha1ctx = NULL;
105         }
106 #endif
107 }
108
109 static isc_result_t
110 openssldsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
111 #if USE_EVP
112         EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
113
114         if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
115                 return (ISC_R_FAILURE);
116         }
117 #else
118         isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
119
120         isc_sha1_update(sha1ctx, data->base, data->length);
121 #endif
122         return (ISC_R_SUCCESS);
123 }
124
125 static int
126 BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) {
127         int bytes = size - BN_num_bytes(bn);
128         while (bytes-- > 0)
129                 *buf++ = 0;
130         BN_bn2bin(bn, buf);
131         return (size);
132 }
133
134 static isc_result_t
135 openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
136         dst_key_t *key = dctx->key;
137         DSA *dsa = key->keydata.dsa;
138         isc_region_t r;
139         DSA_SIG *dsasig;
140 #if USE_EVP
141         EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
142         EVP_PKEY *pkey;
143         unsigned char *sigbuf;
144         const unsigned char *sb;
145         unsigned int siglen;
146 #else
147         isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
148         unsigned char digest[ISC_SHA1_DIGESTLENGTH];
149 #endif
150
151         isc_buffer_availableregion(sig, &r);
152         if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
153                 return (ISC_R_NOSPACE);
154
155 #if USE_EVP
156         pkey = EVP_PKEY_new();
157         if (pkey == NULL)
158                 return (ISC_R_NOMEMORY);
159         if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
160                 EVP_PKEY_free(pkey);
161                 return (ISC_R_FAILURE);
162         }
163         sigbuf = malloc(EVP_PKEY_size(pkey));
164         if (sigbuf == NULL) {
165                 EVP_PKEY_free(pkey);
166                 return (ISC_R_NOMEMORY);
167         }
168         if (!EVP_SignFinal(evp_md_ctx, sigbuf, &siglen, pkey)) {
169                 EVP_PKEY_free(pkey);
170                 free(sigbuf);
171                 return (ISC_R_FAILURE);
172         }
173         INSIST(EVP_PKEY_size(pkey) >= (int) siglen);
174         EVP_PKEY_free(pkey);
175         /* Convert from Dss-Sig-Value (RFC2459). */
176         dsasig = DSA_SIG_new();
177         if (dsasig == NULL) {
178                 free(sigbuf);
179                 return (ISC_R_NOMEMORY);
180         }
181         sb = sigbuf;
182         if (d2i_DSA_SIG(&dsasig, &sb, (long) siglen) == NULL) {
183                 free(sigbuf);
184                 return (ISC_R_FAILURE);
185         }
186         free(sigbuf);
187 #elif 0
188         /* Only use EVP for the Digest */
189         if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
190                 return (ISC_R_FAILURE);
191         }
192         dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
193         if (dsasig == NULL)
194                 return (dst__openssl_toresult(DST_R_SIGNFAILURE));
195 #else
196         isc_sha1_final(sha1ctx, digest);
197
198         dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
199         if (dsasig == NULL)
200                 return (dst__openssl_toresult(DST_R_SIGNFAILURE));
201 #endif
202         *r.base++ = (key->key_size - 512)/64;
203         BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
204         r.base += ISC_SHA1_DIGESTLENGTH;
205         BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
206         r.base += ISC_SHA1_DIGESTLENGTH;
207         DSA_SIG_free(dsasig);
208         isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
209
210         return (ISC_R_SUCCESS);
211 }
212
213 static isc_result_t
214 openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
215         dst_key_t *key = dctx->key;
216         DSA *dsa = key->keydata.dsa;
217         int status = 0;
218         unsigned char *cp = sig->base;
219         DSA_SIG *dsasig;
220 #if USE_EVP
221         EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
222 #if 0
223         EVP_PKEY *pkey;
224         unsigned char *sigbuf;
225 #endif
226         unsigned int siglen;
227 #else
228         isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
229 #endif
230         unsigned char digest[ISC_SHA1_DIGESTLENGTH];
231
232
233 #if USE_EVP
234 #if 1
235         /* Only use EVP for the digest */
236         if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
237                 return (ISC_R_FAILURE);
238         }
239 #endif
240 #else
241         isc_sha1_final(sha1ctx, digest);
242 #endif
243
244         if (sig->length != 2 * ISC_SHA1_DIGESTLENGTH + 1) {
245                 return (DST_R_VERIFYFAILURE);
246         }
247
248         cp++;   /*%< Skip T */
249         dsasig = DSA_SIG_new();
250         if (dsasig == NULL)
251                 return (ISC_R_NOMEMORY);
252         dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
253         cp += ISC_SHA1_DIGESTLENGTH;
254         dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
255
256 #if 0
257         pkey = EVP_PKEY_new();
258         if (pkey == NULL)
259                 return (ISC_R_NOMEMORY);
260         if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
261                 EVP_PKEY_free(pkey);
262                 return (ISC_R_FAILURE);
263         }
264         /* Convert to Dss-Sig-Value (RFC2459). */
265         sigbuf = malloc(EVP_PKEY_size(pkey) + 50);
266         if (sigbuf == NULL) {
267                 EVP_PKEY_free(pkey);
268                 return (ISC_R_NOMEMORY);
269         }
270         siglen = (unsigned) i2d_DSA_SIG(dsasig, &sigbuf);
271         INSIST(EVP_PKEY_size(pkey) >= (int) siglen);
272         status = EVP_VerifyFinal(evp_md_ctx, sigbuf, siglen, pkey);
273         EVP_PKEY_free(pkey);
274         free(sigbuf);
275 #else
276         status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
277 #endif
278         DSA_SIG_free(dsasig);
279         if (status != 1)
280                 return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
281
282         return (ISC_R_SUCCESS);
283 }
284
285 static isc_boolean_t
286 openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
287         int status;
288         DSA *dsa1, *dsa2;
289
290         dsa1 = key1->keydata.dsa;
291         dsa2 = key2->keydata.dsa;
292
293         if (dsa1 == NULL && dsa2 == NULL)
294                 return (ISC_TRUE);
295         else if (dsa1 == NULL || dsa2 == NULL)
296                 return (ISC_FALSE);
297
298         status = BN_cmp(dsa1->p, dsa2->p) ||
299                  BN_cmp(dsa1->q, dsa2->q) ||
300                  BN_cmp(dsa1->g, dsa2->g) ||
301                  BN_cmp(dsa1->pub_key, dsa2->pub_key);
302
303         if (status != 0)
304                 return (ISC_FALSE);
305
306         if (dsa1->priv_key != NULL || dsa2->priv_key != NULL) {
307                 if (dsa1->priv_key == NULL || dsa2->priv_key == NULL)
308                         return (ISC_FALSE);
309                 if (BN_cmp(dsa1->priv_key, dsa2->priv_key))
310                         return (ISC_FALSE);
311         }
312         return (ISC_TRUE);
313 }
314
315 #if OPENSSL_VERSION_NUMBER > 0x00908000L
316 static int
317 progress_cb(int p, int n, BN_GENCB *cb)
318 {
319         union {
320                 void *dptr;
321                 void (*fptr)(int);
322         } u;
323
324         UNUSED(n);
325
326         u.dptr = cb->arg;
327         if (u.fptr != NULL)
328                 u.fptr(p);
329         return (1);
330 }
331 #endif
332
333 static isc_result_t
334 openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
335         DSA *dsa;
336         unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
337         isc_result_t result;
338 #if OPENSSL_VERSION_NUMBER > 0x00908000L
339         BN_GENCB cb;
340         union {
341                 void *dptr;
342                 void (*fptr)(int);
343         } u;
344
345 #else
346
347         UNUSED(callback);
348 #endif
349         UNUSED(unused);
350
351         result = dst__entropy_getdata(rand_array, sizeof(rand_array),
352                                       ISC_FALSE);
353         if (result != ISC_R_SUCCESS)
354                 return (result);
355
356 #if OPENSSL_VERSION_NUMBER > 0x00908000L
357         dsa = DSA_new();
358         if (dsa == NULL)
359                 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
360
361         if (callback == NULL) {
362                 BN_GENCB_set_old(&cb, NULL, NULL);
363         } else {
364                 u.fptr = callback;
365                 BN_GENCB_set(&cb, &progress_cb, u.dptr);
366         }
367
368         if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array,
369                                         ISC_SHA1_DIGESTLENGTH,  NULL, NULL,
370                                         &cb))
371         {
372                 DSA_free(dsa);
373                 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
374         }
375 #else
376         dsa = DSA_generate_parameters(key->key_size, rand_array,
377                                       ISC_SHA1_DIGESTLENGTH, NULL, NULL,
378                                       NULL, NULL);
379         if (dsa == NULL)
380                 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
381 #endif
382
383         if (DSA_generate_key(dsa) == 0) {
384                 DSA_free(dsa);
385                 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
386         }
387         dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
388
389         key->keydata.dsa = dsa;
390
391         return (ISC_R_SUCCESS);
392 }
393
394 static isc_boolean_t
395 openssldsa_isprivate(const dst_key_t *key) {
396         DSA *dsa = key->keydata.dsa;
397         return (ISC_TF(dsa != NULL && dsa->priv_key != NULL));
398 }
399
400 static void
401 openssldsa_destroy(dst_key_t *key) {
402         DSA *dsa = key->keydata.dsa;
403         DSA_free(dsa);
404         key->keydata.dsa = NULL;
405 }
406
407
408 static isc_result_t
409 openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) {
410         DSA *dsa;
411         isc_region_t r;
412         int dnslen;
413         unsigned int t, p_bytes;
414
415         REQUIRE(key->keydata.dsa != NULL);
416
417         dsa = key->keydata.dsa;
418
419         isc_buffer_availableregion(data, &r);
420
421         t = (BN_num_bytes(dsa->p) - 64) / 8;
422         if (t > 8)
423                 return (DST_R_INVALIDPUBLICKEY);
424         p_bytes = 64 + 8 * t;
425
426         dnslen = 1 + (key->key_size * 3)/8 + ISC_SHA1_DIGESTLENGTH;
427         if (r.length < (unsigned int) dnslen)
428                 return (ISC_R_NOSPACE);
429
430         *r.base++ = t;
431         BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH);
432         r.base += ISC_SHA1_DIGESTLENGTH;
433         BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8);
434         r.base += p_bytes;
435         BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8);
436         r.base += p_bytes;
437         BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8);
438         r.base += p_bytes;
439
440         isc_buffer_add(data, dnslen);
441
442         return (ISC_R_SUCCESS);
443 }
444
445 static isc_result_t
446 openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
447         DSA *dsa;
448         isc_region_t r;
449         unsigned int t, p_bytes;
450         isc_mem_t *mctx = key->mctx;
451
452         UNUSED(mctx);
453
454         isc_buffer_remainingregion(data, &r);
455         if (r.length == 0)
456                 return (ISC_R_SUCCESS);
457
458         dsa = DSA_new();
459         if (dsa == NULL)
460                 return (ISC_R_NOMEMORY);
461         dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
462
463         t = (unsigned int) *r.base++;
464         if (t > 8) {
465                 DSA_free(dsa);
466                 return (DST_R_INVALIDPUBLICKEY);
467         }
468         p_bytes = 64 + 8 * t;
469
470         if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
471                 DSA_free(dsa);
472                 return (DST_R_INVALIDPUBLICKEY);
473         }
474
475         dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL);
476         r.base += ISC_SHA1_DIGESTLENGTH;
477
478         dsa->p = BN_bin2bn(r.base, p_bytes, NULL);
479         r.base += p_bytes;
480
481         dsa->g = BN_bin2bn(r.base, p_bytes, NULL);
482         r.base += p_bytes;
483
484         dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL);
485         r.base += p_bytes;
486
487         key->key_size = p_bytes * 8;
488
489         isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
490
491         key->keydata.dsa = dsa;
492
493         return (ISC_R_SUCCESS);
494 }
495
496
497 static isc_result_t
498 openssldsa_tofile(const dst_key_t *key, const char *directory) {
499         int cnt = 0;
500         DSA *dsa;
501         dst_private_t priv;
502         unsigned char bufs[5][128];
503
504         if (key->keydata.dsa == NULL)
505                 return (DST_R_NULLKEY);
506
507         dsa = key->keydata.dsa;
508
509         priv.elements[cnt].tag = TAG_DSA_PRIME;
510         priv.elements[cnt].length = BN_num_bytes(dsa->p);
511         BN_bn2bin(dsa->p, bufs[cnt]);
512         priv.elements[cnt].data = bufs[cnt];
513         cnt++;
514
515         priv.elements[cnt].tag = TAG_DSA_SUBPRIME;
516         priv.elements[cnt].length = BN_num_bytes(dsa->q);
517         BN_bn2bin(dsa->q, bufs[cnt]);
518         priv.elements[cnt].data = bufs[cnt];
519         cnt++;
520
521         priv.elements[cnt].tag = TAG_DSA_BASE;
522         priv.elements[cnt].length = BN_num_bytes(dsa->g);
523         BN_bn2bin(dsa->g, bufs[cnt]);
524         priv.elements[cnt].data = bufs[cnt];
525         cnt++;
526
527         priv.elements[cnt].tag = TAG_DSA_PRIVATE;
528         priv.elements[cnt].length = BN_num_bytes(dsa->priv_key);
529         BN_bn2bin(dsa->priv_key, bufs[cnt]);
530         priv.elements[cnt].data = bufs[cnt];
531         cnt++;
532
533         priv.elements[cnt].tag = TAG_DSA_PUBLIC;
534         priv.elements[cnt].length = BN_num_bytes(dsa->pub_key);
535         BN_bn2bin(dsa->pub_key, bufs[cnt]);
536         priv.elements[cnt].data = bufs[cnt];
537         cnt++;
538
539         priv.nelements = cnt;
540         return (dst__privstruct_writefile(key, &priv, directory));
541 }
542
543 static isc_result_t
544 openssldsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
545         dst_private_t priv;
546         isc_result_t ret;
547         int i;
548         DSA *dsa = NULL;
549         isc_mem_t *mctx = key->mctx;
550 #define DST_RET(a) {ret = a; goto err;}
551
552         UNUSED(pub);
553         /* read private key file */
554         ret = dst__privstruct_parse(key, DST_ALG_DSA, lexer, mctx, &priv);
555         if (ret != ISC_R_SUCCESS)
556                 return (ret);
557
558         dsa = DSA_new();
559         if (dsa == NULL)
560                 DST_RET(ISC_R_NOMEMORY);
561         dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
562         key->keydata.dsa = dsa;
563
564         for (i=0; i < priv.nelements; i++) {
565                 BIGNUM *bn;
566                 bn = BN_bin2bn(priv.elements[i].data,
567                                priv.elements[i].length, NULL);
568                 if (bn == NULL)
569                         DST_RET(ISC_R_NOMEMORY);
570
571                 switch (priv.elements[i].tag) {
572                         case TAG_DSA_PRIME:
573                                 dsa->p = bn;
574                                 break;
575                         case TAG_DSA_SUBPRIME:
576                                 dsa->q = bn;
577                                 break;
578                         case TAG_DSA_BASE:
579                                 dsa->g = bn;
580                                 break;
581                         case TAG_DSA_PRIVATE:
582                                 dsa->priv_key = bn;
583                                 break;
584                         case TAG_DSA_PUBLIC:
585                                 dsa->pub_key = bn;
586                                 break;
587                 }
588         }
589         dst__privstruct_free(&priv, mctx);
590
591         key->key_size = BN_num_bits(dsa->p);
592
593         return (ISC_R_SUCCESS);
594
595  err:
596         openssldsa_destroy(key);
597         dst__privstruct_free(&priv, mctx);
598         memset(&priv, 0, sizeof(priv));
599         return (ret);
600 }
601
602 static dst_func_t openssldsa_functions = {
603         openssldsa_createctx,
604         openssldsa_destroyctx,
605         openssldsa_adddata,
606         openssldsa_sign,
607         openssldsa_verify,
608         NULL, /*%< computesecret */
609         openssldsa_compare,
610         NULL, /*%< paramcompare */
611         openssldsa_generate,
612         openssldsa_isprivate,
613         openssldsa_destroy,
614         openssldsa_todns,
615         openssldsa_fromdns,
616         openssldsa_tofile,
617         openssldsa_parse,
618         NULL, /*%< cleanup */
619         NULL, /*%< fromlabel */
620         NULL, /*%< dump */
621         NULL, /*%< restore */
622 };
623
624 isc_result_t
625 dst__openssldsa_init(dst_func_t **funcp) {
626         REQUIRE(funcp != NULL);
627         if (*funcp == NULL)
628                 *funcp = &openssldsa_functions;
629         return (ISC_R_SUCCESS);
630 }
631
632 #else /* OPENSSL */
633
634 #include <isc/util.h>
635
636 EMPTY_TRANSLATION_UNIT
637
638 #endif /* OPENSSL */
639 /*! \file */
9.0-RELEASE