PageRenderTime 74ms CodeModel.GetById 31ms app.highlight 37ms RepoModel.GetById 1ms app.codeStats 0ms

/contrib/bind9/lib/dns/openssldsa_link.c

https://bitbucket.org/freebsd/freebsd-head/
C | 639 lines | 497 code | 105 blank | 37 comment | 96 complexity | e051905c340c73dcfb44ef1d10fd3868 MD5 | raw file
  1/*
  2 * Portions Copyright (C) 2004-2009, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
  3 * Portions Copyright (C) 1999-2002  Internet Software Consortium.
  4 *
  5 * Permission to use, copy, modify, and/or distribute this software for any
  6 * purpose with or without fee is hereby granted, provided that the above
  7 * copyright notice and this permission notice appear in all copies.
  8 *
  9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
 10 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
 12 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 15 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 16 *
 17 * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
 18 *
 19 * Permission to use, copy, modify, and/or distribute this software for any
 20 * purpose with or without fee is hereby granted, provided that the above
 21 * copyright notice and this permission notice appear in all copies.
 22 *
 23 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
 24 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
 25 * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
 26 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 27 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 28 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 29 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 30 */
 31
 32/* $Id$ */
 33
 34#ifdef OPENSSL
 35#ifndef USE_EVP
 36#define USE_EVP 1
 37#endif
 38
 39#include <config.h>
 40
 41#include <string.h>
 42
 43#include <isc/entropy.h>
 44#include <isc/mem.h>
 45#include <isc/sha1.h>
 46#include <isc/util.h>
 47
 48#include <dst/result.h>
 49
 50#include "dst_internal.h"
 51#include "dst_openssl.h"
 52#include "dst_parse.h"
 53
 54#include <openssl/dsa.h>
 55
 56static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data);
 57
 58static isc_result_t
 59openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) {
 60#if USE_EVP
 61	EVP_MD_CTX *evp_md_ctx;
 62
 63	UNUSED(key);
 64
 65	evp_md_ctx = EVP_MD_CTX_create();
 66	if (evp_md_ctx == NULL)
 67		return (ISC_R_NOMEMORY);
 68
 69	if (!EVP_DigestInit_ex(evp_md_ctx, EVP_dss1(), NULL)) {
 70		EVP_MD_CTX_destroy(evp_md_ctx);
 71			return (ISC_R_FAILURE);
 72	}
 73
 74	dctx->ctxdata.evp_md_ctx = evp_md_ctx;
 75
 76	return (ISC_R_SUCCESS);
 77#else
 78	isc_sha1_t *sha1ctx;
 79
 80	UNUSED(key);
 81
 82	sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
 83	isc_sha1_init(sha1ctx);
 84	dctx->ctxdata.sha1ctx = sha1ctx;
 85	return (ISC_R_SUCCESS);
 86#endif
 87}
 88
 89static void
 90openssldsa_destroyctx(dst_context_t *dctx) {
 91#if USE_EVP
 92	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
 93
 94	if (evp_md_ctx != NULL) {
 95		EVP_MD_CTX_destroy(evp_md_ctx);
 96		dctx->ctxdata.evp_md_ctx = NULL;
 97	}
 98#else
 99	isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
100
101	if (sha1ctx != NULL) {
102		isc_sha1_invalidate(sha1ctx);
103		isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t));
104		dctx->ctxdata.sha1ctx = NULL;
105	}
106#endif
107}
108
109static isc_result_t
110openssldsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
111#if USE_EVP
112	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
113
114	if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
115		return (ISC_R_FAILURE);
116	}
117#else
118	isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
119
120	isc_sha1_update(sha1ctx, data->base, data->length);
121#endif
122	return (ISC_R_SUCCESS);
123}
124
125static int
126BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) {
127	int bytes = size - BN_num_bytes(bn);
128	while (bytes-- > 0)
129		*buf++ = 0;
130	BN_bn2bin(bn, buf);
131	return (size);
132}
133
134static isc_result_t
135openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
136	dst_key_t *key = dctx->key;
137	DSA *dsa = key->keydata.dsa;
138	isc_region_t r;
139	DSA_SIG *dsasig;
140#if USE_EVP
141	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
142	EVP_PKEY *pkey;
143	unsigned char *sigbuf;
144	const unsigned char *sb;
145	unsigned int siglen;
146#else
147	isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
148	unsigned char digest[ISC_SHA1_DIGESTLENGTH];
149#endif
150
151	isc_buffer_availableregion(sig, &r);
152	if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
153		return (ISC_R_NOSPACE);
154
155#if USE_EVP
156	pkey = EVP_PKEY_new();
157	if (pkey == NULL)
158		return (ISC_R_NOMEMORY);
159	if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
160		EVP_PKEY_free(pkey);
161		return (ISC_R_FAILURE);
162	}
163	sigbuf = malloc(EVP_PKEY_size(pkey));
164	if (sigbuf == NULL) {
165		EVP_PKEY_free(pkey);
166		return (ISC_R_NOMEMORY);
167	}
168	if (!EVP_SignFinal(evp_md_ctx, sigbuf, &siglen, pkey)) {
169		EVP_PKEY_free(pkey);
170		free(sigbuf);
171		return (ISC_R_FAILURE);
172	}
173	INSIST(EVP_PKEY_size(pkey) >= (int) siglen);
174	EVP_PKEY_free(pkey);
175	/* Convert from Dss-Sig-Value (RFC2459). */
176	dsasig = DSA_SIG_new();
177	if (dsasig == NULL) {
178		free(sigbuf);
179		return (ISC_R_NOMEMORY);
180	}
181	sb = sigbuf;
182	if (d2i_DSA_SIG(&dsasig, &sb, (long) siglen) == NULL) {
183		free(sigbuf);
184		return (ISC_R_FAILURE);
185	}
186	free(sigbuf);
187#elif 0
188	/* Only use EVP for the Digest */
189	if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
190		return (ISC_R_FAILURE);
191	}
192	dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
193	if (dsasig == NULL)
194		return (dst__openssl_toresult(DST_R_SIGNFAILURE));
195#else
196	isc_sha1_final(sha1ctx, digest);
197
198	dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
199	if (dsasig == NULL)
200		return (dst__openssl_toresult(DST_R_SIGNFAILURE));
201#endif
202	*r.base++ = (key->key_size - 512)/64;
203	BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
204	r.base += ISC_SHA1_DIGESTLENGTH;
205	BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
206	r.base += ISC_SHA1_DIGESTLENGTH;
207	DSA_SIG_free(dsasig);
208	isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
209
210	return (ISC_R_SUCCESS);
211}
212
213static isc_result_t
214openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
215	dst_key_t *key = dctx->key;
216	DSA *dsa = key->keydata.dsa;
217	int status = 0;
218	unsigned char *cp = sig->base;
219	DSA_SIG *dsasig;
220#if USE_EVP
221	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
222#if 0
223	EVP_PKEY *pkey;
224	unsigned char *sigbuf;
225#endif
226	unsigned int siglen;
227#else
228	isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
229#endif
230	unsigned char digest[ISC_SHA1_DIGESTLENGTH];
231
232
233#if USE_EVP
234#if 1
235	/* Only use EVP for the digest */
236	if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
237		return (ISC_R_FAILURE);
238	}
239#endif
240#else
241	isc_sha1_final(sha1ctx, digest);
242#endif
243
244	if (sig->length != 2 * ISC_SHA1_DIGESTLENGTH + 1) {
245		return (DST_R_VERIFYFAILURE);
246	}
247
248	cp++;	/*%< Skip T */
249	dsasig = DSA_SIG_new();
250	if (dsasig == NULL)
251		return (ISC_R_NOMEMORY);
252	dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
253	cp += ISC_SHA1_DIGESTLENGTH;
254	dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
255
256#if 0
257	pkey = EVP_PKEY_new();
258	if (pkey == NULL)
259		return (ISC_R_NOMEMORY);
260	if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
261		EVP_PKEY_free(pkey);
262		return (ISC_R_FAILURE);
263	}
264	/* Convert to Dss-Sig-Value (RFC2459). */
265	sigbuf = malloc(EVP_PKEY_size(pkey) + 50);
266	if (sigbuf == NULL) {
267		EVP_PKEY_free(pkey);
268		return (ISC_R_NOMEMORY);
269	}
270	siglen = (unsigned) i2d_DSA_SIG(dsasig, &sigbuf);
271	INSIST(EVP_PKEY_size(pkey) >= (int) siglen);
272	status = EVP_VerifyFinal(evp_md_ctx, sigbuf, siglen, pkey);
273	EVP_PKEY_free(pkey);
274	free(sigbuf);
275#else
276	status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
277#endif
278	DSA_SIG_free(dsasig);
279	if (status != 1)
280		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
281
282	return (ISC_R_SUCCESS);
283}
284
285static isc_boolean_t
286openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
287	int status;
288	DSA *dsa1, *dsa2;
289
290	dsa1 = key1->keydata.dsa;
291	dsa2 = key2->keydata.dsa;
292
293	if (dsa1 == NULL && dsa2 == NULL)
294		return (ISC_TRUE);
295	else if (dsa1 == NULL || dsa2 == NULL)
296		return (ISC_FALSE);
297
298	status = BN_cmp(dsa1->p, dsa2->p) ||
299		 BN_cmp(dsa1->q, dsa2->q) ||
300		 BN_cmp(dsa1->g, dsa2->g) ||
301		 BN_cmp(dsa1->pub_key, dsa2->pub_key);
302
303	if (status != 0)
304		return (ISC_FALSE);
305
306	if (dsa1->priv_key != NULL || dsa2->priv_key != NULL) {
307		if (dsa1->priv_key == NULL || dsa2->priv_key == NULL)
308			return (ISC_FALSE);
309		if (BN_cmp(dsa1->priv_key, dsa2->priv_key))
310			return (ISC_FALSE);
311	}
312	return (ISC_TRUE);
313}
314
315#if OPENSSL_VERSION_NUMBER > 0x00908000L
316static int
317progress_cb(int p, int n, BN_GENCB *cb)
318{
319	union {
320		void *dptr;
321		void (*fptr)(int);
322	} u;
323
324	UNUSED(n);
325
326	u.dptr = cb->arg;
327	if (u.fptr != NULL)
328		u.fptr(p);
329	return (1);
330}
331#endif
332
333static isc_result_t
334openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
335	DSA *dsa;
336	unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
337	isc_result_t result;
338#if OPENSSL_VERSION_NUMBER > 0x00908000L
339	BN_GENCB cb;
340	union {
341		void *dptr;
342		void (*fptr)(int);
343	} u;
344
345#else
346
347	UNUSED(callback);
348#endif
349	UNUSED(unused);
350
351	result = dst__entropy_getdata(rand_array, sizeof(rand_array),
352				      ISC_FALSE);
353	if (result != ISC_R_SUCCESS)
354		return (result);
355
356#if OPENSSL_VERSION_NUMBER > 0x00908000L
357	dsa = DSA_new();
358	if (dsa == NULL)
359		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
360
361	if (callback == NULL) {
362		BN_GENCB_set_old(&cb, NULL, NULL);
363	} else {
364		u.fptr = callback;
365		BN_GENCB_set(&cb, &progress_cb, u.dptr);
366	}
367
368	if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array,
369					ISC_SHA1_DIGESTLENGTH,  NULL, NULL,
370					&cb))
371	{
372		DSA_free(dsa);
373		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
374	}
375#else
376	dsa = DSA_generate_parameters(key->key_size, rand_array,
377				      ISC_SHA1_DIGESTLENGTH, NULL, NULL,
378				      NULL, NULL);
379	if (dsa == NULL)
380		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
381#endif
382
383	if (DSA_generate_key(dsa) == 0) {
384		DSA_free(dsa);
385		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
386	}
387	dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
388
389	key->keydata.dsa = dsa;
390
391	return (ISC_R_SUCCESS);
392}
393
394static isc_boolean_t
395openssldsa_isprivate(const dst_key_t *key) {
396	DSA *dsa = key->keydata.dsa;
397	return (ISC_TF(dsa != NULL && dsa->priv_key != NULL));
398}
399
400static void
401openssldsa_destroy(dst_key_t *key) {
402	DSA *dsa = key->keydata.dsa;
403	DSA_free(dsa);
404	key->keydata.dsa = NULL;
405}
406
407
408static isc_result_t
409openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) {
410	DSA *dsa;
411	isc_region_t r;
412	int dnslen;
413	unsigned int t, p_bytes;
414
415	REQUIRE(key->keydata.dsa != NULL);
416
417	dsa = key->keydata.dsa;
418
419	isc_buffer_availableregion(data, &r);
420
421	t = (BN_num_bytes(dsa->p) - 64) / 8;
422	if (t > 8)
423		return (DST_R_INVALIDPUBLICKEY);
424	p_bytes = 64 + 8 * t;
425
426	dnslen = 1 + (key->key_size * 3)/8 + ISC_SHA1_DIGESTLENGTH;
427	if (r.length < (unsigned int) dnslen)
428		return (ISC_R_NOSPACE);
429
430	*r.base++ = t;
431	BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH);
432	r.base += ISC_SHA1_DIGESTLENGTH;
433	BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8);
434	r.base += p_bytes;
435	BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8);
436	r.base += p_bytes;
437	BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8);
438	r.base += p_bytes;
439
440	isc_buffer_add(data, dnslen);
441
442	return (ISC_R_SUCCESS);
443}
444
445static isc_result_t
446openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
447	DSA *dsa;
448	isc_region_t r;
449	unsigned int t, p_bytes;
450	isc_mem_t *mctx = key->mctx;
451
452	UNUSED(mctx);
453
454	isc_buffer_remainingregion(data, &r);
455	if (r.length == 0)
456		return (ISC_R_SUCCESS);
457
458	dsa = DSA_new();
459	if (dsa == NULL)
460		return (ISC_R_NOMEMORY);
461	dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
462
463	t = (unsigned int) *r.base++;
464	if (t > 8) {
465		DSA_free(dsa);
466		return (DST_R_INVALIDPUBLICKEY);
467	}
468	p_bytes = 64 + 8 * t;
469
470	if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
471		DSA_free(dsa);
472		return (DST_R_INVALIDPUBLICKEY);
473	}
474
475	dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL);
476	r.base += ISC_SHA1_DIGESTLENGTH;
477
478	dsa->p = BN_bin2bn(r.base, p_bytes, NULL);
479	r.base += p_bytes;
480
481	dsa->g = BN_bin2bn(r.base, p_bytes, NULL);
482	r.base += p_bytes;
483
484	dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL);
485	r.base += p_bytes;
486
487	key->key_size = p_bytes * 8;
488
489	isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
490
491	key->keydata.dsa = dsa;
492
493	return (ISC_R_SUCCESS);
494}
495
496
497static isc_result_t
498openssldsa_tofile(const dst_key_t *key, const char *directory) {
499	int cnt = 0;
500	DSA *dsa;
501	dst_private_t priv;
502	unsigned char bufs[5][128];
503
504	if (key->keydata.dsa == NULL)
505		return (DST_R_NULLKEY);
506
507	dsa = key->keydata.dsa;
508
509	priv.elements[cnt].tag = TAG_DSA_PRIME;
510	priv.elements[cnt].length = BN_num_bytes(dsa->p);
511	BN_bn2bin(dsa->p, bufs[cnt]);
512	priv.elements[cnt].data = bufs[cnt];
513	cnt++;
514
515	priv.elements[cnt].tag = TAG_DSA_SUBPRIME;
516	priv.elements[cnt].length = BN_num_bytes(dsa->q);
517	BN_bn2bin(dsa->q, bufs[cnt]);
518	priv.elements[cnt].data = bufs[cnt];
519	cnt++;
520
521	priv.elements[cnt].tag = TAG_DSA_BASE;
522	priv.elements[cnt].length = BN_num_bytes(dsa->g);
523	BN_bn2bin(dsa->g, bufs[cnt]);
524	priv.elements[cnt].data = bufs[cnt];
525	cnt++;
526
527	priv.elements[cnt].tag = TAG_DSA_PRIVATE;
528	priv.elements[cnt].length = BN_num_bytes(dsa->priv_key);
529	BN_bn2bin(dsa->priv_key, bufs[cnt]);
530	priv.elements[cnt].data = bufs[cnt];
531	cnt++;
532
533	priv.elements[cnt].tag = TAG_DSA_PUBLIC;
534	priv.elements[cnt].length = BN_num_bytes(dsa->pub_key);
535	BN_bn2bin(dsa->pub_key, bufs[cnt]);
536	priv.elements[cnt].data = bufs[cnt];
537	cnt++;
538
539	priv.nelements = cnt;
540	return (dst__privstruct_writefile(key, &priv, directory));
541}
542
543static isc_result_t
544openssldsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
545	dst_private_t priv;
546	isc_result_t ret;
547	int i;
548	DSA *dsa = NULL;
549	isc_mem_t *mctx = key->mctx;
550#define DST_RET(a) {ret = a; goto err;}
551
552	UNUSED(pub);
553	/* read private key file */
554	ret = dst__privstruct_parse(key, DST_ALG_DSA, lexer, mctx, &priv);
555	if (ret != ISC_R_SUCCESS)
556		return (ret);
557
558	dsa = DSA_new();
559	if (dsa == NULL)
560		DST_RET(ISC_R_NOMEMORY);
561	dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
562	key->keydata.dsa = dsa;
563
564	for (i=0; i < priv.nelements; i++) {
565		BIGNUM *bn;
566		bn = BN_bin2bn(priv.elements[i].data,
567			       priv.elements[i].length, NULL);
568		if (bn == NULL)
569			DST_RET(ISC_R_NOMEMORY);
570
571		switch (priv.elements[i].tag) {
572			case TAG_DSA_PRIME:
573				dsa->p = bn;
574				break;
575			case TAG_DSA_SUBPRIME:
576				dsa->q = bn;
577				break;
578			case TAG_DSA_BASE:
579				dsa->g = bn;
580				break;
581			case TAG_DSA_PRIVATE:
582				dsa->priv_key = bn;
583				break;
584			case TAG_DSA_PUBLIC:
585				dsa->pub_key = bn;
586				break;
587		}
588	}
589	dst__privstruct_free(&priv, mctx);
590
591	key->key_size = BN_num_bits(dsa->p);
592
593	return (ISC_R_SUCCESS);
594
595 err:
596	openssldsa_destroy(key);
597	dst__privstruct_free(&priv, mctx);
598	memset(&priv, 0, sizeof(priv));
599	return (ret);
600}
601
602static dst_func_t openssldsa_functions = {
603	openssldsa_createctx,
604	openssldsa_destroyctx,
605	openssldsa_adddata,
606	openssldsa_sign,
607	openssldsa_verify,
608	NULL, /*%< computesecret */
609	openssldsa_compare,
610	NULL, /*%< paramcompare */
611	openssldsa_generate,
612	openssldsa_isprivate,
613	openssldsa_destroy,
614	openssldsa_todns,
615	openssldsa_fromdns,
616	openssldsa_tofile,
617	openssldsa_parse,
618	NULL, /*%< cleanup */
619	NULL, /*%< fromlabel */
620	NULL, /*%< dump */
621	NULL, /*%< restore */
622};
623
624isc_result_t
625dst__openssldsa_init(dst_func_t **funcp) {
626	REQUIRE(funcp != NULL);
627	if (*funcp == NULL)
628		*funcp = &openssldsa_functions;
629	return (ISC_R_SUCCESS);
630}
631
632#else /* OPENSSL */
633
634#include <isc/util.h>
635
636EMPTY_TRANSLATION_UNIT
637
638#endif /* OPENSSL */
639/*! \file */