picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

resolved: initialize libgcrypt before using it

This commit is contained in:
Lennart Poettering 2015-12-14 21:21:16 +01:00
parent a1972a9185
commit 0638401af3
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/resolve/resolved-dns-dnssec.c
View File

@ -64,6 +64,19 @@
* Normal RR RRSIG/DNSKEY+ DS RRSIG/DNSKEY+ DS ... DS RRSIG/DNSKEY+ DS
*/
static void initialize_libgcrypt(void) {
const char *p;
if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
return;
p = gcry_check_version("1.4.5");
assert(p);
gcry_control(GCRYCTL_DISABLE_SECMEM);
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
}
static bool dnssec_algorithm_supported(int algorithm) {
return IN_SET(algorithm,
DNSSEC_ALGORITHM_RSASHA1,
@ -329,6 +342,8 @@ int dnssec_verify_rrset(
/* Bring the RRs into canonical order */
qsort_safe(list, n, sizeof(DnsResourceRecord*), rr_compare);
initialize_libgcrypt();
/* OK, the RRs are now in canonical order. Let's calculate the digest */
switch (rrsig->rrsig.algorithm) {
@ -717,6 +732,8 @@ int dnssec_verify_dnskey(DnsResourceRecord *dnskey, DnsResourceRecord *ds) {
if (dnssec_keytag(dnskey) != ds->ds.key_tag)
return 0;
initialize_libgcrypt();
algorithm = digest_to_gcrypt(ds->ds.digest_type);
if (algorithm < 0)
return algorithm;