d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ldns: Upgrade to 1.8.3.

Browse Source 
Merge commit 'cf3e3d5bd0a1fae39c74c7db5a4e8b10732d0766'

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D40226
This commit is contained in:
Dag-Erling Smørgrav 2023-05-24 15:50:18 +00:00
commit 5afab0e5e5
102 changed files with 15763 additions and 15906 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

195
contrib/ldns/Changelog
View File

@ -1,3 +1,166 @@
1.8.3 2022-08-15
* bugfix #183: Assertion failure with OPT record without rdata.
This caused packet creation with only a DO bit (for DNSSEC OK)
to crash. Thanks Anand Buddhdev and others for reporting this
so quickly.
* Fix for syntax error in pyldns
1.8.2 2022-08-12
* bugfix #147: Allow for tabs in whitespace before quoted rdata
fields. Thanks Felipe Gasper
* bugfix #149: Add some missing [out] annotations to doxygen
parameters. Thanks aldot.
* Fix build error on Solaris 10 with inet_ntop redeclaration error.
* Fix -U flag with ldns-signzone. Thanks Ulrich and Jonathan
* Enable compile of SVCB and HTTPS support by default.
* bugfix #179: Free line memory even if zone file parsing fails
Thanks Claudius Zingerli
* bugfix #166: Grow buffer when writing chars and fixed size
strings when converting to presentation format, preventing
potential assersion errors.
* bugfix #46: Print network errors when secure tracing.
Thanks reedjc
* EDNS0 Option handling and conversion into presentation format.
* bugfix #145: ldns-verify-zone should not call occluded records
glue. Thanks Habbie
1.8.1 2021-12-03
* bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname
needs to larger. Thanks Leah Neukirchen & Felipe Gasper
* Undo PR#123 fix ldns.pc installation when building out-of-source
Thanks Axel Xu
1.8.0 2021-11-26
* bugfix #38: Print "line" before line number when printing
zone parse errors. Thanks Petr Špaček.
* bugfix: Revert unused variables in ldns-config removal patch.
* bugfix #50: heap Out-of-bound Read vulnerability in
rr_frm_str_internal reported by pokerfacett.
* bugfix #51: Heap Out-of-bound Read vulnerability in
ldns_nsec3_salt_data reported by pokerfacett.
* Fix memory leak in examples/ldns-testns handle_tcp routine.
* Detect fixed time memory compare for openssl 0.9.8.
* Fix compile warning by variable initialisation for older gcc.
* Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not
available on tvOS.
* Fix for #93: fix packaging/libldns.pc Makefile rule.
* ZONEMD support in ldns-signzone and ldns-verify-zone
* ldns-testns can answer several queries over one tcp connection,
if they arrive within 100msec of each other.
* Fix so that ldns-testns does not leak sockets if the read fails.
* SVCB and HTTPS draft rrtypes.
Enable with --enable-rrtype-svcb-https.
* bugfix #117: Assertion failure with DNSSEC validating of
non existence of RR types at the root. Thanks ZjYwMj
* Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA
record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl
* bugfix #119: Let example tools read longer RR's than
LDNS_MAX_LINELEN
* Add SVCPARAMS to python ldns_rdf_type2str function.
* PR #134 Miscellaneous spelling fixes. Thanks jsoref!
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return
the $INCLUDE not implemented error.
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line
number for an empty line after a comment.
* Fix #135: Fix compile with OpenSSL-3.0.0-beta2.
* PR #107: Added ldns_pkt2buffer_wire_compress() to make dname
compression optional when converting packets to wire format.
Thanks Eli Lindsey
* Option to ldns-keygen to create symlinks with known names
(i.e. without the key id) to the created files.
Thanks Andreas Schulze
* Fix #121: Correct handling of centimetres by LOC parser.
Thanks Felipe Gasper
* PR #126: Link with libldns.la in Makefile.in.
Thanks orbea
* PR #127: Added option -Q to drill to give short answer.
Thanks niknah
* PR #133: Update m4 files for python modules.
Thanks Petr Menšík
* Bufix CAA value fields may be empty: Thanks Robert Mortimer
* PR #108: Fix for ldns-compare-zones net detecting when first zone
has a RRset that shrinks from two to one RRs, or grows from one
to two RRs. Thanks Emilio Caballero
* Fix #131: Drill sig chasing breaks with gcc-11 and
strict-aliasing. Thanks Stanislav Levin
* Fix #130: Unless $TLL is defined, ttl defaults to the last
explicitly stated value. Thanks Benno
* Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc
* Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0
Thanks Daniel J. Luke
* Let ldns-signzone warn for high NSEC3 iteration counts.
Thanks Andreas Schulze
1.7.1 2019-07-26
* bugfix: Manage verification paths for OpenSSL >= 1.1.0
Thanks Marco Davids
* bugfix #4106: find the SDK on MacOS X <= 10.6
Thanks Bill Cole
* bugfix #4155: ldns-config contains never used variables
Thanks Petr Menšík
* bugfix #4221: drill -x crashes with malformed IPv4 address
Thanks Oleksandr Tymoshenko
* bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK
Thanks Tony Finch
* bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences
Thanks Bill Parker
* bugfix #1260: Anticipate strchr returning NULL on unfound char
Thanks Stephan Zeisberg
* bugfix #1257: Free after reallocing to 0 size (CVE-2017-1000232)
Thanks Stephan Zeisberg
* bugfix #1256: Check parse limit before t increment (CVE-2017-1000231)
Thanks Stephan Zeisberg
* bugfix #1245: Only one signature per RRset needs to be valid with
ldns-verify-zone. Thanks Emil Natan.
* ldns-notify can use all supported hash algorithms with -y.
* bugfix #1209: make install ldns.pc file
Thanks Oleksandr Natalenko
* bugfix #1218: Only chase DS if signer is parent of owner.
Thanks Emil Natan
* bugfix #617: Retry WKS service and protocol names lower case.
Thanks Siali Yan
* Spelling errors in binaries and man pages
Thanks Andreas Schulze
* removed duplicate condition in ldns_udp_send_query.
* ldns_wire2pkt: fix null pointer dereference if pkt allocation fails
and fix memory leak with more EDNS sections
Thanks Jan Vcelak
* bugfix #1399: ldns_pkt2wire() Python binding is broken.
Thanks James Raftery
* ED25519 and ED448 support. Default is to autodetect support in
OpenSSL. Disable with --disable-ed25519 and --disable-ed448.
* ldns-notify: can have IPv6 address as argument.
* Fix time sensitive TSIG compare vulnerability.
* Fix that ldns-testns ignores sigpipe.
* Fix that ldns-notify sets the query RR as question RR, this
removes the wrong TTL and 0 rdata from the packet printout.
* Allow -T flag to be used together with drill -x
* Python bindings compile with swig 4.0
Thanks Jitka Plesníková
* bugfix #4248: drill -DT fails for CNAME domain
Thanks Thom Wiggers
* bugfix #4214: Various fixes and leaks found by coverity.
Thanks Petr Menšík
* Feature #3394: An -I option to ldns-notify to specify a source
IP address to send to notify from. Thanks Geert Hendrickx
* Bugfix #279: New API functions ldns_udp_connect2,
ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2,
that return -1 on failure and allow socket number 0
to be returned too. Thanks Joerg Sonnenberger
* Bugfix #1447: More verbose reporting of chasing problems with
ldns-verify-zone. Thanks Stephane Guedon
* OpenSSL engine support with ldns-signzone.
See also https://penzin.net/ldns-signzone/
Many thanks Vadim Penzin.
* Various improvements found with shellcheck.
Thanks Jeffrey Walton
* PR #36 Update manpage of ldns-notify to mention algorithm
support with TSIG. Thanks Anand Buddhdev
* Compile warnings with signed char input to to_lower()
and is_digit() with NetBSD. Thanks Håvard Eidnes
* Missing Makefile.PL in DNS-LDNS perl module contribution.
Thanks Jaap Akkerhuis
1.7.0 2016-12-20
* Fix lookup of relative names in ldns_resolver_search.
* bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt
@ -98,7 +261,7 @@
Thanks William King
* Use OpenSSL DANE functions for verification (unless explicitly
disabled with --disable-dane-ta-usage).
* Bumb .so version
* Bump .so version
* Include OPENPGPKEY RR type by default
* rdata processing for SMIMEA RR type
* Fix crash in displaying TLSA RR's.
@ -168,7 +331,7 @@
* bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
* Adjust ldns_sha1() so that the input data is not modified (Thanks
Marc Buijsman)
* Messages to stderr are now off by default and can be reenabled with
* Messages to stderr are now off by default and can be re-enabled with
the --enable-stderr-msgs configure option.
1.6.16 2012-11-13
@ -197,7 +360,7 @@
in sync.
* Let ldns_pkt_push_rr now return false on (memory) errors.
* Make buffer_export comply to documentation and fix buffer2str
* Various improvements and fixes of pyldns from Katel Slany
* Various improvements and fixes of pyldns from Karel Slany
now documented in their own Changelog.
* bugfix: Make ldns_resolver_pop_nameserver clear the array when
there was only one.
@ -236,7 +399,7 @@
* bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
* bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free
* bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT
* bugfix #427: Explicitely link ssl with the programs that use it.
* bugfix #427: Explicitly link ssl with the programs that use it.
* Fix reading \DDD: Error on values that are outside range (>255).
* bugfix #429: fix doxyparse.pl fails on NetBSD because specified
path to perl.
@ -300,7 +463,7 @@
* Update of libdns.vim (thanks Miek Gieben)
* Added the ldnsx Python module to our contrib section, which adds even
more pythonisticism to the usage of ldns with Python. (Many thanks
to Christpher Olah and Paul Wouters)
to Christopher Olah and Paul Wouters)
The ldnsx module is automatically installed when --with-pyldns is
used with configuring, but may explicitly be excluded with the
--without-pyldnsx option to configure.
@ -328,7 +491,7 @@
* bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at
build time and when used.
* bugfix #383: Fix detection of empty nonterminals of multiple labels.
* Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded
* Fixed the omission of rrsets in nsec(3)s and rrsigs to all occluded
names (in stead of just the ones that contain glue only) and all
occluded records on the delegation points (in stead of just the glue).
* Clarify the operation of ldns_dnssec_mark_glue and the usage of
@ -511,7 +674,7 @@
* --enable-gost : use the GOST algorithm (experimental).
* Added some missing options to drill manpage
* Some fixes to --without-ssl option
* Fixed quote parsing withing strings
* Fixed quote parsing within strings
* Bitmask fix in EDNS handling
* Fixed non-fqdn domain name completion for rdata field domain
names of length 1
@ -618,7 +781,7 @@
from Shane Kerr, bug id 188)
* zone.c memory leaks on error and allocation checks fixed (patch
from Shane Kerr, bug id 189)
* ldns-zplit output and error messages fixed (patch from Shane Kerr,
* ldns-zsplit output and error messages fixed (patch from Shane Kerr,
bug id 190)
* Fixed potential buffer overflow in ldns_str2rdf_dname
* Signing code no longer signs delegation NS rrsets
@ -647,7 +810,7 @@
* DLV RR type added
* TCP fallback system has been improved
* HMAC-SHA256 TSIG support has been added.
* TTLS are now correcly set in NSEC(3) records when signing zones
* TTLS are now correctly set in NSEC(3) records when signing zones
EXAMPLE TOOLS:
* New example: ldns-revoke to revoke DNSKEYs according to RFC5011
@ -722,7 +885,7 @@
28 Nov 2007 1.2.2:
* Added support for HMAC-MD5 keys in generator
* Added a new example tool (written by Ondrej Sury): ldns-compare-zones
* ldns-keygen now checks key sizes for rfc conformancy
* ldns-keygen now checks key sizes for rfc conformance
* ldns-signzone outputs SSL error if present
* Fixed manpages (thanks to Ondrej Sury)
* Fixed Makefile for -j <x>
@ -800,7 +963,7 @@
* -r was killed in favor of -o <header bit mnemonic> which
allows for a header bits setting (and maybe more in the
future)
* DNSSEC is never automaticaly set, even when you query
* DNSSEC is never automatically set, even when you query
for DNSKEY/RRSIG or DS.
* Implement a crude RTT check, it now distinguishes between
reachable and unreachable.
@ -812,7 +975,7 @@
* ldns-dpa was added to the examples - this is the Dns Packet
Analyzer tool.
* ldnsd - as very, very simple nameserver impl.
* ldns-zsplit - split zones for parrallel signing
* ldns-zsplit - split zones for parallel signing
* ldns-zcat - cat split zones back together
* ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong,
non-DNSSEC) anti-spoofing techniques.
@ -831,7 +994,7 @@
API:
Changed:
* renamed ldns/dns.h to ldns/ldns.h
* ldns_rr_new_frm_str() is extented with an extra variable which
* ldns_rr_new_frm_str() is extended with an extra variable which
in common use may be NULL. This trickles through to:
o ldns_rr_new_frm_fp
o ldns_rr_new_frm_fp_l
@ -872,7 +1035,7 @@
* char *_when was removed from the ldns_pkt structure
18 Oct 2005: 1.0.0: ldns-team
* Commited a patch from Håkan Olsson
* Committed a patch from Håkan Olsson
* Added UPDATE support (Jakob Schlyter and Håkan Olsson)
* License change: ldns is now BSD licensed
* ldns now depends on SSL
@ -905,7 +1068,7 @@
13 Jun 2005: 0.65: ldns-team
* Repository is online at:
http://www.nlnetlabs.nl/ldns/svn/
* Apply reference copying throuhgout ldns, except in 2
* Apply reference copying throughout ldns, except in 2
places in the ldns_resolver structure (._domain and
._nameservers)
* Usual array of bugfixes
@ -914,7 +1077,7 @@
23 May 2005: 0.60: ldns-team
* Removed config.h from the header installed files
(you're not supposed to include that in a libary)
(you're not supposed to include that in a library)
* Further tweaking
- DNSSEC signing/verification works
- Assorted bug fixes and tweaks (memory management)

650
contrib/ldns/Makefile.in
View File

File diff suppressed because it is too large Load Diff

5
contrib/ldns/README
View File

@ -51,11 +51,11 @@ ldns is developed by the ldns team at NLnet Labs. This team currently
consists of:
o Willem Toorop
o Wouter Wijngaards
o Matthijs Mekking
Former main developers:
o Jelte Jansen
o Miek Gieben
o Matthijs Mekking
* Credits
We have received patches from the following people, thanks!
@ -70,6 +70,7 @@ We have received patches from the following people, thanks!
o Havard Eidnes
o Leo Baltus
o Dag-Erling Smørgrav
o Felipe Gasper
INFORMATION FOR SPECIFIC OPERATING SYSTEMS
@ -96,7 +97,7 @@ contrib/build-solaris.sh
KNOWN ISSUES
A complete list of currently known open issues can be found here:
http://www.nlnetlabs.nl/projects/ldns/bugs
https://github.com/NLnetLabs/ldns/issues
* pyldns
Compiling pyldns produces many ``unused parameter'' warnings. Those are

274
contrib/ldns/README-Travis.md Normal file
View File

@ -0,0 +1,274 @@
# Travis Testing
LDNS 1.7.1 and above leverage Travis CI to increase coverage of compilers and platforms. Compilers include Clang and GCC; while platforms include Android, iOS, Linux, and OS X on AMD64, Aarch64, PowerPC and s390x hardware.
Android is tested on armv7a, aarch64, x86 and x86_64. The Android recipes build and install OpenSSL, and then builds LDNS. The testing is tailored for Android NDK-r19 and above, and includes NDK-r20 and NDK-r21. Mips and Mips64 are not tested because they are no longer supported under current NDKs.
iOS is tested for iPhoneOS, WatchOS, AppleTVOS, iPhoneSimulator, AppleTVSimulator and WatchSimulator. The testing uses Xcode 10 on OS X 10.13.
The LDNS Travis configuration file `.travis.yml` does not use top-level keys like `os:` and `compiler:` so there is no matrix expansion. Instead LDNS specifies the exact job to run under the `jobs:` and `include:` keys.
## Typical recipe
A typical recipe tests Clang and GCC on various hardware. The hardware includes AMD64, Aarch64, PowerPC and s390x. PowerPC is a little-endian platform, and s390x is a big-endian platform. There are pairs of recipes that are similar to the following.
```
- os: linux
name: GCC on Linux, Aarch64
compiler: gcc
arch: arm64
dist: bionic
- os: linux
name: Clang on Linux, Aarch64
compiler: clang
arch: arm64
dist: bionic
```
OS X provides a single recipe to test Clang. GCC is not tested because GCC is an alias for Clang.
## Sanitizer builds
Two sanitizer builds are tested using Clang and GCC, for a total of four builds. The first sanitizer is Undefined Behavior sanitizer (UBsan), and the second is Address sanitizer (Asan). The sanitizers are only run on AMD64 hardware. Note the environment includes `UBSAN=yes` or `ASAN=yes` for the sanitizer builds.
The recipes are similar to the following.
```
- os: linux
name: UBsan, GCC on Linux, Amd64
compiler: gcc
arch: amd64
dist: bionic
env: UBSAN=yes
- os: linux
name: UBsan, Clang on Linux, Amd64
compiler: clang
arch: amd64
dist: bionic
env: UBSAN=yes
```
When the Travis script encounters a sanitizer it uses different `CFLAGS` and configuration string.
```
if [ "$UBSAN" = "yes" ]; then
export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover"
bash test/test_ci.sh
elif [ "$ASAN" = "yes" ]; then
export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address"
bash test/test_ci.sh
...
```
## Android builds
Travis tests Android builds for the armv7a, aarch64, x86 and x86_64 architectures. The builds are trickier than other builds for several reasons. The testing requires installation of the Android NDK and SDK, it requires a cross-compile, and requires OpenSSL prerequisites. The Android cross-compiles also require care to set the Autotools triplet, the OpenSSL triplet, the toolchain path, the tool variables, and the sysroot. The discussion below detail the steps of the Android recipes.
### Android job
The first step sets environmental variables for the cross-compile using the Travis job. A typical job with variables is shown below.
```
- os: linux
name: Android armv7a, Linux, Amd64
compiler: clang
arch: amd64
dist: bionic
env:
- ANDROID=yes
- AUTOTOOLS_HOST=armv7a-linux-androideabi
- OPENSSL_HOST=android-arm
- ANDROID_CPU=armv7a
- ANDROID_API=23
- ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU"
- ANDROID_SDK_ROOT="$HOME/android-sdk"
- ANDROID_NDK_ROOT="$HOME/android-ndk"
```
### ANDROID_NDK_ROOT
The second step for Android is to set the environmental variables `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT`. This is an important step because the NDK and SDK use the variables internally to locate their own tools. Also see [Recommended NDK Directory?](https://groups.google.com/forum/#!topic/android-ndk/qZjhOaynHXc) on the android-ndk mailing list. (Many folks miss this step, or use incorrect variables like `ANDROID_NDK_HOME` or `ANDROID_SDK_HOME`).
If you are working from a developer machine you probably already have the necessary tools installed. You should ensure `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT` are set properly.
### Tool installation
The second step installs tools needed for OpenSSL, Expat and LDNS. This step is handled in by the script `contrib/android/install_tools.sh`. The tools include curl, tar, zip, unzip and java.
```
before_script:
- |
if [ "$ANDROID" = "yes" ]; then
./contrib/android/install_tools.sh
elif [ "$IOS" = "yes" ]; then
./contrib/ios/install_tools.sh
fi
```
### NDK installation
The third step installs the NDK and SDK. This step is handled in by the script `contrib/android/install_ndk.sh`. The script uses `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT` to place the NDK and SDK in the `$HOME` directory.
If you are working from a developer machine you probably already have a NDK and SDK installed.
### Android environment
The fourth step sets the Android cross-compile environment using the script `contrib/android/setenv_android.sh`. The script is `sourced` so the variables in the script are available to the calling shell. The script sets variables like `CC`, `CXX`, `AS` and `AR`; sets `CFLAGS` and `CXXFLAGS`; sets a `sysroot` so Android headers and libraries are found; and adds the path to the toolchain to `PATH`.
`contrib/android/setenv_android.sh` knows which toolchain and architecture to select by inspecting environmental variables set by Travis for the job. In particular, the variables `ANDROID_CPU` and `ANDROID_API` tell `contrib/android/setenv_android.sh` which tools and libraries to select.
The `contrib/android/setenv_android.sh` script specifies the tools in a `case` statement like the following. There is a case for each of the architectures armv7a, aarch64, x86 and x86_64.
```
armv8a|aarch64|arm64|arm64-v8a)
CC="aarch64-linux-android$ANDROID_API-clang"
CXX="aarch64-linux-android$ANDROID_API-clang++"
LD="aarch64-linux-android-ld"
AS="aarch64-linux-android-as"
AR="aarch64-linux-android-ar"
RANLIB="aarch64-linux-android-ranlib"
STRIP="aarch64-linux-android-strip"
CFLAGS="-funwind-tables -fexceptions"
CXXFLAGS="-funwind-tables -fexceptions -frtti"
```
### OpenSSL
The fifth step builds OpenSSL. OpenSSL is built for iOS using the scripts `contrib/android/install_openssl.sh`. The script downloads, configures and installs the latest release version of the OpenSSL libraries. OpenSSL is configured with `--prefix="$ANDROID_PREFIX"` so the headers are placed in `$ANDROID_PREFIX/include` directory, and the libraries are placed in the `$ANDROID_PREFIX/lib` directory.
`ANDROID_PREFIX` is the value `$HOME/android$ANDROID_API-$ANDROID_CPU`. The libraries will be installed in `$HOME/android23-armv7a`, `$HOME/android23-aarch64`, etc. For Autotools projects, the appropriate `PKG_CONFIG_PATH` is exported.
`PKG_CONFIG_PATH` is an important variable. It is the userland equivalent to sysroot, and allows Autotools to find non-system headers and libraries for an architecture. Typical `PKG_CONFIG_PATH` are `$HOME/android23-armv7a/lib/pkgconfig` and `$HOME/android23-aarch64/lib/pkgconfig`.
OpenSSL also uses a custom configuration file called `15-android.conf`. It is a copy of the OpenSSL's project file and located at `contrib/android/15-android.conf`. The LDNS version is copied to the OpenSSL source files after unpacking the OpenSSL distribution. The LDNS version has legacy NDK support removed and some other fixes, like `ANDROID_NDK_ROOT` awareness. The changes mean LDNS's `15-android.conf` will only work with LDNS, with NDK-r19 and above, and a properly set environment.
OpenSSL is configured with `no-engine`. If you want to include OpenSSL engines then edit `contrib/android/install_openssl.sh` and remove the config option.
### Android build
Finally, once OpenSSL are built, then the Travis script configures and builds LDNS. The recipe looks as follows.
```
elif [ "$ANDROID" = "yes" ]; then
export AUTOTOOLS_BUILD="$(./config.guess)"
export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig"
./contrib/android/install_ndk.sh
source ./contrib/android/setenv_android.sh
./contrib/android/install_openssl.sh
./contrib/android/bootstrap_ldns.sh
./configure \
--build="$AUTOTOOLS_BUILD" \
--host="$AUTOTOOLS_HOST" \
--prefix="$ANDROID_PREFIX" \
--with-ssl="$ANDROID_PREFIX" \
--disable-gost \
--with-drill --with-examples
make -j 2
make install
```
Travis only smoke tests an Android build using a compile, link and install. The self tests are not run. TODO: figure out how to fire up an emulator, push the tests to the device and run them.
### Android flags
`contrib/android/setenv_android.sh` uses specific flags for `CFLAGS` and `CXXFLAGS`. They are taken from `ndk-build`, so we consider them the official flag set. It is important to use the same flags across projects to avoid subtle problems due to mixing and matching different flags.
`CXXFLAGS` includes `-fexceptions` and `-frtti` because exceptions and runtime type info are disabled by default. `CFLAGS` include `-funwind-tables` and `-fexceptions` to ensure C++ exceptions pass through C code, if needed. Also see `docs/CPLUSPLUS-SUPPORT.html` in the NDK docs.
To inspect the flags used by `ndk-build` for a platform clone ASOP's [ndk-samples](https://github.com/android/ndk-samples/tree/master/hello-jni) and build the `hello-jni` project. Use the `V=1` flag to see the full compiler output from `ndk-build`.
## iOS builds
Travis tests iOS builds for the armv7a, armv7s and aarch64 architectures for iPhoneOS, AppleTVOS and WatchOS. iPhoneOS is tested using both 32-bit builds (iPhones) and 64-bit builds (iPads). Travis also tests compiles against the simulators. The builds are trickier than other builds for several reasons. The testing requires a cross-compile, and requires OpenSSL prerequisites. The iOS cross-compiles also require care to set the Autotools triplet, the OpenSSL triplet, the toolchain path, the tool variables, and the sysroot. The discussion below detail the steps of the iOS recipes.
### iOS job
The first step sets environmental variables for the cross-compile using the Travis job. A typical job with variables is shown below.
```
- os: osx
osx_image: xcode10
name: Apple iPhone on iOS, armv7
compiler: clang
env:
- IOS=yes
- AUTOTOOLS_HOST=armv7-apple-ios
- OPENSSL_HOST=ios-cross
- IOS_SDK=iPhoneOS
- IOS_CPU=armv7s
- IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
```
### Tool installation
The second step installs tools needed for OpenSSL, Expat and LDNS. This step is handled in by the script `contrib/ios/install_tools.sh`. The tools include autotools, curl and perl. The installation happens at the `before_script:` stage of Travis.
```
before_script:
- |
if [ "$ANDROID" = "yes" ]; then
./contrib/android/install_tools.sh
elif [ "$IOS" = "yes" ]; then
./contrib/ios/install_tools.sh
fi
```
### iOS environment
The third step sets the iOS cross-compile environment using the script `contrib/ios/setenv_ios.sh`. The script is `sourced` so the variables in the script are available to the calling shell. The script sets variables like `CC`, `CXX`, `AS` and `AR`; sets `CFLAGS` and `CXXFLAGS`; sets a `sysroot` so iOS headers and libraries are found; and adds the path to the toolchain to `PATH`.
`contrib/ios/setenv_ios.sh` knows which toolchain and architecture to select by inspecting environmental variables set by Travis for the job. In particular, the variables `IOS_SDK` and `IOS_CPU` tell `contrib/ios/setenv_ios.sh` which tools and libraries to select.
The `contrib/ios/setenv_ios.sh` script specifies the tools to use during the cross-compile. For Apple SDKs, the tool names are the same as a desktop. There are no special prefixes for the mobile tools.
```
CPP=cpp
CC=clang
CXX=clang++
LD=ld
AS=as
AR=ar
RANLIB=ranlib
STRIP=strip
```
If you are working from a developer machine you probably already have the necessary tools installed.
### OpenSSL
The fourth step builds OpenSSL. OpenSSL is built for iOS using the scripts `contrib/ios/install_openssl.sh`. The script downloads, configures and installs the latest release version of the OpenSSL libraries. OpenSSL is configured with `--prefix="$IOS_PREFIX"` so the headers are placed in `$IOS_PREFIX/include` directory, and the libraries are placed in the `$IOS_PREFIX/lib` directory.
`IOS_PREFIX` is the value `$HOME/$IOS_SDK-$IOS_CPU`. The scheme handles both iOS SDKs and cpu architectures so the pair receives a unique installation directory. The libraries will be installed in `$HOME/iPhoneOS-armv7s`, `$HOME/iPhoneOS-arm64`, `$HOME/iPhoneSimulator-i386`, etc. For Autotools projects, the appropriate `PKG_CONFIG_PATH` is exported.
`PKG_CONFIG_PATH` is an important variable. It is the userland equivalent to sysroot, and allows Autotools to find non-system headers and libraries for an architecture. Typical `PKG_CONFIG_PATH` are `$HOME/iPhoneOS-armv7s/lib/pkgconfig` and `$HOME/iPhoneOS-arm64/lib/pkgconfig`.
OpenSSL also uses a custom configuration file called `15-ios.conf`. It is a copy of the OpenSSL's project file and located at `contrib/ios/15-ios.conf`. The LDNS version is copied to the OpenSSL source files after unpacking the OpenSSL distribution. The changes mean LDNS's `15-ios.conf` will only work with LDNS and a properly set environment.
OpenSSL is configured with `no-engine`. Engines require dynamic loading so engines are disabled permanently in `15-ios.conf`.
### iOS build
Finally, once OpenSSL are built, then the Travis script configures and builds LDNS. The full recipe looks as follows.
```
elif [ "$IOS" = "yes" ]; then
export AUTOTOOLS_BUILD="$(./config.guess)"
export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig"
source ./contrib/ios/setenv_ios.sh
./contrib/ios/install_openssl.sh
./contrib/ios/bootstrap_ldns.sh
./configure \
--build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \
--prefix="$IOS_PREFIX" \
--with-ssl="$IOS_PREFIX" --disable-gost \
--with-drill --with-examples
make -j 2
make install
```
Travis only smoke tests an iOS build using a compile, link and install. The self tests are not run. TODO: figure out how to fire up an simulator, push the tests to the device and run them.
### iOS flags
`contrib/ios/setenv_ios.sh` uses specific flags for `CFLAGS` and `CXXFLAGS`. They are taken from Xcode, so we consider them the official flag set. It is important to use the same flags across projects to avoid subtle problems due to mixing and matching different flags.

4
contrib/ldns/aclocal.m4 vendored
View File

@ -1,6 +1,6 @@
# generated automatically by aclocal 1.15 -*- Autoconf -*-
# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

126
contrib/ldns/acx_nlnetlabs.m4
View File

@ -2,7 +2,15 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 34
# Version 41
# 2021-07-30 fix for openssl use of lib64 directory.
# 2021-06-14 fix nonblocking test to use host instead of target for mingw test.
# 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for
# 64bit compatibility.
# 2021-03-24 fix ACX_FUNC_DEPRECATED to use CPPFLAGS and CFLAGS.
# 2021-01-05 fix defun for aclocal
# 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE
# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0).
# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0.
# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0).
# 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20
@ -446,15 +454,12 @@ AC_DEFUN([ACX_CHECK_FORMAT_ATTRIBUTE],
AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute)
AC_CACHE_VAL(ac_cv_c_format_attribute,
[ac_cv_c_format_attribute=no
AC_TRY_COMPILE(
[#include <stdio.h>
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
void f (char *format, ...) __attribute__ ((format (printf, 1, 2)));
void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2)));
], [
]], [[
f ("%s", "str");
],
[ac_cv_c_format_attribute="yes"],
[ac_cv_c_format_attribute="no"])
]])],[ac_cv_c_format_attribute="yes"],[ac_cv_c_format_attribute="no"])
])
AC_MSG_RESULT($ac_cv_c_format_attribute)
@ -483,14 +488,11 @@ AC_DEFUN([ACX_CHECK_UNUSED_ATTRIBUTE],
AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute)
AC_CACHE_VAL(ac_cv_c_unused_attribute,
[ac_cv_c_unused_attribute=no
AC_TRY_COMPILE(
[#include <stdio.h>
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
void f (char *u __attribute__((unused)));
], [
]], [[
f ("x");
],
[ac_cv_c_unused_attribute="yes"],
[ac_cv_c_unused_attribute="no"])
]])],[ac_cv_c_unused_attribute="yes"],[ac_cv_c_unused_attribute="no"])
])
dnl Setup ATTR_UNUSED config.h parts.
@ -547,7 +549,7 @@ dnl as a requirement so that is gets called before LIBTOOL
dnl because libtools 'AC_REQUIRE' names are right after this one, before
dnl this function contents.
AC_REQUIRE([ACX_LIBTOOL_C_PRE])
AC_PROG_LIBTOOL
LT_INIT
])
dnl Detect if u_char type is defined, otherwise define it.
@ -668,35 +670,41 @@ AC_DEFUN([ACX_SSL_CHECKS], [
HAVE_SSL=yes
dnl assume /usr is already in the lib and dynlib paths.
if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
LDFLAGS="$LDFLAGS -L$ssldir/lib"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
ACX_RUNTIME_PATH_ADD([$ssldir/lib])
if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
LDFLAGS="$LDFLAGS -L$ssldir/lib64"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64"
ACX_RUNTIME_PATH_ADD([$ssldir/lib64])
else
LDFLAGS="$LDFLAGS -L$ssldir/lib"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
ACX_RUNTIME_PATH_ADD([$ssldir/lib])
fi
fi
AC_MSG_CHECKING([for HMAC_Update in -lcrypto])
AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
LIBS="$LIBS -lcrypto"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
AC_TRY_LINK(, [
int HMAC_Update(void);
(void)HMAC_Update();
], [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
], [
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
],[
AC_MSG_RESULT(no)
# check if -lwsock32 or -lgdi32 are needed.
BAKLIBS="$LIBS"
BAKSSLLIBS="$LIBSSL_LIBS"
LIBS="$LIBS -lgdi32"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
LIBS="$LIBS -lgdi32 -lws2_32"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@ -705,12 +713,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBS="$LIBS -ldl"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
AC_MSG_CHECKING([if -lcrypto needs -ldl])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@ -719,12 +727,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBS="$LIBS -ldl -pthread"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@ -749,8 +757,7 @@ dnl Checks main header files of SSL.
dnl
AC_DEFUN([ACX_WITH_SSL],
[
AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
[enable SSL (will check /usr/local/ssl
AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
/usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
@ -768,8 +775,7 @@ dnl Checks main header files of SSL.
dnl
AC_DEFUN([ACX_WITH_SSL_OPTIONAL],
[
AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
[enable SSL (will check /usr/local/ssl
AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
/usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
@ -839,7 +845,11 @@ dnl see if on windows
if test "$ac_cv_header_windows_h" = "yes"; then
AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
USE_WINSOCK="1"
LIBS="$LIBS -lws2_32"
if echo $LIBS | grep 'lws2_32' >/dev/null; then
:
else
LIBS="$LIBS -lws2_32"
fi
fi
],
dnl no quick getaddrinfo, try mingw32 and winsock2 library.
@ -889,7 +899,7 @@ AC_CACHE_VAL(cv_cc_deprecated_$cache,
[
echo '$3' >conftest.c
echo 'void f(){ $2 }' >>conftest.c
if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then
if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then
eval "cv_cc_deprecated_$cache=no"
else
eval "cv_cc_deprecated_$cache=yes"
@ -915,7 +925,7 @@ dnl a nonblocking socket do not work, a new call to select is necessary.
AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN],
[
AC_MSG_CHECKING([if nonblocking sockets work])
if echo $target | grep mingw32 >/dev/null; then
if echo $host | grep mingw >/dev/null; then
AC_MSG_RESULT([no (windows)])
AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).])
else
@ -1057,7 +1067,7 @@ dnl defines MKDIR_HAS_ONE_ARG
AC_DEFUN([ACX_MKDIR_ONE_ARG],
[
AC_MSG_CHECKING([whether mkdir has one arg])
AC_TRY_COMPILE([
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <stdio.h>
#include <unistd.h>
#ifdef HAVE_WINSOCK2_H
@ -1066,14 +1076,12 @@ AC_TRY_COMPILE([
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
], [
]], [[
(void)mkdir("directory");
],
AC_MSG_RESULT(yes)
]])],[AC_MSG_RESULT(yes)
AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.])
,
AC_MSG_RESULT(no)
)
],[AC_MSG_RESULT(no)
])
])dnl end of ACX_MKDIR_ONE_ARG
dnl Check for ioctlsocket function. works on mingw32 too.

14
contrib/ldns/ax_pkg_swig.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_pkg_swig.html
# https://www.gnu.org/software/autoconf-archive/ax_pkg_swig.html
# ===========================================================================
#
# SYNOPSIS
@ -32,9 +32,9 @@
# LICENSE
#
# Copyright (c) 2008 Sebastian Huber <sebastian-huber@web.de>
# Copyright (c) 2008 Alan W. Irwin <irwin@beluga.phys.uvic.ca>
# Copyright (c) 2008 Alan W. Irwin
# Copyright (c) 2008 Rafael Laboissiere <rafael@laboissiere.net>
# Copyright (c) 2008 Andrew Collier <colliera@ukzn.ac.za>
# Copyright (c) 2008 Andrew Collier
# Copyright (c) 2011 Murray Cumming <murrayc@openismus.com>
#
# This program is free software; you can redistribute it and/or modify it
@ -48,7 +48,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -63,11 +63,11 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 8
#serial 13
AC_DEFUN([AX_PKG_SWIG],[
# Ubuntu has swig 2.0 as /usr/bin/swig2.0
AC_PATH_PROGS([SWIG],[swig2.0 swig])
# Find path to the "swig" executable.
AC_PATH_PROGS([SWIG],[swig swig3.0 swig2.0])
if test -z "$SWIG" ; then
m4_ifval([$3],[$3],[:])
elif test -n "$1" ; then

39
contrib/ldns/ax_python_devel.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_python_devel.html
# https://www.gnu.org/software/autoconf-archive/ax_python_devel.html
# ===========================================================================
#
# SYNOPSIS
@ -12,8 +12,8 @@
# in your configure.ac.
#
# This macro checks for Python and tries to get the include path to
# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LDFLAGS)
# output variables. It also exports $(PYTHON_EXTRA_LIBS) and
# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LIBS) output
# variables. It also exports $(PYTHON_EXTRA_LIBS) and
# $(PYTHON_EXTRA_LDFLAGS) for embedding Python in your code.
#
# You can search for some particular version of Python by passing a
@ -52,7 +52,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -67,7 +67,7 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 16
#serial 21
AU_ALIAS([AC_PYTHON_DEVEL], [AX_PYTHON_DEVEL])
AC_DEFUN([AX_PYTHON_DEVEL],[
@ -99,7 +99,7 @@ AC_DEFUN([AX_PYTHON_DEVEL],[
This version of the AC@&t@_PYTHON_DEVEL macro
doesn't work properly with versions of Python before
2.1.0. You may need to re-run configure, setting the
variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
variables PYTHON_CPPFLAGS, PYTHON_LIBS, PYTHON_SITE_PKG,
PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
to something else than an empty string.
@ -137,7 +137,7 @@ variable to configure. See ``configure --help'' for reference.
#
AC_MSG_CHECKING([for the distutils Python package])
ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
if test -z "$ac_distutils_result"; then
if test $? -eq 0; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
@ -172,7 +172,7 @@ $ac_distutils_result])
# Check for Python library path
#
AC_MSG_CHECKING([for Python library path])
if test -z "$PYTHON_LDFLAGS"; then
if test -z "$PYTHON_LIBS"; then
# (makes two attempts to ensure we've got a version number
# from the interpreter)
ac_python_version=`cat<<EOD | $PYTHON -
@ -227,25 +227,25 @@ EOD`
then
# use the official shared library
ac_python_library=`echo "$ac_python_library" | sed "s/^lib//"`
PYTHON_LDFLAGS="-L$ac_python_libdir -l$ac_python_library"
PYTHON_LIBS="-L$ac_python_libdir -l$ac_python_library"
else
# old way: use libpython from python_configdir
ac_python_libdir=`$PYTHON -c \
"from distutils.sysconfig import get_python_lib as f; \
import os; \
print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"`
PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version"
PYTHON_LIBS="-L$ac_python_libdir -lpython$ac_python_version"
fi
if test -z "PYTHON_LDFLAGS"; then
if test -z "PYTHON_LIBS"; then
AC_MSG_ERROR([
Cannot determine location of your Python DSO. Please check it was installed with
dynamic libraries enabled, or try setting PYTHON_LDFLAGS by hand.
dynamic libraries enabled, or try setting PYTHON_LIBS by hand.
])
fi
fi
AC_MSG_RESULT([$PYTHON_LDFLAGS])
AC_SUBST([PYTHON_LDFLAGS])
AC_MSG_RESULT([$PYTHON_LIBS])
AC_SUBST([PYTHON_LIBS])
#
# Check for site packages
@ -265,7 +265,7 @@ EOD`
if test -z "$PYTHON_EXTRA_LIBS"; then
PYTHON_EXTRA_LIBS=`$PYTHON -c "import distutils.sysconfig; \
conf = distutils.sysconfig.get_config_var; \
print (conf('LIBS'))"`
print (conf('LIBS') + ' ' + conf('SYSLIBS'))"`
fi
AC_MSG_RESULT([$PYTHON_EXTRA_LIBS])
AC_SUBST(PYTHON_EXTRA_LIBS)
@ -288,8 +288,10 @@ EOD`
AC_MSG_CHECKING([consistency of all components of python development environment])
# save current global flags
ac_save_LIBS="$LIBS"
ac_save_LDFLAGS="$LDFLAGS"
ac_save_CPPFLAGS="$CPPFLAGS"
LIBS="$ac_save_LIBS $PYTHON_LDFLAGS $PYTHON_EXTRA_LDFLAGS $PYTHON_EXTRA_LIBS"
LIBS="$ac_save_LIBS $PYTHON_LIBS $PYTHON_EXTRA_LIBS $PYTHON_EXTRA_LIBS"
LDFLAGS="$ac_save_LDFLAGS $PYTHON_EXTRA_LDFLAGS"
CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
AC_LANG_PUSH([C])
AC_LINK_IFELSE([
@ -300,6 +302,7 @@ EOD`
# turn back to default flags
CPPFLAGS="$ac_save_CPPFLAGS"
LIBS="$ac_save_LIBS"
LDFLAGS="$ac_save_LDFLAGS"
AC_MSG_RESULT([$pythonexists])
@ -307,8 +310,8 @@ EOD`
AC_MSG_FAILURE([
Could not link test program to Python. Maybe the main Python library has been
installed in some non-standard library path. If so, pass it to configure,
via the LDFLAGS environment variable.
Example: ./configure LDFLAGS="-L/usr/non-standard-path/python/lib"
via the LIBS environment variable.
Example: ./configure LIBS="-L/usr/non-standard-path/python/lib"
============================================================================
ERROR!
You probably have to install the development version of the Python package

2
contrib/ldns/buffer.c
View File

@ -63,6 +63,7 @@ ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity)
ldns_buffer_invariant(buffer);
assert(buffer->_position <= capacity);
assert(!buffer->_fixed);
data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity);
if (!data) {
@ -79,7 +80,6 @@ bool
ldns_buffer_reserve(ldns_buffer *buffer, size_t amount)
{
ldns_buffer_invariant(buffer);
assert(!buffer->_fixed);
if (buffer->_capacity < buffer->_position + amount) {
size_t new_capacity = buffer->_capacity * 3 / 2;

1646
contrib/ldns/config.guess vendored
View File

File diff suppressed because it is too large Load Diff

2973
contrib/ldns/config.sub vendored
View File

File diff suppressed because it is too large Load Diff

9630
contrib/ldns/configure vendored
View File

File diff suppressed because it is too large Load Diff

256
contrib/ldns/configure.ac
View File

@ -5,8 +5,8 @@ sinclude(acx_nlnetlabs.m4)
# must be numbers. ac_defun because of later processing.
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[7])
m4_define([VERSION_MICRO],[0])
m4_define([VERSION_MINOR],[8])
m4_define([VERSION_MICRO],[3])
AC_INIT(ldns, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), libdns@nlnetlabs.nl, libdns)
AC_CONFIG_SRCDIR([packet.c])
# needed to build correct soname
@ -26,9 +26,15 @@ AC_SUBST(LDNS_VERSION_MICRO, [VERSION_MICRO])
# set age to 0
#
# ldns-1.6.17 and before had a .so with version same as VERSION_INFO
# ldns-1.7.0 will have libversion 2:0:0
# ldns-1.7.0 had libversion 2:0:0
# ldns-1.7.1 had libversion 3:0:0 (though it should have had 3:0:1)
# ldns-1.8.0 had libversion 4:0:2 (though it should have had 4:0:1)
# ldns-1.8.1 had libversion 5:0:2
# ldns-1.8.1 had libversion 6:0:3
# ldns-1.8.2 had libversion 7:0:4
# ldns-1.8.3 has libversion 8:0:5
#
AC_SUBST(VERSION_INFO, [2:0:0])
AC_SUBST(VERSION_INFO, [8:0:5])
AC_AIX
if test "$ac_cv_header_minix_config_h" = "yes"; then
@ -49,7 +55,7 @@ AC_PROG_MAKE_SET
# Extra (sp)lint flags for NetBSD
AC_CANONICAL_HOST
case "$host_os" in
netbsd*) LINTFLAGS="'-D__RENAME(x)=' -D_NETINET_IN_H_ $LINTFLAGS"
netbsd*) LINTFLAGS="'-D__RENAME(x)=' -D_NETINET_IN_H_ $LINTFLAGS"
;;
*) LINTFLAGS="$LINTFLAGS"
;;
@ -95,6 +101,7 @@ ACX_CHECK_COMPILER_FLAG(Wstrict-prototypes, [CFLAGS="-Wstrict-prototypes $CFLAGS
#ACX_CHECK_COMPILER_FLAG(Wshadow, [CFLAGS="-Wshadow $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(Wunused-function, [CFLAGS="-Wunused-function $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(Wmissing-prototypes, [CFLAGS="-Wmissing-prototypes $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(fno-strict-aliasing, [CFLAGS="-fno-strict-aliasing $CFLAGS"])
AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT])
@ -102,6 +109,9 @@ AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([winsock2.h ws2tcpip.h],,, [AC_INCLUDES_DEFAULT])
# end mingw32 tests
# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH
AC_CHECK_HEADERS([TargetConditionals.h])
ACX_DETERMINE_EXT_FLAGS_UNBOUND
AC_C_INLINE
@ -118,12 +128,32 @@ AC_CHECK_TYPE(uint64_t, unsigned long long)
AC_CHECK_PROG(doxygen, doxygen, doxygen)
# check to see if libraries are needed for these functions.
AC_SEARCH_LIBS([socket], [socket])
AC_SEARCH_LIBS([inet_pton], [nsl])
AC_CHECK_FUNC([socket],
[],
[AC_SEARCH_LIBS([socket], [socket])
])
# modern Linux provides inet_ntop in -lsocket.
# modern OS X provides inet_ntop in -lc.
# modern Solaris provides inet_ntop in -lsocket -lnsl.
# older Solaris provides inet_ntop in -lresolv.
AC_CHECK_FUNC([inet_ntop],
[],
[AC_SEARCH_LIBS([inet_ntop], [socket c nsl resolv], [ac_cv_func_inet_ntop=yes])
])
# modern Linux provides inet_pton in -lsocket.
# modern OS X provides inet_pton in -lc.
# modern Solaris provides inet_pton in -lsocket -lnsl.
# older Solaris provides inet_pton in -lresolv.
AC_CHECK_FUNC([inet_pton],
[],
[AC_SEARCH_LIBS([inet_pton], [socket c nsl resolv], [ac_cv_func_inet_pton=yes])
])
AC_ARG_WITH(drill, AC_HELP_STRING([--with-drill],
[Also build drill.]),
AC_ARG_WITH(drill, AC_HELP_STRING([--with-drill],
[Also build drill.]),
[],[with_drill="no"])
if test x_$with_drill != x_no ; then
AC_SUBST(DRILL,[drill])
@ -135,7 +165,7 @@ if test x_$with_drill != x_no ; then
AC_MSG_ERROR([
A config.h was detected in the drill subdirectory.
This does not work with the --with-drill option.
Please remove the config.h from the drill subdirectory
Please remove the config.h from the drill subdirectory
or do not use the --with-drill option.])
fi
else
@ -147,8 +177,8 @@ else
fi
AC_ARG_WITH(examples, AC_HELP_STRING([--with-examples],
[Also build examples.]),
AC_ARG_WITH(examples, AC_HELP_STRING([--with-examples],
[Also build examples.]),
[],[with_examples="no"])
if test x_$with_examples != x_no ; then
AC_SUBST(EXAMPLES,[examples])
@ -160,7 +190,7 @@ if test x_$with_examples != x_no ; then
AC_MSG_ERROR([
A config.h was detected in the examples subdirectory.
This does not work with the --with-examples option.
Please remove the config.h from the examples subdirectory
Please remove the config.h from the examples subdirectory
or do not use the --with-examples option.])
fi
else
@ -191,7 +221,7 @@ AC_ARG_ENABLE(stderr-msgs, AC_HELP_STRING([--enable-stderr-msgs], [Enable printi
case "$enable_stderr_msgs" in
no) dnl default
;;
*)
*)
AC_DEFINE_UNQUOTED([STDERR_MSGS], [1], [Define this to enable messages to stderr.])
;;
esac
@ -207,8 +237,8 @@ AX_CONFIG_FEATURE(
PYTHON_X_CFLAGS=""
ldns_with_pyldns=no
ldns_with_pyldnsx=no
AC_ARG_WITH(pyldns, AC_HELP_STRING([--with-pyldns],
[generate python library, or --without-pyldns to disable Python support.]),
AC_ARG_WITH(pyldns, AC_HELP_STRING([--with-pyldns],
[generate python library, or --without-pyldns to disable Python support.]),
[],[ withval="no" ])
ldns_have_python=no
if test x_$withval != x_no; then
@ -263,8 +293,8 @@ fi
AC_SUBST(PYTHON_X_CFLAGS)
# Check for pyldnsx
AC_ARG_WITH(pyldnsx, AC_HELP_STRING([--without-pyldnsx],
[Do not install the ldnsx python module, or --with-pyldnsx to install it.]),
AC_ARG_WITH(pyldnsx, AC_HELP_STRING([--without-pyldnsx],
[Do not install the ldnsx python module, or --with-pyldnsx to install it.]),
[],[ withval="with_pyldns" ])
if test x_$withval != x_no; then
if test x_$ldns_with_pyldns != x_no; then
@ -294,8 +324,8 @@ fi
# check for perl
ldns_with_p5_dns_ldns=no
AC_ARG_WITH(p5-dns-ldns, AC_HELP_STRING([--with-p5-dns-ldns],
[generate DNS::LDNS perl bindings]),
AC_ARG_WITH(p5-dns-ldns, AC_HELP_STRING([--with-p5-dns-ldns],
[generate DNS::LDNS perl bindings]),
[],[ withval="no" ])
ldns_have_perl=no
if test x_$withval != x_no; then
@ -331,7 +361,29 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/
else
AC_MSG_RESULT([no])
fi
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key])
AC_CHECK_HEADERS([openssl/ssl.h openssl/evp.h openssl/engine.h openssl/conf.h])
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key EVP_cleanup ENGINE_cleanup ENGINE_free CRYPTO_cleanup_all_ex_data ERR_free_strings CONF_modules_unload OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings CRYPTO_memcmp EVP_PKEY_get_base_id])
AC_CHECK_DECLS([EVP_PKEY_base_id], [
AC_DEFINE_UNQUOTED([HAVE_EVP_PKEY_BASE_ID], [1], [Define to 1 if you have the EVP_PKEY_base_id function or macro.])
], [], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
AC_MSG_CHECKING([Checking for OpenSSL >= 3.0.0])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <openssl/ssl.h>
#if OPENSSL_VERSION_MAJOR >= 3
#define SOMETHING
#else
This fails compiling.
So either no OpenSSL at all (the include already failed), or the version < 3.0.0
#endif
], [
])], [
AC_MSG_RESULT(yes)
CFLAGS="-DOPENSSL_API_COMPAT=10100 $CFLAGS"
], [ AC_MSG_RESULT(no)
])
# for macosx, see if glibtool exists and use that
# BSD's need to know the version...
@ -354,21 +406,33 @@ case "$enable_sha2" in
;;
esac
# check wether gost also works
# check whether gost also works
AC_DEFUN([AC_CHECK_GOST_WORKS],
[AC_REQUIRE([AC_PROG_CC])
AC_MSG_CHECKING([if GOST works])
if test c${cross_compiling} = cno; then
BAKCFLAGS="$CFLAGS"
if test -n "$ssldir"; then
if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib64"
else
CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib"
fi
fi
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <string.h>
#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
#ifdef HAVE_OPENSSL_EVP_H
#include <openssl/evp.h>
#endif
#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
#endif
#ifdef HAVE_OPENSSL_CONF_H
#include <openssl/conf.h>
#endif
/* routine to load gost (from sldns) */
int load_gost_id(void)
{
@ -413,7 +477,7 @@ int load_gost_id(void)
EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
return gost_id;
}
int main(void) {
int main(void) {
EVP_MD_CTX* ctx;
const EVP_MD* md;
unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */
@ -463,7 +527,7 @@ case "$enable_gost" in
AC_CHECK_FUNC(EVP_PKEY_set_type_str, [],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support or rerun with --disable-gost])])
AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([No ECC functions found in OpenSSL: please upgrade OpenSSL or rerun with --disable-gost])])
AC_CHECK_GOST_WORKS
AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even whithout a GOST engine installed]))
AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even without a GOST engine installed]))
if test "$ac_cv_c_gost_works" != "no" -o "$enable_gost_anyway" = "yes"; then
if test "$ac_cv_c_gost_works" = "no"; then
AC_MSG_RESULT([no, but compiling with GOST support anyway])
@ -502,43 +566,50 @@ esac
AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support]))
case "$enable_dsa" in
no)
AC_SUBST(ldns_build_config_use_dsa, 0)
;;
*) dnl default
# detect if DSA is supported, and turn it off if not.
AC_CHECK_FUNC(DSA_SIG_new, [
AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
AC_SUBST(ldns_build_config_use_dsa, 1)
], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.])
fi ])
fi
AC_SUBST(ldns_build_config_use_dsa, 0)])
;;
esac
AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--enable-ed25519], [Enable ED25519 support (experimental)]))
AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable (experimental) ED25519 support. Default is detect]))
case "$enable_ed25519" in
yes)
if test "x$HAVE_SSL" != "xyes"; then
AC_MSG_ERROR([ED25519 enabled, but no SSL support])
fi
AC_CHECK_DECLS([NID_X25519], [], [AC_MSG_ERROR([OpenSSL does not support the EDDSA curve: please upgrade OpenSSL or rerun with --disable-ed25519])], [AC_INCLUDES_DEFAULT
no)
AC_SUBST(ldns_build_config_use_ed25519, 0)
;;
*) dnl default
AC_CHECK_DECLS([NID_ED25519], [
AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
AC_SUBST(ldns_build_config_use_ed25519, 1)
], [if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.])
fi
AC_SUBST(ldns_build_config_use_ed25519, 0)], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
;;
*|no) dnl default
;;
esac
AC_ARG_ENABLE(ed448, AC_HELP_STRING([--enable-ed448], [Enable ED448 support (experimental)]))
AC_ARG_ENABLE(ed448, AC_HELP_STRING([--disable-ed448], [Disable (experimental) ED448 support. Default is detect]))
case "$enable_ed448" in
yes)
if test "x$HAVE_SSL" != "xyes"; then
AC_MSG_ERROR([ED448 enabled, but no SSL support])
fi
AC_CHECK_DECLS([NID_X448], [], [AC_MSG_ERROR([OpenSSL does not support the EDDSA curve: please upgrade OpenSSL or rerun with --disable-ed448])], [AC_INCLUDES_DEFAULT
no)
AC_SUBST(ldns_build_config_use_ed448, 0)
;;
*) dnl default
AC_CHECK_DECLS([NID_ED448], [
AC_DEFINE_UNQUOTED([USE_ED448], [1], [Define this to enable ED448 support.])
AC_SUBST(ldns_build_config_use_ed448, 1)
], [if test "x$enable_ed448" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED448 and you used --enable-ed448.])
fi
AC_SUBST(ldns_build_config_use_ed448, 0)], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
AC_DEFINE_UNQUOTED([USE_ED448], [1], [Define this to enable ED448 support.])
;;
*|no) dnl default
;;
esac
@ -587,9 +658,11 @@ case "$enable_dane" in
AC_SUBST(ldns_build_config_use_dane_ta_usage, 0)
;;
*) dnl default
LIBS="-lssl $LIBS"
danetmpLIBS="$LIBS"
LIBS="-lssl -lcrypto $LIBS"
AC_CHECK_FUNC(SSL_get0_dane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage])])
LIBSSL_LIBS="$LIBSSL_LIBS -lssl"
LIBSSL_LIBS="-lssl $LIBSSL_LIBS"
LIBS="$danetmpLIBS"
AC_SUBST(ldns_build_config_use_dane_ta_usage, 1)
AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.])
;;
@ -638,12 +711,43 @@ case "$enable_rrtype_avc" in
no|*)
;;
esac
AC_ARG_ENABLE(rrtype-doa, AC_HELP_STRING([--enable-rrtype-doa], [Enable draft RR type DOA.]))
case "$enable_rrtype_doa" in
yes)
AC_DEFINE_UNQUOTED([RRTYPE_DOA], [], [Define this to enable RR type DOA.])
;;
no|*)
;;
esac
AC_ARG_ENABLE(rrtype-amtrelay, AC_HELP_STRING([--enable-rrtype-amtrelay], [Enable draft RR type AMTRELAY.]))
case "$enable_rrtype_amtrelay" in
yes)
AC_DEFINE_UNQUOTED([RRTYPE_AMTRELAY], [], [Define this to enable RR type AMTRELAY.])
;;
no|*)
;;
esac
AC_ARG_ENABLE(rrtype-svcb-https, AC_HELP_STRING([--disable-rrtype-svcb-https], [Disable RR types SVCB and HTTPS.]))
case "$enable_rrtype_svcb_https" in
no)
;;
yes|*)
AC_DEFINE_UNQUOTED([RRTYPE_SVCB_HTTPS], [], [Define this to enable RR types SVCB and HTTPS.])
;;
esac
AC_SUBST(LIBSSL_CPPFLAGS)
AC_SUBST(LIBSSL_LDFLAGS)
AC_SUBST(LIBSSL_LIBS)
if test "x$HAVE_SSL" = "xyes"; then
AC_SUBST(LIBSSL_SSL_LIBS, ["-lssl $LIBSSL_LIBS"])
if echo "$LIBSSL_LIBS" | grep -- "-lssl" >/dev/null 2>&1; then
LIBSSL_SSL_LIBS="$LIBSSL_LIBS"
else
LIBSSL_SSL_LIBS="-lssl $LIBSSL_LIBS"
fi
AC_SUBST(LIBSSL_SSL_LIBS, "$LIBSSL_SSL_LIBS")
fi
CPPFLAGS=$tmp_CPPFLAGS
LDFLAGS=$tmp_LDFLAGS
@ -755,7 +859,7 @@ AC_CHECK_LIB(pcap, pcap_open_offline, [
]
)
AC_CHECK_HEADERS([netinet/in_systm.h net/if.h netinet/ip.h netinet/udp.h netinet/igmp.h netinet/if_ether.h netinet/ip6.h net/ethernet.h netinet/ip_compat.h],,, [
AC_INCLUDES_DEFAULT
AC_INCLUDES_DEFAULT
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
@ -796,8 +900,9 @@ AC_CHECK_TYPE(in_port_t, [], [AC_DEFINE([in_port_t], [uint16_t], [in_port_t])],
#endif])
ACX_CHECK_SS_FAMILY
AC_FUNC_MALLOC
AC_FUNC_REALLOC
# AC_FUNC_MALLOC suffers false failures and causes Asan failures.
# AC_FUNC_MALLOC
# AC_FUNC_REALLOC
AC_REPLACE_FUNCS(b64_pton)
AC_REPLACE_FUNCS(b64_ntop)
@ -815,6 +920,16 @@ AC_REPLACE_FUNCS(snprintf)
AC_REPLACE_FUNCS(strlcpy)
AC_REPLACE_FUNCS(memmove)
AC_FUNC_FORK
AC_MSG_CHECKING([compile of fork])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <unistd.h>
], [
(void)fork();
])], [
AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_FORK_AVAILABLE], 1, [if fork is available for compile])
], [ AC_MSG_RESULT(no)
])
AC_CHECK_FUNCS([endprotoent endservent sleep random fcntl strtoul bzero memset b32_ntop b32_pton])
if test "x$HAVE_B32_NTOP" = "xyes"; then
AC_SUBST(ldns_build_config_have_b32_ntop, 1)
@ -841,16 +956,31 @@ ACX_FUNC_IOCTLSOCKET
ACX_CHECK_FORMAT_ATTRIBUTE
ACX_CHECK_UNUSED_ATTRIBUTE
# check OSX deployment target, if needed
if echo $build_os | grep darwin > /dev/null; then
sdk_p=`xcode-select -print-path`;
sdk_v="$( /usr/bin/xcrun --show-sdk-version )";
case $sdk_v in
10.9|10.8) sdk_c="10.7";;
10.11|10.10|*) sdk_c="10.10";;
esac
export MACOSX_DEPLOYMENT_TARGET="${sdk_c}";
export CFLAGS="$CFLAGS -mmacosx-version-min=${sdk_c} -isysroot ${sdk_p}/Platforms/MacOSX.platform/Developer/SDKs/MacOSX${sdk_v}.sdk";
AC_ARG_WITH(xcode-sdk, AC_HELP_STRING([--with-xcode-sdk],
[Set xcode SDK version. Default is autodetect]),
[],[with_xcode_sdk="yes"])
if test "x_$with_xcode_sdk" != "x_no" ; then
# check OSX deployment target, if needed
if echo $target_os | grep darwin > /dev/null; then
sdk_p=`xcode-select -print-path`;
if test "x_$with_xcode_sdk" = "x_yes" ; then
sdk_v="$( /usr/bin/xcrun --show-sdk-version 2>/dev/null )"
else
sdk_v="$with_xcode_sdk"
fi
# xcrun only got that option in 10.7
if test -z "$sdk_v" ; then
sdk_c="10.6"
sdk_v="10.6"
fi
SYSROOT="$( find ${sdk_p} -name MacOSX${sdk_v}.sdk )"
case $sdk_v in
10.9|10.8) sdk_c="10.7";;
10.11|10.10|*) sdk_c="10.10";;
esac
export MACOSX_DEPLOYMENT_TARGET="${sdk_c}";
export CFLAGS="$CFLAGS -mmacosx-version-min=${sdk_c} -isysroot ${SYSROOT}"
fi
fi
AC_DEFINE([SYSCONFDIR], [sysconfdir], [System configuration dir])
@ -1016,10 +1146,10 @@ size_t strlcpy(char *dst, const char *src, size_t siz);
#ifdef USE_WINSOCK
#define SOCK_INVALID INVALID_SOCKET
#define close_socket(_s) do { if (_s > SOCK_INVALID) {closesocket(_s); _s = SOCK_INVALID;} } while(0)
#define close_socket(_s) do { if (_s != SOCK_INVALID) {closesocket(_s); _s = -1;} } while(0)
#else
#define SOCK_INVALID -1
#define close_socket(_s) do { if (_s > SOCK_INVALID) {close(_s); _s = SOCK_INVALID;} } while(0)
#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s); _s = -1;} } while(0)
#endif
#ifdef __cplusplus
@ -1049,7 +1179,7 @@ else
AC_SUBST(ldns_build_config_have_attr_unused, 0)
fi
CONFIG_FILES="Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config"
CONFIG_FILES="Makefile libdns.doxygen ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config"
AC_SUBST(CONFIG_FILES)
AC_CONFIG_FILES([$CONFIG_FILES])
@ -1058,5 +1188,3 @@ AC_OUTPUT
COPY_HEADER_FILES(ldns/, ldns/)
dnl AC_CONFIG_SUBDIRS([drill])

65
contrib/ldns/dane.c
View File

@ -1,7 +1,7 @@
/*
* Verify or create TLS authentication with DANE (RFC6698)
*
* (c) NLnetLabs 2012
* (c) NLnetLabs 2012-2020
*
* See the file LICENSE for the license.
*
@ -29,6 +29,63 @@
#include <openssl/x509v3.h>
#endif
/* OpenSSL context options. At the moment, disable SSLv2, SSLv3
* and Compression, if available. TLSv1.0 is allowed at the moment.
* TLSv1.1 is the first to provide elliptic curves, so it is usually
* allowed in a TLS stack. TLSv1.2 is the first to provide authentication
* modes of operation, like GCM. The defines below are a moving
* target based on OpenSSL library version. Grep is useful to find
* the defines: grep -IR SSL_OP_NO_ /usr/include/openssl.
*/
#ifdef HAVE_SSL
# ifdef SSL_OP_NO_SSLv2
const long NoOpenSSLv2 = SSL_OP_NO_SSLv2;
# else
const long NoOpenSSLv2 = 0L;
# endif
# ifdef SSL_OP_NO_SSLv3
const long NoOpenSSLv3 = SSL_OP_NO_SSLv3;
# else
const long NoOpenSSLv3 = 0L;
# endif
# ifdef SSL_OP_NO_TLSv1
const long NoOpenTLSv1 = SSL_OP_NO_TLSv1;
# else
const long NoOpenTLSv1 = 0L;
# endif
# ifdef SSL_OP_NO_DTLSv1
const long NoOpenDTLSv1 = SSL_OP_NO_DTLSv1;
# else
const long NoOpenDTLSv1 = 0L;
# endif
# ifdef SSL_OP_NO_COMPRESSION
const long NoOpenSSLCompression = SSL_OP_NO_COMPRESSION;
# else
const long NoOpenSSLCompression = 0L;
# endif
#endif
#if defined(USE_DANE_VERIFY) && defined(USE_DANE_TA_USAGE)
static SSL_CTX*
ldns_dane_new_ssl_context(void)
{
SSL_CTX* ssl_ctx;
ssl_ctx = SSL_CTX_new(TLS_client_method());
if (ssl_ctx != NULL)
{
/* ldns allows TLS and DTLS v1.0 at the moment. Some may disagree.
* Sometime in the future they may be disabled, too. Maybe
* --disable-tlsv1 and --disable-dtlsv1 should be configure options.
*/
long flags = NoOpenSSLv2 | NoOpenSSLv3 | NoOpenSSLCompression;
SSL_CTX_set_options(ssl_ctx, flags);
}
return ssl_ctx;
}
#endif
ldns_status
ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
uint16_t port, ldns_dane_transport transport)
@ -193,7 +250,7 @@ ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs,
}
/* Orinary PKIX validation of cert (with extra_certs to help)
/* Ordinary PKIX validation of cert (with extra_certs to help)
* against the CA's in store, but also return the validation chain.
*/
static ldns_status
@ -641,7 +698,7 @@ ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
* verification. We use these undocumented means with the ldns
* dane function prototypes which did only offline dane verification.
*/
if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
if (!(ssl_ctx = ldns_dane_new_ssl_context()))
s = LDNS_STATUS_MEM_ERR;
else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
@ -841,7 +898,7 @@ ldns_dane_verify(const ldns_rr_list* tlsas,
* verification. We use these undocumented means with the ldns
* dane function prototypes which did only offline dane verification.
*/
if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
if (!(ssl_ctx = ldns_dane_new_ssl_context()))
s = LDNS_STATUS_MEM_ERR;
else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)

2
contrib/ldns/dname.c
View File

@ -3,7 +3,7 @@
*
* dname specific rdata implementations
* A dname is a rdf structure with type LDNS_RDF_TYPE_DNAME
* It is not a /real/ type! All function must therefor check
* It is not a /real/ type! All function must therefore check
* for LDNS_RDF_TYPE_DNAME.
*
* a Net::DNS like library for C

91
contrib/ldns/dnssec.c
View File

@ -23,6 +23,11 @@
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/md5.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#ifdef USE_DSA
#include <openssl/dsa.h>
#endif
#endif
ldns_rr *
@ -149,6 +154,7 @@ ldns_dnssec_nsec3_closest_encloser(const ldns_rdf *qname,
LDNS_FREE(salt);
ldns_rdf_deep_free(zone_name);
ldns_rdf_deep_free(sname);
ldns_rdf_deep_free(hashed_sname);
return NULL;
}
@ -326,6 +332,7 @@ uint16_t ldns_calc_keytag_raw(const uint8_t* key, size_t keysize)
}
#ifdef HAVE_SSL
#ifdef USE_DSA
DSA *
ldns_key_buf2dsa(const ldns_buffer *key)
{
@ -365,7 +372,6 @@ ldns_key_buf2dsa_raw(const unsigned char* key, size_t len)
offset += length;
Y = BN_bin2bn(key+offset, (int)length, NULL);
offset += length;
/* create the key and set its properties */
if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
@ -375,7 +381,7 @@ ldns_key_buf2dsa_raw(const unsigned char* key, size_t len)
BN_free(Y);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
#ifndef S_SPLINT_S
dsa->p = P;
dsa->q = Q;
@ -402,6 +408,7 @@ ldns_key_buf2dsa_raw(const unsigned char* key, size_t len)
#endif /* OPENSSL_VERSION_NUMBER */
return dsa;
}
#endif /* USE_DSA */
RSA *
ldns_key_buf2rsa(const ldns_buffer *key)
@ -427,7 +434,7 @@ ldns_key_buf2rsa_raw(const unsigned char* key, size_t len)
return NULL;
/* need some smart comment here XXX*/
/* the exponent is too large so it's places
* futher...???? */
* further...???? */
memmove(&int16, key+1, 2);
exp = ntohs(int16);
offset = 3;
@ -461,7 +468,7 @@ ldns_key_buf2rsa_raw(const unsigned char* key, size_t len)
BN_free(modulus);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
#ifndef S_SPLINT_S
rsa->n = modulus;
rsa->e = exponent;
@ -905,7 +912,7 @@ ldns_dnssec_create_nsec3(const ldns_dnssec_name *from,
cur_rrsets = from->rrsets;
while (cur_rrsets) {
/* Do not include non-authoritative rrsets on the delegation point
* in the type bitmap. Potentionally not skipping insecure
* in the type bitmap. Potentially not skipping insecure
* delegation should have been done earlier, in function
* ldns_dnssec_zone_create_nsec3s, or even earlier in:
* ldns_dnssec_zone_sign_nsec3_flg .
@ -1327,6 +1334,8 @@ ldns_nsec3_salt_data(const ldns_rr *nsec3_rr)
ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr);
if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) {
salt_length = ldns_rdf_data(salt_rdf)[0];
if((size_t)salt_length+1 > ldns_rdf_size(salt_rdf))
return NULL;
salt = LDNS_XMALLOC(uint8_t, salt_length);
if(!salt) return NULL;
memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length);
@ -1556,6 +1565,7 @@ ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o,
ldns_rr_list *sigs_covered;
ldns_rdf *rdf_t;
ldns_rr_type t_netorder;
ldns_status status;
if (!k) {
return LDNS_STATUS_ERR;
@ -1607,7 +1617,9 @@ ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o,
}
return LDNS_STATUS_ERR;
}
return ldns_verify_time(rrset, sigs, k, check_time, good_keys);
status = ldns_verify_time(rrset, sigs, k, check_time, good_keys);
ldns_rr_list_deep_free(rrset);
return status;
}
ldns_status
@ -1896,7 +1908,7 @@ ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf)
{
/* convert from two BIGNUMs in the rdata buffer, to ASN notation.
* ASN preable: 30440220 <R 32bytefor256> 0220 <S 32bytefor256>
* ASN preamble: 30440220 <R 32bytefor256> 0220 <S 32bytefor256>
* the '20' is the length of that field (=bnsize).
* the '44' is the total remaining length.
* if negative, start with leading zero.
@ -1942,69 +1954,4 @@ ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
#endif /* S_SPLINT_S */
#endif /* USE_ECDSA */
#if defined(USE_ED25519) || defined(USE_ED448)
/* debug printout routine */
static void print_hex(const char* str, uint8_t* d, int len)
{
const char hex[] = "0123456789abcdef";
int i;
printf("%s [len=%d]: ", str, len);
for(i=0; i<len; i++) {
int x = (d[i]&0xf0)>>4;
int y = (d[i]&0x0f);
printf("%c%c", hex[x], hex[y]);
}
printf("\n");
}
#endif
#ifdef USE_ED25519
ldns_rdf *
ldns_convert_ed25519_rrsig_asn12rdf(const ldns_buffer *sig, long sig_len)
{
unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
ldns_rdf* rdf = NULL;
/* TODO when Openssl supports signing and you can test this */
print_hex("sig in ASN", data, sig_len);
return rdf;
}
ldns_status
ldns_convert_ed25519_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf)
{
/* TODO when Openssl supports signing and you can test this. */
/* convert sig_buf into ASN1 into the target_buffer */
print_hex("sig raw", ldns_rdf_data(sig_rdf), ldns_rdf_size(sig_rdf));
return ldns_buffer_status(target_buffer);
}
#endif /* USE_ED25519 */
#ifdef USE_ED448
ldns_rdf *
ldns_convert_ed448_rrsig_asn12rdf(const ldns_buffer *sig, long sig_len)
{
unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
ldns_rdf* rdf = NULL;
/* TODO when Openssl supports signing and you can test this */
print_hex("sig in ASN", data, sig_len);
return rdf;
}
ldns_status
ldns_convert_ed448_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf)
{
/* TODO when Openssl supports signing and you can test this. */
/* convert sig_buf into ASN1 into the target_buffer */
print_hex("sig raw", ldns_rdf_data(sig_rdf), ldns_rdf_size(sig_rdf));
return ldns_buffer_status(target_buffer);
}
#endif /* USE_ED448 */
#endif /* HAVE_SSL */

316
contrib/ldns/dnssec_sign.c
View File

@ -1,6 +1,7 @@
#include <ldns/config.h>
#include <ldns/ldns.h>
#include <ldns/internal.h>
#include <ldns/dnssec.h>
#include <ldns/dnssec_sign.h>
@ -17,8 +18,16 @@
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/md5.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#ifdef USE_DSA
#include <openssl/dsa.h>
#endif
#endif /* HAVE_SSL */
#define LDNS_SIGN_WITH_ZONEMD ( LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384 \
| LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512 )
ldns_rr *
ldns_create_empty_rrsig(const ldns_rr_list *rrset,
const ldns_key *current_key)
@ -184,7 +193,7 @@ ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
EVP_sha512());
NULL);
break;
#endif
#ifdef USE_ED448
@ -192,7 +201,7 @@ ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
EVP_sha512());
NULL);
break;
#endif
case LDNS_SIGN_RSAMD5:
@ -234,8 +243,6 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
new_owner = NULL;
signatures = ldns_rr_list_new();
/* prepare a signature and add all the know data
* prepare the rrset. Sign this together. */
rrset_clone = ldns_rr_list_clone(rrset);
@ -252,6 +259,8 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
/* sort */
ldns_rr_list_sort(rrset_clone);
signatures = ldns_rr_list_new();
for (key_count = 0;
key_count < ldns_key_list_key_count(keys);
key_count++) {
@ -320,14 +329,6 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
return signatures;
}
/**
* Sign data with DSA
*
* \param[in] to_sign The ldns_buffer containing raw data that is
* to be signed
* \param[in] key The DSA key structure to sign with
* \return ldns_rdf for the RRSIG ldns_rr
*/
ldns_rdf *
ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
{
@ -408,11 +409,14 @@ ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
{
EC_KEY* ec;
const EC_GROUP* g;
#ifdef HAVE_EVP_PKEY_BASE_ID
#ifdef HAVE_EVP_PKEY_GET_BASE_ID
if(EVP_PKEY_get_base_id(pkey) != EVP_PKEY_EC)
return 0;
#elif defined(HAVE_EVP_PKEY_BASE_ID)
if(EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
return 0;
#else
if(EVP_PKEY_type(key->type) != EVP_PKEY_EC)
if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC)
return 0;
#endif
ec = EVP_PKEY_get1_EC_KEY(pkey);
@ -456,8 +460,19 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
/* initializes a signing context */
md_type = digest_type;
#ifdef USE_ED25519
if(EVP_PKEY_id(key) == NID_ED25519) {
/* digest must be NULL for ED25519 sign and verify */
md_type = NULL;
} else
#endif
#ifdef USE_ED448
if(EVP_PKEY_id(key) == NID_ED448) {
md_type = NULL;
} else
#endif
if(!md_type) {
/* unknown message difest */
/* unknown message digest */
ldns_buffer_free(b64sig);
return NULL;
}
@ -473,23 +488,34 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
return NULL;
}
r = EVP_SignInit(ctx, md_type);
if(r == 1) {
r = EVP_SignUpdate(ctx, (unsigned char*)
ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign));
#if defined(USE_ED25519) || defined(USE_ED448)
if(md_type == NULL) {
/* for these methods we must use the one-shot DigestSign */
r = EVP_DigestSignInit(ctx, NULL, md_type, NULL, key);
if(r == 1) {
size_t siglen_sizet = ldns_buffer_capacity(b64sig);
r = EVP_DigestSign(ctx,
(unsigned char*)ldns_buffer_begin(b64sig),
&siglen_sizet,
(unsigned char*)ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign));
siglen = (unsigned int)siglen_sizet;
}
} else {
ldns_buffer_free(b64sig);
EVP_MD_CTX_destroy(ctx);
return NULL;
}
if(r == 1) {
r = EVP_SignFinal(ctx, (unsigned char*)
ldns_buffer_begin(b64sig), &siglen, key);
} else {
ldns_buffer_free(b64sig);
EVP_MD_CTX_destroy(ctx);
return NULL;
#else
r = 0;
if(md_type != NULL) {
#endif
r = EVP_SignInit(ctx, md_type);
if(r == 1) {
r = EVP_SignUpdate(ctx, (unsigned char*)
ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign));
}
if(r == 1) {
r = EVP_SignFinal(ctx, (unsigned char*)
ldns_buffer_begin(b64sig), &siglen, key);
}
}
if(r != 1) {
ldns_buffer_free(b64sig);
@ -502,7 +528,9 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
#ifdef USE_DSA
#ifndef S_SPLINT_S
/* unfortunately, OpenSSL output is different from DNS DSA format */
# ifdef HAVE_EVP_PKEY_BASE_ID
# ifdef HAVE_EVP_PKEY_GET_BASE_ID
if (EVP_PKEY_get_base_id(key) == EVP_PKEY_DSA) {
# elif defined(HAVE_EVP_PKEY_BASE_ID)
if (EVP_PKEY_base_id(key) == EVP_PKEY_DSA) {
# else
if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
@ -512,9 +540,11 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
}
#endif
#endif
#if defined(USE_ECDSA) || defined(USE_ED25519) || defined(USE_ED448)
#if defined(USE_ECDSA)
if(
# ifdef HAVE_EVP_PKEY_BASE_ID
# ifdef HAVE_EVP_PKEY_GET_BASE_ID
EVP_PKEY_get_base_id(key)
# elif defined(HAVE_EVP_PKEY_BASE_ID)
EVP_PKEY_base_id(key)
# else
EVP_PKEY_type(key->type)
@ -527,20 +557,6 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
b64sig, (long)siglen, ldns_pkey_is_ecdsa(key));
}
# endif /* USE_ECDSA */
# ifdef USE_ED25519
if(EVP_PKEY_id(key) == NID_X25519) {
r = 1;
sigdata_rdf = ldns_convert_ed25519_rrsig_asn12rdf(
b64sig, siglen);
}
# endif /* USE_ED25519 */
# ifdef USE_ED448
if(EVP_PKEY_id(key) == NID_X448) {
r = 1;
sigdata_rdf = ldns_convert_ed448_rrsig_asn12rdf(
b64sig, siglen);
}
# endif /* USE_ED448 */
}
#endif /* PKEY_EC */
if(r == 0) {
@ -642,7 +658,7 @@ ldns_dnssec_addresses_on_glue_list(
/* ldns_rr_list_push_rr()
* returns false when unable
* to increase the capacity
* of the ldsn_rr_list
* of the ldns_rr_list
*/
}
}
@ -653,20 +669,6 @@ ldns_dnssec_addresses_on_glue_list(
return LDNS_STATUS_OK;
}
/**
* Marks the names in the zone that are occluded. Those names will be skipped
* when walking the tree with the ldns_dnssec_name_node_next_nonglue()
* function. But watch out! Names that are partially occluded (like glue with
* the same name as the delegation) will not be marked and should specifically
* be taken into account separately.
*
* When glue_list is given (not NULL), in the process of marking the names, all
* glue resource records will be pushed to that list, even glue at delegation names.
*
* \param[in] zone the zone in which to mark the names
* \param[in] glue_list the list to which to push the glue rrs
* \return LDNS_STATUS_OK on success, an error code otherwise
*/
ldns_status
ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
ldns_rr_list *glue_list)
@ -678,7 +680,7 @@ ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
/* When the cut is caused by a delegation, below_delegation will be 1.
* When caused by a DNAME, below_delegation will be 0.
*/
int below_delegation = -1; /* init suppresses comiler warning */
int below_delegation = -1; /* init suppresses compiler warning */
ldns_status s;
if (!zone || !zone->names) {
@ -700,7 +702,7 @@ ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
* FIXME! If there are labels in between the SOA and
* the cut, going from the authoritative space (below
* the SOA) up into occluded space again, will not be
* detected with the contruct below!
* detected with the construct below!
*/
if (ldns_dname_is_subdomain(owner, cut) &&
!ldns_dnssec_rrsets_contains_type(
@ -746,16 +748,6 @@ ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
return LDNS_STATUS_OK;
}
/**
* Marks the names in the zone that are occluded. Those names will be skipped
* when walking the tree with the ldns_dnssec_name_node_next_nonglue()
* function. But watch out! Names that are partially occluded (like glue with
* the same name as the delegation) will not be marked and should specifically
* be taken into account separately.
*
* \param[in] zone the zone in which to mark the names
* \return LDNS_STATUS_OK on success, an error code otherwise
*/
ldns_status
ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
{
@ -799,17 +791,24 @@ ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
uint32_t nsec_ttl;
ldns_dnssec_rrsets *soa;
/* the TTL of NSEC rrs should be set to the minimum TTL of
* the zone SOA (RFC4035 Section 2.3)
/* The TTL value for any NSEC RR SHOULD be the same TTL value as the
* lesser of the MINIMUM field of the SOA record and the TTL of the SOA
* itself. This matches the definition of the TTL for negative
* responses in [RFC2308]. (draft-ietf-dnsop-nsec-ttl-01 update of
* RFC4035 Section 2.3)
*/
soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA);
/* did the caller actually set it? if not,
* fall back to default ttl
*/
if (soa && soa->rrs && soa->rrs->rr
&& (ldns_rr_rdf(soa->rrs->rr, 6) != NULL)) {
nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6));
if (soa && soa->rrs && soa->rrs->rr) {
ldns_rr *soa_rr = soa->rrs->rr;
ldns_rdf *min_rdf = ldns_rr_rdf(soa_rr, 6);
nsec_ttl = min_rdf == NULL
|| ldns_rr_ttl(soa_rr) < ldns_rdf2native_int32(min_rdf)
? ldns_rr_ttl(soa_rr) : ldns_rdf2native_int32(min_rdf);
} else {
nsec_ttl = LDNS_DEFAULT_TTL;
}
@ -893,17 +892,24 @@ ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone,
return LDNS_STATUS_ERR;
}
/* the TTL of NSEC rrs should be set to the minimum TTL of
* the zone SOA (RFC4035 Section 2.3)
/* The TTL value for any NSEC RR SHOULD be the same TTL value as the
* lesser of the MINIMUM field of the SOA record and the TTL of the SOA
* itself. This matches the definition of the TTL for negative
* responses in [RFC2308]. (draft-ietf-dnsop-nsec-ttl-01 update of
* RFC4035 Section 2.3)
*/
soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA);
/* did the caller actually set it? if not,
* fall back to default ttl
*/
if (soa && soa->rrs && soa->rrs->rr
&& ldns_rr_rdf(soa->rrs->rr, 6) != NULL) {
nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6));
if (soa && soa->rrs && soa->rrs->rr) {
ldns_rr *soa_rr = soa->rrs->rr;
ldns_rdf *min_rdf = ldns_rr_rdf(soa_rr, 6);
nsec_ttl = min_rdf == NULL
|| ldns_rr_ttl(soa_rr) < ldns_rdf2native_int32(min_rdf)
? ldns_rr_ttl(soa_rr) : ldns_rdf2native_int32(min_rdf);
} else {
nsec_ttl = LDNS_DEFAULT_TTL;
}
@ -984,7 +990,6 @@ ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone,
; hashmap_node != LDNS_RBTREE_NULL
; hashmap_node = ldns_rbtree_next(hashmap_node)
) {
current_name = (ldns_dnssec_name *) hashmap_node->data;
nsec_rr = ((ldns_dnssec_name *) hashmap_node->data)->nsec;
if (nsec_rr) {
ldns_rr_list_push_rr(nsec3_list, nsec_rr);
@ -1129,17 +1134,22 @@ ldns_key_list_filter_for_dnskey(ldns_key_list *key_list, int flags)
if (!ldns_key_list_key_count(key_list))
return;
/* Mark all KSKs */
for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if ((ldns_key_flags(key) & LDNS_KEY_SEP_KEY) && !saw_ksk)
saw_ksk = ldns_key_algorithm(key);
algos[ldns_key_algorithm(key)] = true;
if ((ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) {
if (!saw_ksk)
saw_ksk = ldns_key_algorithm(key);
algos[ldns_key_algorithm(key)] = true;
}
}
if (!saw_ksk)
return;
else
algos[saw_ksk] = 0;
return; /* No KSKs means sign using all ZSKs */
/* Deselect the ZSKs so they do not sign DNSKEY RRs.
* Except with the LDNS_SIGN_WITH_ALL_ALGORITHMS flag, then use it,
* but only if it has an algorithm for which there is no KSK
*/
for (i =0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if (!(ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) {
@ -1147,15 +1157,15 @@ ldns_key_list_filter_for_dnskey(ldns_key_list *key_list, int flags)
* Still use it if it has a unique algorithm though!
*/
if ((flags & LDNS_SIGN_WITH_ALL_ALGORITHMS) &&
algos[ldns_key_algorithm(key)])
algos[ldns_key_algorithm(key)] = false;
!algos[ldns_key_algorithm(key)])
algos[ldns_key_algorithm(key)] = true;
else
ldns_key_set_use(key, 0);
}
}
}
/** If there are no ZSKs use KSK as ZSK */
/** If there are no ZSKs use KSKs as ZSK too */
static void
ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list, int flags)
{
@ -1171,17 +1181,22 @@ ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list, int flags)
if (!ldns_key_list_key_count(key_list))
return;
/* Mark all ZSKs */
for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if (!(ldns_key_flags(key) & LDNS_KEY_SEP_KEY) && !saw_zsk)
saw_zsk = ldns_key_algorithm(key);
algos[ldns_key_algorithm(key)] = true;
if (!(ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) {
if (!saw_zsk)
saw_zsk = ldns_key_algorithm(key);
algos[ldns_key_algorithm(key)] = true;
}
}
if (!saw_zsk)
return;
else
algos[saw_zsk] = 0;
return; /* No ZSKs means sign using all KSKs */
/* Deselect the KSKs so they do not sign non DNSKEY RRs.
* Except with the LDNS_SIGN_WITH_ALL_ALGORITHMS flag, then use it,
* but only if it has an algorithm for which there is no ZSK
*/
for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if((ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) {
@ -1189,8 +1204,8 @@ ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list, int flags)
* Still use it if it has a unique algorithm though!
*/
if ((flags & LDNS_SIGN_WITH_ALL_ALGORITHMS) &&
algos[ldns_key_algorithm(key)])
algos[ldns_key_algorithm(key)] = false;
!algos[ldns_key_algorithm(key)])
algos[ldns_key_algorithm(key)] = true;
else
ldns_key_set_use(key, 0);
}
@ -1251,12 +1266,15 @@ ldns_dnssec_zone_create_rrsigs_flg( ldns_dnssec_zone *zone
key_list,
func,
arg);
if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK) &&
cur_rrset->type == LDNS_RR_TYPE_DNSKEY)
ldns_key_list_filter_for_dnskey(key_list, flags);
if(cur_rrset->type != LDNS_RR_TYPE_DNSKEY)
if(cur_rrset->type == LDNS_RR_TYPE_DNSKEY ||
cur_rrset->type == LDNS_RR_TYPE_CDNSKEY ||
cur_rrset->type == LDNS_RR_TYPE_CDS) {
if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK)) {
ldns_key_list_filter_for_dnskey(key_list, flags);
}
} else {
ldns_key_list_filter_for_non_dnskey(key_list, flags);
}
/* TODO: just set count to zero? */
rr_list = ldns_rr_list_new();
@ -1359,25 +1377,46 @@ ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
int flags)
{
ldns_status result = LDNS_STATUS_OK;
ldns_dnssec_rrsets zonemd_rrset;
bool zonemd_added = false;
if (!zone || !new_rrs || !key_list) {
return LDNS_STATUS_ERR;
}
if (flags & LDNS_SIGN_WITH_ZONEMD) {
ldns_dnssec_rrsets **rrsets_ref = &zone->soa->rrsets;
while (*rrsets_ref
&& (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD)
rrsets_ref = &(*rrsets_ref)->next;
if (!*rrsets_ref
|| (*rrsets_ref)->type > LDNS_RR_TYPE_ZONEMD) {
zonemd_rrset.rrs = NULL;
zonemd_rrset.type = LDNS_RR_TYPE_ZONEMD;
zonemd_rrset.signatures = NULL;
zonemd_rrset.next = *rrsets_ref;
*rrsets_ref = &zonemd_rrset;
zonemd_added = true;
}
}
/* zone is already sorted */
result = ldns_dnssec_zone_mark_glue(zone);
if (result != LDNS_STATUS_OK) {
return result;
}
/* check whether we need to add nsecs */
if (zone->names && !((ldns_dnssec_name *)zone->names->root->data)->nsec) {
if ((flags & LDNS_SIGN_NO_KEYS_NO_NSECS)
&& ldns_key_list_key_count(key_list) < 1)
; /* pass */
else if (zone->names
&& !((ldns_dnssec_name *)zone->names->root->data)->nsec) {
result = ldns_dnssec_zone_create_nsecs(zone, new_rrs);
if (result != LDNS_STATUS_OK) {
return result;
}
}
result = ldns_dnssec_zone_create_rrsigs_flg(zone,
new_rrs,
key_list,
@ -1385,7 +1424,18 @@ ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
arg,
flags);
return result;
if (zonemd_added) {
ldns_dnssec_rrsets **rrsets_ref
= &zone->soa->rrsets;
while (*rrsets_ref
&& (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD)
rrsets_ref = &(*rrsets_ref)->next;
*rrsets_ref = zonemd_rrset.next;
}
return flags & LDNS_SIGN_WITH_ZONEMD
? dnssec_zone_equip_zonemd(zone, new_rrs, key_list, flags)
: result;
}
ldns_status
@ -1421,6 +1471,8 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
{
ldns_rr *nsec3, *nsec3param;
ldns_status result = LDNS_STATUS_OK;
bool zonemd_added = false;
ldns_dnssec_rrsets zonemd_rrset;
/* zone is already sorted */
result = ldns_dnssec_zone_mark_glue(zone);
@ -1439,7 +1491,13 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
}
nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec;
if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) {
/* check whether we need to add nsecs */
if ((signflags & LDNS_SIGN_NO_KEYS_NO_NSECS)
&& ldns_key_list_key_count(key_list) < 1)
; /* pass */
else if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) {
/* no need to recreate */
} else {
if (!ldns_dnssec_zone_find_rrset(zone,
@ -1466,6 +1524,23 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
}
ldns_rr_list_push_rr(new_rrs, nsec3param);
}
if (signflags & LDNS_SIGN_WITH_ZONEMD) {
ldns_dnssec_rrsets **rrsets_ref
= &zone->soa->rrsets;
while (*rrsets_ref
&& (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD)
rrsets_ref = &(*rrsets_ref)->next;
if (!*rrsets_ref
|| (*rrsets_ref)->type > LDNS_RR_TYPE_ZONEMD) {
zonemd_rrset.rrs = NULL;
zonemd_rrset.type = LDNS_RR_TYPE_ZONEMD;
zonemd_rrset.signatures = NULL;
zonemd_rrset.next = *rrsets_ref;
*rrsets_ref = &zonemd_rrset;
zonemd_added = true;
}
}
result = ldns_dnssec_zone_create_nsec3s_mkmap(zone,
new_rrs,
algorithm,
@ -1474,6 +1549,15 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
salt_length,
salt,
map);
if (zonemd_added) {
ldns_dnssec_rrsets **rrsets_ref
= &zone->soa->rrsets;
while (*rrsets_ref
&& (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD)
rrsets_ref = &(*rrsets_ref)->next;
*rrsets_ref = zonemd_rrset.next;
}
if (result != LDNS_STATUS_OK) {
return result;
}
@ -1486,8 +1570,12 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
arg,
signflags);
}
if (result || !zone->names)
return result;
return result;
return signflags & LDNS_SIGN_WITH_ZONEMD
? dnssec_zone_equip_zonemd(zone, new_rrs, key_list, signflags)
: result;
}
ldns_status

208
contrib/ldns/dnssec_verify.c
View File

@ -21,7 +21,7 @@ ldns_dnssec_data_chain_new(void)
ldns_dnssec_data_chain *nc = LDNS_CALLOC(ldns_dnssec_data_chain, 1);
if(!nc) return NULL;
/*
* not needed anymore because CALLOC initalizes everything to zero.
* not needed anymore because CALLOC initializes everything to zero.
nc->rrset = NULL;
nc->parent_type = 0;
@ -415,14 +415,17 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
new_chain);
}
if (type != LDNS_RR_TYPE_DNSKEY) {
ldns_dnssec_build_data_chain_dnskey(res,
qflags,
pkt,
signatures,
new_chain,
key_name,
c
);
if (type != LDNS_RR_TYPE_DS ||
ldns_dname_is_subdomain(name, key_name)) {
ldns_dnssec_build_data_chain_dnskey(res,
qflags,
pkt,
signatures,
new_chain,
key_name,
c
);
}
} else {
ldns_dnssec_build_data_chain_other(res,
qflags,
@ -594,7 +597,9 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE *out,
if (tree->parent_status[i]
== LDNS_STATUS_SSL_ERR) {
printf("; SSL Error: ");
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
ERR_load_crypto_strings();
#endif
ERR_print_errors_fp(stdout);
printf("\n");
}
@ -903,8 +908,9 @@ ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
cur_status = ldns_verify_rrsig_time(
cur_rrset, cur_sig_rr,
cur_parent_rr, check_time);
(void) ldns_dnssec_trust_tree_add_parent(new_tree,
cur_parent_tree, cur_sig_rr, cur_status);
if (ldns_dnssec_trust_tree_add_parent(new_tree,
cur_parent_tree, cur_sig_rr, cur_status))
ldns_dnssec_trust_tree_free(cur_parent_tree);
}
}
}
@ -1018,8 +1024,10 @@ ldns_dnssec_derive_trust_tree_no_sig_time(
data_chain->parent,
cur_parent_rr,
check_time);
(void) ldns_dnssec_trust_tree_add_parent(new_tree,
cur_parent_tree, NULL, result);
if (ldns_dnssec_trust_tree_add_parent(new_tree,
cur_parent_tree, NULL, result))
ldns_dnssec_trust_tree_free(cur_parent_tree);
}
}
}
@ -1495,7 +1503,7 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
ldns_rr_list *rrsigs)
{
ldns_rdf *rr_name;
ldns_rdf *wildcard_name;
ldns_rdf *wildcard_name = NULL;
ldns_rdf *chopped_dname;
ldns_rr *cur_nsec;
size_t i;
@ -1506,14 +1514,19 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
bool type_covered = false;
bool wildcard_covered = false;
bool wildcard_type_covered = false;
bool rr_name_is_root = false;
wildcard_name = ldns_dname_new_frm_str("*");
rr_name = ldns_rr_owner(rr);
chopped_dname = ldns_dname_left_chop(rr_name);
result = ldns_dname_cat(wildcard_name, chopped_dname);
ldns_rdf_deep_free(chopped_dname);
if (result != LDNS_STATUS_OK) {
return result;
rr_name_is_root = ldns_rdf_size(rr_name) == 1
&& *ldns_rdf_data(rr_name) == 0;
if (!rr_name_is_root) {
wildcard_name = ldns_dname_new_frm_str("*");
chopped_dname = ldns_dname_left_chop(rr_name);
result = ldns_dname_cat(wildcard_name, chopped_dname);
ldns_rdf_deep_free(chopped_dname);
if (result != LDNS_STATUS_OK) {
return result;
}
}
for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
@ -1540,6 +1553,9 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
name_covered = true;
}
if (rr_name_is_root)
continue;
if (ldns_dname_compare(wildcard_name,
ldns_rr_owner(cur_nsec)) == 0) {
if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(cur_nsec),
@ -1560,6 +1576,9 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
return LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
}
if (rr_name_is_root)
return LDNS_STATUS_OK;
if (wildcard_type_covered || !wildcard_covered) {
return LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED;
}
@ -1583,8 +1602,6 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
bool wildcard_covered = false;
ldns_rdf *zone_name;
ldns_rdf *hashed_name;
/* self assignment to suppress uninitialized warning */
ldns_rdf *next_closer = next_closer;
ldns_rdf *hashed_next_closer;
size_t i;
ldns_status result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
@ -1659,6 +1676,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
}
}
}
ldns_rdf_deep_free(hashed_name);
result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
/* wildcard no data? section 8.7 */
closest_encloser = ldns_dnssec_nsec3_closest_encloser(
@ -1748,7 +1766,9 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
/* Query name *is* the "next closer". */
hashed_next_closer = hashed_name;
} else {
ldns_rdf *next_closer;
ldns_rdf_deep_free(hashed_name);
/* "next closer" has less labels than the query name.
* Create the name and hash it.
*/
@ -1762,6 +1782,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
next_closer
);
(void) ldns_dname_cat(hashed_next_closer, zone_name);
ldns_rdf_deep_free(next_closer);
}
/* Find the NSEC3 that covers the "next closer" */
for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
@ -1776,15 +1797,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
break;
}
}
if (ldns_dname_label_count(closest_encloser) + 1
< ldns_dname_label_count(ldns_rr_owner(rr))) {
/* "next closer" has less labels than the query name.
* Dispose of the temporary variables that held that name.
*/
ldns_rdf_deep_free(hashed_next_closer);
ldns_rdf_deep_free(next_closer);
}
ldns_rdf_deep_free(hashed_next_closer);
ldns_rdf_deep_free(closest_encloser);
}
@ -1858,27 +1871,19 @@ ldns_verify_rrsig_gost_raw(const unsigned char* sig, size_t siglen,
EVP_PKEY*
ldns_ed255192pkey_raw(const unsigned char* key, size_t keylen)
{
const unsigned char* pp = key; /* pp gets modified by o2i() */
/* ASN1 for ED25519 is 302a300506032b6570032100 <32byteskey> */
uint8_t pre[] = {0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x70, 0x03, 0x21, 0x00};
int pre_len = 12;
uint8_t buf[256];
EVP_PKEY *evp_key;
EC_KEY *ec;
if(keylen != 32)
/* pp gets modified by d2i() */
const unsigned char* pp = (unsigned char*)buf;
if(keylen != 32 || keylen + pre_len > sizeof(buf))
return NULL; /* wrong length */
ec = EC_KEY_new_by_curve_name(NID_X25519);
if(!ec) return NULL;
if(!o2i_ECPublicKey(&ec, &pp, (int)keylen)) {
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
memmove(buf, pre, pre_len);
memmove(buf+pre_len, key, keylen);
evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
return evp_key;
}
@ -1894,8 +1899,7 @@ ldns_verify_rrsig_ed25519_raw(unsigned char* sig, size_t siglen,
/* could not convert key */
return LDNS_STATUS_CRYPTO_BOGUS;
}
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key,
EVP_sha512());
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, NULL);
EVP_PKEY_free(evp_key);
return result;
}
@ -1905,27 +1909,19 @@ ldns_verify_rrsig_ed25519_raw(unsigned char* sig, size_t siglen,
EVP_PKEY*
ldns_ed4482pkey_raw(const unsigned char* key, size_t keylen)
{
const unsigned char* pp = key; /* pp gets modified by o2i() */
/* ASN1 for ED448 is 3043300506032b6571033a00 <57byteskey> */
uint8_t pre[] = {0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x71, 0x03, 0x3a, 0x00};
int pre_len = 12;
uint8_t buf[256];
EVP_PKEY *evp_key;
EC_KEY *ec;
if(keylen != 57)
/* pp gets modified by d2i() */
const unsigned char* pp = (unsigned char*)buf;
if(keylen != 57 || keylen + pre_len > sizeof(buf))
return NULL; /* wrong length */
ec = EC_KEY_new_by_curve_name(NID_X448);
if(!ec) return NULL;
if(!o2i_ECPublicKey(&ec, &pp, (int)keylen)) {
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
memmove(buf, pre, pre_len);
memmove(buf+pre_len, key, keylen);
evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
return evp_key;
}
@ -1941,8 +1937,7 @@ ldns_verify_rrsig_ed448_raw(unsigned char* sig, size_t siglen,
/* could not convert key */
return LDNS_STATUS_CRYPTO_BOGUS;
}
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key,
EVP_sha512());
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, NULL);
EVP_PKEY_free(evp_key);
return result;
}
@ -2187,6 +2182,12 @@ ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, const ldns_rr* rrsig)
#endif
#ifdef USE_GOST
case LDNS_ECC_GOST:
#endif
#ifdef USE_ED25519
case LDNS_ED25519:
#endif
#ifdef USE_ED448
case LDNS_ED448:
#endif
if (ldns_rr_rdf(rrsig, 8) == NULL) {
return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
@ -2228,32 +2229,6 @@ ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, const ldns_rr* rrsig)
return LDNS_STATUS_MEM_ERR;
}
break;
#endif
#ifdef USE_ED25519
case LDNS_ED25519:
/* EVP produces an ASN prefix on the signature, which is
* not used in the DNS */
if (ldns_rr_rdf(rrsig, 8) == NULL) {
return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
}
if (ldns_convert_ed25519_rrsig_rdf2asn1(
rawsig_buf, ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) {
return LDNS_STATUS_MEM_ERR;
}
break;
#endif
#ifdef USE_ED448
case LDNS_ED448:
/* EVP produces an ASN prefix on the signature, which is
* not used in the DNS */
if (ldns_rr_rdf(rrsig, 8) == NULL) {
return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
}
if (ldns_convert_ed448_rrsig_rdf2asn1(
rawsig_buf, ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) {
return LDNS_STATUS_MEM_ERR;
}
break;
#endif
case LDNS_DH:
case LDNS_ECC:
@ -2428,8 +2403,12 @@ ldns_verify_rrsig_keylist_time(
ldns_rr_list *good_keys)
{
ldns_status result;
ldns_rr_list *valid = ldns_rr_list_new();
if (!valid)
ldns_rr_list *valid;
if (!good_keys)
valid = NULL;
else if (!(valid = ldns_rr_list_new()))
return LDNS_STATUS_MEM_ERR;
result = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, valid);
@ -2633,16 +2612,31 @@ ldns_verify_rrsig_evp_raw(const unsigned char *sig, size_t siglen,
if(!ctx)
return LDNS_STATUS_MEM_ERR;
EVP_VerifyInit(ctx, digest_type);
EVP_VerifyUpdate(ctx,
ldns_buffer_begin(rrset),
ldns_buffer_position(rrset));
res = EVP_VerifyFinal(ctx, sig, (unsigned int) siglen, key);
#if defined(USE_ED25519) || defined(USE_ED448)
if(!digest_type) {
res = EVP_DigestVerifyInit(ctx, NULL, digest_type, NULL, key);
if(res == 1) {
res = EVP_DigestVerify(ctx, sig, siglen,
ldns_buffer_begin(rrset),
ldns_buffer_position(rrset));
}
} else {
#else
res = 0;
if(digest_type) {
#endif
EVP_VerifyInit(ctx, digest_type);
EVP_VerifyUpdate(ctx,
ldns_buffer_begin(rrset),
ldns_buffer_position(rrset));
res = EVP_VerifyFinal(ctx, sig, (unsigned int) siglen, key);
}
EVP_MD_CTX_destroy(ctx);
if (res == 1) {
return LDNS_STATUS_OK;
} else if (res == 0) {
return LDNS_STATUS_CRYPTO_BOGUS;
}

850
contrib/ldns/dnssec_zone.c
View File

@ -5,6 +5,7 @@
#include <ldns/config.h>
#include <ldns/ldns.h>
#include <ldns/internal.h>
ldns_dnssec_rrs *
ldns_dnssec_rrs_new(void)
@ -323,7 +324,7 @@ ldns_dnssec_name_new(void)
return NULL;
}
/*
* not needed anymore because CALLOC initalizes everything to zero.
* not needed anymore because CALLOC initializes everything to zero.
new_name->name = NULL;
new_name->rrsets = NULL;
@ -370,9 +371,10 @@ ldns_dnssec_name_free_internal(ldns_dnssec_name *name,
ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep);
}
if (name->hashed_name) {
if (deep) {
ldns_rdf_deep_free(name->hashed_name);
}
/* Hashed name is always allocated when signing,
* so always deep free
*/
ldns_rdf_deep_free(name->hashed_name);
}
LDNS_FREE(name);
}
@ -588,7 +590,7 @@ rr_is_rrsig_covering(ldns_rr* rr, ldns_rr_type t)
/* When the zone is first read into an list and then inserted into an
* ldns_dnssec_zone (rbtree) the nodes of the rbtree are allocated close (next)
* to each other. Because ldns-verify-zone (the only program that uses this
* function) uses the rbtree mostly for sequentual walking, this results
* function) uses the rbtree mostly for sequential walking, this results
* in a speed increase (of 15% on linux) because we have less CPU-cache misses.
*/
#define FASTER_DNSSEC_ZONE_NEW_FRM_FP 1 /* Because of L2 cache efficiency */
@ -606,7 +608,7 @@ ldns_todo_nsec3_ents_node_free(ldns_rbnode_t *node, void *arg) {
ldns_status
ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* origin,
uint32_t ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr)
uint32_t default_ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr)
{
ldns_rr* cur_rr;
size_t i;
@ -626,7 +628,7 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
nsec3_ents (where ent is e.n.t.; i.e. empty non terminal) will
hold the NSEC3s that still didn't have a matching name in the
zone tree, even after all names were read. They can only match
after the zone is equiped with all the empty non terminals. */
after the zone is equipped with all the empty non terminals. */
ldns_rbtree_t todo_nsec3_ents;
ldns_rbnode_t *new_node;
ldns_rr_list* todo_nsec3_rrsigs = ldns_rr_list_new();
@ -636,13 +638,19 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
ldns_zone* zone = NULL;
#else
uint32_t my_ttl = ttl;
ldns_rr *prev_rr = NULL;
uint32_t my_ttl = default_ttl;
/* RFC 1035 Section 5.1, says 'Omitted class and TTL values are default
* to the last explicitly stated values.'
*/
bool ttl_from_TTL = false;
bool explicit_ttl = false;
#endif
ldns_rbtree_init(&todo_nsec3_ents, ldns_dname_compare_v);
#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
status = ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr);
status = ldns_zone_new_frm_fp_l(&zone, fp, origin, default_ttl, c, line_nr);
if (status != LDNS_STATUS_OK)
goto error;
#endif
@ -672,13 +680,61 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
status = LDNS_STATUS_OK;
#else
while (!feof(fp)) {
/* If ttl came from $TTL line, then it should be the default.
* (RFC 2308 Section 4)
* Otherwise it "defaults to the last explicitly stated value"
* (RFC 1035 Section 5.1)
*/
if (ttl_from_TTL)
my_ttl = default_ttl;
status = ldns_rr_new_frm_fp_l(&cur_rr, fp, &my_ttl, &my_origin,
&my_prev, line_nr);
&my_prev, line_nr, &explicit_ttl);
#endif
switch (status) {
case LDNS_STATUS_OK:
#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP
if (explicit_ttl) {
if (!ttl_from_TTL) {
/* No $TTL, so ttl "defaults to the
* last explicitly stated value"
* (RFC 1035 Section 5.1)
*/
my_ttl = ldns_rr_ttl(cur_rr);
}
/* When ttl is implicit, try to adhere to the rules as
* much as possible. (also for compatibility with bind)
* This was changed when fixing an issue with ZONEMD
* which hashes the TTL too.
*/
} else if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SIG
|| ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG) {
if (ldns_rr_rd_count(cur_rr) >= 4
&& ldns_rdf_get_type(ldns_rr_rdf(cur_rr, 3)) == LDNS_RDF_TYPE_INT32)
/* SIG without explicit ttl get ttl
* from the original_ttl field
* (RFC 2535 Section 7.2)
*
* Similarly for RRSIG, but stated less
* specifically in the spec.
* (RFC 4034 Section 3)
*/
ldns_rr_set_ttl(cur_rr,
ldns_rdf2native_int32(
ldns_rr_rdf(rr, 3)));
} else if (prev_rr
&& ldns_rr_get_type(prev_rr) == ldns_rr_get_type(cur_rr)
&& ldns_dname_compare( ldns_rr_owner(prev_rr)
, ldns_rr_owner(cur_rr)) == 0)
/* "TTLs of all RRs in an RRSet must be the same"
* (RFC 2881 Section 5.2)
*/
ldns_rr_set_ttl(cur_rr, ldns_rr_ttl(prev_rr));
prev_rr = cur_rr;
#endif
status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
if (status ==
LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) {
@ -698,9 +754,16 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
break;
case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/
#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP
default_ttl = my_ttl;
ttl_from_TTL = true;
#endif
status = LDNS_STATUS_OK;
break;
case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */
case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/
case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/
status = LDNS_STATUS_OK;
break;
@ -746,6 +809,7 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
newzone = NULL;
} else {
ldns_dnssec_zone_free(newzone);
newzone = NULL;
}
error:
@ -792,10 +856,21 @@ ldns_dnssec_name_node_deep_free(ldns_rbnode_t *node, void *arg) {
LDNS_FREE(node);
}
static void
ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) {
(void) arg;
LDNS_FREE(node);
}
void
ldns_dnssec_zone_free(ldns_dnssec_zone *zone)
{
if (zone) {
if (zone->hashed_names) {
ldns_traverse_postorder(zone->hashed_names,
ldns_hashed_names_node_free, NULL);
LDNS_FREE(zone->hashed_names);
}
if (zone->names) {
/* destroy all name structures within the tree */
ldns_traverse_postorder(zone->names,
@ -811,6 +886,11 @@ void
ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone)
{
if (zone) {
if (zone->hashed_names) {
ldns_traverse_postorder(zone->hashed_names,
ldns_hashed_names_node_free, NULL);
LDNS_FREE(zone->hashed_names);
}
if (zone->names) {
/* destroy all name structures within the tree */
ldns_traverse_postorder(zone->names,
@ -832,12 +912,6 @@ static void
ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone,
ldns_dnssec_name* name, ldns_rr* nsec3rr);
static void
ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) {
(void) arg;
LDNS_FREE(node);
}
static void
ldns_dnssec_zone_hashed_names_from_nsec3(
ldns_dnssec_zone* zone, ldns_rr* nsec3rr)
@ -907,20 +981,22 @@ ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone,
static ldns_rbnode_t *
ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone, ldns_rr *rr) {
ldns_rdf *hashed_name;
ldns_rbnode_t *to_return;
hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0);
if (hashed_name == NULL) {
return NULL;
}
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 && ! zone->_nsec3params){
ldns_dnssec_zone_hashed_names_from_nsec3(zone, rr);
}
if (zone->hashed_names == NULL) {
ldns_rdf_deep_free(hashed_name);
return NULL;
}
return ldns_rbtree_search(zone->hashed_names, hashed_name);
hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0);
if (hashed_name == NULL) {
return NULL;
}
to_return = ldns_rbtree_search(zone->hashed_names, hashed_name);
ldns_rdf_deep_free(hashed_name);
return to_return;
}
ldns_status
@ -1105,8 +1181,12 @@ ldns_dnssec_zone_add_empty_nonterminals_nsec3(
ldns_rdf *ent_name;
if (!(ent_name = ldns_dname_clone_from(
next_name, i)))
next_name, i))) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
return LDNS_STATUS_MEM_ERR;
}
if (nsec3s && zone->_nsec3params) {
ldns_rdf *ent_hashed_name;
@ -1114,28 +1194,35 @@ ldns_dnssec_zone_add_empty_nonterminals_nsec3(
if (!(ent_hashed_name =
ldns_nsec3_hash_name_frm_nsec3(
zone->_nsec3params,
ent_name)))
ent_name))) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
ldns_rdf_deep_free(ent_name);
return LDNS_STATUS_MEM_ERR;
}
node = ldns_rbtree_search(nsec3s,
ent_hashed_name);
ldns_rdf_deep_free(ent_hashed_name);
if (!node) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
ldns_rdf_deep_free(ent_name);
continue;
}
}
new_name = ldns_dnssec_name_new();
if (!new_name) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
ldns_rdf_deep_free(ent_name);
return LDNS_STATUS_MEM_ERR;
}
new_name->name = ent_name;
if (!new_name->name) {
ldns_dnssec_name_free(new_name);
return LDNS_STATUS_MEM_ERR;
}
new_name->name_alloced = true;
new_node = LDNS_MALLOC(ldns_rbnode_t);
if (!new_node) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
ldns_dnssec_name_free(new_name);
return LDNS_STATUS_MEM_ERR;
}
@ -1190,3 +1277,706 @@ ldns_dnssec_zone_is_nsec3_optout(const ldns_dnssec_zone* zone)
}
return false;
}
/*
* Stuff for calculating and verifying zone digests
*/
typedef enum dnssec_zone_rr_iter_state {
DNSSEC_ZONE_RR_ITER_LT_RRSIG
, DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC
, DNSSEC_ZONE_RR_ITER_REST
, DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC
, DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST
, DNSSEC_ZONE_RR_ITER_NSEC3
, DNSSEC_ZONE_RR_ITER_FINI
} dnssec_zone_rr_iter_state;
typedef struct dnssec_zone_rr_iter {
ldns_dnssec_zone *zone;
ldns_rbnode_t *node;
ldns_dnssec_name *name;
ldns_dnssec_rrsets *rrsets;
ldns_dnssec_rrs *rrs;
ldns_dnssec_rrsets *rrsets4rrsigs;
ldns_rbnode_t *nsec3_node;
ldns_dnssec_name *nsec3_name;
dnssec_zone_rr_iter_state state;
ldns_rdf *apex_name;
uint8_t apex_labs;
} dnssec_zone_rr_iter;
INLINE void
dnssec_zone_rr_iter_set_state_for_next_name(dnssec_zone_rr_iter *i)
{
/* Make sure the i->name is "in zone" (i.e. below the apex) */
if (i->apex_name) {
ldns_rdf *name = (ldns_rdf *)i->node->key;
while (i->name && name != i->apex_name /* not apex */
&& ( ldns_dname_label_count(name) != i->apex_labs
|| ldns_dname_compare(name, i->apex_name)) /* not apex */
&& !ldns_dname_is_subdomain(name, i->apex_name) /* no sub */) {
/* next name */
i->node = ldns_rbtree_next(i->node);
if (i->node == LDNS_RBTREE_NULL)
i->name = NULL;
else {
i->name = (ldns_dnssec_name *)i->node->data;
name = (ldns_rdf *)i->node->key;
}
}
}
/* determine state */
if (!i->name) {
if (!i->nsec3_name)
i->state = DNSSEC_ZONE_RR_ITER_FINI;
else {
i->rrs = i->nsec3_name->nsec_signatures;
i->state = DNSSEC_ZONE_RR_ITER_NSEC3;
}
} else if (!i->nsec3_name) {
i->rrsets = i->name->rrsets;
i->state = DNSSEC_ZONE_RR_ITER_LT_RRSIG;
} else if (ldns_dname_compare( ldns_rr_owner(i->nsec3_name->nsec)
, (ldns_rdf *)i->node->key) < 0) {
i->rrs = i->nsec3_name->nsec_signatures;
i->state = DNSSEC_ZONE_RR_ITER_NSEC3;
} else {
i->rrsets = i->name->rrsets;
i->state = DNSSEC_ZONE_RR_ITER_LT_RRSIG;
}
}
/**
* Iterate over the RR's in the ldns_dnssec_zone in canonical order.
* There are three possible paths through the RR's in a ldns_dnssec_name.
*
* 1. There is no NSEC:
*
* 1.1. All the RRs in the name->rrsets with type < RRSIG,
* state: DNSSEC_ZONE_RR_ITER_LT_RRSIG
*
* 1.2. Then all the RRSIGs from name->rrsets (likely none)
* state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC
*
* 1.3. Finally the remaining RRs in name->rrsets (type > RRSIG)
* state: DNSSEC_ZONE_RR_ITER_REST
*
*
* 2. There is a NSEC of type NSEC with this name:
*
* 2.1. All the RRs in the name->rrsets with type < RRSIG,
* state: DNSSEC_ZONE_RR_ITER_LT_RRSIG
*
* 2.2. Then all the RRSIGs from name->rrsets with type < NSEC
* state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC
*
* 2.3. Then the signatures of the NSEC RR, followed by
* the signatures of the remaining name->rrsets (type > NSEC),
* followed by the NSEC rr.
* state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC
*
* 2.4. Finally the remaining RRs in name->rrsets (type > RRSIG)
* state: DNSSEC_ZONE_RR_ITER_REST
*
*
* 3. There is a NSEC of type NSEC3 for this name:
*
* 3.1. If the NSEC3 name is before the name for other RRsets in the zone,
* Then all signatures of the NSEC3 RR, followed by the NSEC3
* state: DNSSEC_ZONE_RR_ITER_NSEC3
*
* otherwise follow path for "no NSEC" for the name for other RRsets
*/
static ldns_rr *
dnssec_zone_rr_iter_next(dnssec_zone_rr_iter *i)
{
ldns_rr *nsec3;
for (;;) {
if (i->rrs) {
ldns_rr *rr = i->rrs->rr;
i->rrs = i->rrs->next;
return rr;
}
switch (i->state) {
case DNSSEC_ZONE_RR_ITER_LT_RRSIG:
if (i->rrsets
&& i->rrsets->type < LDNS_RR_TYPE_RRSIG) {
i->rrs = i->rrsets->rrs;
i->rrsets = i->rrsets->next;
break;
}
i->rrsets4rrsigs = i->name->rrsets;
if (i->name->nsec && ldns_rr_get_type(i->name->nsec)
== LDNS_RR_TYPE_NSEC) {
i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC;
break;
}
i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC;
/* fallthrough */
case DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC:
if (i->rrsets4rrsigs) {
i->rrs = i->rrsets4rrsigs->signatures;
i->rrsets4rrsigs = i->rrsets4rrsigs->next;
break;
}
i->state = DNSSEC_ZONE_RR_ITER_REST;
/* fallthrough */
case DNSSEC_ZONE_RR_ITER_REST:
if (i->rrsets) {
i->rrs = i->rrsets->rrs;
i->rrsets = i->rrsets->next;
break;
}
/* next name */
i->node = ldns_rbtree_next(i->node);
i->name = i->node == LDNS_RBTREE_NULL ? NULL
: (ldns_dnssec_name *)i->node->data;
dnssec_zone_rr_iter_set_state_for_next_name(i);
break;
case DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC:
if (i->rrsets4rrsigs
&& i->rrsets4rrsigs->type < LDNS_RR_TYPE_NSEC) {
i->rrs = i->rrsets4rrsigs->signatures;
i->rrsets4rrsigs = i->rrsets4rrsigs->next;
break;
}
i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST;
i->rrs = i->name->nsec_signatures;
break;
case DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST:
if (i->rrsets4rrsigs) {
i->rrs = i->rrsets4rrsigs->signatures;
i->rrsets4rrsigs = i->rrsets4rrsigs->next;
break;
}
i->state = DNSSEC_ZONE_RR_ITER_REST;
return i->name->nsec;
case DNSSEC_ZONE_RR_ITER_NSEC3:
nsec3 = i->nsec3_name->nsec;
/* next nsec3 */
do {
i->nsec3_node
= ldns_rbtree_next(i->nsec3_node);
i->nsec3_name
= i->nsec3_node == LDNS_RBTREE_NULL ? NULL
: (ldns_dnssec_name*)i->nsec3_node->data;
/* names for glue can be in the hashed_names
* tree, but will not have a NSEC3
*/
} while (i->nsec3_name && !i->nsec3_name->nsec);
dnssec_zone_rr_iter_set_state_for_next_name(i);
return nsec3;
case DNSSEC_ZONE_RR_ITER_FINI:
return NULL;
}
}
}
static ldns_rr *
dnssec_zone_rr_iter_first(dnssec_zone_rr_iter *i, ldns_dnssec_zone *zone)
{
if (!i || !zone)
return NULL;
memset(i, 0, sizeof(*i));
i->zone = zone;
if (zone->soa && zone->soa->name) {
i->apex_name = zone->soa->name;
i->apex_labs = ldns_dname_label_count(i->apex_name);
} else
i->apex_name = NULL;
i->node = ldns_rbtree_first(zone->names);
i->name = i->node == LDNS_RBTREE_NULL ? NULL
: (ldns_dnssec_name *)i->node->data;
if (zone->hashed_names) {
do {
i->nsec3_node = ldns_rbtree_first(zone->hashed_names);
i->nsec3_name = i->nsec3_node == LDNS_RBTREE_NULL ?NULL
: (ldns_dnssec_name*)i->nsec3_node->data;
} while (i->nsec3_name && !i->nsec3_name->nsec);
}
dnssec_zone_rr_iter_set_state_for_next_name(i);
return dnssec_zone_rr_iter_next(i);
}
enum enum_zonemd_scheme {
ZONEMD_SCHEME_FIRST = 1,
ZONEMD_SCHEME_SIMPLE = 1,
ZONEMD_SCHEME_LAST = 1
};
typedef enum enum_zonemd_scheme zonemd_scheme;
enum enum_zonemd_hash {
ZONEMD_HASH_FIRST = 1,
ZONEMD_HASH_SHA384 = 1,
ZONEMD_HASH_SHA512 = 2,
ZONEMD_HASH_LAST = 2
};
typedef enum enum_zonemd_hash zonemd_hash;
struct struct_zone_digester {
ldns_sha384_CTX sha384_CTX;
ldns_sha512_CTX sha512_CTX;
unsigned simple_sha384 : 1;
unsigned simple_sha512 : 1;
unsigned double_sha384 : 1;
unsigned double_sha512 : 1;
};
typedef struct struct_zone_digester zone_digester;
INLINE bool zone_digester_set(zone_digester *zd)
{ return zd && (zd->simple_sha384 || zd->simple_sha512); }
INLINE void zone_digester_init(zone_digester *zd)
{ memset(zd, 0, sizeof(*zd)); }
static ldns_status
zone_digester_add(zone_digester *zd, zonemd_scheme scheme, zonemd_hash hash)
{
if (!zd)
return LDNS_STATUS_NULL;
switch (scheme) {
case ZONEMD_SCHEME_SIMPLE:
switch (hash) {
case ZONEMD_HASH_SHA384:
if (zd->double_sha384)
return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
else if (zd->simple_sha384) {
zd->simple_sha384 = 0;
zd->double_sha384 = 1;
return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
}
ldns_sha384_init(&zd->sha384_CTX);
zd->simple_sha384 = 1;
break;
case ZONEMD_HASH_SHA512:
if (zd->double_sha512)
return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
else if (zd->simple_sha512) {
zd->simple_sha512 = 0;
zd->double_sha512 = 1;
return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
}
ldns_sha512_init(&zd->sha512_CTX);
zd->simple_sha512 = 1;
break;
default:
return LDNS_STATUS_ZONEMD_UNKNOWN_HASH;
}
break;
default:
return LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME;
}
return LDNS_STATUS_OK;
}
static ldns_status
zone_digester_update(zone_digester *zd, ldns_rr *rr)
{
uint8_t data[65536];
ldns_buffer buf;
ldns_status st;
buf._data = data;
buf._position = 0;
buf._limit = sizeof(data);
buf._capacity = sizeof(data);
buf._fixed = 1;
buf._status = LDNS_STATUS_OK;
if ((st = ldns_rr2buffer_wire_canonical(&buf, rr, LDNS_SECTION_ANSWER)))
return st;
if (zd->simple_sha384)
ldns_sha384_update(&zd->sha384_CTX, data, buf._position);
if (zd->simple_sha512)
ldns_sha512_update(&zd->sha512_CTX, data, buf._position);
return LDNS_STATUS_OK;
}
INLINE ldns_rr *
new_zonemd(ldns_rr *soa, zonemd_hash hash)
{
ldns_rr *rr = NULL;
uint8_t *data = NULL;
ldns_rdf *rdf;
size_t md_len = hash == ZONEMD_HASH_SHA384
? LDNS_SHA384_DIGEST_LENGTH
: LDNS_SHA512_DIGEST_LENGTH;
if (!(rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_ZONEMD)))
return NULL;
if (!(rdf = ldns_rdf_clone(ldns_rr_owner(soa))))
goto error;
ldns_rr_set_owner(rr, rdf);
ldns_rr_set_class(rr, ldns_rr_get_class(soa));
ldns_rr_set_ttl(rr, ldns_rr_ttl(soa));
if (!(rdf = ldns_rdf_clone(ldns_rr_rdf(soa, 2))))
goto error;
ldns_rr_set_rdf(rr, rdf, 0);
if (!(rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, 1)))
goto error;
ldns_rr_set_rdf(rr, rdf, 1);
if (!(rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, hash)))
goto error;
ldns_rr_set_rdf(rr, rdf, 2);
if (!(data = LDNS_XMALLOC(uint8_t, md_len)))
goto error;
if (!(rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, md_len, data)))
goto error;
ldns_rr_set_rdf(rr, rdf, 3);
return rr;
error:
if (data)
LDNS_FREE(data);
ldns_rr_free(rr);
return NULL;
}
static ldns_rr_list *
zone_digester_export(
zone_digester *zd, ldns_rr *soa, ldns_status *ret_st)
{
ldns_status st = LDNS_STATUS_OK;
ldns_rr_list *rr_list = NULL;
ldns_rr *sha384 = NULL;
ldns_rr *sha512 = NULL;
if (!zd || !soa)
st = LDNS_STATUS_NULL;
else if (ldns_rr_get_type(soa) != LDNS_RR_TYPE_SOA
|| ldns_rr_rd_count(soa) < 3)
st = LDNS_STATUS_ZONEMD_INVALID_SOA;
else if (!(rr_list = ldns_rr_list_new()))
st = LDNS_STATUS_MEM_ERR;
else if (zd->simple_sha384
&& !(sha384 = new_zonemd(soa, ZONEMD_HASH_SHA384)))
st = LDNS_STATUS_MEM_ERR;
else if (zd->simple_sha512
&& !(sha512 = new_zonemd(soa, ZONEMD_HASH_SHA512)))
st = LDNS_STATUS_MEM_ERR;
else if (zd->simple_sha384
&& !ldns_rr_list_push_rr(rr_list, sha384))
st = LDNS_STATUS_MEM_ERR;
else if (zd->simple_sha512
&& !ldns_rr_list_push_rr(rr_list, sha512)) {
if (zd->simple_sha384)
sha384 = NULL; /* deleted by ldns_rr_list_deep_free */
st = LDNS_STATUS_MEM_ERR;
} else {
if (sha384)
ldns_sha384_final( ldns_rdf_data(ldns_rr_rdf(sha384,3))
, &zd->sha384_CTX);
if (sha512)
ldns_sha512_final( ldns_rdf_data(ldns_rr_rdf(sha512,3))
, &zd->sha512_CTX);
return rr_list;
}
if (ret_st)
*ret_st = st;
if (sha384)
ldns_rr_free(sha384);
if (sha512)
ldns_rr_free(sha512);
if (rr_list)
ldns_rr_list_deep_free(rr_list);
return NULL;
}
static ldns_status
ldns_digest_zone(ldns_dnssec_zone *zone, zone_digester *zd)
{
ldns_status st = LDNS_STATUS_OK;
dnssec_zone_rr_iter rr_iter;
ldns_rr *rr;
ldns_rdf *apex_name; /* name of zone apex */
if (!zone || !zd || !zone->soa || !zone->soa->name)
return LDNS_STATUS_NULL;
apex_name = zone->soa->name;
for ( rr = dnssec_zone_rr_iter_first(&rr_iter, zone)
; rr && !st
; rr = dnssec_zone_rr_iter_next(&rr_iter)) {
/* Skip apex ZONEMD RRs */
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_ZONEMD
&& !ldns_dname_compare(ldns_rr_owner(rr), apex_name))
continue;
/* Skip RRSIGs for apex ZONEMD RRs */
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG
&& LDNS_RR_TYPE_ZONEMD == ldns_rdf2rr_type(
ldns_rr_rrsig_typecovered(rr))
&& !ldns_dname_compare(ldns_rr_owner(rr), apex_name))
continue;
st = zone_digester_update(zd, rr);
}
return st;
}
ldns_status
ldns_dnssec_zone_verify_zonemd(ldns_dnssec_zone *zone)
{
ldns_dnssec_rrsets *zonemd, *soa;
zone_digester zd;
ldns_dnssec_rrs *rrs;
ldns_rr *soa_rr;
ldns_status st;
uint8_t simple_sha384[LDNS_SHA384_DIGEST_LENGTH];
uint8_t simple_sha512[LDNS_SHA512_DIGEST_LENGTH];
size_t valid_zonemds;
if (!zone)
return LDNS_STATUS_NULL;
zonemd = ldns_dnssec_zone_find_rrset(
zone, zone->soa->name, LDNS_RR_TYPE_ZONEMD);
if (!zonemd) {
ldns_rbnode_t *nsec3_node;
/* we need proof of non-existence for ZONEMD at the apex */
if (zone->soa->nsec) {
if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(
zone->soa->nsec),
LDNS_RR_TYPE_ZONEMD))
return LDNS_STATUS_NO_ZONEMD;
} else if (!zone->soa->hashed_name || !zone->hashed_names)
return LDNS_STATUS_NO_ZONEMD;
else if (LDNS_RBTREE_NULL ==
(nsec3_node = ldns_rbtree_search( zone->hashed_names
, zone->soa->hashed_name)))
return LDNS_STATUS_NO_ZONEMD;
else {
ldns_dnssec_name *nsec3
= (ldns_dnssec_name *)nsec3_node->data;
if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(
nsec3->nsec),
LDNS_RR_TYPE_ZONEMD))
return LDNS_STATUS_NO_ZONEMD;
}
/* ZONEMD at apex does really not exist */
return LDNS_STATUS_OK;
}
soa = ldns_dnssec_zone_find_rrset(
zone, zone->soa->name, LDNS_RR_TYPE_SOA);
if (!soa || !soa->rrs || !soa->rrs->rr)
return LDNS_STATUS_ZONEMD_INVALID_SOA;
soa_rr = soa->rrs->rr;
if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA
|| ldns_rr_rd_count(soa_rr) < 3)
return LDNS_STATUS_ZONEMD_INVALID_SOA;
zone_digester_init(&zd);
for (rrs = zonemd->rrs; rrs; rrs = rrs->next) {
if (!rrs->rr
|| ldns_rr_get_type(rrs->rr) != LDNS_RR_TYPE_ZONEMD
|| ldns_rr_rd_count(rrs->rr) < 4)
continue;
/* serial should match SOA's serial */
if (ldns_rdf2native_int32(ldns_rr_rdf(soa_rr, 2))
!= ldns_rdf2native_int32(ldns_rr_rdf(rrs->rr, 0)))
continue;
/* Add (scheme, hash) to digester */
zone_digester_add(&zd,
ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 1)),
ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 2)));
}
if (!zone_digester_set(&zd))
return LDNS_STATUS_NO_VALID_ZONEMD;
if ((st = ldns_digest_zone(zone, &zd)))
return st;
if (zd.simple_sha384)
ldns_sha384_final(simple_sha384, &zd.sha384_CTX);
if (zd.simple_sha512)
ldns_sha512_final(simple_sha512, &zd.sha512_CTX);
valid_zonemds = 0;
for (rrs = zonemd->rrs; rrs; rrs = rrs->next) {
if (!rrs->rr
|| ldns_rr_get_type(rrs->rr) != LDNS_RR_TYPE_ZONEMD
|| ldns_rr_rd_count(rrs->rr) < 4)
continue;
/* serial should match SOA's serial */
if (ldns_rdf2native_int32(ldns_rr_rdf(soa_rr, 2))
!= ldns_rdf2native_int32(ldns_rr_rdf(rrs->rr, 0)))
continue;
if (ZONEMD_SCHEME_SIMPLE !=
ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 1)))
continue;
if (ZONEMD_HASH_SHA384
== ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr,2))
&& LDNS_SHA384_DIGEST_LENGTH
== ldns_rdf_size(ldns_rr_rdf(rrs->rr, 3))
&& memcmp( simple_sha384
, ldns_rdf_data(ldns_rr_rdf(rrs->rr, 3))
, LDNS_SHA384_DIGEST_LENGTH) == 0)
valid_zonemds += 1;
if (ZONEMD_HASH_SHA512
== ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr,2))
&& LDNS_SHA512_DIGEST_LENGTH
== ldns_rdf_size(ldns_rr_rdf(rrs->rr, 3))
&& memcmp( simple_sha512
, ldns_rdf_data(ldns_rr_rdf(rrs->rr, 3))
, LDNS_SHA512_DIGEST_LENGTH) == 0)
valid_zonemds += 1;
}
return valid_zonemds ? LDNS_STATUS_OK : LDNS_STATUS_NO_VALID_ZONEMD;
}
#ifdef HAVE_SSL
static ldns_status
rr_list2dnssec_rrs(ldns_rr_list *rr_list, ldns_dnssec_rrs **rrs,
ldns_rr_list *new_rrs)
{
ldns_rr *rr = NULL;
if (!rr_list || !rrs)
return LDNS_STATUS_NULL;
if (ldns_rr_list_rr_count(rr_list) == 0)
return LDNS_STATUS_OK;
if (!*rrs) {
if (!(*rrs = ldns_dnssec_rrs_new()))
return LDNS_STATUS_MEM_ERR;
(*rrs)->rr = ldns_rr_list_pop_rr(rr_list);
if (new_rrs)
ldns_rr_list_push_rr(new_rrs, (*rrs)->rr);
}
while ((rr = ldns_rr_list_pop_rr(rr_list))) {
ldns_status st;
if ((st = ldns_dnssec_rrs_add_rr(*rrs, rr))) {
ldns_rr_list_push_rr(rr_list, rr);
return st;
} else if (new_rrs)
ldns_rr_list_push_rr(new_rrs, rr);
}
return LDNS_STATUS_OK;
}
ldns_status
dnssec_zone_equip_zonemd(ldns_dnssec_zone *zone,
ldns_rr_list *new_rrs, ldns_key_list *key_list, int signflags)
{
ldns_status st = LDNS_STATUS_OK;
zone_digester zd;
ldns_rr_list *zonemd_rr_list = NULL;
ldns_rr_list *zonemd_rrsigs = NULL;
ldns_dnssec_rrsets *soa_rrset;
ldns_rr *soa_rr = NULL;
ldns_dnssec_rrsets **rrset_ref;
ldns_dnssec_rrsets *zonemd_rrset;
zone_digester_init(&zd);
if (signflags & LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384)
zone_digester_add(&zd, ZONEMD_SCHEME_SIMPLE
, ZONEMD_HASH_SHA384);
if (signflags & LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512)
zone_digester_add(&zd, ZONEMD_SCHEME_SIMPLE
, ZONEMD_HASH_SHA512);
if ((st = ldns_digest_zone(zone, &zd)))
return st;
soa_rrset = ldns_dnssec_zone_find_rrset(
zone, zone->soa->name, LDNS_RR_TYPE_SOA);
if (!soa_rrset || !soa_rrset->rrs || !soa_rrset->rrs->rr)
return LDNS_STATUS_ZONEMD_INVALID_SOA;
soa_rr = soa_rrset->rrs->rr;
if (!(zonemd_rr_list = zone_digester_export(&zd, soa_rr, &st)))
return st;
/* - replace or add ZONEMD rrset */
rrset_ref = &zone->soa->rrsets; /* scan rrsets at apex */
while (*rrset_ref && (*rrset_ref)->type < LDNS_RR_TYPE_ZONEMD)
rrset_ref = &(*rrset_ref)->next;
if (*rrset_ref && (*rrset_ref)->type == LDNS_RR_TYPE_ZONEMD) {
/* reuse zonemd rrset */
zonemd_rrset = *rrset_ref;
ldns_dnssec_rrs_free(zonemd_rrset->rrs);
zonemd_rrset->rrs = NULL;
ldns_dnssec_rrs_free(zonemd_rrset->signatures);
zonemd_rrset->signatures = NULL;
} else {
/* insert zonemd rrset */
zonemd_rrset = ldns_dnssec_rrsets_new();
if (!zonemd_rrset) {
ldns_rr_list_deep_free(zonemd_rr_list);
return LDNS_STATUS_MEM_ERR;
}
zonemd_rrset->type = LDNS_RR_TYPE_ZONEMD;
zonemd_rrset->next = *rrset_ref;
*rrset_ref = zonemd_rrset;
}
if ((zonemd_rrsigs = ldns_sign_public(zonemd_rr_list, key_list)))
st = rr_list2dnssec_rrs( zonemd_rrsigs
, &zonemd_rrset->signatures, new_rrs);
if (!st)
st = rr_list2dnssec_rrs( zonemd_rr_list
, &zonemd_rrset->rrs, new_rrs);
ldns_rr_list_deep_free(zonemd_rr_list);
ldns_rr_list_deep_free(zonemd_rrsigs);
return st;
}
#endif /* HAVE_SSL */

6
contrib/ldns/drill/ChangeLog.22-nov-2005
View File

@ -11,7 +11,7 @@
* Lint fixes for the code
* Bugzilla was setup for drill
* Bug #97 (drill); -S crash was fixed
* Add -Q (quiet) flag was added. This supresses output from drill.
* Add -Q (quiet) flag was added. This suppresses output from drill.
1.0-pre2: 20 Jun 2005: drill-team
* Second prerelease
@ -60,7 +60,7 @@
- CERT RR supported
- LOC RR support
* All non supported RRs are handled as unknown
* If no namservers found in /etc/resolv.conf
* If no nameservers found in /etc/resolv.conf
default to 127.0.0.1
* Various bugs fixed
- Close sockets after using them
@ -74,7 +74,7 @@
* Dig is no longer needed to build drill
0.7: Oct 21 2004: Miek
* reworked interal code
* reworked internal code
* DNSSEC is working, except the secure resolving
* build updates
* more sane options parsing

119
contrib/ldns/drill/Makefile.in
View File

@ -1,119 +0,0 @@
# Standard installation pathnames
# See the file LICENSE for the license
SHELL = @SHELL@
VERSION = @PACKAGE_VERSION@
basesrcdir = $(shell basename `pwd`)
srcdir = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
mandir = @mandir@
includedir = @includedir@
datarootdir = @datarootdir@
CC = @CC@
CFLAGS = -I. @CFLAGS@
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
INSTALL = $(srcdir)/install-sh -c
INSTALL_PROGRAM = $(INSTALL)
LDNSDIR = @LDNSDIR@
LIBS_STC = @LIBS_STC@
COMPILE = $(CC) $(CPPFLAGS) $(CFLAGS) -I. -I$(srcdir)
LINK = $(CC) $(CFLAGS) $(LDFLAGS)
LINT = splint
LINTFLAGS=+quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -Drlimit=rlimit64 -D__gnuc_va_list=va_list
#-Dglob64=glob -Dglobfree64=globfree
# compat with openssl linux edition.
LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned"
# compat with NetBSD
ifeq "$(shell uname)" "NetBSD"
LINTFLAGS+="-D__RENAME(x)=" -D_NETINET_IN_H_
endif
# compat with OpenBSD
LINTFLAGS+="-Dsigset_t=long"
# FreeBSD8
LINTFLAGS+="-D__uint16_t=uint16_t"
LINTFLAGS+=-D__signed__=signed "-D__packed=" "-D__aligned(x)="
# Ubuntu Linux 11.04
LINTFLAGS+="-D__u16=struct __u16" "-D__u32=struct __u32" "-D__u64=struct __u64"
OBJ=drill.o drill_util.o error.o root.o work.o chasetrace.o dnssec.o securetrace.o
SRC=$(OBJ:.o=.c)
HEADER=drill.h $(srcdir)/drill_util.h
.PHONY: all clean realclean docclean doc release tags install all-static
all: drill
all-static: drill-stc
tags:
ctags *.[ch]
drill: $(OBJ)
$(LINK) -o drill $(OBJ) $(LIBS)
drill-stc: $(OBJ)
$(LINK) -o drill $(OBJ) $(LIBS_STC)
## implicit rule
%.o: $(srcdir)/%.c
$(COMPILE) -c $<
clean:
rm -f ${OBJ}
rm -f drill
rm -f *core
rm -f config.h.in~
rm -f config.log
rm -f config.guess
rm -f config.status
docclean:
rm -rf doxydoc
distclean: clean docclean
rm -f config.h
realclean: clean docclean
rm -f tags
rm -f config.log
rm -f config.sub
rm -f ltmain.sh
rm -f config.status
rm -rf autom4te.cache
rm -f config.h
rm -f config.h.in
rm -f configure
rm -f Makefile
rm -f drill.1
rm -f aclocal.m4
doc:
doxygen drill.doxygen
install: all
$(INSTALL) -d $(DESTDIR)$(bindir)
$(INSTALL) drill $(DESTDIR)$(bindir)/drill
$(INSTALL) -m 644 drill.1 $(DESTDIR)$(mandir)/man1/drill.1
uninstall:
@echo
rm -f -- $(DESTDIR)$(bindir)/drill
rm -f -- $(DESTDIR)$(mandir)/man1/drill.1
rmdir -p $(DESTDIR)$(bindir)
rmdir -p $(DESTDIR)$(mandir)/man1
@echo
lint:
@for i in $(SRC) ; do \
$(LINT) $(LINTFLAGS) $(CPPFLAGS) -I$(srcdir) $(srcdir)/$$i ; \
if [ $$? -ne 0 ] ; then exit 1 ; fi ; \
done
confclean: clean
rm -rf config.log config.status config.h Makefile drill.1

4
contrib/ldns/drill/chasetrace.c
View File

@ -171,7 +171,7 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
}
/* transfer some properties of local_res to res,
* because they were given on the commandline */
* because they were given on the command line */
ldns_resolver_set_ip6(res,
ldns_resolver_ip6(local_res));
ldns_resolver_set_port(res,
@ -295,7 +295,7 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
ldns_pkt_free(p);
p = NULL;
status = ldns_resolver_send(&p, res, name, t, c, 0);
(void) ldns_resolver_send(&p, res, name, t, c, 0);
if (!p) {
goto cleanup;
}

294
contrib/ldns/drill/config.h
View File

@ -1,294 +0,0 @@
/* config.h. Generated from config.h.in by configure. */
/* config.h.in. Generated from configure.ac by autoheader. */
/* Define to 1 if you have the <arpa/inet.h> header file. */
#define HAVE_ARPA_INET_H 1
/* Define to 1 if you have the <assert.h> header file. */
#define HAVE_ASSERT_H 1
/* Define to 1 if you have the <ctype.h> header file. */
#define HAVE_CTYPE_H 1
/* Whether getaddrinfo is available */
#define HAVE_GETADDRINFO 1
/* Define to 1 if you have the <getopt.h> header file. */
#define HAVE_GETOPT_H 1
/* If you have HMAC_Update */
#define HAVE_HMAC_UPDATE 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
/* Define to 1 if you have the `isblank' function. */
#define HAVE_ISBLANK 1
/* Define to 1 if you have the `ldns' library (-lldns). */
#define HAVE_LIBLDNS 1
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the <netinet/if_ether.h> header file. */
#define HAVE_NETINET_IF_ETHER_H 1
/* Define to 1 if you have the <netinet/in.h> header file. */
#define HAVE_NETINET_IN_H 1
/* Define to 1 if you have the <netinet/in_systm.h> header file. */
#define HAVE_NETINET_IN_SYSTM_H 1
/* Define to 1 if you have the <netinet/ip6.h> header file. */
#define HAVE_NETINET_IP6_H 1
/* Define to 1 if you have the <netinet/ip.h> header file. */
#define HAVE_NETINET_IP_H 1
/* Define to 1 if you have the <netinet/udp.h> header file. */
#define HAVE_NETINET_UDP_H 1
/* Define to 1 if you have the <net/if.h> header file. */
#define HAVE_NET_IF_H 1
/* Define to 1 if you have the <openssl/err.h> header file. */
#define HAVE_OPENSSL_ERR_H 1
/* Define to 1 if you have the <openssl/rand.h> header file. */
#define HAVE_OPENSSL_RAND_H 1
/* Define to 1 if you have the <openssl/ssl.h> header file. */
#define HAVE_OPENSSL_SSL_H 1
/* Define if you have the SSL libraries installed. */
#define HAVE_SSL /**/
/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1
/* Define to 1 if you have the <stdio.h> header file. */
#define HAVE_STDIO_H 1
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the <sys/mount.h> header file. */
#define HAVE_SYS_MOUNT_H 1
/* Define to 1 if you have the <sys/param.h> header file. */
#define HAVE_SYS_PARAM_H 1
/* Define to 1 if you have the <sys/select.h> header file. */
#define HAVE_SYS_SELECT_H 1
/* Define to 1 if you have the <sys/socket.h> header file. */
#define HAVE_SYS_SOCKET_H 1
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/time.h> header file. */
#define HAVE_SYS_TIME_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the <time.h> header file. */
#define HAVE_TIME_H 1
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
/* Define to 1 if you have the <winsock2.h> header file. */
/* #undef HAVE_WINSOCK2_H */
/* Define to 1 if you have the <ws2tcpip.h> header file. */
/* #undef HAVE_WS2TCPIP_H */
/* Default trust anchor file */
#define LDNS_TRUST_ANCHOR_FILE "/etc/unbound/root.key"
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT "libdns@nlnetlabs.nl"
/* Define to the full name of this package. */
#define PACKAGE_NAME "ldns"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "ldns 1.7.0"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "libdns"
/* Define to the home page for this package. */
#define PACKAGE_URL ""
/* Define to the version of this package. */
#define PACKAGE_VERSION "1.7.0"
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# define _ALL_SOURCE 1
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# define _GNU_SOURCE 1
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# define _POSIX_PTHREAD_SEMANTICS 1
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# define _TANDEM_SOURCE 1
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# define __EXTENSIONS__ 1
#endif
/* Whether the windows socket API is used */
/* #undef USE_WINSOCK */
/* the version of the windows API enabled */
#define WINVER 0x0502
/* Define to 1 if on MINIX. */
/* #undef _MINIX */
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
/* #undef _POSIX_1_SOURCE */
/* Define to 1 if you need to in order for `stat' and other things to work. */
/* #undef _POSIX_SOURCE */
/* in_addr_t */
/* #undef in_addr_t */
/* in_port_t */
/* #undef in_port_t */
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
#ifndef __cplusplus
/* #undef inline */
#endif
/* Define to `short' if <sys/types.h> does not define. */
/* #undef int16_t */
/* Define to `int' if <sys/types.h> does not define. */
/* #undef int32_t */
/* Define to `long long' if <sys/types.h> does not define. */
/* #undef int64_t */
/* Define to `char' if <sys/types.h> does not define. */
/* #undef int8_t */
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef size_t */
/* Define to 'int' if not defined */
/* #undef socklen_t */
/* Define to `int' if <sys/types.h> does not define. */
/* #undef ssize_t */
/* Define to `unsigned short' if <sys/types.h> does not define. */
/* #undef uint16_t */
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef uint32_t */
/* Define to `unsigned long long' if <sys/types.h> does not define. */
/* #undef uint64_t */
/* Define to `unsigned char' if <sys/types.h> does not define. */
/* #undef uint8_t */
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
#if STDC_HEADERS
#include <stdlib.h>
#include <stddef.h>
#endif
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_NETINET_UDP_H
#include <netinet/udp.h>
#endif
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
#ifdef HAVE_NETINET_IP_H
#include <netinet/ip.h>
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif
#ifdef HAVE_NETINET_IF_ETHER_H
#include <netinet/if_ether.h>
#endif
#ifdef HAVE_WINSOCK2_H
#define USE_WINSOCK 1
#include <winsock2.h>
#endif
#ifdef HAVE_WS2TCPIP_H
#include <ws2tcpip.h>
#endif
#ifndef EXIT_FAILURE
#define EXIT_FAILURE 1
#endif
#ifndef EXIT_SUCCESS
#define EXIT_SUCCESS 0
#endif
#ifdef S_SPLINT_S
#define FD_ZERO(a) /* a */
#define FD_SET(a,b) /* a, b */
#endif

293
contrib/ldns/drill/config.h.in
View File

@ -1,293 +0,0 @@
/* config.h.in. Generated from configure.ac by autoheader. */
/* Define to 1 if you have the <arpa/inet.h> header file. */
#undef HAVE_ARPA_INET_H
/* Define to 1 if you have the <assert.h> header file. */
#undef HAVE_ASSERT_H
/* Define to 1 if you have the <ctype.h> header file. */
#undef HAVE_CTYPE_H
/* Whether getaddrinfo is available */
#undef HAVE_GETADDRINFO
/* Define to 1 if you have the <getopt.h> header file. */
#undef HAVE_GETOPT_H
/* If you have HMAC_Update */
#undef HAVE_HMAC_UPDATE
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if you have the `isblank' function. */
#undef HAVE_ISBLANK
/* Define to 1 if you have the `ldns' library (-lldns). */
#undef HAVE_LIBLDNS
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the <netinet/if_ether.h> header file. */
#undef HAVE_NETINET_IF_ETHER_H
/* Define to 1 if you have the <netinet/in.h> header file. */
#undef HAVE_NETINET_IN_H
/* Define to 1 if you have the <netinet/in_systm.h> header file. */
#undef HAVE_NETINET_IN_SYSTM_H
/* Define to 1 if you have the <netinet/ip6.h> header file. */
#undef HAVE_NETINET_IP6_H
/* Define to 1 if you have the <netinet/ip.h> header file. */
#undef HAVE_NETINET_IP_H
/* Define to 1 if you have the <netinet/udp.h> header file. */
#undef HAVE_NETINET_UDP_H
/* Define to 1 if you have the <net/if.h> header file. */
#undef HAVE_NET_IF_H
/* Define to 1 if you have the <openssl/err.h> header file. */
#undef HAVE_OPENSSL_ERR_H
/* Define to 1 if you have the <openssl/rand.h> header file. */
#undef HAVE_OPENSSL_RAND_H
/* Define to 1 if you have the <openssl/ssl.h> header file. */
#undef HAVE_OPENSSL_SSL_H
/* Define if you have the SSL libraries installed. */
#undef HAVE_SSL
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdio.h> header file. */
#undef HAVE_STDIO_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the <sys/mount.h> header file. */
#undef HAVE_SYS_MOUNT_H
/* Define to 1 if you have the <sys/param.h> header file. */
#undef HAVE_SYS_PARAM_H
/* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H
/* Define to 1 if you have the <sys/socket.h> header file. */
#undef HAVE_SYS_SOCKET_H
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the <time.h> header file. */
#undef HAVE_TIME_H
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define to 1 if you have the <winsock2.h> header file. */
#undef HAVE_WINSOCK2_H
/* Define to 1 if you have the <ws2tcpip.h> header file. */
#undef HAVE_WS2TCPIP_H
/* Default trust anchor file */
#undef LDNS_TRUST_ANCHOR_FILE
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */
#undef PACKAGE_STRING
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the home page for this package. */
#undef PACKAGE_URL
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# undef _GNU_SOURCE
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# undef _TANDEM_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
#endif
/* Whether the windows socket API is used */
#undef USE_WINSOCK
/* the version of the windows API enabled */
#undef WINVER
/* Define to 1 if on MINIX. */
#undef _MINIX
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
#undef _POSIX_1_SOURCE
/* Define to 1 if you need to in order for `stat' and other things to work. */
#undef _POSIX_SOURCE
/* in_addr_t */
#undef in_addr_t
/* in_port_t */
#undef in_port_t
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
#ifndef __cplusplus
#undef inline
#endif
/* Define to `short' if <sys/types.h> does not define. */
#undef int16_t
/* Define to `int' if <sys/types.h> does not define. */
#undef int32_t
/* Define to `long long' if <sys/types.h> does not define. */
#undef int64_t
/* Define to `char' if <sys/types.h> does not define. */
#undef int8_t
/* Define to `unsigned int' if <sys/types.h> does not define. */
#undef size_t
/* Define to 'int' if not defined */
#undef socklen_t
/* Define to `int' if <sys/types.h> does not define. */
#undef ssize_t
/* Define to `unsigned short' if <sys/types.h> does not define. */
#undef uint16_t
/* Define to `unsigned int' if <sys/types.h> does not define. */
#undef uint32_t
/* Define to `unsigned long long' if <sys/types.h> does not define. */
#undef uint64_t
/* Define to `unsigned char' if <sys/types.h> does not define. */
#undef uint8_t
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
#if STDC_HEADERS
#include <stdlib.h>
#include <stddef.h>
#endif
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_NETINET_UDP_H
#include <netinet/udp.h>
#endif
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
#ifdef HAVE_NETINET_IP_H
#include <netinet/ip.h>
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif
#ifdef HAVE_NETINET_IF_ETHER_H
#include <netinet/if_ether.h>
#endif
#ifdef HAVE_WINSOCK2_H
#define USE_WINSOCK 1
#include <winsock2.h>
#endif
#ifdef HAVE_WS2TCPIP_H
#include <ws2tcpip.h>
#endif
#ifndef EXIT_FAILURE
#define EXIT_FAILURE 1
#endif
#ifndef EXIT_SUCCESS
#define EXIT_SUCCESS 0
#endif
#ifdef S_SPLINT_S
#define FD_ZERO(a) /* a */
#define FD_SET(a,b) /* a, b */
#endif

6714
contrib/ldns/drill/configure vendored
View File

File diff suppressed because it is too large Load Diff

276
contrib/ldns/drill/configure.ac
View File

@ -1,276 +0,0 @@
# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.56)
AC_INIT(ldns, 1.7.0, libdns@nlnetlabs.nl,libdns)
AC_CONFIG_SRCDIR([drill.c])
sinclude(../acx_nlnetlabs.m4)
OURCPPFLAGS=''
CPPFLAGS=${CPPFLAGS:-${OURCPPFLAGS}}
OURCFLAGS='-g'
CFLAGS=${CFLAGS:-${OURCFLAGS}}
AC_DEFINE(WINVER, 0x0502, [the version of the windows API enabled])
AC_AIX
# Checks for programs.
AC_PROG_CC
AC_PROG_MAKE_SET
AC_CHECK_PROGS(libtool, [glibtool libtool15 libtool], [../libtool])
# add option to disable the evil rpath
dnl Check whether to use rpath or not
AC_ARG_ENABLE(rpath,
[ --disable-rpath disable hardcoded rpath (default=enabled)],
enable_rpath=$enableval, enable_rpath=yes)
if test "x$enable_rpath" = xyes; then
RPATH_VAL="-Wl,-rpath=\${libdir}"
fi
ACX_CHECK_COMPILER_FLAG(std=c99, [C99FLAG="-std=c99"])
ACX_CHECK_COMPILER_FLAG(xc99, [C99FLAG="-xc99"])
AC_TYPE_SIZE_T
ACX_CHECK_COMPILER_FLAG(O2, [CFLAGS="$CFLAGS -O2"])
ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600,
[
#include "confdefs.h"
#include <stdlib.h>
#include <ctype.h>
#include <sys/time.h>
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#include <unistd.h>
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
int test() {
int a;
char **opts = NULL;
struct timeval tv;
char *t;
time_t time = 0;
char *buf = NULL;
t = ctime_r(&time, buf);
tv.tv_usec = 10;
srandom(32);
a = getopt(2, opts, "a");
a = isascii(32);
return a;
}
], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600"])
ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG, [#include <stdbool.h>], [CFLAGS="$CFLAGS $C99FLAG"])
AC_C_INLINE
AC_CHECK_TYPE(int8_t, char)
AC_CHECK_TYPE(int16_t, short)
AC_CHECK_TYPE(int32_t, int)
AC_CHECK_TYPE(int64_t, long long)
AC_CHECK_TYPE(uint8_t, unsigned char)
AC_CHECK_TYPE(uint16_t, unsigned short)
AC_CHECK_TYPE(uint32_t, unsigned int)
AC_CHECK_TYPE(uint64_t, unsigned long long)
AC_CHECK_TYPE(ssize_t, int)
AC_CHECK_HEADERS([sys/types.h getopt.h stdlib.h stdio.h assert.h netinet/in.h ctype.h time.h arpa/inet.h sys/time.h sys/socket.h sys/select.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([netinet/in_systm.h net/if.h netinet/ip.h netinet/udp.h netinet/if_ether.h netinet/ip6.h],,, [
AC_INCLUDES_DEFAULT
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif])
# MinGW32 tests
AC_CHECK_HEADERS([winsock2.h ws2tcpip.h],,, [AC_INCLUDES_DEFAULT])
ACX_TYPE_SOCKLEN_T
AC_CHECK_HEADERS([sys/param.h sys/mount.h],,,
[AC_INCLUDES_DEFAULT]
[
[
#if HAVE_SYS_PARAM_H
# include <sys/param.h>
#endif
]
])
AC_CHECK_TYPE(in_addr_t, [], [AC_DEFINE([in_addr_t], [uint32_t], [in_addr_t])], [
#if HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
#if HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif])
AC_CHECK_TYPE(in_port_t, [], [AC_DEFINE([in_port_t], [uint16_t], [in_port_t])], [
#if HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
#if HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif])
# check to see if libraries are needed for these functions.
AC_SEARCH_LIBS(socket, socket)
AC_SEARCH_LIBS([inet_pton], [nsl])
ACX_WITH_SSL_OPTIONAL
ACX_CHECK_GETADDRINFO_WITH_INCLUDES
LIBS_STC="$LIBS"
AC_SUBST(LIBS_STC)
# check for ldns
AC_ARG_WITH(ldns,
AC_HELP_STRING([--with-ldns=PATH specify prefix of path of ldns library to use])
,
[
specialldnsdir="$withval"
CPPFLAGS="$CPPFLAGS -I$withval/include"
LDFLAGS="-L$withval -L$withval/lib $LDFLAGS"
LDNSDIR="$withval"
LIBS="-lldns $LIBS"
LIBS_STC="$withval/lib/libldns.a $LIBS_STC"
]
)
#AC_CHECK_HEADER(ldns/ldns.h,, [
# AC_MSG_ERROR([Can't find ldns headers (make copy-headers in devel source.)])
# ], [AC_INCLUDES_DEFAULT]
#)
AC_CHECK_FUNCS(isblank)
# check for ldns development source tree
AC_MSG_CHECKING([for ldns devel source])
ldns_dev_dir=..
if test -f $ldns_dev_dir/ldns/util.h && \
grep LDNS_VERSION $ldns_dev_dir/ldns/util.h >/dev/null; then
ldns_version=`grep LDNS_VERSION $ldns_dev_dir/ldns/util.h | sed -e 's/^.*"\(.*\)".*$/\1/'`
AC_MSG_RESULT([using $ldns_dev_dir with $ldns_version])
CPPFLAGS="$CPPFLAGS -I$ldns_dev_dir/include"
LDFLAGS="-L$ldns_dev_dir -L$ldns_dev_dir/lib $LDFLAGS"
LIBS="-lldns $LIBS"
AC_DEFINE(HAVE_LIBLDNS, 1, [If the ldns library is available.])
LDNSDIR="$ldns_dev_dir"
LIBS_STC="$ldns_dev_dir/lib/libldns.a $LIBS_STC"
else
AC_MSG_RESULT([no])
AC_CHECK_LIB(ldns, ldns_rr_new, , [
AC_MSG_ERROR([Can't find ldns library])dnl '
]
)
fi
AC_SUBST(LDNSDIR)
AC_ARG_WITH(trust-anchor, AC_HELP_STRING([--with-trust-anchor=KEYFILE],
[Default location of the trust anchor file. [default=SYSCONFDIR/unbound/root.key]]), [
LDNS_TRUST_ANCHOR_FILE="$withval"
],[
if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then
if test "x$sysconfdir" = 'x${prefix}/etc' ; then
if test "x$prefix" = 'xNONE' ; then
LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key"
else
LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key"
fi
else
LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key"
fi
fi
])
AC_DEFINE_UNQUOTED([LDNS_TRUST_ANCHOR_FILE], ["$LDNS_TRUST_ANCHOR_FILE"], [Default trust anchor file])
AC_SUBST(LDNS_TRUST_ANCHOR_FILE)
AC_MSG_NOTICE([Default trust anchor: $LDNS_TRUST_ANCHOR_FILE])
AH_BOTTOM([
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
#if STDC_HEADERS
#include <stdlib.h>
#include <stddef.h>
#endif
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_NETINET_UDP_H
#include <netinet/udp.h>
#endif
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
#ifdef HAVE_NETINET_IP_H
#include <netinet/ip.h>
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif
#ifdef HAVE_NETINET_IF_ETHER_H
#include <netinet/if_ether.h>
#endif
#ifdef HAVE_WINSOCK2_H
#define USE_WINSOCK 1
#include <winsock2.h>
#endif
#ifdef HAVE_WS2TCPIP_H
#include <ws2tcpip.h>
#endif
#ifndef EXIT_FAILURE
#define EXIT_FAILURE 1
#endif
#ifndef EXIT_SUCCESS
#define EXIT_SUCCESS 0
#endif
#ifdef S_SPLINT_S
#define FD_ZERO(a) /* a */
#define FD_SET(a,b) /* a, b */
#endif
])
AC_CONFIG_FILES([Makefile drill.1])
AC_CONFIG_HEADER([config.h])
AC_OUTPUT

16
contrib/ldns/drill/dnssec.c
View File

@ -180,7 +180,20 @@ ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_lis
ldns_rr_list *nsecs;
ldns_status result;
const ldns_rr_descriptor *descriptor;
if (!pkt) {
descriptor = ldns_rr_descript(type);
printf("NETWORk ERROR! Cannot verify denial for: ");
ldns_rdf_print(stdout, name);
printf(" type ");
if (descriptor && descriptor->_name)
printf("%s", descriptor->_name);
else
printf("TYPE%u", type);
return LDNS_STATUS_CRYPTO_NO_RRSIG;
}
if (verbosity >= 5) {
printf("VERIFY DENIAL FROM:\n");
ldns_pkt_print(stdout, pkt);
@ -453,6 +466,7 @@ ldns_nsec3_closest_encloser(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *n
}
if (ldns_dname_cat(hashed_sname, zone_name) != LDNS_STATUS_OK){
ldns_rdf_deep_free(hashed_sname);
goto done;
}

13
contrib/ldns/drill/drill.1.in
View File

@ -19,8 +19,8 @@ drill \- get (debug) information out of DNS(SEC)
]
.SH DESCRIPTION
\fBdrill\fR is a tool to designed to get all sorts of information out of the
DNS. It is specificly designed to be used with DNSSEC.
\fBdrill\fR is a tool designed to get all sorts of information out of the
DNS. It is specifically designed to be used with DNSSEC.
.PP
The name \fBdrill\fR is a pun on \fBdig\fR. With \fBdrill\fR you should be able
get even more information than with \fBdig\fR.
@ -222,6 +222,15 @@ specify named base64 tsig key, and optional an algorithm (defaults to hmac-md5.s
\fB\-z \fR
don't randomize the nameserver list before sending queries.
.SS EDNS QUERY OPTIONS
.TP
\fB\+nsid \fR
When set, this EDNS option includes an EDNS name server ID request in the query.
.SH "EXIT STATUS"
The exit status is 0 if the looked up answer is secure and trusted,
or insecure.

221
contrib/ldns/drill/drill.c
View File

@ -59,7 +59,7 @@ usage(FILE *stream, const char *progname)
fprintf(stream, "\t-6\t\tstay on ip6\n");
fprintf(stream, "\t-a\t\tfallback to EDNS0 and TCP if the answer is truncated\n");
fprintf(stream, "\t-b <bufsize>\tuse <bufsize> as the buffer size (defaults to 512 b)\n");
fprintf(stream, "\t-c <file>\tuse file for rescursive nameserver configuration"
fprintf(stream, "\t-c <file>\tuse file for recursive nameserver configuration"
"\n\t\t\t(/etc/resolv.conf)\n");
fprintf(stream, "\t-k <file>\tspecify a file that contains a trusted DNSSEC key [**]\n");
fprintf(stream, "\t\t\tUsed to verify any signatures in the current answer.\n");
@ -111,7 +111,7 @@ main(int argc, char *argv[])
ldns_resolver *cmdline_res = NULL; /* only used to resolv @name names */
ldns_rr_list *cmdline_rr_list = NULL;
ldns_rdf *cmdline_dname = NULL;
ldns_rdf *qname, *qname_tmp;
ldns_rdf *qname;
ldns_pkt *pkt;
ldns_pkt *qpkt;
char *serv;
@ -156,6 +156,7 @@ main(int argc, char *argv[])
bool qds;
bool qusevc;
bool qrandom;
bool drill_reverse = false;
char *resolv_conf_file = NULL;
@ -165,11 +166,15 @@ main(int argc, char *argv[])
uint8_t s6addr[16];
char ip6_arpa_str[74];
uint8_t s4addr[4];
char in_addr_arpa_str[40];
#ifdef USE_WINSOCK
int r;
WSADATA wsa_data;
#endif
ldns_output_format_storage fmt_storage;
ldns_output_format* fmt = ldns_output_format_init(&fmt_storage);
int_type = -1; serv = NULL; type = 0;
int_clas = -1; name = NULL; clas = 0;
@ -198,6 +203,7 @@ main(int argc, char *argv[])
qusevc = false;
qrandom = true;
key_verified = NULL;
ldns_edns_option_list* edns_list = NULL;
ldns_init_random(NULL, 0);
@ -244,6 +250,7 @@ main(int argc, char *argv[])
verbosity = atoi(optarg);
break;
case 'Q':
fmt->flags |= LDNS_FMT_SHORT;
verbosity = -1;
break;
case 'f':
@ -357,12 +364,16 @@ main(int argc, char *argv[])
result = EXIT_SUCCESS;
goto exit;
case 'x':
PURPOSE = DRILL_REVERSE;
drill_reverse = true;
break;
case 'y':
#ifdef HAVE_SSL
if (strchr(optarg, ':')) {
tsig_separator = (size_t) (strchr(optarg, ':') - optarg);
if (tsig_algorithm) {
free(tsig_algorithm);
tsig_algorithm = NULL;
}
if (strchr(optarg + tsig_separator + 1, ':')) {
tsig_separator2 = (size_t) (strchr(optarg + tsig_separator + 1, ':') - optarg);
tsig_algorithm = xmalloc(strlen(optarg) - tsig_separator2);
@ -447,6 +458,31 @@ main(int argc, char *argv[])
serv = argv[i] + 1;
continue;
}
/* if ^+ then it's an EDNS option */
if (argv[i][0] == '+') {
if (!strcmp(argv[i]+1, "nsid")) {
ldns_edns_option *edns;
edns_list = ldns_edns_option_list_new();
/* create NSID EDNS*/
edns = ldns_edns_new_from_data(LDNS_EDNS_NSID, 0, NULL);
if (edns_list == NULL || edns == NULL) {
error("EDNS option could not be allocated");
break;
}
if (!(ldns_edns_option_list_push(edns_list, edns))) {
error("EDNS option NSID could not be attached");
break;
}
continue;
}
else {
error("Unsupported argument after '+'");
break;
}
}
/* if has a dot, it's a name */
if (strchr(argv[i], '.')) {
name = argv[i];
@ -487,12 +523,66 @@ main(int argc, char *argv[])
clas = LDNS_RR_CLASS_IN;
}
if (int_type == -1) {
if (PURPOSE != DRILL_REVERSE) {
if (!drill_reverse) {
type = LDNS_RR_TYPE_A;
} else {
type = LDNS_RR_TYPE_PTR;
}
}
if (!drill_reverse)
; /* pass */
else if (strchr(name, ':')) { /* ipv4 or ipv6 addr? */
if (!inet_pton(AF_INET6, name, &s6addr)) {
error("Syntax error: cannot parse IPv6 address\n");
}
(void) snprintf(ip6_arpa_str, sizeof(ip6_arpa_str),
"%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa.",
(unsigned int)(s6addr[15] & 0x0F),
(unsigned int)(s6addr[15] >> 4),
(unsigned int)(s6addr[14] & 0x0F),
(unsigned int)(s6addr[14] >> 4),
(unsigned int)(s6addr[13] & 0x0F),
(unsigned int)(s6addr[13] >> 4),
(unsigned int)(s6addr[12] & 0x0F),
(unsigned int)(s6addr[12] >> 4),
(unsigned int)(s6addr[11] & 0x0F),
(unsigned int)(s6addr[11] >> 4),
(unsigned int)(s6addr[10] & 0x0F),
(unsigned int)(s6addr[10] >> 4),
(unsigned int)(s6addr[9] & 0x0F),
(unsigned int)(s6addr[9] >> 4),
(unsigned int)(s6addr[8] & 0x0F),
(unsigned int)(s6addr[8] >> 4),
(unsigned int)(s6addr[7] & 0x0F),
(unsigned int)(s6addr[7] >> 4),
(unsigned int)(s6addr[6] & 0x0F),
(unsigned int)(s6addr[6] >> 4),
(unsigned int)(s6addr[5] & 0x0F),
(unsigned int)(s6addr[5] >> 4),
(unsigned int)(s6addr[4] & 0x0F),
(unsigned int)(s6addr[4] >> 4),
(unsigned int)(s6addr[3] & 0x0F),
(unsigned int)(s6addr[3] >> 4),
(unsigned int)(s6addr[2] & 0x0F),
(unsigned int)(s6addr[2] >> 4),
(unsigned int)(s6addr[1] & 0x0F),
(unsigned int)(s6addr[1] >> 4),
(unsigned int)(s6addr[0] & 0x0F),
(unsigned int)(s6addr[0] >> 4));
name = ip6_arpa_str;
} else if (!inet_pton(AF_INET, name, &s4addr)) {
error("Syntax error: cannot parse IPv4 address\n");
} else {
(void) snprintf(in_addr_arpa_str, sizeof(in_addr_arpa_str),
"%d.%d.%d.%d.in-addr.arpa.", (int)s4addr[3],
(int)s4addr[2], (int)s4addr[1], (int)s4addr[0]);
name = in_addr_arpa_str;
}
if (src) {
src_rdf = ldns_rdf_new_addr_frm_str(src);
@ -732,7 +822,7 @@ main(int argc, char *argv[])
}
status = ldns_resolver_prepare_query_pkt(&qpkt, res, qname, type, clas, qflags);
if(status != LDNS_STATUS_OK) {
error("%s", "making query: %s",
error("%s", "making query: %s",
ldns_get_errorstr_by_id(status));
}
dump_hex(qpkt, query_file);
@ -740,89 +830,6 @@ main(int argc, char *argv[])
break;
case DRILL_NSEC:
break;
case DRILL_REVERSE:
/* ipv4 or ipv6 addr? */
if (strchr(name, ':')) {
if (!inet_pton(AF_INET6, name, &s6addr)) {
error("Syntax error: cannot parse IPv6 address\n");
}
(void) snprintf(ip6_arpa_str, sizeof(ip6_arpa_str),
"%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa.",
(unsigned int)(s6addr[15] & 0x0F),
(unsigned int)(s6addr[15] >> 4),
(unsigned int)(s6addr[14] & 0x0F),
(unsigned int)(s6addr[14] >> 4),
(unsigned int)(s6addr[13] & 0x0F),
(unsigned int)(s6addr[13] >> 4),
(unsigned int)(s6addr[12] & 0x0F),
(unsigned int)(s6addr[12] >> 4),
(unsigned int)(s6addr[11] & 0x0F),
(unsigned int)(s6addr[11] >> 4),
(unsigned int)(s6addr[10] & 0x0F),
(unsigned int)(s6addr[10] >> 4),
(unsigned int)(s6addr[9] & 0x0F),
(unsigned int)(s6addr[9] >> 4),
(unsigned int)(s6addr[8] & 0x0F),
(unsigned int)(s6addr[8] >> 4),
(unsigned int)(s6addr[7] & 0x0F),
(unsigned int)(s6addr[7] >> 4),
(unsigned int)(s6addr[6] & 0x0F),
(unsigned int)(s6addr[6] >> 4),
(unsigned int)(s6addr[5] & 0x0F),
(unsigned int)(s6addr[5] >> 4),
(unsigned int)(s6addr[4] & 0x0F),
(unsigned int)(s6addr[4] >> 4),
(unsigned int)(s6addr[3] & 0x0F),
(unsigned int)(s6addr[3] >> 4),
(unsigned int)(s6addr[2] & 0x0F),
(unsigned int)(s6addr[2] >> 4),
(unsigned int)(s6addr[1] & 0x0F),
(unsigned int)(s6addr[1] >> 4),
(unsigned int)(s6addr[0] & 0x0F),
(unsigned int)(s6addr[0] >> 4));
qname = ldns_dname_new_frm_str(ip6_arpa_str);
} else {
qname = ldns_dname_new_frm_str(name);
if (qname) {
qname_tmp = ldns_dname_reverse(qname);
ldns_rdf_deep_free(qname);
qname = qname_tmp;
qname_tmp = ldns_dname_new_frm_str("in-addr.arpa.");
status = ldns_dname_cat(qname, qname_tmp);
if (status != LDNS_STATUS_OK) {
error("%s", "could not create reverse address for ip4: %s\n", ldns_get_errorstr_by_id(status));
}
ldns_rdf_deep_free(qname_tmp);
}
}
if (!qname) {
error("%s", "-x implies an ip address");
}
/* create a packet and set the RD flag on it */
pkt = NULL;
status = ldns_resolver_query_status(
&pkt, res, qname, type, clas, qflags);
if (status != LDNS_STATUS_OK) {
error("error sending query: %s",
ldns_get_errorstr_by_id(status));
}
if (!pkt) {
if (status == LDNS_STATUS_OK) {
error("%s", "pkt sending");
}
result = EXIT_FAILURE;
} else {
if (verbosity != -1) {
ldns_pkt_print(stdout, pkt);
}
ldns_pkt_free(pkt);
}
break;
case DRILL_QUERY:
default:
if (query_file) {
@ -886,9 +893,22 @@ main(int argc, char *argv[])
} else {
/* create a packet and set the RD flag on it */
pkt = NULL;
status = ldns_resolver_query_status(
&pkt, res, qname,
type, clas, qflags);
status = ldns_resolver_prepare_query_pkt(&qpkt,
res, qname, type, clas, qflags);
if(status != LDNS_STATUS_OK) {
error("%s", "making query: %s",
ldns_get_errorstr_by_id(status));
}
if (edns_list) {
/* attach the structed EDNS options */
ldns_pkt_set_edns_option_list(qpkt, edns_list);
}
status = ldns_resolver_send_pkt(&pkt, res, qpkt);
ldns_pkt_free(qpkt);
if (status != LDNS_STATUS_OK) {
error("error sending query: %s"
, ldns_get_errorstr_by_id(
@ -897,12 +917,13 @@ main(int argc, char *argv[])
}
}
if (!pkt) {
/* now handling the response message/packet */
if (!pkt) {
mesg("No packet received");
result = EXIT_FAILURE;
} else {
ldns_pkt_print_fmt(stdout, fmt, pkt);
if (verbosity != -1) {
ldns_pkt_print(stdout, pkt);
if (ldns_pkt_tc(pkt)) {
fprintf(stdout,
"\n;; WARNING: The answer packet was truncated; you might want to\n");
@ -1016,9 +1037,17 @@ main(int argc, char *argv[])
xfree(tsig_algorithm);
#ifdef HAVE_SSL
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
EVP_cleanup();
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
CRYPTO_cleanup_all_ex_data ();
#endif
#ifdef HAVE_ERR_FREE_STRINGS
ERR_free_strings ();
#endif
#ifdef HAVE_EVP_CLEANUP
EVP_cleanup ();
#endif
#endif
#endif
#ifdef USE_WINSOCK
WSACleanup();

1
contrib/ldns/drill/drill.h
View File

@ -21,7 +21,6 @@
#define DRILL_AFROMFILE 3
#define DRILL_QTOFILE 4
#define DRILL_NSEC 5
#define DRILL_REVERSE 6
#define DRILL_SECTRACE 7
#define DRILL_ON(VAR, BIT) \

2
contrib/ldns/drill/error.c
View File

@ -2,7 +2,7 @@
* error.c
*
* error reporting routines
* basicly wrappers around printf
* basically wrappers around printf
*
* (c) 2005 NLnet Labs
*

56
contrib/ldns/drill/securetrace.c
View File

@ -137,7 +137,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
ldns_rr_list *correct_key_list;
ldns_rr_list *trusted_ds_rrs;
bool new_keys_trusted = false;
ldns_rr_list *current_correct_keys;
ldns_rr_list *current_correct_keys = NULL;
ldns_rr_list *dataset;
ldns_rr_list *nsec_rrs = NULL;
@ -241,7 +241,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
goto done;
}
}
labels = LDNS_XMALLOC(ldns_rdf*, labels_count + 2);
labels = LDNS_CALLOC(ldns_rdf*, labels_count + 2);
if (!labels) {
goto done;
}
@ -256,6 +256,13 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
*/
for(i = (ssize_t)labels_count + 1; i > 0; i--) {
status = ldns_resolver_send(&local_p, res, labels[i], LDNS_RR_TYPE_NS, c, 0);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error sending query: %s\n", ldns_get_errorstr_by_id(status));
result = status;
goto done;
}
/* TODO: handle status */
if (verbosity >= 5) {
ldns_pkt_print(stdout, local_p);
@ -497,12 +504,43 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
p = get_dnssec_pkt(res, labels[i-1], LDNS_RR_TYPE_DS);
(void) get_ds(p, labels[i-1], &ds_list, &ds_sig_list);
if (!ds_list) {
ldns_pkt_free(p);
if (ds_sig_list) {
ldns_rr_list_deep_free(ds_sig_list);
(void) get_dnssec_rr( p, labels[i-1]
, LDNS_RR_TYPE_CNAME
, &ds_list, &ds_sig_list);
if (ds_list) {
st = ldns_verify( ds_list, ds_sig_list
, correct_key_list
, current_correct_keys);
if (st == LDNS_STATUS_OK) {
printf(";; No DS record found "
"for ");
ldns_rdf_print(stdout,
labels[i-1]);
printf(", but valid CNAME");
} else {
printf(BOGUS " Unable to verify "
"denial of existence for ");
ldns_rdf_print(stdout,
labels[i-1]);
printf(", because of BOGUS CNAME");
}
printf("\n");
ldns_rr_list_deep_free(ds_sig_list);
ldns_pkt_free(p);
ldns_rr_list_deep_free(ds_list);
ds_list = NULL;
ds_sig_list = NULL;
p = NULL;
} else {
ldns_rr_list_deep_free(ds_sig_list);
ldns_pkt_free(p);
p = get_dnssec_pkt(res, name,
LDNS_RR_TYPE_DNSKEY);
(void) get_ds(p, NULL
, &ds_list, &ds_sig_list);
}
p = get_dnssec_pkt(res, name, LDNS_RR_TYPE_DNSKEY);
(void) get_ds(p, NULL, &ds_list, &ds_sig_list);
}
if (ds_sig_list) {
if (ds_list) {
@ -606,7 +644,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
printf(";; No DS for ");
ldns_rdf_print(stdout, labels[i - 1]);
} else {
printf("[B] Unable to verify denial of existence for ");
printf(BOGUS " Unable to verify denial of existence for ");
ldns_rdf_print(stdout, labels[i - 1]);
printf(" DS: %s\n", ldns_get_errorstr_by_id(status));
}
@ -710,7 +748,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
}
printf("\n");
} else {
printf("[B] Unable to verify denial of existence for ");
printf(BOGUS " Unable to verify denial of existence for ");
ldns_rdf_print(stdout, name);
printf(" type ");
if (descriptor && descriptor->_name) {
@ -736,7 +774,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
ldns_rr_list_deep_free(ds_sig_list);
ds_sig_list = NULL;
}
printf(";;" SELF " self sig OK; " BOGUS " bogus; " TRUST " trusted\n");
printf(";;" SELF " self sig OK; " BOGUS " bogus; " TRUST " trusted; " UNSIGNED " unsigned\n");
/* verbose mode?
printf("Trusted keys:\n");
ldns_rr_list_print(stdout, trusted_keys);

135
contrib/ldns/duration.c
View File

@ -183,7 +183,6 @@ ldns_duration_create_from_string(const char* str)
return NULL;
} else {
duration->weeks = (time_t) atoi(str+1);
str = W;
}
}
return duration;
@ -191,123 +190,51 @@ ldns_duration_create_from_string(const char* str)
/**
* Get the number of digits in a number.
*
* Helper func for ldns_duration2string below. If t > 0,
* scan print t and c on buf, forwarding buf. Return 0 on success.
*/
static size_t
digits_in_number(time_t duration)
static inline int dur_scan_print(char **buf, char *eob, char c, time_t t)
{
uint32_t period = (uint32_t) duration;
size_t count = 0;
while (period > 0) {
count++;
period /= 10;
}
return count;
if (t > 0) {
int r = snprintf(*buf, eob - *buf, "%u%c", (unsigned)t, c);
if (r < 0 || (*buf += r) >= eob)
return -1;
}
return 0;
}
/**
* Convert a duration to a string.
*
*/
char*
ldns_duration2string(const ldns_duration_type* duration)
ldns_duration2string(const ldns_duration_type* d)
{
char* str = NULL, *num = NULL;
size_t count = 2;
int T = 0;
/* Max string size should be 7 * 40 + 3 on a 127 bits machine
* So 300 (< 273) is more than enough.
*/
char buf[300] = "P0D", *eob = buf + sizeof(buf), *p = buf + 1;
if (!duration) {
return NULL;
}
if (!d)
return NULL;
if (duration->years > 0) {
count = count + 1 + digits_in_number(duration->years);
}
if (duration->months > 0) {
count = count + 1 + digits_in_number(duration->months);
}
if (duration->weeks > 0) {
count = count + 1 + digits_in_number(duration->weeks);
}
if (duration->days > 0) {
count = count + 1 + digits_in_number(duration->days);
}
if (duration->hours > 0) {
count = count + 1 + digits_in_number(duration->hours);
T = 1;
}
if (duration->minutes > 0) {
count = count + 1 + digits_in_number(duration->minutes);
T = 1;
}
if (duration->seconds > 0) {
count = count + 1 + digits_in_number(duration->seconds);
T = 1;
}
if (T) {
count++;
}
if (dur_scan_print(&p, eob, 'Y', d->years)
|| dur_scan_print(&p, eob, 'M', d->months)
|| dur_scan_print(&p, eob, 'W', d->weeks)
|| dur_scan_print(&p, eob, 'D', d->days))
return NULL;
str = (char*) calloc(count, sizeof(char));
str[0] = 'P';
str[1] = '\0';
if (d->hours || d->minutes || d->seconds) {
if (p > (eob - 2))
return NULL; /* Error; no space left on buf for 'T' */
if (duration->years > 0) {
count = digits_in_number(duration->years);
num = (char*) calloc(count+2, sizeof(char));
snprintf(num, count+2, "%uY", (unsigned int) duration->years);
str = strncat(str, num, count+2);
free((void*) num);
}
if (duration->months > 0) {
count = digits_in_number(duration->months);
num = (char*) calloc(count+2, sizeof(char));
snprintf(num, count+2, "%uM", (unsigned int) duration->months);
str = strncat(str, num, count+2);
free((void*) num);
}
if (duration->weeks > 0) {
count = digits_in_number(duration->weeks);
num = (char*) calloc(count+2, sizeof(char));
snprintf(num, count+2, "%uW", (unsigned int) duration->weeks);
str = strncat(str, num, count+2);
free((void*) num);
}
if (duration->days > 0) {
count = digits_in_number(duration->days);
num = (char*) calloc(count+2, sizeof(char));
snprintf(num, count+2, "%uD", (unsigned int) duration->days);
str = strncat(str, num, count+2);
free((void*) num);
}
if (T) {
str = strncat(str, "T", 1);
}
if (duration->hours > 0) {
count = digits_in_number(duration->hours);
num = (char*) calloc(count+2, sizeof(char));
snprintf(num, count+2, "%uH", (unsigned int) duration->hours);
str = strncat(str, num, count+2);
free((void*) num);
}
if (duration->minutes > 0) {
count = digits_in_number(duration->minutes);
num = (char*) calloc(count+2, sizeof(char));
snprintf(num, count+2, "%uM", (unsigned int) duration->minutes);
str = strncat(str, num, count+2);
free((void*) num);
}
if (duration->seconds > 0) {
count = digits_in_number(duration->seconds);
num = (char*) calloc(count+2, sizeof(char));
snprintf(num, count+2, "%uS", (unsigned int) duration->seconds);
str = strncat(str, num, count+2);
free((void*) num);
}
return str;
*p++ = 'T'; *p = 0;
if (dur_scan_print(&p, eob, 'H', d->hours)
|| dur_scan_print(&p, eob, 'M', d->minutes)
|| dur_scan_print(&p, eob, 'S', d->seconds))
return NULL;
}
return strdup(buf);
}

436
contrib/ldns/edns.c Normal file
View File

@ -0,0 +1,436 @@
/*
* edns.c
*
* edns implementation
*
* a Net::DNS like library for C
*
* (c) NLnet Labs, 2004-2022
*
* See the file LICENSE for the license
*/
#include <ldns/ldns.h>
#define LDNS_OPTIONLIST_INIT 8
/*
* Access functions
* functions to get and set type checking
*/
/* read */
size_t
ldns_edns_get_size(const ldns_edns_option *edns)
{
assert(edns != NULL);
return edns->_size;
}
ldns_edns_option_code
ldns_edns_get_code(const ldns_edns_option *edns)
{
assert(edns != NULL);
return edns->_code;
}
uint8_t *
ldns_edns_get_data(const ldns_edns_option *edns)
{
assert(edns != NULL);
return edns->_data;
}
ldns_buffer *
ldns_edns_get_wireformat_buffer(const ldns_edns_option *edns)
{
uint16_t option;
size_t size;
uint8_t* data;
ldns_buffer* buffer;
if (edns == NULL) {
return NULL;
}
option = ldns_edns_get_code(edns);
size = ldns_edns_get_size(edns);
data = ldns_edns_get_data(edns);
buffer = ldns_buffer_new(size + 4);
if (buffer == NULL) {
return NULL;
}
ldns_buffer_write_u16(buffer, option);
ldns_buffer_write_u16(buffer, size);
ldns_buffer_write(buffer, data, size);
ldns_buffer_flip(buffer);
return buffer;
}
/* write */
static void
ldns_edns_set_size(ldns_edns_option *edns, size_t size)
{
assert(edns != NULL);
edns->_size = size;
}
static void
ldns_edns_set_code(ldns_edns_option *edns, ldns_edns_option_code code)
{
assert(edns != NULL);
edns->_code = code;
}
static void
ldns_edns_set_data(ldns_edns_option *edns, void *data)
{
/* only copy the pointer */
assert(edns != NULL);
edns->_data = data;
}
/* note: data must be allocated memory */
ldns_edns_option *
ldns_edns_new(ldns_edns_option_code code, size_t size, void *data)
{
ldns_edns_option *edns;
edns = LDNS_MALLOC(ldns_edns_option);
if (!edns) {
return NULL;
}
ldns_edns_set_code(edns, code);
ldns_edns_set_size(edns, size);
ldns_edns_set_data(edns, data);
return edns;
}
ldns_edns_option *
ldns_edns_new_from_data(ldns_edns_option_code code, size_t size, const void *data)
{
ldns_edns_option *edns;
edns = LDNS_MALLOC(ldns_edns_option);
if (!edns) {
return NULL;
}
edns->_data = LDNS_XMALLOC(uint8_t, size);
if (!edns->_data) {
LDNS_FREE(edns);
return NULL;
}
/* set the values */
ldns_edns_set_code(edns, code);
ldns_edns_set_size(edns, size);
memcpy(edns->_data, data, size);
return edns;
}
ldns_edns_option *
ldns_edns_clone(ldns_edns_option *edns)
{
ldns_edns_option *new_option;
assert(edns != NULL);
new_option = ldns_edns_new_from_data(ldns_edns_get_code(edns),
ldns_edns_get_size(edns),
ldns_edns_get_data(edns));
return new_option;
}
void
ldns_edns_deep_free(ldns_edns_option *edns)
{
if (edns) {
if (edns->_data) {
LDNS_FREE(edns->_data);
}
LDNS_FREE(edns);
}
}
void
ldns_edns_free(ldns_edns_option *edns)
{
if (edns) {
LDNS_FREE(edns);
}
}
ldns_edns_option_list*
ldns_edns_option_list_new()
{
ldns_edns_option_list *option_list = LDNS_MALLOC(ldns_edns_option_list);
if(!option_list) {
return NULL;
}
option_list->_option_count = 0;
option_list->_option_capacity = 0;
option_list->_options_size = 0;
option_list->_options = NULL;
return option_list;
}
ldns_edns_option_list *
ldns_edns_option_list_clone(ldns_edns_option_list *old_list)
{
size_t i;
ldns_edns_option_list *new_list;
if (!old_list) {
return NULL;
}
new_list = ldns_edns_option_list_new();
if (!new_list) {
return NULL;
}
if (old_list->_option_count == 0) {
return new_list;
}
/* adding options also updates the total options size */
for (i = 0; i < old_list->_option_count; i++) {
ldns_edns_option *option = ldns_edns_clone(ldns_edns_option_list_get_option(old_list, i));
if (!ldns_edns_option_list_push(new_list, option)) {
ldns_edns_deep_free(option);
ldns_edns_option_list_deep_free(new_list);
return NULL;
}
}
return new_list;
}
void
ldns_edns_option_list_free(ldns_edns_option_list *option_list)
{
if (option_list) {
LDNS_FREE(option_list->_options);
LDNS_FREE(option_list);
}
}
void
ldns_edns_option_list_deep_free(ldns_edns_option_list *option_list)
{
size_t i;
if (option_list) {
for (i=0; i < ldns_edns_option_list_get_count(option_list); i++) {
ldns_edns_deep_free(ldns_edns_option_list_get_option(option_list, i));
}
ldns_edns_option_list_free(option_list);
}
}
size_t
ldns_edns_option_list_get_count(const ldns_edns_option_list *option_list)
{
if (option_list) {
return option_list->_option_count;
} else {
return 0;
}
}
ldns_edns_option *
ldns_edns_option_list_get_option(const ldns_edns_option_list *option_list, size_t index)
{
if (option_list && index < ldns_edns_option_list_get_count(option_list)) {
assert(option_list->_options[index]);
return option_list->_options[index];
} else {
return NULL;
}
}
size_t
ldns_edns_option_list_get_options_size(const ldns_edns_option_list *option_list)
{
if (option_list) {
return option_list->_options_size;
} else {
return 0;
}
}
ldns_edns_option *
ldns_edns_option_list_set_option(ldns_edns_option_list *option_list,
ldns_edns_option *option, size_t index)
{
ldns_edns_option* old;
assert(option_list != NULL);
if (index > ldns_edns_option_list_get_count(option_list)) {
return NULL;
}
if (option == NULL) {
return NULL;
}
old = ldns_edns_option_list_get_option(option_list, index);
/* shrink the total EDNS size if the old EDNS option exists */
if (old != NULL) {
option_list->_options_size -= (ldns_edns_get_size(old) + 4);
}
option_list->_options_size += (ldns_edns_get_size(option) + 4);
option_list->_options[index] = option;
return old;
}
bool
ldns_edns_option_list_push(ldns_edns_option_list *option_list,
ldns_edns_option *option)
{
size_t cap;
size_t option_count;
assert(option_list != NULL);
if (option == NULL) {
return false;
}
cap = option_list->_option_capacity;
option_count = ldns_edns_option_list_get_count(option_list);
/* verify we need to grow the array to fit the new option */
if (option_count+1 > cap) {
ldns_edns_option **new_list;
/* initialize the capacity if needed, otherwise grow by doubling */
if (cap == 0) {
cap = LDNS_OPTIONLIST_INIT; /* initial list size */
} else {
cap *= 2;
}
new_list = LDNS_XREALLOC(option_list->_options,
ldns_edns_option *, cap);
if (!new_list) {
return false;
}
option_list->_options = new_list;
option_list->_option_capacity = cap;
}
/* add the new option */
ldns_edns_option_list_set_option(option_list, option,
option_list->_option_count);
option_list->_option_count += 1;
return true;
}
ldns_edns_option *
ldns_edns_option_list_pop(ldns_edns_option_list *option_list)
{
ldns_edns_option* pop;
size_t count;
size_t cap;
assert(option_list != NULL);
cap = option_list->_option_capacity;
count = ldns_edns_option_list_get_count(option_list);
if (count == 0) {
return NULL;
}
/* get the last option from the list */
pop = ldns_edns_option_list_get_option(option_list, count-1);
/* shrink the array */
if (cap > LDNS_OPTIONLIST_INIT && count-1 <= cap/2) {
ldns_edns_option **new_list;
cap /= 2;
new_list = LDNS_XREALLOC(option_list->_options,
ldns_edns_option *, cap);
if (new_list) {
option_list->_options = new_list;
}
/* if the realloc fails, the capacity for the list remains unchanged */
}
/* shrink the total EDNS size of the options if the popped EDNS option exists */
if (pop != NULL) {
option_list->_options_size -= (ldns_edns_get_size(pop) + 4);
}
option_list->_option_count = count - 1;
return pop;
}
ldns_buffer *
ldns_edns_option_list2wireformat_buffer(const ldns_edns_option_list *option_list)
{
size_t i, list_size, options_size, option, size;
ldns_buffer* buffer;
ldns_edns_option *edns;
uint8_t* data = NULL;
if (!option_list) {
return NULL;
}
/* get the number of EDNS options in the list*/
list_size = ldns_edns_option_list_get_count(option_list);
/* create buffer the size of the total EDNS wireformat options */
options_size = ldns_edns_option_list_get_options_size(option_list);
buffer = ldns_buffer_new(options_size);
if (!buffer) {
return NULL;
}
/* write individual serialized EDNS options to final buffer*/
for (i = 0; i < list_size; i++) {
edns = ldns_edns_option_list_get_option(option_list, i);
if (edns == NULL) {
/* this shouldn't be possible */
return NULL;
}
option = ldns_edns_get_code(edns);
size = ldns_edns_get_size(edns);
data = ldns_edns_get_data(edns);
/* make sure the option fits */
if (!(ldns_buffer_available(buffer, size + 4))) {
ldns_buffer_free(buffer);
return NULL;
}
ldns_buffer_write_u16(buffer, option);
ldns_buffer_write_u16(buffer, size);
ldns_buffer_write(buffer, data, size);
}
ldns_buffer_flip(buffer);
return buffer;
}

31
contrib/ldns/error.c
View File

@ -1,6 +1,6 @@
/*
* a error2str function to make sense of all the
* error codes we have laying ardoun
* error codes we have laying around
*
* a Net::DNS like library for C
* LibDNS Team @ NLnet Labs
@ -36,7 +36,7 @@ ldns_lookup_table ldns_error_str[] = {
{ LDNS_STATUS_NETWORK_ERR, "Could not send or receive, because of network error" },
{ LDNS_STATUS_ADDRESS_ERR, "Could not start AXFR, because of address error" },
{ LDNS_STATUS_FILE_ERR, "Could not open the files" },
{ LDNS_STATUS_UNKNOWN_INET, "Uknown address family" },
{ LDNS_STATUS_UNKNOWN_INET, "Unknown address family" },
{ LDNS_STATUS_NOT_IMPL, "This function is not implemented (yet), please notify the developers - or not..." },
{ LDNS_STATUS_NULL, "Supplied value pointer null" },
{ LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, "Unknown cryptographic algorithm" },
@ -157,6 +157,33 @@ ldns_lookup_table ldns_error_str[] = {
"X509_STORE_CTX_set0_dane() functions within OpenSSL >= 1.1.0 "
"to be able to verify the DANE-TA usage type." },
#endif
{ LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE, "A ZONEMD with the same "
"<scheme> and hash algorithm occurred more than once." },
{ LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME, "Unknown ZONEMD <scheme>" },
{ LDNS_STATUS_ZONEMD_UNKNOWN_HASH, "Unknown ZONEMD hash algorithm" },
{ LDNS_STATUS_ZONEMD_INVALID_SOA,
"Missing or invalid SOA to associate with ZONEMD RR" },
{ LDNS_STATUS_NO_ZONEMD,
"NSEC(3) RRs indicate that a ZONEMD exists, "
"but it is not found in the zone" },
{ LDNS_STATUS_NO_VALID_ZONEMD,
"No ZONEMD matching the zone data was found" },
{ LDNS_STATUS_SYNTAX_SVCPARAM_KEY_ERR, "Syntax error in a key in "
"the ServiceParam rdata field of SVCB or HTTPS RR" },
{ LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR, "Syntax error in a value in "
"the ServiceParam rdata field of SVCB or HTTPS RR" },
{ LDNS_STATUS_RESERVED_SVCPARAM_KEY,
"key65535 is reserved and MUST NOT be used "
"in the ServiceParam rdata field of SVCB or HTTPS RR" },
{ LDNS_STATUS_NO_SVCPARAM_VALUE_EXPECTED,
"A value was found for a key that SHOULD not have a value "
"in the ServiceParam rdata field of SVCB or HTTPS RR" },
{ LDNS_STATUS_SVCPARAM_KEY_MORE_THAN_ONCE,
"A key was found more than once "
"in the ServiceParam rdata field of SVCB or HTTPS RR" },
{ LDNS_STATUS_INVALID_SVCPARAM_VALUE,
"Invalid wireformat of a value "
"in the ServiceParam rdata field of SVCB or HTTPS RR" },
{ 0, NULL }
};

9
contrib/ldns/freebsd-configure.sh
View File

@ -14,8 +14,7 @@ ldns=$(dirname $(realpath $0))
cd $ldns
# Run autotools before we drop LOCALBASE out of PATH
(cd $ldns && libtoolize --copy && autoheader && autoconf)
(cd $ldns/drill && aclocal && autoheader && autoconf)
libtoolize --copy && autoheader && autoconf
# Ensure we use the correct toolchain and clean our environment
export CC=$(echo ".include <bsd.lib.mk>" | make -f /dev/stdin -VCC)
@ -23,8 +22,4 @@ export CPP=$(echo ".include <bsd.lib.mk>" | make -f /dev/stdin -VCPP)
unset CFLAGS CPPFLAGS LDFLAGS LD_LIBRARY_PATH LIBS
export PATH=/bin:/sbin:/usr/bin:/usr/sbin
cd $ldns
./configure --prefix= --exec-prefix=/usr
cd $ldns/drill
./configure --prefix= --exec-prefix=/usr
./configure --prefix= --exec-prefix=/usr --with-drill --with-ssl

1191
contrib/ldns/host2str.c
View File

File diff suppressed because it is too large Load Diff

63
contrib/ldns/host2wire.c
View File

@ -67,17 +67,27 @@ ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_
{
/* Not found. Write cache entry, take off first label, write it, */
/* try again with the rest of the name. */
node = LDNS_MALLOC(ldns_rbnode_t);
if(!node)
{
return LDNS_STATUS_MEM_ERR;
}
if (ldns_buffer_position(buffer) < 16384) {
node->key = ldns_rdf_clone(name);
ldns_rdf *key;
node = LDNS_MALLOC(ldns_rbnode_t);
if(!node)
{
return LDNS_STATUS_MEM_ERR;
}
key = ldns_rdf_clone(name);
if (!key) {
LDNS_FREE(node);
return LDNS_STATUS_MEM_ERR;
}
node->key = key;
node->data = (void *) (intptr_t) ldns_buffer_position(buffer);
if(!ldns_rbtree_insert(compression_data,node))
{
/* fprintf(stderr,"Name not found but now it's there?\n"); */
ldns_rdf_deep_free(key);
LDNS_FREE(node);
}
}
label = ldns_dname_label(name, 0);
@ -364,6 +374,20 @@ compression_node_free(ldns_rbnode_t *node, void *arg)
ldns_status
ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
{
ldns_status status;
ldns_rbtree_t *compression_data = ldns_rbtree_create((int (*)(const void *, const void *))ldns_dname_compare);
status = ldns_pkt2buffer_wire_compress(buffer, packet, compression_data);
ldns_traverse_postorder(compression_data,compression_node_free,NULL);
ldns_rbtree_free(compression_data);
return status;
}
ldns_status
ldns_pkt2buffer_wire_compress(ldns_buffer *buffer, const ldns_pkt *packet, ldns_rbtree_t *compression_data)
{
ldns_rr_list *rr_list;
uint16_t i;
@ -372,8 +396,9 @@ ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
ldns_rr *edns_rr;
uint8_t edata[4];
ldns_rbtree_t *compression_data = ldns_rbtree_create((int (*)(const void *, const void *))ldns_dname_compare);
ldns_buffer *edns_buf = NULL;
ldns_rdf *edns_rdf = NULL;
(void) ldns_hdr2buffer_wire(buffer, packet);
rr_list = ldns_pkt_question(packet);
@ -418,11 +443,22 @@ ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
ldns_write_uint16(&edata[2], ldns_pkt_edns_z(packet));
ldns_rr_set_ttl(edns_rr, ldns_read_uint32(edata));
/* don't forget to add the edns rdata (if any) */
if (packet->_edns_data)
ldns_rr_push_rdf (edns_rr, packet->_edns_data);
if ((edns_buf = ldns_edns_option_list2wireformat_buffer(packet->_edns_list))) {
edns_rdf = ldns_rdf_new( LDNS_RDF_TYPE_UNKNOWN
, ldns_buffer_limit(edns_buf)
, ldns_buffer_export(edns_buf));
ldns_buffer_free(edns_buf);
}
if (edns_rdf)
ldns_rr_push_rdf(edns_rr, edns_rdf);
else if (packet->_edns_data)
ldns_rr_push_rdf(edns_rr, packet->_edns_data);
(void)ldns_rr2buffer_wire_compress(buffer, edns_rr, LDNS_SECTION_ADDITIONAL, compression_data);
/* take the edns rdata back out of the rr before we free rr */
if (packet->_edns_data)
/* if the rdata of the OPT came from packet->_edns_data
* we need to take it back out of the edns_rr before we free it
* so packet->_edns_data doesn't get freed
*/
if (!edns_rdf && packet->_edns_data)
(void)ldns_rr_pop_rdf (edns_rr);
ldns_rr_free(edns_rr);
}
@ -433,9 +469,6 @@ ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
ldns_pkt_tsig(packet), LDNS_SECTION_ADDITIONAL, compression_data);
}
ldns_traverse_postorder(compression_data,compression_node_free,NULL);
ldns_rbtree_free(compression_data);
return LDNS_STATUS_OK;
}

179
contrib/ldns/install-sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2014-09-12.12; # UTC
scriptversion=2020-11-14.01; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@ -69,6 +69,11 @@ posix_mkdir=
# Desired mode of installed file.
mode=0755
# Create dirs (including intermediate dirs) using mode 755.
# This is like GNU 'install' as of coreutils 8.32 (2020).
mkdir_umask=22
backupsuffix=
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
@ -99,18 +104,28 @@ Options:
--version display version info and exit.
-c (ignored)
-C install only if different (preserve the last data modification time)
-C install only if different (preserve data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-p pass -p to $cpprog.
-s $stripprog installed files.
-S SUFFIX attempt to back up existing files, with suffix SUFFIX.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
By default, rm is invoked with -f; when overridden with RMPROG,
it's up to you to specify -f if you want it.
If -S is not specified, no backups are attempted.
Email bug reports to bug-automake@gnu.org.
Automake home page: https://www.gnu.org/software/automake/
"
while test $# -ne 0; do
@ -137,8 +152,13 @@ while test $# -ne 0; do
-o) chowncmd="$chownprog $2"
shift;;
-p) cpprog="$cpprog -p";;
-s) stripcmd=$stripprog;;
-S) backupsuffix="$2"
shift;;
-t)
is_target_a_directory=always
dst_arg=$2
@ -255,6 +275,10 @@ do
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
# Don't chown directories that already exist.
if test $dstdir_status = 0; then
chowncmd=""
fi
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
@ -271,15 +295,18 @@ do
fi
dst=$dst_arg
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
# If destination is a directory, append the input filename.
if test -d "$dst"; then
if test "$is_target_a_directory" = never; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstbase=`basename "$src"`
case $dst in
*/) dst=$dst$dstbase;;
*) dst=$dst/$dstbase;;
esac
dstdir_status=0
else
dstdir=`dirname "$dst"`
@ -288,27 +315,16 @@ do
fi
fi
case $dstdir in
*/) dstdirslash=$dstdir;;
*) dstdirslash=$dstdir/;;
esac
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
@ -318,50 +334,49 @@ do
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
# $RANDOM is not portable (e.g. dash); use it when possible to
# lower collision chance
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
# The $RANDOM variable is not portable (e.g., dash). Use it
# here however when possible just to lower collision chance.
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
# As "mkdir -p" follows symlinks and we work in /tmp possibly; so
# create the $tmpdir first (and fail if unsuccessful) to make sure
# that nobody tries to guess the $tmpdir name.
if (umask $mkdir_umask &&
$mkdirprog $mkdir_mode "$tmpdir" &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
test_tmpdir="$tmpdir/a"
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
fi
trap '' 0;;
esac;;
trap '
ret=$?
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
exit $ret
' 0
# Because "mkdir -p" follows existing symlinks and we likely work
# directly in world-writeable /tmp, make sure that the '$tmpdir'
# directory is successfully created first before we actually test
# 'mkdir -p'.
if (umask $mkdir_umask &&
$mkdirprog $mkdir_mode "$tmpdir" &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
test_tmpdir="$tmpdir/a"
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
fi
trap '' 0;;
esac
if
@ -372,7 +387,7 @@ do
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
@ -401,7 +416,7 @@ do
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
(umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
@ -434,14 +449,25 @@ do
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
dsttmp=${dstdirslash}_inst.$$_
rmtmp=${dstdirslash}_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
(umask $cp_umask &&
{ test -z "$stripcmd" || {
# Create $dsttmp read-write so that cp doesn't create it read-only,
# which would cause strip to fail.
if test -z "$doit"; then
: >"$dsttmp" # No need to fork-exec 'touch'.
else
$doit touch "$dsttmp"
fi
}
} &&
$doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
@ -467,6 +493,13 @@ do
then
rm -f "$dsttmp"
else
# If $backupsuffix is set, and the file being installed
# already exists, attempt a backup. Don't worry if it fails,
# e.g., if mv doesn't support -f.
if test -n "$backupsuffix" && test -f "$dst"; then
$doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
fi
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
@ -481,9 +514,9 @@ do
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
$doit $rmcmd "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
{ $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
@ -500,9 +533,9 @@ do
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:

253
contrib/ldns/keys.c
View File

@ -15,9 +15,17 @@
#include <ldns/ldns.h>
#ifdef HAVE_SSL
#include <openssl/ui.h>
#include <openssl/ssl.h>
#include <openssl/engine.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#ifdef USE_DSA
#include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#endif /* HAVE_SSL */
ldns_lookup_table ldns_signing_algorithms[] = {
@ -76,7 +84,7 @@ ldns_key_new(void)
if (!newkey) {
return NULL;
} else {
/* some defaults - not sure wether to do this */
/* some defaults - not sure whether to do this */
ldns_key_set_use(newkey, true);
ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY);
ldns_key_set_origttl(newkey, 0);
@ -99,7 +107,7 @@ ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
return ldns_key_new_frm_fp_l(k, fp, NULL);
}
#ifdef HAVE_SSL
#if defined(HAVE_SSL) && !defined(OPENSSL_NO_ENGINE)
ldns_status
ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
{
@ -300,34 +308,36 @@ ldns_key_new_frm_fp_ecdsa_l(FILE* fp, ldns_algorithm alg, int* line_nr)
#ifdef USE_ED25519
/** turn private key buffer into EC_KEY structure */
static EC_KEY*
static EVP_PKEY*
ldns_ed25519_priv_raw(uint8_t* pkey, int plen)
{
const unsigned char* pp;
uint8_t buf[256];
int buflen = 0;
uint8_t pre[] = {0x30, 0x32, 0x02, 0x01, 0x01, 0x04, 0x20};
int pre_len = 7;
uint8_t post[] = {0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
0x01, 0xda, 0x47, 0x0f, 0x01};
int post_len = 13;
int i;
/* ASN looks like this for ED25519
uint8_t pre[] = {0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20};
int pre_len = 16;
/* ASN looks like this for ED25519 public key
* 302a300506032b6570032100 <32byteskey>
* for ED25519 private key
* 302e020100300506032b657004220420 <32bytes>
*
* for X25519 this was
* 30320201010420 <32byteskey>
* andparameters a00b06092b06010401da470f01
* (noparameters, preamble is 30250201010420).
* the key is reversed (little endian).
*/
buflen = pre_len + plen + post_len;
buflen = pre_len + plen;
if((size_t)buflen > sizeof(buf))
return NULL;
memmove(buf, pre, pre_len);
/* reverse the pkey into the buf */
for(i=0; i<plen; i++)
buf[pre_len+i] = pkey[plen-1-i];
memmove(buf+pre_len+plen, post, post_len);
memmove(buf+pre_len, pkey, plen);
/* reverse the pkey into the buf - key is not reversed it seems */
/* for(i=0; i<plen; i++)
buf[pre_len+i] = pkey[plen-1-i]; */
pp = buf;
return d2i_ECPrivateKey(NULL, &pp, buflen);
return d2i_PrivateKey(NID_ED25519, NULL, &pp, buflen);
}
/** read ED25519 private key */
@ -337,7 +347,6 @@ ldns_key_new_frm_fp_ed25519_l(FILE* fp, int* line_nr)
char token[16384];
ldns_rdf* b64rdf = NULL;
EVP_PKEY* evp_key;
EC_KEY* ec;
if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n",
sizeof(token), line_nr) == -1)
return NULL;
@ -348,67 +357,39 @@ ldns_key_new_frm_fp_ed25519_l(FILE* fp, int* line_nr)
* from the private part, which others, EC_KEY_set_private_key,
* and o2i methods, do not do */
/* for that the private key has to be encoded in ASN1 notation
* with a X25519 prefix on it */
* with a ED25519 prefix on it */
ec = ldns_ed25519_priv_raw(ldns_rdf_data(b64rdf),
evp_key = ldns_ed25519_priv_raw(ldns_rdf_data(b64rdf),
(int)ldns_rdf_size(b64rdf));
ldns_rdf_deep_free(b64rdf);
if(!ec) return NULL;
if(EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)) != NID_X25519) {
/* wrong group, bad asn conversion */
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
return evp_key;
}
#endif
#ifdef USE_ED448
/** turn private key buffer into EC_KEY structure */
static EC_KEY*
static EVP_PKEY*
ldns_ed448_priv_raw(uint8_t* pkey, int plen)
{
const unsigned char* pp;
uint8_t buf[256];
int buflen = 0;
uint8_t pre[] = {0x30, 0x4b, 0x02, 0x01, 0x01, 0x04, 0x39};
int pre_len = 7;
uint8_t post[] = {0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
0x01, 0xda, 0x47, 0x0f, 0x02};
int post_len = 13;
int i;
/* ASN looks like this for ED25519
* And for ED448, the parameters are ...02 instead of ...01
* For ED25519 it was:
* 30320201010420 <32byteskey>
* andparameters a00b06092b06010401da470f01
* (noparameters, preamble is 30250201010420).
uint8_t pre[] = {0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39};
int pre_len = 16;
/* ASN looks like this for ED448
* 3047020100300506032b6571043b0439 <57bytekey>
* the key is reversed (little endian).
*
* For ED448 the key is 57 bytes, and that changes lengths.
* 304b0201010439 <57bytekey> a00b06092b06010401da470f02
*/
buflen = pre_len + plen + post_len;
buflen = pre_len + plen;
if((size_t)buflen > sizeof(buf))
return NULL;
memmove(buf, pre, pre_len);
/* reverse the pkey into the buf */
for(i=0; i<plen; i++)
buf[pre_len+i] = pkey[plen-1-i];
memmove(buf+pre_len+plen, post, post_len);
memmove(buf+pre_len, pkey, plen);
/* reverse the pkey into the buf - key is not reversed it seems */
/* for(i=0; i<plen; i++)
buf[pre_len+i] = pkey[plen-1-i]; */
pp = buf;
return d2i_ECPrivateKey(NULL, &pp, buflen);
return d2i_PrivateKey(NID_ED448, NULL, &pp, buflen);
}
/** read ED448 private key */
@ -418,7 +399,6 @@ ldns_key_new_frm_fp_ed448_l(FILE* fp, int* line_nr)
char token[16384];
ldns_rdf* b64rdf = NULL;
EVP_PKEY* evp_key;
EC_KEY* ec;
if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n",
sizeof(token), line_nr) == -1)
return NULL;
@ -426,26 +406,9 @@ ldns_key_new_frm_fp_ed448_l(FILE* fp, int* line_nr)
return NULL;
/* convert private key into ASN notation and then convert that */
ec = ldns_ed448_priv_raw(ldns_rdf_data(b64rdf),
evp_key = ldns_ed448_priv_raw(ldns_rdf_data(b64rdf),
(int)ldns_rdf_size(b64rdf));
ldns_rdf_deep_free(b64rdf);
if(!ec) return NULL;
if(EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)) != NID_X448) {
/* wrong group, bad asn conversion */
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
return evp_key;
}
#endif
@ -813,7 +776,7 @@ ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
}
/* I could use functions again, but that seems an overkill,
* allthough this also looks tedious
* although this also looks tedious
*/
/* Modules, rsa->n */
@ -898,7 +861,7 @@ ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
}
#endif /* splint */
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
# ifndef S_SPLINT_S
rsa->n = n;
rsa->e = e;
@ -942,6 +905,7 @@ ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
return NULL;
}
#ifdef USE_DSA
DSA *
ldns_key_new_frm_fp_dsa(FILE *f)
{
@ -1018,7 +982,7 @@ ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr))
}
#endif /* splint */
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
# ifndef S_SPLINT_S
dsa->p = p;
dsa->q = q;
@ -1052,6 +1016,7 @@ ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr))
BN_free(pub_key);
return NULL;
}
#endif /* USE_DSA */
unsigned char *
ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
@ -1065,24 +1030,18 @@ ldns_key_new_frm_fp_hmac_l( FILE *f
, size_t *hmac_size
)
{
size_t i, bufsz;
size_t bufsz;
char d[LDNS_MAX_LINELEN];
unsigned char *buf = NULL;
if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
goto error;
}
bufsz = ldns_b64_ntop_calculate_size(strlen(d));
buf = LDNS_XMALLOC(unsigned char, bufsz);
i = (size_t) ldns_b64_pton((const char*)d, buf, bufsz);
*hmac_size = i;
*hmac_size = ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n",
LDNS_MAX_LINELEN, line_nr) == -1
? 0
: (buf = LDNS_XMALLOC( unsigned char, (bufsz =
ldns_b64_ntop_calculate_size(strlen(d))))) == NULL
? 0
: (size_t) ldns_b64_pton((const char*)d, buf, bufsz);
return buf;
error:
LDNS_FREE(buf);
*hmac_size = 0;
return NULL;
}
#endif /* HAVE_SSL */
@ -1192,9 +1151,9 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
#endif /* HAVE_EVP_PKEY_KEYGEN */
#endif /* HAVE_SSL */
break;
#ifdef USE_DSA
case LDNS_SIGN_DSA:
case LDNS_SIGN_DSA_NSEC3:
#ifdef USE_DSA
#ifdef HAVE_SSL
# if OPENSSL_VERSION_NUMBER < 0x00908000L
d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
@ -1314,7 +1273,7 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
#ifdef USE_ED25519
case LDNS_SIGN_ED25519:
#ifdef HAVE_EVP_PKEY_KEYGEN
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
if(!ctx) {
ldns_key_free(k);
return NULL;
@ -1324,12 +1283,6 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
EVP_PKEY_CTX_free(ctx);
return NULL;
}
if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx,
NID_X25519) <= 0) {
ldns_key_free(k);
EVP_PKEY_CTX_free(ctx);
return NULL;
}
if (EVP_PKEY_keygen(ctx, &k->_key.key) <= 0) {
ldns_key_free(k);
EVP_PKEY_CTX_free(ctx);
@ -1342,7 +1295,7 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
#ifdef USE_ED448
case LDNS_SIGN_ED448:
#ifdef HAVE_EVP_PKEY_KEYGEN
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);
if(!ctx) {
ldns_key_free(k);
return NULL;
@ -1352,12 +1305,6 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
EVP_PKEY_CTX_free(ctx);
return NULL;
}
if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx,
NID_X448) <= 0) {
ldns_key_free(k);
EVP_PKEY_CTX_free(ctx);
return NULL;
}
if (EVP_PKEY_keygen(ctx, &k->_key.key) <= 0) {
ldns_key_free(k);
EVP_PKEY_CTX_free(ctx);
@ -1499,7 +1446,7 @@ ldns_key_set_keytag(ldns_key *k, uint16_t tag)
size_t
ldns_key_list_key_count(const ldns_key_list *key_list)
{
return key_list->_key_count;
return key_list ? key_list->_key_count : 0;
}
ldns_key *
@ -1713,7 +1660,7 @@ ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
if (!k) {
return false;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
n = k->n;
e = k->e;
#else
@ -1809,6 +1756,46 @@ ldns_key_gost2bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
return true;
}
#endif /* USE_GOST */
#ifdef USE_ED25519
static bool
ldns_key_ed255192bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
{
int i;
unsigned char* pp = NULL;
if(i2d_PUBKEY(k, &pp) != 12 + 32) {
/* expect 12 byte(ASN header) and 32 byte(pubkey) */
free(pp);
return false;
}
/* omit ASN header */
for(i=0; i<32; i++)
data[i] = pp[i+12];
free(pp);
*size = 32;
return true;
}
#endif /* USE_ED25519 */
#ifdef USE_ED448
static bool
ldns_key_ed4482bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
{
int i;
unsigned char* pp = NULL;
if(i2d_PUBKEY(k, &pp) != 12 + 57) {
/* expect 12 byte(ASN header) and 57 byte(pubkey) */
free(pp);
return false;
}
/* omit ASN header */
for(i=0; i<57; i++)
data[i] = pp[i+12];
free(pp);
*size = 57;
return true;
}
#endif /* USE_ED448 */
#endif /* splint */
#endif /* HAVE_SSL */
@ -1893,10 +1880,10 @@ ldns_key2rr(const ldns_key *k)
#endif
size++;
break;
#ifdef USE_DSA
case LDNS_SIGN_DSA:
ldns_rr_push_rdf(pubkey,
ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
#ifdef USE_DSA
#ifdef HAVE_SSL
dsa = ldns_key_dsa_key(k);
if (dsa) {
@ -1916,10 +1903,10 @@ ldns_key2rr(const ldns_key *k)
#endif /* HAVE_SSL */
#endif /* USE_DSA */
break;
#ifdef USE_DSA
case LDNS_SIGN_DSA_NSEC3:
ldns_rr_push_rdf(pubkey,
ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
#ifdef USE_DSA
#ifdef HAVE_SSL
dsa = ldns_key_dsa_key(k);
if (dsa) {
@ -1999,18 +1986,16 @@ ldns_key2rr(const ldns_key *k)
case LDNS_SIGN_ED25519:
ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
bin = NULL;
ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
size = (uint16_t)i2o_ECPublicKey(ec, NULL);
if(!i2o_ECPublicKey(ec, &bin)) {
EC_KEY_free(ec);
bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
if (!bin) {
ldns_rr_free(pubkey);
return NULL;
return NULL;
}
/* down the reference count for ec, its still assigned
* to the pkey */
EC_KEY_free(ec);
if (!ldns_key_ed255192bin(bin, k->_key.key, &size)) {
LDNS_FREE(bin);
ldns_rr_free(pubkey);
return NULL;
}
internal_data = 1;
break;
#endif
@ -2018,18 +2003,16 @@ ldns_key2rr(const ldns_key *k)
case LDNS_SIGN_ED448:
ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
bin = NULL;
ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
size = (uint16_t)i2o_ECPublicKey(ec, NULL);
if(!i2o_ECPublicKey(ec, &bin)) {
EC_KEY_free(ec);
bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
if (!bin) {
ldns_rr_free(pubkey);
return NULL;
return NULL;
}
/* down the reference count for ec, its still assigned
* to the pkey */
EC_KEY_free(ec);
if (!ldns_key_ed4482bin(bin, k->_key.key, &size)) {
LDNS_FREE(bin);
ldns_rr_free(pubkey);
return NULL;
}
internal_data = 1;
break;
#endif
@ -2184,7 +2167,9 @@ ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name)
ldns_lookup_table aliases[] = {
/* from bind dnssec-keygen */
{LDNS_SIGN_HMACMD5, "HMAC-MD5"},
#ifdef USE_DSA
{LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"},
#endif /* USE_DSA */
{LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"},
/* old ldns usage, now RFC names */
#ifdef USE_DSA

31
contrib/ldns/ldns/buffer.h
View File

@ -399,6 +399,22 @@ ldns_buffer_write_string(ldns_buffer *buffer, const char *str)
ldns_buffer_write(buffer, str, strlen(str));
}
/**
* copies the given (null-delimited) string to the current position at the buffer
* increasing the capacity if necessary
* \param[in] buffer the buffer
* \param[in] str the string to write
*/
INLINE void
ldns_buffer_write_chars(ldns_buffer *buffer, const char *str)
{
if (!ldns_buffer_reserve(buffer, strlen(str)))
buffer->_status = LDNS_STATUS_MEM_ERR;
else
ldns_buffer_write_string(buffer, str);
}
/**
* writes the given byte of data at the given position in the buffer
* \param[in] buffer the buffer
@ -424,6 +440,21 @@ ldns_buffer_write_u8(ldns_buffer *buffer, uint8_t data)
buffer->_position += sizeof(data);
}
/**
* writes the given byte of data at the current position in the buffer
* increasing the capacity if necessary
* \param[in] buffer the buffer
* \param[in] data the 8 bits to write
*/
INLINE void
ldns_buffer_write_char(ldns_buffer *buffer, uint8_t data)
{
if (!ldns_buffer_reserve(buffer, sizeof(data)))
buffer->_status = LDNS_STATUS_MEM_ERR;
else
ldns_buffer_write_u8(buffer, data);
}
/**
* writes the given 2 byte integer at the given position in the buffer
* \param[in] buffer the buffer

3
contrib/ldns/ldns/common.h
View File

@ -27,6 +27,9 @@
#define LDNS_BUILD_CONFIG_USE_DANE 1
#define LDNS_BUILD_CONFIG_HAVE_B32_PTON 0
#define LDNS_BUILD_CONFIG_HAVE_B32_NTOP 0
#define LDNS_BUILD_CONFIG_USE_DSA 1
#define LDNS_BUILD_CONFIG_USE_ED25519 1
#define LDNS_BUILD_CONFIG_USE_ED448 1
/*
* HAVE_STDBOOL_H is not available when distributed as a library, but no build

3
contrib/ldns/ldns/common.h.in
View File

@ -27,6 +27,9 @@
#define LDNS_BUILD_CONFIG_USE_DANE @ldns_build_config_use_dane@
#define LDNS_BUILD_CONFIG_HAVE_B32_PTON @ldns_build_config_have_b32_pton@
#define LDNS_BUILD_CONFIG_HAVE_B32_NTOP @ldns_build_config_have_b32_ntop@
#define LDNS_BUILD_CONFIG_USE_DSA @ldns_build_config_use_dsa@
#define LDNS_BUILD_CONFIG_USE_ED25519 @ldns_build_config_use_ed25519@
#define LDNS_BUILD_CONFIG_USE_ED448 @ldns_build_config_use_ed448@
/*
* HAVE_STDBOOL_H is not available when distributed as a library, but no build

213
contrib/ldns/ldns/config.h
View File

@ -31,6 +31,15 @@
/* Define to 1 if you have the `calloc' function. */
#define HAVE_CALLOC 1
/* Define to 1 if you have the `CONF_modules_unload' function. */
#define HAVE_CONF_MODULES_UNLOAD 1
/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */
/* #undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA */
/* Define to 1 if you have the `CRYPTO_memcmp' function. */
#define HAVE_CRYPTO_MEMCMP 1
/* Define to 1 if you have the `ctime_r' function. */
#define HAVE_CTIME_R 1
@ -40,18 +49,22 @@
/* Is a CAPATH given at configure time */
#define HAVE_DANE_CA_PATH 0
/* Define to 1 if you have the declaration of `EVP_PKEY_base_id', and to 0 if
you don't. */
#define HAVE_DECL_EVP_PKEY_BASE_ID 1
/* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you
don't. */
#define HAVE_DECL_NID_ED25519 1
/* Define to 1 if you have the declaration of `NID_ED448', and to 0 if you
don't. */
#define HAVE_DECL_NID_ED448 1
/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
don't. */
#define HAVE_DECL_NID_SECP384R1 1
/* Define to 1 if you have the declaration of `NID_X25519', and to 0 if you
don't. */
/* #undef HAVE_DECL_NID_X25519 */
/* Define to 1 if you have the declaration of `NID_X448', and to 0 if you
don't. */
/* #undef HAVE_DECL_NID_X448 */
/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0
if you don't. */
#define HAVE_DECL_NID_X9_62_PRIME256V1 1
@ -80,8 +93,20 @@
/* Define to 1 if you have the `endservent' function. */
#define HAVE_ENDSERVENT 1
/* Define to 1 if you have the `ENGINE_load_cryptodev' function. */
#define HAVE_ENGINE_LOAD_CRYPTODEV 1
/* Define to 1 if you have the `ENGINE_cleanup' function. */
/* #undef HAVE_ENGINE_CLEANUP */
/* Define to 1 if you have the `ENGINE_free' function. */
#define HAVE_ENGINE_FREE 1
/* Define to 1 if you have the `ERR_free_strings' function. */
/* #undef HAVE_ERR_FREE_STRINGS */
/* Define to 1 if you have the `ERR_load_crypto_strings' function. */
/* #undef HAVE_ERR_LOAD_CRYPTO_STRINGS */
/* Define to 1 if you have the `EVP_cleanup' function. */
/* #undef HAVE_EVP_CLEANUP */
/* Define to 1 if you have the `EVP_dss1' function. */
/* #undef HAVE_EVP_DSS1 */
@ -89,9 +114,12 @@
/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
#define HAVE_EVP_MD_CTX_NEW 1
/* Define to 1 if you have the `EVP_PKEY_base_id' function. */
/* Define to 1 if you have the EVP_PKEY_base_id function or macro. */
#define HAVE_EVP_PKEY_BASE_ID 1
/* Define to 1 if you have the `EVP_PKEY_get_base_id' function. */
/* #undef HAVE_EVP_PKEY_GET_BASE_ID */
/* Define to 1 if you have the `EVP_PKEY_keygen' function. */
#define HAVE_EVP_PKEY_KEYGEN 1
@ -110,6 +138,9 @@
/* Define to 1 if you have the `fork' function. */
#define HAVE_FORK 1
/* if fork is available for compile */
#define HAVE_FORK_AVAILABLE 1
/* Whether getaddrinfo is available */
#define HAVE_GETADDRINFO 1
@ -119,9 +150,6 @@
/* Define to 1 if you have the `gmtime_r' function. */
#define HAVE_GMTIME_R 1
/* If you have HMAC_Update */
#define HAVE_HMAC_UPDATE 1
/* Define to 1 if you have the `inet_aton' function. */
#define HAVE_INET_ATON 1
@ -152,19 +180,15 @@
/* Define to 1 if you have the `localtime_r' function. */
#define HAVE_LOCALTIME_R 1
/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
to 0 otherwise. */
#define HAVE_MALLOC 1
/* Define to 1 if you have the `memmove' function. */
#define HAVE_MEMMOVE 1
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the `memset' function. */
#define HAVE_MEMSET 1
/* Define to 1 if you have the <minix/config.h> header file. */
/* #undef HAVE_MINIX_CONFIG_H */
/* Define to 1 if you have the <netdb.h> header file. */
#define HAVE_NETDB_H 1
@ -198,9 +222,24 @@
/* Define to 1 if you have the <net/if.h> header file. */
/* #undef HAVE_NET_IF_H */
/* Define to 1 if you have the <openssl/conf.h> header file. */
#define HAVE_OPENSSL_CONF_H 1
/* Define to 1 if you have the <openssl/engine.h> header file. */
#define HAVE_OPENSSL_ENGINE_H 1
/* Define to 1 if you have the <openssl/err.h> header file. */
#define HAVE_OPENSSL_ERR_H 1
/* Define to 1 if you have the <openssl/evp.h> header file. */
#define HAVE_OPENSSL_EVP_H 1
/* Define to 1 if you have the `OPENSSL_init_crypto' function. */
#define HAVE_OPENSSL_INIT_CRYPTO 1
/* Define to 1 if you have the `OPENSSL_init_ssl' function. */
/* #undef HAVE_OPENSSL_INIT_SSL */
/* Define to 1 if you have the <openssl/rand.h> header file. */
#define HAVE_OPENSSL_RAND_H 1
@ -219,10 +258,6 @@
/* Define to 1 if you have the `random' function. */
#define HAVE_RANDOM 1
/* Define to 1 if your system has a GNU libc compatible `realloc' function,
and to 0 otherwise. */
#define HAVE_REALLOC 1
/* Define to 1 if you have the `sleep' function. */
#define HAVE_SLEEP 1
@ -241,6 +276,9 @@
/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1
/* Define to 1 if you have the <stdio.h> header file. */
#define HAVE_STDIO_H 1
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
@ -274,6 +312,9 @@
/* define if you have sys/types.h */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the <TargetConditionals.h> header file. */
/* #undef HAVE_TARGETCONDITIONALS_H */
/* Define to 1 if you have the `timegm' function. */
#define HAVE_TIMEGM 1
@ -289,6 +330,9 @@
/* Define to 1 if you have the <vfork.h> header file. */
/* #undef HAVE_VFORK_H */
/* Define to 1 if you have the <wchar.h> header file. */
#define HAVE_WCHAR_H 1
/* Define to 1 if you have the <winsock2.h> header file. */
/* #undef HAVE_WINSOCK2_H */
@ -320,7 +364,7 @@
#define PACKAGE_NAME "ldns"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "ldns 1.7.0"
#define PACKAGE_STRING "ldns 1.8.3"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "libdns"
@ -329,11 +373,17 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
#define PACKAGE_VERSION "1.7.0"
#define PACKAGE_VERSION "1.8.3"
/* Define this to enable RR type AMTRELAY. */
/* #undef RRTYPE_AMTRELAY */
/* Define this to enable RR type AVC. */
/* #undef RRTYPE_AVC */
/* Define this to enable RR type DOA. */
/* #undef RRTYPE_DOA */
/* Define this to enable RR type NINFO. */
/* #undef RRTYPE_NINFO */
@ -343,13 +393,18 @@
/* Define this to enable RR type RKEY. */
/* #undef RRTYPE_RKEY */
/* Define this to enable RR types SVCB and HTTPS. */
#define RRTYPE_SVCB_HTTPS /**/
/* Define this to enable RR type TA. */
/* #undef RRTYPE_TA */
/* The size of `time_t', as computed by sizeof. */
#define SIZEOF_TIME_T 8
/* Define to 1 if you have the ANSI C header files. */
/* Define to 1 if all of the C90 standard headers exist (not just the ones
required in a freestanding environment). This macro is provided for
backward compatibility; new code need not use it. */
#define STDC_HEADERS 1
/* Define this to enable messages to stderr. */
@ -374,10 +429,10 @@
#define USE_ECDSA 1
/* Define this to enable ED25519 support. */
/* #undef USE_ED25519 */
#define USE_ED25519 1
/* Define this to enable ED448 support. */
/* #undef USE_ED448 */
#define USE_ED448 1
/* Define this to enable GOST support. */
/* #undef USE_GOST */
@ -389,21 +444,87 @@
#ifndef _ALL_SOURCE
# define _ALL_SOURCE 1
#endif
/* Enable general extensions on macOS. */
#ifndef _DARWIN_C_SOURCE
# define _DARWIN_C_SOURCE 1
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# define __EXTENSIONS__ 1
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# define _GNU_SOURCE 1
#endif
/* Enable threading extensions on Solaris. */
/* Enable X/Open compliant socket functions that do not require linking
with -lxnet on HP-UX 11.11. */
#ifndef _HPUX_ALT_XOPEN_SOCKET_API
# define _HPUX_ALT_XOPEN_SOCKET_API 1
#endif
/* Identify the host operating system as Minix.
This macro does not affect the system headers' behavior.
A future release of Autoconf may stop defining this macro. */
#ifndef _MINIX
/* # undef _MINIX */
#endif
/* Enable general extensions on NetBSD.
Enable NetBSD compatibility extensions on Minix. */
#ifndef _NETBSD_SOURCE
# define _NETBSD_SOURCE 1
#endif
/* Enable OpenBSD compatibility extensions on NetBSD.
Oddly enough, this does nothing on OpenBSD. */
#ifndef _OPENBSD_SOURCE
# define _OPENBSD_SOURCE 1
#endif
/* Define to 1 if needed for POSIX-compatible behavior. */
#ifndef _POSIX_SOURCE
/* # undef _POSIX_SOURCE */
#endif
/* Define to 2 if needed for POSIX-compatible behavior. */
#ifndef _POSIX_1_SOURCE
/* # undef _POSIX_1_SOURCE */
#endif
/* Enable POSIX-compatible threading on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# define _POSIX_PTHREAD_SEMANTICS 1
#endif
/* Enable extensions specified by ISO/IEC TS 18661-5:2014. */
#ifndef __STDC_WANT_IEC_60559_ATTRIBS_EXT__
# define __STDC_WANT_IEC_60559_ATTRIBS_EXT__ 1
#endif
/* Enable extensions specified by ISO/IEC TS 18661-1:2014. */
#ifndef __STDC_WANT_IEC_60559_BFP_EXT__
# define __STDC_WANT_IEC_60559_BFP_EXT__ 1
#endif
/* Enable extensions specified by ISO/IEC TS 18661-2:2015. */
#ifndef __STDC_WANT_IEC_60559_DFP_EXT__
# define __STDC_WANT_IEC_60559_DFP_EXT__ 1
#endif
/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */
#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__
# define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1
#endif
/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */
#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__
# define __STDC_WANT_IEC_60559_TYPES_EXT__ 1
#endif
/* Enable extensions specified by ISO/IEC TR 24731-2:2010. */
#ifndef __STDC_WANT_LIB_EXT2__
# define __STDC_WANT_LIB_EXT2__ 1
#endif
/* Enable extensions specified by ISO/IEC 24747:2009. */
#ifndef __STDC_WANT_MATH_SPEC_FUNCS__
# define __STDC_WANT_MATH_SPEC_FUNCS__ 1
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# define _TANDEM_SOURCE 1
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# define __EXTENSIONS__ 1
/* Enable X/Open extensions. Define to 500 only if necessary
to make mbstate_t available. */
#ifndef _XOPEN_SOURCE
/* # undef _XOPEN_SOURCE */
#endif
@ -425,18 +546,8 @@
# endif
#endif
/* Define to 1 if on MINIX. */
/* #undef _MINIX */
/* Enable for compile on Minix */
/* #undef _NETBSD_SOURCE */
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
/* #undef _POSIX_1_SOURCE */
/* Define to 1 if you need to in order for `stat' and other things to work. */
/* #undef _POSIX_SOURCE */
#define _NETBSD_SOURCE 1
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
@ -468,15 +579,9 @@
/* Define to `size_t' if <sys/types.h> does not define. */
/* #undef intptr_t */
/* Define to rpl_malloc if the replacement function should be used. */
/* #undef malloc */
/* Define to `int' if <sys/types.h> does not define. */
/* Define as a signed integer type capable of holding a process identifier. */
/* #undef pid_t */
/* Define to rpl_realloc if the replacement function should be used. */
/* #undef realloc */
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef size_t */
@ -645,10 +750,10 @@ size_t strlcpy(char *dst, const char *src, size_t siz);
#ifdef USE_WINSOCK
#define SOCK_INVALID INVALID_SOCKET
#define close_socket(_s) do { if (_s > SOCK_INVALID) {closesocket(_s); _s = SOCK_INVALID;} } while(0)
#define close_socket(_s) do { if (_s != SOCK_INVALID) {closesocket(_s); _s = -1;} } while(0)
#else
#define SOCK_INVALID -1
#define close_socket(_s) do { if (_s > SOCK_INVALID) {close(_s); _s = SOCK_INVALID;} } while(0)
#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s); _s = -1;} } while(0)
#endif
#ifdef __cplusplus

203
contrib/ldns/ldns/config.h.in
View File

@ -30,6 +30,15 @@
/* Define to 1 if you have the `calloc' function. */
#undef HAVE_CALLOC
/* Define to 1 if you have the `CONF_modules_unload' function. */
#undef HAVE_CONF_MODULES_UNLOAD
/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */
#undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
/* Define to 1 if you have the `CRYPTO_memcmp' function. */
#undef HAVE_CRYPTO_MEMCMP
/* Define to 1 if you have the `ctime_r' function. */
#undef HAVE_CTIME_R
@ -39,18 +48,22 @@
/* Is a CAPATH given at configure time */
#undef HAVE_DANE_CA_PATH
/* Define to 1 if you have the declaration of `EVP_PKEY_base_id', and to 0 if
you don't. */
#undef HAVE_DECL_EVP_PKEY_BASE_ID
/* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you
don't. */
#undef HAVE_DECL_NID_ED25519
/* Define to 1 if you have the declaration of `NID_ED448', and to 0 if you
don't. */
#undef HAVE_DECL_NID_ED448
/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
don't. */
#undef HAVE_DECL_NID_SECP384R1
/* Define to 1 if you have the declaration of `NID_X25519', and to 0 if you
don't. */
#undef HAVE_DECL_NID_X25519
/* Define to 1 if you have the declaration of `NID_X448', and to 0 if you
don't. */
#undef HAVE_DECL_NID_X448
/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0
if you don't. */
#undef HAVE_DECL_NID_X9_62_PRIME256V1
@ -79,8 +92,20 @@
/* Define to 1 if you have the `endservent' function. */
#undef HAVE_ENDSERVENT
/* Define to 1 if you have the `ENGINE_load_cryptodev' function. */
#undef HAVE_ENGINE_LOAD_CRYPTODEV
/* Define to 1 if you have the `ENGINE_cleanup' function. */
#undef HAVE_ENGINE_CLEANUP
/* Define to 1 if you have the `ENGINE_free' function. */
#undef HAVE_ENGINE_FREE
/* Define to 1 if you have the `ERR_free_strings' function. */
#undef HAVE_ERR_FREE_STRINGS
/* Define to 1 if you have the `ERR_load_crypto_strings' function. */
#undef HAVE_ERR_LOAD_CRYPTO_STRINGS
/* Define to 1 if you have the `EVP_cleanup' function. */
#undef HAVE_EVP_CLEANUP
/* Define to 1 if you have the `EVP_dss1' function. */
#undef HAVE_EVP_DSS1
@ -88,9 +113,12 @@
/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
#undef HAVE_EVP_MD_CTX_NEW
/* Define to 1 if you have the `EVP_PKEY_base_id' function. */
/* Define to 1 if you have the EVP_PKEY_base_id function or macro. */
#undef HAVE_EVP_PKEY_BASE_ID
/* Define to 1 if you have the `EVP_PKEY_get_base_id' function. */
#undef HAVE_EVP_PKEY_GET_BASE_ID
/* Define to 1 if you have the `EVP_PKEY_keygen' function. */
#undef HAVE_EVP_PKEY_KEYGEN
@ -109,6 +137,9 @@
/* Define to 1 if you have the `fork' function. */
#undef HAVE_FORK
/* if fork is available for compile */
#undef HAVE_FORK_AVAILABLE
/* Whether getaddrinfo is available */
#undef HAVE_GETADDRINFO
@ -118,9 +149,6 @@
/* Define to 1 if you have the `gmtime_r' function. */
#undef HAVE_GMTIME_R
/* If you have HMAC_Update */
#undef HAVE_HMAC_UPDATE
/* Define to 1 if you have the `inet_aton' function. */
#undef HAVE_INET_ATON
@ -151,19 +179,15 @@
/* Define to 1 if you have the `localtime_r' function. */
#undef HAVE_LOCALTIME_R
/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
to 0 otherwise. */
#undef HAVE_MALLOC
/* Define to 1 if you have the `memmove' function. */
#undef HAVE_MEMMOVE
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the `memset' function. */
#undef HAVE_MEMSET
/* Define to 1 if you have the <minix/config.h> header file. */
#undef HAVE_MINIX_CONFIG_H
/* Define to 1 if you have the <netdb.h> header file. */
#undef HAVE_NETDB_H
@ -197,9 +221,24 @@
/* Define to 1 if you have the <net/if.h> header file. */
#undef HAVE_NET_IF_H
/* Define to 1 if you have the <openssl/conf.h> header file. */
#undef HAVE_OPENSSL_CONF_H
/* Define to 1 if you have the <openssl/engine.h> header file. */
#undef HAVE_OPENSSL_ENGINE_H
/* Define to 1 if you have the <openssl/err.h> header file. */
#undef HAVE_OPENSSL_ERR_H
/* Define to 1 if you have the <openssl/evp.h> header file. */
#undef HAVE_OPENSSL_EVP_H
/* Define to 1 if you have the `OPENSSL_init_crypto' function. */
#undef HAVE_OPENSSL_INIT_CRYPTO
/* Define to 1 if you have the `OPENSSL_init_ssl' function. */
#undef HAVE_OPENSSL_INIT_SSL
/* Define to 1 if you have the <openssl/rand.h> header file. */
#undef HAVE_OPENSSL_RAND_H
@ -218,10 +257,6 @@
/* Define to 1 if you have the `random' function. */
#undef HAVE_RANDOM
/* Define to 1 if your system has a GNU libc compatible `realloc' function,
and to 0 otherwise. */
#undef HAVE_REALLOC
/* Define to 1 if you have the `sleep' function. */
#undef HAVE_SLEEP
@ -240,6 +275,9 @@
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdio.h> header file. */
#undef HAVE_STDIO_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
@ -273,6 +311,9 @@
/* define if you have sys/types.h */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the <TargetConditionals.h> header file. */
#undef HAVE_TARGETCONDITIONALS_H
/* Define to 1 if you have the `timegm' function. */
#undef HAVE_TIMEGM
@ -288,6 +329,9 @@
/* Define to 1 if you have the <vfork.h> header file. */
#undef HAVE_VFORK_H
/* Define to 1 if you have the <wchar.h> header file. */
#undef HAVE_WCHAR_H
/* Define to 1 if you have the <winsock2.h> header file. */
#undef HAVE_WINSOCK2_H
@ -330,9 +374,15 @@
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define this to enable RR type AMTRELAY. */
#undef RRTYPE_AMTRELAY
/* Define this to enable RR type AVC. */
#undef RRTYPE_AVC
/* Define this to enable RR type DOA. */
#undef RRTYPE_DOA
/* Define this to enable RR type NINFO. */
#undef RRTYPE_NINFO
@ -342,13 +392,18 @@
/* Define this to enable RR type RKEY. */
#undef RRTYPE_RKEY
/* Define this to enable RR types SVCB and HTTPS. */
#undef RRTYPE_SVCB_HTTPS
/* Define this to enable RR type TA. */
#undef RRTYPE_TA
/* The size of `time_t', as computed by sizeof. */
#undef SIZEOF_TIME_T
/* Define to 1 if you have the ANSI C header files. */
/* Define to 1 if all of the C90 standard headers exist (not just the ones
required in a freestanding environment). This macro is provided for
backward compatibility; new code need not use it. */
#undef STDC_HEADERS
/* Define this to enable messages to stderr. */
@ -388,21 +443,87 @@
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
#endif
/* Enable general extensions on macOS. */
#ifndef _DARWIN_C_SOURCE
# undef _DARWIN_C_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# undef _GNU_SOURCE
#endif
/* Enable threading extensions on Solaris. */
/* Enable X/Open compliant socket functions that do not require linking
with -lxnet on HP-UX 11.11. */
#ifndef _HPUX_ALT_XOPEN_SOCKET_API
# undef _HPUX_ALT_XOPEN_SOCKET_API
#endif
/* Identify the host operating system as Minix.
This macro does not affect the system headers' behavior.
A future release of Autoconf may stop defining this macro. */
#ifndef _MINIX
# undef _MINIX
#endif
/* Enable general extensions on NetBSD.
Enable NetBSD compatibility extensions on Minix. */
#ifndef _NETBSD_SOURCE
# undef _NETBSD_SOURCE
#endif
/* Enable OpenBSD compatibility extensions on NetBSD.
Oddly enough, this does nothing on OpenBSD. */
#ifndef _OPENBSD_SOURCE
# undef _OPENBSD_SOURCE
#endif
/* Define to 1 if needed for POSIX-compatible behavior. */
#ifndef _POSIX_SOURCE
# undef _POSIX_SOURCE
#endif
/* Define to 2 if needed for POSIX-compatible behavior. */
#ifndef _POSIX_1_SOURCE
# undef _POSIX_1_SOURCE
#endif
/* Enable POSIX-compatible threading on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions specified by ISO/IEC TS 18661-5:2014. */
#ifndef __STDC_WANT_IEC_60559_ATTRIBS_EXT__
# undef __STDC_WANT_IEC_60559_ATTRIBS_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-1:2014. */
#ifndef __STDC_WANT_IEC_60559_BFP_EXT__
# undef __STDC_WANT_IEC_60559_BFP_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-2:2015. */
#ifndef __STDC_WANT_IEC_60559_DFP_EXT__
# undef __STDC_WANT_IEC_60559_DFP_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */
#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__
# undef __STDC_WANT_IEC_60559_FUNCS_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */
#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__
# undef __STDC_WANT_IEC_60559_TYPES_EXT__
#endif
/* Enable extensions specified by ISO/IEC TR 24731-2:2010. */
#ifndef __STDC_WANT_LIB_EXT2__
# undef __STDC_WANT_LIB_EXT2__
#endif
/* Enable extensions specified by ISO/IEC 24747:2009. */
#ifndef __STDC_WANT_MATH_SPEC_FUNCS__
# undef __STDC_WANT_MATH_SPEC_FUNCS__
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# undef _TANDEM_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
/* Enable X/Open extensions. Define to 500 only if necessary
to make mbstate_t available. */
#ifndef _XOPEN_SOURCE
# undef _XOPEN_SOURCE
#endif
@ -424,19 +545,9 @@
# endif
#endif
/* Define to 1 if on MINIX. */
#undef _MINIX
/* Enable for compile on Minix */
#undef _NETBSD_SOURCE
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
#undef _POSIX_1_SOURCE
/* Define to 1 if you need to in order for `stat' and other things to work. */
#undef _POSIX_SOURCE
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
@ -467,15 +578,9 @@
/* Define to `size_t' if <sys/types.h> does not define. */
#undef intptr_t
/* Define to rpl_malloc if the replacement function should be used. */
#undef malloc
/* Define to `int' if <sys/types.h> does not define. */
/* Define as a signed integer type capable of holding a process identifier. */
#undef pid_t
/* Define to rpl_realloc if the replacement function should be used. */
#undef realloc
/* Define to `unsigned int' if <sys/types.h> does not define. */
#undef size_t
@ -644,10 +749,10 @@ size_t strlcpy(char *dst, const char *src, size_t siz);
#ifdef USE_WINSOCK
#define SOCK_INVALID INVALID_SOCKET
#define close_socket(_s) do { if (_s > SOCK_INVALID) {closesocket(_s); _s = SOCK_INVALID;} } while(0)
#define close_socket(_s) do { if (_s != SOCK_INVALID) {closesocket(_s); _s = -1;} } while(0)
#else
#define SOCK_INVALID -1
#define close_socket(_s) do { if (_s > SOCK_INVALID) {close(_s); _s = SOCK_INVALID;} } while(0)
#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s); _s = -1;} } while(0)
#endif
#ifdef __cplusplus

4
contrib/ldns/ldns/dane.h
View File

@ -43,7 +43,7 @@ enum ldns_enum_tlsa_certificate_usage
/** CA constraint */
LDNS_TLSA_USAGE_PKIX_TA = 0,
LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
/** Sevice certificate constraint */
/** Service certificate constraint */
LDNS_TLSA_USAGE_PKIX_EE = 1,
LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
/** Trust anchor assertion */
@ -122,7 +122,7 @@ typedef enum ldns_enum_dane_transport ldns_dane_transport;
*
* \param[out] tlsa_owner The created dname.
* \param[in] name The dname that should be prefixed.
* \param[in] port The service port number for wich the name should be created.
* \param[in] port The service port number for which the name should be created.
* \param[in] transport The transport for which the name should be created.
* \return LDNS_STATUS_OK on success or an error code otherwise.
*/

2
contrib/ldns/ldns/dname.h
View File

@ -134,7 +134,7 @@ ldns_rdf *ldns_dname_new_frm_data(uint16_t size, const void *data);
void ldns_dname2canonical(const ldns_rdf *rdf);
/**
* test wether the name sub falls under parent (i.e. is a subdomain
* test whether the name sub falls under parent (i.e. is a subdomain
* of parent). This function will return false if the given dnames are
* equal.
* \param[in] sub the name to test

52
contrib/ldns/ldns/dnssec.h
View File

@ -355,7 +355,7 @@ uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr);
/**
* Returns the salt bytes used in the given NSEC3 RR
* \param[in] *nsec3_rr The RR to read from
* \return The salt in bytes, this is alloced, so you need to free it
* \return The salt in bytes, this is alloc'ed, so you need to free it
*/
uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr);
@ -556,56 +556,6 @@ ldns_status
ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf);
/**
* Converts the ECDSA signature from ASN1 representation (as
* used by OpenSSL) to raw signature data as used in DNS
* This routine is only present if ldns is compiled with ED25519 support.
*
* \param[in] sig The signature in ASN1 format
* \param[in] sig_len The length of the signature
* \return a new rdf with the signature
*/
ldns_rdf *
ldns_convert_ed25519_rrsig_asn12rdf(const ldns_buffer *sig, long sig_len);
/**
* Converts the RRSIG signature RDF (from DNS) to a buffer with the
* signature in ASN1 format as openssl uses it.
* This routine is only present if ldns is compiled with ED25519 support.
*
* \param[out] target_buffer buffer to place the signature data in ASN1.
* \param[in] sig_rdf The signature rdf to convert
* \return LDNS_STATUS_OK on success, error code otherwise
*/
ldns_status
ldns_convert_ed25519_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf);
/**
* Converts the ECDSA signature from ASN1 representation (as
* used by OpenSSL) to raw signature data as used in DNS
* This routine is only present if ldns is compiled with ED448 support.
*
* \param[in] sig The signature in ASN1 format
* \param[in] sig_len The length of the signature
* \return a new rdf with the signature
*/
ldns_rdf *
ldns_convert_ed448_rrsig_asn12rdf(const ldns_buffer *sig, long sig_len);
/**
* Converts the RRSIG signature RDF (from DNS) to a buffer with the
* signature in ASN1 format as openssl uses it.
* This routine is only present if ldns is compiled with ED448 support.
*
* \param[out] target_buffer buffer to place the signature data in ASN1.
* \param[in] sig_rdf The signature rdf to convert
* \return LDNS_STATUS_OK on success, error code otherwise
*/
ldns_status
ldns_convert_ed448_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
#ifdef __cplusplus

16
contrib/ldns/ldns/dnssec_sign.h
View File

@ -12,8 +12,11 @@ extern "C" {
/* sign functions */
/** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/
#define LDNS_SIGN_DNSKEY_WITH_ZSK 1
#define LDNS_SIGN_WITH_ALL_ALGORITHMS 2
#define LDNS_SIGN_DNSKEY_WITH_ZSK 1
#define LDNS_SIGN_WITH_ALL_ALGORITHMS 2
#define LDNS_SIGN_NO_KEYS_NO_NSECS 4
#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384 8
#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512 16
/**
* Create an empty RRSIG RR (i.e. without the actual signature data)
@ -46,9 +49,10 @@ ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys);
#if LDNS_BUILD_CONFIG_HAVE_SSL
/**
* Sign a buffer with the DSA key (hash with SHA1)
* \param[in] to_sign buffer with the data
* \param[in] key the key to use
* \return a ldns_rdf with the signed data
*
* \param[in] to_sign The ldns_buffer containing raw data that is to be signed
* \param[in] key The DSA key structure to sign with
* \return a ldns_rdf for the RRSIG ldns_rr
*/
ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
@ -109,7 +113,7 @@ ldns_dnssec_zone_mark_and_get_glue(
* be taken into account separately.
*
* \param[in] zone the zone in which to mark the names
* \return LDNS_STATUS_OK on succesful completion
* \return LDNS_STATUS_OK on successful completion, an error code otherwise
*/
ldns_status
ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone);

6
contrib/ldns/ldns/dnssec_verify.h
View File

@ -592,7 +592,7 @@ ldns_status ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
* \param[in] packet_qtype The original query RR type
* \param[in] packet_nodata True if the providing packet had an empty ANSWER
* section
* \param[in] match On match, the given (reference to a) pointer will be set
* \param[out] match On match, the given (reference to a) pointer will be set
* to point to the matching nsec resource record.
* \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code
* containing the reason they do not otherwise
@ -692,7 +692,7 @@ ldns_status ldns_verify_rrsig_keylist_notime(const ldns_rr_list *rrset,
* \param[in] rrset the rrset
* \param[in] rrsig the rrsig to verify
* \param[in] key the key to use
* \return status message wether verification succeeded.
* \return status message whether verification succeeded.
*/
ldns_status ldns_verify_rrsig(ldns_rr_list *rrset,
ldns_rr *rrsig,
@ -705,7 +705,7 @@ ldns_status ldns_verify_rrsig(ldns_rr_list *rrset,
* \param[in] rrsig the rrsig to verify
* \param[in] key the key to use
* \param[in] check_time the time for which the validation is performed
* \return status message wether verification succeeded.
* \return status message whether verification succeeded.
*/
ldns_status ldns_verify_rrsig_time(
ldns_rr_list *rrset, ldns_rr *rrsig,

14
contrib/ldns/ldns/dnssec_zone.h
View File

@ -53,7 +53,7 @@ struct ldns_struct_dnssec_name
* Usually, the name is a pointer to the owner name of the first rr for
* this name, but sometimes there is no actual data to point to,
* for instance in
* names representing empty nonterminals. If so, set alloced to true to
* names representing empty nonterminals. If so, set name_alloced to true to
* indicate that this data must also be freed when the name is freed
*/
bool name_alloced;
@ -93,7 +93,7 @@ struct ldns_struct_dnssec_zone {
ldns_dnssec_name *soa;
/** tree of ldns_dnssec_names */
ldns_rbtree_t *names;
/** tree of ldns_dnssec_names by nsec3 hashes (when applicible) */
/** tree of ldns_dnssec_names by nsec3 hashes (when applicable) */
ldns_rbtree_t *hashed_names;
/** points to the first added NSEC3 rr whose parameters will be
* assumed for all subsequent NSEC3 rr's and which will be used
@ -204,7 +204,7 @@ ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets,
ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr);
/**
* Print the given list of rrsets to the fiven file descriptor
* Print the given list of rrsets to the given file descriptor
*
* \param[in] out the file descriptor to print to
* \param[in] rrsets the list of RRsets to print
@ -215,7 +215,7 @@ void ldns_dnssec_rrsets_print(FILE *out,
bool follow);
/**
* Print the given list of rrsets to the fiven file descriptor
* Print the given list of rrsets to the given file descriptor
*
* \param[in] out the file descriptor to print to
* \param[in] fmt the format of the textual representation
@ -297,12 +297,12 @@ void ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec);
/**
* Compares the domain names of the two arguments in their
* canonical ordening.
* canonical ordering.
*
* \param[in] a The first dnssec_name to compare
* \param[in] b The second dnssec_name to compare
* \return -1 if the domain name of a comes before that of b in canonical
* ordening, 1 if it is the other way around, and 0 if they are
* ordering, 1 if it is the other way around, and 0 if they are
* equal
*/
int ldns_dnssec_name_cmp(const void *a, const void *b);
@ -476,6 +476,8 @@ ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone);
*/
bool ldns_dnssec_zone_is_nsec3_optout(const ldns_dnssec_zone* zone);
ldns_status ldns_dnssec_zone_verify_zonemd(ldns_dnssec_zone *zone);
#ifdef __cplusplus
}
#endif

272
contrib/ldns/ldns/edns.h Normal file
View File

@ -0,0 +1,272 @@
/*
* edns.h
*
*
* a Net::DNS like library for C
*
* (c) NLnet Labs, 2004-2022
*
* See the file LICENSE for the license
*/
#ifndef LDNS_EDNS_H
#define LDNS_EDNS_H
#include <ldns/common.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* EDNS option codes
*/
enum ldns_enum_edns_option
{
LDNS_EDNS_LLQ = 1, /* RFC8764 */
LDNS_EDNS_UL = 2, /* http://files.dns-sd.org/draft-sekar-dns-ul.txt */
LDNS_EDNS_NSID = 3, /* RFC5001 */
/* 4 draft-cheshire-edns0-owner-option */
LDNS_EDNS_DAU = 5, /* RFC6975 */
LDNS_EDNS_DHU = 6, /* RFC6975 */
LDNS_EDNS_N3U = 7, /* RFC6975 */
LDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */
LDNS_EDNS_EXPIRE = 9, /* RFC7314 */
LDNS_EDNS_COOKIE = 10, /* RFC7873 */
LDNS_EDNS_KEEPALIVE = 11, /* RFC7828*/
LDNS_EDNS_PADDING = 12, /* RFC7830 */
LDNS_EDNS_CHAIN = 13, /* RFC7901 */
LDNS_EDNS_KEY_TAG = 14, /* RFC8145 */
LDNS_EDNS_EDE = 15, /* RFC8914 */
LDNS_EDNS_CLIENT_TAG = 16, /* draft-bellis-dnsop-edns-tags-01 */
LDNS_EDNS_SERVER_TAG = 17 /* draft-bellis-dnsop-edns-tags-01 */
};
typedef enum ldns_enum_edns_option ldns_edns_option_code;
/**
* Extended DNS Error (RFC 8914) codes
*/
enum ldns_edns_enum_ede_code
{
LDNS_EDE_OTHER = 0,
LDNS_EDE_UNSUPPORTED_DNSKEY_ALG = 1,
LDNS_EDE_UNSUPPORTED_DS_DIGEST = 2,
LDNS_EDE_STALE_ANSWER = 3,
LDNS_EDE_FORGED_ANSWER = 4,
LDNS_EDE_DNSSEC_INDETERMINATE = 5,
LDNS_EDE_DNSSEC_BOGUS = 6,
LDNS_EDE_SIGNATURE_EXPIRED = 7,
LDNS_EDE_SIGNATURE_NOT_YET_VALID = 8,
LDNS_EDE_DNSKEY_MISSING = 9,
LDNS_EDE_RRSIGS_MISSING = 10,
LDNS_EDE_NO_ZONE_KEY_BIT_SET = 11,
LDNS_EDE_NSEC_MISSING = 12,
LDNS_EDE_CACHED_ERROR = 13,
LDNS_EDE_NOT_READY = 14,
LDNS_EDE_BLOCKED = 15,
LDNS_EDE_CENSORED = 16,
LDNS_EDE_FILTERED = 17,
LDNS_EDE_PROHIBITED = 18,
LDNS_EDE_STALE_NXDOMAIN_ANSWER = 19,
LDNS_EDE_NOT_AUTHORITATIVE = 20,
LDNS_EDE_NOT_SUPPORTED = 21,
LDNS_EDE_NO_REACHABLE_AUTHORITY = 22,
LDNS_EDE_NETWORK_ERROR = 23,
LDNS_EDE_INVALID_DATA = 24,
LDNS_EDE_SIGNATURE_EXPIRED_BEFORE_VALID = 25,
LDNS_EDE_TOO_EARLY = 26
};
typedef enum ldns_edns_enum_ede_code ldns_edns_ede_code;
/**
* The struct that stores an ordered EDNS option.
* An EDNS option is structed as follows:
+0 (MSB) +1 (LSB)
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
0: | OPTION-CODE |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
2: | OPTION-LENGTH |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
4: | |
/ OPTION-DATA /
/ /
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
*/
struct ldns_struct_edns_option {
ldns_edns_option_code _code;
size_t _size;
void *_data;
};
typedef struct ldns_struct_edns_option ldns_edns_option;
/*
* Array structure to store multiple EDNS options
*/
struct ldns_struct_edns_option_list
{
size_t _option_count; /* the number of EDNS options in the list */
size_t _option_capacity; /* the amount of options that fit into the list */
size_t _options_size; /* the total size of the options serialized */
ldns_edns_option **_options;
};
typedef struct ldns_struct_edns_option_list ldns_edns_option_list;
/*
* Access functions
* do this as functions to get type checking
*/
/**
* returns the size of the EDNS data.
* \param[in] *edns the EDNS struct to read from
* \return uint16_t with the size
*/
size_t ldns_edns_get_size(const ldns_edns_option *edns);
/**
* returns the option code of the EDNS data.
* \param[in] *edns the EDNS struct to read from
* \return uint16_t with the size
*/
ldns_edns_option_code ldns_edns_get_code(const ldns_edns_option *edns);
/**
* returns the EDNS option data.
* \param[in] *edns the EDNS option to read from
* \return uint8_t* pointer to the EDNS option's data
*/
uint8_t *ldns_edns_get_data(const ldns_edns_option *edns);
/**
* serialise the EDNS option into wireformat.
* \param[in] *edns the EDNS option to read from
* \return ldns_buffer* the buffer containing the data
*/
ldns_buffer *ldns_edns_get_wireformat_buffer(const ldns_edns_option *edns);
/* Constructors and destructors*/
/**
* allocates a new EDNS structure and fills it. This function *DOES NOT* copy
* the contents from the data parameter.
* \param[in] code the EDNS code
* \param[in] size size of the buffer
* \param[in] data pointer to the buffer to be assigned
* \return the new EDNS structure or NULL on failure
*/
ldns_edns_option *ldns_edns_new(ldns_edns_option_code code, size_t size, void *data);
/**
* allocates a new EDNS structure and fills it. This function *DOES* copy
* the contents from the data parameter.
* \param[in] code the EDNS code
* \param[in] size size of the buffer
* \param[in] data pointer to the buffer to be assigned
* \return the new EDNS structure or NULL on failure
*/
ldns_edns_option *ldns_edns_new_from_data(ldns_edns_option_code code, size_t size, const void *data);
/**
* clone an EDNS option
* \param[in] edns the EDNS option
* \return the new EDNS structure
*/
ldns_edns_option *ldns_edns_clone(ldns_edns_option *edns);
/**
* free the EDNS option. Use deep_free if the _data member is allocated.
* \param[in] edns the EDNS option to free
*/
void ldns_edns_deep_free(ldns_edns_option *edns);
void ldns_edns_free(ldns_edns_option *edns);
/**
* allocates space for a new list of EDNS options
* \return the new EDNS option list or NULL on failure
*/
ldns_edns_option_list* ldns_edns_option_list_new(void);
/**
* clone the EDNS options list and it's contents
* \param[in] options_list the EDNS options_list to read from
* \return the new EDNS option list
*/
ldns_edns_option_list *ldns_edns_option_list_clone(ldns_edns_option_list *options_list);
/**
* free the EDNS option list. Use deep_free to free the options options
* in the list as well.
* \param[in] options_list the EDNS option to free
*/
void ldns_edns_option_list_free(ldns_edns_option_list *options_list);
void ldns_edns_option_list_deep_free(ldns_edns_option_list *options_list);
/* edns_option_list functions */
/**
* returns the number of options in the EDNS options list.
* \param[in] options_list the EDNS options_list to read from
* \return the number of EDNS options
*/
size_t ldns_edns_option_list_get_count(const ldns_edns_option_list *options_list);
/**
* returns the EDNS option as the specified index in the list of EDNS options.
* \param[in] options_list the EDNS options_list to read from
* \param[in] index the location of the EDNS option to get in the list
* \return the EDNS option located at the index or NULL on failure
*/
ldns_edns_option* ldns_edns_option_list_get_option(const ldns_edns_option_list *options_list,
size_t index);
/**
* returns the total size of all the individual EDNS options in the EDNS list.
* \param[in] options_list the EDNS options_list to read from
* \return the total size of the options combined
*/
size_t ldns_edns_option_list_get_options_size(const ldns_edns_option_list *options_list);
/**
* adds an EDNS option to the list of options at the specified index. Also
* returns the option that was previously at that index.
* \param[in] options_list the EDNS options_list to add to
* \param[in] option the EDNS option to add to the list
* \param[in] index the index in the list where to set the option
* \return the EDNS option previously located at the index
*/
ldns_edns_option *ldns_edns_option_list_set_option(ldns_edns_option_list *options_list,
ldns_edns_option *option, size_t index);
/**
* adds an EDNS option at the end of the list of options.
* \param[in] options_list the EDNS options_list to add to
* \param[in] option the (non-NULL) EDNS option to add to the list
* \return true on success and false of failure
*/
bool ldns_edns_option_list_push(ldns_edns_option_list *options_list,
ldns_edns_option *option);
/**
* removes and returns the EDNS option at the end of the list of options.
* \param[in] options_list the EDNS options_list to add to
* \return the EDNS option at the end of the list, or NULL on failure
*/
ldns_edns_option* ldns_edns_option_list_pop(ldns_edns_option_list *options_list);
/**
* serializes all the EDNS options into a single wireformat buffer
* \param[in] option_list the EDNS options_list to combine into one wireformat
* \return the filled buffer or NULL on failure
*/
ldns_buffer *ldns_edns_option_list2wireformat_buffer(const ldns_edns_option_list *option_list);
#ifdef __cplusplus
}
#endif
#endif /* LDNS_EDNS_H */

14
contrib/ldns/ldns/error.h
View File

@ -129,7 +129,19 @@ enum ldns_enum_status {
LDNS_STATUS_RDATA_OVERFLOW,
LDNS_STATUS_SYNTAX_SUPERFLUOUS_TEXT_ERR,
LDNS_STATUS_NSEC3_DOMAINNAME_OVERFLOW,
LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA
LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA,
LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE,
LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME,
LDNS_STATUS_ZONEMD_UNKNOWN_HASH,
LDNS_STATUS_ZONEMD_INVALID_SOA,
LDNS_STATUS_NO_ZONEMD,
LDNS_STATUS_NO_VALID_ZONEMD,
LDNS_STATUS_SYNTAX_SVCPARAM_KEY_ERR,
LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR,
LDNS_STATUS_RESERVED_SVCPARAM_KEY,
LDNS_STATUS_NO_SVCPARAM_VALUE_EXPECTED,
LDNS_STATUS_SVCPARAM_KEY_MORE_THAN_ONCE,
LDNS_STATUS_INVALID_SVCPARAM_VALUE
};
typedef enum ldns_enum_status ldns_status;

38
contrib/ldns/ldns/host2str.h
View File

@ -65,6 +65,8 @@ extern "C" {
#define LDNS_FMT_ZEROIZE_RRSIGS (1 << 9)
#define LDNS_FMT_PAD_SOA_SERIAL (1 << 10)
#define LDNS_FMT_RFC3597 (1 << 11) /* yes */
/** Prints only answer section of packets and only rdata of RRs **/
#define LDNS_FMT_SHORT (1 << 12)
#define LDNS_FMT_FLAGS_WITH_DATA 2
@ -76,11 +78,11 @@ extern "C" {
/**
* Output format specifier
*
* Determines how Packets, Resource Records and Resource record data fiels are
* Determines how Packets, Resource Records and Resource record data field are
* formatted when printing or converting to string.
* Currently it is only used to specify what aspects of a Resource Record are
* annotated in the comment section of the textual representation the record.
* This is speciefed with flags and potential exra data (such as for example
* This is specified with flags and potential extra data (such as for example
* a lookup map of hashes to real names for annotation NSEC3 records).
*/
struct ldns_struct_output_format
@ -110,7 +112,7 @@ typedef struct ldns_struct_output_format_storage ldns_output_format_storage;
*/
extern const ldns_output_format *ldns_output_format_nocomments;
/**
* Standard output format record that annotated only DNSKEY RR's with commenti
* Standard output format record that annotated only DNSKEY RR's with comment
* text.
*/
extern const ldns_output_format *ldns_output_format_onlykeyids;
@ -513,6 +515,17 @@ ldns_status ldns_rr2buffer_str_fmt(ldns_buffer *output,
*/
ldns_status ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt);
/**
* Converts the list of EDNS options to presentation
* format (as char *) and appends it to the given buffer
*
* \param[in] output pointer to the buffer to append the data to
* \param[in] edns_list the list of EDNS options
* \return status
*/
ldns_status ldns_edns_option_list2buffer_str(ldns_buffer *output,
ldns_edns_option_list* edns_list);
/**
* Converts the data in the DNS packet to presentation
* format (as char *) and appends it to the given buffer
@ -636,6 +649,25 @@ ldns_status ldns_rdf2buffer_str_long_str(ldns_buffer *output,
ldns_status ldns_rdf2buffer_str_hip(ldns_buffer *output,
const ldns_rdf *rdf);
/**
* Converts an LDNS_RDF_TYPE_AMTRELAY rdata element to presentation format for
* the precedence, D-bit, type and relay and adds it to the output buffer
* \param[in] *rdf The rdata to convert
* \param[in] *output The buffer to add the data to
* \return LDNS_STATUS_OK on success, and error status on failure
*/
ldns_status ldns_rdf2buffer_str_amtrelay(ldns_buffer *output,
const ldns_rdf *rdf);
/**
* Converts an LDNS_RDF_TYPE_SVCPARAMS rdata element to presentation format.
* \param[in] *rdf The rdata to convert
* \param[in] *output The buffer to add the data to
* \return LDNS_STATUS_OK on success, and error status on failure
*/
ldns_status ldns_rdf2buffer_str_svcparams(ldns_buffer *output,
const ldns_rdf *rdf);
/**
* Converts the data in the rdata field to presentation format and
* returns that as a char *.

15
contrib/ldns/ldns/host2wire.h
View File

@ -130,7 +130,7 @@ ldns_status ldns_rrsig2buffer_wire(ldns_buffer *output, const ldns_rr *sigrr);
* Converts an rr's rdata to wireformat, while excluding
* the ownername and all the stuff before the rdata.
* This is needed in DNSSEC keytag calculation, the ds
* calcalution from the key and maybe elsewhere.
* calculation from the key and maybe elsewhere.
*
* \param[out] *output buffer where to put the result
* \param[in] *rr rr to operate on
@ -146,6 +146,15 @@ ldns_status ldns_rr_rdata2buffer_wire(ldns_buffer *output, const ldns_rr *rr);
*/
ldns_status ldns_pkt2buffer_wire(ldns_buffer *output, const ldns_pkt *pkt);
/**
* Copies the packet data to the buffer in wire format
* \param[out] *output buffer to append the result to
* \param[in] *pkt packet to convert
* \param[out] *compression_data data structure holding state for compression
* \return ldns_status
*/
ldns_status ldns_pkt2buffer_wire_compress(ldns_buffer *output, const ldns_pkt *pkt, ldns_rbtree_t *compression_data);
/**
* Copies the rr_list data to the buffer in wire format
* \param[out] *output buffer to append the result to
@ -187,6 +196,10 @@ ldns_status ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t
* given packet in that array. The result_size value contains the
* length of the array, if it succeeds, and 0 otherwise (in which case
* the function also returns NULL)
*
* \param[out] dest pointer to the array of bytes to be created
* \param[in] p the packet to convert
* \param[out] size the size of the converted result
*/
ldns_status ldns_pkt2wire(uint8_t **dest, const ldns_pkt *p, size_t *size);

14
contrib/ldns/ldns/internal.h Normal file
View File

@ -0,0 +1,14 @@
#ifndef _INTERNAL_H
#define _INTERNAL_H
ldns_edns_option_list *pkt_edns_data2edns_option_list(const ldns_rdf *);
ldns_status svcparam_key2buffer_str(ldns_buffer *, uint16_t);
ldns_status _ldns_rr_new_frm_fp_l_internal(ldns_rr **, FILE *, uint32_t *,
ldns_rdf **, ldns_rdf **, int *, bool *);
ldns_status dnssec_zone_equip_zonemd(ldns_dnssec_zone *,
ldns_rr_list *, ldns_key_list *, int);
#endif

60
contrib/ldns/ldns/keys.h
View File

@ -55,16 +55,8 @@ enum ldns_enum_algorithm
LDNS_ECC_GOST = 12, /* RFC 5933 */
LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */
LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */
#ifdef USE_ED25519
/* this ifdef is internal to ldns, because we do not want to export
* the symbol. Users can define it if they want access,
* the feature is not fully implemented at this time and openssl
* does not support it fully either (also for ED448). */
LDNS_ED25519 = 15, /* draft-ietf-curdle-dnskey-ed25519 */
#endif
#ifdef USE_ED448
LDNS_ED448 = 16, /* draft-ietf-curdle-dnskey-ed448 */
#endif
LDNS_ED25519 = 15, /* RFC 8080 */
LDNS_ED448 = 16, /* RFC 8080 */
LDNS_INDIRECT = 252,
LDNS_PRIVATEDNS = 253,
LDNS_PRIVATEOID = 254
@ -90,20 +82,24 @@ enum ldns_enum_signing_algorithm
{
LDNS_SIGN_RSAMD5 = LDNS_RSAMD5,
LDNS_SIGN_RSASHA1 = LDNS_RSASHA1,
#if LDNS_BUILD_CONFIG_USE_DSA
LDNS_SIGN_DSA = LDNS_DSA,
#endif /* LDNS_BUILD_CONFIG_USE_DSA */
LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3,
LDNS_SIGN_RSASHA256 = LDNS_RSASHA256,
LDNS_SIGN_RSASHA512 = LDNS_RSASHA512,
#if LDNS_BUILD_CONFIG_USE_DSA
LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3,
#endif /* LDNS_BUILD_CONFIG_USE_DSA */
LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST,
LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
#ifdef USE_ED25519
#if LDNS_BUILD_CONFIG_USE_ED25519
LDNS_SIGN_ED25519 = LDNS_ED25519,
#endif
#ifdef USE_ED448
#endif /* LDNS_BUILD_CONFIG_USE_ED25519 */
#if LDNS_BUILD_CONFIG_USE_ED448
LDNS_SIGN_ED448 = LDNS_ED448,
#endif
#endif /* LDNS_BUILD_CONFIG_USE_ED448 */
LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */
LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */
LDNS_SIGN_HMACSHA256 = 159, /* ditto */
@ -231,8 +227,14 @@ ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr);
/**
* Read the key with the given id from the given engine and store it
* in the given ldns_key structure. The algorithm type is set
*
* \param[out] key the new ldns_key structure
* \param[in] e the engine from which to read the key
* \param[in] key_id the id of the key with which to lookup the key in the engine
* \param[in] a the algorithm to set for this key
* \return an error or LDNS_STATUS_OK
*/
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm);
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm a);
/**
@ -242,9 +244,7 @@ ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldn
* \return NULL on failure otherwise a RSA structure
*/
RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
#if LDNS_BUILD_CONFIG_HAVE_SSL
/**
* frm_fp helper function. This function parses the
* remainder of the (RSA) priv. key file generated from bind9
@ -253,9 +253,9 @@ RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
* \return NULL on failure otherwise a RSA structure
*/
RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
#if LDNS_BUILD_CONFIG_HAVE_SSL
# if LDNS_BUILD_CONFIG_USE_DSA
/**
* frm_fp helper function. This function parses the
* remainder of the (DSA) priv. key file
@ -263,9 +263,7 @@ RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
* \return NULL on failure otherwise a RSA structure
*/
DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
#if LDNS_BUILD_CONFIG_HAVE_SSL
/**
* frm_fp helper function. This function parses the
* remainder of the (DSA) priv. key file
@ -274,9 +272,8 @@ DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
* \return NULL on failure otherwise a RSA structure
*/
DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
# endif /* LDNS_BUILD_CONFIG_USE_DSA */
#if LDNS_BUILD_CONFIG_HAVE_SSL
/**
* frm_fp helper function. This function parses the
* remainder of the (HMAC-MD5) key file
@ -286,9 +283,7 @@ DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
* \return NULL on failure otherwise a newly allocated char buffer
*/
unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size);
#endif
#if LDNS_BUILD_CONFIG_HAVE_SSL
/**
* frm_fp helper function. This function parses the
* remainder of the (HMAC-MD5) key file
@ -301,13 +296,14 @@ unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size);
unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
/* acces write functions */
/* access write functions */
/**
* Set the key's algorithm
* \param[in] k the key
* \param[in] l the algorithm
*/
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l);
#if LDNS_BUILD_CONFIG_HAVE_SSL
/**
* Set the key's evp key
@ -324,6 +320,7 @@ void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e);
*/
void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
# if LDNS_BUILD_CONFIG_USE_DSA
/**
* Set the key's dsa data
* The dsa data should be freed by the user.
@ -331,6 +328,7 @@ void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
* \param[in] d the dsa data
*/
void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
# endif /* LDNS_BUILD_CONFIG_USE_DSA */
/**
* Assign the key's rsa data
@ -340,6 +338,7 @@ void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
*/
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r);
# if LDNS_BUILD_CONFIG_USE_DSA
/**
* Assign the key's dsa data
* The dsa data will be freed automatically when the key is freed.
@ -347,6 +346,7 @@ void ldns_key_assign_rsa_key(ldns_key *k, RSA *r);
* \param[in] d the dsa data
*/
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d);
# endif /* LDNS_BUILD_CONFIG_USE_DSA */
/**
* Get the PKEY id for GOST, loads GOST into openssl as a side effect.
@ -423,7 +423,7 @@ void ldns_key_set_flags(ldns_key *k, uint16_t flags);
/**
* Set the keylist's key count to count
* \param[in] key the key
* \param[in] count the cuont
* \param[in] count the count
*/
void ldns_key_list_set_key_count(ldns_key_list *key, size_t count);
@ -463,13 +463,13 @@ RSA *ldns_key_rsa_key(const ldns_key *k);
* \return the RSA * structure in the key
*/
EVP_PKEY *ldns_key_evp_key(const ldns_key *k);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
# if LDNS_BUILD_CONFIG_USE_DSA
/**
* returns the (openssl) DSA struct contained in the key
*/
#if LDNS_BUILD_CONFIG_HAVE_SSL
DSA *ldns_key_dsa_key(const ldns_key *k);
# endif /* LDNS_BUILD_CONFIG_USE_DSA */
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
/**
@ -523,7 +523,7 @@ uint32_t ldns_key_inception(const ldns_key *k);
/**
* return the key's expiration date
* \param[in] k the key
* \return the experiration date
* \return the expiration date
*/
uint32_t ldns_key_expiration(const ldns_key *k);
/**

1
contrib/ldns/ldns/ldns.h
View File

@ -101,6 +101,7 @@ Or you can just use the menu above to browse through the API docs.
#include <ldns/dnssec_verify.h>
#include <ldns/dnssec_sign.h>
#include <ldns/duration.h>
#include <ldns/edns.h>
#include <ldns/error.h>
#include <ldns/higher.h>
#include <ldns/host2str.h>

63
contrib/ldns/ldns/net.h
View File

@ -30,7 +30,7 @@ extern "C" {
*/
/**
* Sends a buffer to an ip using udp and return the respons as a ldns_pkt
* Sends a buffer to an ip using udp and return the response as a ldns_pkt
* \param[in] qbin the ldns_buffer to be send
* \param[in] to the ip addr to send to
* \param[in] tolen length of the ip addr
@ -48,7 +48,20 @@ ldns_status ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sock
* \param[in] to the ip addr to send to
* \param[in] tolen length of the ip addr
* \param[in] timeout *unused*, was the timeout value for the network
* \return the socket used
* \return the socket used or -1 on failure
*/
int ldns_udp_bgsend2(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
/**
* Send an udp query and don't wait for an answer but return
* the socket
* This function has the flaw that it returns 0 on failure, but 0 could be a
* valid socket. Please use ldns_udp_bgsend2 instead of this function.
* \param[in] qbin the ldns_buffer to be send
* \param[in] to the ip addr to send to
* \param[in] tolen length of the ip addr
* \param[in] timeout *unused*, was the timeout value for the network
* \return the socket used or 0 on failure
*/
int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
@ -59,12 +72,25 @@ int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, sockle
* \param[in] to the ip addr to send to
* \param[in] tolen length of the ip addr
* \param[in] timeout the timeout value for the connect attempt
* \return the socket used
* \return the socket used or -1 on failure
*/
int ldns_tcp_bgsend2(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
/**
* Send an tcp query and don't wait for an answer but return
* the socket
* This function has the flaw that it returns 0 on failure, but 0 could be a
* valid socket. Please use ldns_tcp_bgsend2 instead of this function.
* \param[in] qbin the ldns_buffer to be send
* \param[in] to the ip addr to send to
* \param[in] tolen length of the ip addr
* \param[in] timeout the timeout value for the connect attempt
* \return the socket used or 0 on failure
*/
int ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
/**
* Sends a buffer to an ip using tcp and return the respons as a ldns_pkt
* Sends a buffer to an ip using tcp and return the response as a ldns_pkt
* \param[in] qbin the ldns_buffer to be send
* \param[in] qbin the ldns_buffer to be send
* \param[in] to the ip addr to send to
@ -104,7 +130,18 @@ ldns_status ldns_send_buffer(ldns_pkt **pkt, ldns_resolver *r, ldns_buffer *qb,
* \param[in] to ip and family
* \param[in] tolen length of to
* \param[in] timeout timeout for the connect attempt
* \return a socket descriptor
* \return a socket descriptor or -1 on failure
*/
int ldns_tcp_connect2(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
/**
* Create a tcp socket to the specified address
* This function has the flaw that it returns 0 on failure, but 0 could be a
* valid socket. Please use ldns_tcp_connect2 instead of this function.
* \param[in] to ip and family
* \param[in] tolen length of to
* \param[in] timeout timeout for the connect attempt
* \return a socket descriptor or 0 on failure
*/
int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
@ -112,7 +149,17 @@ int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct
* Create a udp socket to the specified address
* \param[in] to ip and family
* \param[in] timeout *unused*, was timeout for the socket
* \return a socket descriptor
* \return a socket descriptor or -1 on failure
*/
int ldns_udp_connect2(const struct sockaddr_storage *to, struct timeval timeout);
/**
* Create a udp socket to the specified address
* This function has the flaw that it returns 0 on failure, but 0 could be a
* valid socket. Please use ldns_udp_connect2 instead of this function.
* \param[in] to ip and family
* \param[in] timeout *unused*, was timeout for the socket
* \return a socket descriptor or 0 on failure
*/
int ldns_udp_connect(const struct sockaddr_storage *to, struct timeval timeout);
@ -186,7 +233,7 @@ struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, u
* returns an rdf with the sockaddr info. works for ip4 and ip6
* \param[in] sock the struct sockaddr_storage to convert
* \param[in] port what port was used. When NULL this is not set
* \return ldns_rdf* wth the address
* \return ldns_rdf* with the address
*/
ldns_rdf * ldns_sockaddr_storage2rdf(const struct sockaddr_storage *sock, uint16_t *port);
@ -194,7 +241,7 @@ ldns_rdf * ldns_sockaddr_storage2rdf(const struct sockaddr_storage *sock, uint16
* Prepares the resolver for an axfr query
* The query is sent and the answers can be read with ldns_axfr_next
* \param[in] resolver the resolver to use
* \param[in] domain the domain to exfr
* \param[in] domain the domain to axfr
* \param[in] c the class to use
* \return ldns_status the status of the transfer
*/

63
contrib/ldns/ldns/net.h.in
View File

@ -30,7 +30,7 @@ extern "C" {
*/
/**
* Sends a buffer to an ip using udp and return the respons as a ldns_pkt
* Sends a buffer to an ip using udp and return the response as a ldns_pkt
* \param[in] qbin the ldns_buffer to be send
* \param[in] to the ip addr to send to
* \param[in] tolen length of the ip addr
@ -48,7 +48,20 @@ ldns_status ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sock
* \param[in] to the ip addr to send to
* \param[in] tolen length of the ip addr
* \param[in] timeout *unused*, was the timeout value for the network
* \return the socket used
* \return the socket used or -1 on failure
*/
int ldns_udp_bgsend2(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
/**
* Send an udp query and don't wait for an answer but return
* the socket
* This function has the flaw that it returns 0 on failure, but 0 could be a
* valid socket. Please use ldns_udp_bgsend2 instead of this function.
* \param[in] qbin the ldns_buffer to be send
* \param[in] to the ip addr to send to
* \param[in] tolen length of the ip addr
* \param[in] timeout *unused*, was the timeout value for the network
* \return the socket used or 0 on failure
*/
int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
@ -59,12 +72,25 @@ int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, sockle
* \param[in] to the ip addr to send to
* \param[in] tolen length of the ip addr
* \param[in] timeout the timeout value for the connect attempt
* \return the socket used
* \return the socket used or -1 on failure
*/
int ldns_tcp_bgsend2(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
/**
* Send an tcp query and don't wait for an answer but return
* the socket
* This function has the flaw that it returns 0 on failure, but 0 could be a
* valid socket. Please use ldns_tcp_bgsend2 instead of this function.
* \param[in] qbin the ldns_buffer to be send
* \param[in] to the ip addr to send to
* \param[in] tolen length of the ip addr
* \param[in] timeout the timeout value for the connect attempt
* \return the socket used or 0 on failure
*/
int ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
/**
* Sends a buffer to an ip using tcp and return the respons as a ldns_pkt
* Sends a buffer to an ip using tcp and return the response as a ldns_pkt
* \param[in] qbin the ldns_buffer to be send
* \param[in] qbin the ldns_buffer to be send
* \param[in] to the ip addr to send to
@ -104,7 +130,18 @@ ldns_status ldns_send_buffer(ldns_pkt **pkt, ldns_resolver *r, ldns_buffer *qb,
* \param[in] to ip and family
* \param[in] tolen length of to
* \param[in] timeout timeout for the connect attempt
* \return a socket descriptor
* \return a socket descriptor or -1 on failure
*/
int ldns_tcp_connect2(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
/**
* Create a tcp socket to the specified address
* This function has the flaw that it returns 0 on failure, but 0 could be a
* valid socket. Please use ldns_tcp_connect2 instead of this function.
* \param[in] to ip and family
* \param[in] tolen length of to
* \param[in] timeout timeout for the connect attempt
* \return a socket descriptor or 0 on failure
*/
int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
@ -112,7 +149,17 @@ int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct
* Create a udp socket to the specified address
* \param[in] to ip and family
* \param[in] timeout *unused*, was timeout for the socket
* \return a socket descriptor
* \return a socket descriptor or -1 on failure
*/
int ldns_udp_connect2(const struct sockaddr_storage *to, struct timeval timeout);
/**
* Create a udp socket to the specified address
* This function has the flaw that it returns 0 on failure, but 0 could be a
* valid socket. Please use ldns_udp_connect2 instead of this function.
* \param[in] to ip and family
* \param[in] timeout *unused*, was timeout for the socket
* \return a socket descriptor or 0 on failure
*/
int ldns_udp_connect(const struct sockaddr_storage *to, struct timeval timeout);
@ -186,7 +233,7 @@ struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, u
* returns an rdf with the sockaddr info. works for ip4 and ip6
* \param[in] sock the struct sockaddr_storage to convert
* \param[in] port what port was used. When NULL this is not set
* \return ldns_rdf* wth the address
* \return ldns_rdf* with the address
*/
ldns_rdf * ldns_sockaddr_storage2rdf(const struct sockaddr_storage *sock, uint16_t *port);
@ -194,7 +241,7 @@ ldns_rdf * ldns_sockaddr_storage2rdf(const struct sockaddr_storage *sock, uint16
* Prepares the resolver for an axfr query
* The query is sent and the answers can be read with ldns_axfr_next
* \param[in] resolver the resolver to use
* \param[in] domain the domain to exfr
* \param[in] domain the domain to axfr
* \param[in] c the class to use
* \return ldns_status the status of the transfer
*/

49
contrib/ldns/ldns/packet.h
View File

@ -35,6 +35,7 @@
#include <ldns/error.h>
#include <ldns/common.h>
#include <ldns/rr.h>
#include <ldns/edns.h>
#include <sys/time.h>
#ifdef __cplusplus
@ -251,12 +252,14 @@ struct ldns_struct_pkt
uint8_t _edns_extended_rcode;
/** EDNS Version */
uint8_t _edns_version;
/* OPT pseudo-RR presence flag */
uint8_t _edns_present;
/* OPT pseudo-RR presence flag */
uint8_t _edns_present;
/** Reserved EDNS data bits */
uint16_t _edns_z;
/** Arbitrary EDNS rdata */
ldns_rdf *_edns_data;
/** Structed EDNS data */
ldns_edns_option_list *_edns_list;
/** Question section */
ldns_rr_list *_question;
/** Answer section */
@ -355,9 +358,9 @@ bool ldns_pkt_ad(const ldns_pkt *p);
*/
ldns_pkt_opcode ldns_pkt_get_opcode(const ldns_pkt *p);
/**
* Return the packet's respons code
* Return the packet's response code
* \param[in] p the packet
* \return the respons code
* \return the response code
*/
ldns_pkt_rcode ldns_pkt_get_rcode(const ldns_pkt *p);
/**
@ -586,7 +589,7 @@ void ldns_pkt_set_ad(ldns_pkt *p, bool b);
*/
void ldns_pkt_set_opcode(ldns_pkt *p, ldns_pkt_opcode c);
/**
* Set the packet's respons code
* Set the packet's response code
* \param[in] p the packet
* \param[in] c the rcode
*/
@ -687,7 +690,7 @@ uint8_t ldns_pkt_edns_version(const ldns_pkt *packet);
*/
uint16_t ldns_pkt_edns_z(const ldns_pkt *packet);
/**
* return the packet's edns data
* return the packet's EDNS data
* \param[in] packet the packet
* \return the data
*/
@ -706,6 +709,18 @@ bool ldns_pkt_edns_do(const ldns_pkt *packet);
*/
void ldns_pkt_set_edns_do(ldns_pkt *packet, bool value);
/**
* return the packet's EDNS header bits that are unassigned.
*/
uint16_t ldns_pkt_edns_unassigned(const ldns_pkt *packet);
/**
* Set the packet's EDNS header bits that are unassigned.
* \param[in] packet the packet
* \param[in] value the value
*/
void ldns_pkt_set_edns_unassigned(ldns_pkt *packet, uint16_t value);
/**
* returns true if this packet needs and EDNS rr to be sent.
* At the moment the only reason is an expected packet
@ -717,6 +732,16 @@ void ldns_pkt_set_edns_do(ldns_pkt *packet, bool value);
*/
bool ldns_pkt_edns(const ldns_pkt *packet);
/**
* Returns a list of structured EDNS options. The list will be automatically
* freed when the packet is freed. The option list can be manipulated and
* will be used when converting the packet to wireformat with ldns_pkt2wire.
*
* \param[in] packet the packet which contains the EDNS data
* \return the list of EDNS options
*/
ldns_edns_option_list* ldns_pkt_edns_get_option_list(ldns_pkt *packet);
/**
* Set the packet's edns udp size
* \param[in] packet the packet
@ -742,12 +767,20 @@ void ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v);
*/
void ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z);
/**
* Set the packet's edns data
* Set the packet's EDNS data
* \param[in] packet the packet
* \param[in] data the data
*/
void ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data);
/**
* Set the packet's structured EDNS data. Once an edns_option_list is set
* (or get), the option list will be used for converting into wireformat.
* \param[in] packet the packet
* \param[in] list the options list that will create the data
*/
void ldns_pkt_set_edns_option_list(ldns_pkt *packet, ldns_edns_option_list *list);
/**
* allocates and initializes a ldns_pkt structure.
* \return pointer to the new packet
@ -837,7 +870,7 @@ void ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr);
void ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr);
/**
* directly set the auhority section
* directly set the authority section
* \param[in] p packet to operate on
* \param[in] rr rrlist to set
*/

38
contrib/ldns/ldns/parse.h
View File

@ -69,6 +69,32 @@ ssize_t ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit);
*/
ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr);
/**
* returns a token/char from the stream f.
* This function deals with ( and ) in the stream,
* and ignores when it finds them.
* \param[in] *f the file to read from
* \param[out] **token this should be a reference to a string buffer in which
* the token is put. A new buffer will be allocated when
* *token is NULL and fixed is false. If the buffer is too
* small to hold the token, the buffer is reallocated with
* double the size (of limit).
* If fixed is true, the string buffer may not be NULL
* and limit must be set to the buffer size. In that case
* no reallocations will be done.
* \param[in,out] *limit reference to the size of the token buffer. Will be
* reset to the new limit of the token buffer if the
* buffer is reallocated.
* \param [in] fixed If fixed is false, the token buffer is allowed to grow
* when needed (by way of reallocation). If true, the token
* buffer will not be resized.
* \param[in] *delim chars at which the parsing should stop
* \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
* \return LDNS_STATUS_OK on success, LDNS_STATUS_SYNTAX_EMPTY when no token
* was read and an error otherwise.
*/
ldns_status ldns_fget_token_l_st(FILE *f, char **token, size_t *limit, bool fixed, const char *delim, int *line_nr);
/**
* returns a token/char from the buffer b.
* This function deals with ( and ) in the buffer,
@ -86,9 +112,9 @@ ssize_t ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t l
* after the keyword + k_del until we hit d_del
* \param[in] f file pointer to read from
* \param[in] keyword keyword to look for
* \param[in] k_del keyword delimeter
* \param[in] k_del keyword delimiter
* \param[out] data the data found
* \param[in] d_del the data delimeter
* \param[in] d_del the data delimiter
* \param[in] data_limit maximum size the the data buffer
* \return the number of character read
*/
@ -99,9 +125,9 @@ ssize_t ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del,
* after the keyword + k_del until we hit d_del
* \param[in] f file pointer to read from
* \param[in] keyword keyword to look for
* \param[in] k_del keyword delimeter
* \param[in] k_del keyword delimiter
* \param[out] data the data found
* \param[in] d_del the data delimeter
* \param[in] d_del the data delimiter
* \param[in] data_limit maximum size the the data buffer
* \param[in] line_nr pointer to an integer containing the current line number (for
debugging purposes)
@ -114,9 +140,9 @@ ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del
* after the keyword + k_del until we hit d_del
* \param[in] b buffer pointer to read from
* \param[in] keyword keyword to look for
* \param[in] k_del keyword delimeter
* \param[in] k_del keyword delimiter
* \param[out] data the data found
* \param[in] d_del the data delimeter
* \param[in] d_del the data delimiter
* \param[in] data_limit maximum size the the data buffer
* \return the number of character read
*/

4
contrib/ldns/ldns/radix.h
View File

@ -154,7 +154,7 @@ ldns_radix_node_t* ldns_radix_search(ldns_radix_t* tree, const uint8_t* key,
* @param tree: tree to insert to.
* @param key: key.
* @param len: length of key.
* @param result: the radix node with the exact or closest match. NULL if
* @param[out] result: the radix node with the exact or closest match. NULL if
* the key is smaller than the smallest key in the tree.
* @return 1 if exact match, 0 otherwise.
*
@ -198,7 +198,7 @@ ldns_radix_node_t* ldns_radix_prev(ldns_radix_node_t* node);
* Split radix tree intwo.
* @param tree1: one tree.
* @param num: number of elements to split off.
* @param tree2: another tree.
* @param[out] tree2: another tree.
* @return: status.
*
*/

2
contrib/ldns/ldns/rbtree.h
View File

@ -151,7 +151,7 @@ ldns_rbnode_t *ldns_rbtree_search(ldns_rbtree_t *rbtree, const void *key);
* Find, but match does not have to be exact.
* @param rbtree: tree to find in.
* @param key: key to find position of.
* @param result: set to the exact node if present, otherwise to element that
* @param[out] result: set to the exact node if present, otherwise to element that
* precedes the position of key in the tree. NULL if no smaller element.
* @return: true if exact match in result. Else result points to <= element,
* or NULL if key is smaller than the smallest key.

28
contrib/ldns/ldns/rdata.h
View File

@ -139,6 +139,12 @@ enum ldns_enum_rdf_type
LDNS_RDF_TYPE_SELECTOR,
LDNS_RDF_TYPE_MATCHING_TYPE,
/** draft-ietf-mboned-driad-amt-discovery **/
LDNS_RDF_TYPE_AMTRELAY,
/** draft-ietf-dnsop-svcb-https **/
LDNS_RDF_TYPE_SVCPARAMS,
/* Aliases */
LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC
};
@ -162,7 +168,23 @@ enum ldns_enum_cert_algorithm
};
typedef enum ldns_enum_cert_algorithm ldns_cert_algorithm;
/**
* keys types in SVCPARAMS rdata fields
*/
enum ldns_enum_svcparam_key
{
LDNS_SVCPARAM_KEY_MANDATORY = 0,
LDNS_SVCPARAM_KEY_ALPN = 1,
LDNS_SVCPARAM_KEY_NO_DEFAULT_ALPN = 2,
LDNS_SVCPARAM_KEY_PORT = 3,
LDNS_SVCPARAM_KEY_IPV4HINT = 4,
LDNS_SVCPARAM_KEY_ECH = 5,
LDNS_SVCPARAM_KEY_IPV6HINT = 6,
LDNS_SVCPARAM_KEY_DOHPATH = 7,
LDNS_SVCPARAM_KEY_LAST_KEY = 7,
LDNS_SVCPARAM_KEY_RESERVED = 65535
};
typedef enum ldns_enum_svcparam_key ldns_svcparam_key;
/**
* Resource record data field.
@ -240,7 +262,7 @@ uint8_t *ldns_rdf_data(const ldns_rdf *rd);
/**
* allocates a new rdf structure and fills it.
* This function DOES NOT copy the contents from
* the buffer, unlinke ldns_rdf_new_frm_data()
* the buffer, unlike ldns_rdf_new_frm_data()
* \param[in] type type of the rdf
* \param[in] size size of the buffer
* \param[in] data pointer to the buffer to be copied
@ -251,7 +273,7 @@ ldns_rdf *ldns_rdf_new(ldns_rdf_type type, size_t size, void *data);
/**
* allocates a new rdf structure and fills it.
* This function _does_ copy the contents from
* the buffer, unlinke ldns_rdf_new()
* the buffer, unlike ldns_rdf_new()
* \param[in] type type of the rdf
* \param[in] size size of the buffer
* \param[in] data pointer to the buffer to be copied

6
contrib/ldns/ldns/resolver.h
View File

@ -250,7 +250,7 @@ bool ldns_resolver_dnssec_cd(const ldns_resolver *r);
/**
* Get the resolver's DNSSEC anchors
* \param[in] r the resolver
* \return an rr_list containg trusted DNSSEC anchors
* \return an rr_list containing trusted DNSSEC anchors
*/
ldns_rr_list * ldns_resolver_dnssec_anchors(const ldns_resolver *r);
/**
@ -730,7 +730,7 @@ ldns_status ldns_resolver_new_frm_fp_l(ldns_resolver **r, FILE *fp, int *line_nr
ldns_status ldns_resolver_new_frm_file(ldns_resolver **r, const char *filename);
/**
* Frees the allocated space for this resolver. Only frees the resolver pionter! You should probably be using _deep_free.
* Frees the allocated space for this resolver. Only frees the resolver pointer! You should probably be using _deep_free.
* \param res resolver to free
*/
void ldns_resolver_free(ldns_resolver *res);
@ -766,7 +766,7 @@ bool ldns_axfr_complete(const ldns_resolver *resolver);
/**
* Returns a pointer to the last ldns_pkt that was sent by the server in the AXFR transfer
* uasable for instance to get the error code on failure
* usable for instance to get the error code on failure
* \param[in] res the resolver that was used in the axfr transfer
* \return ldns_pkt the last packet sent
*/

21
contrib/ldns/ldns/rr.h
View File

@ -36,9 +36,6 @@ extern "C" {
/** The bytes TTL, CLASS and length use up in an rr */
#define LDNS_RR_OVERHEAD 10
/* The first fields are contiguous and can be referenced instantly */
#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 259
/**
@ -159,7 +156,7 @@ enum ldns_enum_rr_type
LDNS_RR_TYPE_DNAME = 39,
/** dnsind-kitchen-sink-02.txt */
LDNS_RR_TYPE_SINK = 40,
/** Pseudo OPT record... */
/** OPT record RFC 6891 */
LDNS_RR_TYPE_OPT = 41,
/** RFC3123 */
LDNS_RR_TYPE_APL = 42,
@ -180,7 +177,7 @@ enum ldns_enum_rr_type
LDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */
LDNS_RR_TYPE_NSEC3PARAMS = 51,
LDNS_RR_TYPE_TLSA = 52, /* RFC 6698 */
LDNS_RR_TYPE_SMIMEA = 53, /* draft-ietf-dane-smime */
LDNS_RR_TYPE_SMIMEA = 53, /* RFC 8162 */
LDNS_RR_TYPE_HIP = 55, /* RFC 5205 */
@ -194,6 +191,9 @@ enum ldns_enum_rr_type
LDNS_RR_TYPE_CDNSKEY = 60, /* RFC 7344 */
LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest */
LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https */
LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https */
LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
@ -223,6 +223,10 @@ enum ldns_enum_rr_type
LDNS_RR_TYPE_URI = 256, /* RFC 7553 */
LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */
LDNS_RR_TYPE_AVC = 258, /* Cisco's DNS-AS RR, see www.dns-as.org */
LDNS_RR_TYPE_DOA = 259, /* draft-durand-doa-over-dns */
/** draft-ietf-mboned-driad-amt-discovery **/
LDNS_RR_TYPE_AMTRELAY = 260,
/** DNSSEC Trust Authorities */
LDNS_RR_TYPE_TA = 32768,
@ -238,6 +242,9 @@ enum ldns_enum_rr_type
};
typedef enum ldns_enum_rr_type ldns_rr_type;
/* The first fields are contiguous and can be referenced instantly */
#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON (LDNS_RR_TYPE_AMTRELAY + 1)
/**
* Resource Record
*
@ -520,7 +527,7 @@ void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class);
* \param[in] *rr the rr to operate on
* \param[in] *f the rdf to set
* \param[in] position the position the set the rdf
* \return the old value in the rr, NULL on failyre
* \return the old value in the rr, NULL on failure
*/
ldns_rdf* ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position);
@ -810,7 +817,7 @@ int ldns_rr_compare_wire(const ldns_buffer *rr1_buf, const ldns_buffer *rr2_buf)
bool ldns_rr_compare_ds(const ldns_rr *rr1, const ldns_rr *rr2);
/**
* compares two rr listss.
* compares two rr lists.
* \param[in] rrl1 the first one
* \param[in] rrl2 the second one
* \return 0 if equal

4
contrib/ldns/ldns/rr_functions.h
View File

@ -121,9 +121,9 @@ bool ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f);
*/
ldns_rdf* ldns_rr_rrsig_expiration(const ldns_rr *r);
/**
* sets the expireation date of a LDNS_RR_TYPE_RRSIG rr
* sets the expiration date of a LDNS_RR_TYPE_RRSIG rr
* \param[in] r the rr to use
* \param[in] f the expireation date to set
* \param[in] f the expiration date to set
* \return true on success, false otherwise
*/
bool ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f);

9
contrib/ldns/ldns/sha1.h
View File

@ -1,6 +1,13 @@
#ifndef LDNS_SHA1_H
#define LDNS_SHA1_H
#include <stdint.h> /* uint32_t and friends */
#include <stddef.h> /* size_t and NULL */
#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H
# include <inttypes.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
@ -29,7 +36,7 @@ void ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ct
* available
* \return the SHA1 digest of the given data
*/
unsigned char *ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest);
unsigned char *ldns_sha1(const unsigned char *data, unsigned int data_len, unsigned char *digest);
#ifdef __cplusplus
}

27
contrib/ldns/ldns/sha2.h
View File

@ -46,25 +46,18 @@
#ifndef __LDNS_SHA2_H__
#define __LDNS_SHA2_H__
#include <stdint.h> /* uint32_t and friends */
#include <stddef.h> /* size_t and NULL */
#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H
# include <inttypes.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
/*
* Import u_intXX_t size_t type definitions from system headers. You
* may need to change this, or define these things yourself in this
* file.
*/
#include <sys/types.h>
#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H
#include <inttypes.h>
#endif /* LDNS_BUILD_CONFIG_HAVE_INTTYPES_H */
/*** SHA-256/384/512 Various Length Definitions ***********************/
#define LDNS_SHA256_BLOCK_LENGTH 64
#define LDNS_SHA256_DIGEST_LENGTH 32
@ -116,7 +109,7 @@ void ldns_sha512_final(uint8_t[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_CTX*);
* available
* \return the SHA1 digest of the given data
*/
unsigned char *ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest);
unsigned char *ldns_sha256(const unsigned char *data, unsigned int data_len, unsigned char *digest);
/**
* Convenience function to digest a fixed block of data at once.
@ -128,7 +121,7 @@ unsigned char *ldns_sha256(unsigned char *data, unsigned int data_len, unsigned
* available
* \return the SHA1 digest of the given data
*/
unsigned char *ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest);
unsigned char *ldns_sha384(const unsigned char *data, unsigned int data_len, unsigned char *digest);
/**
* Convenience function to digest a fixed block of data at once.
@ -140,7 +133,7 @@ unsigned char *ldns_sha384(unsigned char *data, unsigned int data_len, unsigned
* available
* \return the SHA1 digest of the given data
*/
unsigned char *ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest);
unsigned char *ldns_sha512(const unsigned char *data, unsigned int data_len, unsigned char *digest);
#ifdef __cplusplus
}

90
contrib/ldns/ldns/str2host.h
View File

@ -32,7 +32,7 @@ extern "C" {
/**
* convert a byte into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] bytestr the string to be converted
* \return ldns_status
*/
@ -40,7 +40,7 @@ ldns_status ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr);
/**
* convert a string to a int16 in wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] shortstr the string to be converted
* \return ldns_status
*/
@ -48,7 +48,7 @@ ldns_status ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr);
/**
* convert a strings into a 4 byte int in wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] longstr the string to be converted
* \return ldns_status
*/
@ -56,21 +56,21 @@ ldns_status ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr);
/**
* convert a time string to a time value in wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] time the string to be converted
* \return ldns_status
*/
ldns_status ldns_str2rdf_time(ldns_rdf **rd, const char *time);
/* convert string with NSEC3 salt to wireformat)
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* return ldns_status
*/
ldns_status ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *nsec3_salt);
/* convert a time period (think TTL's) to wireformat)
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* return ldns_status
*/
@ -78,7 +78,7 @@ ldns_status ldns_str2rdf_period(ldns_rdf **rd, const char *str);
/**
* convert str with an A record into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -86,7 +86,7 @@ ldns_status ldns_str2rdf_a(ldns_rdf **rd, const char *str);
/**
* convert the str with an AAAA record into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -94,7 +94,7 @@ ldns_status ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str);
/**
* convert a string into wireformat (think txt record)
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted (NULL terminated)
* \return ldns_status
*/
@ -102,7 +102,7 @@ ldns_status ldns_str2rdf_str(ldns_rdf **rd, const char *str);
/**
* convert str with the apl record into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -110,7 +110,7 @@ ldns_status ldns_str2rdf_apl(ldns_rdf **rd, const char *str);
/**
* convert the string with the b64 data into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -118,7 +118,7 @@ ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str);
/**
* convert the string with the b32 ext hex data into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -126,7 +126,7 @@ ldns_status ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str);
/**
* convert a hex value into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -134,7 +134,7 @@ ldns_status ldns_str2rdf_hex(ldns_rdf **rd, const char *str);
/**
* convert string with nsec into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -142,7 +142,7 @@ ldns_status ldns_str2rdf_nsec(ldns_rdf **rd, const char *str);
/**
* convert a rrtype into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -150,7 +150,7 @@ ldns_status ldns_str2rdf_type(ldns_rdf **rd, const char *str);
/**
* convert string with a classname into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -158,7 +158,7 @@ ldns_status ldns_str2rdf_class(ldns_rdf **rd, const char *str);
/**
* convert an certificate algorithm value into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -166,7 +166,7 @@ ldns_status ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str);
/**
* convert an algorithm value into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -174,7 +174,7 @@ ldns_status ldns_str2rdf_alg(ldns_rdf **rd, const char *str);
/**
* convert a tlsa certificate usage value into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -182,7 +182,7 @@ ldns_status ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str);
/**
* convert a tlsa selector value into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -190,7 +190,7 @@ ldns_status ldns_str2rdf_selector(ldns_rdf **rd, const char *str);
/**
* convert a tlsa matching type value into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -198,7 +198,7 @@ ldns_status ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str);
/**
* convert a string with a unknown RR into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -206,7 +206,7 @@ ldns_status ldns_str2rdf_unknown(ldns_rdf **rd, const char *str);
/**
* convert string with a protocol service into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -214,7 +214,7 @@ ldns_status ldns_str2rdf_service(ldns_rdf **rd, const char *str);
/**
* convert a string with a LOC RR into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -222,7 +222,7 @@ ldns_status ldns_str2rdf_loc(ldns_rdf **rd, const char *str);
/**
* convert string with a WKS RR into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -230,7 +230,7 @@ ldns_status ldns_str2rdf_wks(ldns_rdf **rd, const char *str);
/**
* convert a str with a NSAP RR into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -238,7 +238,7 @@ ldns_status ldns_str2rdf_nsap(ldns_rdf **rd, const char *str);
/**
* convert a str with a ATMA RR into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -246,7 +246,7 @@ ldns_status ldns_str2rdf_atma(ldns_rdf **rd, const char *str);
/**
* convert a str with a IPSECKEY RR into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -254,7 +254,7 @@ ldns_status ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str);
/**
* convert a dname string into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -262,7 +262,7 @@ ldns_status ldns_str2rdf_dname(ldns_rdf **rd, const char *str);
/**
* convert 4 * 16bit hex separated by colons into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -270,7 +270,7 @@ ldns_status ldns_str2rdf_ilnp64(ldns_rdf **rd, const char *str);
/**
* convert 6 hex bytes separated by dashes into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -278,7 +278,7 @@ ldns_status ldns_str2rdf_eui48(ldns_rdf **rd, const char *str);
/**
* convert 8 hex bytes separated by dashes into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -286,7 +286,7 @@ ldns_status ldns_str2rdf_eui64(ldns_rdf **rd, const char *str);
/**
* Convert a non-zero sequence of US-ASCII letters and numbers into wireformat
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -295,7 +295,7 @@ ldns_status ldns_str2rdf_tag(ldns_rdf **rd, const char *str);
/**
* Convert a <character-string> encoding of the value field as specified
* [RFC1035], Section 5.1., encoded as one bug chunk of data.
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
@ -305,12 +305,32 @@ ldns_status ldns_str2rdf_long_str(ldns_rdf **rd, const char *str);
* Convert a "<algorithm> <hit> <pk>" encoding of the value field as specified
* in Section 6. of [RFC5205], encoded as wireformat as specified in Section 5.
* of [RFC5205].
* \param[in] rd the rdf where to put the data
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
ldns_status ldns_str2rdf_hip(ldns_rdf **rd, const char *str);
/**
* Convert a "<precedence> <D-bit> <type> <relay>" encoding
* of the value field as specified in Section 4.3.1 of
* [draft-ietf-mboned-driad-amt-discovery], encoded as wireformat as specified in
* Section 4.2 of [draft-ietf-mboned-driad-amt-discovery]
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
ldns_status ldns_str2rdf_amtrelay(ldns_rdf **rd, const char *str);
/**
* Convert a series of "key[=<value>]" encodings to wireformat as described in
* [draft-ietf-dnsop-svcb-https].
* \param[out] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
ldns_status ldns_str2rdf_svcparams(ldns_rdf **rd, const char *str);
#ifdef __cplusplus
}

2
contrib/ldns/ldns/update.h
View File

@ -42,7 +42,7 @@ ldns_pkt *ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class clas, const ldns
* \param[in] p packet to copy to
* \param[in] r resolver to copy from
*
* \return status wether successfull or not
* \return status whether successful or not
*/
ldns_status ldns_update_pkt_tsig_add(ldns_pkt *p, const ldns_resolver *r);

13
contrib/ldns/ldns/util.h
View File

@ -27,8 +27,8 @@ extern "C" {
#define dprintf(X,Y) fprintf(stderr, (X), (Y))
/* #define dprintf(X, Y) */
#define LDNS_VERSION "1.7.0"
#define LDNS_REVISION ((1<<16)|(7<<8)|(0))
#define LDNS_VERSION "1.8.3"
#define LDNS_REVISION ((1<<16)|(8<<8)|(3))
/**
* splint static inline workaround
@ -274,19 +274,22 @@ time_t mktime_from_utc(const struct tm *tm);
/**
* The function interprets time as the number of seconds since epoch
* with respect to now using serial arithmitics (rfc1982).
* with respect to now using serial arithmetics (rfc1982).
* That number of seconds is then converted to broken-out time information.
* This is especially useful when converting the inception and expiration
* fields of RRSIG records.
*
* \param[in] time number of seconds since epoch (midnight, January 1st, 1970)
* to be intepreted as a serial arithmitics number relative to now.
* to be interpreted as a serial arithmetics number relative to now.
* \param[in] now number of seconds since epoch (midnight, January 1st, 1970)
* to which the time value is compared to determine the final value.
* \param[out] result the struct with the broken-out time information
* \return result on success or NULL on error
*/
struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result);
struct tm * ldns_serial_arithmetics_gmtime_r(int32_t time, time_t now, struct tm *result);
/* previously used wrong spelling */
#define ldns_serial_arithmitics_gmtime_r ldns_serial_arithmetics_gmtime_r
/**
* Seed the random function.

9
contrib/ldns/ldns/util.h.in
View File

@ -274,19 +274,22 @@ time_t mktime_from_utc(const struct tm *tm);
/**
* The function interprets time as the number of seconds since epoch
* with respect to now using serial arithmitics (rfc1982).
* with respect to now using serial arithmetics (rfc1982).
* That number of seconds is then converted to broken-out time information.
* This is especially useful when converting the inception and expiration
* fields of RRSIG records.
*
* \param[in] time number of seconds since epoch (midnight, January 1st, 1970)
* to be intepreted as a serial arithmitics number relative to now.
* to be interpreted as a serial arithmetics number relative to now.
* \param[in] now number of seconds since epoch (midnight, January 1st, 1970)
* to which the time value is compared to determine the final value.
* \param[out] result the struct with the broken-out time information
* \return result on success or NULL on error
*/
struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result);
struct tm * ldns_serial_arithmetics_gmtime_r(int32_t time, time_t now, struct tm *result);
/* previously used wrong spelling */
#define ldns_serial_arithmitics_gmtime_r ldns_serial_arithmetics_gmtime_r
/**
* Seed the random function.

8
contrib/ldns/ldns/wire2host.h
View File

@ -118,7 +118,7 @@ extern "C" {
* This function will initialize and allocate memory space for the packet
* structure.
*
* \param[in] packet pointer to the structure to hold the packet
* \param[out] packet pointer to the structure to hold the packet
* \param[in] data pointer to the buffer with the data
* \param[in] len the length of the data buffer (in bytes)
* \return LDNS_STATUS_OK if everything succeeds, error otherwise
@ -130,7 +130,7 @@ ldns_status ldns_wire2pkt(ldns_pkt **packet, const uint8_t *data, size_t len);
* This function will initialize and allocate memory space for the packet
* structure.
*
* \param[in] packet pointer to the structure to hold the packet
* \param[out] packet pointer to the structure to hold the packet
* \param[in] buffer the buffer with the data
* \return LDNS_STATUS_OK if everything succeeds, error otherwise
*/
@ -142,7 +142,7 @@ ldns_status ldns_buffer2pkt_wire(ldns_pkt **packet, const ldns_buffer *buffer);
* space for the dname structure. The length of the wiredata of this rdf
* is added to the *pos value.
*
* \param[in] dname pointer to the structure to hold the rdata value
* \param[out] dname pointer to the structure to hold the rdata value
* \param[in] wire pointer to the buffer with the data
* \param[in] max the length of the data buffer (in bytes)
* \param[in] pos the position of the rdf in the buffer (ie. the number of bytes
@ -177,7 +177,7 @@ ldns_status ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *
* structure.
* The length of the wiredata of this rr is added to the *pos value.
*
* \param[in] rr pointer to the structure to hold the rdata value
* \param[out] rr pointer to the structure to hold the rdata value
* \param[in] wire pointer to the buffer with the data
* \param[in] max the length of the data buffer (in bytes)
* \param[in] pos the position of the rr in the buffer (ie. the number of bytes

6
contrib/ldns/ldns/zone.h
View File

@ -43,7 +43,7 @@ struct ldns_struct_zone
{
/** the soa defines a zone */
ldns_rr *_soa;
/* basicly a zone is a list of rr's */
/* basically a zone is a list of rr's */
ldns_rr_list *_rrs;
/* we could change this to be a b-tree etc etc todo */
};
@ -97,7 +97,7 @@ void ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist);
* copying, so the rr_list structure inside z is modified!
* \param[in] z the zone to add to
* \param[in] list the list to add
* \return a true on succes otherwise falsed
* \return a true on success otherwise false
*/
bool ldns_zone_push_rr_list(ldns_zone *z, const ldns_rr_list *list);
@ -106,7 +106,7 @@ bool ldns_zone_push_rr_list(ldns_zone *z, const ldns_rr_list *list);
* copying, so the rr_list structure inside z is modified!
* \param[in] z the zone to add to
* \param[in] rr the rr to add
* \return a true on succes otherwise falsed
* \return a true on success otherwise false
*/
bool ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr);

415
contrib/ldns/libdns.doxygen → contrib/ldns/libdns.doxygen.in
View File

@ -1,4 +1,4 @@
# Doxyfile 1.8.11
# Doxyfile 1.9.1
# This file describes the settings to be used by the documentation system
# doxygen (www.doxygen.org) for a project.
@ -17,11 +17,11 @@
# Project related configuration options
#---------------------------------------------------------------------------
# This tag specifies the encoding used for all characters in the config file
# that follow. The default is UTF-8 which is also the encoding used for all text
# before the first occurrence of this tag. Doxygen uses libiconv (or the iconv
# built into libc) for the transcoding. See http://www.gnu.org/software/libiconv
# for the list of possible encodings.
# This tag specifies the encoding used for all characters in the configuration
# file that follow. The default is UTF-8 which is also the encoding used for all
# text before the first occurrence of this tag. Doxygen uses libiconv (or the
# iconv built into libc) for the transcoding. See
# https://www.gnu.org/software/libiconv/ for the list of possible encodings.
# The default value is: UTF-8.
DOXYFILE_ENCODING = UTF-8
@ -32,13 +32,13 @@ DOXYFILE_ENCODING = UTF-8
# title of most generated pages and in a few other places.
# The default value is: My Project.
PROJECT_NAME = ldns
PROJECT_NAME = @PACKAGE_NAME@
# The PROJECT_NUMBER tag can be used to enter a project or revision number. This
# could be handy for archiving the generated documentation or if some version
# control system is used.
PROJECT_NUMBER = 1.7.0
PROJECT_NUMBER = @PACKAGE_VERSION@
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer a
@ -93,6 +93,14 @@ ALLOW_UNICODE_NAMES = NO
OUTPUT_LANGUAGE = English
# The OUTPUT_TEXT_DIRECTION tag is used to specify the direction in which all
# documentation generated by doxygen is written. Doxygen will use this
# information to generate all generated output in the proper direction.
# Possible values are: None, LTR, RTL and Context.
# The default value is: None.
OUTPUT_TEXT_DIRECTION = None
# If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member
# descriptions after the members that are listed in the file and class
# documentation (similar to Javadoc). Set to NO to disable this.
@ -179,6 +187,16 @@ SHORT_NAMES = NO
JAVADOC_AUTOBRIEF = YES
# If the JAVADOC_BANNER tag is set to YES then doxygen will interpret a line
# such as
# /***************
# as being the beginning of a Javadoc-style comment "banner". If set to NO, the
# Javadoc-style will behave just like regular comments and it will not be
# interpreted by doxygen.
# The default value is: NO.
JAVADOC_BANNER = NO
# If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first
# line (until the first dot) of a Qt-style comment as the brief description. If
# set to NO, the Qt-style will behave just like regular Qt-style comments (thus
@ -199,6 +217,14 @@ QT_AUTOBRIEF = NO
MULTILINE_CPP_IS_BRIEF = NO
# By default Python docstrings are displayed as preformatted text and doxygen's
# special commands cannot be used. By setting PYTHON_DOCSTRING to NO the
# doxygen's special commands can be used and the contents of the docstring
# documentation blocks is shown as doxygen documentation.
# The default value is: YES.
PYTHON_DOCSTRING = YES
# If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the
# documentation from any documented member that it re-implements.
# The default value is: YES.
@ -226,16 +252,15 @@ TAB_SIZE = 8
# will allow you to put the command \sideeffect (or @sideeffect) in the
# documentation, which will result in a user-defined paragraph with heading
# "Side Effects:". You can put \n's in the value part of an alias to insert
# newlines.
# newlines (in the resulting output). You can put ^^ in the value part of an
# alias to insert a newline as if a physical newline was in the original file.
# When you need a literal { or } or , in the value part of an alias you have to
# escape them by means of a backslash (\), this can lead to conflicts with the
# commands \{ and \} for these it is advised to use the version @{ and @} or use
# a double escape (\\{ and \\})
ALIASES =
# This tag can be used to specify a number of word-keyword mappings (TCL only).
# A mapping has the form "name=value". For example adding "class=itcl::class"
# will allow you to use the command class in the itcl::class meaning.
TCL_SUBST =
# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
# only. Doxygen will then generate output that is more tailored for C. For
# instance, some of the names that are used will be different. The list of all
@ -264,28 +289,40 @@ OPTIMIZE_FOR_FORTRAN = NO
OPTIMIZE_OUTPUT_VHDL = NO
# Set the OPTIMIZE_OUTPUT_SLICE tag to YES if your project consists of Slice
# sources only. Doxygen will then generate output that is more tailored for that
# language. For instance, namespaces will be presented as modules, types will be
# separated into more groups, etc.
# The default value is: NO.
OPTIMIZE_OUTPUT_SLICE = NO
# Doxygen selects the parser to use depending on the extension of the files it
# parses. With this tag you can assign which parser to use for a given
# extension. Doxygen has a built-in mapping, but you can override or extend it
# using this tag. The format is ext=language, where ext is a file extension, and
# language is one of the parsers supported by doxygen: IDL, Java, Javascript,
# C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran:
# FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran:
# Fortran. In the later case the parser tries to guess whether the code is fixed
# or free formatted code, this is the default for Fortran type files), VHDL. For
# instance to make doxygen treat .inc files as Fortran files (default is PHP),
# and .f files as C (default is Fortran), use: inc=Fortran f=C.
# language is one of the parsers supported by doxygen: IDL, Java, JavaScript,
# Csharp (C#), C, C++, D, PHP, md (Markdown), Objective-C, Python, Slice, VHDL,
# Fortran (fixed format Fortran: FortranFixed, free formatted Fortran:
# FortranFree, unknown formatted Fortran: Fortran. In the later case the parser
# tries to guess whether the code is fixed or free formatted code, this is the
# default for Fortran type files). For instance to make doxygen treat .inc files
# as Fortran files (default is PHP), and .f files as C (default is Fortran),
# use: inc=Fortran f=C.
#
# Note: For files without extension you can use no_extension as a placeholder.
#
# Note that for custom extensions you also need to set FILE_PATTERNS otherwise
# the files are not read by doxygen.
# the files are not read by doxygen. When specifying no_extension you should add
# * to the FILE_PATTERNS.
#
# Note see also the list of default file extension mappings.
EXTENSION_MAPPING =
# If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments
# according to the Markdown format, which allows for more readable
# documentation. See http://daringfireball.net/projects/markdown/ for details.
# documentation. See https://daringfireball.net/projects/markdown/ for details.
# The output of markdown processing is further processed by doxygen, so you can
# mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in
# case of backward compatibilities issues.
@ -293,6 +330,15 @@ EXTENSION_MAPPING =
MARKDOWN_SUPPORT = YES
# When the TOC_INCLUDE_HEADINGS tag is set to a non-zero value, all headings up
# to that level are automatically included in the table of contents, even if
# they do not have an id attribute.
# Note: This feature currently applies only to Markdown headings.
# Minimum value: 0, maximum value: 99, default value: 5.
# This tag requires that the tag MARKDOWN_SUPPORT is set to YES.
TOC_INCLUDE_HEADINGS = 5
# When enabled doxygen tries to link words that correspond to documented
# classes, or namespaces to their corresponding documentation. Such a link can
# be prevented in individual cases by putting a % sign in front of the word or
@ -318,7 +364,7 @@ BUILTIN_STL_SUPPORT = NO
CPP_CLI_SUPPORT = NO
# Set the SIP_SUPPORT tag to YES if your project consists of sip (see:
# http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen
# https://www.riverbankcomputing.com/software/sip/intro) sources only. Doxygen
# will parse them like normal C++ but will assume all classes use public instead
# of private inheritance when no explicit protection keyword is present.
# The default value is: NO.
@ -404,6 +450,19 @@ TYPEDEF_HIDES_STRUCT = NO
LOOKUP_CACHE_SIZE = 0
# The NUM_PROC_THREADS specifies the number threads doxygen is allowed to use
# during processing. When set to 0 doxygen will based this on the number of
# cores available in the system. You can set it explicitly to a value larger
# than 0 to get more control over the balance between CPU load and processing
# speed. At this moment only the input processing can be done using multiple
# threads. Since this is still an experimental feature the default is set to 1,
# which efficively disables parallel processing. Please report any issues you
# encounter. Generating dot graphs in parallel is controlled by the
# DOT_NUM_THREADS setting.
# Minimum value: 0, maximum value: 32, default value: 1.
NUM_PROC_THREADS = 1
#---------------------------------------------------------------------------
# Build related configuration options
#---------------------------------------------------------------------------
@ -424,6 +483,12 @@ EXTRACT_ALL = YES
EXTRACT_PRIVATE = NO
# If the EXTRACT_PRIV_VIRTUAL tag is set to YES, documented private virtual
# methods of a class will be included in the documentation.
# The default value is: NO.
EXTRACT_PRIV_VIRTUAL = NO
# If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal
# scope will be included in the documentation.
# The default value is: NO.
@ -461,6 +526,13 @@ EXTRACT_LOCAL_METHODS = NO
EXTRACT_ANON_NSPACES = NO
# If this flag is set to YES, the name of an unnamed parameter in a declaration
# will be determined by the corresponding definition. By default unnamed
# parameters remain unnamed in the output.
# The default value is: YES.
RESOLVE_UNNAMED_PARAMS = YES
# If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all
# undocumented members inside documented classes or files. If set to NO these
# members will be included in the various overviews, but no documentation
@ -478,8 +550,8 @@ HIDE_UNDOC_MEMBERS = NO
HIDE_UNDOC_CLASSES = NO
# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend
# (class|struct|union) declarations. If set to NO, these declarations will be
# included in the documentation.
# declarations. If set to NO, these declarations will be included in the
# documentation.
# The default value is: NO.
HIDE_FRIEND_COMPOUNDS = NO
@ -498,11 +570,18 @@ HIDE_IN_BODY_DOCS = NO
INTERNAL_DOCS = NO
# If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file
# names in lower-case letters. If set to YES, upper-case letters are also
# allowed. This is useful if you have classes or files whose names only differ
# in case and if your file system supports case sensitive file names. Windows
# and Mac users are advised to set this option to NO.
# With the correct setting of option CASE_SENSE_NAMES doxygen will better be
# able to match the capabilities of the underlying filesystem. In case the
# filesystem is case sensitive (i.e. it supports files in the same directory
# whose names only differ in casing), the option must be set to YES to properly
# deal with such files in case they appear in the input. For filesystems that
# are not case sensitive the option should be be set to NO to properly deal with
# output files written for symbols that only differ in casing, such as for two
# classes, one named CLASS and the other named Class, and to also support
# references to files without having to specify the exact matching casing. On
# Windows (including Cygwin) and MacOS, users should typically set this option
# to NO, whereas on Linux or other Unix flavors it should typically be set to
# YES.
# The default value is: system dependent.
CASE_SENSE_NAMES = YES
@ -689,7 +768,7 @@ LAYOUT_FILE =
# The CITE_BIB_FILES tag can be used to specify one or more bib files containing
# the reference definitions. This must be a list of .bib files. The .bib
# extension is automatically appended if omitted. This requires the bibtex tool
# to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info.
# to be installed. See also https://en.wikipedia.org/wiki/BibTeX for more info.
# For LaTeX the style of the bibliography can be controlled using
# LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the
# search path. See also \cite for info how to create references.
@ -734,13 +813,17 @@ WARN_IF_DOC_ERROR = YES
# This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that
# are documented, but have no documentation for their parameters or return
# value. If set to NO, doxygen will only warn about wrong or incomplete
# parameter documentation, but not about the absence of documentation.
# parameter documentation, but not about the absence of documentation. If
# EXTRACT_ALL is set to YES then this flag will automatically be disabled.
# The default value is: NO.
WARN_NO_PARAMDOC = NO
# If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when
# a warning is encountered.
# a warning is encountered. If the WARN_AS_ERROR tag is set to FAIL_ON_WARNINGS
# then doxygen will continue running as if WARN_AS_ERROR tag is set to NO, but
# at the end of the doxygen process doxygen will return with a non-zero status.
# Possible values are: NO, YES and FAIL_ON_WARNINGS.
# The default value is: NO.
WARN_AS_ERROR = NO
@ -781,8 +864,8 @@ INPUT = . \
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses
# libiconv (or the iconv built into libc) for the transcoding. See the libiconv
# documentation (see: http://www.gnu.org/software/libiconv) for the list of
# possible encodings.
# documentation (see:
# https://www.gnu.org/software/libiconv/) for the list of possible encodings.
# The default value is: UTF-8.
INPUT_ENCODING = UTF-8
@ -795,11 +878,15 @@ INPUT_ENCODING = UTF-8
# need to set EXTENSION_MAPPING for the extension otherwise the files are not
# read by doxygen.
#
# Note the list of default checked file patterns might differ from the list of
# default file extension mappings.
#
# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp,
# *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h,
# *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc,
# *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f, *.for, *.tcl,
# *.vhd, *.vhdl, *.ucf, *.qsf, *.as and *.js.
# *.m, *.markdown, *.md, *.mm, *.dox (to be provided as doxygen C comment),
# *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, *.f18, *.f, *.for, *.vhd, *.vhdl,
# *.ucf, *.qsf and *.ice.
FILE_PATTERNS =
@ -954,7 +1041,7 @@ INLINE_SOURCES = NO
STRIP_CODE_COMMENTS = YES
# If the REFERENCED_BY_RELATION tag is set to YES then for each documented
# function all documented functions referencing it will be listed.
# entity all documented functions referencing it will be listed.
# The default value is: NO.
REFERENCED_BY_RELATION = NO
@ -986,12 +1073,12 @@ SOURCE_TOOLTIPS = YES
# If the USE_HTAGS tag is set to YES then the references to source code will
# point to the HTML generated by the htags(1) tool instead of doxygen built-in
# source browser. The htags tool is part of GNU's global source tagging system
# (see http://www.gnu.org/software/global/global.html). You will need version
# (see https://www.gnu.org/software/global/global.html). You will need version
# 4.8.6 or higher.
#
# To use it do the following:
# - Install the latest version of global
# - Enable SOURCE_BROWSER and USE_HTAGS in the config file
# - Enable SOURCE_BROWSER and USE_HTAGS in the configuration file
# - Make sure the INPUT points to the root of the source tree
# - Run doxygen as normal
#
@ -1014,16 +1101,22 @@ USE_HTAGS = NO
VERBATIM_HEADERS = YES
# If the CLANG_ASSISTED_PARSING tag is set to YES then doxygen will use the
# clang parser (see: http://clang.llvm.org/) for more accurate parsing at the
# cost of reduced performance. This can be particularly helpful with template
# rich C++ code for which doxygen's built-in parser lacks the necessary type
# information.
# clang parser (see:
# http://clang.llvm.org/) for more accurate parsing at the cost of reduced
# performance. This can be particularly helpful with template rich C++ code for
# which doxygen's built-in parser lacks the necessary type information.
# Note: The availability of this option depends on whether or not doxygen was
# generated with the -Duse-libclang=ON option for CMake.
# generated with the -Duse_libclang=ON option for CMake.
# The default value is: NO.
CLANG_ASSISTED_PARSING = NO
# If clang assisted parsing is enabled and the CLANG_ADD_INC_PATHS tag is set to
# YES then doxygen will add the directory of each input to the include path.
# The default value is: YES.
CLANG_ADD_INC_PATHS = YES
# If clang assisted parsing is enabled you can provide the compiler with command
# line options that you would normally use when invoking the compiler. Note that
# the include paths will already be set by doxygen for the files and directories
@ -1032,6 +1125,19 @@ CLANG_ASSISTED_PARSING = NO
CLANG_OPTIONS =
# If clang assisted parsing is enabled you can provide the clang parser with the
# path to the directory containing a file called compile_commands.json. This
# file is the compilation database (see:
# http://clang.llvm.org/docs/HowToSetupToolingForLLVM.html) containing the
# options used when the source files were built. This is equivalent to
# specifying the -p option to a clang tool, such as clang-check. These options
# will then be passed to the parser. Any options specified with CLANG_OPTIONS
# will be added as well.
# Note: The availability of this option depends on whether or not doxygen was
# generated with the -Duse_libclang=ON option for CMake.
CLANG_DATABASE_PATH =
#---------------------------------------------------------------------------
# Configuration options related to the alphabetical class index
#---------------------------------------------------------------------------
@ -1043,13 +1149,6 @@ CLANG_OPTIONS =
ALPHABETICAL_INDEX = YES
# The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in
# which the alphabetical index list will be split.
# Minimum value: 1, maximum value: 20, default value: 5.
# This tag requires that the tag ALPHABETICAL_INDEX is set to YES.
COLS_IN_ALPHA_INDEX = 3
# In case all classes in a project start with a common prefix, all classes will
# be put under the same header in the alphabetical index. The IGNORE_PREFIX tag
# can be used to specify a prefix (or a list of prefixes) that should be ignored
@ -1150,7 +1249,7 @@ HTML_EXTRA_FILES =
# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen
# will adjust the colors in the style sheet and background images according to
# this color. Hue is specified as an angle on a colorwheel, see
# http://en.wikipedia.org/wiki/Hue for more information. For instance the value
# https://en.wikipedia.org/wiki/Hue for more information. For instance the value
# 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300
# purple, and 360 is red again.
# Minimum value: 0, maximum value: 359, default value: 220.
@ -1186,6 +1285,17 @@ HTML_COLORSTYLE_GAMMA = 80
HTML_TIMESTAMP = YES
# If the HTML_DYNAMIC_MENUS tag is set to YES then the generated HTML
# documentation will contain a main index with vertical navigation menus that
# are dynamically created via JavaScript. If disabled, the navigation index will
# consists of multiple levels of tabs that are statically embedded in every HTML
# page. Disable this option to support browsers that do not have JavaScript,
# like the Qt help browser.
# The default value is: YES.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_DYNAMIC_MENUS = YES
# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
# documentation will contain sections that can be hidden and shown after the
# page has loaded.
@ -1209,13 +1319,14 @@ HTML_INDEX_NUM_ENTRIES = 100
# If the GENERATE_DOCSET tag is set to YES, additional index files will be
# generated that can be used as input for Apple's Xcode 3 integrated development
# environment (see: http://developer.apple.com/tools/xcode/), introduced with
# OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a
# Makefile in the HTML output directory. Running make will produce the docset in
# that directory and running make install will install the docset in
# environment (see:
# https://developer.apple.com/xcode/), introduced with OSX 10.5 (Leopard). To
# create a documentation set, doxygen will generate a Makefile in the HTML
# output directory. Running make will produce the docset in that directory and
# running make install will install the docset in
# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at
# startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html
# for more information.
# startup. See https://developer.apple.com/library/archive/featuredarticles/Doxy
# genXcode/_index.html for more information.
# The default value is: NO.
# This tag requires that the tag GENERATE_HTML is set to YES.
@ -1254,8 +1365,8 @@ DOCSET_PUBLISHER_NAME = Publisher
# If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three
# additional HTML index files: index.hhp, index.hhc, and index.hhk. The
# index.hhp is a project file that can be read by Microsoft's HTML Help Workshop
# (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on
# Windows.
# (see:
# https://www.microsoft.com/en-us/download/details.aspx?id=21138) on Windows.
#
# The HTML Help Workshop contains a compiler that can convert all HTML output
# generated by doxygen into a single compiled HTML file (.chm). Compiled HTML
@ -1285,7 +1396,7 @@ CHM_FILE =
HHC_LOCATION =
# The GENERATE_CHI flag controls if a separate .chi index file is generated
# (YES) or that it should be included in the master .chm file (NO).
# (YES) or that it should be included in the main .chm file (NO).
# The default value is: NO.
# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
@ -1330,7 +1441,8 @@ QCH_FILE =
# The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help
# Project output. For more information please see Qt Help Project / Namespace
# (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace).
# (see:
# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#namespace).
# The default value is: org.doxygen.Project.
# This tag requires that the tag GENERATE_QHP is set to YES.
@ -1338,8 +1450,8 @@ QHP_NAMESPACE = org.doxygen.Project
# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt
# Help Project output. For more information please see Qt Help Project / Virtual
# Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual-
# folders).
# Folders (see:
# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#virtual-folders).
# The default value is: doc.
# This tag requires that the tag GENERATE_QHP is set to YES.
@ -1347,30 +1459,30 @@ QHP_VIRTUAL_FOLDER = doc
# If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom
# filter to add. For more information please see Qt Help Project / Custom
# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom-
# filters).
# Filters (see:
# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom-filters).
# This tag requires that the tag GENERATE_QHP is set to YES.
QHP_CUST_FILTER_NAME =
# The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the
# custom filter to add. For more information please see Qt Help Project / Custom
# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom-
# filters).
# Filters (see:
# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom-filters).
# This tag requires that the tag GENERATE_QHP is set to YES.
QHP_CUST_FILTER_ATTRS =
# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this
# project's filter section matches. Qt Help Project / Filter Attributes (see:
# http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes).
# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#filter-attributes).
# This tag requires that the tag GENERATE_QHP is set to YES.
QHP_SECT_FILTER_ATTRS =
# The QHG_LOCATION tag can be used to specify the location of Qt's
# qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the
# generated .qhp file.
# The QHG_LOCATION tag can be used to specify the location (absolute path
# including file name) of Qt's qhelpgenerator. If non-empty doxygen will try to
# run qhelpgenerator on the generated .qhp file.
# This tag requires that the tag GENERATE_QHP is set to YES.
QHG_LOCATION =
@ -1447,6 +1559,17 @@ TREEVIEW_WIDTH = 250
EXT_LINKS_IN_WINDOW = NO
# If the HTML_FORMULA_FORMAT option is set to svg, doxygen will use the pdf2svg
# tool (see https://github.com/dawbarton/pdf2svg) or inkscape (see
# https://inkscape.org) to generate formulas as SVG images instead of PNGs for
# the HTML output. These images will generally look nicer at scaled resolutions.
# Possible values are: png (the default) and svg (looks nicer but requires the
# pdf2svg or inkscape tool).
# The default value is: png.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_FORMULA_FORMAT = png
# Use this tag to change the font size of LaTeX formulas included as images in
# the HTML documentation. When you change the font size after a successful
# doxygen run you need to manually remove any form_*.png images from the HTML
@ -1456,7 +1579,7 @@ EXT_LINKS_IN_WINDOW = NO
FORMULA_FONTSIZE = 10
# Use the FORMULA_TRANPARENT tag to determine whether or not the images
# Use the FORMULA_TRANSPARENT tag to determine whether or not the images
# generated for formulas are transparent PNGs. Transparent PNGs are not
# supported properly for IE 6.0, but are supported on all modern browsers.
#
@ -1467,8 +1590,14 @@ FORMULA_FONTSIZE = 10
FORMULA_TRANSPARENT = YES
# The FORMULA_MACROFILE can contain LaTeX \newcommand and \renewcommand commands
# to create new LaTeX commands to be used in formulas as building blocks. See
# the section "Including formulas" for details.
FORMULA_MACROFILE =
# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see
# http://www.mathjax.org) which uses client side Javascript for the rendering
# https://www.mathjax.org) which uses client side JavaScript for the rendering
# instead of using pre-rendered bitmaps. Use this if you do not have LaTeX
# installed or if you want to formulas look prettier in the HTML output. When
# enabled you may also need to install MathJax separately and configure the path
@ -1480,7 +1609,7 @@ USE_MATHJAX = NO
# When MathJax is enabled you can set the default output format to be used for
# the MathJax output. See the MathJax site (see:
# http://docs.mathjax.org/en/latest/output.html) for more details.
# http://docs.mathjax.org/en/v2.7-latest/output.html) for more details.
# Possible values are: HTML-CSS (which is slower, but has the best
# compatibility), NativeMML (i.e. MathML) and SVG.
# The default value is: HTML-CSS.
@ -1495,8 +1624,8 @@ MATHJAX_FORMAT = HTML-CSS
# MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax
# Content Delivery Network so you can quickly see the result without installing
# MathJax. However, it is strongly recommended to install a local copy of
# MathJax from http://www.mathjax.org before deployment.
# The default value is: http://cdn.mathjax.org/mathjax/latest.
# MathJax from https://www.mathjax.org before deployment.
# The default value is: https://cdn.jsdelivr.net/npm/mathjax@2.
# This tag requires that the tag USE_MATHJAX is set to YES.
MATHJAX_RELPATH = http://www.mathjax.org/mathjax
@ -1510,7 +1639,8 @@ MATHJAX_EXTENSIONS =
# The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces
# of code that will be used on startup of the MathJax code. See the MathJax site
# (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an
# (see:
# http://docs.mathjax.org/en/v2.7-latest/output.html) for more details. For an
# example see the documentation.
# This tag requires that the tag USE_MATHJAX is set to YES.
@ -1538,7 +1668,7 @@ MATHJAX_CODEFILE =
SEARCHENGINE = NO
# When the SERVER_BASED_SEARCH tag is enabled the search engine will be
# implemented using a web server instead of a web client using Javascript. There
# implemented using a web server instead of a web client using JavaScript. There
# are two flavors of web server based searching depending on the EXTERNAL_SEARCH
# setting. When disabled, doxygen will generate a PHP script for searching and
# an index file used by the script. When EXTERNAL_SEARCH is enabled the indexing
@ -1557,7 +1687,8 @@ SERVER_BASED_SEARCH = NO
#
# Doxygen ships with an example indexer (doxyindexer) and search engine
# (doxysearch.cgi) which are based on the open source search engine library
# Xapian (see: http://xapian.org/).
# Xapian (see:
# https://xapian.org/).
#
# See the section "External Indexing and Searching" for details.
# The default value is: NO.
@ -1570,8 +1701,9 @@ EXTERNAL_SEARCH = NO
#
# Doxygen ships with an example indexer (doxyindexer) and search engine
# (doxysearch.cgi) which are based on the open source search engine library
# Xapian (see: http://xapian.org/). See the section "External Indexing and
# Searching" for details.
# Xapian (see:
# https://xapian.org/). See the section "External Indexing and Searching" for
# details.
# This tag requires that the tag SEARCHENGINE is set to YES.
SEARCHENGINE_URL =
@ -1622,21 +1754,35 @@ LATEX_OUTPUT = latex
# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
# invoked.
#
# Note that when enabling USE_PDFLATEX this option is only used for generating
# bitmaps for formulas in the HTML output, but not in the Makefile that is
# written to the output directory.
# The default file is: latex.
# Note that when not enabling USE_PDFLATEX the default is latex when enabling
# USE_PDFLATEX the default is pdflatex and when in the later case latex is
# chosen this is overwritten by pdflatex. For specific output languages the
# default can have been set differently, this depends on the implementation of
# the output language.
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_CMD_NAME = latex
# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to generate
# index for LaTeX.
# Note: This tag is used in the Makefile / make.bat.
# See also: LATEX_MAKEINDEX_CMD for the part in the generated output file
# (.tex).
# The default file is: makeindex.
# This tag requires that the tag GENERATE_LATEX is set to YES.
MAKEINDEX_CMD_NAME = makeindex
# The LATEX_MAKEINDEX_CMD tag can be used to specify the command name to
# generate index for LaTeX. In case there is no backslash (\) as first character
# it will be automatically added in the LaTeX code.
# Note: This tag is used in the generated output file (.tex).
# See also: MAKEINDEX_CMD_NAME for the part in the Makefile / make.bat.
# The default value is: makeindex.
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_MAKEINDEX_CMD = makeindex
# If the COMPACT_LATEX tag is set to YES, doxygen generates more compact LaTeX
# documents. This may be useful for small projects and may help to save some
# trees in general.
@ -1721,9 +1867,11 @@ LATEX_EXTRA_FILES =
PDF_HYPERLINKS = YES
# If the USE_PDFLATEX tag is set to YES, doxygen will use pdflatex to generate
# the PDF file directly from the LaTeX files. Set this option to YES, to get a
# higher quality PDF documentation.
# If the USE_PDFLATEX tag is set to YES, doxygen will use the engine as
# specified with LATEX_CMD_NAME to generate the PDF file directly from the LaTeX
# files. Set this option to YES, to get a higher quality PDF documentation.
#
# See also section LATEX_CMD_NAME for selecting the engine.
# The default value is: YES.
# This tag requires that the tag GENERATE_LATEX is set to YES.
@ -1757,7 +1905,7 @@ LATEX_SOURCE_CODE = NO
# The LATEX_BIB_STYLE tag can be used to specify the style to use for the
# bibliography, e.g. plainnat, or ieeetr. See
# http://en.wikipedia.org/wiki/BibTeX and \cite for more info.
# https://en.wikipedia.org/wiki/BibTeX and \cite for more info.
# The default value is: plain.
# This tag requires that the tag GENERATE_LATEX is set to YES.
@ -1771,6 +1919,14 @@ LATEX_BIB_STYLE = plain
LATEX_TIMESTAMP = NO
# The LATEX_EMOJI_DIRECTORY tag is used to specify the (relative or absolute)
# path from which the emoji images will be read. If a relative path is entered,
# it will be relative to the LATEX_OUTPUT directory. If left blank the
# LATEX_OUTPUT directory will be used.
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_EMOJI_DIRECTORY =
#---------------------------------------------------------------------------
# Configuration options related to the RTF output
#---------------------------------------------------------------------------
@ -1810,9 +1966,9 @@ COMPACT_RTF = NO
RTF_HYPERLINKS = NO
# Load stylesheet definitions from file. Syntax is similar to doxygen's config
# file, i.e. a series of assignments. You only have to provide replacements,
# missing definitions are set to their default value.
# Load stylesheet definitions from file. Syntax is similar to doxygen's
# configuration file, i.e. a series of assignments. You only have to provide
# replacements, missing definitions are set to their default value.
#
# See also section "Doxygen usage" for information on how to generate the
# default style sheet that doxygen normally uses.
@ -1821,8 +1977,8 @@ RTF_HYPERLINKS = NO
RTF_STYLESHEET_FILE =
# Set optional variables used in the generation of an RTF document. Syntax is
# similar to doxygen's config file. A template extensions file can be generated
# using doxygen -e rtf extensionFile.
# similar to doxygen's configuration file. A template extensions file can be
# generated using doxygen -e rtf extensionFile.
# This tag requires that the tag GENERATE_RTF is set to YES.
RTF_EXTENSIONS_FILE =
@ -1908,6 +2064,13 @@ XML_OUTPUT = xml
XML_PROGRAMLISTING = YES
# If the XML_NS_MEMB_FILE_SCOPE tag is set to YES, doxygen will include
# namespace members in file scope as well, matching the HTML output.
# The default value is: NO.
# This tag requires that the tag GENERATE_XML is set to YES.
XML_NS_MEMB_FILE_SCOPE = NO
#---------------------------------------------------------------------------
# Configuration options related to the DOCBOOK output
#---------------------------------------------------------------------------
@ -1940,9 +2103,9 @@ DOCBOOK_PROGRAMLISTING = NO
#---------------------------------------------------------------------------
# If the GENERATE_AUTOGEN_DEF tag is set to YES, doxygen will generate an
# AutoGen Definitions (see http://autogen.sf.net) file that captures the
# structure of the code including all documentation. Note that this feature is
# still experimental and incomplete at the moment.
# AutoGen Definitions (see http://autogen.sourceforge.net/) file that captures
# the structure of the code including all documentation. Note that this feature
# is still experimental and incomplete at the moment.
# The default value is: NO.
GENERATE_AUTOGEN_DEF = NO
@ -2109,12 +2272,6 @@ EXTERNAL_GROUPS = YES
EXTERNAL_PAGES = YES
# The PERL_PATH should be the absolute path and name of the perl script
# interpreter (i.e. the result of 'which perl').
# The default file (with absolute path) is: /usr/bin/perl.
PERL_PATH = /usr/bin/perl
#---------------------------------------------------------------------------
# Configuration options related to the dot tool
#---------------------------------------------------------------------------
@ -2128,15 +2285,6 @@ PERL_PATH = /usr/bin/perl
CLASS_DIAGRAMS = YES
# You can define message sequence charts within doxygen comments using the \msc
# command. Doxygen will then run the mscgen tool (see:
# http://www.mcternan.me.uk/mscgen/)) to produce the chart and insert it in the
# documentation. The MSCGEN_PATH tag allows you to specify the directory where
# the mscgen tool resides. If left empty the tool is assumed to be found in the
# default search path.
MSCGEN_PATH =
# You can include diagrams made with dia in doxygen documentation. Doxygen will
# then run dia to produce the diagram and insert it in the documentation. The
# DIA_PATH tag allows you to specify the directory where the dia binary resides.
@ -2234,10 +2382,32 @@ UML_LOOK = NO
# but if the number exceeds 15, the total amount of fields shown is limited to
# 10.
# Minimum value: 0, maximum value: 100, default value: 10.
# This tag requires that the tag HAVE_DOT is set to YES.
# This tag requires that the tag UML_LOOK is set to YES.
UML_LIMIT_NUM_FIELDS = 10
# If the DOT_UML_DETAILS tag is set to NO, doxygen will show attributes and
# methods without types and arguments in the UML graphs. If the DOT_UML_DETAILS
# tag is set to YES, doxygen will add type and arguments for attributes and
# methods in the UML graphs. If the DOT_UML_DETAILS tag is set to NONE, doxygen
# will not generate fields with class member information in the UML graphs. The
# class diagrams will look similar to the default class diagrams but using UML
# notation for the relationships.
# Possible values are: NO, YES and NONE.
# The default value is: NO.
# This tag requires that the tag UML_LOOK is set to YES.
DOT_UML_DETAILS = NO
# The DOT_WRAP_THRESHOLD tag can be used to set the maximum number of characters
# to display on a single line. If the actual line length exceeds this threshold
# significantly it will wrapped across multiple lines. Some heuristics are apply
# to avoid ugly line breaks.
# Minimum value: 0, maximum value: 1000, default value: 17.
# This tag requires that the tag HAVE_DOT is set to YES.
DOT_WRAP_THRESHOLD = 17
# If the TEMPLATE_RELATIONS tag is set to YES then the inheritance and
# collaboration graphs will show the relations between templates and their
# instances.
@ -2366,6 +2536,11 @@ DIAFILE_DIRS =
PLANTUML_JAR_PATH =
# When using plantuml, the PLANTUML_CFG_FILE tag can be used to specify a
# configuration file for plantuml.
PLANTUML_CFG_FILE =
# When using plantuml, the specified paths are searched for files specified by
# the !include statement in a plantuml block.
@ -2424,9 +2599,11 @@ DOT_MULTI_TARGETS = YES
GENERATE_LEGEND = YES
# If the DOT_CLEANUP tag is set to YES, doxygen will remove the intermediate dot
# If the DOT_CLEANUP tag is set to YES, doxygen will remove the intermediate
# files that are used to generate the various graphs.
#
# Note: This setting is not only used for dot files but also for msc and
# plantuml temporary files.
# The default value is: YES.
# This tag requires that the tag HAVE_DOT is set to YES.
DOT_CLEANUP = YES

219
contrib/ldns/ltmain.sh
View File

@ -31,7 +31,7 @@
PROGRAM=libtool
PACKAGE=libtool
VERSION="2.4.6 Debian-2.4.6-1"
VERSION="2.4.6 Debian-2.4.6-15build2"
package_revision=2.4.6
@ -387,7 +387,7 @@ EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake.
# putting '$debug_cmd' at the start of all your functions, you can get
# bash to show function call trace with:
#
# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name
# debug_cmd='echo "${FUNCNAME[0]} $*" >&2' bash your-script-name
debug_cmd=${debug_cmd-":"}
exit_cmd=:
@ -1370,7 +1370,7 @@ func_lt_ver ()
#! /bin/sh
# Set a version string for this script.
scriptversion=2014-01-07.03; # UTC
scriptversion=2015-10-07.11; # UTC
# A portable, pluggable option parser for Bourne shell.
# Written by Gary V. Vaughan, 2010
@ -1530,6 +1530,8 @@ func_run_hooks ()
{
$debug_cmd
_G_rc_run_hooks=false
case " $hookable_fns " in
*" $1 "*) ;;
*) func_fatal_error "'$1' does not support hook funcions.n" ;;
@ -1538,16 +1540,16 @@ func_run_hooks ()
eval _G_hook_fns=\$$1_hooks; shift
for _G_hook in $_G_hook_fns; do
eval $_G_hook '"$@"'
# store returned options list back into positional
# parameters for next 'cmd' execution.
eval _G_hook_result=\$${_G_hook}_result
eval set dummy "$_G_hook_result"; shift
if eval $_G_hook '"$@"'; then
# store returned options list back into positional
# parameters for next 'cmd' execution.
eval _G_hook_result=\$${_G_hook}_result
eval set dummy "$_G_hook_result"; shift
_G_rc_run_hooks=:
fi
done
func_quote_for_eval ${1+"$@"}
func_run_hooks_result=$func_quote_for_eval_result
$_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result
}
@ -1557,10 +1559,16 @@ func_run_hooks ()
## --------------- ##
# In order to add your own option parsing hooks, you must accept the
# full positional parameter list in your hook function, remove any
# options that you action, and then pass back the remaining unprocessed
# full positional parameter list in your hook function, you may remove/edit
# any options that you action, and then pass back the remaining unprocessed
# options in '<hooked_function_name>_result', escaped suitably for
# 'eval'. Like this:
# 'eval'. In this case you also must return $EXIT_SUCCESS to let the
# hook's caller know that it should pay attention to
# '<hooked_function_name>_result'. Returning $EXIT_FAILURE signalizes that
# arguments are left untouched by the hook and therefore caller will ignore the
# result variable.
#
# Like this:
#
# my_options_prep ()
# {
@ -1570,9 +1578,11 @@ func_run_hooks ()
# usage_message=$usage_message'
# -s, --silent don'\''t print informational messages
# '
#
# func_quote_for_eval ${1+"$@"}
# my_options_prep_result=$func_quote_for_eval_result
# # No change in '$@' (ignored completely by this hook). There is
# # no need to do the equivalent (but slower) action:
# # func_quote_for_eval ${1+"$@"}
# # my_options_prep_result=$func_quote_for_eval_result
# false
# }
# func_add_hook func_options_prep my_options_prep
#
@ -1581,25 +1591,37 @@ func_run_hooks ()
# {
# $debug_cmd
#
# args_changed=false
#
# # Note that for efficiency, we parse as many options as we can
# # recognise in a loop before passing the remainder back to the
# # caller on the first unrecognised argument we encounter.
# while test $# -gt 0; do
# opt=$1; shift
# case $opt in
# --silent|-s) opt_silent=: ;;
# --silent|-s) opt_silent=:
# args_changed=:
# ;;
# # Separate non-argument short options:
# -s*) func_split_short_opt "$_G_opt"
# set dummy "$func_split_short_opt_name" \
# "-$func_split_short_opt_arg" ${1+"$@"}
# shift
# args_changed=:
# ;;
# *) set dummy "$_G_opt" "$*"; shift; break ;;
# *) # Make sure the first unrecognised option "$_G_opt"
# # is added back to "$@", we could need that later
# # if $args_changed is true.
# set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
# esac
# done
#
# func_quote_for_eval ${1+"$@"}
# my_silent_option_result=$func_quote_for_eval_result
# if $args_changed; then
# func_quote_for_eval ${1+"$@"}
# my_silent_option_result=$func_quote_for_eval_result
# fi
#
# $args_changed
# }
# func_add_hook func_parse_options my_silent_option
#
@ -1611,16 +1633,32 @@ func_run_hooks ()
# $opt_silent && $opt_verbose && func_fatal_help "\
# '--silent' and '--verbose' options are mutually exclusive."
#
# func_quote_for_eval ${1+"$@"}
# my_option_validation_result=$func_quote_for_eval_result
# false
# }
# func_add_hook func_validate_options my_option_validation
#
# You'll alse need to manually amend $usage_message to reflect the extra
# You'll also need to manually amend $usage_message to reflect the extra
# options you parse. It's preferable to append if you can, so that
# multiple option parsing hooks can be added safely.
# func_options_finish [ARG]...
# ----------------------------
# Finishing the option parse loop (call 'func_options' hooks ATM).
func_options_finish ()
{
$debug_cmd
_G_func_options_finish_exit=false
if func_run_hooks func_options ${1+"$@"}; then
func_options_finish_result=$func_run_hooks_result
_G_func_options_finish_exit=:
fi
$_G_func_options_finish_exit
}
# func_options [ARG]...
# ---------------------
# All the functions called inside func_options are hookable. See the
@ -1630,17 +1668,28 @@ func_options ()
{
$debug_cmd
func_options_prep ${1+"$@"}
eval func_parse_options \
${func_options_prep_result+"$func_options_prep_result"}
eval func_validate_options \
${func_parse_options_result+"$func_parse_options_result"}
_G_rc_options=false
eval func_run_hooks func_options \
${func_validate_options_result+"$func_validate_options_result"}
for my_func in options_prep parse_options validate_options options_finish
do
if eval func_$my_func '${1+"$@"}'; then
eval _G_res_var='$'"func_${my_func}_result"
eval set dummy "$_G_res_var" ; shift
_G_rc_options=:
fi
done
# save modified positional parameters for caller
func_options_result=$func_run_hooks_result
# Save modified positional parameters for caller. As a top-level
# options-parser function we always need to set the 'func_options_result'
# variable (regardless the $_G_rc_options value).
if $_G_rc_options; then
func_options_result=$_G_res_var
else
func_quote_for_eval ${1+"$@"}
func_options_result=$func_quote_for_eval_result
fi
$_G_rc_options
}
@ -1649,9 +1698,9 @@ func_options ()
# All initialisations required before starting the option parse loop.
# Note that when calling hook functions, we pass through the list of
# positional parameters. If a hook function modifies that list, and
# needs to propogate that back to rest of this script, then the complete
# needs to propagate that back to rest of this script, then the complete
# modified list must be put in 'func_run_hooks_result' before
# returning.
# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned).
func_hookable func_options_prep
func_options_prep ()
{
@ -1661,10 +1710,14 @@ func_options_prep ()
opt_verbose=false
opt_warning_types=
func_run_hooks func_options_prep ${1+"$@"}
_G_rc_options_prep=false
if func_run_hooks func_options_prep ${1+"$@"}; then
_G_rc_options_prep=:
# save modified positional parameters for caller
func_options_prep_result=$func_run_hooks_result
fi
# save modified positional parameters for caller
func_options_prep_result=$func_run_hooks_result
$_G_rc_options_prep
}
@ -1678,18 +1731,20 @@ func_parse_options ()
func_parse_options_result=
_G_rc_parse_options=false
# this just eases exit handling
while test $# -gt 0; do
# Defer to hook functions for initial option parsing, so they
# get priority in the event of reusing an option name.
func_run_hooks func_parse_options ${1+"$@"}
# Adjust func_parse_options positional parameters to match
eval set dummy "$func_run_hooks_result"; shift
if func_run_hooks func_parse_options ${1+"$@"}; then
eval set dummy "$func_run_hooks_result"; shift
_G_rc_parse_options=:
fi
# Break out of the loop if we already parsed every option.
test $# -gt 0 || break
_G_match_parse_options=:
_G_opt=$1
shift
case $_G_opt in
@ -1704,7 +1759,10 @@ func_parse_options ()
;;
--warnings|--warning|-W)
test $# = 0 && func_missing_arg $_G_opt && break
if test $# = 0 && func_missing_arg $_G_opt; then
_G_rc_parse_options=:
break
fi
case " $warning_categories $1" in
*" $1 "*)
# trailing space prevents matching last $1 above
@ -1757,15 +1815,25 @@ func_parse_options ()
shift
;;
--) break ;;
--) _G_rc_parse_options=: ; break ;;
-*) func_fatal_help "unrecognised option: '$_G_opt'" ;;
*) set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
*) set dummy "$_G_opt" ${1+"$@"}; shift
_G_match_parse_options=false
break
;;
esac
$_G_match_parse_options && _G_rc_parse_options=:
done
# save modified positional parameters for caller
func_quote_for_eval ${1+"$@"}
func_parse_options_result=$func_quote_for_eval_result
if $_G_rc_parse_options; then
# save modified positional parameters for caller
func_quote_for_eval ${1+"$@"}
func_parse_options_result=$func_quote_for_eval_result
fi
$_G_rc_parse_options
}
@ -1778,16 +1846,21 @@ func_validate_options ()
{
$debug_cmd
_G_rc_validate_options=false
# Display all warnings if -W was not given.
test -n "$opt_warning_types" || opt_warning_types=" $warning_categories"
func_run_hooks func_validate_options ${1+"$@"}
if func_run_hooks func_validate_options ${1+"$@"}; then
# save modified positional parameters for caller
func_validate_options_result=$func_run_hooks_result
_G_rc_validate_options=:
fi
# Bail if the options were screwed!
$exit_cmd $EXIT_FAILURE
# save modified positional parameters for caller
func_validate_options_result=$func_run_hooks_result
$_G_rc_validate_options
}
@ -1977,7 +2050,7 @@ func_version ()
# End:
# Set a version string.
scriptversion='(GNU libtool) 2.4.6 Debian-2.4.6-1'
scriptversion='(GNU libtool) 2.4.6'
# func_echo ARG...
@ -2068,7 +2141,7 @@ include the following information:
compiler: $LTCC
compiler flags: $LTCFLAGS
linker: $LD (gnu? $with_gnu_ld)
version: $progname $scriptversion
version: $progname $scriptversion Debian-2.4.6-15build2
automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q`
@ -2270,6 +2343,8 @@ libtool_options_prep ()
nonopt=
preserve_args=
_G_rc_lt_options_prep=:
# Shorthand for --mode=foo, only valid as the first argument
case $1 in
clean|clea|cle|cl)
@ -2293,11 +2368,18 @@ libtool_options_prep ()
uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
shift; set dummy --mode uninstall ${1+"$@"}; shift
;;
*)
_G_rc_lt_options_prep=false
;;
esac
# Pass back the list of options.
func_quote_for_eval ${1+"$@"}
libtool_options_prep_result=$func_quote_for_eval_result
if $_G_rc_lt_options_prep; then
# Pass back the list of options.
func_quote_for_eval ${1+"$@"}
libtool_options_prep_result=$func_quote_for_eval_result
fi
$_G_rc_lt_options_prep
}
func_add_hook func_options_prep libtool_options_prep
@ -2309,9 +2391,12 @@ libtool_parse_options ()
{
$debug_cmd
_G_rc_lt_parse_options=false
# Perform our own loop to consume as many options as possible in
# each iteration.
while test $# -gt 0; do
_G_match_lt_parse_options=:
_G_opt=$1
shift
case $_G_opt in
@ -2386,15 +2471,22 @@ libtool_parse_options ()
func_append preserve_args " $_G_opt"
;;
# An option not handled by this hook function:
*) set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
# An option not handled by this hook function:
*) set dummy "$_G_opt" ${1+"$@"} ; shift
_G_match_lt_parse_options=false
break
;;
esac
$_G_match_lt_parse_options && _G_rc_lt_parse_options=:
done
if $_G_rc_lt_parse_options; then
# save modified positional parameters for caller
func_quote_for_eval ${1+"$@"}
libtool_parse_options_result=$func_quote_for_eval_result
fi
# save modified positional parameters for caller
func_quote_for_eval ${1+"$@"}
libtool_parse_options_result=$func_quote_for_eval_result
$_G_rc_lt_parse_options
}
func_add_hook func_parse_options libtool_parse_options
@ -7275,10 +7367,13 @@ func_mode_link ()
# -specs=* GCC specs files
# -stdlib=* select c++ std lib with clang
# -fsanitize=* Clang/GCC memory and address sanitizer
# -fuse-ld=* Linker select flags for GCC
# -static-* direct GCC to link specific libraries statically
# -fcilkplus Cilk Plus language extension features for C/C++
-64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
-t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
-O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
-specs=*|-fsanitize=*)
-specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus)
func_quote_for_eval "$arg"
arg=$func_quote_for_eval_result
func_append compile_command " $arg"

6
contrib/ldns/m4/ax_config_feature.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_config_feature.html
# https://www.gnu.org/software/autoconf-archive/ax_config_feature.html
# ===========================================================================
#
# SYNOPSIS
@ -73,7 +73,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -88,7 +88,7 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 10
#serial 11
AC_DEFUN([AX_CONFIG_FEATURE],[ dnl
m4_pushdef([FEATURE], patsubst([$1], -, _))dnl

4
contrib/ldns/m4/ax_have_poll.m4
View File

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_have_poll.html
# https://www.gnu.org/software/autoconf-archive/ax_have_poll.html
# ===========================================================================
#
# SYNOPSIS
@ -34,7 +34,7 @@
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 7
#serial 8
AC_DEFUN([AX_HAVE_POLL], [dnl
AC_MSG_CHECKING([for poll(2)])

31
contrib/ldns/m4/libtool.m4 vendored
View File

@ -1041,8 +1041,8 @@ int forced_loaded() { return 2;}
_LT_EOF
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
$AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
$AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
$RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
cat > conftest.c << _LT_EOF
@ -1071,11 +1071,11 @@ _LT_EOF
# to the OS version, if on x86, and 10.4, the deployment
# target defaults to 10.4. Don't you love it?
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
10.0,*86*-darwin8*|10.0,*-darwin[[912]]*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
10.[[012]][[,.]]*)
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
10.*)
10.*|11.*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
esac
;;
@ -1492,7 +1492,7 @@ need_locks=$enable_libtool_lock
m4_defun([_LT_PROG_AR],
[AC_CHECK_TOOLS(AR, [ar], false)
: ${AR=ar}
: ${AR_FLAGS=cru}
: ${AR_FLAGS=cr}
_LT_DECL([], [AR], [1], [The archiver])
_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
@ -4063,7 +4063,8 @@ _LT_EOF
if AC_TRY_EVAL(ac_compile); then
# Now try to grab the symbols.
nlist=conftest.nm
if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
$ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD
if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@ -4703,6 +4704,12 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
# flang / f18. f95 an alias for gfortran or flang on Debian
flang* | f18* | f95*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
# icc used to be incompatible with GCC.
# ICC 10 doesn't accept -KPIC any more.
icc* | ifort*)
@ -6438,7 +6445,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
GXX=no
@ -6813,7 +6820,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
if test yes = "$GXX"; then
@ -6878,7 +6885,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
if test yes = "$GXX"; then
@ -7217,7 +7224,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
# FIXME: insert proper C++ library support
@ -7301,7 +7308,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
# g++ 2.7 appears to require '-G' NOT '-shared' on this
# platform.
@ -7312,7 +7319,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
fi
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'

263
contrib/ldns/makewin.sh Executable file
View File

@ -0,0 +1,263 @@
#!/usr/bin/env bash
# compile ldns for windows
cdir="$(echo ldns.win.$$)"
tmpdir=$(pwd)
mkdir "$cdir"
cd "$cdir"
#configure="mingw32-configure"
#strip="i686-w64-mingw32-strip"
#warch="i686"
configure="mingw64-configure"
strip="x86_64-w64-mingw32-strip"
warch="x86_64"
WINSSL="$HOME/Downloads/openssl-1.1.0h.tar.gz"
cross_flag=""
cross_flag_nonstatic=""
RC="no"
SNAPSHOT="no"
CHECKOUT=""
# the destination is a zipfile in the start directory ldns-a.b.c.zip
# the start directory is a git repository, and it is copied to build from.
info () {
echo "info: $1"
}
error_cleanup () {
echo "$1"
cd "$tmpdir"
rm -rf "$cdir"
exit 1
}
replace_text () {
(cp "$1" "$1".orig && \
sed -e "s/$2/$3/g" < "$1".orig > "$1" && \
rm "$1".orig) || error_cleanup "Replacement for $1 failed."
}
# Parse command line arguments
while [ "$1" ]; do
case "$1" in
"-h")
echo "Compile a zip file with static executables, and"
echo "dynamic library, static library, include dir and"
echo "manual pages."
echo ""
echo " -h This usage information."
echo " -s snapshot, current date appended to version"
echo " -rc <nr> release candidate, the number is added to version"
echo " ldns-<version>rc<nr>."
echo " -c <tag/br> Checkout this tag or branch, (defaults to current"
echo " branch)."
echo " -wssl <file> Pass openssl.tar.gz file, use absolute path."
echo ""
exit 1
;;
"-c")
CHECKOUT="$2"
shift
;;
"-s")
SNAPSHOT="yes"
;;
"-rc")
RC="$2"
shift
;;
"-wssl")
WINSSL="$2"
shift
;;
*)
error_cleanup "Unrecognized argument -- $1"
;;
esac
shift
done
if [ -z "$CHECKOUT" ]
then
if [ "$RC" = "no" ]
then
CHECKOUT=$( (git status | head -n 1 | awk '{print$3}') || echo master)
else
CHECKOUT=$( (git status | head -n 1 | awk '{print$3}') || echo develop)
fi
fi
# this script creates a temp directory $cdir.
# this directory contains subdirectories:
# ldns/ : ldns source compiled
# openssl-a.b.c/ : the openSSL source compiled
# ldnsinstall/ : install of ldns here.
# sslinstall/ : install of ssl here.
# file/ : directory to gather the components of the zipfile distribution
# ldns-nonstatic/ : ldns source compiled nonstatic
# ldnsinstall-nonstatic/ : install of ldns nonstatic compile
# openssl-nonstatic/ : nonstatic openssl source compiled
# sslinstall-nonstatic/ : install of nonstatic openssl compile
info "exporting source into $cdir/ldns"
git clone git://git.nlnetlabs.nl/ldns/ ldns || error_cleanup "git command failed"
(cd ldns; git checkout "$CHECKOUT") || error_cleanup "Could not checkout $CHECKOUT"
#svn export . $cdir/ldns
info "exporting source into $cdir/ldns-nonstatic"
git clone git://git.nlnetlabs.nl/ldns/ ldns-nonstatic || error_cleanup "git command failed"
(cd ldns-nonstatic; git checkout "$CHECKOUT") || error_cleanup "Could not checkout $CHECKOUT"
#svn export . $cdir/ldns-nonstatic
# Fix up the version number if necessary
(cd ldns; if test ! -f install-sh -a -f ../../install-sh; then cp ../../install-sh . ; fi; libtoolize -ci; autoreconf -fi)
version=$(./ldns/configure --version | head -1 | awk '{ print $3 }') || \
error_cleanup "Cannot determine version number."
info "LDNS version: $version"
if [ "$RC" != "no" ]; then
info "Building LDNS release candidate $RC."
version2="${version}-rc$RC"
info "Version number: $version2"
replace_text "ldns/configure.ac" "AC_INIT(ldns, $version" "AC_INIT(ldns, $version2"
replace_text "ldns-nonstatic/configure.ac" "AC_INIT(ldns, $version" "AC_INIT(ldns, $version2"
version="$version2"
fi
if [ "$SNAPSHOT" = "yes" ]; then
info "Building LDNS snapshot."
version2="${version}_$(date +%Y%m%d)"
info "Snapshot version number: $version2"
replace_text "ldns/configure.ac" "AC_INIT(ldns, $version" "AC_INIT(ldns, $version2"
replace_text "ldns-nonstatic/configure.ac" "AC_INIT(ldns, $version" "AC_INIT(ldns, $version2"
version="$version2"
fi
# Build OpenSSL
gzip -cd "$WINSSL" | tar xf - || error_cleanup "tar unpack of $WINSSL failed"
sslinstall="$(pwd)/sslinstall"
cd openssl-* || error_cleanup "no openssl-X dir in tarball"
if test $configure = "mingw64-configure"; then
sslflags="no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64"
else
sslflags="no-shared no-asm -DOPENSSL_NO_CAPIENG mingw"
fi
info "winssl: Configure $sslflags"
CC="${warch}-w64-mingw32-gcc" AR="${warch}-w64-mingw32-ar" RANLIB="${warch}-w64-mingw32-ranlib" WINDRES="${warch}-w64-mingw32-windres" ./Configure --prefix="$sslinstall" "$sslflags" || error_cleanup "OpenSSL Configure failed"
info "winssl: make"
make || error_cleanup "make failed for $WINSSL"
info "winssl: make install_sw"
make install_sw || error_cleanup "OpenSSL install failed"
cross_flag="$cross_flag --with-ssl=$sslinstall"
cd ..
# Build ldns
ldnsinstall="$(pwd)/ldnsinstall"
cd ldns
info "ldns: autoconf"
# cp install-sh because one at ../.. means libtoolize won't install it for us.
if test ! -f install-sh -a -f ../../install-sh; then cp ../../install-sh . ; fi
libtoolize -ci
autoreconf -fi
ldns_flag="--with-examples --with-drill"
info "ldns: Configure $cross_flag $ldns_flag"
$configure "$cross_flag" "$ldns_flag" || error_cleanup "ldns configure failed"
info "ldns: make"
make || error_cleanup "ldns make failed"
# do not strip debug symbols, could be useful for stack traces
# $strip lib/*.dll || error_cleanup "cannot strip ldns dll"
make doc || error_cleanup "ldns make doc failed"
DESTDIR=$ldnsinstall make install || error_cleanup "ldns make install failed"
cd ..
# Build OpenSSL nonstatic
sslinstallnonstatic="$(pwd)/sslinstallnonstatic"
mkdir openssl-nonstatic
cd openssl-nonstatic
# remove openssl-a.b.c/ and put in openssl-nonstatic directory
gzip -cd "$WINSSL" | tar xf - --strip-components=1 || error_cleanup "tar unpack of $WINSSL failed"
if test "$configure" = "mingw64-configure"; then
sslflags_nonstatic="shared no-asm -DOPENSSL_NO_CAPIENG mingw64"
else
sslflags_nonstatic="shared no-asm -DOPENSSL_NO_CAPIENG mingw"
fi
info "winsslnonstatic: Configure $sslflags_nonstatic"
CC="${warch}-w64-mingw32-gcc" AR="${warch}-w64-mingw32-ar" RANLIB="${warch}-w64-mingw32-ranlib" WINDRES="${warch}-w64-mingw32-windres" ./Configure --prefix="$sslinstallnonstatic" "$sslflags_nonstatic" || error_cleanup "OpenSSL Configure failed"
info "winsslnonstatic: make"
make || error_cleanup "make failed for $WINSSL"
info "winsslnonstatic: make install_sw"
make install_sw || error_cleanup "OpenSSL install failed"
cross_flag_nonstatic="$cross_flag_nonstatic --with-ssl=$sslinstallnonstatic"
cd ..
# Build ldns nonstatic
ldnsinstallnonstatic="$(pwd)/ldnsinstall-nonstatic"
cd ldns-nonstatic
info "ldnsnonstatic: autoconf"
# cp install-sh because one at ../.. means libtoolize won't install it for us.
if test ! -f install-sh -a -f ../../install-sh; then cp ../../install-sh . ; fi
libtoolize -ci
autoreconf -fi
ldns_flag_nonstatic="--with-examples --with-drill"
info "ldnsnonstatic: Configure $cross_flag_nonstatic $ldns_flag_nonstatic"
$configure "$cross_flag_nonstatic" "$ldns_flag_nonstatic" || error_cleanup "ldns configure failed"
info "ldnsnonstatic: make"
make || error_cleanup "ldns make failed"
# do not strip debug symbols, could be useful for stack traces
# $strip lib/*.dll || error_cleanup "cannot strip ldns dll"
make doc || error_cleanup "ldns make doc failed"
DESTDIR=$ldnsinstallnonstatic make install || error_cleanup "ldns make install failed"
cd ..
# create zipfile
file="ldns-$version.zip"
rm -f "$file"
info "Creating $file"
mkdir file
cd file
installplace="$ldnsinstall/usr/$warch-w64-mingw32/sys-root/mingw"
installplacenonstatic="$ldnsinstallnonstatic/usr/$warch-w64-mingw32/sys-root/mingw"
cp "$installplace"/lib/libldns.a .
cp "$installplacenonstatic"/lib/libldns.dll.a .
cp "$installplacenonstatic"/bin/*.dll .
cp "$sslinstallnonstatic"/lib/*.dll.a .
cp "$sslinstallnonstatic"/bin/*.dll .
cp "$sslinstallnonstatic"/lib/engines-*/*.dll .
cp ../ldns/LICENSE .
cp ../ldns/README .
cp ../ldns/Changelog .
info "copy static exe"
for x in "$installplace"/bin/* ; do
cp "$x" "$(basename "$x").exe"
done
# but the shell script stays a script file
mv ldns-config.exe ldns-config
info "copy include"
mkdir include
mkdir include/ldns
cp "$installplace"/include/ldns/*.h include/ldns/.
info "copy man1"
mkdir man1
cp "$installplace"/share/man/man1/* man1/.
info "copy man3"
mkdir man3
cp "$installplace"/share/man/man3/* man3/.
info "create cat1"
mkdir cat1
for x in man1/*.1; do groff -man -Tascii -Z "$x" | grotty -cbu > cat1/"$(basename "$x" .1).txt"; done
info "create cat3"
mkdir cat3
for x in man3/*.3; do groff -man -Tascii -Z "$x" | grotty -cbu > cat3/"$(basename "$x" .3).txt"; done
rm -f "../../$file"
info "$file contents"
# show contents of directory we are zipping up.
du -s ./*
# zip it
info "zip $file"
zip -r ../../"$file" LICENSE README libldns.a *.dll *.dll.a Changelog *.exe include man1 man3 cat1 cat3
info "Testing $file"
(cd ../.. ; zip -T "$file" ) || error_cleanup "errors in zipfile $file"
cd ..
# cleanup before exit
cd "$tmpdir"
rm -rf "$cdir"
echo "done"
# display
ls -lG "$file"

108
contrib/ldns/net.c
View File

@ -198,11 +198,12 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
#ifndef S_SPLINT_S
if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_STREAM,
IPPROTO_TCP)) == SOCK_INVALID) {
return 0;
return -1;
}
#endif
if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == SOCK_INVALID){
return 0;
close_socket(sockfd);
return -1;
}
/* perform nonblocking connect, to be able to wait with select() */
@ -215,13 +216,13 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
if(1) {
#endif
close_socket(sockfd);
return 0;
return -1;
}
#else /* USE_WINSOCK */
if(WSAGetLastError() != WSAEINPROGRESS &&
WSAGetLastError() != WSAEWOULDBLOCK) {
close_socket(sockfd);
return 0;
return -1;
}
#endif
/* error was only telling us that it would block */
@ -234,7 +235,7 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
if(!ldns_sock_wait(sockfd, timeout, 1)) {
close_socket(sockfd);
return 0;
return -1;
}
/* check if there is a pending error for nonblocking connect */
@ -255,7 +256,7 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
close_socket(sockfd);
/* error in errno for our user */
errno = error;
return 0;
return -1;
}
#else /* USE_WINSOCK */
if(error == WSAEINPROGRESS)
@ -265,7 +266,7 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
else if(error != 0) {
close_socket(sockfd);
errno = error;
return 0;
return -1;
}
#endif /* USE_WINSOCK */
/* connected */
@ -281,6 +282,14 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
int
ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen,
struct timeval timeout)
{
int s = ldns_tcp_connect_from(to, tolen, NULL, 0, timeout);
return s > 0 ? s : 0;
}
int
ldns_tcp_connect2(const struct sockaddr_storage *to, socklen_t tolen,
struct timeval timeout)
{
return ldns_tcp_connect_from(to, tolen, NULL, 0, timeout);
}
@ -295,13 +304,9 @@ ldns_tcp_bgsend_from(ldns_buffer *qbin,
sockfd = ldns_tcp_connect_from(to, tolen, from, fromlen, timeout);
if (sockfd == 0) {
return 0;
}
if (ldns_tcp_send_query(qbin, sockfd, to, tolen) == 0) {
if (sockfd >= 0 && ldns_tcp_send_query(qbin, sockfd, to, tolen) == 0) {
close_socket(sockfd);
return 0;
return -1;
}
return sockfd;
@ -312,9 +317,17 @@ ldns_tcp_bgsend(ldns_buffer *qbin,
const struct sockaddr_storage *to, socklen_t tolen,
struct timeval timeout)
{
return ldns_tcp_bgsend_from(qbin, to, tolen, NULL, 0, timeout);
int s = ldns_tcp_bgsend_from(qbin, to, tolen, NULL, 0, timeout);
return s > 0 ? s : 0;
}
int
ldns_tcp_bgsend2(ldns_buffer *qbin,
const struct sockaddr_storage *to, socklen_t tolen,
struct timeval timeout)
{
return ldns_tcp_bgsend_from(qbin, to, tolen, NULL, 0, timeout);
}
/* keep in mind that in DNS tcp messages the first 2 bytes signal the
* amount data to expect
@ -330,24 +343,19 @@ ldns_tcp_send_from(uint8_t **result, ldns_buffer *qbin,
sockfd = ldns_tcp_bgsend_from(qbin, to, tolen, from, fromlen, timeout);
if (sockfd == 0) {
if (sockfd == -1) {
return LDNS_STATUS_ERR;
}
answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout);
close_socket(sockfd);
if (*answer_size == 0) {
if (!answer) {
/* oops */
return LDNS_STATUS_NETWORK_ERR;
}
/* resize accordingly */
*result = LDNS_XREALLOC(answer, uint8_t, (size_t)*answer_size);
if(!*result) {
LDNS_FREE(answer);
return LDNS_STATUS_MEM_ERR;
}
*result = answer;
return LDNS_STATUS_OK;
}
@ -368,13 +376,28 @@ ldns_udp_connect(const struct sockaddr_storage *to, struct timeval ATTR_UNUSED(t
#ifndef S_SPLINT_S
if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_DGRAM,
IPPROTO_UDP))
== -1) {
== SOCK_INVALID) {
return 0;
}
#endif
return sockfd;
}
int
ldns_udp_connect2(const struct sockaddr_storage *to, struct timeval ATTR_UNUSED(timeout))
{
int sockfd;
#ifndef S_SPLINT_S
if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_DGRAM,
IPPROTO_UDP))
== SOCK_INVALID) {
return -1;
}
#endif
return sockfd;
}
static int
ldns_udp_bgsend_from(ldns_buffer *qbin,
const struct sockaddr_storage *to , socklen_t tolen,
@ -383,19 +406,20 @@ ldns_udp_bgsend_from(ldns_buffer *qbin,
{
int sockfd;
sockfd = ldns_udp_connect(to, timeout);
sockfd = ldns_udp_connect2(to, timeout);
if (sockfd == 0) {
return 0;
if (sockfd == -1) {
return -1;
}
if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){
return 0;
close_socket(sockfd);
return -1;
}
if (ldns_udp_send_query(qbin, sockfd, to, tolen) == 0) {
close_socket(sockfd);
return 0;
return -1;
}
return sockfd;
}
@ -404,6 +428,15 @@ int
ldns_udp_bgsend(ldns_buffer *qbin,
const struct sockaddr_storage *to , socklen_t tolen,
struct timeval timeout)
{
int s = ldns_udp_bgsend_from(qbin, to, tolen, NULL, 0, timeout);
return s > 0 ? s : 0;
}
int
ldns_udp_bgsend2(ldns_buffer *qbin,
const struct sockaddr_storage *to , socklen_t tolen,
struct timeval timeout)
{
return ldns_udp_bgsend_from(qbin, to, tolen, NULL, 0, timeout);
}
@ -419,7 +452,7 @@ ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin,
sockfd = ldns_udp_bgsend_from(qbin, to, tolen, from, fromlen, timeout);
if (sockfd == 0) {
if (sockfd == -1) {
return LDNS_STATUS_SOCKET_ERROR;
}
@ -430,14 +463,14 @@ ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin,
}
/* set to nonblocking, so if the checksum is bad, it becomes
* an EGAIN error and the ldns_udp_send function does not block,
* an EAGAIN error and the ldns_udp_send function does not block,
* but returns a 'NETWORK_ERROR' much like a timeout. */
ldns_sock_nonblock(sockfd);
answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL);
close_socket(sockfd);
if (*answer_size == 0) {
if (!answer) {
/* oops */
return LDNS_STATUS_NETWORK_ERR;
}
@ -461,7 +494,7 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf
uint8_t i;
struct sockaddr_storage *src = NULL;
size_t src_len;
size_t src_len = 0;
struct sockaddr_storage *ns;
size_t ns_len;
struct timeval tv_s;
@ -571,6 +604,9 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf
if (!reply_bytes) {
/* the current nameserver seems to have a problem, blacklist it */
if (ldns_resolver_fail(r)) {
if(src) {
LDNS_FREE(src);
}
LDNS_FREE(ns);
return LDNS_STATUS_ERR;
} else {
@ -581,10 +617,12 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf
status = ldns_wire2pkt(&reply, reply_bytes, reply_size);
if (status != LDNS_STATUS_OK) {
if(src) LDNS_FREE(src);
LDNS_FREE(reply_bytes);
LDNS_FREE(ns);
return status;
}
assert(reply);
LDNS_FREE(ns);
gettimeofday(&tv_e, NULL);
@ -676,9 +714,6 @@ ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage
if (bytes == -1 || (size_t)bytes != ldns_buffer_position(qbin)) {
return 0;
}
if ((size_t) bytes != ldns_buffer_position(qbin)) {
return 0;
}
return bytes;
}
@ -918,6 +953,9 @@ ldns_axfr_start(ldns_resolver *resolver, const ldns_rdf *domain, ldns_rr_class c
src, (socklen_t)src_len,
ldns_resolver_timeout(resolver));
}
if (src) {
LDNS_FREE(src);
}
if (resolver->_socket == SOCK_INVALID) {
ldns_pkt_free(query);

4
contrib/ldns/packaging/fedora/ldns.spec
View File

@ -23,7 +23,7 @@ BuildRequires: python-devel, swig
%endif
%description
ldns is a library with the aim to simplify DNS programing in C. All
ldns is a library with the aim to simplify DNS programming in C. All
lowlevel DNS/DNSSEC operations are supported. We also define a higher
level API which allows a programmer to (for instance) create or sign
packets.
@ -125,7 +125,7 @@ rm -rf %{buildroot}
* Wed Jun 08 2011 Paul Wouters <paul@xelerance.com> - 1.6.10-1
- Updated to 1.6.10
- commented out build dependancies for svn snapshots
- commented out build dependencies for svn snapshots
* Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 1.6.9-1
- Updated to 1.6.9

17
contrib/ldns/packaging/ldns-config.in
View File

@ -4,26 +4,37 @@ prefix="@prefix@"
exec_prefix="@exec_prefix@"
VERSION="@PACKAGE_VERSION@"
CFLAGS="@CFLAGS@"
CPPFLAGS="@CPPFLAGS@ @LIBSSL_CPPFLAGS@ @PYTHON_CPPFLAGS@"
LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ @PYTHON_LDFLAGS@"
CPPFLAGS="@CPPFLAGS@ @LIBSSL_CPPFLAGS@"
LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@"
PYTHON_CPPFLAGS="@PYTHON_CPPFLAGS@"
PYTHON_LDFLAGS="@PYTHON_LDFLAGS@"
LIBS="@LIBS@ @LIBSSL_LIBS@"
LIBDIR="@libdir@"
INCLUDEDIR="@includedir@"
LIBVERSION="@VERSION_INFO@"
for arg in $@
do
if [ $arg = "--cflags" ]
then
echo "-I${INCLUDEDIR}"
fi
if [ $arg = "--python-cflags" ]
then
echo "${PYTHON_CPPFLAGS} -I${INCLUDEDIR}"
fi
if [ $arg = "--libs" ]
then
echo "${LDFLAGS} -L${LIBDIR} ${LIBS} -lldns"
fi
if [ $arg = "--python-libs" ]
then
echo "${LDFLAGS} ${PYTHON_LDFLAGS} -L${LIBDIR} ${LIBS} -lldns"
fi
if [ $arg = "-h" ] || [ $arg = "--help" ]
then
echo "Usage: $0 [--cflags] [--libs] [--version]"
echo "Usage: $0 [--cflags] [--python-cflags] [--libs] [--python-libs] [--version]"
fi
if [ $arg = "--version" ]
then

114
contrib/ldns/packet.c
View File

@ -13,6 +13,7 @@
#include <ldns/config.h>
#include <ldns/ldns.h>
#include <ldns/internal.h>
#include <strings.h>
#include <limits.h>
@ -26,6 +27,7 @@
*/
#define LDNS_EDNS_MASK_DO_BIT 0x8000
#define LDNS_EDNS_MASK_UNASSIGNED (0xFFFF & ~LDNS_EDNS_MASK_DO_BIT)
/* TODO defines for 3600 */
/* convert to and from numerical flag values */
@ -242,6 +244,19 @@ ldns_pkt_set_edns_do(ldns_pkt *packet, bool value)
}
}
uint16_t
ldns_pkt_edns_unassigned(const ldns_pkt *packet)
{
return (packet->_edns_z & LDNS_EDNS_MASK_UNASSIGNED);
}
void
ldns_pkt_set_edns_unassigned(ldns_pkt *packet, uint16_t value)
{
packet->_edns_z = (packet->_edns_z & ~LDNS_EDNS_MASK_UNASSIGNED)
| (value & LDNS_EDNS_MASK_UNASSIGNED);
}
ldns_rdf *
ldns_pkt_edns_data(const ldns_pkt *packet)
{
@ -375,6 +390,7 @@ ldns_pkt_rr(const ldns_pkt *pkt, ldns_pkt_section sec, const ldns_rr *rr)
return ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr);
case LDNS_SECTION_ANY:
result = ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr);
/* fallthrough */
case LDNS_SECTION_ANY_NOQUESTION:
result = result
|| ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr)
@ -623,6 +639,15 @@ ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data)
packet->_edns_data = data;
}
void
ldns_pkt_set_edns_option_list(ldns_pkt *packet, ldns_edns_option_list *list)
{
if (packet->_edns_list)
ldns_edns_option_list_deep_free(packet->_edns_list);
packet->_edns_list = list;
}
void
ldns_pkt_set_section_count(ldns_pkt *packet, ldns_pkt_section s, uint16_t count)
{
@ -723,15 +748,93 @@ ldns_pkt_safe_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list)
}
bool
ldns_pkt_edns(const ldns_pkt *pkt) {
ldns_pkt_edns(const ldns_pkt *pkt)
{
return (ldns_pkt_edns_udp_size(pkt) > 0 ||
ldns_pkt_edns_extended_rcode(pkt) > 0 ||
ldns_pkt_edns_data(pkt) ||
ldns_pkt_edns_do(pkt) ||
pkt->_edns_list ||
pkt->_edns_present
);
}
ldns_edns_option_list*
pkt_edns_data2edns_option_list(const ldns_rdf *edns_data)
{
size_t pos = 0;
ldns_edns_option_list* edns_list;
size_t max;
const uint8_t* wire;
if (!edns_data)
return NULL;
max = ldns_rdf_size(edns_data);
wire = ldns_rdf_data(edns_data);
if (!max)
return NULL;
if (!(edns_list = ldns_edns_option_list_new()))
return NULL;
while (pos < max) {
ldns_edns_option* edns;
uint8_t *data;
if (pos + 4 > max) { /* make sure the header is */
ldns_edns_option_list_deep_free(edns_list);
return NULL;
}
ldns_edns_option_code code = ldns_read_uint16(&wire[pos]);
size_t size = ldns_read_uint16(&wire[pos+2]);
pos += 4;
if (pos + size > max) { /* make sure the size fits the data */
ldns_edns_option_list_deep_free(edns_list);
return NULL;
}
data = LDNS_XMALLOC(uint8_t, size);
if (!data) {
ldns_edns_option_list_deep_free(edns_list);
return NULL;
}
memcpy(data, &wire[pos], size);
pos += size;
edns = ldns_edns_new(code, size, data);
if (!edns) {
ldns_edns_option_list_deep_free(edns_list);
return NULL;
}
if (!ldns_edns_option_list_push(edns_list, edns)) {
ldns_edns_option_list_deep_free(edns_list);
return NULL;
}
}
return edns_list;
}
ldns_edns_option_list*
ldns_pkt_edns_get_option_list(ldns_pkt *packet)
{
/* return the list if it already exists */
if (packet->_edns_list != NULL)
return packet->_edns_list;
/* if the list doesn't exists, we create it by parsing the
* packet->_edns_data
*/
if (!ldns_pkt_edns_data(packet))
return NULL;
return ( packet->_edns_list
= pkt_edns_data2edns_option_list(ldns_pkt_edns_data(packet)));
}
/* Create/destroy/convert functions
*/
@ -781,8 +884,9 @@ ldns_pkt_new(void)
ldns_pkt_set_edns_version(packet, 0);
ldns_pkt_set_edns_z(packet, 0);
ldns_pkt_set_edns_data(packet, NULL);
packet->_edns_list = NULL;
packet->_edns_present = false;
ldns_pkt_set_tsig(packet, NULL);
return packet;
@ -799,6 +903,7 @@ ldns_pkt_free(ldns_pkt *packet)
ldns_rr_list_deep_free(packet->_additional);
ldns_rr_free(packet->_tsig_rr);
ldns_rdf_deep_free(packet->_edns_data);
ldns_edns_option_list_deep_free(packet->_edns_list);
ldns_rdf_deep_free(packet->_answerfrom);
LDNS_FREE(packet);
}
@ -928,11 +1033,13 @@ ldns_pkt_query_new_frm_str_internal(ldns_pkt **p, const char *name,
}
if (!ldns_pkt_set_flags(packet, flags)) {
ldns_pkt_free(packet);
return LDNS_STATUS_ERR;
}
question_rr = ldns_rr_new();
if (!question_rr) {
ldns_pkt_free(packet);
return LDNS_STATUS_MEM_ERR;
}
@ -1146,6 +1253,9 @@ ldns_pkt_clone(const ldns_pkt *pkt)
ldns_pkt_set_edns_data(new_pkt,
ldns_rdf_clone(ldns_pkt_edns_data(pkt)));
ldns_pkt_set_edns_do(new_pkt, ldns_pkt_edns_do(pkt));
if (pkt->_edns_list)
ldns_pkt_set_edns_option_list(new_pkt,
ldns_edns_option_list_clone(pkt->_edns_list));
ldns_rr_list_deep_free(new_pkt->_question);
ldns_rr_list_deep_free(new_pkt->_answer);

97
contrib/ldns/parse.c
View File

@ -27,31 +27,45 @@ ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit)
return ldns_fget_token_l(f, token, delim, limit, NULL);
}
ssize_t
ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
ldns_status
ldns_fget_token_l_st(FILE *f, char **token, size_t *limit, bool fixed
, const char *delim, int *line_nr)
{
int c, prev_c;
int p; /* 0 -> no parenthese seen, >0 nr of ( seen */
int p; /* 0 -> no parentheses seen, >0 nr of ( seen */
int com, quoted;
char *t;
char *t, *old_token;
size_t i;
const char *d;
const char *del;
/* standard delimeters */
/* standard delimiters */
if (!delim) {
/* from isspace(3) */
del = LDNS_PARSE_NORMAL;
} else {
del = delim;
}
if (!token || !limit)
return LDNS_STATUS_NULL;
if (fixed) {
if (*token == NULL || *limit == 0)
return LDNS_STATUS_NULL;
} else if (*token == NULL) {
*limit = LDNS_MAX_LINELEN;
if (!(*token = LDNS_XMALLOC(char, *limit + 1)))
return LDNS_STATUS_MEM_ERR;
} else if (*limit == 0)
return LDNS_STATUS_ERR;
p = 0;
i = 0;
com = 0;
quoted = 0;
prev_c = 0;
t = token;
t = *token;
if (del[0] == '"') {
quoted = 1;
}
@ -79,7 +93,8 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
if (p < 0) {
/* more ) then ( - close off the string */
*t = '\0';
return 0;
return i == 0 ? LDNS_STATUS_SYNTAX_EMPTY
: LDNS_STATUS_OK;
}
/* do something with comments ; */
@ -113,11 +128,28 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
continue;
}
if (c == '\n' && p != 0 && t > token) {
if (c == '\n' && p != 0 && t > *token) {
/* in parentheses */
if (line_nr) {
*line_nr = *line_nr + 1;
}
if (*limit > 0
&& (i >= *limit || (size_t)(t - *token) >= *limit)) {
if (fixed) {
*t = '\0';
return LDNS_STATUS_SYNTAX_ERR;
}
old_token = *token;
*limit *= 2;
*token = LDNS_XREALLOC(*token, char, *limit + 1);
if (*token == NULL) {
*token = old_token;
*t = '\0';
return LDNS_STATUS_MEM_ERR;
}
if (*token != old_token)
t = *token + (t - old_token);
}
*t++ = ' ';
prev_c = c;
continue;
@ -135,30 +167,42 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
if (c != '\0' && c != '\n') {
i++;
}
if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
*t = '\0';
return -1;
if (*limit > 0
&& (i >= *limit || (size_t)(t - *token) >= *limit)) {
if (fixed) {
*t = '\0';
return LDNS_STATUS_SYNTAX_ERR;
}
old_token = *token;
*limit *= 2;
*token = LDNS_XREALLOC(*token, char, *limit + 1);
if (*token == NULL) {
*token = old_token;
*t = '\0';
return LDNS_STATUS_MEM_ERR;
}
if (*token != old_token)
t = *token + (t - old_token);
}
if (c != '\0' && c != '\n') {
*t++ = c;
}
if (c == '\n' && line_nr) {
*line_nr = *line_nr + 1;
}
if (c == '\\' && prev_c == '\\')
prev_c = 0;
else prev_c = c;
}
*t = '\0';
if (c == EOF) {
return (ssize_t)i;
return i == 0 ? LDNS_STATUS_SYNTAX_EMPTY : LDNS_STATUS_OK;
}
if (i == 0) {
/* nothing read */
return -1;
}
if (p != 0) {
return -1;
return LDNS_STATUS_SYNTAX_ERR;
}
return (ssize_t)i;
return i == 0 ? LDNS_STATUS_SYNTAX_EMPTY : LDNS_STATUS_OK;
tokenread:
if(*del == '"') /* do not skip over quotes, they are significant */
@ -166,10 +210,21 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
else ldns_fskipcs_l(f, del, line_nr);
*t = '\0';
if (p != 0) {
return -1;
return LDNS_STATUS_SYNTAX_ERR;
}
return i == 0 ? LDNS_STATUS_SYNTAX_EMPTY : LDNS_STATUS_OK;
}
return (ssize_t)i;
ssize_t
ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
{
if (limit == 0)
limit = LDNS_MAX_LINELEN;
if (ldns_fget_token_l_st(f, &token, &limit, true, delim, line_nr))
return -1;
else
return (ssize_t)strlen(token);
}
ssize_t
@ -219,7 +274,7 @@ ssize_t
ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit)
{
int c, lc;
int p; /* 0 -> no parenthese seen, >0 nr of ( seen */
int p; /* 0 -> no parentheses seen, >0 nr of ( seen */
int com, quoted;
char *t;
size_t i;

5
contrib/ldns/radix.c
View File

@ -225,9 +225,9 @@ ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len,
}
} else if (pos == len) {
/** Exact match found */
LDNS_FREE(add);
if (prefix->data) {
/* Element already exists */
LDNS_FREE(add);
return LDNS_STATUS_EXISTS_ERR;
}
prefix->data = data;
@ -1120,12 +1120,15 @@ ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key,
if (array->len - common_len > 1) {
if (!ldns_radix_prefix_remainder(common_len+1,
array->str, array->len, &s1, &l1)) {
LDNS_FREE(common);
return 0;
}
}
if (strlen_to_add - common_len > 1) {
if (!ldns_radix_prefix_remainder(common_len+1,
str_to_add, strlen_to_add, &s2, &l2)) {
LDNS_FREE(common);
LDNS_FREE(s1);
return 0;
}
}

2
contrib/ldns/rbtree.c
View File

@ -71,7 +71,7 @@ static void ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node)
static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent);
/*
* Creates a new red black tree, intializes and returns a pointer to it.
* Creates a new red black tree, initializes and returns a pointer to it.
*
* Return NULL on failure.
*

8
contrib/ldns/rdata.c
View File

@ -360,6 +360,12 @@ ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str)
case LDNS_RDF_TYPE_MATCHING_TYPE:
status = ldns_str2rdf_matching_type(&rdf, str);
break;
case LDNS_RDF_TYPE_AMTRELAY:
status = ldns_str2rdf_amtrelay(&rdf, str);
break;
case LDNS_RDF_TYPE_SVCPARAMS:
status = ldns_str2rdf_svcparams(&rdf, str);
break;
case LDNS_RDF_TYPE_NONE:
default:
/* default default ??? */
@ -618,7 +624,7 @@ ldns_octet(char *word, size_t *length)
return LDNS_STATUS_DDD_OVERFLOW;
}
} else {
/* an espaced character, like \<space> ?
/* an escaped character, like \<space> ?
* remove the '\' keep the rest */
*p = *++s;
(*length)++;

22
contrib/ldns/resolver.c
View File

@ -764,7 +764,7 @@ ldns_resolver_new_frm_fp(ldns_resolver **res, FILE *fp)
ldns_status
ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
{
ldns_resolver *r;
ldns_resolver *r = NULL;
const char *keyword[LDNS_RESOLV_KEYWORDS];
char word[LDNS_MAX_LINELEN + 1];
int8_t expect;
@ -780,7 +780,7 @@ ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
if(!line_nr) line_nr = &lnr;
if(!fp) {
myfp = fopen("/etc/resolv.conf", "r");
myfp = fopen(LDNS_RESOLV_CONF, "r");
if(!myfp)
return LDNS_STATUS_FILE_ERR;
}
@ -800,7 +800,6 @@ ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
keyword[LDNS_RESOLV_SORTLIST] = "sortlist";
keyword[LDNS_RESOLV_OPTIONS] = "options";
keyword[LDNS_RESOLV_ANCHOR] = "anchor";
expect = LDNS_RESOLV_KEYWORD;
r = ldns_resolver_new();
if (!r) {
@ -860,6 +859,7 @@ ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
if (gtr == 0) {
if(!fp) fclose(myfp);
ldns_resolver_deep_free(r);
return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
}
if(word[0] == '#') {
@ -868,8 +868,8 @@ ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
}
tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word);
if (!tmp) {
ldns_resolver_deep_free(r);
if(!fp) fclose(myfp);
ldns_resolver_deep_free(r);
return LDNS_STATUS_SYNTAX_DNAME_ERR;
}
@ -882,6 +882,7 @@ ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
if (gtr == 0) {
if(!fp) fclose(myfp);
ldns_resolver_deep_free(r);
return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
}
if(word[0] == '#') {
@ -1108,7 +1109,8 @@ ldns_resolver_search_status(ldns_pkt** pkt,
s = ldns_resolver_query_status(pkt, r,
new_name, t, c, flags);
ldns_rdf_free(new_name);
ldns_rdf_deep_free(new_name);
if (pkt && *pkt) {
if (s == LDNS_STATUS_OK &&
ldns_pkt_get_rcode(*pkt) ==
@ -1132,6 +1134,7 @@ ldns_resolver_search(const ldns_resolver *r,const ldns_rdf *name,
if (ldns_resolver_search_status(&pkt, (ldns_resolver *)r,
name, t, c, flags) != LDNS_STATUS_OK) {
ldns_pkt_free(pkt);
return NULL;
}
return pkt;
}
@ -1165,6 +1168,7 @@ ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name,
if (ldns_resolver_query_status(&pkt, (ldns_resolver *)r,
name, t, c, flags) != LDNS_STATUS_OK) {
ldns_pkt_free(pkt);
return NULL;
}
return pkt;
}
@ -1178,6 +1182,7 @@ ldns_resolver_backup_rtt(ldns_resolver *r)
if (old_rtt && ldns_resolver_nameserver_count(r)) {
new_rtt = LDNS_XMALLOC(size_t
, ldns_resolver_nameserver_count(r));
if (!new_rtt) return NULL;
memcpy(new_rtt, old_rtt, sizeof(size_t)
* ldns_resolver_nameserver_count(r));
ldns_resolver_set_rtt(r, new_rtt);
@ -1240,6 +1245,7 @@ ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r,
ldns_pkt_tc(answer_pkt)) {
ldns_resolver_set_usevc(r, true);
ldns_pkt_free(answer_pkt);
answer_pkt = NULL;
stat = ldns_send(&answer_pkt, r, query_pkt);
ldns_resolver_set_usevc(r, false);
}
@ -1247,7 +1253,7 @@ ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r,
}
}
if (answer) {
if (answer && answer_pkt) {
*answer = answer_pkt;
}
@ -1528,14 +1534,14 @@ void
ldns_axfr_abort(ldns_resolver *resolver)
{
/* Only abort if an actual AXFR is in progress */
if (resolver->_socket != 0)
if (resolver->_socket != -1)
{
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
resolver->_socket = 0;
resolver->_socket = -1;
}
}

204
contrib/ldns/rr.c
View File

@ -10,6 +10,7 @@
#include <ldns/config.h>
#include <ldns/ldns.h>
#include <ldns/internal.h>
#include <strings.h>
#include <limits.h>
@ -20,6 +21,12 @@
#define LDNS_TTL_DATALEN 21
#define LDNS_RRLIST_INIT 8
#define _IS_WHITESPACE(chr) \
( NULL != strchr( LDNS_PARSE_NO_NL, chr) )
#define _BUFFER_IS_AT_WHITESPACE(rd_buf) \
_IS_WHITESPACE(*(ldns_buffer_current(rd_buf)))
ldns_rr *
ldns_rr_new(void)
{
@ -111,8 +118,9 @@ ldns_rdf_type_maybe_quoted(ldns_rdf_type rdf_type)
*/
static ldns_status
ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
uint32_t default_ttl, const ldns_rdf *origin,
ldns_rdf **prev, bool question)
uint32_t default_ttl, const ldns_rdf *origin,
ldns_rdf **prev, bool question,
bool *explicit_ttl)
{
ldns_rr *new;
const ldns_rr_descriptor *desc;
@ -125,6 +133,7 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
ldns_rr_class clas_val;
char *clas = NULL;
char *type = NULL;
size_t type_sz;
char *rdata = NULL;
char *rd = NULL;
char *xtok = NULL; /* For RDF types with spaces (i.e. extra tokens) */
@ -197,6 +206,9 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
} else {
ttl_val = default_ttl;
}
if (explicit_ttl)
*explicit_ttl = false;
/* we not ASSUMING the TTL is missing and that
* the rest of the RR is still there. That is
* CLASS TYPE RDATA
@ -208,13 +220,17 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
*/
if (clas_val == 0) {
clas_val = LDNS_RR_CLASS_IN;
type = LDNS_XMALLOC(char, strlen(ttl) + 1);
type_sz = strlen(ttl) + 1;
type = LDNS_XMALLOC(char, type_sz);
if (!type) {
goto memerror;
}
strncpy(type, ttl, strlen(ttl) + 1);
strlcpy(type, ttl, type_sz);
}
} else {
if (explicit_ttl)
*explicit_ttl = true;
if (-1 == ldns_bget_token(
rr_buf, clas, "\t\n ", LDNS_SYNTAX_DATALEN)) {
@ -227,11 +243,12 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
*/
if (clas_val == 0) {
clas_val = LDNS_RR_CLASS_IN;
type = LDNS_XMALLOC(char, strlen(clas) + 1);
type_sz = strlen(clas) + 1;
type = LDNS_XMALLOC(char, type_sz);
if (!type) {
goto memerror;
}
strncpy(type, clas, strlen(clas) + 1);
strlcpy(type, clas, type_sz);
}
}
/* the rest should still be waiting for us */
@ -256,7 +273,7 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
}
ldns_buffer_new_frm_data(rd_buf, rdata, strlen(rdata));
if (strlen(owner) <= 1 && strncmp(owner, "@", 1) == 0) {
if (strncmp(owner, "@", 1) == 0) {
if (origin) {
ldns_rr_set_owner(new, ldns_rdf_clone(origin));
} else if (prev && *prev) {
@ -344,13 +361,16 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
switch (ldns_rr_descriptor_field_type(desc, r_cnt)) {
case LDNS_RDF_TYPE_B64 :
case LDNS_RDF_TYPE_HEX : /* These rdf types may con- */
case LDNS_RDF_TYPE_LOC : /* tain whitespace, only if */
case LDNS_RDF_TYPE_WKS : /* it is the last rd field. */
case LDNS_RDF_TYPE_NSEC : /* tain whitespace, only if */
case LDNS_RDF_TYPE_LOC : /* it is the last rd field. */
case LDNS_RDF_TYPE_WKS :
case LDNS_RDF_TYPE_IPSECKEY :
case LDNS_RDF_TYPE_NSEC : if (r_cnt == r_max - 1) {
case LDNS_RDF_TYPE_AMTRELAY :
case LDNS_RDF_TYPE_SVCPARAMS : if (r_cnt == r_max - 1) {
delimiters = "\n";
break;
}
/* fallthrough */
default : delimiters = "\n\t ";
}
@ -359,16 +379,19 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
desc, r_cnt)) &&
ldns_buffer_remaining(rd_buf) > 0){
/* skip spaces */
while (*(ldns_buffer_current(rd_buf)) == ' ') {
/* skip whitespace */
while (ldns_buffer_remaining(rd_buf) > 0 &&
_BUFFER_IS_AT_WHITESPACE(rd_buf)) {
ldns_buffer_skip(rd_buf, 1);
}
if (*(ldns_buffer_current(rd_buf)) == '\"') {
if (ldns_buffer_remaining(rd_buf) > 0 &&
*(ldns_buffer_current(rd_buf)) == '\"') {
delimiters = "\"\0";
ldns_buffer_skip(rd_buf, 1);
quoted = true;
} else if (ldns_rr_descriptor_field_type(desc, r_cnt)
}
if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt)
== LDNS_RDF_TYPE_LONG_STR) {
status = LDNS_STATUS_SYNTAX_RDATA_ERR;
@ -380,9 +403,9 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
* _maximum() only
*/
/* skip spaces */
/* skip whitespace */
while (ldns_buffer_position(rd_buf) < ldns_buffer_limit(rd_buf)
&& *(ldns_buffer_current(rd_buf)) == ' '
&& _BUFFER_IS_AT_WHITESPACE(rd_buf)
&& !quoted) {
ldns_buffer_skip(rd_buf, 1);
@ -393,6 +416,7 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
rd_buf, rd, delimiters, LDNS_MAX_RDFLEN))) {
done = true;
(void)done; /* we're breaking, so done not read anymore */
break;
}
/* hmmz, rfc3597 specifies that any type can be represented
@ -403,7 +427,7 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
/* unknown RR data */
if (strncmp(rd, "\\#", 2) == 0 && !quoted &&
(rd_strlen == 2 || rd[2]==' ')) {
(rd_strlen == 2 || _IS_WHITESPACE(rd[2]))) {
was_unknown_rr_format = 1;
/* go back to before \#
@ -432,18 +456,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
while(cur_hex_data_size < 2 * hex_data_size) {
c = ldns_bget_token(rd_buf, rd,
delimiters, LDNS_MAX_RDFLEN);
if (c != -1) {
rd_strlen = strlen(rd);
}
if (c == -1 ||
(size_t)cur_hex_data_size + rd_strlen >
2 * (size_t)hex_data_size) {
if (c == -1) {
status = LDNS_STATUS_SYNTAX_RDATA_ERR;
goto error;
}
strncpy(hex_data_str + cur_hex_data_size, rd,
rd_strlen);
rd_strlen = strlen(rd);
if ((size_t)cur_hex_data_size + rd_strlen >
2 * (size_t)hex_data_size) {
status = LDNS_STATUS_SYNTAX_RDATA_ERR;
goto error;
}
strlcpy(hex_data_str + cur_hex_data_size, rd,
rd_strlen + 1);
cur_hex_data_size += rd_strlen;
}
@ -573,10 +597,12 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
LDNS_RDF_TYPE_DNAME, ".")
);
} else if (r && rd_strlen >= 1 && origin &&
!ldns_dname_str_absolute(rd)) {
} else if (r && rd_strlen >= 1
&& (origin || rr_type == LDNS_RR_TYPE_SOA)
&& !ldns_dname_str_absolute(rd)) {
status = ldns_dname_cat(r, origin);
status = ldns_dname_cat(r, origin
? origin : ldns_rr_owner(new));
if (status != LDNS_STATUS_OK) {
goto error;
}
@ -594,14 +620,6 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
}
ldns_rr_push_rdf(new, r);
}
if (quoted) {
if (ldns_buffer_available(rd_buf, 1)) {
ldns_buffer_skip(rd_buf, 1);
} else {
done = true;
}
}
} /* for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) */
LDNS_FREE(rd);
LDNS_FREE(xtok);
@ -665,7 +683,8 @@ ldns_rr_new_frm_str(ldns_rr **newrr, const char *str,
default_ttl,
origin,
prev,
false);
false,
NULL);
}
ldns_status
@ -677,7 +696,8 @@ ldns_rr_new_question_frm_str(ldns_rr **newrr, const char *str,
0,
origin,
prev,
true);
true,
NULL);
}
/* Strip whitespace from the start and the end of <line>. */
@ -703,43 +723,28 @@ ldns_rr_new_frm_fp(ldns_rr **newrr, FILE *fp, uint32_t *ttl, ldns_rdf **origin,
}
ldns_status
ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr)
_ldns_rr_new_frm_fp_l_internal(ldns_rr **newrr, FILE *fp,
uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev,
int *line_nr, bool *explicit_ttl)
{
char *line;
char *line = NULL;
size_t limit = 0;
const char *endptr; /* unused */
ldns_rr *rr;
uint32_t ttl;
ldns_rdf *tmp;
ldns_status s;
ssize_t size;
if (default_ttl) {
ttl = *default_ttl;
} else {
ttl = 0;
}
line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
if (!line) {
return LDNS_STATUS_MEM_ERR;
}
/* read an entire line in from the file */
if ((size = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, LDNS_MAX_LINELEN, line_nr)) == -1) {
if ((s = ldns_fget_token_l_st( fp, &line, &limit, false
, LDNS_PARSE_SKIP_SPACE, line_nr))) {
LDNS_FREE(line);
/* if last line was empty, we are now at feof, which is not
* always a parse error (happens when for instance last line
* was a comment)
*/
return LDNS_STATUS_SYNTAX_ERR;
}
/* we can have the situation, where we've read ok, but still got
* no bytes to play with, in this case size is 0
*/
if (size == 0) {
LDNS_FREE(line);
return LDNS_STATUS_SYNTAX_EMPTY;
return s;
}
if (strncmp(line, "$ORIGIN", 7) == 0 && isspace((unsigned char)line[7])) {
@ -769,9 +774,11 @@ ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf
return LDNS_STATUS_SYNTAX_EMPTY;
} else {
if (origin && *origin) {
s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, *origin, prev);
s = ldns_rr_new_frm_str_internal(&rr, (const char*)line,
ttl, *origin, prev, false, explicit_ttl);
} else {
s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, NULL, prev);
s = ldns_rr_new_frm_str_internal(&rr, (const char*)line,
ttl, NULL, prev, false, explicit_ttl);
}
}
LDNS_FREE(line);
@ -786,6 +793,14 @@ ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf
return s;
}
ldns_status
ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl,
ldns_rdf **origin, ldns_rdf **prev, int *line_nr)
{
return _ldns_rr_new_frm_fp_l_internal(newrr, fp, default_ttl, origin,
prev, line_nr, NULL);
}
void
ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
{
@ -830,7 +845,7 @@ ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position)
rd_count = ldns_rr_rd_count(rr);
if (position < rd_count) {
/* dicard the old one */
/* discard the old one */
pop = rr->_rdata_fields[position];
rr->_rdata_fields[position] = (ldns_rdf*)f;
return pop;
@ -1184,6 +1199,7 @@ ldns_rr_list_pop_rr(ldns_rr_list *rr_list)
rr_list->_rrs = a;
rr_list->_rr_capacity = cap;
}
/* if the realloc fails, the capacity for the list remains unchanged */
}
ldns_rr_list_set_rr_count(rr_list, rr_count - 1);
@ -1311,7 +1327,7 @@ ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr)
return false;
}
/* ok, still alive - check if the rr already
* exists - if so, dont' add it */
* exists - if so, don't add it */
for(i = 0; i < rr_count; i++) {
if(ldns_rr_compare(
ldns_rr_list_rr(rr_list, i), rr) == 0) {
@ -1958,6 +1974,17 @@ static const ldns_rdf_type type_openpgpkey_wireformat[] = {
static const ldns_rdf_type type_csync_wireformat[] = {
LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC
};
static const ldns_rdf_type type_zonemd_wireformat[] = {
LDNS_RDF_TYPE_INT32,
LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX
};
#ifdef RRTYPE_SVCB_HTTPS
static const ldns_rdf_type type_svcb_wireformat[] = {
LDNS_RDF_TYPE_INT16,
LDNS_RDF_TYPE_DNAME,
LDNS_RDF_TYPE_SVCPARAMS
};
#endif
/* nsec3 is some vars, followed by same type of data of nsec */
static const ldns_rdf_type type_nsec3_wireformat[] = {
/* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/
@ -2037,6 +2064,22 @@ static const ldns_rdf_type type_caa_wireformat[] = {
LDNS_RDF_TYPE_TAG,
LDNS_RDF_TYPE_LONG_STR
};
#ifdef RRTYPE_DOA
static const ldns_rdf_type type_doa_wireformat[] = {
LDNS_RDF_TYPE_INT32,
LDNS_RDF_TYPE_INT32,
LDNS_RDF_TYPE_INT8,
LDNS_RDF_TYPE_STR,
LDNS_RDF_TYPE_B64
};
#endif
#ifdef RRTYPE_AMTRELAY
static const ldns_rdf_type type_amtrelay_wireformat[] = {
LDNS_RDF_TYPE_AMTRELAY
};
#endif
/** \endcond */
/** \cond */
@ -2188,11 +2231,20 @@ static ldns_rr_descriptor rdata_field_descriptors[] = {
#else
{LDNS_RR_TYPE_NULL, "TYPE61", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#endif
/* 62 */
{LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
/* 63 */
{LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#ifdef RRTYPE_SVCB_HTTPS
/* 64 */
{LDNS_RR_TYPE_SVCB, "SVCB", 2, 3, type_svcb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
/* 65 */
{LDNS_RR_TYPE_HTTPS, "HTTPS", 2, 3, type_svcb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
{LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#else
{LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#endif
{LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
@ -2425,6 +2477,18 @@ static ldns_rr_descriptor rdata_field_descriptors[] = {
#else
{LDNS_RR_TYPE_NULL, "TYPE258", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#endif
#ifdef RRTYPE_DOA
/* 259 */
{LDNS_RR_TYPE_DOA, "DOA", 5, 5, type_doa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#else
{LDNS_RR_TYPE_NULL, "TYPE259", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#endif
#ifdef RRTYPE_AMTRELAY
/* 260 */
{LDNS_RR_TYPE_AMTRELAY, "AMTRELAY", 1, 1, type_amtrelay_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#else
{LDNS_RR_TYPE_NULL, "TYPE260", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#endif
/* split in array, no longer contiguous */
@ -2450,7 +2514,7 @@ static ldns_rr_descriptor rdata_field_descriptors[] = {
/*---------------------------------------------------------------------------*
* The functions below return an bitmap RDF with the space required to set
* or unset all known RR types. Arguably these functions are better situated
* in rdata.c, however for the space calculation it is necesarry to walk
* in rdata.c, however for the space calculation it is necessary to walk
* through rdata_field_descriptors which is not easily possible from anywhere
* other than rr.c where it is declared static.
*
@ -2528,10 +2592,10 @@ ldns_rdf_bitmap_known_rr_types_set(ldns_rdf** rdf, int value)
/* Format rdf data according RFC3845 Section 2.1.2 (see above)
*/
dptr = data = LDNS_XMALLOC(uint8_t, sz);
memset(data, value, sz);
if (!data) {
return LDNS_STATUS_MEM_ERR;
}
memset(data, value, sz);
for (i = 0; i < 256; i++) {
if (windows[i]) {
*dptr++ = (uint8_t)i;

8
contrib/ldns/rr_functions.c
View File

@ -24,7 +24,7 @@
* return a specific rdf
* \param[in] type type of RR
* \param[in] rr the rr itself
* \param[in] pos at which postion to get it
* \param[in] pos at which position to get it
* \return the rdf sought
*/
static ldns_rdf *
@ -41,7 +41,7 @@ ldns_rr_function(ldns_rr_type type, const ldns_rr *rr, size_t pos)
* \param[in] type type of RR
* \param[in] rr the rr itself
* \param[in] rdf the rdf to set
* \param[in] pos at which postion to set it
* \param[in] pos at which position to set it
* \return true or false
*/
static bool
@ -269,14 +269,17 @@ ldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
const size_t len,
const ldns_algorithm alg)
{
#ifdef USE_DSA
/* for DSA keys */
uint8_t t;
#endif /* USE_DSA */
/* for RSA keys */
uint16_t exp;
uint16_t int16;
switch ((ldns_signing_algorithm)alg) {
#ifdef USE_DSA
case LDNS_SIGN_DSA:
case LDNS_SIGN_DSA_NSEC3:
if (len > 0) {
@ -286,6 +289,7 @@ ldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
return 0;
}
break;
#endif /* USE_DSA */
case LDNS_SIGN_RSAMD5:
case LDNS_SIGN_RSASHA1:
case LDNS_SIGN_RSASHA1_NSEC3:

3
contrib/ldns/sha1.c
View File

@ -97,6 +97,7 @@ ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOC
state[4] += e;
/* Wipe variables */
a = b = c = d = e = 0;
(void)a;
}
@ -167,7 +168,7 @@ ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *co
}
unsigned char *
ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest)
ldns_sha1(const unsigned char *data, unsigned int data_len, unsigned char *digest)
{
ldns_sha1_ctx ctx;
ldns_sha1_init(&ctx);

21
contrib/ldns/sha2.c
View File

@ -73,7 +73,7 @@
* Please make sure that your system defines BYTE_ORDER. If your
* architecture is little-endian, make sure it also defines
* LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
* equivilent.
* equivalent.
*
* If your system does not define the above, then you can do so by
* hand like this:
@ -494,6 +494,7 @@ static void ldns_sha256_Transform(ldns_sha256_CTX* context,
/* Clean up */
a = b = c = d = e = f = g = h = T1 = T2 = 0;
(void)a;
}
#endif /* SHA2_UNROLL_TRANSFORM */
@ -527,6 +528,7 @@ void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t
context->bitcount += len << 3;
/* Clean up: */
usedspace = freespace = 0;
(void)usedspace;
return;
}
}
@ -544,6 +546,7 @@ void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t
}
/* Clean up: */
usedspace = freespace = 0;
(void)usedspace;
}
typedef union _ldns_sha2_buffer_union {
@ -551,7 +554,7 @@ typedef union _ldns_sha2_buffer_union {
uint64_t* theLongs;
} ldns_sha2_buffer_union;
void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) {
void ldns_sha256_final(sha2_byte digest[LDNS_SHA256_DIGEST_LENGTH], ldns_sha256_CTX* context) {
sha2_word32 *d = (sha2_word32*)digest;
size_t usedspace;
ldns_sha2_buffer_union cast_var;
@ -614,10 +617,11 @@ void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) {
/* Clean up state data: */
MEMSET_BZERO(context, sizeof(ldns_sha256_CTX));
usedspace = 0;
(void)usedspace;
}
unsigned char *
ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest)
ldns_sha256(const unsigned char *data, unsigned int data_len, unsigned char *digest)
{
ldns_sha256_CTX ctx;
ldns_sha256_init(&ctx);
@ -803,6 +807,7 @@ static void ldns_sha512_Transform(ldns_sha512_CTX* context,
/* Clean up */
a = b = c = d = e = f = g = h = T1 = T2 = 0;
(void)a;
}
#endif /* SHA2_UNROLL_TRANSFORM */
@ -836,6 +841,7 @@ void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t
ADDINC128(context->bitcount, len << 3);
/* Clean up: */
usedspace = freespace = 0;
(void)usedspace;
return;
}
}
@ -853,6 +859,7 @@ void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t
}
/* Clean up: */
usedspace = freespace = 0;
(void)usedspace;
}
static void ldns_sha512_Last(ldns_sha512_CTX* context) {
@ -898,7 +905,7 @@ static void ldns_sha512_Last(ldns_sha512_CTX* context) {
ldns_sha512_Transform(context, (sha2_word64*)context->buffer);
}
void ldns_sha512_final(sha2_byte digest[], ldns_sha512_CTX* context) {
void ldns_sha512_final(sha2_byte digest[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_CTX* context) {
sha2_word64 *d = (sha2_word64*)digest;
/* Sanity check: */
@ -928,7 +935,7 @@ void ldns_sha512_final(sha2_byte digest[], ldns_sha512_CTX* context) {
}
unsigned char *
ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest)
ldns_sha512(const unsigned char *data, unsigned int data_len, unsigned char *digest)
{
ldns_sha512_CTX ctx;
ldns_sha512_init(&ctx);
@ -951,7 +958,7 @@ void ldns_sha384_update(ldns_sha384_CTX* context, const sha2_byte* data, size_t
ldns_sha512_update((ldns_sha512_CTX*)context, data, len);
}
void ldns_sha384_final(sha2_byte digest[], ldns_sha384_CTX* context) {
void ldns_sha384_final(sha2_byte digest[LDNS_SHA384_DIGEST_LENGTH], ldns_sha384_CTX* context) {
sha2_word64 *d = (sha2_word64*)digest;
/* Sanity check: */
@ -981,7 +988,7 @@ void ldns_sha384_final(sha2_byte digest[], ldns_sha384_CTX* context) {
}
unsigned char *
ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest)
ldns_sha384(const unsigned char *data, unsigned int data_len, unsigned char *digest)
{
ldns_sha384_CTX ctx;
ldns_sha384_init(&ctx);

901
contrib/ldns/str2host.c
View File

File diff suppressed because it is too large Load Diff

16
contrib/ldns/tsig.c
View File

@ -196,7 +196,7 @@ ldns_tsig_mac_new(ldns_rdf **tsig_mac, const uint8_t *pkt_wire, size_t pkt_wire_
return LDNS_STATUS_MEM_ERR;
}
/*
* prepare the digestable information
* prepare the digestible information
*/
data_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
if (!data_buffer) {
@ -349,7 +349,19 @@ ldns_pkt_tsig_verify_next(ldns_pkt *pkt, const uint8_t *wire, size_t wirelen, co
ldns_rdf_deep_free(key_name_rdf);
if (ldns_rdf_compare(pkt_mac_rdf, my_mac_rdf) == 0) {
if( ldns_rdf_size(pkt_mac_rdf) != ldns_rdf_size(my_mac_rdf)) {
ldns_rdf_deep_free(my_mac_rdf);
return false;
}
/* use time insensitive memory compare */
if(
#ifdef HAVE_CRYPTO_MEMCMP
CRYPTO_memcmp
#else
memcmp
#endif
(ldns_rdf_data(pkt_mac_rdf), ldns_rdf_data(my_mac_rdf),
ldns_rdf_size(my_mac_rdf)) == 0) {
ldns_rdf_deep_free(my_mac_rdf);
return true;
} else {

40
contrib/ldns/util.c
View File

@ -293,23 +293,34 @@ ldns_gmtime64_r(int64_t clock, struct tm *result)
#endif /* SIZEOF_TIME_T <= 4 */
static int64_t
ldns_serial_arithmitics_time(int32_t time, time_t now)
ldns_serial_arithmetics_time(int32_t time, time_t now)
{
int32_t offset = time - (int32_t) now;
/* Casting due to https://github.com/NLnetLabs/ldns/issues/71 */
int32_t offset = (int32_t) ((uint32_t) time - (uint32_t) now);
return (int64_t) now + offset;
}
struct tm *
ldns_serial_arithmetics_gmtime_r(int32_t time, time_t now, struct tm *result)
{
#if SIZEOF_TIME_T <= 4
int64_t secs_since_epoch = ldns_serial_arithmetics_time(time, now);
return ldns_gmtime64_r(secs_since_epoch, result);
#else
time_t secs_since_epoch = ldns_serial_arithmetics_time(time, now);
return gmtime_r(&secs_since_epoch, result);
#endif
}
#ifdef ldns_serial_arithmitics_gmtime_r
#undef ldns_serial_arithmitics_gmtime_r
#endif
/* alias function because of previously used wrong spelling */
struct tm *ldns_serial_arithmitics_gmtime_r(int32_t, time_t, struct tm *);
struct tm *
ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result)
{
#if SIZEOF_TIME_T <= 4
int64_t secs_since_epoch = ldns_serial_arithmitics_time(time, now);
return ldns_gmtime64_r(secs_since_epoch, result);
#else
time_t secs_since_epoch = ldns_serial_arithmitics_time(time, now);
return gmtime_r(&secs_since_epoch, result);
#endif
return ldns_serial_arithmetics_gmtime_r(time, now, result);
}
/**
@ -377,7 +388,7 @@ ldns_init_random(FILE *fd, unsigned int size)
RAND_seed(seed, (int) size);
#else
/* Seed the standard prng, only uses the first
* unsigned sizeof(unsiged int) bytes found in the entropy pool
* unsigned sizeof(unsigned int) bytes found in the entropy pool
*/
memcpy(&seed_i, seed, sizeof(seed_i));
srandom(seed_i);
@ -548,10 +559,12 @@ ldns_b32_ntop_base(const uint8_t* src, size_t src_sz,
/* ........ ........ ....4444 4....... ........ */
c = src[3] >> 7 ;
/* fallthrough */
case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c];
/* ........ .......3 3333.... ........ ........ */
c = src[2] >> 4 ;
/* fallthrough */
case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c];
/* ........ ..22222. ........ ........ ........ */
@ -559,6 +572,7 @@ ldns_b32_ntop_base(const uint8_t* src, size_t src_sz,
/* .....111 11...... ........ ........ ........ */
c = src[1] >> 6 ;
/* fallthrough */
case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c];
/* 00000... ........ ........ ........ ........ */
@ -569,9 +583,12 @@ ldns_b32_ntop_base(const uint8_t* src, size_t src_sz,
switch (src_sz) {
case 1: dst[2] = '=';
dst[3] = '=';
/* fallthrough */
case 2: dst[4] = '=';
/* fallthrough */
case 3: dst[5] = '=';
dst[6] = '=';
/* fallthrough */
case 4: dst[7] = '=';
}
}
@ -696,15 +713,18 @@ ldns_b32_pton_base(const char* src, size_t src_sz,
/* ........ ........ ........ .55555.. ........ */
/* ........ ........ ....4444 4....... ........ */
dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3;
/* fallthrough */
case 5: /* ........ ........ ....4444 4....... ........ */
/* ........ .......3 3333.... ........ ........ */
dst[2] = buf[3] << 4 | buf[4] >> 1;
/* fallthrough */
case 4: /* ........ .......3 3333.... ........ ........ */
/* ........ ..22222. ........ ........ ........ */
/* .....111 11...... ........ ........ ........ */
dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4;
/* fallthrough */
case 2: /* .....111 11...... ........ ........ ........ */
/* 00000... ........ ........ ........ ........ */

8
contrib/ldns/wire2host.c
View File

@ -272,6 +272,8 @@ ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos)
case LDNS_RDF_TYPE_ATMA:
case LDNS_RDF_TYPE_IPSECKEY:
case LDNS_RDF_TYPE_LONG_STR:
case LDNS_RDF_TYPE_AMTRELAY:
case LDNS_RDF_TYPE_SVCPARAMS:
case LDNS_RDF_TYPE_NONE:
/*
* Read to end of rr rdata
@ -309,7 +311,6 @@ ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos)
return LDNS_STATUS_OK;
}
/* TODO:
can *pos be incremented at READ_INT? or maybe use something like
RR_CLASS(wire)?
@ -412,6 +413,10 @@ ldns_wire2pkt(ldns_pkt **packet_p, const uint8_t *wire, size_t max)
uint8_t data[4];
if (!packet) {
return LDNS_STATUS_MEM_ERR;
}
status = ldns_wire2pkt_hdr(packet, wire, max, &pos);
LDNS_STATUS_CHECK_GOTO(status, status_error);
@ -464,6 +469,7 @@ ldns_wire2pkt(ldns_pkt **packet_p, const uint8_t *wire, size_t max)
ldns_pkt_set_edns_z(packet, ldns_read_uint16(&data[2]));
/* edns might not have rdfs */
if (ldns_rr_rdf(rr, 0)) {
ldns_rdf_deep_free(ldns_pkt_edns_data(packet));
ldns_pkt_set_edns_data(packet, ldns_rdf_clone(ldns_rr_rdf(rr, 0)));
}
ldns_rr_free(rr);

77
contrib/ldns/zone.c
View File

@ -9,6 +9,7 @@
#include <ldns/config.h>
#include <ldns/ldns.h>
#include <ldns/internal.h>
#include <strings.h>
#include <limits.h>
@ -180,7 +181,7 @@ ldns_zone_new(void)
return z;
}
/* we regocnize:
/* we recognize:
* $TTL, $ORIGIN
*/
ldns_status
@ -191,17 +192,22 @@ ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t t
/* XXX: class is never used */
ldns_status
ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t ttl,
ldns_rr_class ATTR_UNUSED(c), int *line_nr)
ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin,
uint32_t default_ttl, ldns_rr_class ATTR_UNUSED(c), int *line_nr)
{
ldns_zone *newzone;
ldns_rr *rr;
ldns_rr *rr, *prev_rr = NULL;
uint32_t my_ttl;
ldns_rdf *my_origin;
ldns_rdf *my_prev;
bool soa_seen = false; /* 2 soa are an error */
ldns_status s;
ldns_status ret;
/* RFC 1035 Section 5.1, says 'Omitted class and TTL values are default
* to the last explicitly stated values.'
*/
bool ttl_from_TTL = false;
bool explicit_ttl = false;
/* most cases of error are memory problems */
ret = LDNS_STATUS_MEM_ERR;
@ -210,7 +216,7 @@ ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t
my_origin = NULL;
my_prev = NULL;
my_ttl = ttl;
my_ttl = default_ttl;
if (origin) {
my_origin = ldns_rdf_clone(origin);
@ -224,9 +230,58 @@ ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t
if (!newzone) goto error;
while(!feof(fp)) {
s = ldns_rr_new_frm_fp_l(&rr, fp, &my_ttl, &my_origin, &my_prev, line_nr);
/* If ttl came from $TTL line, then it should be the default.
* (RFC 2308 Section 4)
* Otherwise it "defaults to the last explicitly stated value"
* (RFC 1035 Section 5.1)
*/
if (ttl_from_TTL)
my_ttl = default_ttl;
s = _ldns_rr_new_frm_fp_l_internal(&rr, fp, &my_ttl, &my_origin,
&my_prev, line_nr, &explicit_ttl);
switch (s) {
case LDNS_STATUS_OK:
if (explicit_ttl) {
if (!ttl_from_TTL) {
/* No $TTL, so ttl "defaults to the
* last explicitly stated value"
* (RFC 1035 Section 5.1)
*/
my_ttl = ldns_rr_ttl(rr);
}
/* When ttl is implicit, try to adhere to the rules as
* much as possible. (also for compatibility with bind)
* This was changed when fixing an issue with ZONEMD
* which hashes the TTL too.
*/
} else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SIG
|| ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) {
if (ldns_rr_rd_count(rr) >= 4
&& ldns_rdf_get_type(ldns_rr_rdf(rr, 3)) == LDNS_RDF_TYPE_INT32)
/* SIG without explicit ttl get ttl
* from the original_ttl field
* (RFC 2535 Section 7.2)
*
* Similarly for RRSIG, but stated less
* specifically in the spec.
* (RFC 4034 Section 3)
*/
ldns_rr_set_ttl(rr,
ldns_rdf2native_int32(
ldns_rr_rdf(rr, 3)));
} else if (prev_rr
&& ldns_rr_get_type(prev_rr) == ldns_rr_get_type(rr)
&& ldns_dname_compare( ldns_rr_owner(prev_rr)
, ldns_rr_owner(rr)) == 0)
/* "TTLs of all RRs in an RRSet must be the same"
* (RFC 2881 Section 5.2)
*/
ldns_rr_set_ttl(rr, ldns_rr_ttl(prev_rr));
prev_rr = rr;
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
if (soa_seen) {
/* second SOA
@ -245,19 +300,25 @@ ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t
}
/* a normal RR - as sofar the DNS is normal */
if (!ldns_zone_push_rr(newzone, rr)) goto error;
if (!ldns_zone_push_rr(newzone, rr)) {
ldns_rr_free(rr);
goto error;
}
break;
case LDNS_STATUS_SYNTAX_EMPTY:
/* empty line was seen */
case LDNS_STATUS_SYNTAX_TTL:
/* the function set the ttl */
default_ttl = my_ttl;
ttl_from_TTL = true;
break;
case LDNS_STATUS_SYNTAX_ORIGIN:
/* the function set the origin */
break;
case LDNS_STATUS_SYNTAX_INCLUDE:
ret = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL;
break;
goto error;
default:
ret = s;
goto error;

Some files were not shown because too many files have changed in this diff Show More