d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade LDNS to 1.7.0.

Browse Source 
I've been holding back on this because 1.7.0 requires OpenSSL 1.1.0 or
newer for full DANE support.  But we can't wait forever, and nothing in
base uses DANE anyway, so here we go.
This commit is contained in:
Dag-Erling Smørgrav 2018-05-12 12:00:18 +00:00
commit 986ba33c7a
98 changed files with 13748 additions and 16194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
contrib/ldns/Changelog
View File

@ -1,3 +1,118 @@
1.7.0 2016-12-20
* Fix lookup of relative names in ldns_resolver_search.
* bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt
* Follow CNAME's when tracing with drill (TODO dnssec trace)
* Fix #551 change Regent to Copyright holder in BSD license in
some of the headings of the file, to match the opensource.org
BSD license.
* -e option makes ldns-compare-zones exit with status code 2 on difference
* Filter out specified RR types with ldns-read-zone -e and -E options
* bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch.
* bugfix #562: ldns-keygen match DSA key maximum size with library.
And check keysizes with all algorithms. Thanks Peter Koch.
* ldns-verify-zone accepts only one single zonefile as argument.
* bugfix #573: ldns-keygen write private keys with mode 0600.
Thanks Leon Weber
* Fix configure to make ldns compile with LibreSSL 2.0
* drill now also accepts dig style -y option
(-y <[algo:]name:key> i.s.o. -y <name:key[:algo]>)
* OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey
* bugfix #608: Correct comment about escaped characters
* CDS and CDNSKEY rr type from RFC 7344.
--enable-rrtype-cds configure option removed
* fix: Memory leak in ldns_pkt_rr_list_by_name()
Thanks Johannes Naab
* fix: Memory leak in ldns_dname2buffer_wire_compress()
Thanks Max Liebkies
* bugfix #613: Allow tab as whitespace too in last rdata field of types
of variable length. Thanks Xiali Yan
* bugfix: strip trailing whitespace from $ORIGIN lines in zone files
* Let ldns-keygen output .ds files only for KSK keys
* Parse RFC7218 TLSA mnemonics, but do not output them
* Let ldns-dane use SPKI as the default selector i.s.o. Cert
* bugfix: Fit left over NSEC3s once more before adding empty non
terminals. Thanks Stuart Browne
* bugfix #605: Determine default trust anchor location at compile time
Thanks Peter Koch
* bugfix #697: Double free with ldns-dane create
Thanks Carsten Strotmann
* bugfix #623: Do not redefine bool type and boolean values
Thanks Jakob Petsovits
* bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx
Thanks Shussain
* bugfix #575: ldns_pkt_clone() does not copy timestamp field
Thanks Calle Dybedahl
* bugfix #584: ldns-update fixes. Send update to port 53, bring manpage
in sync with the usage text, and don't alter the ldns_resolver passed
to ldns_update_soa_zone_mname(). Created a ldns_resolver_clone()
function in the process. Thanks Nicholas Riley.
* bugfix #633: ldns_pkt_clone() parameter isn't const.
Thanks Jakop Petsovits
* bugfix: ldns-dane manpage correction
Thanks Erwin Lansing
* Spelling fixes. Thanks Andreas Schulze
* Hyphen used as minus in manpages. Thanks Andreas Schulze.
* RFC7553 RR Type URI is supported by default.
* Fix ECDSA signature generation, do not omit leading zeroes.
* bugfix: Get rid of superfluous newline in ldns-keyfetcher
Thanks Jan-Piet Mens
* bugfix: -U option to ldns-signzone to sign with every algorithm
Thanks Guido Kroon
* const function parameters whenever possible.
Thanks Ray Bellis
* bugfix #725: allow RR-types on the type bitmap window border
Thanks Pieter Lexis
* bugfix #726: 2 typos in drill manpage.
Thanks Hugo Lombard
* Add type CSYNC support, RFC 7477.
* Prepare for ED25519, ED448 support: todo convert* routines in
dnssec.h, once openssl has support for signing with these algorithms.
The dns algorithm number is not yet allocated. These features are
not fully implemented yet, openssl (1.1) does not support the
algorithms enough to generate keys and sign and verify with them.
* Fix _answerfrom comment in ldns_struct_pkt.
* Fix drill axfr ipv4/ipv6 queries.
* Fix comment referring to mk_query in packet.h to pkt_query_new.
* Fix description of QR flag in packet.h.
* Fix for openssl 1.1.0 API changes.
* Remove commented out macro. Thanks Thiago Farina
* bugfix #641: Include install-sh in .gitignore
* bugfix #825: Module import breaks with newer SWIG versions.
Thanks Christoph Egger
* bugfix #796 - #792: Fix miscellaneous compiler warning issues.
Thanks Ngie Cooper
* bugfix #769: Add support for :: in an IPv6 address
Thanks Hajimu UMEMOTO
* bugfix #760: Detect superfluous text in presentation format
Thanks Xiali Yan
* bugfix #708: warnings and errors with xcode 6.1/7.0
* bugfix #754: Memory leak in ldns_str2rdf_ipseckey
Thanks Xiali Yan
* bugfix #661: Fail NSEC3 signing when NSEC domainname length
would overflow. Thanks Jan-Piet Mens.
* bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys.
Thanks Harald Jenny
* bugfix #680: ldns fails to reject invalidly formatted
RFC 7553 URI RRs. Thanks Robert Edmonds
* bugfix #678: Use poll i.s.o. select to support > 1024 fds
Thanks William King
* Use OpenSSL DANE functions for verification (unless explicitly
disabled with --disable-dane-ta-usage).
* Bumb .so version
* Include OPENPGPKEY RR type by default
* rdata processing for SMIMEA RR type
* Fix crash in displaying TLSA RR's.
Thanks Andreas Schulze
* Update ldns-key2ds man page to mention GOST and SHA384 hash
functions. Thanks Harald Jenny
* Add sha384 and sha512 tsig algorithm. Thanks Michael Weiser
* Clarify data ownership with consts for tsig parameters.
Thanks Michael Weiser
* bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0
* bugfix #1160: Provide sha256 for release tarballs
* --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0
even when the GOST engine is not available.
1.6.17 2014-01-10
* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.

68
contrib/ldns/Makefile.in
View File

@ -12,6 +12,7 @@ datarootdir = @datarootdir@
datadir = @datadir@
libdir = @libdir@
includedir = @includedir@
sysconfdir = @sysconfdir@
doxygen = @doxygen@
pywrapdir = $(srcdir)/contrib/python
pyldnsxwrapdir = $(srcdir)/contrib/ldnsx
@ -27,13 +28,21 @@ pyldnsx_uninst = @PYLDNSXUNINST@
libtool = @libtool@
CONFIG_FILES = @CONFIG_FILES@
LDNS_TRUST_ANCHOR_FILE = @LDNS_TRUST_ANCHOR_FILE@
DEFAULT_CAFILE = @DEFAULT_CAFILE@
DEFAULT_CAPATH = @DEFAULT_CAPATH@
edit = sed \
-e 's|@LDNS_TRUST_ANCHOR_FILE[@]|$(LDNS_TRUST_ANCHOR_FILE)|g' \
-e 's|@DEFAULT_CAFILE[@]|$(DEFAULT_CAFILE)|g' \
-e 's|@DEFAULT_CAPATH[@]|$(DEFAULT_CAPATH)|g'
# override $U variable which is used by autotools for deansification (for
# K&R C compilers), but causes problems if $U is defined in the env).
U=
CC = @CC@
CFLAGS = @CFLAGS@
CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@ @DEFS@
CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@ @DEFS@ -DLDNS_TRUST_ANCHOR_FILE="\"$(LDNS_TRUST_ANCHOR_FILE)\""
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
LIBOBJDIR = compat/
@ -92,11 +101,10 @@ LDNS_DANE_LOBJS = examples/ldns-dane.lo
EX_SSL_PROGS = examples/ldns-nsec3-hash examples/ldns-revoke examples/ldns-signzone examples/ldns-verify-zone
EX_SSL_LOBJS = examples/ldns-nsec3-hash.lo examples/ldns-revoke.lo examples/ldns-signzone.lo examples/ldns-verify-zone.lo
COMPILE = $(CC) $(CPPFLAGS) $(CFLAGS)
COMP_LIB = $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS)
LINK = $(CC) $(CFLAGS) $(LDFLAGS) $(LIBS)
LINK_LIB = $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LIBS) -version-number $(version_info) -no-undefined
LINK_LIB = $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LIBS) -version-info $(version_info) -no-undefined
LINK_EXE = $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LIBSSL_LDFLAGS)
.PHONY: clean realclean docclean manpages doc lint all lib pyldns test
@ -129,7 +137,7 @@ putdown-builddir:
if test -d drill -a ! -f drill/README ; then rmdir drill || : ; fi
if test -d compat -a ! -f compat/malloc.c; then rmdir compat || : ; fi
drill: no-drill-config-h drill/drill
drill: no-drill-config-h drill/drill drill/drill.1
no-drill-config-h:
@if test -e $(srcdir)/drill/config.h -o -e drill/config.h ; \
then echo "A config.h was detected in the drill subdirectory." ; \
@ -138,10 +146,14 @@ no-drill-config-h:
echo "or build drill there." ; \
exit -1 ; \
fi
drill/drill: $(DRILL_LOBJS) $(LIB)
$(LINK_EXE) $(DRILL_LOBJS) $(LIBS) $(LIBSSL_LIBS) -lldns -o drill/drill
install-drill: drill/drill
drill/drill.1: $(srcdir)/drill/drill.1.in
$(edit) $(srcdir)/drill/drill.1.in > drill/drill.1
install-drill: drill/drill drill/drill.1
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man1
@ -154,9 +166,9 @@ uninstall-drill:
test ! -d $(DESTDIR)$(bindir) || rmdir -p $(DESTDIR)$(bindir) || : ;
clean-drill:
$(LIBTOOL) --mode clean rm -f $(DRILL_LOBJS) drill/drill
$(LIBTOOL) --mode clean rm -f $(DRILL_LOBJS) drill/drill drill/drill.1
examples: no-examples-config-h $(EXAMPLE_PROGS) $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS)
examples: no-examples-config-h $(EXAMPLE_PROGS) $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS) examples/ldns-dane.1 examples/ldns-verify-zone.1
no-examples-config-h:
@if test -e $(srcdir)/examples/config.h -o -e examples/config.h ; \
then echo "A config.h was detected in the examples subdirectory." ; \
@ -165,6 +177,7 @@ no-examples-config-h:
echo "or build examples there." ; \
exit -1 ; \
fi
$(EXAMPLE_PROGS):
$(LINK_EXE) $@.lo $(LIBS) -lldns -o $@
@ -182,7 +195,13 @@ $(LDNS_DANE):
$(EX_SSL_PROGS):
$(LINK_EXE) $@.lo $(LIBS) $(LIBSSL_LIBS) -lldns -o $@
install-examples: $(EXAMPLE_PROGS) $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS)
examples/ldns-dane.1: $(srcdir)/examples/ldns-dane.1.in
$(edit) $(srcdir)/examples/ldns-dane.1.in > examples/ldns-dane.1
examples/ldns-verify-zone.1: $(srcdir)/examples/ldns-verify-zone.1.in
$(edit) $(srcdir)/examples/ldns-verify-zone.1.in > examples/ldns-verify-zone.1
install-examples: $(EXAMPLE_PROGS) $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS) examples/ldns-dane.1 examples/ldns-verify-zone.1
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man1
@ -205,6 +224,7 @@ clean-examples:
$(LIBTOOL) --mode clean rm -f $(EXAMPLE_PROGS)
$(LIBTOOL) --mode clean rm -f $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS)
$(LIBTOOL) --mode clean rm -f $(EXAMPLE_LOBJS)
$(LIBTOOL) --mode clean rm -f examples/ldns-dane.1 examples/ldns-verify-zone.1
linktest: $(srcdir)/linktest.c libldns.la
$(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/linktest.c -o linktest.lo
@ -224,7 +244,7 @@ mancheck:
sh -c 'find . -name \*.\[13\] -exec troff -z {} \;' 2>&1 | sed "s/^\.\///" | sed "s/\(:[0\-9]\+:\)/\1 warning:/g"
doxygen: manpages
if test ! -e doc/header.html ; then \
@if test ! -e doc/header.html ; then \
$(INSTALL) -c -m 644 $(srcdir)/doc/header.html doc/ ; \
fi ;
$(doxygen) $(srcdir)/libdns.doxygen
@ -236,22 +256,40 @@ manpages: $(srcdir)/doc/function_manpages
@$(INSTALL) -d doc
@cat $(srcdir)/ldns/*.h \
| $(srcdir)/doc/doxyparse.pl \
-m $(srcdir)/doc/function_manpages 2>&1 \
-m $(srcdir)/doc/function_manpages \
| grep -v ^doxygen | grep -v ^cat > doc/ldns_manpages
manpage-create-errors: $(srcdir)/doc/function_manpages
@$(INSTALL) -d doc
@cat $(srcdir)/ldns/*.h \
| $(srcdir)/doc/doxyparse.pl -e \
-m $(srcdir)/doc/function_manpages >/dev/null
manpage-errors:
@man --version >/dev/null 2>&1 && \
for m in `cat $(srcdir)/ldns/*.h | $(srcdir)/doc/doxyparse.pl -m $(srcdir)/doc/function_manpages 2>&1 | grep -v ^doxygen | grep -v ^cat` ; do\
LC_ALL=en_US.UTF-8 MANROFFSEQ='' MANWIDTH=80 \
man --warnings -E UTF-8 -l -Tutf8 -Z doc/man/man3/$${m}.3 2>&1 >/dev/null \
| awk "-vpage=$${m}.3" '{printf("%s: ", page);print}'; \
if ! lexgrog doc/man/man3/$${m}.3 >/dev/null 2>&1 ; \
then \
echo doc/man/man3/$${m}.3: manpage-has-bad-whatis-entry; \
fi; \
done || echo "WARNING!: Cannot detect manpage errors on `uname`"
pyldns: _ldns.la
$(pywrapdir)/ldns_wrapper.c: $(PYLDNS_I_FILES) ldns/config.h
$(swig) $(swigpy_flags) -o $@ $(CPPFLAGS) $(PYTHON_CPPFLAGS) $(pywrapdir)/ldns.i
$(swig) $(swigpy_flags) -o $@ $(PYTHON_CPPFLAGS) $(pywrapdir)/ldns.i
ldns_wrapper.lo: $(pywrapdir)/ldns_wrapper.c ldns/config.h
$(COMP_LIB) -I./include/ldns $(PYTHON_CPPFLAGS) $(PYTHON_X_CFLAGS) -c $(pywrapdir)/ldns_wrapper.c -o $@
$(COMP_LIB) -I./include/ldns $(LIBSSL_CPPFLAGS) $(PYTHON_CPPFLAGS) $(PYTHON_X_CFLAGS) -c $(pywrapdir)/ldns_wrapper.c -o $@
_ldns.la: ldns_wrapper.lo libldns.la
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) $(PYTHON_LDFLAGS) -module -version-number $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs -lldns $(LIBS)
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) $(PYTHON_LDFLAGS) -module -version-info $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs -lldns $(LIBS)
$(p5_dns_ldns_dir)/Makefile: $(p5_dns_ldns_dir)/Makefile.PL
BUILDDIR=`pwd`; cd $(p5_dns_ldns_dir); $(PERL) Makefile.PL PREFIX="$(prefix)" LIBS="-L$$BUILDDIR/.libs -lldns" INC="-I$$BUILDDIR"
BUILDDIR=`pwd`; cd $(p5_dns_ldns_dir); LD_LIBRARY_PATH="$$BUILDDIR/.libs:$$LD_LIBRARY_PATH" DYLD_LIBRARY_PATH="$$BUILDDIR/.libs:$$DYLD_LIBRARY_PATH" $(PERL) Makefile.PL LIBS="-L$$BUILDDIR/.libs -lldns" INC="-I$$BUILDDIR"
$(p5_dns_ldns_dir)/blib/arch/auto/DNS/LDNS/LDNS.so: $(p5_dns_ldns_dir)/Makefile
cd $(p5_dns_ldns_dir); $(MAKE)

12
contrib/ldns/README
View File

@ -42,7 +42,9 @@ INSTALLATION
If you are building from the repository you will need to have (gnu)
autotools like libtool and autoreconf installed. A list of all the commands
needed to build everything can be found in README.git. Note that the actual
commands may be a little bit different on your machine. Most notable, you'll need to run libtoolize (or glibtoolize), if you skip this step, you'll get an error about missing config.sub.
commands may be a little bit different on your machine. Most notably, you'll
need to run libtoolize (or glibtoolize). If you skip this step, you'll get
an error about missing config.sub.
* Developers
ldns is developed by the ldns team at NLnet Labs. This team currently
@ -85,7 +87,7 @@ for more information.
SOLARIS
In Solaris multi-architecture systems (that have both 32-bit and
In Solaris multi-architecture systems (which have both 32-bit and
64-bit support), it can be a bit taxing to convince the system to
compile in 64-bit mode. Jakob Schlyter has kindly contributed a build
script that sets the right build and link options. You can find it in
@ -99,13 +101,13 @@ http://www.nlnetlabs.nl/projects/ldns/bugs
* pyldns
Compiling pyldns produces many ``unused parameter'' warnings. Those are
harmless and may safely be ignored.
Also when building with Swig which version is before 2.0.4, compiling
Also, when building with SWIG older than 2.0.4, compiling
pyldns produces many ``missing initializer'' warnings. Those are harmless
too.
Your Support
NLnet Labs offers all of its software products as open source, most are
published under a BDS license. You can download them, not only from the
NLnet Labs offers all of its software products as open source, most
published under a BSD license. You can download them, not only from the
NLnet Labs website but also through the various OS distributions for
which NSD, ldns, and Unbound are packaged. We therefore have little idea
who uses our software in production environments and have no direct ties

5
contrib/ldns/README.git
View File

@ -13,8 +13,9 @@
# older versions of libtoolize do not support --install
# so you might need to remove that (with newer versions
# it is needed)
libtoolize -c --install
autoreconf --install
git submodule update --init
libtoolize -ci
autoreconf -fi
./configure --with-examples --with-drill # --with-pyldns --with-p5-dns-ldns
make
make doc # needs doxygen for the html pages

8621
contrib/ldns/aclocal.m4 vendored
View File

File diff suppressed because it is too large Load Diff

129
contrib/ldns/acx_nlnetlabs.m4
View File

@ -2,7 +2,15 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 26
# Version 34
# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0.
# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0).
# 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20
# 2015-12-11 FLTO check for new OSX, clang.
# 2015-11-18 spelling check fix.
# 2015-11-05 ACX_SSL_CHECKS no longer adds -ldl needlessly.
# 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added.
# 2015-03-17 AHX_CONFIG_REALLOCARRAY added
# 2013-09-19 FLTO help text improved.
# 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes
# 2013-06-25 FLTO has --disable-flto option.
@ -93,6 +101,8 @@
# ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters.
# AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED.
# ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family
# ACX_CHECK_PIE - add --enable-pie option and check if works
# ACX_CHECK_RELRO_NOW - add --enable-relro-now option and check it
#
dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines.
@ -235,7 +245,7 @@ ACX_CHECK_COMPILER_FLAG(xc99, [C99FLAG="-xc99"])
AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT])
ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE,
ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE,
[
#include "confdefs.h"
#include <stdlib.h>
@ -270,9 +280,9 @@ int test() {
a = 0;
return a;
}
], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"])
], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"])
ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE,
ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE,
[
#include "confdefs.h"
#include <stdlib.h>
@ -307,7 +317,7 @@ int test() {
a = 0;
return a;
}
], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"])
], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"])
ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG,
[
@ -319,7 +329,7 @@ int test() {
}
], [CFLAGS="$CFLAGS $C99FLAG"])
ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE,
ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE -D_DEFAULT_SOURCE,
[
#include <ctype.h>
@ -328,7 +338,7 @@ int test() {
a = isascii(32);
return a;
}
], [CFLAGS="$CFLAGS -D_BSD_SOURCE"])
], [CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE"])
ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE,
[
@ -417,7 +427,7 @@ AC_DEFUN([ACX_CHECK_FLTO], [
BAKCFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -flto"
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
if $CC $CFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
if $CC $CFLAGS -o conftest conftest.c 2>&1 | $GREP -e "warning: no debug symbols in executable" -e "warning: object" >/dev/null; then
CFLAGS="$BAKCFLAGS"
AC_MSG_RESULT(no)
else
@ -663,16 +673,16 @@ AC_DEFUN([ACX_SSL_CHECKS], [
ACX_RUNTIME_PATH_ADD([$ssldir/lib])
fi
AC_MSG_CHECKING([for HMAC_CTX_init in -lcrypto])
AC_MSG_CHECKING([for HMAC_Update in -lcrypto])
LIBS="$LIBS -lcrypto"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
AC_TRY_LINK(, [
int HMAC_CTX_init(void);
(void)HMAC_CTX_init();
int HMAC_Update(void);
(void)HMAC_Update();
], [
AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_HMAC_CTX_INIT], 1,
[If you have HMAC_CTX_init])
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
], [
AC_MSG_RESULT(no)
# check if -lwsock32 or -lgdi32 are needed.
@ -682,11 +692,11 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
AC_TRY_LINK([], [
int HMAC_CTX_init(void);
(void)HMAC_CTX_init();
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_CTX_INIT], 1,
[If you have HMAC_CTX_init])
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@ -696,27 +706,36 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
AC_MSG_CHECKING([if -lcrypto needs -ldl])
AC_TRY_LINK([], [
int HMAC_CTX_init(void);
(void)HMAC_CTX_init();
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_CTX_INIT], 1,
[If you have HMAC_CTX_init])
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl -pthread"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])
])
])
])
])
fi
AC_SUBST(HAVE_SSL)
AC_SUBST(RUNTIME_PATH)
# openssl engine functionality needs dlopen().
BAKLIBS="$LIBS"
AC_SEARCH_LIBS([dlopen], [dl])
if test "$LIBS" != "$BAKLIBS"; then
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
fi
fi
AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT])
@ -1213,6 +1232,16 @@ struct tm *gmtime_r(const time_t *timep, struct tm *result);
#endif
])
dnl provide reallocarray compat prototype.
dnl $1: unique name for compat code
AC_DEFUN([AHX_CONFIG_REALLOCARRAY],
[
#ifndef HAVE_REALLOCARRAY
#define reallocarray reallocarray$1
void* reallocarray(void *ptr, size_t nmemb, size_t size);
#endif
])
dnl provide w32 compat definition for sleep
AC_DEFUN([AHX_CONFIG_W32_SLEEP],
[
@ -1274,6 +1303,7 @@ AC_DEFUN([ACX_STRIP_EXT_FLAGS],
AC_MSG_NOTICE([Stripping extension flags...])
ACX_CFLAGS_STRIP(-D_GNU_SOURCE)
ACX_CFLAGS_STRIP(-D_BSD_SOURCE)
ACX_CFLAGS_STRIP(-D_DEFAULT_SOURCE)
ACX_CFLAGS_STRIP(-D__EXTENSIONS__)
ACX_CFLAGS_STRIP(-D_POSIX_C_SOURCE=200112)
ACX_CFLAGS_STRIP(-D_XOPEN_SOURCE=600)
@ -1301,6 +1331,7 @@ dnl config.h part to define omitted cflags, use with ACX_STRIP_EXT_FLAGS.
AC_DEFUN([AHX_CONFIG_EXT_FLAGS],
[AHX_CONFIG_FLAG_EXT(-D_GNU_SOURCE)
AHX_CONFIG_FLAG_EXT(-D_BSD_SOURCE)
AHX_CONFIG_FLAG_EXT(-D_DEFAULT_SOURCE)
AHX_CONFIG_FLAG_EXT(-D__EXTENSIONS__)
AHX_CONFIG_FLAG_EXT(-D_POSIX_C_SOURCE=200112)
AHX_CONFIG_FLAG_EXT(-D_XOPEN_SOURCE=600)
@ -1375,4 +1406,46 @@ AC_DEFUN([ACX_CHECK_SS_FAMILY],
#endif
]) ])
dnl Check if CC and linker support -fPIE and -pie.
dnl If so, sets them in CFLAGS / LDFLAGS.
AC_DEFUN([ACX_CHECK_PIE], [
AC_ARG_ENABLE([pie], AS_HELP_STRING([--enable-pie], [Enable Position-Independent Executable (eg. to fully benefit from ASLR, small performance penalty)]))
AS_IF([test "x$enable_pie" = "xyes"], [
AC_MSG_CHECKING([if $CC supports PIE])
BAKLDFLAGS="$LDFLAGS"
BAKCFLAGS="$CFLAGS"
LDFLAGS="$LDFLAGS -pie"
CFLAGS="$CFLAGS -fPIE"
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
LDFLAGS="$BAKLDFLAGS"
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
rm -f conftest conftest.c conftest.o
], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)])
])
])
dnl Check if linker supports -Wl,-z,relro,-z,now.
dnl If so, adds it to LDFLAGS.
AC_DEFUN([ACX_CHECK_RELRO_NOW], [
AC_ARG_ENABLE([relro_now], AS_HELP_STRING([--enable-relro-now], [Enable full relocation binding at load-time (RELRO NOW, to protect GOT and .dtor areas)]))
AS_IF([test "x$enable_relro_now" = "xyes"], [
AC_MSG_CHECKING([if $CC supports -Wl,-z,relro,-z,now])
BAKLDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now"
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
LDFLAGS="$BAKLDFLAGS"
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
rm -f conftest conftest.c conftest.o
], [LDFLAGS="$BAKLDFLAGS" ; AC_MSG_RESULT(no)])
])
])
dnl End of file

4
contrib/ldns/buffer.c
View File

@ -38,7 +38,7 @@ ldns_buffer_new(size_t capacity)
}
void
ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size)
ldns_buffer_new_frm_data(ldns_buffer *buffer, const void *data, size_t size)
{
assert(data != NULL);
@ -165,7 +165,7 @@ ldns_bgetc(ldns_buffer *buffer)
}
void
ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from)
ldns_buffer_copy(ldns_buffer* result, const ldns_buffer* from)
{
size_t tocopy = ldns_buffer_limit(from);

5
contrib/ldns/compat/b64_pton.c
View File

@ -118,15 +118,16 @@ static const char Pad64 = '=';
*/
int
ldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
ldns_b64_pton(char const *origsrc, uint8_t *target, size_t targsize)
{
unsigned char const* src = (unsigned char*)origsrc;
int tarindex, state, ch;
char *pos;
state = 0;
tarindex = 0;
if (strlen(src) == 0) {
if (strlen(origsrc) == 0) {
return 0;
}

2
contrib/ldns/compat/malloc.c
View File

@ -8,7 +8,7 @@
#include <sys/types.h>
void *malloc ();
void *malloc (size_t n);
/* Allocate an N-byte block of memory from the heap.
If N is zero, allocate a 1-byte block. */

20
contrib/ldns/compat/snprintf.c
View File

@ -20,16 +20,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <ldns/config.h>

478
contrib/ldns/config.guess vendored
View File

@ -1,14 +1,12 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
# 2011, 2012 Free Software Foundation, Inc.
# Copyright 1992-2016 Free Software Foundation, Inc.
timestamp='2012-02-10'
timestamp='2016-04-02'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
@ -22,19 +20,17 @@ timestamp='2012-02-10'
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Originally written by Per Bothner. Please send patches (context
# diff format) to <config-patches@gnu.org> and include a ChangeLog
# entry.
# the same distribution terms that you use for the rest of that
# program. This Exception is an additional permission under section 7
# of the GNU General Public License, version 3 ("GPLv3").
#
# This script attempts to guess a canonical system name similar to
# config.sub. If it succeeds, it prints the system name on stdout, and
# exits with 0. Otherwise, it exits with 1.
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
#
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
#
# Please send patches to <config-patches@gnu.org>.
me=`echo "$0" | sed -e 's,.*/,,'`
@ -54,9 +50,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
Free Software Foundation, Inc.
Copyright 1992-2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -138,6 +132,27 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
case "${UNAME_SYSTEM}" in
Linux|GNU|GNU/*)
# If the system lacks a compiler, then just pick glibc.
# We could probably try harder.
LIBC=gnu
eval $set_cc_for_build
cat <<-EOF > $dummy.c
#include <features.h>
#if defined(__UCLIBC__)
LIBC=uclibc
#elif defined(__dietlibc__)
LIBC=dietlibc
#else
LIBC=gnu
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
;;
esac
# Note: order is significant - the case branches are not exclusive.
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
@ -153,20 +168,27 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || echo unknown)`
UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
/sbin/$sysctl 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || \
echo unknown)`
case "${UNAME_MACHINE_ARCH}" in
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
sh5el) machine=sh5le-unknown ;;
earmv*)
arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
machine=${arch}${endian}-unknown
;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
case "${UNAME_MACHINE_ARCH}" in
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__
@ -182,6 +204,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
os=netbsd
;;
esac
# Determine ABI tags.
case "${UNAME_MACHINE_ARCH}" in
earm*)
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
;;
esac
# The OS release
# Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need
@ -192,18 +221,26 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
release='-gnu'
;;
*)
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}"
echo "${machine}-${os}${release}${abi}"
exit ;;
*:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
exit ;;
*:OpenBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
exit ;;
*:LibertyBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
exit ;;
*:ekkoBSD:*:*)
echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
exit ;;
@ -216,6 +253,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:MirBSD:*:*)
echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
exit ;;
*:Sortix:*:*)
echo ${UNAME_MACHINE}-unknown-sortix
exit ;;
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
@ -232,42 +272,42 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
case "$ALPHA_CPU_TYPE" in
"EV4 (21064)")
UNAME_MACHINE="alpha" ;;
UNAME_MACHINE=alpha ;;
"EV4.5 (21064)")
UNAME_MACHINE="alpha" ;;
UNAME_MACHINE=alpha ;;
"LCA4 (21066/21068)")
UNAME_MACHINE="alpha" ;;
UNAME_MACHINE=alpha ;;
"EV5 (21164)")
UNAME_MACHINE="alphaev5" ;;
UNAME_MACHINE=alphaev5 ;;
"EV5.6 (21164A)")
UNAME_MACHINE="alphaev56" ;;
UNAME_MACHINE=alphaev56 ;;
"EV5.6 (21164PC)")
UNAME_MACHINE="alphapca56" ;;
UNAME_MACHINE=alphapca56 ;;
"EV5.7 (21164PC)")
UNAME_MACHINE="alphapca57" ;;
UNAME_MACHINE=alphapca57 ;;
"EV6 (21264)")
UNAME_MACHINE="alphaev6" ;;
UNAME_MACHINE=alphaev6 ;;
"EV6.7 (21264A)")
UNAME_MACHINE="alphaev67" ;;
UNAME_MACHINE=alphaev67 ;;
"EV6.8CB (21264C)")
UNAME_MACHINE="alphaev68" ;;
UNAME_MACHINE=alphaev68 ;;
"EV6.8AL (21264B)")
UNAME_MACHINE="alphaev68" ;;
UNAME_MACHINE=alphaev68 ;;
"EV6.8CX (21264D)")
UNAME_MACHINE="alphaev68" ;;
UNAME_MACHINE=alphaev68 ;;
"EV6.9A (21264/EV69A)")
UNAME_MACHINE="alphaev69" ;;
UNAME_MACHINE=alphaev69 ;;
"EV7 (21364)")
UNAME_MACHINE="alphaev7" ;;
UNAME_MACHINE=alphaev7 ;;
"EV7.9 (21364A)")
UNAME_MACHINE="alphaev79" ;;
UNAME_MACHINE=alphaev79 ;;
esac
# A Pn.n version is a patched version.
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
@ -302,7 +342,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
exit ;;
arm:riscos:*:*|arm:RISCOS:*:*)
arm*:riscos:*:*|arm*:RISCOS:*:*)
echo arm-unknown-riscos
exit ;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
@ -340,16 +380,16 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
exit ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
eval $set_cc_for_build
SUN_ARCH="i386"
SUN_ARCH=i386
# If there is a compiler, see if it is configured for 64-bit objects.
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
# This test works for both compilers.
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
SUN_ARCH="x86_64"
SUN_ARCH=x86_64
fi
fi
echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
@ -374,7 +414,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
case "`/bin/arch`" in
sun3)
echo m68k-sun-sunos${UNAME_RELEASE}
@ -560,8 +600,9 @@ EOF
else
IBM_ARCH=powerpc
fi
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
if [ -x /usr/bin/lslpp ] ; then
IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
@ -598,13 +639,13 @@ EOF
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
32) HP_ARCH=hppa2.0n ;;
64) HP_ARCH=hppa2.0w ;;
'') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
esac ;;
esac
fi
@ -643,11 +684,11 @@ EOF
exit (0);
}
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
(CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
if [ ${HP_ARCH} = "hppa2.0w" ]
if [ ${HP_ARCH} = hppa2.0w ]
then
eval $set_cc_for_build
@ -660,12 +701,12 @@ EOF
# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
# => hppa64-hp-hpux11.23
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
grep -q __LP64__
then
HP_ARCH="hppa2.0w"
HP_ARCH=hppa2.0w
else
HP_ARCH="hppa64"
HP_ARCH=hppa64
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
@ -770,14 +811,14 @@ EOF
echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
5000:UNIX_System_V:4.*:*)
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
@ -801,10 +842,13 @@ EOF
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
exit ;;
*:MINGW64*:*)
echo ${UNAME_MACHINE}-pc-mingw64
exit ;;
*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit ;;
i*:MSYS*:*)
*:MSYS*:*)
echo ${UNAME_MACHINE}-pc-msys
exit ;;
i*:windows32*:*)
@ -852,21 +896,21 @@ EOF
exit ;;
*:GNU:*:*)
# the GNU system
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit ;;
aarch64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
aarch64_be:Linux:*:*)
UNAME_MACHINE=aarch64_be
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
@ -879,59 +923,60 @@ EOF
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arc:Linux:*:* | arceb:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arm*:Linux:*:*)
eval $set_cc_for_build
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_EABI__
then
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
else
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_PCS_VFP
then
echo ${UNAME_MACHINE}-unknown-linux-gnueabi
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
else
echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
fi
fi
exit ;;
avr32*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
cris:Linux:*:*)
echo ${UNAME_MACHINE}-axis-linux-gnu
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
crisv32:Linux:*:*)
echo ${UNAME_MACHINE}-axis-linux-gnu
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
e2k:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
frv:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
hexagon:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
i*86:Linux:*:*)
LIBC=gnu
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#ifdef __dietlibc__
LIBC=dietlibc
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
k1om:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
m32r*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
m68*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
mips:Linux:*:* | mips64:Linux:*:*)
eval $set_cc_for_build
@ -950,54 +995,63 @@ EOF
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
;;
or32:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
openrisc*:Linux:*:*)
echo or1k-unknown-linux-${LIBC}
exit ;;
or32:Linux:*:* | or1k*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
padre:Linux:*:*)
echo sparc-unknown-linux-gnu
echo sparc-unknown-linux-${LIBC}
exit ;;
parisc64:Linux:*:* | hppa64:Linux:*:*)
echo hppa64-unknown-linux-gnu
echo hppa64-unknown-linux-${LIBC}
exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
PA7*) echo hppa1.1-unknown-linux-gnu ;;
PA8*) echo hppa2.0-unknown-linux-gnu ;;
*) echo hppa-unknown-linux-gnu ;;
PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
*) echo hppa-unknown-linux-${LIBC} ;;
esac
exit ;;
ppc64:Linux:*:*)
echo powerpc64-unknown-linux-gnu
echo powerpc64-unknown-linux-${LIBC}
exit ;;
ppc:Linux:*:*)
echo powerpc-unknown-linux-gnu
echo powerpc-unknown-linux-${LIBC}
exit ;;
ppc64le:Linux:*:*)
echo powerpc64le-unknown-linux-${LIBC}
exit ;;
ppcle:Linux:*:*)
echo powerpcle-unknown-linux-${LIBC}
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
exit ;;
sh64*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
tile*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
vax:Linux:*:*)
echo ${UNAME_MACHINE}-dec-linux-gnu
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;;
x86_64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
@ -1073,7 +1127,7 @@ EOF
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i586.
# Note: whatever this is, it MUST be the same as what config.sub
# prints for the "djgpp" host, or else GDB configury will decide that
# prints for the "djgpp" host, or else GDB configure will decide that
# this is a cross-build.
echo i586-pc-msdosdjgpp
exit ;;
@ -1201,6 +1255,9 @@ EOF
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
echo i586-pc-haiku
exit ;;
x86_64:Haiku:*:*)
echo x86_64-unknown-haiku
exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit ;;
@ -1219,6 +1276,9 @@ EOF
SX-8R:SUPER-UX:*:*)
echo sx8r-nec-superux${UNAME_RELEASE}
exit ;;
SX-ACE:SUPER-UX:*:*)
echo sxace-nec-superux${UNAME_RELEASE}
exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit ;;
@ -1227,24 +1287,36 @@ EOF
exit ;;
*:Darwin:*:*)
UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
case $UNAME_PROCESSOR in
i386)
eval $set_cc_for_build
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
UNAME_PROCESSOR="x86_64"
fi
fi ;;
unknown) UNAME_PROCESSOR=powerpc ;;
esac
eval $set_cc_for_build
if test "$UNAME_PROCESSOR" = unknown ; then
UNAME_PROCESSOR=powerpc
fi
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
case $UNAME_PROCESSOR in
i386) UNAME_PROCESSOR=x86_64 ;;
powerpc) UNAME_PROCESSOR=powerpc64 ;;
esac
fi
fi
elif test "$UNAME_PROCESSOR" = i386 ; then
# Avoid executing cc on OS X 10.9, as it ships with a stub
# that puts up a graphical alert prompting to install
# developer tools. Any system running Mac OS X 10.7 or
# later (Darwin 11 and later) is required to have a 64-bit
# processor. This is not true of the ARM version of Darwin
# that Apple uses in portable devices.
UNAME_PROCESSOR=x86_64
fi
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
if test "$UNAME_PROCESSOR" = "x86"; then
if test "$UNAME_PROCESSOR" = x86; then
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
fi
@ -1256,7 +1328,7 @@ EOF
NEO-?:NONSTOP_KERNEL:*:*)
echo neo-tandem-nsk${UNAME_RELEASE}
exit ;;
NSE-?:NONSTOP_KERNEL:*:*)
NSE-*:NONSTOP_KERNEL:*:*)
echo nse-tandem-nsk${UNAME_RELEASE}
exit ;;
NSR-?:NONSTOP_KERNEL:*:*)
@ -1275,7 +1347,7 @@ EOF
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
if test "$cputype" = "386"; then
if test "$cputype" = 386; then
UNAME_MACHINE=i386
else
UNAME_MACHINE="$cputype"
@ -1317,7 +1389,7 @@ EOF
echo i386-pc-xenix
exit ;;
i*86:skyos:*:*)
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
exit ;;
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
@ -1328,159 +1400,11 @@ EOF
x86_64:VMkernel:*:*)
echo ${UNAME_MACHINE}-unknown-esx
exit ;;
amd64:Isilon\ OneFS:*:*)
echo x86_64-unknown-onefs
exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
eval $set_cc_for_build
cat >$dummy.c <<EOF
#ifdef _SEQUENT_
# include <sys/types.h>
# include <sys/utsname.h>
#endif
main ()
{
#if defined (sony)
#if defined (MIPSEB)
/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
I don't know.... */
printf ("mips-sony-bsd\n"); exit (0);
#else
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
"4"
#else
""
#endif
); exit (0);
#endif
#endif
#if defined (__arm) && defined (__acorn) && defined (__unix)
printf ("arm-acorn-riscix\n"); exit (0);
#endif
#if defined (hp300) && !defined (hpux)
printf ("m68k-hp-bsd\n"); exit (0);
#endif
#if defined (NeXT)
#if !defined (__ARCHITECTURE__)
#define __ARCHITECTURE__ "m68k"
#endif
int version;
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
if (version < 4)
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
else
printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
exit (0);
#endif
#if defined (MULTIMAX) || defined (n16)
#if defined (UMAXV)
printf ("ns32k-encore-sysv\n"); exit (0);
#else
#if defined (CMU)
printf ("ns32k-encore-mach\n"); exit (0);
#else
printf ("ns32k-encore-bsd\n"); exit (0);
#endif
#endif
#endif
#if defined (__386BSD__)
printf ("i386-pc-bsd\n"); exit (0);
#endif
#if defined (sequent)
#if defined (i386)
printf ("i386-sequent-dynix\n"); exit (0);
#endif
#if defined (ns32000)
printf ("ns32k-sequent-dynix\n"); exit (0);
#endif
#endif
#if defined (_SEQUENT_)
struct utsname un;
uname(&un);
if (strncmp(un.version, "V2", 2) == 0) {
printf ("i386-sequent-ptx2\n"); exit (0);
}
if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
printf ("i386-sequent-ptx1\n"); exit (0);
}
printf ("i386-sequent-ptx\n"); exit (0);
#endif
#if defined (vax)
# if !defined (ultrix)
# include <sys/param.h>
# if defined (BSD)
# if BSD == 43
printf ("vax-dec-bsd4.3\n"); exit (0);
# else
# if BSD == 199006
printf ("vax-dec-bsd4.3reno\n"); exit (0);
# else
printf ("vax-dec-bsd\n"); exit (0);
# endif
# endif
# else
printf ("vax-dec-bsd\n"); exit (0);
# endif
# else
printf ("vax-dec-ultrix\n"); exit (0);
# endif
#endif
#if defined (alliant) && defined (i860)
printf ("i860-alliant-bsd\n"); exit (0);
#endif
exit (1);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
{ echo "$SYSTEM_NAME"; exit; }
# Apollos put the system type in the environment.
test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
# Convex versions that predate uname can use getsysinfo(1)
if [ -x /usr/convex/getsysinfo ]
then
case `getsysinfo -f cpu_type` in
c1*)
echo c1-convex-bsd
exit ;;
c2*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit ;;
c34*)
echo c34-convex-bsd
exit ;;
c38*)
echo c38-convex-bsd
exit ;;
c4*)
echo c4-convex-bsd
exit ;;
esac
fi
cat >&2 <<EOF
$0: unable to guess system type
@ -1488,9 +1412,9 @@ This script, last modified $timestamp, has failed to recognize
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
and
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
If the version you run ($0) is already up to date, please
send the following data and any information you think might be

158
contrib/ldns/config.sub vendored
View File

@ -1,24 +1,18 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
# 2011, 2012 Free Software Foundation, Inc.
# Copyright 1992-2016 Free Software Foundation, Inc.
timestamp='2012-02-10'
timestamp='2016-03-30'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
# can handle that machine. It does not imply ALL GNU software can.
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
@ -26,11 +20,12 @@ timestamp='2012-02-10'
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# the same distribution terms that you use for the rest of that
# program. This Exception is an additional permission under section 7
# of the GNU General Public License, version 3 ("GPLv3").
# Please send patches to <config-patches@gnu.org>. Submit a context
# diff and a properly formatted GNU ChangeLog entry.
# Please send patches to <config-patches@gnu.org>.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
@ -38,7 +33,7 @@ timestamp='2012-02-10'
# Otherwise, we print the canonical config type on stdout and succeed.
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
@ -58,8 +53,7 @@ timestamp='2012-02-10'
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION] CPU-MFR-OPSYS
$0 [OPTION] ALIAS
Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
Canonicalize a configuration name.
@ -73,9 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
Free Software Foundation, Inc.
Copyright 1992-2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -123,8 +115,8 @@ esac
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | \
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
@ -156,7 +148,7 @@ case $os in
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-apple | -axis | -knuth | -cray | -microblaze)
-apple | -axis | -knuth | -cray | -microblaze*)
os=
basic_machine=$1
;;
@ -225,6 +217,12 @@ case $os in
-isc*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-lynx*178)
os=-lynxos178
;;
-lynx*5)
os=-lynxos5
;;
-lynx*)
os=-lynxos
;;
@ -253,21 +251,25 @@ case $basic_machine in
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
| be32 | be64 \
| arc | arceb \
| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
| avr | avr32 \
| ba \
| be32 | be64 \
| bfin \
| c4x | clipper \
| c4x | c8051 | clipper \
| d10v | d30v | dlx | dsp16xx \
| epiphany \
| fido | fr30 | frv \
| e2k | epiphany \
| fido | fr30 | frv | ft32 \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
| k1om \
| le32 | le64 \
| lm32 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
| maxq | mb | microblaze | mcore | mep | metag \
| maxq | mb | microblaze | microblazeel | mcore | mep | metag \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
@ -281,26 +283,29 @@ case $basic_machine in
| mips64vr5900 | mips64vr5900el \
| mipsisa32 | mipsisa32el \
| mipsisa32r2 | mipsisa32r2el \
| mipsisa32r6 | mipsisa32r6el \
| mipsisa64 | mipsisa64el \
| mipsisa64r2 | mipsisa64r2el \
| mipsisa64r6 | mipsisa64r6el \
| mipsisa64sb1 | mipsisa64sb1el \
| mipsisa64sr71k | mipsisa64sr71kel \
| mipsr5900 | mipsr5900el \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
| moxie \
| mt \
| msp430 \
| nds32 | nds32le | nds32be \
| nios | nios2 \
| nios | nios2 | nios2eb | nios2el \
| ns16k | ns32k \
| open8 \
| or32 \
| open8 | or1k | or1knd | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle \
| pyramid \
| riscv32 | riscv64 \
| rl78 | rx \
| score \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
@ -308,6 +313,7 @@ case $basic_machine in
| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
| ubicom32 \
| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| visium \
| we32k \
| x86 | xc16x | xstormy16 | xtensa \
| z8k | z80)
@ -322,7 +328,10 @@ case $basic_machine in
c6x)
basic_machine=tic6x-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
leon|leon[3-9])
basic_machine=sparc-$basic_machine
;;
m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
basic_machine=$basic_machine-unknown
os=-none
;;
@ -364,26 +373,29 @@ case $basic_machine in
| aarch64-* | aarch64_be-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
| ba-* \
| be32-* | be64-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \
| clipper-* | craynv-* | cydra-* \
| c8051-* | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
| e2k-* | elxsi-* \
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| hexagon-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
| k1om-* \
| le32-* | le64-* \
| lm32-* \
| m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
| microblaze-* | microblazeel-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
@ -397,28 +409,33 @@ case $basic_machine in
| mips64vr5900-* | mips64vr5900el-* \
| mipsisa32-* | mipsisa32el-* \
| mipsisa32r2-* | mipsisa32r2el-* \
| mipsisa32r6-* | mipsisa32r6el-* \
| mipsisa64-* | mipsisa64el-* \
| mipsisa64r2-* | mipsisa64r2el-* \
| mipsisa64r6-* | mipsisa64r6el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
| mipsr5900-* | mipsr5900el-* \
| mipstx39-* | mipstx39el-* \
| mmix-* \
| mt-* \
| msp430-* \
| nds32-* | nds32le-* | nds32be-* \
| nios-* | nios2-* \
| nios-* | nios2-* | nios2eb-* | nios2el-* \
| none-* | np1-* | ns16k-* | ns32k-* \
| open8-* \
| or1k*-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
| riscv32-* | riscv64-* \
| rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
| tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tile*-* \
@ -426,6 +443,7 @@ case $basic_machine in
| ubicom32-* \
| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
| vax-* \
| visium-* \
| we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* \
| xstormy16-* | xtensa*-* \
@ -502,6 +520,9 @@ case $basic_machine in
basic_machine=i386-pc
os=-aros
;;
asmjs)
basic_machine=asmjs-unknown
;;
aux)
basic_machine=m68k-apple
os=-aux
@ -763,6 +784,9 @@ case $basic_machine in
basic_machine=m68k-isi
os=-sysv
;;
leon-*|leon[3-9]-*)
basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
;;
m68knommu)
basic_machine=m68k-unknown
os=-linux
@ -782,11 +806,15 @@ case $basic_machine in
basic_machine=ns32k-utek
os=-sysv
;;
microblaze)
microblaze*)
basic_machine=microblaze-xilinx
;;
mingw64)
basic_machine=x86_64-pc
os=-mingw64
;;
mingw32)
basic_machine=i386-pc
basic_machine=i686-pc
os=-mingw32
;;
mingw32ce)
@ -814,6 +842,10 @@ case $basic_machine in
basic_machine=powerpc-unknown
os=-morphos
;;
moxiebox)
basic_machine=moxie-unknown
os=-moxiebox
;;
msdos)
basic_machine=i386-pc
os=-msdos
@ -822,7 +854,7 @@ case $basic_machine in
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
;;
msys)
basic_machine=i386-pc
basic_machine=i686-pc
os=-msys
;;
mvs)
@ -1013,7 +1045,11 @@ case $basic_machine in
basic_machine=i586-unknown
os=-pw32
;;
rdos)
rdos | rdos64)
basic_machine=x86_64-pc
os=-rdos
;;
rdos32)
basic_machine=i386-pc
os=-rdos
;;
@ -1340,29 +1376,30 @@ case $os in
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
| -sym* | -kopensolaris* \
| -sym* | -kopensolaris* | -plan9* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* | -aros* \
| -aos* | -aros* | -cloudabi* | -sortix* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
| -openbsd* | -solidbsd* \
| -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* \
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
| -onefs* | -tirtos*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@ -1486,9 +1523,6 @@ case $os in
-aros*)
os=-aros
;;
-kaos*)
os=-kaos
;;
-zvmoe)
os=-zvmoe
;;
@ -1497,6 +1531,8 @@ case $os in
;;
-nacl*)
;;
-ios)
;;
-none)
;;
*)
@ -1537,6 +1573,12 @@ case $basic_machine in
c4x-* | tic4x-*)
os=-coff
;;
c8051-*)
os=-elf
;;
hexagon-*)
os=-elf
;;
tic54x-*)
os=-coff
;;

3329
contrib/ldns/configure vendored
View File

File diff suppressed because it is too large Load Diff

315
contrib/ldns/configure.ac
View File

@ -5,17 +5,35 @@ sinclude(acx_nlnetlabs.m4)
# must be numbers. ac_defun because of later processing.
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[6])
m4_define([VERSION_MICRO],[17])
m4_define([VERSION_MINOR],[7])
m4_define([VERSION_MICRO],[0])
AC_INIT(ldns, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), libdns@nlnetlabs.nl, libdns)
AC_CONFIG_SRCDIR([packet.c])
# needed to build correct soname
AC_SUBST(LDNS_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(LDNS_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(LDNS_VERSION_MICRO, [VERSION_MICRO])
AC_SUBST(VERSION_INFO, [VERSION_MAJOR:VERSION_MINOR:VERSION_MICRO])
# Library version
# ---------------
# current:revision:age
# (binary-api-number):(which-binary-api-version):(how-many-nrs-backwardscompat)
# if source code changes increment revision
# if any interfaces have been added/removed/changed since last update then
# increment current and set revision to 0
# if any interfaces have been added since the last public release then increment age
# if any interfaces have been removed or changed since the last public release then
# set age to 0
#
# ldns-1.6.17 and before had a .so with version same as VERSION_INFO
# ldns-1.7.0 will have libversion 2:0:0
#
AC_SUBST(VERSION_INFO, [2:0:0])
AC_AIX
if test "$ac_cv_header_minix_config_h" = "yes"; then
AC_DEFINE(_NETBSD_SOURCE,1, [Enable for compile on Minix])
fi
LT_INIT
AC_CONFIG_MACRO_DIR([m4])
@ -74,7 +92,9 @@ ACX_CHECK_COMPILER_FLAG(Wall, [CFLAGS="-Wall $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(W, [CFLAGS="-W $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(Wwrite-strings, [CFLAGS="-Wwrite-strings $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(Wstrict-prototypes, [CFLAGS="-Wstrict-prototypes $CFLAGS"])
#ACX_CHECK_COMPILER_FLAG(Wshadow, [CFLAGS="-Wshadow $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(Wunused-function, [CFLAGS="-Wunused-function $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(Wmissing-prototypes, [CFLAGS="-Wmissing-prototypes $CFLAGS"])
AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT])
@ -118,14 +138,12 @@ This does not work with the --with-drill option.
Please remove the config.h from the drill subdirectory
or do not use the --with-drill option.])
fi
DRILL_CONFIG=" drill/drill.1"
else
AC_SUBST(DRILL,[""])
AC_SUBST(INSTALL_DRILL,[""])
AC_SUBST(UNINSTALL_DRILL,[""])
AC_SUBST(CLEAN_DRILL,[""])
AC_SUBST(LINT_DRILL,[""])
DRILL_CONFIG=""
fi
@ -145,14 +163,12 @@ This does not work with the --with-examples option.
Please remove the config.h from the examples subdirectory
or do not use the --with-examples option.])
fi
EXAMPLES_CONFIG=" examples/ldns-dane.1 examples/ldns-verify-zone.1"
else
AC_SUBST(EXAMPLES,[""])
AC_SUBST(INSTALL_EXAMPLES,[""])
AC_SUBST(UNINSTALL_EXAMPLES,[""])
AC_SUBST(CLEAN_EXAMPLES,[""])
AC_SUBST(LINT_EXAMPLES,[""])
EXAMPLES_CONFIG=""
fi
# add option to disable installation of ldns-config script
@ -180,6 +196,13 @@ case "$enable_stderr_msgs" in
;;
esac
AX_HAVE_POLL(
[AX_CONFIG_FEATURE_ENABLE(poll)],
[AX_CONFIG_FEATURE_DISABLE(poll)])
AX_CONFIG_FEATURE(
[poll], [This platform supports poll(7)],
[HAVE_POLL], [This platform supports poll(7).])
# check for python
PYTHON_X_CFLAGS=""
ldns_with_pyldns=no
@ -301,8 +324,14 @@ tmp_LDFLAGS=$LDFLAGS
tmp_LIBS=$LIBS
ACX_WITH_SSL_OPTIONAL
AC_CHECK_FUNCS([EVP_sha256])
AC_MSG_CHECKING([for LibreSSL])
if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL])
else
AC_MSG_RESULT([no])
fi
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key])
# for macosx, see if glibtool exists and use that
# BSD's need to know the version...
@ -325,6 +354,103 @@ case "$enable_sha2" in
;;
esac
# check wether gost also works
AC_DEFUN([AC_CHECK_GOST_WORKS],
[AC_REQUIRE([AC_PROG_CC])
AC_MSG_CHECKING([if GOST works])
if test c${cross_compiling} = cno; then
BAKCFLAGS="$CFLAGS"
if test -n "$ssldir"; then
CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib"
fi
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include <openssl/conf.h>
/* routine to load gost (from sldns) */
int load_gost_id(void)
{
static int gost_id = 0;
const EVP_PKEY_ASN1_METHOD* meth;
ENGINE* e;
if(gost_id) return gost_id;
/* see if configuration loaded gost implementation from other engine*/
meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1);
if(meth) {
EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
return gost_id;
}
/* see if engine can be loaded already */
e = ENGINE_by_id("gost");
if(!e) {
/* load it ourself, in case statically linked */
ENGINE_load_builtin_engines();
ENGINE_load_dynamic();
e = ENGINE_by_id("gost");
}
if(!e) {
/* no gost engine in openssl */
return 0;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
ENGINE_finish(e);
ENGINE_free(e);
return 0;
}
meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1);
if(!meth) {
/* algo not found */
ENGINE_finish(e);
ENGINE_free(e);
return 0;
}
EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
return gost_id;
}
int main(void) {
EVP_MD_CTX* ctx;
const EVP_MD* md;
unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */
const char* str = "Hello world";
const unsigned char check[] = {
0x40 , 0xed , 0xf8 , 0x56 , 0x5a , 0xc5 , 0x36 , 0xe1 ,
0x33 , 0x7c , 0x7e , 0x87 , 0x62 , 0x1c , 0x42 , 0xe0 ,
0x17 , 0x1b , 0x5e , 0xce , 0xa8 , 0x46 , 0x65 , 0x4d ,
0x8d , 0x3e , 0x22 , 0x9b , 0xe1 , 0x30 , 0x19 , 0x9d
};
OPENSSL_config(NULL);
(void)load_gost_id();
md = EVP_get_digestbyname("md_gost94");
if(!md) return 1;
memset(digest, 0, sizeof(digest));
ctx = EVP_MD_CTX_create();
if(!ctx) return 2;
if(!EVP_DigestInit_ex(ctx, md, NULL)) return 3;
if(!EVP_DigestUpdate(ctx, str, 10)) return 4;
if(!EVP_DigestFinal_ex(ctx, digest, NULL)) return 5;
/* uncomment to see the hash calculated.
{int i;
for(i=0; i<32; i++)
printf(" %2.2x", (int)digest[i]);
printf("\n");}
*/
if(memcmp(digest, check, sizeof(check)) != 0)
return 6;
return 0;
}
]])] , [eval "ac_cv_c_gost_works=yes"], [eval "ac_cv_c_gost_works=no"])
CFLAGS="$BAKCFLAGS"
else
eval "ac_cv_c_gost_works=maybe"
fi
])dnl
AC_ARG_ENABLE(gost, AC_HELP_STRING([--disable-gost], [Disable GOST support]))
case "$enable_gost" in
no)
@ -336,7 +462,22 @@ case "$enable_gost" in
AC_MSG_CHECKING(for GOST)
AC_CHECK_FUNC(EVP_PKEY_set_type_str, [],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support or rerun with --disable-gost])])
AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([No ECC functions found in OpenSSL: please upgrade OpenSSL or rerun with --disable-gost])])
AC_DEFINE_UNQUOTED([USE_GOST], [1], [Define this to enable GOST support.])
AC_CHECK_GOST_WORKS
AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even whithout a GOST engine installed]))
if test "$ac_cv_c_gost_works" != "no" -o "$enable_gost_anyway" = "yes"; then
if test "$ac_cv_c_gost_works" = "no"; then
AC_MSG_RESULT([no, but compiling with GOST support anyway])
else
AC_MSG_RESULT([yes])
fi
use_gost="yes"
AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.])
else
AC_MSG_RESULT([no])
AC_MSG_WARN([Gost support does not work because the engine is missing.])
AC_MSG_WARN([Install gost-engine first or use the --enable-gost-anyway to compile with GOST support anyway])
AC_MSG_WARN([See also https://github.com/gost-engine/engine/wiki for information about gost-engine])
fi
;;
esac
@ -358,18 +499,102 @@ case "$enable_ecdsa" in
;;
esac
AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support]))
case "$enable_dsa" in
no)
;;
*) dnl default
# detect if DSA is supported, and turn it off if not.
AC_CHECK_FUNC(DSA_SIG_new, [
AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.])
fi ])
;;
esac
AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--enable-ed25519], [Enable ED25519 support (experimental)]))
case "$enable_ed25519" in
yes)
if test "x$HAVE_SSL" != "xyes"; then
AC_MSG_ERROR([ED25519 enabled, but no SSL support])
fi
AC_CHECK_DECLS([NID_X25519], [], [AC_MSG_ERROR([OpenSSL does not support the EDDSA curve: please upgrade OpenSSL or rerun with --disable-ed25519])], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
;;
*|no) dnl default
;;
esac
AC_ARG_ENABLE(ed448, AC_HELP_STRING([--enable-ed448], [Enable ED448 support (experimental)]))
case "$enable_ed448" in
yes)
if test "x$HAVE_SSL" != "xyes"; then
AC_MSG_ERROR([ED448 enabled, but no SSL support])
fi
AC_CHECK_DECLS([NID_X448], [], [AC_MSG_ERROR([OpenSSL does not support the EDDSA curve: please upgrade OpenSSL or rerun with --disable-ed448])], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
AC_DEFINE_UNQUOTED([USE_ED448], [1], [Define this to enable ED448 support.])
;;
*|no) dnl default
;;
esac
AC_ARG_ENABLE(dane, AC_HELP_STRING([--disable-dane], [Disable DANE support]))
AC_ARG_ENABLE(dane-verify, AC_HELP_STRING([--disable-dane-verify], [Disable DANE verify support]))
AC_ARG_ENABLE(dane-ta-usage, AC_HELP_STRING([--disable-dane-ta-usage], [Disable DANE-TA usage type support]))
AC_ARG_ENABLE(full-dane,, [
enable_dane_ta_usage=yes
enable_dane_verify=yes
enable_dane=yes
])
AC_ARG_ENABLE(no-dane-ta-usage,, [
enable_dane_ta_usage=no
enable_dane_verify=yes
enable_dane=yes
])
AC_ARG_ENABLE(no-dane-verify,, [
enable_dane_ta_usage=no
enable_dane_verify=no
enable_dane=yes
])
case "$enable_dane" in
no)
AC_SUBST(ldns_build_config_use_dane, 0)
AC_SUBST(ldns_build_config_use_dane_verify, 0)
AC_SUBST(ldns_build_config_use_dane_ta_usage, 0)
;;
*) dnl default
if test "x$HAVE_SSL" != "xyes"; then
AC_MSG_ERROR([DANE enabled, but no SSL support])
fi
AC_CHECK_FUNC(X509_check_ca, [], [AC_MSG_ERROR([OpenSSL does not support DANE: please upgrade OpenSSL or rerun with --disable-dane])])
AC_DEFINE_UNQUOTED([USE_DANE], [1], [Define this to enable DANE support.])
AC_SUBST(ldns_build_config_use_dane, 1)
AC_DEFINE_UNQUOTED([USE_DANE], [1], [Define this to enable DANE support.])
case "$enable_dane_verify" in
no)
AC_SUBST(ldns_build_config_use_dane_verify, 0)
AC_SUBST(ldns_build_config_use_dane_ta_usage, 0)
;;
*)
AC_SUBST(ldns_build_config_use_dane_verify, 1)
AC_DEFINE_UNQUOTED([USE_DANE_VERIFY], [1], [Define this to enable DANE verify support.])
case "$enable_dane_ta_usage" in
no)
AC_SUBST(ldns_build_config_use_dane_ta_usage, 0)
;;
*) dnl default
LIBS="-lssl $LIBS"
AC_CHECK_FUNC(SSL_get0_dane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage])])
LIBSSL_LIBS="$LIBSSL_LIBS -lssl"
AC_SUBST(ldns_build_config_use_dane_ta_usage, 1)
AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.])
;;
esac
esac
;;
esac
@ -389,20 +614,12 @@ case "$enable_rrtype_rkey" in
no|*)
;;
esac
AC_ARG_ENABLE(rrtype-cds, AC_HELP_STRING([--enable-rrtype-cds], [Enable draft RR type cds.]))
case "$enable_rrtype_cds" in
yes)
AC_DEFINE_UNQUOTED([RRTYPE_CDS], [], [Define this to enable RR type CDS.])
AC_ARG_ENABLE(rrtype-openpgpkey, AC_HELP_STRING([--disable-rrtype-openpgpkey], [Disable openpgpkey RR type.]))
case "$enable_rrtype_openpgpkey" in
no)
;;
no|*)
;;
esac
AC_ARG_ENABLE(rrtype-uri, AC_HELP_STRING([--enable-rrtype-uri], [Enable draft RR type uri.]))
case "$enable_rrtype_uri" in
yes)
AC_DEFINE_UNQUOTED([RRTYPE_URI], [], [Define this to enable RR type URI.])
;;
no|*)
yes|*)
AC_DEFINE_UNQUOTED([RRTYPE_OPENPGPKEY], [], [Define this to enable RR type OPENPGPKEY.])
;;
esac
AC_ARG_ENABLE(rrtype-ta, AC_HELP_STRING([--enable-rrtype-ta], [Enable draft RR type ta.]))
@ -413,6 +630,14 @@ case "$enable_rrtype_ta" in
no|*)
;;
esac
AC_ARG_ENABLE(rrtype-avc, AC_HELP_STRING([--enable-rrtype-avc], [Enable draft RR type avc.]))
case "$enable_rrtype_avc" in
yes)
AC_DEFINE_UNQUOTED([RRTYPE_AVC], [], [Define this to enable RR type AVC.])
;;
no|*)
;;
esac
AC_SUBST(LIBSSL_CPPFLAGS)
AC_SUBST(LIBSSL_LDFLAGS)
@ -616,31 +841,26 @@ ACX_FUNC_IOCTLSOCKET
ACX_CHECK_FORMAT_ATTRIBUTE
ACX_CHECK_UNUSED_ATTRIBUTE
# check OSX deployment target which is needed
# check OSX deployment target, if needed
if echo $build_os | grep darwin > /dev/null; then
export MACOSX_DEPLOYMENT_TARGET="10.4"
sdk_p=`xcode-select -print-path`;
sdk_v="$( /usr/bin/xcrun --show-sdk-version )";
case $sdk_v in
10.9|10.8) sdk_c="10.7";;
10.11|10.10|*) sdk_c="10.10";;
esac
export MACOSX_DEPLOYMENT_TARGET="${sdk_c}";
export CFLAGS="$CFLAGS -mmacosx-version-min=${sdk_c} -isysroot ${sdk_p}/Platforms/MacOSX.platform/Developer/SDKs/MacOSX${sdk_v}.sdk";
fi
AC_DEFINE([SYSCONFDIR], [sysconfdir], [System configuration dir])
AC_ARG_WITH(trust-anchor, AC_HELP_STRING([--with-trust-anchor=KEYFILE], [Default location of the trust anchor file for drill and ldns-dane. [default=SYSCONFDIR/unbound/root.key]]), [
LDNS_TRUST_ANCHOR_FILE="$withval"
AC_SUBST([LDNS_TRUST_ANCHOR_FILE], ["$withval"])
AC_MSG_NOTICE([Default trust anchor: $withval])
],[
if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then
if test "x$sysconfdir" = 'x${prefix}/etc' ; then
if test "x$prefix" = 'xNONE' ; then
LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key"
else
LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key"
fi
else
LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key"
fi
fi
AC_SUBST([LDNS_TRUST_ANCHOR_FILE], ["\$(sysconfdir)/unbound/root.key"])
])
AC_DEFINE_UNQUOTED([LDNS_TRUST_ANCHOR_FILE], ["$LDNS_TRUST_ANCHOR_FILE"], [Default trust anchor file])
AC_SUBST(LDNS_TRUST_ANCHOR_FILE)
AC_MSG_NOTICE([Default trust anchor: $LDNS_TRUST_ANCHOR_FILE])
AC_ARG_WITH(ca-file, AC_HELP_STRING([--with-ca-file=CAFILE], [File containing CA certificates for ldns-dane]), [
AC_DEFINE([HAVE_DANE_CA_FILE], [1], [Is a CAFILE given at configure time])
@ -793,6 +1013,15 @@ void *memmove(void *dest, const void *src, size_t n);
#ifndef HAVE_STRLCPY
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
#ifdef USE_WINSOCK
#define SOCK_INVALID INVALID_SOCKET
#define close_socket(_s) do { if (_s > SOCK_INVALID) {closesocket(_s); _s = SOCK_INVALID;} } while(0)
#else
#define SOCK_INVALID -1
#define close_socket(_s) do { if (_s > SOCK_INVALID) {close(_s); _s = SOCK_INVALID;} } while(0)
#endif
#ifdef __cplusplus
}
#endif
@ -820,7 +1049,7 @@ else
AC_SUBST(ldns_build_config_have_attr_unused, 0)
fi
CONFIG_FILES="Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config $DRILL_CONFIG $EXAMPLES_CONFIG"
CONFIG_FILES="Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config"
AC_SUBST(CONFIG_FILES)
AC_CONFIG_FILES([$CONFIG_FILES])

289
contrib/ldns/dane.c
View File

@ -327,8 +327,8 @@ ldns_dane_pkix_get_last_self_signed(X509** out_cert,
}
(void) X509_verify_cert(vrfy_ctx);
if (vrfy_ctx->error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
vrfy_ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){
if (X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){
*out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx);
s = LDNS_STATUS_OK;
@ -356,7 +356,7 @@ ldns_dane_select_certificate(X509** selected_cert,
assert(selected_cert != NULL);
assert(cert != NULL);
/* With PKIX validation explicitely turned off (pkix_validation_store
/* With PKIX validation explicitly turned off (pkix_validation_store
* == NULL), treat the "CA constraint" and "Service certificate
* constraint" the same as "Trust anchor assertion" and "Domain issued
* certificate" respectively.
@ -504,6 +504,7 @@ memerror:
}
#ifdef USE_DANE_VERIFY
/* Return tlsas that actually are TLSA resource records with known values
* for the Certificate usage, Selector and Matching type rdata fields.
*/
@ -535,6 +536,7 @@ ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas)
}
#if !defined(USE_DANE_TA_USAGE)
/* Return whether cert/selector/matching_type matches data.
*/
static ldns_status
@ -591,34 +593,108 @@ ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
}
return s;
}
#endif /* !defined(USE_DANE_TA_USAGE) */
#endif /* USE_DANE_VERIFY */
#ifdef USE_DANE_VERIFY
ldns_status
ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
X509* cert, STACK_OF(X509)* extra_certs,
X509_STORE* pkix_validation_store)
{
ldns_status s;
#if defined(USE_DANE_TA_USAGE)
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
X509_STORE_CTX *store_ctx = NULL;
#else
STACK_OF(X509)* pkix_validation_chain = NULL;
#endif
ldns_status s = LDNS_STATUS_OK;
ldns_tlsa_certificate_usage cert_usage;
ldns_tlsa_certificate_usage usage;
ldns_tlsa_selector selector;
ldns_tlsa_matching_type matching_type;
ldns_tlsa_matching_type mtype;
ldns_rdf* data;
if (! tlsa_rr) {
/* No TLSA, so regular PKIX validation
if (! tlsa_rr || ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA ||
ldns_rr_rd_count(tlsa_rr) != 4 ||
ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) > 3 ||
ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) > 1 ||
ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) > 2 ) {
/* No (usable) TLSA, so regular PKIX validation
*/
return ldns_dane_pkix_validate(cert, extra_certs,
pkix_validation_store);
}
cert_usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0));
selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1));
matching_type = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2));
data = ldns_rr_rdf(tlsa_rr, 3) ;
usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0));
selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1));
mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2));
data = ldns_rr_rdf(tlsa_rr, 3) ;
switch (cert_usage) {
#if defined(USE_DANE_TA_USAGE)
/* Rely on OpenSSL dane functions.
*
* OpenSSL does not provide offline dane verification. The dane unit
* tests within openssl use the undocumented SSL_get0_dane() and
* X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
* SSL_CTX to a X509_STORE_CTX that can be used to do offline
* verification. We use these undocumented means with the ldns
* dane function prototypes which did only offline dane verification.
*/
if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
s = LDNS_STATUS_MEM_ERR;
else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
s = LDNS_STATUS_SSL_ERR;
else if (SSL_CTX_dane_set_flags(
ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
!(ssl = SSL_new(ssl_ctx)))
s = LDNS_STATUS_MEM_ERR;
else if (SSL_set_connect_state(ssl),
(SSL_dane_enable(ssl, NULL) <= 0))
s = LDNS_STATUS_SSL_ERR;
else if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
ldns_rdf_data(data), ldns_rdf_size(data)) <= 0)
s = LDNS_STATUS_SSL_ERR;
else if (!(store_ctx = X509_STORE_CTX_new()))
s = LDNS_STATUS_MEM_ERR;
else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
s = LDNS_STATUS_SSL_ERR;
else {
int ret;
X509_STORE_CTX_set_default(store_ctx,
SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
SSL_get0_param(ssl));
X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
if (SSL_get_verify_callback(ssl))
X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
ret = X509_verify_cert(store_ctx);
if (!ret) {
if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
else
s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
}
X509_STORE_CTX_cleanup(store_ctx);
}
if (store_ctx)
X509_STORE_CTX_free(store_ctx);
if (ssl)
SSL_free(ssl);
if (ssl_ctx)
SSL_CTX_free(ssl_ctx);
return s;
#else
switch (usage) {
case LDNS_TLSA_USAGE_CA_CONSTRAINT:
s = ldns_dane_pkix_validate_and_get_chain(
&pkix_validation_chain,
@ -638,7 +714,7 @@ ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
*/
s = ldns_dane_match_any_cert_with_data(
pkix_validation_chain,
selector, matching_type, data, true);
selector, mtype, data, true);
if (s == LDNS_STATUS_OK) {
/* A TLSA record did match a cert from the
@ -653,15 +729,16 @@ ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
s = ldns_dane_match_any_cert_with_data(
pkix_validation_chain,
selector, matching_type, data, true);
selector, mtype, data, true);
}
sk_X509_pop_free(pkix_validation_chain, X509_free);
return s;
break;
case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
s = ldns_dane_match_cert_with_data(cert,
selector, matching_type, data);
selector, mtype, data);
if (s == LDNS_STATUS_OK) {
return ldns_dane_pkix_validate(cert, extra_certs,
@ -671,78 +748,194 @@ ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
break;
case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
#if 0
s = ldns_dane_pkix_get_chain(&pkix_validation_chain,
cert, extra_certs);
if (s == LDNS_STATUS_OK) {
s = ldns_dane_match_any_cert_with_data(
pkix_validation_chain,
selector, matching_type, data, false);
selector, mtype, data, false);
} else if (! pkix_validation_chain) {
return s;
}
sk_X509_pop_free(pkix_validation_chain, X509_free);
return s;
#else
return LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA;
#endif
break;
case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
return ldns_dane_match_cert_with_data(cert,
selector, matching_type, data);
selector, mtype, data);
break;
default:
break;
}
#endif
return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
}
ldns_status
ldns_dane_verify(ldns_rr_list* tlsas,
ldns_dane_verify(const ldns_rr_list* tlsas,
X509* cert, STACK_OF(X509)* extra_certs,
X509_STORE* pkix_validation_store)
{
#if defined(USE_DANE_TA_USAGE)
SSL_CTX *ssl_ctx = NULL;
ldns_rdf *basename_rdf = NULL;
char *basename = NULL;
SSL *ssl = NULL;
X509_STORE_CTX *store_ctx = NULL;
#else
ldns_status ps;
#endif
size_t i;
ldns_rr* tlsa_rr;
ldns_status s = LDNS_STATUS_OK, ps;
ldns_rr_list *usable_tlsas;
ldns_status s = LDNS_STATUS_OK;
assert(cert != NULL);
if (tlsas && ldns_rr_list_rr_count(tlsas) > 0) {
tlsas = ldns_dane_filter_unusable_records(tlsas);
if (! tlsas) {
return LDNS_STATUS_MEM_ERR;
}
}
if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0) {
if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0)
/* No TLSA's, so regular PKIX validation
*/
return ldns_dane_pkix_validate(cert, extra_certs,
pkix_validation_store);
} else {
for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
tlsa_rr = ldns_rr_list_rr(tlsas, i);
ps = s;
s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs,
pkix_validation_store);
if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH &&
s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
/* To enable name checks (which we don't) */
#if defined(USE_DANE_TA_USAGE) && 0
else if (!(basename_rdf = ldns_dname_clone_from(
ldns_rr_list_owner(tlsas), 2)))
/* Could nog get DANE base name */
s = LDNS_STATUS_ERR;
/* which would be LDNS_STATUS_OK (match)
* or some fatal error preventing use from
* trying the next TLSA record.
*/
break;
}
s = (s > ps ? s : ps); /* prefer PKIX_DID_NOT_VALIDATE
* over TLSA_DID_NOT_MATCH
*/
}
ldns_rr_list_free(tlsas);
else if (!(basename = ldns_rdf2str(basename_rdf)))
s = LDNS_STATUS_MEM_ERR;
else if (strlen(basename) && (basename[strlen(basename)-1] = 0))
s = LDNS_STATUS_ERR; /* Intended to be unreachable */
#endif
else if (!(usable_tlsas = ldns_dane_filter_unusable_records(tlsas)))
return LDNS_STATUS_MEM_ERR;
else if (ldns_rr_list_rr_count(usable_tlsas) == 0) {
/* No TLSA's, so regular PKIX validation
*/
ldns_rr_list_free(usable_tlsas);
return ldns_dane_pkix_validate(cert, extra_certs,
pkix_validation_store);
}
#if defined(USE_DANE_TA_USAGE)
/* Rely on OpenSSL dane functions.
*
* OpenSSL does not provide offline dane verification. The dane unit
* tests within openssl use the undocumented SSL_get0_dane() and
* X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
* SSL_CTX to a X509_STORE_CTX that can be used to do offline
* verification. We use these undocumented means with the ldns
* dane function prototypes which did only offline dane verification.
*/
if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
s = LDNS_STATUS_MEM_ERR;
else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
s = LDNS_STATUS_SSL_ERR;
else if (SSL_CTX_dane_set_flags(
ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
!(ssl = SSL_new(ssl_ctx)))
s = LDNS_STATUS_MEM_ERR;
else if (SSL_set_connect_state(ssl),
(SSL_dane_enable(ssl, basename) <= 0))
s = LDNS_STATUS_SSL_ERR;
else for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
ldns_tlsa_certificate_usage usage;
ldns_tlsa_selector selector;
ldns_tlsa_matching_type mtype;
ldns_rdf* data;
tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,0));
selector= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,1));
mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,2));
data = ldns_rr_rdf(tlsa_rr,3) ;
if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
ldns_rdf_data(data),
ldns_rdf_size(data)) <= 0) {
s = LDNS_STATUS_SSL_ERR;
break;
}
}
if (!s && !(store_ctx = X509_STORE_CTX_new()))
s = LDNS_STATUS_MEM_ERR;
else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
s = LDNS_STATUS_SSL_ERR;
else {
int ret;
X509_STORE_CTX_set_default(store_ctx,
SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
SSL_get0_param(ssl));
X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
if (SSL_get_verify_callback(ssl))
X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
ret = X509_verify_cert(store_ctx);
if (!ret) {
if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
else
s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
}
X509_STORE_CTX_cleanup(store_ctx);
}
if (store_ctx)
X509_STORE_CTX_free(store_ctx);
if (ssl)
SSL_free(ssl);
if (ssl_ctx)
SSL_CTX_free(ssl_ctx);
if (basename)
free(basename);
ldns_rdf_deep_free(basename_rdf);
#else
for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
ps = s;
s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs,
pkix_validation_store);
if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH &&
s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE &&
s != LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA) {
/* which would be LDNS_STATUS_OK (match)
* or some fatal error preventing use from
* trying the next TLSA record.
*/
break;
}
s = (s > ps ? s : ps); /* pref NEED_OPENSSL_GE_1_1_FOR_DANE_TA
* over PKIX_DID_NOT_VALIDATE
* over TLSA_DID_NOT_MATCH
*/
}
#endif
ldns_rr_list_free(usable_tlsas);
return s;
}
#endif /* USE_DANE_VERIFY */
#endif /* HAVE_SSL */
#endif /* USE_DANE */

12
contrib/ldns/dname.c
View File

@ -87,7 +87,7 @@ ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2)
}
ldns_status
ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2)
ldns_dname_cat(ldns_rdf *rd1, const ldns_rdf *rd2)
{
uint16_t left_size;
uint16_t size;
@ -251,6 +251,9 @@ ldns_dname_new(uint16_t s, void *d)
{
ldns_rdf *rd;
if (!s || !d) {
return NULL;
}
rd = LDNS_MALLOC(ldns_rdf);
if (!rd) {
return NULL;
@ -527,10 +530,11 @@ ldns_dname_str_absolute(const char *dname_str)
for(s=dname_str; *s; s++) {
if(*s == '\\') {
if(s[1] && s[2] && s[3] /* check length */
&& isdigit(s[1]) && isdigit(s[2]) &&
isdigit(s[3]))
&& isdigit((unsigned char)s[1])
&& isdigit((unsigned char)s[2])
&& isdigit((unsigned char)s[3]))
s += 3;
else if(!s[1] || isdigit(s[1])) /* escape of nul,0-9 */
else if(!s[1] || isdigit((unsigned char)s[1])) /* escape of nul,0-9 */
return 0; /* parse error */
else s++; /* another character escaped */
}

303
contrib/ldns/dnssec.c
View File

@ -81,7 +81,7 @@ ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig,
}
ldns_rdf *
ldns_nsec_get_bitmap(ldns_rr *nsec) {
ldns_nsec_get_bitmap(const ldns_rr *nsec) {
if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) {
return ldns_rr_rdf(nsec, 1);
} else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) {
@ -94,9 +94,9 @@ ldns_nsec_get_bitmap(ldns_rr *nsec) {
/*return the owner name of the closest encloser for name from the list of rrs */
/* this is NOT the hash, but the original name! */
ldns_rdf *
ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
ldns_dnssec_nsec3_closest_encloser(const ldns_rdf *qname,
ATTR_UNUSED(ldns_rr_type qtype),
ldns_rr_list *nsec3s)
const ldns_rr_list *nsec3s)
{
/* remember parameters, they must match */
uint8_t algorithm;
@ -215,7 +215,7 @@ ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt)
ldns_rr_list *
ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt,
ldns_rdf *name,
const ldns_rdf *name,
ldns_rr_type type)
{
uint16_t t_netorder;
@ -298,7 +298,7 @@ ldns_calc_keytag(const ldns_rr *key)
return ac16;
}
uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize)
uint16_t ldns_calc_keytag_raw(const uint8_t* key, size_t keysize)
{
unsigned int i;
uint32_t ac32;
@ -327,14 +327,14 @@ uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize)
#ifdef HAVE_SSL
DSA *
ldns_key_buf2dsa(ldns_buffer *key)
ldns_key_buf2dsa(const ldns_buffer *key)
{
return ldns_key_buf2dsa_raw((unsigned char*)ldns_buffer_begin(key),
return ldns_key_buf2dsa_raw((const unsigned char*)ldns_buffer_begin(key),
ldns_buffer_position(key));
}
DSA *
ldns_key_buf2dsa_raw(unsigned char* key, size_t len)
ldns_key_buf2dsa_raw(const unsigned char* key, size_t len)
{
uint8_t T;
uint16_t length;
@ -375,25 +375,43 @@ ldns_key_buf2dsa_raw(unsigned char* key, size_t len)
BN_free(Y);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#ifndef S_SPLINT_S
dsa->p = P;
dsa->q = Q;
dsa->g = G;
dsa->pub_key = Y;
#endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!DSA_set0_pqg(dsa, P, Q, G)) {
/* QPG not yet attached, need to free */
BN_free(Q);
BN_free(P);
BN_free(G);
DSA_free(dsa);
BN_free(Y);
return NULL;
}
if (!DSA_set0_key(dsa, Y, NULL)) {
/* QPG attached, cleaned up by DSA_fre() */
DSA_free(dsa);
BN_free(Y);
return NULL;
}
#endif /* OPENSSL_VERSION_NUMBER */
return dsa;
}
RSA *
ldns_key_buf2rsa(ldns_buffer *key)
ldns_key_buf2rsa(const ldns_buffer *key)
{
return ldns_key_buf2rsa_raw((unsigned char*)ldns_buffer_begin(key),
return ldns_key_buf2rsa_raw((const unsigned char*)ldns_buffer_begin(key),
ldns_buffer_position(key));
}
RSA *
ldns_key_buf2rsa_raw(unsigned char* key, size_t len)
ldns_key_buf2rsa_raw(const unsigned char* key, size_t len)
{
uint16_t offset;
uint16_t exp;
@ -443,16 +461,25 @@ ldns_key_buf2rsa_raw(unsigned char* key, size_t len)
BN_free(modulus);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#ifndef S_SPLINT_S
rsa->n = modulus;
rsa->e = exponent;
#endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
BN_free(exponent);
BN_free(modulus);
RSA_free(rsa);
return NULL;
}
#endif /* OPENSSL_VERSION_NUMBER */
return rsa;
}
int
ldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
ldns_digest_evp(const unsigned char* data, unsigned int len, unsigned char* dest,
const EVP_MD* md)
{
EVP_MD_CTX* ctx;
@ -688,11 +715,8 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
{
uint8_t window; /* most significant octet of type */
uint8_t subtype; /* least significant octet of type */
uint16_t windows[256] /* Max subtype per window */
#ifndef S_SPLINT_S
= { 0 } /* Initialize ALL elements with 0 */
#endif
;
int windows[256]; /* Max subtype per window */
uint8_t windowpresent[256]; /* bool if window appears in bitmap */
ldns_rr_type* d; /* used to traverse rr_type_list*/
size_t i; /* used to traverse windows array */
@ -705,14 +729,17 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
nsec_type != LDNS_RR_TYPE_NSEC3) {
return NULL;
}
memset(windows, 0, sizeof(int)*256);
memset(windowpresent, 0, 256);
/* Which other windows need to be in the bitmap rdf?
*/
for (d = rr_type_list; d < rr_type_list + size; d++) {
window = *d >> 8;
subtype = *d & 0xff;
if (windows[window] < subtype) {
windows[window] = subtype;
windowpresent[window] = 1;
if (windows[window] < (int)subtype) {
windows[window] = (int)subtype;
}
}
@ -720,7 +747,7 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
*/
sz = 0;
for (i = 0; i < 256; i++) {
if (windows[i]) {
if (windowpresent[i]) {
sz += windows[i] / 8 + 3;
}
}
@ -732,14 +759,14 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
return NULL;
}
for (i = 0; i < 256; i++) {
if (windows[i]) {
if (windowpresent[i]) {
*dptr++ = (uint8_t)i;
*dptr++ = (uint8_t)(windows[i] / 8 + 1);
/* Now let windows[i] index the bitmap
* within data
*/
windows[i] = (uint16_t)(dptr - data);
windows[i] = (int)(dptr - data);
dptr += dptr[-1];
}
@ -764,10 +791,10 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
}
int
ldns_dnssec_rrsets_contains_type(ldns_dnssec_rrsets *rrsets,
ldns_dnssec_rrsets_contains_type(const ldns_dnssec_rrsets *rrsets,
ldns_rr_type type)
{
ldns_dnssec_rrsets *cur_rrset = rrsets;
const ldns_dnssec_rrsets *cur_rrset = rrsets;
while (cur_rrset) {
if (cur_rrset->type == type) {
return 1;
@ -778,8 +805,8 @@ ldns_dnssec_rrsets_contains_type(ldns_dnssec_rrsets *rrsets,
}
ldns_rr *
ldns_dnssec_create_nsec(ldns_dnssec_name *from,
ldns_dnssec_name *to,
ldns_dnssec_create_nsec(const ldns_dnssec_name *from,
const ldns_dnssec_name *to,
ldns_rr_type nsec_type)
{
ldns_rr *nsec_rr;
@ -832,14 +859,14 @@ ldns_dnssec_create_nsec(ldns_dnssec_name *from,
}
ldns_rr *
ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
ldns_dnssec_name *to,
ldns_rdf *zone_name,
ldns_dnssec_create_nsec3(const ldns_dnssec_name *from,
const ldns_dnssec_name *to,
const ldns_rdf *zone_name,
uint8_t algorithm,
uint8_t flags,
uint16_t iterations,
uint8_t salt_length,
uint8_t *salt)
const uint8_t *salt)
{
ldns_rr *nsec_rr;
ldns_rr_type types[65536];
@ -971,11 +998,11 @@ ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs)
}
ldns_rdf *
ldns_nsec3_hash_name(ldns_rdf *name,
ldns_nsec3_hash_name(const ldns_rdf *name,
uint8_t algorithm,
uint16_t iterations,
uint8_t salt_length,
uint8_t *salt)
const uint8_t *salt)
{
size_t hashed_owner_str_len;
ldns_rdf *cann;
@ -1075,7 +1102,7 @@ ldns_nsec3_add_param_rdfs(ldns_rr *rr,
uint8_t flags,
uint16_t iterations,
uint8_t salt_length,
uint8_t *salt)
const uint8_t *salt)
{
ldns_rdf *salt_rdf = NULL;
uint8_t *salt_data = NULL;
@ -1121,7 +1148,7 @@ ldns_nsec3_add_param_rdfs(ldns_rr *rr,
}
static int
rr_list_delegation_only(ldns_rdf *origin, ldns_rr_list *rr_list)
rr_list_delegation_only(const ldns_rdf *origin, const ldns_rr_list *rr_list)
{
size_t i;
ldns_rr *cur_rr;
@ -1141,14 +1168,14 @@ rr_list_delegation_only(ldns_rdf *origin, ldns_rr_list *rr_list)
/* this will NOT return the NSEC3 completed, you will have to run the
finalize function on the rrlist later! */
ldns_rr *
ldns_create_nsec3(ldns_rdf *cur_owner,
ldns_rdf *cur_zone,
ldns_rr_list *rrs,
ldns_create_nsec3(const ldns_rdf *cur_owner,
const ldns_rdf *cur_zone,
const ldns_rr_list *rrs,
uint8_t algorithm,
uint8_t flags,
uint16_t iterations,
uint8_t salt_length,
uint8_t *salt,
const uint8_t *salt,
bool emptynonterminal)
{
size_t i;
@ -1329,7 +1356,7 @@ ldns_nsec3_bitmap(const ldns_rr *nsec3_rr)
}
ldns_rdf *
ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name)
ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, const ldns_rdf *name)
{
uint8_t algorithm;
uint16_t iterations;
@ -1354,7 +1381,7 @@ ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name)
}
bool
ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type)
ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type)
{
uint8_t* dptr;
uint8_t* dend;
@ -1520,8 +1547,8 @@ ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name)
/* sig may be null - if so look in the packet */
ldns_status
ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
ldns_rr_list *k, ldns_rr_list *s,
ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o,
const ldns_rr_list *k, const ldns_rr_list *s,
time_t check_time, ldns_rr_list *good_keys)
{
ldns_rr_list *rrset;
@ -1542,7 +1569,7 @@ ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
if (s) {
/* if s is not NULL, the sigs are given to use */
sigs = s;
sigs = (ldns_rr_list *)s;
} else {
/* otherwise get them from the packet */
sigs = ldns_pkt_rr_list_by_name_and_type(p, o,
@ -1584,8 +1611,8 @@ ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
}
ldns_status
ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys)
ldns_pkt_verify(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o,
const ldns_rr_list *k, const ldns_rr_list *s, ldns_rr_list *good_keys)
{
return ldns_pkt_verify_time(p, t, o, k, s, ldns_time(NULL), good_keys);
}
@ -1707,8 +1734,10 @@ ldns_rdf *
ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
const long sig_len)
{
#ifdef USE_DSA
ldns_rdf *sigdata_rdf;
DSA_SIG *dsasig;
const BIGNUM *R, *S;
unsigned char *dsasig_data = (unsigned char*)ldns_buffer_begin(sig);
size_t byte_offset;
@ -1726,22 +1755,28 @@ ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
return NULL;
}
dsasig_data[0] = 0;
byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r));
# ifdef HAVE_DSA_SIG_GET0
DSA_SIG_get0(dsasig, &R, &S);
# else
R = dsasig->r;
S = dsasig->s;
# endif
byte_offset = (size_t) (20 - BN_num_bytes(R));
if (byte_offset > 20) {
DSA_SIG_free(dsasig);
LDNS_FREE(dsasig_data);
return NULL;
}
memset(&dsasig_data[1], 0, byte_offset);
BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]);
byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s));
BN_bn2bin(R, &dsasig_data[1 + byte_offset]);
byte_offset = (size_t) (20 - BN_num_bytes(S));
if (byte_offset > 20) {
DSA_SIG_free(dsasig);
LDNS_FREE(dsasig_data);
return NULL;
}
memset(&dsasig_data[21], 0, byte_offset);
BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]);
BN_bn2bin(S, &dsasig_data[21 + byte_offset]);
sigdata_rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, 41, dsasig_data);
if(!sigdata_rdf) {
@ -1750,12 +1785,17 @@ ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
DSA_SIG_free(dsasig);
return sigdata_rdf;
#else
(void)sig; (void)sig_len;
return NULL;
#endif
}
ldns_status
ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf)
{
#ifdef USE_DSA
/* the EVP api wants the DER encoding of the signature... */
BIGNUM *R, *S;
DSA_SIG *dsasig;
@ -1783,9 +1823,13 @@ ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
BN_free(S);
return LDNS_STATUS_MEM_ERR;
}
# ifdef HAVE_DSA_SIG_SET0
if (! DSA_SIG_set0(dsasig, R, S))
return LDNS_STATUS_SSL_ERR;
# else
dsasig->r = R;
dsasig->s = S;
# endif
raw_sig_len = i2d_DSA_SIG(dsasig, &raw_sig);
if (raw_sig_len < 0) {
@ -1801,30 +1845,48 @@ ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
free(raw_sig);
return ldns_buffer_status(target_buffer);
#else
(void)target_buffer; (void)sig_rdf;
return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL;
#endif
}
#ifdef USE_ECDSA
#ifndef S_SPLINT_S
ldns_rdf *
ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
ldns_convert_ecdsa_rrsig_asn1len2rdf(const ldns_buffer *sig,
const long sig_len, int num_bytes)
{
ECDSA_SIG* ecdsa_sig;
const BIGNUM *r, *s;
unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
ldns_rdf* rdf;
ecdsa_sig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&data, sig_len);
if(!ecdsa_sig) return NULL;
#ifdef HAVE_ECDSA_SIG_GET0
ECDSA_SIG_get0(ecdsa_sig, &r, &s);
#else
r = ecdsa_sig->r;
s = ecdsa_sig->s;
#endif
/* "r | s". */
data = LDNS_XMALLOC(unsigned char,
BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s));
if(BN_num_bytes(r) > num_bytes ||
BN_num_bytes(s) > num_bytes) {
ECDSA_SIG_free(ecdsa_sig);
return NULL; /* numbers too big for passed curve size */
}
data = LDNS_XMALLOC(unsigned char, num_bytes*2);
if(!data) {
ECDSA_SIG_free(ecdsa_sig);
return NULL;
}
BN_bn2bin(ecdsa_sig->r, data);
BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r));
rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)(
BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)), data);
/* write the bignums (in big-endian) a little offset if the BN code
* wants to write a shorter number of bytes, with zeroes prefixed */
memset(data, 0, num_bytes*2);
BN_bn2bin(r, data+num_bytes-BN_num_bytes(r));
BN_bn2bin(s, data+num_bytes*2-BN_num_bytes(s));
rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)(num_bytes*2), data);
ECDSA_SIG_free(ecdsa_sig);
return rdf;
}
@ -1833,37 +1895,116 @@ ldns_status
ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf)
{
ECDSA_SIG* sig;
int raw_sig_len;
/* convert from two BIGNUMs in the rdata buffer, to ASN notation.
* ASN preable: 30440220 <R 32bytefor256> 0220 <S 32bytefor256>
* the '20' is the length of that field (=bnsize).
* the '44' is the total remaining length.
* if negative, start with leading zero.
* if starts with 00s, remove them from the number.
*/
uint8_t pre[] = {0x30, 0x44, 0x02, 0x20};
int pre_len = 4;
uint8_t mid[] = {0x02, 0x20};
int mid_len = 2;
int raw_sig_len, r_high, s_high, r_rem=0, s_rem=0;
long bnsize = (long)ldns_rdf_size(sig_rdf) / 2;
uint8_t* d = ldns_rdf_data(sig_rdf);
/* if too short, or not even length, do not bother */
if(bnsize < 16 || (size_t)bnsize*2 != ldns_rdf_size(sig_rdf))
return LDNS_STATUS_ERR;
/* use the raw data to parse two evenly long BIGNUMs, "r | s". */
sig = ECDSA_SIG_new();
if(!sig) return LDNS_STATUS_MEM_ERR;
sig->r = BN_bin2bn((const unsigned char*)ldns_rdf_data(sig_rdf),
bnsize, sig->r);
sig->s = BN_bin2bn((const unsigned char*)ldns_rdf_data(sig_rdf)+bnsize,
bnsize, sig->s);
if(!sig->r || !sig->s) {
ECDSA_SIG_free(sig);
return LDNS_STATUS_MEM_ERR;
/* strip leading zeroes from r (but not last one) */
while(r_rem < bnsize-1 && d[r_rem] == 0)
r_rem++;
/* strip leading zeroes from s (but not last one) */
while(s_rem < bnsize-1 && d[bnsize+s_rem] == 0)
s_rem++;
r_high = ((d[0+r_rem]&0x80)?1:0);
s_high = ((d[bnsize+s_rem]&0x80)?1:0);
raw_sig_len = pre_len + r_high + bnsize - r_rem + mid_len +
s_high + bnsize - s_rem;
if(ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) {
ldns_buffer_write_u8(target_buffer, pre[0]);
ldns_buffer_write_u8(target_buffer, raw_sig_len-2);
ldns_buffer_write_u8(target_buffer, pre[2]);
ldns_buffer_write_u8(target_buffer, bnsize + r_high - r_rem);
if(r_high)
ldns_buffer_write_u8(target_buffer, 0);
ldns_buffer_write(target_buffer, d+r_rem, bnsize-r_rem);
ldns_buffer_write(target_buffer, mid, mid_len-1);
ldns_buffer_write_u8(target_buffer, bnsize + s_high - s_rem);
if(s_high)
ldns_buffer_write_u8(target_buffer, 0);
ldns_buffer_write(target_buffer, d+bnsize+s_rem, bnsize-s_rem);
}
raw_sig_len = i2d_ECDSA_SIG(sig, NULL);
if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) {
unsigned char* pp = (unsigned char*)
ldns_buffer_current(target_buffer);
raw_sig_len = i2d_ECDSA_SIG(sig, &pp);
ldns_buffer_skip(target_buffer, (ssize_t) raw_sig_len);
}
ECDSA_SIG_free(sig);
return ldns_buffer_status(target_buffer);
return ldns_buffer_status(target_buffer);
}
#endif /* S_SPLINT_S */
#endif /* USE_ECDSA */
#if defined(USE_ED25519) || defined(USE_ED448)
/* debug printout routine */
static void print_hex(const char* str, uint8_t* d, int len)
{
const char hex[] = "0123456789abcdef";
int i;
printf("%s [len=%d]: ", str, len);
for(i=0; i<len; i++) {
int x = (d[i]&0xf0)>>4;
int y = (d[i]&0x0f);
printf("%c%c", hex[x], hex[y]);
}
printf("\n");
}
#endif
#ifdef USE_ED25519
ldns_rdf *
ldns_convert_ed25519_rrsig_asn12rdf(const ldns_buffer *sig, long sig_len)
{
unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
ldns_rdf* rdf = NULL;
/* TODO when Openssl supports signing and you can test this */
print_hex("sig in ASN", data, sig_len);
return rdf;
}
ldns_status
ldns_convert_ed25519_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf)
{
/* TODO when Openssl supports signing and you can test this. */
/* convert sig_buf into ASN1 into the target_buffer */
print_hex("sig raw", ldns_rdf_data(sig_rdf), ldns_rdf_size(sig_rdf));
return ldns_buffer_status(target_buffer);
}
#endif /* USE_ED25519 */
#ifdef USE_ED448
ldns_rdf *
ldns_convert_ed448_rrsig_asn12rdf(const ldns_buffer *sig, long sig_len)
{
unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
ldns_rdf* rdf = NULL;
/* TODO when Openssl supports signing and you can test this */
print_hex("sig in ASN", data, sig_len);
return rdf;
}
ldns_status
ldns_convert_ed448_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf)
{
/* TODO when Openssl supports signing and you can test this. */
/* convert sig_buf into ASN1 into the target_buffer */
print_hex("sig raw", ldns_rdf_data(sig_rdf), ldns_rdf_size(sig_rdf));
return ldns_buffer_status(target_buffer);
}
#endif /* USE_ED448 */
#endif /* HAVE_SSL */

281
contrib/ldns/dnssec_sign.c
View File

@ -20,8 +20,8 @@
#endif /* HAVE_SSL */
ldns_rr *
ldns_create_empty_rrsig(ldns_rr_list *rrset,
ldns_key *current_key)
ldns_create_empty_rrsig(const ldns_rr_list *rrset,
const ldns_key *current_key)
{
uint32_t orig_ttl;
ldns_rr_class orig_class;
@ -122,13 +122,20 @@ ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
ldns_rdf *b64rdf = NULL;
switch(ldns_key_algorithm(current_key)) {
#ifdef USE_DSA
case LDNS_SIGN_DSA:
case LDNS_SIGN_DSA_NSEC3:
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
EVP_dss1());
# ifdef HAVE_EVP_DSS1
EVP_dss1()
# else
EVP_sha1()
# endif
);
break;
#endif /* USE_DSA */
case LDNS_SIGN_RSASHA1:
case LDNS_SIGN_RSASHA1_NSEC3:
b64rdf = ldns_sign_public_evp(
@ -171,6 +178,22 @@ ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
ldns_key_evp_key(current_key),
EVP_sha384());
break;
#endif
#ifdef USE_ED25519
case LDNS_SIGN_ED25519:
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
EVP_sha512());
break;
#endif
#ifdef USE_ED448
case LDNS_SIGN_ED448:
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
EVP_sha512());
break;
#endif
case LDNS_SIGN_RSAMD5:
b64rdf = ldns_sign_public_evp(
@ -308,11 +331,13 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
ldns_rdf *
ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
{
#ifdef USE_DSA
unsigned char *sha1_hash;
ldns_rdf *sigdata_rdf;
ldns_buffer *b64sig;
DSA_SIG *sig;
const BIGNUM *R, *S;
uint8_t *data;
size_t pad;
@ -342,17 +367,23 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
}
data[0] = 1;
pad = 20 - (size_t) BN_num_bytes(sig->r);
# ifdef HAVE_DSA_SIG_GET0
DSA_SIG_get0(sig, &R, &S);
# else
R = sig->r;
S = sig->s;
# endif
pad = 20 - (size_t) BN_num_bytes(R);
if (pad > 0) {
memset(data + 1, 0, pad);
}
BN_bn2bin(sig->r, (unsigned char *) (data + 1) + pad);
BN_bn2bin(R, (unsigned char *) (data + 1) + pad);
pad = 20 - (size_t) BN_num_bytes(sig->s);
pad = 20 - (size_t) BN_num_bytes(S);
if (pad > 0) {
memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad);
}
BN_bn2bin(sig->s, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad));
BN_bn2bin(S, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad));
sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64,
1 + 2 * SHA_DIGEST_LENGTH,
@ -363,28 +394,40 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
DSA_SIG_free(sig);
return sigdata_rdf;
#else
(void)to_sign; (void)key;
return NULL;
#endif
}
#ifdef USE_ECDSA
#ifndef S_SPLINT_S
/** returns the number of bytes per signature-component (i.e. bits/8), or 0. */
static int
ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
{
EC_KEY* ec;
const EC_GROUP* g;
if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC)
#ifdef HAVE_EVP_PKEY_BASE_ID
if(EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
return 0;
#else
if(EVP_PKEY_type(key->type) != EVP_PKEY_EC)
return 0;
#endif
ec = EVP_PKEY_get1_EC_KEY(pkey);
g = EC_KEY_get0_group(ec);
if(!g) {
EC_KEY_free(ec);
return 0;
}
if(EC_GROUP_get_curve_name(g) == NID_secp224r1 ||
EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 ||
EC_GROUP_get_curve_name(g) == NID_secp384r1) {
if(EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1) {
EC_KEY_free(ec);
return 1;
return 32; /* 256/8 */
}
if(EC_GROUP_get_curve_name(g) == NID_secp384r1) {
EC_KEY_free(ec);
return 48; /* 384/8 */
}
/* downref the eckey, the original is still inside the pkey */
EC_KEY_free(ec);
@ -399,9 +442,9 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
const EVP_MD *digest_type)
{
unsigned int siglen;
ldns_rdf *sigdata_rdf;
ldns_rdf *sigdata_rdf = NULL;
ldns_buffer *b64sig;
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx;
const EVP_MD *md_type;
int r;
@ -419,45 +462,94 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
return NULL;
}
EVP_MD_CTX_init(&ctx);
r = EVP_SignInit(&ctx, md_type);
if(r == 1) {
r = EVP_SignUpdate(&ctx, (unsigned char*)
ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign));
} else {
ldns_buffer_free(b64sig);
return NULL;
}
if(r == 1) {
r = EVP_SignFinal(&ctx, (unsigned char*)
ldns_buffer_begin(b64sig), &siglen, key);
} else {
ldns_buffer_free(b64sig);
return NULL;
}
if(r != 1) {
#ifdef HAVE_EVP_MD_CTX_NEW
ctx = EVP_MD_CTX_new();
#else
ctx = (EVP_MD_CTX*)malloc(sizeof(*ctx));
if(ctx) EVP_MD_CTX_init(ctx);
#endif
if(!ctx) {
ldns_buffer_free(b64sig);
return NULL;
}
/* unfortunately, OpenSSL output is differenct from DNS DSA format */
#ifndef S_SPLINT_S
if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen);
#ifdef USE_ECDSA
} else if(EVP_PKEY_type(key->type) == EVP_PKEY_EC &&
ldns_pkey_is_ecdsa(key)) {
sigdata_rdf = ldns_convert_ecdsa_rrsig_asn12rdf(b64sig, siglen);
#endif
r = EVP_SignInit(ctx, md_type);
if(r == 1) {
r = EVP_SignUpdate(ctx, (unsigned char*)
ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign));
} else {
ldns_buffer_free(b64sig);
EVP_MD_CTX_destroy(ctx);
return NULL;
}
if(r == 1) {
r = EVP_SignFinal(ctx, (unsigned char*)
ldns_buffer_begin(b64sig), &siglen, key);
} else {
ldns_buffer_free(b64sig);
EVP_MD_CTX_destroy(ctx);
return NULL;
}
if(r != 1) {
ldns_buffer_free(b64sig);
EVP_MD_CTX_destroy(ctx);
return NULL;
}
/* OpenSSL output is different, convert it */
r = 0;
#ifdef USE_DSA
#ifndef S_SPLINT_S
/* unfortunately, OpenSSL output is different from DNS DSA format */
# ifdef HAVE_EVP_PKEY_BASE_ID
if (EVP_PKEY_base_id(key) == EVP_PKEY_DSA) {
# else
if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
# endif
r = 1;
sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen);
}
#endif
#endif
#if defined(USE_ECDSA) || defined(USE_ED25519) || defined(USE_ED448)
if(
# ifdef HAVE_EVP_PKEY_BASE_ID
EVP_PKEY_base_id(key)
# else
EVP_PKEY_type(key->type)
# endif
== EVP_PKEY_EC) {
# ifdef USE_ECDSA
if(ldns_pkey_is_ecdsa(key)) {
r = 1;
sigdata_rdf = ldns_convert_ecdsa_rrsig_asn1len2rdf(
b64sig, (long)siglen, ldns_pkey_is_ecdsa(key));
}
# endif /* USE_ECDSA */
# ifdef USE_ED25519
if(EVP_PKEY_id(key) == NID_X25519) {
r = 1;
sigdata_rdf = ldns_convert_ed25519_rrsig_asn12rdf(
b64sig, siglen);
}
# endif /* USE_ED25519 */
# ifdef USE_ED448
if(EVP_PKEY_id(key) == NID_X448) {
r = 1;
sigdata_rdf = ldns_convert_ed448_rrsig_asn12rdf(
b64sig, siglen);
}
# endif /* USE_ED448 */
}
#endif /* PKEY_EC */
if(r == 0) {
/* ok output for other types is the same */
sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen,
ldns_buffer_begin(b64sig));
}
#endif /* splint */
ldns_buffer_free(b64sig);
EVP_MD_CTX_cleanup(&ctx);
EVP_MD_CTX_destroy(ctx);
return sigdata_rdf;
}
@ -816,6 +908,10 @@ ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone,
nsec_ttl = LDNS_DEFAULT_TTL;
}
if (ldns_rdf_size(zone->soa->name) > 222) {
return LDNS_STATUS_NSEC3_DOMAINNAME_OVERFLOW;
}
if (zone->hashed_names) {
ldns_traverse_postorder(zone->hashed_names,
ldns_hashed_names_node_free, NULL);
@ -1019,39 +1115,86 @@ ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
/** If there are KSKs use only them and mark ZSKs unused */
static void
ldns_key_list_filter_for_dnskey(ldns_key_list *key_list)
ldns_key_list_filter_for_dnskey(ldns_key_list *key_list, int flags)
{
int saw_ksk = 0;
bool algos[256]
#ifndef S_SPLINT_S
= { false }
#endif
;
ldns_signing_algorithm saw_ksk = 0;
ldns_key *key;
size_t i;
for(i=0; i<ldns_key_list_key_count(key_list); i++)
if((ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY)) {
saw_ksk = 1;
break;
}
if(!saw_ksk)
if (!ldns_key_list_key_count(key_list))
return;
for(i=0; i<ldns_key_list_key_count(key_list); i++)
if(!(ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY))
ldns_key_set_use(ldns_key_list_key(key_list, i), 0);
for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if ((ldns_key_flags(key) & LDNS_KEY_SEP_KEY) && !saw_ksk)
saw_ksk = ldns_key_algorithm(key);
algos[ldns_key_algorithm(key)] = true;
}
if (!saw_ksk)
return;
else
algos[saw_ksk] = 0;
for (i =0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if (!(ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) {
/* We have a ZSK.
* Still use it if it has a unique algorithm though!
*/
if ((flags & LDNS_SIGN_WITH_ALL_ALGORITHMS) &&
algos[ldns_key_algorithm(key)])
algos[ldns_key_algorithm(key)] = false;
else
ldns_key_set_use(key, 0);
}
}
}
/** If there are no ZSKs use KSK as ZSK */
static void
ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list)
ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list, int flags)
{
int saw_zsk = 0;
bool algos[256]
#ifndef S_SPLINT_S
= { false }
#endif
;
ldns_signing_algorithm saw_zsk = 0;
ldns_key *key;
size_t i;
for(i=0; i<ldns_key_list_key_count(key_list); i++)
if(!(ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY)) {
saw_zsk = 1;
break;
}
if(!saw_zsk)
if (!ldns_key_list_key_count(key_list))
return;
/* else filter all KSKs */
for(i=0; i<ldns_key_list_key_count(key_list); i++)
if((ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY))
ldns_key_set_use(ldns_key_list_key(key_list, i), 0);
for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if (!(ldns_key_flags(key) & LDNS_KEY_SEP_KEY) && !saw_zsk)
saw_zsk = ldns_key_algorithm(key);
algos[ldns_key_algorithm(key)] = true;
}
if (!saw_zsk)
return;
else
algos[saw_zsk] = 0;
for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if((ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) {
/* We have a KSK.
* Still use it if it has a unique algorithm though!
*/
if ((flags & LDNS_SIGN_WITH_ALL_ALGORITHMS) &&
algos[ldns_key_algorithm(key)])
algos[ldns_key_algorithm(key)] = false;
else
ldns_key_set_use(key, 0);
}
}
}
ldns_status
@ -1110,10 +1253,10 @@ ldns_dnssec_zone_create_rrsigs_flg( ldns_dnssec_zone *zone
arg);
if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK) &&
cur_rrset->type == LDNS_RR_TYPE_DNSKEY)
ldns_key_list_filter_for_dnskey(key_list);
ldns_key_list_filter_for_dnskey(key_list, flags);
if(cur_rrset->type != LDNS_RR_TYPE_DNSKEY)
ldns_key_list_filter_for_non_dnskey(key_list);
ldns_key_list_filter_for_non_dnskey(key_list, flags);
/* TODO: just set count to zero? */
rr_list = ldns_rr_list_new();
@ -1166,7 +1309,7 @@ ldns_dnssec_zone_create_rrsigs_flg( ldns_dnssec_zone *zone
key_list,
func,
arg);
ldns_key_list_filter_for_non_dnskey(key_list);
ldns_key_list_filter_for_non_dnskey(key_list, flags);
rr_list = ldns_rr_list_new();
ldns_rr_list_push_rr(rr_list, cur_name->nsec);

202
contrib/ldns/dnssec_verify.c
View File

@ -1088,8 +1088,8 @@ ldns_dnssec_trust_tree_contains_keys(ldns_dnssec_trust_tree *tree,
ldns_status
ldns_verify_time(
ldns_rr_list *rrset,
ldns_rr_list *rrsig,
const ldns_rr_list *rrset,
const ldns_rr_list *rrsig,
const ldns_rr_list *keys,
time_t check_time,
ldns_rr_list *good_keys
@ -1809,7 +1809,7 @@ ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
#ifdef USE_GOST
EVP_PKEY*
ldns_gost2pkey_raw(unsigned char* key, size_t keylen)
ldns_gost2pkey_raw(const unsigned char* key, size_t keylen)
{
/* prefix header for X509 encoding */
uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85,
@ -1832,8 +1832,8 @@ ldns_gost2pkey_raw(unsigned char* key, size_t keylen)
}
static ldns_status
ldns_verify_rrsig_gost_raw(unsigned char* sig, size_t siglen,
ldns_buffer* rrset, unsigned char* key, size_t keylen)
ldns_verify_rrsig_gost_raw(const unsigned char* sig, size_t siglen,
const ldns_buffer* rrset, const unsigned char* key, size_t keylen)
{
EVP_PKEY *evp_key;
ldns_status result;
@ -1854,9 +1854,103 @@ ldns_verify_rrsig_gost_raw(unsigned char* sig, size_t siglen,
}
#endif
#ifdef USE_ED25519
EVP_PKEY*
ldns_ed255192pkey_raw(const unsigned char* key, size_t keylen)
{
const unsigned char* pp = key; /* pp gets modified by o2i() */
EVP_PKEY *evp_key;
EC_KEY *ec;
if(keylen != 32)
return NULL; /* wrong length */
ec = EC_KEY_new_by_curve_name(NID_X25519);
if(!ec) return NULL;
if(!o2i_ECPublicKey(&ec, &pp, (int)keylen)) {
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
return evp_key;
}
static ldns_status
ldns_verify_rrsig_ed25519_raw(unsigned char* sig, size_t siglen,
ldns_buffer* rrset, unsigned char* key, size_t keylen)
{
EVP_PKEY *evp_key;
ldns_status result;
evp_key = ldns_ed255192pkey_raw(key, keylen);
if(!evp_key) {
/* could not convert key */
return LDNS_STATUS_CRYPTO_BOGUS;
}
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key,
EVP_sha512());
EVP_PKEY_free(evp_key);
return result;
}
#endif /* USE_ED25519 */
#ifdef USE_ED448
EVP_PKEY*
ldns_ed4482pkey_raw(const unsigned char* key, size_t keylen)
{
const unsigned char* pp = key; /* pp gets modified by o2i() */
EVP_PKEY *evp_key;
EC_KEY *ec;
if(keylen != 57)
return NULL; /* wrong length */
ec = EC_KEY_new_by_curve_name(NID_X448);
if(!ec) return NULL;
if(!o2i_ECPublicKey(&ec, &pp, (int)keylen)) {
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
return evp_key;
}
static ldns_status
ldns_verify_rrsig_ed448_raw(unsigned char* sig, size_t siglen,
ldns_buffer* rrset, unsigned char* key, size_t keylen)
{
EVP_PKEY *evp_key;
ldns_status result;
evp_key = ldns_ed4482pkey_raw(key, keylen);
if(!evp_key) {
/* could not convert key */
return LDNS_STATUS_CRYPTO_BOGUS;
}
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key,
EVP_sha512());
EVP_PKEY_free(evp_key);
return result;
}
#endif /* USE_ED448 */
#ifdef USE_ECDSA
EVP_PKEY*
ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
ldns_ecdsa2pkey_raw(const unsigned char* key, size_t keylen, uint8_t algo)
{
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
const unsigned char* pp = buf;
@ -1935,6 +2029,7 @@ ldns_verify_rrsig_buffers_raw(unsigned char* sig, size_t siglen,
{
/* check for right key */
switch(algo) {
#ifdef USE_DSA
case LDNS_DSA:
case LDNS_DSA_NSEC3:
return ldns_verify_rrsig_dsa_raw(sig,
@ -1943,6 +2038,7 @@ ldns_verify_rrsig_buffers_raw(unsigned char* sig, size_t siglen,
key,
keylen);
break;
#endif
case LDNS_RSASHA1:
case LDNS_RSASHA1_NSEC3:
return ldns_verify_rrsig_rsasha1_raw(sig,
@ -1979,6 +2075,18 @@ ldns_verify_rrsig_buffers_raw(unsigned char* sig, size_t siglen,
return ldns_verify_rrsig_ecdsa_raw(sig, siglen, verify_buf,
key, keylen, algo);
break;
#endif
#ifdef USE_ED25519
case LDNS_ED25519:
return ldns_verify_rrsig_ed25519_raw(sig, siglen, verify_buf,
key, keylen);
break;
#endif
#ifdef USE_ED448
case LDNS_ED448:
return ldns_verify_rrsig_ed448_raw(sig, siglen, verify_buf,
key, keylen);
break;
#endif
case LDNS_RSAMD5:
return ldns_verify_rrsig_rsamd5_raw(sig,
@ -2002,7 +2110,7 @@ ldns_verify_rrsig_buffers_raw(unsigned char* sig, size_t siglen,
* @param sig: signature to take TTL and wildcard values from
*/
static void
ldns_rrset_use_signature_ttl(ldns_rr_list* rrset_clone, ldns_rr* rrsig)
ldns_rrset_use_signature_ttl(ldns_rr_list* rrset_clone, const ldns_rr* rrsig)
{
uint32_t orig_ttl;
uint16_t i;
@ -2051,7 +2159,7 @@ ldns_rrset_use_signature_ttl(ldns_rr_list* rrset_clone, ldns_rr* rrsig)
* @return OK or more specific error.
*/
static ldns_status
ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, ldns_rr* rrsig)
ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, const ldns_rr* rrsig)
{
uint8_t sig_algo;
@ -2088,6 +2196,7 @@ ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, ldns_rr* rrsig)
return LDNS_STATUS_MEM_ERR;
}
break;
#ifdef USE_DSA
case LDNS_DSA:
case LDNS_DSA_NSEC3:
/* EVP takes rfc2459 format, which is a tad longer than dns format */
@ -2104,6 +2213,7 @@ ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, ldns_rr* rrsig)
return LDNS_STATUS_MEM_ERR;
}
break;
#endif
#ifdef USE_ECDSA
case LDNS_ECDSAP256SHA256:
case LDNS_ECDSAP384SHA384:
@ -2118,6 +2228,32 @@ ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, ldns_rr* rrsig)
return LDNS_STATUS_MEM_ERR;
}
break;
#endif
#ifdef USE_ED25519
case LDNS_ED25519:
/* EVP produces an ASN prefix on the signature, which is
* not used in the DNS */
if (ldns_rr_rdf(rrsig, 8) == NULL) {
return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
}
if (ldns_convert_ed25519_rrsig_rdf2asn1(
rawsig_buf, ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) {
return LDNS_STATUS_MEM_ERR;
}
break;
#endif
#ifdef USE_ED448
case LDNS_ED448:
/* EVP produces an ASN prefix on the signature, which is
* not used in the DNS */
if (ldns_rr_rdf(rrsig, 8) == NULL) {
return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
}
if (ldns_convert_ed448_rrsig_rdf2asn1(
rawsig_buf, ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) {
return LDNS_STATUS_MEM_ERR;
}
break;
#endif
case LDNS_DH:
case LDNS_ECC:
@ -2136,7 +2272,7 @@ ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, ldns_rr* rrsig)
* @return status code LDNS_STATUS_OK if all is fine.
*/
static ldns_status
ldns_rrsig_check_timestamps(ldns_rr* rrsig, time_t now)
ldns_rrsig_check_timestamps(const ldns_rr* rrsig, time_t now)
{
int32_t inception, expiration;
@ -2171,7 +2307,7 @@ ldns_rrsig_check_timestamps(ldns_rr* rrsig, time_t now)
*/
static ldns_status
ldns_prepare_for_verify(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf,
ldns_rr_list* rrset_clone, ldns_rr* rrsig)
ldns_rr_list* rrset_clone, const ldns_rr* rrsig)
{
ldns_status result;
@ -2218,7 +2354,7 @@ ldns_prepare_for_verify(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf,
*/
static ldns_status
ldns_verify_test_sig_key(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf,
ldns_rr* rrsig, ldns_rr* key)
const ldns_rr* rrsig, ldns_rr* key)
{
uint8_t sig_algo;
@ -2285,8 +2421,8 @@ ldns_verify_test_sig_key(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf,
*/
ldns_status
ldns_verify_rrsig_keylist_time(
ldns_rr_list *rrset,
ldns_rr *rrsig,
const ldns_rr_list *rrset,
const ldns_rr *rrsig,
const ldns_rr_list *keys,
time_t check_time,
ldns_rr_list *good_keys)
@ -2334,8 +2470,8 @@ ldns_verify_rrsig_keylist(ldns_rr_list *rrset,
}
ldns_status
ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset,
ldns_rr *rrsig,
ldns_verify_rrsig_keylist_notime(const ldns_rr_list *rrset,
const ldns_rr *rrsig,
const ldns_rr_list *keys,
ldns_rr_list *good_keys)
{
@ -2482,21 +2618,28 @@ ldns_verify_rrsig_evp(ldns_buffer *sig,
}
ldns_status
ldns_verify_rrsig_evp_raw(unsigned char *sig, size_t siglen,
ldns_buffer *rrset, EVP_PKEY *key, const EVP_MD *digest_type)
ldns_verify_rrsig_evp_raw(const unsigned char *sig, size_t siglen,
const ldns_buffer *rrset, EVP_PKEY *key, const EVP_MD *digest_type)
{
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx;
int res;
EVP_MD_CTX_init(&ctx);
#ifdef HAVE_EVP_MD_CTX_NEW
ctx = EVP_MD_CTX_new();
#else
ctx = (EVP_MD_CTX*)malloc(sizeof(*ctx));
if(ctx) EVP_MD_CTX_init(ctx);
#endif
if(!ctx)
return LDNS_STATUS_MEM_ERR;
EVP_VerifyInit(&ctx, digest_type);
EVP_VerifyUpdate(&ctx,
EVP_VerifyInit(ctx, digest_type);
EVP_VerifyUpdate(ctx,
ldns_buffer_begin(rrset),
ldns_buffer_position(rrset));
res = EVP_VerifyFinal(&ctx, sig, (unsigned int) siglen, key);
res = EVP_VerifyFinal(ctx, sig, (unsigned int) siglen, key);
EVP_MD_CTX_cleanup(&ctx);
EVP_MD_CTX_destroy(ctx);
if (res == 1) {
return LDNS_STATUS_OK;
@ -2545,6 +2688,7 @@ ldns_status
ldns_verify_rrsig_dsa_raw(unsigned char* sig, size_t siglen,
ldns_buffer* rrset, unsigned char* key, size_t keylen)
{
#ifdef USE_DSA
EVP_PKEY *evp_key;
ldns_status result;
@ -2554,13 +2698,21 @@ ldns_verify_rrsig_dsa_raw(unsigned char* sig, size_t siglen,
siglen,
rrset,
evp_key,
EVP_dss1());
# ifdef HAVE_EVP_DSS1
EVP_dss1()
# else
EVP_sha1()
# endif
);
} else {
result = LDNS_STATUS_SSL_ERR;
}
EVP_PKEY_free(evp_key);
return result;
#else
(void)sig; (void)siglen; (void)rrset; (void)key; (void)keylen;
return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL;
#endif
}
ldns_status

185
contrib/ldns/dnssec_zone.c
View File

@ -78,7 +78,7 @@ ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr)
void
ldns_dnssec_rrs_print_fmt(FILE *out, const ldns_output_format *fmt,
ldns_dnssec_rrs *rrs)
const ldns_dnssec_rrs *rrs)
{
if (!rrs) {
if ((fmt->flags & LDNS_COMMENT_LAYOUT))
@ -94,7 +94,7 @@ ldns_dnssec_rrs_print_fmt(FILE *out, const ldns_output_format *fmt,
}
void
ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs)
ldns_dnssec_rrs_print(FILE *out, const ldns_dnssec_rrs *rrs)
{
ldns_dnssec_rrs_print_fmt(out, ldns_output_format_default, rrs);
}
@ -143,7 +143,7 @@ ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets)
}
ldns_rr_type
ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets)
ldns_dnssec_rrsets_type(const ldns_dnssec_rrsets *rrsets)
{
if (rrsets) {
return rrsets->type;
@ -271,7 +271,7 @@ ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr)
static void
ldns_dnssec_rrsets_print_soa_fmt(FILE *out, const ldns_output_format *fmt,
ldns_dnssec_rrsets *rrsets,
const ldns_dnssec_rrsets *rrsets,
bool follow,
bool show_soa)
{
@ -300,14 +300,14 @@ ldns_dnssec_rrsets_print_soa_fmt(FILE *out, const ldns_output_format *fmt,
void
ldns_dnssec_rrsets_print_fmt(FILE *out, const ldns_output_format *fmt,
ldns_dnssec_rrsets *rrsets,
const ldns_dnssec_rrsets *rrsets,
bool follow)
{
ldns_dnssec_rrsets_print_soa_fmt(out, fmt, rrsets, follow, true);
}
void
ldns_dnssec_rrsets_print(FILE *out, ldns_dnssec_rrsets *rrsets, bool follow)
ldns_dnssec_rrsets_print(FILE *out, const ldns_dnssec_rrsets *rrsets, bool follow)
{
ldns_dnssec_rrsets_print_fmt(out, ldns_output_format_default,
rrsets, follow);
@ -391,7 +391,7 @@ ldns_dnssec_name_deep_free(ldns_dnssec_name *name)
}
ldns_rdf *
ldns_dnssec_name_name(ldns_dnssec_name *name)
ldns_dnssec_name_name(const ldns_dnssec_name *name)
{
if (name) {
return name->name;
@ -400,7 +400,7 @@ ldns_dnssec_name_name(ldns_dnssec_name *name)
}
bool
ldns_dnssec_name_is_glue(ldns_dnssec_name *name)
ldns_dnssec_name_is_glue(const ldns_dnssec_name *name)
{
if (name) {
return name->is_glue;
@ -489,7 +489,7 @@ ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
}
ldns_dnssec_rrsets *
ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
ldns_dnssec_name_find_rrset(const ldns_dnssec_name *name,
ldns_rr_type type) {
ldns_dnssec_rrsets *result;
@ -505,13 +505,13 @@ ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
}
ldns_dnssec_rrsets *
ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
ldns_rdf *dname,
ldns_dnssec_zone_find_rrset(const ldns_dnssec_zone *zone,
const ldns_rdf *dname,
ldns_rr_type type)
{
ldns_rbnode_t *node;
if (!zone || !dname) {
if (!zone || !dname || !zone->names) {
return NULL;
}
@ -526,7 +526,7 @@ ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
static void
ldns_dnssec_name_print_soa_fmt(FILE *out, const ldns_output_format *fmt,
ldns_dnssec_name *name,
const ldns_dnssec_name *name,
bool show_soa)
{
if (name) {
@ -553,13 +553,13 @@ ldns_dnssec_name_print_soa_fmt(FILE *out, const ldns_output_format *fmt,
void
ldns_dnssec_name_print_fmt(FILE *out, const ldns_output_format *fmt,
ldns_dnssec_name *name)
const ldns_dnssec_name *name)
{
ldns_dnssec_name_print_soa_fmt(out, fmt, name, true);
}
void
ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name)
ldns_dnssec_name_print(FILE *out, const ldns_dnssec_name *name)
{
ldns_dnssec_name_print_fmt(out, ldns_output_format_default, name);
}
@ -593,8 +593,19 @@ rr_is_rrsig_covering(ldns_rr* rr, ldns_rr_type t)
*/
#define FASTER_DNSSEC_ZONE_NEW_FRM_FP 1 /* Because of L2 cache efficiency */
static ldns_status
ldns_dnssec_zone_add_empty_nonterminals_nsec3(
ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s);
static void
ldns_todo_nsec3_ents_node_free(ldns_rbnode_t *node, void *arg) {
(void) arg;
ldns_rdf_deep_free((ldns_rdf *)node->key);
LDNS_FREE(node);
}
ldns_status
ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin,
ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* origin,
uint32_t ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr)
{
ldns_rr* cur_rr;
@ -604,34 +615,58 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin,
ldns_rdf *my_prev = NULL;
ldns_dnssec_zone *newzone = ldns_dnssec_zone_new();
/* NSEC3s may occur before the names they refer to. We must remember
them and add them to the name later on, after the name is read.
We track not yet matching NSEC3s*n the todo_nsec3s list */
ldns_rr_list* todo_nsec3s = ldns_rr_list_new();
/* when reading NSEC3s, there is a chance that we encounter nsecs
for empty nonterminals, whose nonterminals we cannot derive yet
because the needed information is to be read later. in that case
we keep a list of those nsec3's and retry to add them later */
ldns_rr_list* todo_nsec3s = ldns_rr_list_new();
because the needed information is to be read later.
nsec3_ents (where ent is e.n.t.; i.e. empty non terminal) will
hold the NSEC3s that still didn't have a matching name in the
zone tree, even after all names were read. They can only match
after the zone is equiped with all the empty non terminals. */
ldns_rbtree_t todo_nsec3_ents;
ldns_rbnode_t *new_node;
ldns_rr_list* todo_nsec3_rrsigs = ldns_rr_list_new();
ldns_status status = LDNS_STATUS_MEM_ERR;
ldns_status status;
#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
ldns_zone* zone = NULL;
if (ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr)
!= LDNS_STATUS_OK) goto error;
#else
uint32_t my_ttl = ttl;
#endif
if (!newzone || !todo_nsec3s || !todo_nsec3_rrsigs ) goto error;
ldns_rbtree_init(&todo_nsec3_ents, ldns_dname_compare_v);
#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
status = ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr);
if (status != LDNS_STATUS_OK)
goto error;
#endif
if (!newzone || !todo_nsec3s || !todo_nsec3_rrsigs ) {
status = LDNS_STATUS_MEM_ERR;
goto error;
}
if (origin) {
if (!(my_origin = ldns_rdf_clone(origin))) goto error;
if (!(my_prev = ldns_rdf_clone(origin))) goto error;
if (!(my_origin = ldns_rdf_clone(origin))) {
status = LDNS_STATUS_MEM_ERR;
goto error;
}
if (!(my_prev = ldns_rdf_clone(origin))) {
status = LDNS_STATUS_MEM_ERR;
goto error;
}
}
#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
if (ldns_dnssec_zone_add_rr(newzone, ldns_zone_soa(zone))
!= LDNS_STATUS_OK) goto error;
if (ldns_zone_soa(zone)) {
status = ldns_dnssec_zone_add_rr(newzone, ldns_zone_soa(zone));
if (status != LDNS_STATUS_OK)
goto error;
}
for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) {
cur_rr = ldns_rr_list_rr(ldns_zone_rrs(zone), i);
status = LDNS_STATUS_OK;
@ -679,23 +714,33 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin,
}
}
if (ldns_rr_list_rr_count(todo_nsec3s) > 0) {
(void) ldns_dnssec_zone_add_empty_nonterminals(newzone);
for (i = 0; status == LDNS_STATUS_OK &&
i < ldns_rr_list_rr_count(todo_nsec3s); i++) {
cur_rr = ldns_rr_list_rr(todo_nsec3s, i);
status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
}
}
if (ldns_rr_list_rr_count(todo_nsec3_rrsigs) > 0) {
for (i = 0; status == LDNS_STATUS_OK &&
i < ldns_rr_list_rr_count(todo_nsec3_rrsigs);
i++){
cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i);
status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
for (i = 0; status == LDNS_STATUS_OK &&
i < ldns_rr_list_rr_count(todo_nsec3s); i++) {
cur_rr = ldns_rr_list_rr(todo_nsec3s, i);
status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
if (status == LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) {
if (!(new_node = LDNS_MALLOC(ldns_rbnode_t))) {
status = LDNS_STATUS_MEM_ERR;
break;
}
new_node->key = ldns_dname_label(ldns_rr_owner(cur_rr), 0);
new_node->data = cur_rr;
if (!ldns_rbtree_insert(&todo_nsec3_ents, new_node)) {
LDNS_FREE(new_node);
status = LDNS_STATUS_MEM_ERR;
break;
}
status = LDNS_STATUS_OK;
}
}
if (todo_nsec3_ents.count > 0)
(void) ldns_dnssec_zone_add_empty_nonterminals_nsec3(
newzone, &todo_nsec3_ents);
for (i = 0; status == LDNS_STATUS_OK &&
i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++) {
cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i);
status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
}
if (z) {
*z = newzone;
newzone = NULL;
@ -710,6 +755,8 @@ error:
}
#endif
ldns_rr_list_free(todo_nsec3_rrsigs);
ldns_traverse_postorder(&todo_nsec3_ents,
ldns_todo_nsec3_ents_node_free, NULL);
ldns_rr_list_free(todo_nsec3s);
if (my_origin) {
@ -725,7 +772,7 @@ error:
}
ldns_status
ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin,
ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* origin,
uint32_t ttl, ldns_rr_class ATTR_UNUSED(c))
{
return ldns_dnssec_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL);
@ -932,7 +979,7 @@ ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
void
ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt,
ldns_rbtree_t *tree,
const ldns_rbtree_t *tree,
bool print_soa)
{
ldns_rbnode_t *node;
@ -949,7 +996,7 @@ ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt,
}
void
ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa)
ldns_dnssec_zone_names_print(FILE *out, const ldns_rbtree_t *tree, bool print_soa)
{
ldns_dnssec_zone_names_print_fmt(out, ldns_output_format_default,
tree, print_soa);
@ -957,7 +1004,7 @@ ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa)
void
ldns_dnssec_zone_print_fmt(FILE *out, const ldns_output_format *fmt,
ldns_dnssec_zone *zone)
const ldns_dnssec_zone *zone)
{
if (zone) {
if (zone->soa) {
@ -984,13 +1031,14 @@ ldns_dnssec_zone_print_fmt(FILE *out, const ldns_output_format *fmt,
}
void
ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone)
ldns_dnssec_zone_print(FILE *out, const ldns_dnssec_zone *zone)
{
ldns_dnssec_zone_print_fmt(out, ldns_output_format_default, zone);
}
ldns_status
ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
static ldns_status
ldns_dnssec_zone_add_empty_nonterminals_nsec3(
ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s)
{
ldns_dnssec_name *new_name;
ldns_rdf *cur_name;
@ -1053,12 +1101,34 @@ ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
/* We have an empty nonterminal, add it to the
* tree
*/
ldns_rbnode_t *node = NULL;
ldns_rdf *ent_name;
if (!(ent_name = ldns_dname_clone_from(
next_name, i)))
return LDNS_STATUS_MEM_ERR;
if (nsec3s && zone->_nsec3params) {
ldns_rdf *ent_hashed_name;
if (!(ent_hashed_name =
ldns_nsec3_hash_name_frm_nsec3(
zone->_nsec3params,
ent_name)))
return LDNS_STATUS_MEM_ERR;
node = ldns_rbtree_search(nsec3s,
ent_hashed_name);
if (!node) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
continue;
}
}
new_name = ldns_dnssec_name_new();
if (!new_name) {
return LDNS_STATUS_MEM_ERR;
}
new_name->name = ldns_dname_clone_from(next_name,
i);
new_name->name = ent_name;
if (!new_name->name) {
ldns_dnssec_name_free(new_name);
return LDNS_STATUS_MEM_ERR;
@ -1074,6 +1144,9 @@ ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
(void)ldns_rbtree_insert(zone->names, new_node);
ldns_dnssec_name_make_hashed_name(
zone, new_name, NULL);
if (node)
(void) ldns_dnssec_zone_add_rr(zone,
(ldns_rr *)node->data);
}
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
@ -1091,8 +1164,14 @@ ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
return LDNS_STATUS_OK;
}
ldns_status
ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
{
return ldns_dnssec_zone_add_empty_nonterminals_nsec3(zone, NULL);
}
bool
ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone)
ldns_dnssec_zone_is_nsec3_optout(const ldns_dnssec_zone* zone)
{
ldns_rr* nsec3;
ldns_rbnode_t* node;

330
contrib/ldns/drill/chasetrace.c
View File

@ -11,51 +11,163 @@
#include "drill.h"
#include <ldns/ldns.h>
/* Cache all RRs from rr_list "rr_list" to "referrals" database for lookup
* later on. Print the NS RRs that were not already present.
*/
static void add_rr_list_to_referrals(
ldns_dnssec_zone *referrals, ldns_rr_list *rr_list)
{
size_t i;
ldns_rr *rr;
ldns_dnssec_rrsets *rrset;
ldns_dnssec_rrs *rrs;
for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
rr = ldns_rr_list_rr(rr_list, i);
/* Check if a RR equal to "rr" is present in "referrals" */
rrset = ldns_dnssec_zone_find_rrset(
referrals, ldns_rr_owner(rr), ldns_rr_get_type(rr));
if (rrset) {
for (rrs = rrset->rrs; rrs; rrs = rrs->next)
if (ldns_rr_compare(rr, rrs->rr) == 0)
break;
if (rrs) continue; /* "rr" is present, next! */
}
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NS && verbosity != -1)
ldns_rr_print(stdout, rr);
(void) ldns_dnssec_zone_add_rr(referrals, rr);
}
}
/* Cache all RRs from packet "p" to "referrals" database for lookup later on.
* Print the NS RRs that were not already present.
*/
static void add_referrals(ldns_dnssec_zone *referrals, ldns_pkt *p)
{
ldns_rr_list *l = ldns_pkt_all_noquestion(p);
if (l) {
add_rr_list_to_referrals(referrals, l);
ldns_rr_list_free(l);
}
}
/* Equip name-server "res" with the name-servers authoritative for as much
* of "name" as possible. Lookup addresses if needed.
*/
static bool set_nss_for_name(
ldns_resolver *res, ldns_dnssec_zone *referrals, ldns_rdf *name,
ldns_resolver *local_res, ldns_rr_class c)
{
ldns_dnssec_rrsets *nss = NULL;
ldns_dnssec_rrs *nss_rrs;
ldns_dnssec_rrsets *as = NULL;
ldns_dnssec_rrs *as_rrs;
ldns_rdf *lookup = ldns_rdf_clone(name);
ldns_rdf *new_lookup;
ldns_rdf *addr;
ldns_rr_list *addrs;
/* nss will become the rrset of as much of "name" as possible */
for (;;) {
nss = ldns_dnssec_zone_find_rrset(
referrals, lookup, LDNS_RR_TYPE_NS);
if (nss != NULL) {
ldns_rdf_deep_free(lookup);
break;
}
new_lookup = ldns_dname_left_chop(lookup);
ldns_rdf_deep_free(lookup);
lookup = new_lookup;
if (!lookup) {
error("No referrals for name found");
return false;
}
}
/* remove the old nameserver from the resolver */
while ((addr = ldns_resolver_pop_nameserver(res)))
ldns_rdf_deep_free(addr);
/* Find and add the address records for the rrset as name-servers */
for (nss_rrs = nss->rrs; nss_rrs; nss_rrs = nss_rrs->next) {
if ((as = ldns_dnssec_zone_find_rrset(
referrals, ldns_rr_rdf(nss_rrs->rr, 0), LDNS_RR_TYPE_A)))
for (as_rrs = as->rrs; as_rrs; as_rrs = as_rrs->next)
(void) ldns_resolver_push_nameserver(
res, ldns_rr_rdf(as_rrs->rr, 0));
if ((as = ldns_dnssec_zone_find_rrset(
referrals, ldns_rr_rdf(nss_rrs->rr, 0), LDNS_RR_TYPE_AAAA)))
for (as_rrs = as->rrs; as_rrs; as_rrs = as_rrs->next)
(void) ldns_resolver_push_nameserver(
res, ldns_rr_rdf(as_rrs->rr, 0));
}
/* Is our resolver equipped with name-servers? Good! We're done */
if (ldns_resolver_nameserver_count(res) > 0)
return true;
/* Lookup addresses with local resolver add add to "referrals" database */
addrs = ldns_rr_list_new();
for (nss_rrs = nss->rrs; nss_rrs; nss_rrs = nss_rrs->next) {
ldns_rr_list *addrs_by_name =
ldns_get_rr_list_addr_by_name(
local_res, ldns_rr_rdf(nss_rrs->rr, 0), c, 0);
ldns_rr_list_cat(addrs, addrs_by_name);
ldns_rr_list_free(addrs_by_name);
}
if (ldns_rr_list_rr_count(addrs) == 0)
error("Could not find the nameserver ip addr; abort");
else if (ldns_resolver_push_nameserver_rr_list(res, addrs) !=
LDNS_STATUS_OK)
error("Error adding new nameservers");
else {
ldns_rr_list_deep_free(addrs);
return true;
}
add_rr_list_to_referrals(referrals, addrs);
ldns_rr_list_deep_free(addrs);
return false;
}
/**
* trace down from the root to name
*/
/* same naive method as in drill0.9
* We resolver _ALL_ the names, which is ofcourse not needed
* We resolve _ALL_ the names, which is of course not needed.
* We _do_ use the local resolver to do that, so it still is
* fast, but it can be made to run much faster
* fast, but it can be made to run much faster.
*/
ldns_pkt *
void
do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
ldns_rr_class c)
{
ldns_resolver *res;
ldns_pkt *p;
ldns_rr_list *new_nss_a;
ldns_rr_list *new_nss_aaaa;
static uint8_t zero[1] = { 0 };
static const ldns_rdf root_dname = { 1, LDNS_RDF_TYPE_DNAME, &zero };
ldns_resolver *res = NULL;
ldns_pkt *p = NULL;
ldns_rr_list *final_answer;
ldns_rr_list *new_nss;
ldns_rr_list *ns_addr;
ldns_rr_list *cname = NULL;
ldns_rr_list *answers = NULL;
uint16_t loop_count;
ldns_rdf *pop;
ldns_status status;
size_t i;
ldns_dnssec_zone* referrals = NULL;
ldns_rdf *addr;
loop_count = 0;
new_nss_a = NULL;
new_nss_aaaa = NULL;
new_nss = NULL;
ns_addr = NULL;
final_answer = NULL;
p = ldns_pkt_new();
res = ldns_resolver_new();
if (!p) {
if (res) {
ldns_resolver_free(res);
}
error("Memory allocation failed");
return NULL;
}
if (!res) {
ldns_pkt_free(p);
error("Memory allocation failed");
return NULL;
goto cleanup;
}
/* transfer some properties of local_res to res,
@ -83,16 +195,13 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error adding root servers to resolver: %s\n", ldns_get_errorstr_by_id(status));
ldns_rr_list_print(stdout, global_dns_root);
ldns_resolver_free(res);
ldns_pkt_free(p);
return NULL;
goto cleanup;
}
/* this must be a real query to local_res */
status = ldns_resolver_send(&p, res, ldns_dname_new_frm_str("."), LDNS_RR_TYPE_NS, c, 0);
status = ldns_resolver_send(&p, res, &root_dname, LDNS_RR_TYPE_NS, c, 0);
/* p can still be NULL */
if (ldns_pkt_empty(p)) {
warning("No root server information received");
}
@ -101,111 +210,95 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
if (!ldns_pkt_empty(p)) {
drill_pkt_print(stdout, local_res, p);
}
referrals = ldns_dnssec_zone_new();
add_referrals(referrals, p);
} else {
error("cannot use local resolver");
return NULL;
goto cleanup;
}
if (! set_nss_for_name(res, referrals, name, local_res, c)) {
goto cleanup;
}
ldns_pkt_free(p);
p = NULL;
status = ldns_resolver_send(&p, res, name, t, c, 0);
while(status == LDNS_STATUS_OK &&
ldns_pkt_reply_type(p) == LDNS_PACKET_REFERRAL) {
if (!p) {
/* some error occurred, bail out */
return NULL;
/* some error occurred -- bail out */
goto cleanup;
}
add_referrals(referrals, p);
new_nss_a = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL);
new_nss_aaaa = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL);
new_nss = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY);
if (verbosity != -1) {
ldns_rr_list_print(stdout, new_nss);
}
/* checks itself for verbosity */
drill_pkt_print_footer(stdout, local_res, p);
/* remove the old nameserver from the resolver */
while(ldns_resolver_pop_nameserver(res)) { /* do it */ }
/* also check for new_nss emptyness */
if (!new_nss_aaaa && !new_nss_a) {
/*
* no nameserver found!!!
* try to resolve the names we do got
*/
for(i = 0; i < ldns_rr_list_rr_count(new_nss); i++) {
/* get the name of the nameserver */
pop = ldns_rr_rdf(ldns_rr_list_rr(new_nss, i), 0);
if (!pop) {
break;
}
ldns_rr_list_print(stdout, new_nss);
ldns_rdf_print(stdout, pop);
/* retrieve it's addresses */
ns_addr = ldns_rr_list_cat_clone(ns_addr,
ldns_get_rr_list_addr_by_name(local_res, pop, c, 0));
}
if (ns_addr) {
if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) !=
LDNS_STATUS_OK) {
error("Error adding new nameservers");
ldns_pkt_free(p);
return NULL;
}
ldns_rr_list_free(ns_addr);
} else {
ldns_rr_list_print(stdout, ns_addr);
error("Could not find the nameserver ip addr; abort");
ldns_pkt_free(p);
return NULL;
}
if (! set_nss_for_name(res, referrals, name, local_res, c)) {
goto cleanup;
}
/* add the new ones */
if (new_nss_aaaa) {
if (ldns_resolver_push_nameserver_rr_list(res, new_nss_aaaa) !=
LDNS_STATUS_OK) {
error("adding new nameservers");
ldns_pkt_free(p);
return NULL;
}
}
if (new_nss_a) {
if (ldns_resolver_push_nameserver_rr_list(res, new_nss_a) !=
LDNS_STATUS_OK) {
error("adding new nameservers");
ldns_pkt_free(p);
return NULL;
}
}
if (loop_count++ > 20) {
/* unlikely that we are doing something usefull */
/* unlikely that we are doing anything useful */
error("Looks like we are looping");
ldns_pkt_free(p);
return NULL;
goto cleanup;
}
ldns_pkt_free(p);
p = NULL;
status = ldns_resolver_send(&p, res, name, t, c, 0);
/* Exit trace on error */
if (status != LDNS_STATUS_OK)
break;
/* An answer might be the desired answer (and no referral) */
if (ldns_pkt_reply_type(p) != LDNS_PACKET_ANSWER)
continue;
/* Exit trace when the requested type is found */
answers = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANSWER);
if (answers && ldns_rr_list_rr_count(answers) > 0) {
ldns_rr_list_free(answers);
answers = NULL;
break;
}
ldns_rr_list_free(answers);
answers = NULL;
/* Get the CNAMEs from the answer */
cname = ldns_pkt_rr_list_by_type(
p, LDNS_RR_TYPE_CNAME, LDNS_SECTION_ANSWER);
/* No CNAME either: exit trace */
if (ldns_rr_list_rr_count(cname) == 0)
break;
/* Print CNAME referral */
ldns_rr_list_print(stdout, cname);
/* restart with the CNAME */
name = ldns_rr_rdf(ldns_rr_list_rr(cname, 0), 0);
ldns_rr_list_free(cname);
cname = NULL;
/* remove the old nameserver from the resolver */
while((addr = ldns_resolver_pop_nameserver(res)))
ldns_rdf_deep_free(addr);
/* Restart trace from the root up */
(void) ldns_resolver_push_nameserver_rr_list(
res, global_dns_root);
ldns_pkt_free(p);
p = NULL;
status = ldns_resolver_send(&p, res, name, t, c, 0);
new_nss_aaaa = NULL;
new_nss_a = NULL;
ns_addr = NULL;
}
ldns_pkt_free(p);
p = NULL;
status = ldns_resolver_send(&p, res, name, t, c, 0);
if (!p) {
return NULL;
goto cleanup;
}
new_nss = ldns_pkt_authority(p);
final_answer = ldns_pkt_answer(p);
@ -215,8 +308,16 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
}
drill_pkt_print_footer(stdout, local_res, p);
ldns_pkt_free(p);
return NULL;
cleanup:
if (res) {
while((addr = ldns_resolver_pop_nameserver(res)))
ldns_rdf_deep_free(addr);
ldns_resolver_free(res);
}
if (referrals)
ldns_dnssec_zone_deep_free(referrals);
if (p)
ldns_pkt_free(p);
}
@ -237,8 +338,7 @@ do_chase(ldns_resolver *res,
ldns_rr_list *trusted_keys,
ldns_pkt *pkt_o,
uint16_t qflags,
ldns_rr_list * ATTR_UNUSED(prev_key_list),
int verbosity)
ldns_rr_list * ATTR_UNUSED(prev_key_list))
{
ldns_rr_list *rrset = NULL;
ldns_status result;

11
contrib/ldns/drill/config.h
View File

@ -16,8 +16,8 @@
/* Define to 1 if you have the <getopt.h> header file. */
#define HAVE_GETOPT_H 1
/* If you have HMAC_CTX_init */
#define HAVE_HMAC_CTX_INIT 1
/* If you have HMAC_Update */
#define HAVE_HMAC_UPDATE 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
@ -122,7 +122,7 @@
#define PACKAGE_NAME "ldns"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "ldns 1.6.17"
#define PACKAGE_STRING "ldns 1.7.0"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "libdns"
@ -131,7 +131,7 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
#define PACKAGE_VERSION "1.6.17"
#define PACKAGE_VERSION "1.7.0"
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
@ -280,9 +280,6 @@
#include <ws2tcpip.h>
#endif
extern char *optarg;
extern int optind, opterr;
#ifndef EXIT_FAILURE
#define EXIT_FAILURE 1
#endif

7
contrib/ldns/drill/config.h.in
View File

@ -15,8 +15,8 @@
/* Define to 1 if you have the <getopt.h> header file. */
#undef HAVE_GETOPT_H
/* If you have HMAC_CTX_init */
#undef HAVE_HMAC_CTX_INIT
/* If you have HMAC_Update */
#undef HAVE_HMAC_UPDATE
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
@ -279,9 +279,6 @@
#include <ws2tcpip.h>
#endif
extern char *optarg;
extern int optind, opterr;
#ifndef EXIT_FAILURE
#define EXIT_FAILURE 1
#endif

365
contrib/ldns/drill/configure vendored
View File

@ -1,13 +1,11 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.68 for ldns 1.6.17.
# Generated by GNU Autoconf 2.69 for ldns 1.7.0.
#
# Report bugs to <libdns@nlnetlabs.nl>.
#
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
# Foundation, Inc.
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
#
#
# This configure script is free software; the Free Software Foundation
@ -136,6 +134,31 @@ export LANGUAGE
# CDPATH.
(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
# Use a proper internal environment variable to ensure we don't fall
# into an infinite loop, continuously re-executing ourselves.
if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
_as_can_reexec=no; export _as_can_reexec;
# We cannot yet assume a decent shell, so we have to provide a
# neutralization value for shells without unset; and this also
# works around shells that cannot unset nonexistent variables.
# Preserve -v and -x to the replacement shell.
BASH_ENV=/dev/null
ENV=/dev/null
(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
case $- in # ((((
*v*x* | *x*v* ) as_opts=-vx ;;
*v* ) as_opts=-v ;;
*x* ) as_opts=-x ;;
* ) as_opts= ;;
esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
as_fn_exit 255
fi
# We don't want this to propagate to other subprocesses.
{ _as_can_reexec=; unset _as_can_reexec;}
if test "x$CONFIG_SHELL" = x; then
as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
emulate sh
@ -169,7 +192,8 @@ if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
else
exitcode=1; echo positional parameters were not saved.
fi
test x\$exitcode = x0 || exit 1"
test x\$exitcode = x0 || exit 1
test -x / || exit 1"
as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
@ -214,21 +238,25 @@ IFS=$as_save_IFS
if test "x$CONFIG_SHELL" != x; then :
# We cannot yet assume a decent shell, so we have to provide a
# neutralization value for shells without unset; and this also
# works around shells that cannot unset nonexistent variables.
# Preserve -v and -x to the replacement shell.
BASH_ENV=/dev/null
ENV=/dev/null
(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
export CONFIG_SHELL
case $- in # ((((
*v*x* | *x*v* ) as_opts=-vx ;;
*v* ) as_opts=-v ;;
*x* ) as_opts=-x ;;
* ) as_opts= ;;
esac
exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"}
export CONFIG_SHELL
# We cannot yet assume a decent shell, so we have to provide a
# neutralization value for shells without unset; and this also
# works around shells that cannot unset nonexistent variables.
# Preserve -v and -x to the replacement shell.
BASH_ENV=/dev/null
ENV=/dev/null
(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
case $- in # ((((
*v*x* | *x*v* ) as_opts=-vx ;;
*v* ) as_opts=-v ;;
*x* ) as_opts=-x ;;
* ) as_opts= ;;
esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
exit 255
fi
if test x$as_have_required = xno; then :
@ -331,6 +359,14 @@ $as_echo X"$as_dir" |
} # as_fn_mkdir_p
# as_fn_executable_p FILE
# -----------------------
# Test if FILE is an executable regular file.
as_fn_executable_p ()
{
test -f "$1" && test -x "$1"
} # as_fn_executable_p
# as_fn_append VAR VALUE
# ----------------------
# Append the text in VALUE to the end of the definition contained in VAR. Take
@ -452,6 +488,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
chmod +x "$as_me.lineno" ||
{ $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
# If we had to re-execute with $CONFIG_SHELL, we're ensured to have
# already done that, so ensure we don't try to do so again and fall
# in an infinite loop. This has already happened in practice.
_as_can_reexec=no; export _as_can_reexec
# Don't try to exec as it changes $[0], causing all sort of problems
# (the dirname of $[0] is not the place where we might find the
# original and so on. Autoconf is especially sensitive to this).
@ -486,16 +526,16 @@ if (echo >conf$$.file) 2>/dev/null; then
# ... but there are two gotchas:
# 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
# 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
# In both cases, we have to default to `cp -p'.
# In both cases, we have to default to `cp -pR'.
ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
as_ln_s='cp -p'
as_ln_s='cp -pR'
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
as_ln_s='cp -p'
as_ln_s='cp -pR'
fi
else
as_ln_s='cp -p'
as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
@ -507,28 +547,8 @@ else
as_mkdir_p=false
fi
if test -x / >/dev/null 2>&1; then
as_test_x='test -x'
else
if ls -dL / >/dev/null 2>&1; then
as_ls_L_option=L
else
as_ls_L_option=
fi
as_test_x='
eval sh -c '\''
if test -d "$1"; then
test -d "$1/.";
else
case $1 in #(
-*)set "./$1";;
esac;
case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
???[sx]*):;;*)false;;esac;fi
'\'' sh
'
fi
as_executable_p=$as_test_x
as_test_x='test -x'
as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@ -560,8 +580,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ldns'
PACKAGE_TARNAME='libdns'
PACKAGE_VERSION='1.6.17'
PACKAGE_STRING='ldns 1.6.17'
PACKAGE_VERSION='1.7.0'
PACKAGE_STRING='ldns 1.7.0'
PACKAGE_BUGREPORT='libdns@nlnetlabs.nl'
PACKAGE_URL=''
@ -1131,8 +1151,6 @@ target=$target_alias
if test "x$host_alias" != x; then
if test "x$build_alias" = x; then
cross_compiling=maybe
$as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
If a cross compiler is detected then cross compile mode will be used" >&2
elif test "x$build_alias" != "x$host_alias"; then
cross_compiling=yes
fi
@ -1218,7 +1236,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ldns 1.6.17 to adapt to many kinds of systems.
\`configure' configures ldns 1.7.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1279,7 +1297,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ldns 1.6.17:";;
short | recursive ) echo "Configuration of ldns 1.7.0:";;
esac
cat <<\_ACEOF
@ -1378,10 +1396,10 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ldns configure 1.6.17
generated by GNU Autoconf 2.68
ldns configure 1.7.0
generated by GNU Autoconf 2.69
Copyright (C) 2010 Free Software Foundation, Inc.
Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
@ -1712,7 +1730,7 @@ $as_echo "$ac_try_echo"; } >&5
test ! -s conftest.err
} && test -s conftest$ac_exeext && {
test "$cross_compiling" = yes ||
$as_test_x conftest$ac_exeext
test -x conftest$ac_exeext
}; then :
ac_retval=0
else
@ -1801,8 +1819,8 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ldns $as_me 1.6.17, which was
generated by GNU Autoconf 2.68. Invocation command line was
It was created by ldns $as_me 1.7.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2154,7 +2172,15 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 26
# Version 34
# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0.
# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0).
# 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20
# 2015-12-11 FLTO check for new OSX, clang.
# 2015-11-18 spelling check fix.
# 2015-11-05 ACX_SSL_CHECKS no longer adds -ldl needlessly.
# 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added.
# 2015-03-17 AHX_CONFIG_REALLOCARRAY added
# 2013-09-19 FLTO help text improved.
# 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes
# 2013-06-25 FLTO has --disable-flto option.
@ -2245,6 +2271,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
# ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters.
# AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED.
# ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family
# ACX_CHECK_PIE - add --enable-pie option and check if works
# ACX_CHECK_RELRO_NOW - add --enable-relro-now option and check it
#
@ -2341,6 +2369,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
@ -2378,7 +2412,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -2418,7 +2452,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -2471,7 +2505,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -2512,7 +2546,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
ac_prog_rejected=yes
continue
@ -2570,7 +2604,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -2614,7 +2648,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -3060,8 +3094,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdarg.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
struct stat;
/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
struct buf { int x; };
FILE * (*rcsopen) (struct buf *, struct stat *, int);
@ -3301,7 +3334,7 @@ do
for ac_prog in grep ggrep; do
for ac_exec_ext in '' $ac_executable_extensions; do
ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
{ test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
as_fn_executable_p "$ac_path_GREP" || continue
# Check for GNU ac_path_GREP and select it if it is found.
# Check for GNU $ac_path_GREP
case `"$ac_path_GREP" --version 2>&1` in
@ -3367,7 +3400,7 @@ do
for ac_prog in egrep; do
for ac_exec_ext in '' $ac_executable_extensions; do
ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
{ test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
as_fn_executable_p "$ac_path_EGREP" || continue
# Check for GNU ac_path_EGREP and select it if it is found.
# Check for GNU $ac_path_EGREP
case `"$ac_path_EGREP" --version 2>&1` in
@ -3574,8 +3607,8 @@ else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
# define __EXTENSIONS__ 1
$ac_includes_default
# define __EXTENSIONS__ 1
$ac_includes_default
int
main ()
{
@ -3629,7 +3662,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -3669,7 +3702,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -3722,7 +3755,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -3763,7 +3796,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
ac_prog_rejected=yes
continue
@ -3821,7 +3854,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -3865,7 +3898,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -4061,8 +4094,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdarg.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
struct stat;
/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
struct buf { int x; };
FILE * (*rcsopen) (struct buf *, struct stat *, int);
@ -4196,7 +4228,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_libtool="$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@ -4988,8 +5020,8 @@ $as_echo "found in $ssldir" >&6; }
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC_CTX_init in -lcrypto" >&5
$as_echo_n "checking for HMAC_CTX_init in -lcrypto... " >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC_Update in -lcrypto" >&5
$as_echo_n "checking for HMAC_Update in -lcrypto... " >&6; }
LIBS="$LIBS -lcrypto"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@ -4999,8 +5031,8 @@ int
main ()
{
int HMAC_CTX_init(void);
(void)HMAC_CTX_init();
int HMAC_Update(void);
(void)HMAC_Update();
;
return 0;
@ -5011,7 +5043,7 @@ if ac_fn_c_try_link "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
$as_echo "#define HAVE_HMAC_CTX_INIT 1" >>confdefs.h
$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h
else
@ -5032,8 +5064,8 @@ int
main ()
{
int HMAC_CTX_init(void);
(void)HMAC_CTX_init();
int HMAC_Update(void);
(void)HMAC_Update();
;
return 0;
@ -5042,7 +5074,7 @@ _ACEOF
if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_HMAC_CTX_INIT 1" >>confdefs.h
$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
@ -5064,8 +5096,8 @@ int
main ()
{
int HMAC_CTX_init(void);
(void)HMAC_CTX_init();
int HMAC_Update(void);
(void)HMAC_Update();
;
return 0;
@ -5074,7 +5106,7 @@ _ACEOF
if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_HMAC_CTX_INIT 1" >>confdefs.h
$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
@ -5083,7 +5115,43 @@ else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl -pthread"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5
$as_echo_n "checking if -lcrypto needs -ldl -pthread... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
int HMAC_Update(void);
(void)HMAC_Update();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
rm -f core conftest.err conftest.$ac_objext \
@ -5099,67 +5167,6 @@ rm -f core conftest.err conftest.$ac_objext \
fi
# openssl engine functionality needs dlopen().
BAKLIBS="$LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5
$as_echo_n "checking for library containing dlopen... " >&6; }
if ${ac_cv_search_dlopen+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char dlopen ();
int
main ()
{
return dlopen ();
;
return 0;
}
_ACEOF
for ac_lib in '' dl; do
if test -z "$ac_lib"; then
ac_res="none required"
else
ac_res=-l$ac_lib
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
fi
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_search_dlopen=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
if ${ac_cv_search_dlopen+:} false; then :
break
fi
done
if ${ac_cv_search_dlopen+:} false; then :
else
ac_cv_search_dlopen=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
$as_echo "$ac_cv_search_dlopen" >&6; }
ac_res=$ac_cv_search_dlopen
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
fi
if test "$LIBS" != "$BAKLIBS"; then
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
fi
fi
for ac_header in openssl/ssl.h
do :
@ -5839,16 +5846,16 @@ if (echo >conf$$.file) 2>/dev/null; then
# ... but there are two gotchas:
# 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
# 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
# In both cases, we have to default to `cp -p'.
# In both cases, we have to default to `cp -pR'.
ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
as_ln_s='cp -p'
as_ln_s='cp -pR'
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
as_ln_s='cp -p'
as_ln_s='cp -pR'
fi
else
as_ln_s='cp -p'
as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
@ -5908,28 +5915,16 @@ else
as_mkdir_p=false
fi
if test -x / >/dev/null 2>&1; then
as_test_x='test -x'
else
if ls -dL / >/dev/null 2>&1; then
as_ls_L_option=L
else
as_ls_L_option=
fi
as_test_x='
eval sh -c '\''
if test -d "$1"; then
test -d "$1/.";
else
case $1 in #(
-*)set "./$1";;
esac;
case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
???[sx]*):;;*)false;;esac;fi
'\'' sh
'
fi
as_executable_p=$as_test_x
# as_fn_executable_p FILE
# -----------------------
# Test if FILE is an executable regular file.
as_fn_executable_p ()
{
test -f "$1" && test -x "$1"
} # as_fn_executable_p
as_test_x='test -x'
as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@ -5950,8 +5945,8 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ldns $as_me 1.6.17, which was
generated by GNU Autoconf 2.68. Invocation command line was
This file was extended by ldns $as_me 1.7.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
@ -6012,11 +6007,11 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ldns config.status 1.6.17
configured by $0, generated by GNU Autoconf 2.68,
ldns config.status 1.7.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
Copyright (C) 2010 Free Software Foundation, Inc.
Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
@ -6104,7 +6099,7 @@ fi
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
if \$ac_cs_recheck; then
set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
shift
\$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
CONFIG_SHELL='$SHELL'

5
contrib/ldns/drill/configure.ac
View File

@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.56)
AC_INIT(ldns, 1.6.17, libdns@nlnetlabs.nl,libdns)
AC_INIT(ldns, 1.7.0, libdns@nlnetlabs.nl,libdns)
AC_CONFIG_SRCDIR([drill.c])
sinclude(../acx_nlnetlabs.m4)
@ -258,9 +258,6 @@ AH_BOTTOM([
#include <ws2tcpip.h>
#endif
extern char *optarg;
extern int optind, opterr;
#ifndef EXIT_FAILURE
#define EXIT_FAILURE 1
#endif

28
contrib/ldns/drill/drill.1
View File

@ -40,7 +40,7 @@ Send to query to this server. If not specified use the nameservers from
.PP
\fItype\fR
Ask for this RR type. If type is not given on the command line it defaults
to 'A'. Except when doing to reverse lookup when it defaults to 'PTR'.
to 'A'. Except when doing a reverse lookup when it defaults to 'PTR'.
.PP
\fIclass\fR
@ -51,17 +51,17 @@ Use this class when querying.
Show the MX records of the domain miek.nl
.TP
\fBdrill -S jelte.nlnetlabs.nl\fR
\fBdrill \-S jelte.nlnetlabs.nl\fR
Chase any signatures in the jelte.nlnetlab.nl domain. This option is
only available when ldns has been compiled with openssl-support.
.TP
\fBdrill -TD www.example.com\fR
Do a DNSSEC (-D) trace (-T) from the rootservers down to www.example.com.
\fBdrill \-TD www.example.com\fR
Do a DNSSEC (\-D) trace (\-T) from the rootservers down to www.example.com.
This option only works when ldns has been compiled with openssl support.
.TP
\fBdrill -s dnskey jelte.nlnetlabs.nl\fR
\fBdrill \-s dnskey jelte.nlnetlabs.nl\fR
Show the DNSKEY record(s) for jelte.nlnetlabs.nl. For each found DNSKEY
record also print the DS record.
@ -70,12 +70,12 @@ record also print the DS record.
.TP
\fB\-D
Enable DNSSEC in the query. When querying for DNSSEC types (DNSKEY, RRSIG,
DS and NSEC) this is \fInot\fR automaticly enabled.
DS and NSEC) this is \fInot\fR automatically enabled.
.TP
\fB\-T
Trace \fIname\fR from the root down. When using this option the @server and
the type arguments are not used.
Trace \fIname\fR from the root down. When using this option the @server
arguments is not used.
.TP
\fB\-S
@ -93,11 +93,11 @@ Be more verbose. Set level to 5 to see the actual query that is sent.
.TP
\fB\-Q
Quiet mode, this overrules -V.
Quiet mode, this overrules \-V.
.TP
\fB\-f \fIfile\fR
Read the query from a file. The query must be dumped with -w.
Read the query from a file. The query must be dumped with \-w.
.TP
\fB\-i \fIfile\fR
@ -153,7 +153,7 @@ Use file instead of /etc/resolv.conf for nameserver configuration.
.TP
\fB\-d \fIdomain\fR
When tracing (-T), start from this domain instead of the root.
When tracing (\-T), start from this domain instead of the root.
.TP
\fB\-t
@ -195,7 +195,7 @@ Use this port instead of the default of 53.
.TP
\fB\-r \fIfile\fR
When tracing (-T), use file as a root servers hint file.
When tracing (\-T), use file as a root servers hint file.
.TP
\fB\-s
@ -208,11 +208,11 @@ Use UDP when querying a server. This is the default.
.TP
\fB\-w \fIfile\fR
write the answer to a file. The file will contain a hexadecimal dump
of the query. This can be used in conjunction with -f.
of the query. This can be used in conjunction with \-f.
.TP
\fB\-x
Do a reverse loopup. The type argument is not used, it is preset to PTR.
Do a reverse lookup. The type argument is not used, it is preset to PTR.
.TP
\fB\-y \fI<name:key[:algo]>\fR

28
contrib/ldns/drill/drill.1.in
View File

@ -40,7 +40,7 @@ Send to query to this server. If not specified use the nameservers from
.PP
\fItype\fR
Ask for this RR type. If type is not given on the command line it defaults
to 'A'. Except when doing to reverse lookup when it defaults to 'PTR'.
to 'A'. Except when doing a reverse lookup when it defaults to 'PTR'.
.PP
\fIclass\fR
@ -51,17 +51,17 @@ Use this class when querying.
Show the MX records of the domain miek.nl
.TP
\fBdrill -S jelte.nlnetlabs.nl\fR
\fBdrill \-S jelte.nlnetlabs.nl\fR
Chase any signatures in the jelte.nlnetlab.nl domain. This option is
only available when ldns has been compiled with openssl-support.
.TP
\fBdrill -TD www.example.com\fR
Do a DNSSEC (-D) trace (-T) from the rootservers down to www.example.com.
\fBdrill \-TD www.example.com\fR
Do a DNSSEC (\-D) trace (\-T) from the rootservers down to www.example.com.
This option only works when ldns has been compiled with openssl support.
.TP
\fBdrill -s dnskey jelte.nlnetlabs.nl\fR
\fBdrill \-s dnskey jelte.nlnetlabs.nl\fR
Show the DNSKEY record(s) for jelte.nlnetlabs.nl. For each found DNSKEY
record also print the DS record.
@ -70,12 +70,12 @@ record also print the DS record.
.TP
\fB\-D
Enable DNSSEC in the query. When querying for DNSSEC types (DNSKEY, RRSIG,
DS and NSEC) this is \fInot\fR automaticly enabled.
DS and NSEC) this is \fInot\fR automatically enabled.
.TP
\fB\-T
Trace \fIname\fR from the root down. When using this option the @server and
the type arguments are not used.
Trace \fIname\fR from the root down. When using this option the @server
arguments is not used.
.TP
\fB\-S
@ -93,11 +93,11 @@ Be more verbose. Set level to 5 to see the actual query that is sent.
.TP
\fB\-Q
Quiet mode, this overrules -V.
Quiet mode, this overrules \-V.
.TP
\fB\-f \fIfile\fR
Read the query from a file. The query must be dumped with -w.
Read the query from a file. The query must be dumped with \-w.
.TP
\fB\-i \fIfile\fR
@ -153,7 +153,7 @@ Use file instead of /etc/resolv.conf for nameserver configuration.
.TP
\fB\-d \fIdomain\fR
When tracing (-T), start from this domain instead of the root.
When tracing (\-T), start from this domain instead of the root.
.TP
\fB\-t
@ -195,7 +195,7 @@ Use this port instead of the default of 53.
.TP
\fB\-r \fIfile\fR
When tracing (-T), use file as a root servers hint file.
When tracing (\-T), use file as a root servers hint file.
.TP
\fB\-s
@ -208,11 +208,11 @@ Use UDP when querying a server. This is the default.
.TP
\fB\-w \fIfile\fR
write the answer to a file. The file will contain a hexadecimal dump
of the query. This can be used in conjunction with -f.
of the query. This can be used in conjunction with \-f.
.TP
\fB\-x
Do a reverse loopup. The type argument is not used, it is preset to PTR.
Do a reverse lookup. The type argument is not used, it is preset to PTR.
.TP
\fB\-y \fI<name:key[:algo]>\fR

181
contrib/ldns/drill/drill.c
View File

@ -14,11 +14,22 @@
#include <openssl/err.h>
#endif
#define IP6_ARPA_MAX_LEN 65
/* query debug, 2 hex dumps */
int verbosity;
static int
is_ixfr_with_serial(const char* name, uint32_t *serial)
{
char* end;
if (strlen(name) > 5 &&
strncasecmp(name, "IXFR", 4) == 0 &&
name[4] == '=') {
*serial = (uint32_t) strtol((name+5), &end, 10);
return 1;
}
return 0;
}
static void
usage(FILE *stream, const char *progname)
{
@ -31,7 +42,7 @@ usage(FILE *stream, const char *progname)
fprintf(stream, "\t-D\t\tenable DNSSEC (DO bit)\n");
#ifdef HAVE_SSL
fprintf(stream, "\t-T\t\ttrace from the root down to <name>\n");
fprintf(stream, "\t-S\t\tchase signature(s) from <name> to a know key [*]\n");
fprintf(stream, "\t-S\t\tchase signature(s) from <name> to a known key [*]\n");
#endif /*HAVE_SSL*/
fprintf(stream, "\t-I <address>\tsource address to query from\n");
fprintf(stream, "\t-V <number>\tverbosity (0-5)\n");
@ -106,15 +117,14 @@ main(int argc, char *argv[])
char *serv;
char *src = NULL;
const char *name;
char *name2;
char *progname;
char *query_file = NULL;
char *answer_file = NULL;
ldns_buffer *query_buffer = NULL;
ldns_rdf *serv_rdf;
ldns_rdf *src_rdf = NULL;
ldns_rr_type type;
ldns_rr_class clas;
ldns_rr_type type;
ldns_rr_class clas;
#if 0
ldns_pkt_opcode opcode = LDNS_PACKET_QUERY;
#endif
@ -130,7 +140,7 @@ main(int argc, char *argv[])
ldns_rr *axfr_rr;
ldns_status status;
char *type_str;
uint32_t serial = 0;
/* list of keys used in dnssec operations */
ldns_rr_list *key_list = ldns_rr_list_new();
/* what key verify the current answer */
@ -153,6 +163,9 @@ main(int argc, char *argv[])
int result = 0;
uint8_t s6addr[16];
char ip6_arpa_str[74];
#ifdef USE_WINSOCK
int r;
WSADATA wsa_data;
@ -188,12 +201,6 @@ main(int argc, char *argv[])
ldns_init_random(NULL, 0);
if (argc == 0) {
usage(stdout, progname);
result = EXIT_FAILURE;
goto exit;
}
/* string from orig drill: "i:w:I46Sk:TNp:b:DsvhVcuaq:f:xr" */
/* global first, query opt next, option with parm's last
* and sorted */ /* "46DITSVQf:i:w:q:achuvxzy:so:p:b:k:" */
@ -363,9 +370,7 @@ main(int argc, char *argv[])
tsig_algorithm[strlen(optarg) - tsig_separator2 - 1] = '\0';
} else {
tsig_separator2 = strlen(optarg);
tsig_algorithm = xmalloc(26);
strncpy(tsig_algorithm, "hmac-md5.sig-alg.reg.int.", 25);
tsig_algorithm[25] = '\0';
tsig_algorithm = strdup("hmac-md5.sig-alg.reg.int");
}
tsig_name = xmalloc(tsig_separator + 1);
tsig_data = xmalloc(tsig_separator2 - tsig_separator);
@ -453,6 +458,10 @@ main(int argc, char *argv[])
if (type != 0) {
int_type = 0;
continue;
} else if (is_ixfr_with_serial(argv[i], &serial)) {
type = LDNS_RR_TYPE_IXFR;
int_type = 0;
continue;
}
}
/* if it matches a class, it's a class */
@ -488,14 +497,20 @@ main(int argc, char *argv[])
if (src) {
src_rdf = ldns_rdf_new_addr_frm_str(src);
if(!src_rdf) {
fprintf(stderr, "-I must be (or resolve) to a valid IP[v6] address.\n");
fprintf(stderr, "-I must be a valid IP[v6] address.\n");
exit(EXIT_FAILURE);
}
if (ldns_rdf_size(src_rdf) == 4) {
qfamily = LDNS_RESOLV_INET;
} else if (ldns_rdf_size(src_rdf) == 16) {
qfamily = LDNS_RESOLV_INET6;
}
}
/* set the nameserver to use */
if (!serv) {
/* no server given make a resolver from /etc/resolv.conf */
/* no server given -- make a resolver from /etc/resolv.conf */
status = ldns_resolver_new_frm_file(&res, resolv_conf_file);
if (status != LDNS_STATUS_OK) {
warning("Could not create a resolver structure: %s (%s)\n"
@ -516,7 +531,7 @@ main(int argc, char *argv[])
if (!serv_rdf) {
/* try to resolv the name if possible */
status = ldns_resolver_new_frm_file(&cmdline_res, resolv_conf_file);
if (status != LDNS_STATUS_OK) {
error("%s", "@server ip could not be converted");
}
@ -554,6 +569,7 @@ main(int argc, char *argv[])
}
}
/* set the resolver options */
ldns_resolver_set_ixfr_serial(res, serial);
ldns_resolver_set_port(res, qport);
ldns_resolver_set_source(res, src_rdf);
if (verbosity >= 5) {
@ -581,6 +597,39 @@ main(int argc, char *argv[])
}
if (tsig_name && tsig_data) {
/* With dig TSIG keys are also specified with -y,
* but format with drill is: -y <name:key[:algo]>
* and with dig: -y [hmac:]name:key
*
* When we detect an unknown tsig algorithm in algo,
* but a known algorithm in name, we cane assume dig
* order was used.
*
* Following if statement is to anticipate and correct dig order
*/
if ( strcasecmp(tsig_algorithm, "hmac-md5.sig-alg.reg.int")
&& strcasecmp(tsig_algorithm, "hmac-md5")
&& strcasecmp(tsig_algorithm, "hmac-sha1")
&& strcasecmp(tsig_algorithm, "hmac-sha256")
&& (
strcasecmp(tsig_name, "hmac-md5.sig-alg.reg.int") == 0
|| strcasecmp(tsig_name, "hmac-md5") == 0
|| strcasecmp(tsig_name, "hmac-sha1") == 0
|| strcasecmp(tsig_name, "hmac-sha256") == 0
)) {
/* Roll options */
char *tmp_tsig_algorithm = tsig_name;
tsig_name = tsig_data;
tsig_data = tsig_algorithm;
tsig_algorithm = tmp_tsig_algorithm;
}
if (strcasecmp(tsig_algorithm, "hmac-md5") == 0) {
free(tsig_algorithm);
tsig_algorithm = strdup("hmac-md5.sig-alg.reg.int");
}
ldns_resolver_set_tsig_keyname(res, tsig_name);
ldns_resolver_set_tsig_keydata(res, tsig_data);
ldns_resolver_set_tsig_algorithm(res, tsig_algorithm);
@ -598,7 +647,7 @@ main(int argc, char *argv[])
error("%s", "parsing query name");
}
/* don't care about return packet */
(void)do_trace(res, qname, type, clas);
do_trace(res, qname, type, clas);
clear_root();
break;
case DRILL_SECTRACE:
@ -650,8 +699,7 @@ main(int argc, char *argv[])
ldns_resolver_set_dnssec_anchors(res, ldns_rr_list_clone(key_list));
result = do_chase(res, qname, type,
clas, key_list,
pkt, qflags, NULL,
verbosity);
pkt, qflags, NULL);
if (result == LDNS_STATUS_OK) {
if (verbosity != -1) {
mesg("Chase successful");
@ -682,7 +730,6 @@ main(int argc, char *argv[])
if (!qname) {
error("%s", "making qname");
}
status = ldns_resolver_prepare_query_pkt(&qpkt, res, qname, type, clas, qflags);
if(status != LDNS_STATUS_OK) {
error("%s", "making query: %s",
@ -696,55 +743,48 @@ main(int argc, char *argv[])
case DRILL_REVERSE:
/* ipv4 or ipv6 addr? */
if (strchr(name, ':')) {
if (strchr(name, '.')) {
error("Syntax error: both '.' and ':' seen in address\n");
if (!inet_pton(AF_INET6, name, &s6addr)) {
error("Syntax error: cannot parse IPv6 address\n");
}
name2 = malloc(IP6_ARPA_MAX_LEN + 20);
c = 0;
for (i=0; i<(int)strlen(name); i++) {
if (i >= IP6_ARPA_MAX_LEN) {
error("%s", "reverse argument to long");
}
if (name[i] == ':') {
if (i < (int) strlen(name) && name[i + 1] == ':') {
error("%s", ":: not supported (yet)");
} else {
if (i + 2 == (int) strlen(name) || name[i + 2] == ':') {
name2[c++] = '0';
name2[c++] = '.';
name2[c++] = '0';
name2[c++] = '.';
name2[c++] = '0';
name2[c++] = '.';
} else if (i + 3 == (int) strlen(name) || name[i + 3] == ':') {
name2[c++] = '0';
name2[c++] = '.';
name2[c++] = '0';
name2[c++] = '.';
} else if (i + 4 == (int) strlen(name) || name[i + 4] == ':') {
name2[c++] = '0';
name2[c++] = '.';
}
}
} else {
name2[c++] = name[i];
name2[c++] = '.';
}
}
name2[c++] = '\0';
(void) snprintf(ip6_arpa_str, sizeof(ip6_arpa_str),
"%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa.",
(unsigned int)(s6addr[15] & 0x0F),
(unsigned int)(s6addr[15] >> 4),
(unsigned int)(s6addr[14] & 0x0F),
(unsigned int)(s6addr[14] >> 4),
(unsigned int)(s6addr[13] & 0x0F),
(unsigned int)(s6addr[13] >> 4),
(unsigned int)(s6addr[12] & 0x0F),
(unsigned int)(s6addr[12] >> 4),
(unsigned int)(s6addr[11] & 0x0F),
(unsigned int)(s6addr[11] >> 4),
(unsigned int)(s6addr[10] & 0x0F),
(unsigned int)(s6addr[10] >> 4),
(unsigned int)(s6addr[9] & 0x0F),
(unsigned int)(s6addr[9] >> 4),
(unsigned int)(s6addr[8] & 0x0F),
(unsigned int)(s6addr[8] >> 4),
(unsigned int)(s6addr[7] & 0x0F),
(unsigned int)(s6addr[7] >> 4),
(unsigned int)(s6addr[6] & 0x0F),
(unsigned int)(s6addr[6] >> 4),
(unsigned int)(s6addr[5] & 0x0F),
(unsigned int)(s6addr[5] >> 4),
(unsigned int)(s6addr[4] & 0x0F),
(unsigned int)(s6addr[4] >> 4),
(unsigned int)(s6addr[3] & 0x0F),
(unsigned int)(s6addr[3] >> 4),
(unsigned int)(s6addr[2] & 0x0F),
(unsigned int)(s6addr[2] >> 4),
(unsigned int)(s6addr[1] & 0x0F),
(unsigned int)(s6addr[1] >> 4),
(unsigned int)(s6addr[0] & 0x0F),
(unsigned int)(s6addr[0] >> 4));
qname = ldns_dname_new_frm_str(name2);
qname_tmp = ldns_dname_reverse(qname);
ldns_rdf_deep_free(qname);
qname = qname_tmp;
qname_tmp = ldns_dname_new_frm_str("ip6.arpa.");
status = ldns_dname_cat(qname, qname_tmp);
if (status != LDNS_STATUS_OK) {
error("%s", "could not create reverse address for ip6: %s\n", ldns_get_errorstr_by_id(status));
}
ldns_rdf_deep_free(qname_tmp);
free(name2);
qname = ldns_dname_new_frm_str(ip6_arpa_str);
} else {
qname = ldns_dname_new_frm_str(name);
qname_tmp = ldns_dname_reverse(qname);
@ -974,7 +1014,6 @@ main(int argc, char *argv[])
xfree(tsig_algorithm);
#ifdef HAVE_SSL
ERR_remove_state(0);
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
EVP_cleanup();

6
contrib/ldns/drill/drill.h
View File

@ -30,10 +30,9 @@
(VAR) = (VAR) & ~(BIT)
extern ldns_rr_list *global_dns_root;
extern bool qds;
extern int verbosity;
ldns_pkt *do_trace(ldns_resolver *res,
void do_trace(ldns_resolver *res,
ldns_rdf *name,
ldns_rr_type type,
ldns_rr_class c);
@ -44,8 +43,7 @@ ldns_status do_chase(ldns_resolver *res,
ldns_rr_list *trusted_keys,
ldns_pkt *pkt_o,
uint16_t qflags,
ldns_rr_list *prev_key_list,
int verbosity);
ldns_rr_list *prev_key_list);
int do_secure_trace(ldns_resolver *res,
ldns_rdf *name,
ldns_rr_type type,

33
contrib/ldns/drill/error.c
View File

@ -69,6 +69,7 @@ mesg(const char *fmt, ...)
va_end(args);
}
#if 0
/* print stuff when in verbose mode (1) */
void
verbose(const char *fmt, ...)
@ -82,34 +83,4 @@ verbose(const char *fmt, ...)
verbose_va_list(fmt, args);
va_end(args);
}
/* print stuff when in vverbose mode (2) */
void
vverbose(const char *fmt, ...)
{
va_list args;
if (verbosity < 2) {
return;
}
va_start(args, fmt);
verbose_va_list(fmt, args);
va_end(args);
}
static void
debug_va_list(const char *fmt, va_list args)
{
vfprintf(stderr, fmt, args);
fprintf(stderr, "\n");
}
void
debug(const char *fmt, ...)
{
va_list args;
fprintf(stderr, "[DEBUG] ");
va_start(args, fmt);
debug_va_list(fmt, args);
va_end(args);
}
#endif

15
contrib/ldns/drill/securetrace.c
View File

@ -62,7 +62,7 @@ ds_key_match(ldns_rr_list *ds, ldns_rr_list *trusted)
}
#endif
ldns_pkt *
static ldns_pkt *
get_dnssec_pkt(ldns_resolver *r, ldns_rdf *name, ldns_rr_type t)
{
ldns_pkt *p = NULL;
@ -97,7 +97,7 @@ get_ds(ldns_pkt *p, ldns_rdf *ownername, ldns_rr_list **rrlist, ldns_rr_list **o
}
#endif /* HAVE_SSL */
void
static void
remove_resolver_nameservers(ldns_resolver *res)
{
ldns_rdf *pop;
@ -109,17 +109,6 @@ remove_resolver_nameservers(ldns_resolver *res)
}
void
show_current_nameservers(FILE *out, ldns_resolver *res)
{
size_t i;
fprintf(out, "Current nameservers for resolver object:\n");
for (i = 0; i < ldns_resolver_nameserver_count(res); i++) {
ldns_rdf_print(out, ldns_resolver_nameservers(res)[i]);
fprintf(out, "\n");
}
}
/*ldns_pkt **/
#ifdef HAVE_SSL
int

4
contrib/ldns/drill/work.c
View File

@ -18,7 +18,7 @@
*
* This function returns the length of the result
*/
size_t
static size_t
hexstr2bin(char *hexstr, int len, uint8_t *buf, size_t offset, size_t buf_len)
{
char c;
@ -64,7 +64,7 @@ hexstr2bin(char *hexstr, int len, uint8_t *buf, size_t offset, size_t buf_len)
return bufpos;
}
size_t
static size_t
packetbuffromfile(char *filename, uint8_t *wire)
{
FILE *fp = NULL;

6
contrib/ldns/duration.c
View File

@ -75,7 +75,7 @@ ldns_duration_create(void)
*
*/
int
ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2)
ldns_duration_compare(const ldns_duration_type* d1, const ldns_duration_type* d2)
{
if (!d1 && !d2) {
return 0;
@ -213,7 +213,7 @@ digits_in_number(time_t duration)
*
*/
char*
ldns_duration2string(ldns_duration_type* duration)
ldns_duration2string(const ldns_duration_type* duration)
{
char* str = NULL, *num = NULL;
size_t count = 2;
@ -316,7 +316,7 @@ ldns_duration2string(ldns_duration_type* duration)
*
*/
time_t
ldns_duration2time(ldns_duration_type* duration)
ldns_duration2time(const ldns_duration_type* duration)
{
time_t period = 0;

14
contrib/ldns/error.c
View File

@ -143,6 +143,20 @@ ldns_lookup_table ldns_error_str[] = {
{ LDNS_STATUS_INVALID_RDF_TYPE,
"The rdata field was not of the expected type" },
{ LDNS_STATUS_RDATA_OVERFLOW, "Rdata size overflow" },
{ LDNS_STATUS_SYNTAX_SUPERFLUOUS_TEXT_ERR,
"Syntax error, superfluous text present" },
{ LDNS_STATUS_NSEC3_DOMAINNAME_OVERFLOW,
"The NSEC3 domainname length overflow" },
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
{ LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA,
"ldns needs to be linked with OpenSSL >= 1.1.0 to be able "
"to verify the DANE-TA usage type." },
#else
{ LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA,
"ldns depends on the availability of the SSL_get0_dane() and "
"X509_STORE_CTX_set0_dane() functions within OpenSSL >= 1.1.0 "
"to be able to verify the DANE-TA usage type." },
#endif
{ 0, NULL }
};

2
contrib/ldns/freebsd-configure.sh
View File

@ -11,7 +11,7 @@ cd $ldns
libtoolize --copy
autoheader
autoconf
./configure --prefix= --exec-prefix=/usr
./configure --prefix= --exec-prefix=/usr --disable-dane-ta-usage
cd $ldns/drill
autoheader

21
contrib/ldns/higher.c
View File

@ -2,7 +2,7 @@
* higher.c
*
* Specify some higher level functions that would
* be usefull to would be developers
* be useful to would be developers
*
* a Net::DNS like library for C
*
@ -21,8 +21,8 @@
#endif /* HAVE_SSL */
ldns_rr_list *
ldns_get_rr_list_addr_by_name(ldns_resolver *res, ldns_rdf *name, ldns_rr_class c,
uint16_t flags)
ldns_get_rr_list_addr_by_name(ldns_resolver *res, const ldns_rdf *name,
ldns_rr_class c, uint16_t flags)
{
ldns_pkt *pkt;
ldns_rr_list *aaaa;
@ -104,8 +104,8 @@ ldns_get_rr_list_addr_by_name(ldns_resolver *res, ldns_rdf *name, ldns_rr_class
}
ldns_rr_list *
ldns_get_rr_list_name_by_addr(ldns_resolver *res, ldns_rdf *addr, ldns_rr_class c,
uint16_t flags)
ldns_get_rr_list_name_by_addr(ldns_resolver *res, const ldns_rdf *addr,
ldns_rr_class c, uint16_t flags)
{
ldns_pkt *pkt;
ldns_rr_list *names;
@ -216,6 +216,9 @@ ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr)
}
(void)strlcpy(addr, word, LDNS_MAX_LINELEN+1);
} else {
/* Stop parsing line when a comment begins. */
if (word[0] == '#')
break;
/* la al la la */
if (ip6) {
snprintf(rr_str, LDNS_MAX_LINELEN,
@ -227,8 +230,8 @@ ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr)
parse_result = ldns_rr_new_frm_str(&rr, rr_str, 0, NULL, NULL);
if (parse_result == LDNS_STATUS_OK && ldns_rr_owner(rr) && ldns_rr_rd_count(rr) > 0) {
ldns_rr_list_push_rr(list, ldns_rr_clone(rr));
ldns_rr_free(rr);
}
ldns_rr_free(rr);
}
}
ldns_buffer_free(linebuf);
@ -262,8 +265,8 @@ ldns_get_rr_list_hosts_frm_file(char *filename)
}
uint16_t
ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c,
ldns_rr_list **ret)
ldns_getaddrinfo(ldns_resolver *res, const ldns_rdf *node,
ldns_rr_class c, ldns_rr_list **ret)
{
ldns_rdf_type t;
uint16_t names_found;
@ -302,7 +305,7 @@ ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c,
}
bool
ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t)
ldns_nsec_type_check(const ldns_rr *nsec, ldns_rr_type t)
{
switch (ldns_rr_get_type(nsec)) {
case LDNS_RR_TYPE_NSEC : if (ldns_rr_rd_count(nsec) < 2) {

431
contrib/ldns/host2str.c
View File

@ -56,6 +56,12 @@ ldns_lookup_table ldns_algorithms[] = {
#ifdef USE_ECDSA
{ LDNS_ECDSAP256SHA256, "ECDSAP256SHA256"},
{ LDNS_ECDSAP384SHA384, "ECDSAP384SHA384"},
#endif
#ifdef USE_ED25519
{ LDNS_ED25519, "ED25519"},
#endif
#ifdef USE_ED448
{ LDNS_ED448, "ED448"},
#endif
{ LDNS_INDIRECT, "INDIRECT" },
{ LDNS_PRIVATEDNS, "PRIVATEDNS" },
@ -567,11 +573,7 @@ ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf)
ldns_status
ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf)
{
/* don't use algorithm mnemonics in the presentation format
this kind of got sneaked into the rfc's */
uint8_t data = ldns_rdf_data(rdf)[0];
ldns_buffer_printf(output, "%d", data);
return ldns_buffer_status(output);
return ldns_rdf2buffer_str_int8(output, rdf);
}
static void
@ -598,29 +600,28 @@ ldns_rr_type2buffer_str(ldns_buffer *output, const ldns_rr_type type)
descriptor = ldns_rr_descript(type);
if (descriptor && descriptor->_name) {
ldns_buffer_printf(output, "%s", descriptor->_name);
} else {
/* exceptions for pseudotypes */
switch (type) {
case LDNS_RR_TYPE_IXFR:
ldns_buffer_printf(output, "IXFR");
break;
case LDNS_RR_TYPE_AXFR:
ldns_buffer_printf(output, "AXFR");
break;
case LDNS_RR_TYPE_MAILA:
ldns_buffer_printf(output, "MAILA");
break;
case LDNS_RR_TYPE_MAILB:
ldns_buffer_printf(output, "MAILB");
break;
case LDNS_RR_TYPE_ANY:
ldns_buffer_printf(output, "ANY");
break;
default:
switch (type) {
case LDNS_RR_TYPE_IXFR:
ldns_buffer_printf(output, "IXFR");
break;
case LDNS_RR_TYPE_AXFR:
ldns_buffer_printf(output, "AXFR");
break;
case LDNS_RR_TYPE_MAILA:
ldns_buffer_printf(output, "MAILA");
break;
case LDNS_RR_TYPE_MAILB:
ldns_buffer_printf(output, "MAILB");
break;
case LDNS_RR_TYPE_ANY:
ldns_buffer_printf(output, "ANY");
break;
default:
if (descriptor && descriptor->_name) {
ldns_buffer_printf(output, "%s", descriptor->_name);
} else {
ldns_buffer_printf(output, "TYPE%u", type);
}
}
}
return ldns_buffer_status(output);
}
@ -820,7 +821,7 @@ ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf)
#endif
for (current_service = 0;
current_service < ldns_rdf_size(rdf) * 7; current_service++) {
current_service < (ldns_rdf_size(rdf)-1)*8; current_service++) {
if (ldns_get_bit(&(ldns_rdf_data(rdf)[1]), current_service)) {
service = getservbyport((int) htons(current_service),
proto_name);
@ -1133,7 +1134,7 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf)
public_key_size = ldns_rdf_size(rdf) - offset;
public_key_data = LDNS_XMALLOC(uint8_t, public_key_size);
if(!public_key_data) {
ldns_rdf_free(gateway);
ldns_rdf_deep_free(gateway);
return LDNS_STATUS_MEM_ERR;
}
memcpy(public_key_data, &data[offset], public_key_size);
@ -1141,7 +1142,7 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf)
public_key_size, public_key_data);
if(!public_key) {
LDNS_FREE(public_key_data);
ldns_rdf_free(gateway);
ldns_rdf_deep_free(gateway);
return LDNS_STATUS_MEM_ERR;
}
@ -1153,8 +1154,8 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf)
ldns_buffer_printf(output, " ");
(void) ldns_rdf2buffer_str(output, public_key);
ldns_rdf_free(gateway);
ldns_rdf_free(public_key);
ldns_rdf_deep_free(gateway);
ldns_rdf_deep_free(public_key);
return ldns_buffer_status(output);
}
@ -1217,7 +1218,7 @@ ldns_rdf2buffer_str_tag(ldns_buffer *output, const ldns_rdf *rdf)
chars = ldns_rdf_data(rdf) + 1;
while (nchars > 0) {
ch = (char)*chars++;
if (! isalnum(ch)) {
if (! isalnum((unsigned char)ch)) {
return LDNS_STATUS_WIRE_RDATA_ERR;
}
ldns_buffer_printf(output, "%c", ch);
@ -1294,7 +1295,11 @@ ldns_rdf2buffer_str_fmt(ldns_buffer *buffer,
case LDNS_RDF_TYPE_DNAME:
res = ldns_rdf2buffer_str_dname(buffer, rdf);
break;
case LDNS_RDF_TYPE_INT8:
case LDNS_RDF_TYPE_INT8: /* Don't output mnemonics for these */
case LDNS_RDF_TYPE_ALG:
case LDNS_RDF_TYPE_CERTIFICATE_USAGE:
case LDNS_RDF_TYPE_SELECTOR:
case LDNS_RDF_TYPE_MATCHING_TYPE:
res = ldns_rdf2buffer_str_int8(buffer, rdf);
break;
case LDNS_RDF_TYPE_INT16:
@ -1345,9 +1350,6 @@ ldns_rdf2buffer_str_fmt(ldns_buffer *buffer,
case LDNS_RDF_TYPE_CERT_ALG:
res = ldns_rdf2buffer_str_cert_alg(buffer, rdf);
break;
case LDNS_RDF_TYPE_ALG:
res = ldns_rdf2buffer_str_alg(buffer, rdf);
break;
case LDNS_RDF_TYPE_UNKNOWN:
res = ldns_rdf2buffer_str_unknown(buffer, rdf);
break;
@ -1927,19 +1929,42 @@ ldns_gost_key2buffer_str(ldns_buffer *output, EVP_PKEY *p)
}
#endif
/** print one b64 encoded bignum to a line in the keybuffer */
static int
ldns_print_bignum_b64_line(ldns_buffer* output, const char* label, const BIGNUM* num)
{
unsigned char *bignumbuf = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
if(!bignumbuf) return 0;
ldns_buffer_printf(output, "%s: ", label);
if(num) {
ldns_rdf *b64_bignum = NULL;
int i = BN_bn2bin(num, bignumbuf);
if (i > LDNS_MAX_KEYLEN) {
LDNS_FREE(bignumbuf);
return 0;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, (size_t)i, bignumbuf);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
LDNS_FREE(bignumbuf);
return 0;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
ldns_buffer_printf(output, "(Not available)\n");
}
LDNS_FREE(bignumbuf);
return 1;
}
ldns_status
ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
{
ldns_status status = LDNS_STATUS_OK;
unsigned char *bignum;
#ifdef HAVE_SSL
# ifndef S_SPLINT_S
uint16_t i;
# endif
/* not used when ssl is not defined */
/*@unused@*/
ldns_rdf *b64_bignum = NULL;
RSA *rsa;
DSA *dsa;
#endif /* HAVE_SSL */
@ -2009,132 +2034,43 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
/* print to buf, convert to bin, convert to b64,
* print to buf */
ldns_buffer_printf(output, "Modulus: ");
#ifndef S_SPLINT_S
i = (uint16_t)BN_bn2bin(rsa->n, bignum);
if (i > LDNS_MAX_KEYLEN) {
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
ldns_buffer_printf(output, "PublicExponent: ");
i = (uint16_t)BN_bn2bin(rsa->e, bignum);
if (i > LDNS_MAX_KEYLEN) {
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
ldns_buffer_printf(output, "PrivateExponent: ");
if (rsa->d) {
i = (uint16_t)BN_bn2bin(rsa->d, bignum);
if (i > LDNS_MAX_KEYLEN) {
if(1) {
const BIGNUM *n=NULL, *e=NULL, *d=NULL,
*p=NULL, *q=NULL, *dmp1=NULL,
*dmq1=NULL, *iqmp=NULL;
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
n = rsa->n;
e = rsa->e;
d = rsa->d;
p = rsa->p;
q = rsa->q;
dmp1 = rsa->dmp1;
dmq1 = rsa->dmq1;
iqmp = rsa->iqmp;
#else
RSA_get0_key(rsa, &n, &e, &d);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1,
&dmq1, &iqmp);
#endif
if(!ldns_print_bignum_b64_line(output, "Modulus", n))
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
if(!ldns_print_bignum_b64_line(output, "PublicExponent", e))
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
ldns_buffer_printf(output, "(Not available)\n");
}
ldns_buffer_printf(output, "Prime1: ");
if (rsa->p) {
i = (uint16_t)BN_bn2bin(rsa->p, bignum);
if (i > LDNS_MAX_KEYLEN) {
if(!ldns_print_bignum_b64_line(output, "PrivateExponent", d))
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
if(!ldns_print_bignum_b64_line(output, "Prime1", p))
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
ldns_buffer_printf(output, "(Not available)\n");
}
ldns_buffer_printf(output, "Prime2: ");
if (rsa->q) {
i = (uint16_t)BN_bn2bin(rsa->q, bignum);
if (i > LDNS_MAX_KEYLEN) {
if(!ldns_print_bignum_b64_line(output, "Prime2", q))
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
if(!ldns_print_bignum_b64_line(output, "Exponent1", dmp1))
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
ldns_buffer_printf(output, "(Not available)\n");
}
ldns_buffer_printf(output, "Exponent1: ");
if (rsa->dmp1) {
i = (uint16_t)BN_bn2bin(rsa->dmp1, bignum);
if (i > LDNS_MAX_KEYLEN) {
if(!ldns_print_bignum_b64_line(output, "Exponent2", dmq1))
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
if(!ldns_print_bignum_b64_line(output, "Coefficient", iqmp))
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
ldns_buffer_printf(output, "(Not available)\n");
}
ldns_buffer_printf(output, "Exponent2: ");
if (rsa->dmq1) {
i = (uint16_t)BN_bn2bin(rsa->dmq1, bignum);
if (i > LDNS_MAX_KEYLEN) {
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
ldns_buffer_printf(output, "(Not available)\n");
}
ldns_buffer_printf(output, "Coefficient: ");
if (rsa->iqmp) {
i = (uint16_t)BN_bn2bin(rsa->iqmp, bignum);
if (i > LDNS_MAX_KEYLEN) {
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
ldns_buffer_printf(output, "(Not available)\n");
}
#endif /* splint */
@ -2153,92 +2089,32 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
/* print to buf, convert to bin, convert to b64,
* print to buf */
ldns_buffer_printf(output, "Prime(p): ");
if(1) {
const BIGNUM *p=NULL, *q=NULL, *g=NULL,
*priv_key=NULL, *pub_key=NULL;
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#ifndef S_SPLINT_S
if (dsa->p) {
i = (uint16_t)BN_bn2bin(dsa->p, bignum);
if (i > LDNS_MAX_KEYLEN) {
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
printf("(Not available)\n");
}
ldns_buffer_printf(output, "Subprime(q): ");
if (dsa->q) {
i = (uint16_t)BN_bn2bin(dsa->q, bignum);
if (i > LDNS_MAX_KEYLEN) {
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
printf("(Not available)\n");
}
ldns_buffer_printf(output, "Base(g): ");
if (dsa->g) {
i = (uint16_t)BN_bn2bin(dsa->g, bignum);
if (i > LDNS_MAX_KEYLEN) {
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
printf("(Not available)\n");
}
ldns_buffer_printf(output, "Private_value(x): ");
if (dsa->priv_key) {
i = (uint16_t)BN_bn2bin(dsa->priv_key, bignum);
if (i > LDNS_MAX_KEYLEN) {
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
printf("(Not available)\n");
}
ldns_buffer_printf(output, "Public_value(y): ");
if (dsa->pub_key) {
i = (uint16_t)BN_bn2bin(dsa->pub_key, bignum);
if (i > LDNS_MAX_KEYLEN) {
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
} else {
printf("(Not available)\n");
}
p = dsa->p;
q = dsa->q;
g = dsa->g;
priv_key = dsa->priv_key;
pub_key = dsa->pub_key;
#endif /* splint */
#else
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub_key, &priv_key);
#endif
if(!ldns_print_bignum_b64_line(output, "Prime(p)", p))
goto error;
if(!ldns_print_bignum_b64_line(output, "Subprime(q)", q))
goto error;
if(!ldns_print_bignum_b64_line(output, "Base(g)", g))
goto error;
if(!ldns_print_bignum_b64_line(output, "Private_value(x)", priv_key))
goto error;
if(!ldns_print_bignum_b64_line(output, "Public_value(y)", pub_key))
goto error;
}
break;
case LDNS_SIGN_ECC_GOST:
/* no format defined, use blob */
@ -2267,18 +2143,8 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
if(k->_key.key) {
EC_KEY* ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
const BIGNUM* b = EC_KEY_get0_private_key(ec);
ldns_buffer_printf(output, "PrivateKey: ");
i = (uint16_t)BN_bn2bin(b, bignum);
if (i > LDNS_MAX_KEYLEN) {
goto error;
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
ldns_buffer_printf(output, "\n");
if(!ldns_print_bignum_b64_line(output, "PrivateKey", b))
goto error;
/* down reference count in EC_KEY
* its still assigned to the PKEY */
EC_KEY_free(ec);
@ -2288,6 +2154,42 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
goto error;
#endif /* ECDSA */
break;
#ifdef USE_ED25519
case LDNS_SIGN_ED25519:
ldns_buffer_printf(output, "Private-key-format: v1.2\n");
ldns_buffer_printf(output, "Algorithm: %d (", ldns_key_algorithm(k));
status=ldns_algorithm2buffer_str(output, (ldns_algorithm)ldns_key_algorithm(k));
ldns_buffer_printf(output, ")\n");
if(k->_key.key) {
EC_KEY* ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
const BIGNUM* b = EC_KEY_get0_private_key(ec);
if(!ldns_print_bignum_b64_line(output, "PrivateKey", b))
goto error;
/* down reference count in EC_KEY
* its still assigned to the PKEY */
EC_KEY_free(ec);
}
ldns_buffer_printf(output, "\n");
break;
#endif /* USE_ED25519 */
#ifdef USE_ED448
case LDNS_SIGN_ED448:
ldns_buffer_printf(output, "Private-key-format: v1.2\n");
ldns_buffer_printf(output, "Algorithm: %d (", ldns_key_algorithm(k));
status=ldns_algorithm2buffer_str(output, (ldns_algorithm)ldns_key_algorithm(k));
ldns_buffer_printf(output, ")\n");
if(k->_key.key) {
EC_KEY* ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
const BIGNUM* b = EC_KEY_get0_private_key(ec);
if(!ldns_print_bignum_b64_line(output, "PrivateKey", b))
goto error;
/* down reference count in EC_KEY
* its still assigned to the PKEY */
EC_KEY_free(ec);
}
ldns_buffer_printf(output, "\n");
break;
#endif /* USE_ED448 */
case LDNS_SIGN_HMACMD5:
/* there's not much of a format defined for TSIG */
/* It's just a binary blob, Same for all algorithms */
@ -2300,11 +2202,26 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
ldns_buffer_printf(output, "Algorithm: 158 (HMAC_SHA1)\n");
status = ldns_hmac_key2buffer_str(output, k);
break;
case LDNS_SIGN_HMACSHA224:
ldns_buffer_printf(output, "Private-key-format: v1.2\n");
ldns_buffer_printf(output, "Algorithm: 162 (HMAC_SHA224)\n");
status = ldns_hmac_key2buffer_str(output, k);
break;
case LDNS_SIGN_HMACSHA256:
ldns_buffer_printf(output, "Private-key-format: v1.2\n");
ldns_buffer_printf(output, "Algorithm: 159 (HMAC_SHA256)\n");
status = ldns_hmac_key2buffer_str(output, k);
break;
case LDNS_SIGN_HMACSHA384:
ldns_buffer_printf(output, "Private-key-format: v1.2\n");
ldns_buffer_printf(output, "Algorithm: 164 (HMAC_SHA384)\n");
status = ldns_hmac_key2buffer_str(output, k);
break;
case LDNS_SIGN_HMACSHA512:
ldns_buffer_printf(output, "Private-key-format: v1.2\n");
ldns_buffer_printf(output, "Algorithm: 165 (HMAC_SHA512)\n");
status = ldns_hmac_key2buffer_str(output, k);
break;
}
#endif /* HAVE_SSL */
} else {

162
contrib/ldns/host2wire.c
View File

@ -16,25 +16,100 @@
#include <ldns/ldns.h>
/* TODO Jelte
add a pointer to a 'possiblecompression' structure
to all the needed functions?
something like an array of name, pointer values?
every dname part could be added to it
*/
ldns_status
ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name)
{
if (ldns_buffer_reserve(buffer, ldns_rdf_size(name))) {
ldns_buffer_write(buffer, ldns_rdf_data(name), ldns_rdf_size(name));
return ldns_dname2buffer_wire_compress(buffer, name, NULL);
}
ldns_status
ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_rbtree_t *compression_data)
{
ldns_rbnode_t *node;
uint8_t *data;
size_t size;
ldns_rdf *label;
ldns_rdf *rest;
ldns_status s;
/* If no tree, just add the data */
if(!compression_data)
{
if (ldns_buffer_reserve(buffer, ldns_rdf_size(name)))
{
ldns_buffer_write(buffer, ldns_rdf_data(name), ldns_rdf_size(name));
}
return ldns_buffer_status(buffer);
}
/* No labels left, write final zero */
if(ldns_dname_label_count(name)==0)
{
if(ldns_buffer_reserve(buffer,1))
{
ldns_buffer_write_u8(buffer, 0);
}
return ldns_buffer_status(buffer);
}
/* Can we find the name in the tree? */
if((node = ldns_rbtree_search(compression_data, name)) != NULL)
{
/* Found */
uint16_t position = (uint16_t) (intptr_t) node->data | 0xC000;
if (ldns_buffer_reserve(buffer, 2))
{
ldns_buffer_write_u16(buffer, position);
}
return ldns_buffer_status(buffer);
}
else
{
/* Not found. Write cache entry, take off first label, write it, */
/* try again with the rest of the name. */
node = LDNS_MALLOC(ldns_rbnode_t);
if(!node)
{
return LDNS_STATUS_MEM_ERR;
}
if (ldns_buffer_position(buffer) < 16384) {
node->key = ldns_rdf_clone(name);
node->data = (void *) (intptr_t) ldns_buffer_position(buffer);
if(!ldns_rbtree_insert(compression_data,node))
{
/* fprintf(stderr,"Name not found but now it's there?\n"); */
}
}
label = ldns_dname_label(name, 0);
rest = ldns_dname_left_chop(name);
size = ldns_rdf_size(label) - 1; /* Don't want the final zero */
data = ldns_rdf_data(label);
if(ldns_buffer_reserve(buffer, size))
{
ldns_buffer_write(buffer, data, size);
}
ldns_rdf_deep_free(label);
s = ldns_dname2buffer_wire_compress(buffer, rest, compression_data);
ldns_rdf_deep_free(rest);
return s;
}
return ldns_buffer_status(buffer);
}
ldns_status
ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf)
{
return ldns_rdf2buffer_wire_compress(buffer, rdf, NULL);
}
ldns_status
ldns_rdf2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *rdf, ldns_rbtree_t *compression_data)
{
/* If it's a DNAME, call that function to get compression */
if(compression_data && ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME)
{
return ldns_dname2buffer_wire_compress(buffer,rdf,compression_data);
}
if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) {
ldns_buffer_write(buffer, ldns_rdf_data(rdf), ldns_rdf_size(rdf));
}
@ -157,12 +232,18 @@ ldns_rr2buffer_wire_canonical(ldns_buffer *buffer,
ldns_status
ldns_rr2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr, int section)
{
return ldns_rr2buffer_wire_compress(buffer,rr,section,NULL);
}
ldns_status
ldns_rr2buffer_wire_compress(ldns_buffer *buffer, const ldns_rr *rr, int section, ldns_rbtree_t *compression_data)
{
uint16_t i;
uint16_t rdl_pos = 0;
if (ldns_rr_owner(rr)) {
(void) ldns_dname2buffer_wire(buffer, ldns_rr_owner(rr));
(void) ldns_dname2buffer_wire_compress(buffer, ldns_rr_owner(rr), compression_data);
}
if (ldns_buffer_reserve(buffer, 4)) {
@ -177,9 +258,18 @@ ldns_rr2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr, int section)
rdl_pos = ldns_buffer_position(buffer);
ldns_buffer_write_u16(buffer, 0);
}
for (i = 0; i < ldns_rr_rd_count(rr); i++) {
(void) ldns_rdf2buffer_wire(
buffer, ldns_rr_rdf(rr, i));
if (LDNS_RR_COMPRESS ==
ldns_rr_descript(ldns_rr_get_type(rr))->_compress) {
for (i = 0; i < ldns_rr_rd_count(rr); i++) {
(void) ldns_rdf2buffer_wire_compress(buffer,
ldns_rr_rdf(rr, i), compression_data);
}
} else {
for (i = 0; i < ldns_rr_rd_count(rr); i++) {
(void) ldns_rdf2buffer_wire(
buffer, ldns_rr_rdf(rr, i));
}
}
if (rdl_pos != 0) {
ldns_buffer_write_u16_at(buffer, rdl_pos,
@ -214,6 +304,7 @@ ldns_status
ldns_rr_rdata2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr)
{
uint16_t i;
/* convert all the rdf's */
for (i = 0; i < ldns_rr_rd_count(rr); i++) {
(void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr,i));
@ -229,7 +320,7 @@ ldns_hdr2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
{
uint8_t flags;
uint16_t arcount;
if (ldns_buffer_reserve(buffer, 12)) {
ldns_buffer_write_u16(buffer, ldns_pkt_id(packet));
@ -263,44 +354,54 @@ ldns_hdr2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
return ldns_buffer_status(buffer);
}
static void
compression_node_free(ldns_rbnode_t *node, void *arg)
{
(void)arg; /* Yes, dear compiler, it is used */
ldns_rdf_deep_free((ldns_rdf *)node->key);
LDNS_FREE(node);
}
ldns_status
ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
{
ldns_rr_list *rr_list;
uint16_t i;
/* edns tmp vars */
ldns_rr *edns_rr;
uint8_t edata[4];
ldns_rbtree_t *compression_data = ldns_rbtree_create((int (*)(const void *, const void *))ldns_dname_compare);
(void) ldns_hdr2buffer_wire(buffer, packet);
rr_list = ldns_pkt_question(packet);
if (rr_list) {
for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
(void) ldns_rr2buffer_wire(buffer,
ldns_rr_list_rr(rr_list, i), LDNS_SECTION_QUESTION);
(void) ldns_rr2buffer_wire_compress(buffer,
ldns_rr_list_rr(rr_list, i), LDNS_SECTION_QUESTION, compression_data);
}
}
rr_list = ldns_pkt_answer(packet);
if (rr_list) {
for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
(void) ldns_rr2buffer_wire(buffer,
ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ANSWER);
(void) ldns_rr2buffer_wire_compress(buffer,
ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ANSWER, compression_data);
}
}
rr_list = ldns_pkt_authority(packet);
if (rr_list) {
for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
(void) ldns_rr2buffer_wire(buffer,
ldns_rr_list_rr(rr_list, i), LDNS_SECTION_AUTHORITY);
(void) ldns_rr2buffer_wire_compress(buffer,
ldns_rr_list_rr(rr_list, i), LDNS_SECTION_AUTHORITY, compression_data);
}
}
rr_list = ldns_pkt_additional(packet);
if (rr_list) {
for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
(void) ldns_rr2buffer_wire(buffer,
ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ADDITIONAL);
(void) ldns_rr2buffer_wire_compress(buffer,
ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ADDITIONAL, compression_data);
}
}
@ -319,7 +420,7 @@ ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
/* don't forget to add the edns rdata (if any) */
if (packet->_edns_data)
ldns_rr_push_rdf (edns_rr, packet->_edns_data);
(void)ldns_rr2buffer_wire(buffer, edns_rr, LDNS_SECTION_ADDITIONAL);
(void)ldns_rr2buffer_wire_compress(buffer, edns_rr, LDNS_SECTION_ADDITIONAL, compression_data);
/* take the edns rdata back out of the rr before we free rr */
if (packet->_edns_data)
(void)ldns_rr_pop_rdf (edns_rr);
@ -328,10 +429,13 @@ ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
/* add TSIG to additional if it is there */
if (ldns_pkt_tsig(packet)) {
(void) ldns_rr2buffer_wire(buffer,
ldns_pkt_tsig(packet), LDNS_SECTION_ADDITIONAL);
(void) ldns_rr2buffer_wire_compress(buffer,
ldns_pkt_tsig(packet), LDNS_SECTION_ADDITIONAL, compression_data);
}
ldns_traverse_postorder(compression_data,compression_node_free,NULL);
ldns_rbtree_free(compression_data);
return LDNS_STATUS_OK;
}

361
contrib/ldns/install-sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2011-11-20.07; # UTC
scriptversion=2014-09-12.12; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@ -41,19 +41,15 @@ scriptversion=2011-11-20.07; # UTC
# This script is compatible with the BSD install script, but was written
# from scratch.
tab=' '
nl='
'
IFS=" "" $nl"
IFS=" $tab$nl"
# set DOITPROG to echo to test this script
# Set DOITPROG to "echo" to test this script.
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
doit_exec=${doit:-exec}
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
@ -68,17 +64,6 @@ mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir=
# Desired mode of installed file.
@ -97,7 +82,7 @@ dir_arg=
dst_arg=
copy_on_change=false
no_target_directory=
is_target_a_directory=possibly
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
@ -137,46 +122,57 @@ while test $# -ne 0; do
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
case $mode in
*' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
shift;;
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-t)
is_target_a_directory=always
dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-T) no_target_directory=true;;
-T) is_target_a_directory=never;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
# We allow the use of options -d and -T together, by making -d
# take the precedence; this is for compatibility with GNU install.
if test -n "$dir_arg"; then
if test -n "$dst_arg"; then
echo "$0: target directory not allowed when installing a directory." >&2
exit 1
fi
fi
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
@ -207,6 +203,15 @@ if test $# -eq 0; then
exit 0
fi
if test -z "$dir_arg"; then
if test $# -gt 1 || test "$is_target_a_directory" = always; then
if test ! -d "$dst_arg"; then
echo "$0: $dst_arg: Is not a directory." >&2
exit 1
fi
fi
fi
if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
@ -223,16 +228,16 @@ if test -z "$dir_arg"; then
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
u_plus_rw=
else
u_plus_rw='% 200'
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
u_plus_rw=
else
u_plus_rw=,u+rw
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
@ -269,41 +274,15 @@ do
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test -n "$no_target_directory"; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
if test "$is_target_a_directory" = never; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
dstdir=`dirname "$dst"`
test -d "$dstdir"
dstdir_status=$?
fi
@ -314,74 +293,81 @@ do
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
# $RANDOM is not portable (e.g. dash); use it when possible to
# lower collision chance
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
# As "mkdir -p" follows symlinks and we work in /tmp possibly; so
# create the $tmpdir first (and fail if unsuccessful) to make sure
# that nobody tries to guess the $tmpdir name.
if (umask $mkdir_umask &&
$mkdirprog $mkdir_mode "$tmpdir" &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
test_tmpdir="$tmpdir/a"
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
@ -391,53 +377,51 @@ do
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
eval "$initialize_posix_glob"
oIFS=$IFS
IFS=/
$posix_glob set -f
set -f
set fnord $dstdir
shift
$posix_glob set +f
set +f
IFS=$oIFS
prefixes=
for d
do
test X"$d" = X && continue
test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
@ -472,15 +456,12 @@ do
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
$posix_glob set +f &&
set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
@ -493,24 +474,24 @@ do
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1

647
contrib/ldns/keys.c
View File

File diff suppressed because it is too large Load Diff

36
contrib/ldns/ldns/buffer.h
View File

@ -74,12 +74,12 @@ typedef struct ldns_struct_buffer ldns_buffer;
#ifdef NDEBUG
INLINE void
ldns_buffer_invariant(ldns_buffer *ATTR_UNUSED(buffer))
ldns_buffer_invariant(const ldns_buffer *ATTR_UNUSED(buffer))
{
}
#else
INLINE void
ldns_buffer_invariant(ldns_buffer *buffer)
ldns_buffer_invariant(const ldns_buffer *buffer)
{
assert(buffer != NULL);
assert(buffer->_position <= buffer->_limit);
@ -105,7 +105,7 @@ ldns_buffer *ldns_buffer_new(size_t capacity);
* \param[in] data the data to encapsulate in the buffer
* \param[in] size the size of the data
*/
void ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size);
void ldns_buffer_new_frm_data(ldns_buffer *buffer, const void *data, size_t size);
/**
* clears the buffer and make it ready for writing. The buffer's limit
@ -156,7 +156,7 @@ INLINE void ldns_buffer_rewind(ldns_buffer *buffer)
* \return the current position
*/
INLINE size_t
ldns_buffer_position(ldns_buffer *buffer)
ldns_buffer_position(const ldns_buffer *buffer)
{
return buffer->_position;
}
@ -194,7 +194,7 @@ ldns_buffer_skip(ldns_buffer *buffer, ssize_t count)
* \return the size
*/
INLINE size_t
ldns_buffer_limit(ldns_buffer *buffer)
ldns_buffer_limit(const ldns_buffer *buffer)
{
return buffer->_limit;
}
@ -220,7 +220,7 @@ ldns_buffer_set_limit(ldns_buffer *buffer, size_t limit)
* \return the number of bytes
*/
INLINE size_t
ldns_buffer_capacity(ldns_buffer *buffer)
ldns_buffer_capacity(const ldns_buffer *buffer)
{
return buffer->_capacity;
}
@ -279,7 +279,7 @@ ldns_buffer_begin(const ldns_buffer *buffer)
* \return the pointer
*/
INLINE uint8_t *
ldns_buffer_end(ldns_buffer *buffer)
ldns_buffer_end(const ldns_buffer *buffer)
{
return ldns_buffer_at(buffer, buffer->_limit);
}
@ -290,7 +290,7 @@ ldns_buffer_end(ldns_buffer *buffer)
* \return the pointer
*/
INLINE uint8_t *
ldns_buffer_current(ldns_buffer *buffer)
ldns_buffer_current(const ldns_buffer *buffer)
{
return ldns_buffer_at(buffer, buffer->_position);
}
@ -303,7 +303,7 @@ ldns_buffer_current(ldns_buffer *buffer)
* \return number of bytes
*/
INLINE size_t
ldns_buffer_remaining_at(ldns_buffer *buffer, size_t at)
ldns_buffer_remaining_at(const ldns_buffer *buffer, size_t at)
{
ldns_buffer_invariant(buffer);
assert(at <= buffer->_limit);
@ -317,7 +317,7 @@ ldns_buffer_remaining_at(ldns_buffer *buffer, size_t at)
* \return the number of bytes
*/
INLINE size_t
ldns_buffer_remaining(ldns_buffer *buffer)
ldns_buffer_remaining(const ldns_buffer *buffer)
{
return ldns_buffer_remaining_at(buffer, buffer->_position);
}
@ -332,7 +332,7 @@ ldns_buffer_remaining(ldns_buffer *buffer)
* \return true or false (as int?)
*/
INLINE int
ldns_buffer_available_at(ldns_buffer *buffer, size_t at, size_t count)
ldns_buffer_available_at(const ldns_buffer *buffer, size_t at, size_t count)
{
return count <= ldns_buffer_remaining_at(buffer, at);
}
@ -344,7 +344,7 @@ ldns_buffer_available_at(ldns_buffer *buffer, size_t at, size_t count)
* \return true or false (as int?)
*/
INLINE int
ldns_buffer_available(ldns_buffer *buffer, size_t count)
ldns_buffer_available(const ldns_buffer *buffer, size_t count)
{
return ldns_buffer_available_at(buffer, buffer->_position, count);
}
@ -367,7 +367,7 @@ ldns_buffer_write_at(ldns_buffer *buffer, size_t at, const void *data, size_t co
* writes count bytes of data to the current position of the buffer
* \param[in] buffer the buffer
* \param[in] data the data to write
* \param[in] count the lenght of the data to write
* \param[in] count the length of the data to write
*/
INLINE void
ldns_buffer_write(ldns_buffer *buffer, const void *data, size_t count)
@ -482,7 +482,7 @@ ldns_buffer_write_u32(ldns_buffer *buffer, uint32_t data)
* \param[in] count the length of the data to copy
*/
INLINE void
ldns_buffer_read_at(ldns_buffer *buffer, size_t at, void *data, size_t count)
ldns_buffer_read_at(const ldns_buffer *buffer, size_t at, void *data, size_t count)
{
assert(ldns_buffer_available_at(buffer, at, count));
memcpy(data, buffer->_data + at, count);
@ -508,7 +508,7 @@ ldns_buffer_read(ldns_buffer *buffer, void *data, size_t count)
* \return 1 byte integer
*/
INLINE uint8_t
ldns_buffer_read_u8_at(ldns_buffer *buffer, size_t at)
ldns_buffer_read_u8_at(const ldns_buffer *buffer, size_t at)
{
assert(ldns_buffer_available_at(buffer, at, sizeof(uint8_t)));
return buffer->_data[at];
@ -585,7 +585,7 @@ ldns_buffer_read_u32(ldns_buffer *buffer)
* \return the status
*/
INLINE ldns_status
ldns_buffer_status(ldns_buffer *buffer)
ldns_buffer_status(const ldns_buffer *buffer)
{
return buffer->_status;
}
@ -596,7 +596,7 @@ ldns_buffer_status(ldns_buffer *buffer)
* \return true or false
*/
INLINE bool
ldns_buffer_status_ok(ldns_buffer *buffer)
ldns_buffer_status_ok(const ldns_buffer *buffer)
{
if (buffer) {
return ldns_buffer_status(buffer) == LDNS_STATUS_OK;
@ -636,7 +636,7 @@ void *ldns_buffer_export(ldns_buffer *buffer);
* \param[out] *result resulting buffer which is copied to.
* \param[in] *from what to copy to result.
*/
void ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from);
void ldns_buffer_copy(ldns_buffer* result, const ldns_buffer* from);
#ifdef __cplusplus
}

24
contrib/ldns/ldns/common.h
View File

@ -37,20 +37,22 @@
*/
/*@ignore@*/
/* splint barfs on this construct */
#ifdef HAVE_STDBOOL_H
# include <stdbool.h>
#else
# ifndef HAVE__BOOL
# ifdef __cplusplus
#ifndef __bool_true_false_are_defined
# ifdef HAVE_STDBOOL_H
# include <stdbool.h>
# else
# ifndef HAVE__BOOL
# ifdef __cplusplus
typedef bool _Bool;
# else
# define _Bool signed char
# else
# define _Bool signed char
# endif
# endif
# define bool _Bool
# define false 0
# define true 1
# define __bool_true_false_are_defined 1
# endif
# define bool _Bool
# define false 0
# define true 1
# define __bool_true_false_are_defined 1
#endif
/*@end@*/

24
contrib/ldns/ldns/common.h.in
View File

@ -37,20 +37,22 @@
*/
/*@ignore@*/
/* splint barfs on this construct */
#ifdef HAVE_STDBOOL_H
# include <stdbool.h>
#else
# ifndef HAVE__BOOL
# ifdef __cplusplus
#ifndef __bool_true_false_are_defined
# ifdef HAVE_STDBOOL_H
# include <stdbool.h>
# else
# ifndef HAVE__BOOL
# ifdef __cplusplus
typedef bool _Bool;
# else
# define _Bool signed char
# else
# define _Bool signed char
# endif
# endif
# define bool _Bool
# define false 0
# define true 1
# define __bool_true_false_are_defined 1
# endif
# define bool _Bool
# define false 0
# define true 1
# define __bool_true_false_are_defined 1
#endif
/*@end@*/

101
contrib/ldns/ldns/config.h
View File

@ -44,6 +44,14 @@
don't. */
#define HAVE_DECL_NID_SECP384R1 1
/* Define to 1 if you have the declaration of `NID_X25519', and to 0 if you
don't. */
/* #undef HAVE_DECL_NID_X25519 */
/* Define to 1 if you have the declaration of `NID_X448', and to 0 if you
don't. */
/* #undef HAVE_DECL_NID_X448 */
/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0
if you don't. */
#define HAVE_DECL_NID_X9_62_PRIME256V1 1
@ -51,15 +59,51 @@
/* Define to 1 if you have the <dlfcn.h> header file. */
#define HAVE_DLFCN_H 1
/* Define to 1 if you have the `DSA_get0_key' function. */
/* #undef HAVE_DSA_GET0_KEY */
/* Define to 1 if you have the `DSA_get0_pqg' function. */
/* #undef HAVE_DSA_GET0_PQG */
/* Define to 1 if you have the `DSA_SIG_get0' function. */
/* #undef HAVE_DSA_SIG_GET0 */
/* Define to 1 if you have the `DSA_SIG_set0' function. */
/* #undef HAVE_DSA_SIG_SET0 */
/* Define to 1 if you have the `ECDSA_SIG_get0' function. */
/* #undef HAVE_ECDSA_SIG_GET0 */
/* Define to 1 if you have the `endprotoent' function. */
#define HAVE_ENDPROTOENT 1
/* Define to 1 if you have the `endservent' function. */
#define HAVE_ENDSERVENT 1
/* Define to 1 if you have the `ENGINE_load_cryptodev' function. */
#define HAVE_ENGINE_LOAD_CRYPTODEV 1
/* Define to 1 if you have the `EVP_dss1' function. */
#define HAVE_EVP_DSS1 1
/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
/* #undef HAVE_EVP_MD_CTX_NEW */
/* Define to 1 if you have the `EVP_PKEY_base_id' function. */
#define HAVE_EVP_PKEY_BASE_ID 1
/* Define to 1 if you have the `EVP_PKEY_keygen' function. */
#define HAVE_EVP_PKEY_KEYGEN 1
/* Define to 1 if you have the `EVP_sha256' function. */
#define HAVE_EVP_SHA256 1
/* Define to 1 if you have the `EVP_sha384' function. */
#define HAVE_EVP_SHA384 1
/* Define to 1 if you have the `EVP_sha512' function. */
#define HAVE_EVP_SHA512 1
/* Define to 1 if you have the `fcntl' function. */
#define HAVE_FCNTL 1
@ -75,8 +119,8 @@
/* Define to 1 if you have the `gmtime_r' function. */
#define HAVE_GMTIME_R 1
/* If you have HMAC_CTX_init */
#define HAVE_HMAC_CTX_INIT 1
/* If you have HMAC_Update */
#define HAVE_HMAC_UPDATE 1
/* Define to 1 if you have the `inet_aton' function. */
#define HAVE_INET_ATON 1
@ -102,6 +146,9 @@
/* Define to 1 if you have the `pcap' library (-lpcap). */
/* #undef HAVE_LIBPCAP */
/* Define if we have LibreSSL */
/* #undef HAVE_LIBRESSL */
/* Define to 1 if you have the `localtime_r' function. */
#define HAVE_LOCALTIME_R 1
@ -163,6 +210,9 @@
/* Define to 1 if you have the <pcap.h> header file. */
/* #undef HAVE_PCAP_H */
/* This platform supports poll(7). */
#define HAVE_POLL 1
/* If available, contains the Python version number currently in use. */
/* #undef HAVE_PYTHON */
@ -260,11 +310,7 @@
/* Is a CAPATH given at configure time */
/* #undef LDNS_DANE_CA_PATH */
/* Default trust anchor file */
#define LDNS_TRUST_ANCHOR_FILE "/etc/unbound/root.key"
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#define LT_OBJDIR ".libs/"
/* Define to the address where bug reports for this package should be sent. */
@ -274,7 +320,7 @@
#define PACKAGE_NAME "ldns"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "ldns 1.6.17"
#define PACKAGE_STRING "ldns 1.7.0"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "libdns"
@ -283,23 +329,23 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
#define PACKAGE_VERSION "1.6.17"
#define PACKAGE_VERSION "1.7.0"
/* Define this to enable RR type CDS. */
/* #undef RRTYPE_CDS */
/* Define this to enable RR type AVC. */
/* #undef RRTYPE_AVC */
/* Define this to enable RR type NINFO. */
/* #undef RRTYPE_NINFO */
/* Define this to enable RR type OPENPGPKEY. */
#define RRTYPE_OPENPGPKEY /**/
/* Define this to enable RR type RKEY. */
/* #undef RRTYPE_RKEY */
/* Define this to enable RR type TA. */
/* #undef RRTYPE_TA */
/* Define this to enable RR type URI. */
/* #undef RRTYPE_URI */
/* The size of `time_t', as computed by sizeof. */
#define SIZEOF_TIME_T 8
@ -315,9 +361,24 @@
/* Define this to enable DANE support. */
#define USE_DANE 1
/* Define this to enable DANE-TA usage type support. */
/* #undef USE_DANE_TA_USAGE */
/* Define this to enable DANE verify support. */
#define USE_DANE_VERIFY 1
/* Define this to enable DSA support. */
#define USE_DSA 1
/* Define this to enable ECDSA support. */
#define USE_ECDSA 1
/* Define this to enable ED25519 support. */
/* #undef USE_ED25519 */
/* Define this to enable ED448 support. */
/* #undef USE_ED448 */
/* Define this to enable GOST support. */
#define USE_GOST 1
@ -367,6 +428,9 @@
/* Define to 1 if on MINIX. */
/* #undef _MINIX */
/* Enable for compile on Minix */
/* #undef _NETBSD_SOURCE */
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
/* #undef _POSIX_1_SOURCE */
@ -578,6 +642,15 @@ void *memmove(void *dest, const void *src, size_t n);
#ifndef HAVE_STRLCPY
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
#ifdef USE_WINSOCK
#define SOCK_INVALID INVALID_SOCKET
#define close_socket(_s) do { if (_s > SOCK_INVALID) {closesocket(_s); _s = SOCK_INVALID;} } while(0)
#else
#define SOCK_INVALID -1
#define close_socket(_s) do { if (_s > SOCK_INVALID) {close(_s); _s = SOCK_INVALID;} } while(0)
#endif
#ifdef __cplusplus
}
#endif

97
contrib/ldns/ldns/config.h.in
View File

@ -43,6 +43,14 @@
don't. */
#undef HAVE_DECL_NID_SECP384R1
/* Define to 1 if you have the declaration of `NID_X25519', and to 0 if you
don't. */
#undef HAVE_DECL_NID_X25519
/* Define to 1 if you have the declaration of `NID_X448', and to 0 if you
don't. */
#undef HAVE_DECL_NID_X448
/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0
if you don't. */
#undef HAVE_DECL_NID_X9_62_PRIME256V1
@ -50,15 +58,51 @@
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
/* Define to 1 if you have the `DSA_get0_key' function. */
#undef HAVE_DSA_GET0_KEY
/* Define to 1 if you have the `DSA_get0_pqg' function. */
#undef HAVE_DSA_GET0_PQG
/* Define to 1 if you have the `DSA_SIG_get0' function. */
#undef HAVE_DSA_SIG_GET0
/* Define to 1 if you have the `DSA_SIG_set0' function. */
#undef HAVE_DSA_SIG_SET0
/* Define to 1 if you have the `ECDSA_SIG_get0' function. */
#undef HAVE_ECDSA_SIG_GET0
/* Define to 1 if you have the `endprotoent' function. */
#undef HAVE_ENDPROTOENT
/* Define to 1 if you have the `endservent' function. */
#undef HAVE_ENDSERVENT
/* Define to 1 if you have the `ENGINE_load_cryptodev' function. */
#undef HAVE_ENGINE_LOAD_CRYPTODEV
/* Define to 1 if you have the `EVP_dss1' function. */
#undef HAVE_EVP_DSS1
/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
#undef HAVE_EVP_MD_CTX_NEW
/* Define to 1 if you have the `EVP_PKEY_base_id' function. */
#undef HAVE_EVP_PKEY_BASE_ID
/* Define to 1 if you have the `EVP_PKEY_keygen' function. */
#undef HAVE_EVP_PKEY_KEYGEN
/* Define to 1 if you have the `EVP_sha256' function. */
#undef HAVE_EVP_SHA256
/* Define to 1 if you have the `EVP_sha384' function. */
#undef HAVE_EVP_SHA384
/* Define to 1 if you have the `EVP_sha512' function. */
#undef HAVE_EVP_SHA512
/* Define to 1 if you have the `fcntl' function. */
#undef HAVE_FCNTL
@ -74,8 +118,8 @@
/* Define to 1 if you have the `gmtime_r' function. */
#undef HAVE_GMTIME_R
/* If you have HMAC_CTX_init */
#undef HAVE_HMAC_CTX_INIT
/* If you have HMAC_Update */
#undef HAVE_HMAC_UPDATE
/* Define to 1 if you have the `inet_aton' function. */
#undef HAVE_INET_ATON
@ -101,6 +145,9 @@
/* Define to 1 if you have the `pcap' library (-lpcap). */
#undef HAVE_LIBPCAP
/* Define if we have LibreSSL */
#undef HAVE_LIBRESSL
/* Define to 1 if you have the `localtime_r' function. */
#undef HAVE_LOCALTIME_R
@ -162,6 +209,9 @@
/* Define to 1 if you have the <pcap.h> header file. */
#undef HAVE_PCAP_H
/* This platform supports poll(7). */
#undef HAVE_POLL
/* If available, contains the Python version number currently in use. */
#undef HAVE_PYTHON
@ -259,11 +309,7 @@
/* Is a CAPATH given at configure time */
#undef LDNS_DANE_CA_PATH
/* Default trust anchor file */
#undef LDNS_TRUST_ANCHOR_FILE
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
/* Define to the address where bug reports for this package should be sent. */
@ -284,21 +330,21 @@
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define this to enable RR type CDS. */
#undef RRTYPE_CDS
/* Define this to enable RR type AVC. */
#undef RRTYPE_AVC
/* Define this to enable RR type NINFO. */
#undef RRTYPE_NINFO
/* Define this to enable RR type OPENPGPKEY. */
#undef RRTYPE_OPENPGPKEY
/* Define this to enable RR type RKEY. */
#undef RRTYPE_RKEY
/* Define this to enable RR type TA. */
#undef RRTYPE_TA
/* Define this to enable RR type URI. */
#undef RRTYPE_URI
/* The size of `time_t', as computed by sizeof. */
#undef SIZEOF_TIME_T
@ -314,9 +360,24 @@
/* Define this to enable DANE support. */
#undef USE_DANE
/* Define this to enable DANE-TA usage type support. */
#undef USE_DANE_TA_USAGE
/* Define this to enable DANE verify support. */
#undef USE_DANE_VERIFY
/* Define this to enable DSA support. */
#undef USE_DSA
/* Define this to enable ECDSA support. */
#undef USE_ECDSA
/* Define this to enable ED25519 support. */
#undef USE_ED25519
/* Define this to enable ED448 support. */
#undef USE_ED448
/* Define this to enable GOST support. */
#undef USE_GOST
@ -366,6 +427,9 @@
/* Define to 1 if on MINIX. */
#undef _MINIX
/* Enable for compile on Minix */
#undef _NETBSD_SOURCE
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
#undef _POSIX_1_SOURCE
@ -577,6 +641,15 @@ void *memmove(void *dest, const void *src, size_t n);
#ifndef HAVE_STRLCPY
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
#ifdef USE_WINSOCK
#define SOCK_INVALID INVALID_SOCKET
#define close_socket(_s) do { if (_s > SOCK_INVALID) {closesocket(_s); _s = SOCK_INVALID;} } while(0)
#else
#define SOCK_INVALID -1
#define close_socket(_s) do { if (_s > SOCK_INVALID) {close(_s); _s = SOCK_INVALID;} } while(0)
#endif
#ifdef __cplusplus
}
#endif

74
contrib/ldns/ldns/dane.h
View File

@ -22,7 +22,6 @@
#ifndef LDNS_DANE_H
#define LDNS_DANE_H
#if LDNS_BUILD_CONFIG_USE_DANE
#include <ldns/common.h>
#include <ldns/rdata.h>
@ -42,13 +41,19 @@ extern "C" {
enum ldns_enum_tlsa_certificate_usage
{
/** CA constraint */
LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
LDNS_TLSA_USAGE_PKIX_TA = 0,
LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
/** Sevice certificate constraint */
LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
LDNS_TLSA_USAGE_PKIX_EE = 1,
LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
/** Trust anchor assertion */
LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2,
LDNS_TLSA_USAGE_DANE_TA = 2,
LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2,
/** Domain issued certificate */
LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3
LDNS_TLSA_USAGE_DANE_EE = 3,
LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3,
/** Reserved for Private Use */
LDNS_TLSA_USAGE_PRIVCERT = 255
};
typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage;
@ -61,13 +66,18 @@ enum ldns_enum_tlsa_selector
* Full certificate: the Certificate binary structure
* as defined in [RFC5280]
*/
LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0,
LDNS_TLSA_SELECTOR_CERT = 0,
LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0,
/**
* SubjectPublicKeyInfo: DER-encoded binary structure
* as defined in [RFC5280]
*/
LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1
LDNS_TLSA_SELECTOR_SPKI = 1,
LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1,
/** Reserved for Private Use */
LDNS_TLSA_SELECTOR_PRIVSEL = 255
};
typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
@ -77,11 +87,16 @@ typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
enum ldns_enum_tlsa_matching_type
{
/** Exact match on selected content */
LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0,
LDNS_TLSA_MATCHING_TYPE_FULL = 0,
LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0,
/** SHA-256 hash of selected content [RFC6234] */
LDNS_TLSA_MATCHING_TYPE_SHA256 = 1,
LDNS_TLSA_MATCHING_TYPE_SHA2_256 = 1,
LDNS_TLSA_MATCHING_TYPE_SHA256 = 1,
/** SHA-512 hash of selected content [RFC6234] */
LDNS_TLSA_MATCHING_TYPE_SHA512 = 2
LDNS_TLSA_MATCHING_TYPE_SHA2_512 = 2,
LDNS_TLSA_MATCHING_TYPE_SHA512 = 2,
/** Reserved for Private Use */
LDNS_TLSA_MATCHING_TYPE_PRIVMATCH = 255
};
typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type;
@ -100,6 +115,7 @@ enum ldns_enum_dane_transport
typedef enum ldns_enum_dane_transport ldns_dane_transport;
#if LDNS_BUILD_CONFIG_USE_DANE
/**
* Creates a dname consisting of the given name, prefixed by the service port
* and type of transport: _<EM>port</EM>._<EM>transport</EM>.<EM>name</EM>.
@ -107,7 +123,7 @@ typedef enum ldns_enum_dane_transport ldns_dane_transport;
* \param[out] tlsa_owner The created dname.
* \param[in] name The dname that should be prefixed.
* \param[in] port The service port number for wich the name should be created.
* \param[in] transport The transport for wich the name should be created.
* \param[in] transport The transport for which the name should be created.
* \return LDNS_STATUS_OK on success or an error code otherwise.
*/
ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
@ -117,7 +133,7 @@ ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
#if LDNS_BUILD_CONFIG_HAVE_SSL
/**
* Creates a LDNS_RDF_TYPE_HEX type rdf based on the binary data choosen by
* Creates a LDNS_RDF_TYPE_HEX type rdf based on the binary data chosen by
* the selector and encoded using matching_type.
*
* \param[out] rdf The created created rdf of type LDNS_RDF_TYPE_HEX.
@ -146,7 +162,7 @@ ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
* "CA constraint" or "Service Certificate Constraint" to
* validate the certificate and, in case of "CA constraint",
* select the CA.
* When pkix_validation_store is NULL, validation is explicitely
* When pkix_validation_store is NULL, validation is explicitly
* turned off and the behaviour is then the same as for "Trust
* anchor assertion" and "Domain issued certificate" respectively.
* \param[in] cert_usage Which certificate to use and how to validate.
@ -185,6 +201,15 @@ ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
X509* cert);
/**
* BEWARE! We strongly recommend to use OpenSSL 1.1.0 dane verification
* functions instead of the ones provided by ldns. When OpenSSL 1.1.0 was
* available ldns will use the OpenSSL 1.1.0 dane verification functions
* under the hood. When ldns was linked with OpenSSL < 1.1.0, this function
* will not be able to verify TLSA records with DANE-TA usage types.
*
* BEWARE! The ldns dane verification functions do *not* do server name
* checks. The user has to perform additional server name checks themselves!
*
* Verify if the given TLSA resource record matches the given certificate.
* Reporting on a TLSA rr mismatch (LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH)
* is preferred over PKIX failure (LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE).
@ -192,6 +217,11 @@ ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
* but the TLSA data does not match, LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
* is returned whether the PKIX validated or not.
*
* When ldns is linked with OpenSSL < 1.1.0 and this function is available,
* then the DANE-TA usage type will not be verified, and on a tlsa_rr with
* this usage type,
* LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA will be returned.
*
* \param[in] tlsa_rr The resource record that specifies what and how to
* match the certificate. With tlsa_rr == NULL, regular PKIX
* validation is performed.
@ -203,6 +233,8 @@ ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
* validate the certificate.
*
* \return LDNS_STATUS_OK on success,
* LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA when the
* provided TLSA had the DANE-TA usage type,
* LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH on TLSA data mismatch,
* LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when TLSA matched,
* but the PKIX validation failed, or other ldns_status errors.
@ -212,6 +244,15 @@ ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
X509_STORE* pkix_validation_store);
/**
* BEWARE! We strongly recommend to use OpenSSL 1.1.0 dane verification
* functions instead of the ones provided by ldns. When OpenSSL 1.1.0 was
* available ldns will use the OpenSSL 1.1.0 dane verification functions
* under the hood. When ldns was linked with OpenSSL < 1.1.0, this function
* will not be able to verify TLSA records with DANE-TA usage types.
*
* BEWARE! The ldns dane verification functions do *not* do server name
* checks. The user has to perform additional server name checks themselves!
*
* Verify if any of the given TLSA resource records matches the given
* certificate.
*
@ -227,20 +268,23 @@ ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
* validate the certificate.
*
* \return LDNS_STATUS_OK on success,
* LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA when at least one
* of the TLSA's had usage type DANE-TA and none of the TLSA's matched
* or PKIX validated,
* LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when one of the TLSA's
* matched but the PKIX validation failed,
* LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH when none of the TLSA's matched,
* or other ldns_status errors.
*/
ldns_status ldns_dane_verify(ldns_rr_list* tlsas,
ldns_status ldns_dane_verify(const ldns_rr_list* tlsas,
X509* cert, STACK_OF(X509)* extra_certs,
X509_STORE* pkix_validation_store);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
#endif /* LDNS_BUILD_CONFIG_USE_DANE */
#ifdef __cplusplus
}
#endif
#endif /* LDNS_BUILD_CONFIG_USE_DANE */
#endif /* LDNS_DANE_H */

7
contrib/ldns/ldns/dname.h
View File

@ -62,7 +62,7 @@ ldns_rdf *ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2);
* \param[in] rd2 the rightside
* \return LDNS_STATUS_OK on success
*/
ldns_status ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2);
ldns_status ldns_dname_cat(ldns_rdf *rd1, const ldns_rdf *rd2);
/**
* Returns a clone of the given dname with the labels
@ -108,7 +108,8 @@ uint8_t ldns_dname_label_count(const ldns_rdf *r);
ldns_rdf *ldns_dname_new_frm_str(const char *str);
/**
* Create a new dname rdf from a string
* Create a new dname rdf from a string. The data pointer
* is stored in the rdf, not a copy of the data
* \param[in] s the size of the new dname
* \param[in] *data pointer to the actual data
*
@ -165,7 +166,7 @@ int ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard);
/**
* check if middle lays in the interval defined by prev and next
* prev <= middle < next. This is usefull for nsec checking
* prev <= middle < next. This is useful for nsec checking
* \param[in] prev the previous dname
* \param[in] middle the dname to check
* \param[in] next the next dname

132
contrib/ldns/ldns/dnssec.h
View File

@ -81,7 +81,7 @@ ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_li
* \param[in] nsec The nsec to get the covered type bitmap of
* \return An ldns_rdf containing the bitmap, or NULL on error
*/
ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec);
ldns_rdf *ldns_nsec_get_bitmap(const ldns_rr *nsec);
#define LDNS_NSEC3_MAX_ITERATIONS 65535
@ -90,9 +90,9 @@ ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec);
* Returns the dname of the closest (provable) encloser
*/
ldns_rdf *
ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
ldns_dnssec_nsec3_closest_encloser(const ldns_rdf *qname,
ldns_rr_type qtype,
ldns_rr_list *nsec3s);
const ldns_rr_list *nsec3s);
/**
* Checks whether the packet contains rrsigs
@ -104,7 +104,7 @@ ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt);
* Returns a ldns_rr_list containing the signatures covering the given name
* and type
*/
ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type);
ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, const ldns_rdf *name, ldns_rr_type type);
/**
* Returns a ldns_rr_list containing the signatures covering the given type
@ -125,7 +125,7 @@ uint16_t ldns_calc_keytag(const ldns_rr *key);
* \param[in] keysize length of key data.
* \return the keytag
*/
uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize);
uint16_t ldns_calc_keytag_raw(const uint8_t* key, size_t keysize);
#if LDNS_BUILD_CONFIG_HAVE_SSL
/**
@ -134,14 +134,14 @@ uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize);
* \param[in] key the key to convert
* \return a DSA * structure with the key material
*/
DSA *ldns_key_buf2dsa(ldns_buffer *key);
DSA *ldns_key_buf2dsa(const ldns_buffer *key);
/**
* Like ldns_key_buf2dsa, but uses raw buffer.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return a DSA * structure with the key material
*/
DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len);
DSA *ldns_key_buf2dsa_raw(const unsigned char* key, size_t len);
/**
* Utility function to calculate hash using generic EVP_MD pointer.
@ -151,7 +151,7 @@ DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len);
* \param[in] md the message digest to use.
* \return true if worked, false on failure.
*/
int ldns_digest_evp(unsigned char* data, unsigned int len,
int ldns_digest_evp(const unsigned char* data, unsigned int len,
unsigned char* dest, const EVP_MD* md);
/**
@ -161,7 +161,7 @@ int ldns_digest_evp(unsigned char* data, unsigned int len,
* \param[in] keylen length of the key data
* \return the key or NULL on error.
*/
EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen);
EVP_PKEY* ldns_gost2pkey_raw(const unsigned char* key, size_t keylen);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
@ -171,7 +171,25 @@ EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen);
* \param[in] algo precise algorithm to initialize ECC group values.
* \return the key or NULL on error.
*/
EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
EVP_PKEY* ldns_ecdsa2pkey_raw(const unsigned char* key, size_t keylen, uint8_t algo);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
* Only available if ldns was compiled with ED25519.
* \param[in] key data to convert
* \param[in] keylen length of the key data
* \return the key or NULL on error.
*/
EVP_PKEY* ldns_ed255192pkey_raw(const unsigned char* key, size_t keylen);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
* Only available if ldns was compiled with ED448.
* \param[in] key data to convert
* \param[in] keylen length of the key data
* \return the key or NULL on error.
*/
EVP_PKEY* ldns_ed4482pkey_raw(const unsigned char* key, size_t keylen);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
@ -182,7 +200,7 @@ EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
* \param[in] key the key to convert
* \return a RSA * structure with the key material
*/
RSA *ldns_key_buf2rsa(ldns_buffer *key);
RSA *ldns_key_buf2rsa(const ldns_buffer *key);
/**
* Like ldns_key_buf2rsa, but uses raw buffer.
@ -190,7 +208,7 @@ RSA *ldns_key_buf2rsa(ldns_buffer *key);
* \param[in] len length of key data
* \return a RSA * structure with the key material
*/
RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len);
RSA *ldns_key_buf2rsa_raw(const unsigned char* key, size_t len);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
/**
@ -219,14 +237,14 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
* \return int 1 if the type was found, 0 otherwise.
*/
int
ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type);
ldns_dnssec_rrsets_contains_type(const ldns_dnssec_rrsets *rrsets, ldns_rr_type type);
/**
* Creates NSEC
*/
ldns_rr *
ldns_dnssec_create_nsec(ldns_dnssec_name *from,
ldns_dnssec_name *to,
ldns_dnssec_create_nsec(const ldns_dnssec_name *from,
const ldns_dnssec_name *to,
ldns_rr_type nsec_type);
@ -234,14 +252,14 @@ ldns_dnssec_create_nsec(ldns_dnssec_name *from,
* Creates NSEC3
*/
ldns_rr *
ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
ldns_dnssec_name *to,
ldns_rdf *zone_name,
ldns_dnssec_create_nsec3(const ldns_dnssec_name *from,
const ldns_dnssec_name *to,
const ldns_rdf *zone_name,
uint8_t algorithm,
uint8_t flags,
uint16_t iterations,
uint8_t salt_length,
uint8_t *salt);
const uint8_t *salt);
/**
* Create a NSEC record
@ -261,7 +279,7 @@ ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_li
* \param[in] salt The salt to use
* \return The hashed owner name rdf, without the domain name
*/
ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
ldns_rdf *ldns_nsec3_hash_name(const ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, const uint8_t *salt);
/**
* Sets all the NSEC3 options. The rr to set them in must be initialized with _new() and
@ -278,19 +296,19 @@ void ldns_nsec3_add_param_rdfs(ldns_rr *rr,
uint8_t flags,
uint16_t iterations,
uint8_t salt_length,
uint8_t *salt);
const uint8_t *salt);
/* this will NOT return the NSEC3 completed, you will have to run the
finalize function on the rrlist later! */
ldns_rr *
ldns_create_nsec3(ldns_rdf *cur_owner,
ldns_rdf *cur_zone,
ldns_rr_list *rrs,
ldns_create_nsec3(const ldns_rdf *cur_owner,
const ldns_rdf *cur_zone,
const ldns_rr_list *rrs,
uint8_t algorithm,
uint8_t flags,
uint16_t iterations,
uint8_t salt_length,
uint8_t *salt,
const uint8_t *salt,
bool emptynonterminal);
/**
@ -361,7 +379,7 @@ ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr);
* \param[in] *name The owner name to calculate the hash for
* \return The hashed owner name rdf, without the domain name
*/
ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name);
ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, const ldns_rdf *name);
/**
* Check if RR type t is enumerated and set in the RR type bitmap rdf.
@ -413,7 +431,7 @@ bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name);
* \return status
*
*/
ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys);
ldns_status ldns_pkt_verify(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o, const ldns_rr_list *k, const ldns_rr_list *s, ldns_rr_list *good_keys);
/**
* verify a packet
@ -427,7 +445,7 @@ ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_li
* \return status
*
*/
ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys);
ldns_status ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o, const ldns_rr_list *k, const ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys);
#endif
@ -511,13 +529,19 @@ ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
* Converts the ECDSA signature from ASN1 representation (as
* used by OpenSSL) to raw signature data as used in DNS
* This routine is only present if ldns is compiled with ecdsa support.
* The older ldns_convert_ecdsa_rrsig_asn12rdf routine could not (always)
* construct a valid rdf because it did not have the num_bytes parameter.
* The num_bytes parameter is 32 for p256 and 48 for p384 (bits/8).
*
* \param[in] sig The signature in ASN1 format
* \param[in] sig_len The length of the signature
* \param[in] num_bytes number of bytes for values in the curve, the curve
* size divided by 8.
* \return a new rdf with the signature
*/
ldns_rdf *
ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len);
ldns_convert_ecdsa_rrsig_asn1len2rdf(const ldns_buffer *sig,
const long sig_len, int num_bytes);
/**
* Converts the RRSIG signature RDF (from DNS) to a buffer with the
@ -532,6 +556,56 @@ ldns_status
ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf);
/**
* Converts the ECDSA signature from ASN1 representation (as
* used by OpenSSL) to raw signature data as used in DNS
* This routine is only present if ldns is compiled with ED25519 support.
*
* \param[in] sig The signature in ASN1 format
* \param[in] sig_len The length of the signature
* \return a new rdf with the signature
*/
ldns_rdf *
ldns_convert_ed25519_rrsig_asn12rdf(const ldns_buffer *sig, long sig_len);
/**
* Converts the RRSIG signature RDF (from DNS) to a buffer with the
* signature in ASN1 format as openssl uses it.
* This routine is only present if ldns is compiled with ED25519 support.
*
* \param[out] target_buffer buffer to place the signature data in ASN1.
* \param[in] sig_rdf The signature rdf to convert
* \return LDNS_STATUS_OK on success, error code otherwise
*/
ldns_status
ldns_convert_ed25519_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf);
/**
* Converts the ECDSA signature from ASN1 representation (as
* used by OpenSSL) to raw signature data as used in DNS
* This routine is only present if ldns is compiled with ED448 support.
*
* \param[in] sig The signature in ASN1 format
* \param[in] sig_len The length of the signature
* \return a new rdf with the signature
*/
ldns_rdf *
ldns_convert_ed448_rrsig_asn12rdf(const ldns_buffer *sig, long sig_len);
/**
* Converts the RRSIG signature RDF (from DNS) to a buffer with the
* signature in ASN1 format as openssl uses it.
* This routine is only present if ldns is compiled with ED448 support.
*
* \param[out] target_buffer buffer to place the signature data in ASN1.
* \param[in] sig_rdf The signature rdf to convert
* \return LDNS_STATUS_OK on success, error code otherwise
*/
ldns_status
ldns_convert_ed448_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
#ifdef __cplusplus

5
contrib/ldns/ldns/dnssec_sign.h
View File

@ -13,6 +13,7 @@ extern "C" {
/** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/
#define LDNS_SIGN_DNSKEY_WITH_ZSK 1
#define LDNS_SIGN_WITH_ALL_ALGORITHMS 2
/**
* Create an empty RRSIG RR (i.e. without the actual signature data)
@ -21,8 +22,8 @@ extern "C" {
* \return signature rr
*/
ldns_rr *
ldns_create_empty_rrsig(ldns_rr_list *rrset,
ldns_key *key);
ldns_create_empty_rrsig(const ldns_rr_list *rrset,
const ldns_key *key);
/**
* Sign the buffer which contains the wiredata of an rrset, and the

14
contrib/ldns/ldns/dnssec_verify.h
View File

@ -387,8 +387,8 @@ ldns_status ldns_verify(ldns_rr_list *rrset,
* are added to it
* \return status LDNS_STATUS_OK if there is at least one correct key
*/
ldns_status ldns_verify_time(ldns_rr_list *rrset,
ldns_rr_list *rrsig,
ldns_status ldns_verify_time(const ldns_rr_list *rrset,
const ldns_rr_list *rrsig,
const ldns_rr_list *keys,
time_t check_time,
ldns_rr_list *good_keys);
@ -666,7 +666,7 @@ ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset,
* status LDNS_STATUS_OK if at least one key matched. Else an error.
*/
ldns_status ldns_verify_rrsig_keylist_time(
ldns_rr_list *rrset, ldns_rr *rrsig,
const ldns_rr_list *rrset, const ldns_rr *rrsig,
const ldns_rr_list *keys, time_t check_time,
ldns_rr_list *good_keys);
@ -682,8 +682,8 @@ ldns_status ldns_verify_rrsig_keylist_time(
* \return a list of keys which validate the rrsig + rrset. Returns
* status LDNS_STATUS_OK if at least one key matched. Else an error.
*/
ldns_status ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset,
ldns_rr *rrsig,
ldns_status ldns_verify_rrsig_keylist_notime(const ldns_rr_list *rrset,
const ldns_rr *rrsig,
const ldns_rr_list *keys,
ldns_rr_list *good_keys);
@ -735,9 +735,9 @@ ldns_status ldns_verify_rrsig_evp(ldns_buffer *sig,
* \param[in] key the EVP key structure
* \param[in] digest_type The digest type of the signature
*/
ldns_status ldns_verify_rrsig_evp_raw(unsigned char *sig,
ldns_status ldns_verify_rrsig_evp_raw(const unsigned char *sig,
size_t siglen,
ldns_buffer *rrset,
const ldns_buffer *rrset,
EVP_PKEY *key,
const EVP_MD *digest_type);
#endif

38
contrib/ldns/ldns/dnssec_zone.h
View File

@ -141,7 +141,7 @@ ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr);
* \param[in] out the file descriptor to print to
* \param[in] rrs the list of RRs to print
*/
void ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs);
void ldns_dnssec_rrs_print(FILE *out, const ldns_dnssec_rrs *rrs);
/**
* Prints the given rrs to the file descriptor
@ -151,7 +151,7 @@ void ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs);
* \param[in] rrs the list of RRs to print
*/
void ldns_dnssec_rrs_print_fmt(FILE *out,
const ldns_output_format *fmt, ldns_dnssec_rrs *rrs);
const ldns_output_format *fmt, const ldns_dnssec_rrs *rrs);
/**
* Creates a new list (entry) of RRsets
@ -181,7 +181,7 @@ void ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets);
* \param[in] rrsets the rrset to get the type of
* \return the rr type
*/
ldns_rr_type ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets);
ldns_rr_type ldns_dnssec_rrsets_type(const ldns_dnssec_rrsets *rrsets);
/**
* Sets the RR type of the rrset (that is head of the given list)
@ -211,7 +211,7 @@ ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr);
* \param[in] follow if set to false, only print the first RRset
*/
void ldns_dnssec_rrsets_print(FILE *out,
ldns_dnssec_rrsets *rrsets,
const ldns_dnssec_rrsets *rrsets,
bool follow);
/**
@ -224,7 +224,7 @@ void ldns_dnssec_rrsets_print(FILE *out,
*/
void ldns_dnssec_rrsets_print_fmt(FILE *out,
const ldns_output_format *fmt,
ldns_dnssec_rrsets *rrsets,
const ldns_dnssec_rrsets *rrsets,
bool follow);
@ -263,7 +263,7 @@ void ldns_dnssec_name_deep_free(ldns_dnssec_name *name);
* \param[in] name the dnssec name to get the domain name from
* \return the domain name
*/
ldns_rdf *ldns_dnssec_name_name(ldns_dnssec_name *name);
ldns_rdf *ldns_dnssec_name_name(const ldns_dnssec_name *name);
/**
@ -285,7 +285,7 @@ void ldns_dnssec_name_set_name(ldns_dnssec_name *name,
* \param[in] name the dnssec name to get the domain name from
* \return true if the structure is marked as glue, false otherwise.
*/
bool ldns_dnssec_name_is_glue(ldns_dnssec_name *name);
bool ldns_dnssec_name_is_glue(const ldns_dnssec_name *name);
/**
* Sets the NSEC(3) RR of the given dnssec_name structure
@ -325,7 +325,7 @@ ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
* \param[in] type the type of the RRset to find
* \return the RRset, or NULL if not present
*/
ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(const ldns_dnssec_name *name,
ldns_rr_type type);
/**
@ -336,8 +336,8 @@ ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
* \param[in] type the type of the RRset to find
* \return the RRset, or NULL if not present
*/
ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
ldns_rdf *dname,
ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(const ldns_dnssec_zone *zone,
const ldns_rdf *dname,
ldns_rr_type type);
/**
@ -347,7 +347,7 @@ ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
* \param[in] out the file descriptor to print to
* \param[in] name the name structure to print the contents of
*/
void ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name);
void ldns_dnssec_name_print(FILE *out, const ldns_dnssec_name *name);
/**
* Prints the RRs in the dnssec name structure to the given
@ -358,7 +358,7 @@ void ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name);
* \param[in] name the name structure to print the contents of
*/
void ldns_dnssec_name_print_fmt(FILE *out,
const ldns_output_format *fmt, ldns_dnssec_name *name);
const ldns_output_format *fmt, const ldns_dnssec_name *name);
/**
* Creates a new dnssec_zone structure
@ -377,7 +377,7 @@ ldns_dnssec_zone *ldns_dnssec_zone_new(void);
* \return ldns_status mesg with an error or LDNS_STATUS_OK
*/
ldns_status ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp,
ldns_rdf* origin, uint32_t ttl, ldns_rr_class c);
const ldns_rdf* origin, uint32_t ttl, ldns_rr_class c);
/**
* Create a new dnssec zone from a file, keep track of the line numbering
@ -391,7 +391,7 @@ ldns_status ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp,
* \return ldns_status mesg with an error or LDNS_STATUS_OK
*/
ldns_status ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp,
ldns_rdf* origin, uint32_t ttl, ldns_rr_class c, int* line_nr);
const ldns_rdf* origin, uint32_t ttl, ldns_rr_class c, int* line_nr);
/**
* Frees the given zone structure, and its rbtree of dnssec_names
@ -427,7 +427,7 @@ ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone,
* \param[in] tree the tree of ldns_dnssec_name structures to print
* \param[in] print_soa if true, print SOA records, if false, skip them
*/
void ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa);
void ldns_dnssec_zone_names_print(FILE *out, const ldns_rbtree_t *tree, bool print_soa);
/**
* Prints the rbtree of ldns_dnssec_name structures to the file descriptor
@ -438,7 +438,7 @@ void ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa
* \param[in] print_soa if true, print SOA records, if false, skip them
*/
void ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt,
ldns_rbtree_t *tree, bool print_soa);
const ldns_rbtree_t *tree, bool print_soa);
/**
* Prints the complete zone to the given file descriptor
@ -446,7 +446,7 @@ void ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt,
* \param[in] out the file descriptor to print to
* \param[in] zone the dnssec_zone to print
*/
void ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone);
void ldns_dnssec_zone_print(FILE *out, const ldns_dnssec_zone *zone);
/**
* Prints the complete zone to the given file descriptor
@ -456,7 +456,7 @@ void ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone);
* \param[in] zone the dnssec_zone to print
*/
void ldns_dnssec_zone_print_fmt(FILE *out,
const ldns_output_format *fmt, ldns_dnssec_zone *zone);
const ldns_output_format *fmt, const ldns_dnssec_zone *zone);
/**
* Adds explicit dnssec_name structures for the empty nonterminals
@ -474,7 +474,7 @@ ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone);
* \param[in] zone the zone to check for nsec3 optout records
* return true when the zone has at least one nsec3 optout record.
*/
bool ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone);
bool ldns_dnssec_zone_is_nsec3_optout(const ldns_dnssec_zone* zone);
#ifdef __cplusplus
}

6
contrib/ldns/ldns/duration.h
View File

@ -73,7 +73,7 @@ ldns_duration_type* ldns_duration_create(void);
* \return int 0 if equal, -1 if d1 < d2, 1 if d2 < d1
*
*/
int ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2);
int ldns_duration_compare(const ldns_duration_type* d1, const ldns_duration_type* d2);
/**
* Create a duration from string.
@ -89,7 +89,7 @@ ldns_duration_type* ldns_duration_create_from_string(const char* str);
* \return char* string-format duration
*
*/
char* ldns_duration2string(ldns_duration_type* duration);
char* ldns_duration2string(const ldns_duration_type* duration);
/**
* Convert a duration to a time.
@ -97,7 +97,7 @@ char* ldns_duration2string(ldns_duration_type* duration);
* \return time_t time-format duration
*
*/
time_t ldns_duration2time(ldns_duration_type* duration);
time_t ldns_duration2time(const ldns_duration_type* duration);
/**
* Clean up duration.

3
contrib/ldns/ldns/error.h
View File

@ -127,6 +127,9 @@ enum ldns_enum_status {
LDNS_STATUS_TYPE_NOT_IN_BITMAP,
LDNS_STATUS_INVALID_RDF_TYPE,
LDNS_STATUS_RDATA_OVERFLOW,
LDNS_STATUS_SYNTAX_SUPERFLUOUS_TEXT_ERR,
LDNS_STATUS_NSEC3_DOMAINNAME_OVERFLOW,
LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA
};
typedef enum ldns_enum_status ldns_status;

8
contrib/ldns/ldns/higher.h
View File

@ -34,7 +34,7 @@ extern "C" {
* \param[in] c the class to use
* \param[in] flags give some optional flags to the query
*/
ldns_rr_list *ldns_get_rr_list_addr_by_name(ldns_resolver *r, ldns_rdf *name, ldns_rr_class c, uint16_t flags);
ldns_rr_list *ldns_get_rr_list_addr_by_name(ldns_resolver *r, const ldns_rdf *name, ldns_rr_class c, uint16_t flags);
/**
* ask the resolver about the address
@ -44,7 +44,7 @@ ldns_rr_list *ldns_get_rr_list_addr_by_name(ldns_resolver *r, ldns_rdf *name, ld
* \param[in] c the class to use
* \param[in] flags give some optional flags to the query
*/
ldns_rr_list *ldns_get_rr_list_name_by_addr(ldns_resolver *r, ldns_rdf *addr, ldns_rr_class c, uint16_t flags);
ldns_rr_list *ldns_get_rr_list_name_by_addr(ldns_resolver *r, const ldns_rdf *addr, ldns_rr_class c, uint16_t flags);
/**
* wade through fp (a /etc/hosts like file)
@ -86,7 +86,7 @@ ldns_rr_list *ldns_get_rr_list_hosts_frm_file(char *filename);
* \param[out] list put the found RR's in this list
* \return the number of RR found.
*/
uint16_t ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, ldns_rr_list **list);
uint16_t ldns_getaddrinfo(ldns_resolver *res, const ldns_rdf *node, ldns_rr_class c, ldns_rr_list **list);
/**
* Check if t is enumerated in the nsec type rdata
@ -94,7 +94,7 @@ uint16_t ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, l
* \param[in] t the type to check for
* \return true when t is found, otherwise return false
*/
bool ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t);
bool ldns_nsec_type_check(const ldns_rr *nsec, ldns_rr_type t);
/**
* Print a number of rdf's of the RR. The rdfnum-list must

4
contrib/ldns/ldns/host2str.h
View File

@ -139,14 +139,14 @@ ldns_output_format* ldns_output_format_init(ldns_output_format_storage* fmt) {
}
/**
* Set an ouput format flag.
* Set an output format flag.
*/
INLINE void ldns_output_format_set(ldns_output_format* fmt, int flag) {
fmt->flags |= flag;
}
/**
* Clear an ouput format flag.
* Clear an output format flag.
*/
INLINE void ldns_output_format_clear(ldns_output_format* fmt, int flag) {
fmt->flags &= !flag;

35
contrib/ldns/ldns/host2wire.h
View File

@ -39,6 +39,15 @@ extern "C" {
*/
ldns_status ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name);
/**
* Copies the dname data to the buffer in wire format
* \param[out] *buffer buffer to append the result to
* \param[in] *name rdata dname to convert
* \param[out] *compression_data data structure holding state for compression
* \return ldns_status
*/
ldns_status ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_rbtree_t *compression_data);
/**
* Copies the rdata data to the buffer in wire format
* \param[out] *output buffer to append the result to
@ -47,6 +56,15 @@ ldns_status ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name);
*/
ldns_status ldns_rdf2buffer_wire(ldns_buffer *output, const ldns_rdf *rdf);
/**
* Copies the rdata data to the buffer in wire format
* \param[out] *output buffer to append the result to
* \param[in] *rdf rdata to convert
* \param[out] *compression_data data structure holding state for compression
* \return ldns_status
*/
ldns_status ldns_rdf2buffer_wire_compress(ldns_buffer *output, const ldns_rdf *rdf, ldns_rbtree_t *compression_data);
/**
* Copies the rdata data to the buffer in wire format
* If the rdata is a dname, the letters will be lowercased
@ -70,6 +88,20 @@ ldns_status ldns_rr2buffer_wire(ldns_buffer *output,
const ldns_rr *rr,
int section);
/**
* Copies the rr data to the buffer in wire format while doing DNAME compression
* \param[out] *output buffer to append the result to
* \param[in] *rr resource record to convert
* \param[in] section the section in the packet this rr is supposed to be in
* (to determine whether to add rdata or not)
* \param[out] *compression_data data structure holding state information for compression
* \return ldns_status
*/
ldns_status ldns_rr2buffer_wire_compress(ldns_buffer *output,
const ldns_rr *rr,
int section,
ldns_rbtree_t *compression_data);
/**
* Copies the rr data to the buffer in wire format, in canonical format
* according to RFC3597 (every dname in rdata fields of RR's mentioned in
@ -145,9 +177,10 @@ ldns_status ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *size);
*
* \param[out] dest pointer to the array of bytes to be created
* \param[in] rr the rr to convert
* \param[in] section the rr section, determines how the rr is written.
* \param[out] size the size of the converted result
*/
ldns_status ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int, size_t *size);
ldns_status ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *size);
/**
* Allocates an array of uint8_t at dest, and puts the wireformat of the

25
contrib/ldns/ldns/keys.h
View File

@ -55,6 +55,16 @@ enum ldns_enum_algorithm
LDNS_ECC_GOST = 12, /* RFC 5933 */
LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */
LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */
#ifdef USE_ED25519
/* this ifdef is internal to ldns, because we do not want to export
* the symbol. Users can define it if they want access,
* the feature is not fully implemented at this time and openssl
* does not support it fully either (also for ED448). */
LDNS_ED25519 = 15, /* draft-ietf-curdle-dnskey-ed25519 */
#endif
#ifdef USE_ED448
LDNS_ED448 = 16, /* draft-ietf-curdle-dnskey-ed448 */
#endif
LDNS_INDIRECT = 252,
LDNS_PRIVATEDNS = 253,
LDNS_PRIVATEOID = 254
@ -88,9 +98,18 @@ enum ldns_enum_signing_algorithm
LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST,
LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
#ifdef USE_ED25519
LDNS_SIGN_ED25519 = LDNS_ED25519,
#endif
#ifdef USE_ED448
LDNS_SIGN_ED448 = LDNS_ED448,
#endif
LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */
LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */
LDNS_SIGN_HMACSHA256 = 159 /* ditto */
LDNS_SIGN_HMACSHA256 = 159, /* ditto */
LDNS_SIGN_HMACSHA224 = 162, /* ditto */
LDNS_SIGN_HMACSHA384 = 164, /* ditto */
LDNS_SIGN_HMACSHA512 = 165 /* ditto */
};
typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm;
@ -553,7 +572,7 @@ ldns_key *ldns_key_list_pop_key(ldns_key_list *key_list);
ldns_rr *ldns_key2rr(const ldns_key *k);
/**
* print a private key to the file ouput
* print a private key to the file output
*
* \param[in] output the FILE descriptor where to print to
* \param[in] k the ldns_key to print
@ -598,7 +617,7 @@ ldns_rr * ldns_read_anchor_file(const char *filename);
* \param[in] key the key to get the file name from
* \returns A string containing the file base name
*/
char *ldns_key_get_file_base_name(ldns_key *key);
char *ldns_key_get_file_base_name(const ldns_key *key);
/**
* See if a key algorithm is supported

6
contrib/ldns/ldns/net.h
View File

@ -166,7 +166,7 @@ uint8_t *ldns_tcp_read_wire(int sockfd, size_t *size);
*
* \param[in] sockfd the socket to read from
* \param[in] fr the address of the client (if applicable)
* \param[in] *frlen the lenght of the client's addr (if applicable)
* \param[in] *frlen the length of the client's addr (if applicable)
* \param[out] size the number of bytes that are read
* \return the data read
*/
@ -188,7 +188,7 @@ struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, u
* \param[in] port what port was used. When NULL this is not set
* \return ldns_rdf* wth the address
*/
ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port);
ldns_rdf * ldns_sockaddr_storage2rdf(const struct sockaddr_storage *sock, uint16_t *port);
/**
* Prepares the resolver for an axfr query
@ -198,7 +198,7 @@ ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *po
* \param[in] c the class to use
* \return ldns_status the status of the transfer
*/
ldns_status ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class c);
ldns_status ldns_axfr_start(ldns_resolver *resolver, const ldns_rdf *domain, ldns_rr_class c);
#ifdef __cplusplus
}

6
contrib/ldns/ldns/net.h.in
View File

@ -166,7 +166,7 @@ uint8_t *ldns_tcp_read_wire(int sockfd, size_t *size);
*
* \param[in] sockfd the socket to read from
* \param[in] fr the address of the client (if applicable)
* \param[in] *frlen the lenght of the client's addr (if applicable)
* \param[in] *frlen the length of the client's addr (if applicable)
* \param[out] size the number of bytes that are read
* \return the data read
*/
@ -188,7 +188,7 @@ struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, u
* \param[in] port what port was used. When NULL this is not set
* \return ldns_rdf* wth the address
*/
ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port);
ldns_rdf * ldns_sockaddr_storage2rdf(const struct sockaddr_storage *sock, uint16_t *port);
/**
* Prepares the resolver for an axfr query
@ -198,7 +198,7 @@ ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *po
* \param[in] c the class to use
* \return ldns_status the status of the transfer
*/
ldns_status ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class c);
ldns_status ldns_axfr_start(ldns_resolver *resolver, const ldns_rdf *domain, ldns_rr_class c);
#ifdef __cplusplus
}

26
contrib/ldns/ldns/packet.h
View File

@ -23,8 +23,8 @@
#define LDNS_MAX_PACKETLEN 65535
/* allow flags to be given to mk_query */
#define LDNS_QR 1 /* QueRy - query flag */
/* allow flags to be given to ldns_pkt_query_new */
#define LDNS_QR 1 /* Query Response flag */
#define LDNS_AA 2 /* Authoritative Answer - server flag */
#define LDNS_TC 4 /* TrunCated - server flag */
#define LDNS_RD 8 /* Recursion Desired - query flag */
@ -235,7 +235,7 @@ struct ldns_struct_pkt
/** Header section */
ldns_hdr *_header;
/* extra items needed in a packet */
/** The size of the wire format of the packet in octets */
/** an rdf (A or AAAA) with the IP address of the server it is from */
ldns_rdf *_answerfrom;
/** Timestamp of the time the packet was sent or created */
struct timeval timestamp;
@ -251,6 +251,8 @@ struct ldns_struct_pkt
uint8_t _edns_extended_rcode;
/** EDNS Version */
uint8_t _edns_version;
/* OPT pseudo-RR presence flag */
uint8_t _edns_present;
/** Reserved EDNS data bits */
uint16_t _edns_z;
/** Arbitrary EDNS rdata */
@ -484,7 +486,7 @@ ldns_rr_list *ldns_pkt_get_section_clone(const ldns_pkt *p, ldns_pkt_section s);
* \param[in] s the packet's section
* \return a list with the rr's or NULL if none were found
*/
ldns_rr_list *ldns_pkt_rr_list_by_name(ldns_pkt *p, ldns_rdf *r, ldns_pkt_section s);
ldns_rr_list *ldns_pkt_rr_list_by_name(const ldns_pkt *p, const ldns_rdf *r, ldns_pkt_section s);
/**
* return all the rr with a specific type from a packet. Optionally
* specify from which section in the packet
@ -512,7 +514,7 @@ ldns_rr_list *ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, const ld
* \param[in] sec in which section to look
* \param[in] rr the rr to look for
*/
bool ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr);
bool ldns_pkt_rr(const ldns_pkt *pkt, ldns_pkt_section sec, const ldns_rr *rr);
/**
@ -658,7 +660,7 @@ void ldns_pkt_set_tsig(ldns_pkt *p, ldns_rr *t);
* \param[in] p the packet to examine
* \return the type of packet
*/
ldns_pkt_type ldns_pkt_reply_type(ldns_pkt *p);
ldns_pkt_type ldns_pkt_reply_type(const ldns_pkt *p);
/**
* return the packet's edns udp size
@ -777,14 +779,15 @@ ldns_status ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_r
* \param[in] rr_name the name to query for (as string)
* \param[in] rr_class the class to query for
* \param[in] flags packet flags
* \param[in] soa soa record to be added to the authority section
* \param[in] soa soa record to be added to the authority section (not copied).
* \return LDNS_STATUS_OK or a ldns_status mesg with the error
*/
ldns_status ldns_pkt_ixfr_request_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_class rr_class, uint16_t flags, ldns_rr* soa);
/**
* creates a packet with a query in it for the given name, type and class.
* \param[in] rr_name the name to query for
* \param[in] rr_name the name to query for (not copied).
* The returned packet will take ownership of rr_name, so the caller should not free it.
* \param[in] rr_type the type to query for
* \param[in] rr_class the class to query for
* \param[in] flags packet flags
@ -795,10 +798,11 @@ ldns_pkt *ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, ldns_rr_cl
/**
* creates an IXFR request packet for the given name, type and class.
* adds the SOA record to the authority section.
* \param[in] rr_name the name to query for
* \param[in] rr_name the name to query for (not copied).
* The returned packet will take ownership of rr_name, so the caller should not free it.
* \param[in] rr_class the class to query for
* \param[in] flags packet flags
* \param[in] soa soa record to be added to the authority section
* \param[in] soa soa record to be added to the authority section (not copied).
* \return ldns_pkt* a pointer to the new pkt
*/
ldns_pkt *ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class, uint16_t flags, ldns_rr* soa);
@ -809,7 +813,7 @@ ldns_pkt *ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class, u
* \param[in] pkt the packet to clone
* \return ldns_pkt* pointer to the new packet
*/
ldns_pkt *ldns_pkt_clone(ldns_pkt *pkt);
ldns_pkt *ldns_pkt_clone(const ldns_pkt *pkt);
/**
* directly set the additional section

32
contrib/ldns/ldns/radix.h
View File

@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
@ -135,7 +135,7 @@ ldns_status ldns_radix_insert(ldns_radix_t* tree, uint8_t* key,
* @return: unlinked data or NULL if not present.
*
*/
void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len);
void* ldns_radix_delete(ldns_radix_t* tree, const uint8_t* key, radix_strlen_t len);
/**
* Search data in the tree.
@ -145,7 +145,7 @@ void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len);
* @return: the radix node or NULL if not found.
*
*/
ldns_radix_node_t* ldns_radix_search(ldns_radix_t* tree, uint8_t* key,
ldns_radix_node_t* ldns_radix_search(ldns_radix_t* tree, const uint8_t* key,
radix_strlen_t len);
/**
@ -159,7 +159,7 @@ ldns_radix_node_t* ldns_radix_search(ldns_radix_t* tree, uint8_t* key,
* @return 1 if exact match, 0 otherwise.
*
*/
int ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key,
int ldns_radix_find_less_equal(ldns_radix_t* tree, const uint8_t* key,
radix_strlen_t len, ldns_radix_node_t** result);
/**
@ -168,7 +168,7 @@ int ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key,
* @return: the radix node with the first element.
*
*/
ldns_radix_node_t* ldns_radix_first(ldns_radix_t* tree);
ldns_radix_node_t* ldns_radix_first(const ldns_radix_t* tree);
/**
* Get the last element in the tree.
@ -176,7 +176,7 @@ ldns_radix_node_t* ldns_radix_first(ldns_radix_t* tree);
* @return: the radix node with the last element.
*
*/
ldns_radix_node_t* ldns_radix_last(ldns_radix_t* tree);
ldns_radix_node_t* ldns_radix_last(const ldns_radix_t* tree);
/**
* Next element.
@ -231,7 +231,7 @@ void ldns_radix_traverse_postorder(ldns_radix_node_t* node,
* @param tree: tree.
*
*/
void ldns_radix_printf(FILE* fd, ldns_radix_t* tree);
void ldns_radix_printf(FILE* fd, const ldns_radix_t* tree);
#ifdef __cplusplus
}

24
contrib/ldns/ldns/rbtree.h
View File

@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
@ -164,14 +164,14 @@ int ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key,
* @param rbtree: tree
* @return: smallest element or NULL if tree empty.
*/
ldns_rbnode_t *ldns_rbtree_first(ldns_rbtree_t *rbtree);
ldns_rbnode_t *ldns_rbtree_first(const ldns_rbtree_t *rbtree);
/**
* Returns last (largest) node in the tree
* @param rbtree: tree
* @return: largest element or NULL if tree empty.
*/
ldns_rbnode_t *ldns_rbtree_last(ldns_rbtree_t *rbtree);
ldns_rbnode_t *ldns_rbtree_last(const ldns_rbtree_t *rbtree);
/**
* Returns next larger node in the tree

10
contrib/ldns/ldns/rdata.h
View File

@ -131,6 +131,14 @@ enum ldns_enum_rdf_type
*/
LDNS_RDF_TYPE_LONG_STR,
/** Since RFC7218 TLSA records can be given with mnemonics,
* hence these rdata field types. But as with DNSKEYs, the output
* is always numeric.
*/
LDNS_RDF_TYPE_CERTIFICATE_USAGE,
LDNS_RDF_TYPE_SELECTOR,
LDNS_RDF_TYPE_MATCHING_TYPE,
/* Aliases */
LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC
};
@ -343,7 +351,7 @@ ldns_rdf *ldns_native2rdf_int16_data(size_t size, uint8_t *data);
* \param[in] *rd rdf to be reversed
* \return the reversed rdf (a newly created rdf)
*/
ldns_rdf *ldns_rdf_address_reverse(ldns_rdf *rd);
ldns_rdf *ldns_rdf_address_reverse(const ldns_rdf *rd);
/**
* returns the native uint8_t representation from the rdf.

66
contrib/ldns/ldns/resolver.h
View File

@ -69,7 +69,7 @@ struct ldns_struct_resolver
/** Round trip time; 0 -> infinity. Unit: ms? */
size_t *_rtt;
/** Wether or not to be recursive */
/** Whether or not to be recursive */
bool _recursive;
/** Print debug information */
@ -101,7 +101,7 @@ struct ldns_struct_resolver
bool _usevc;
/** Whether to ignore the tc bit */
bool _igntc;
/** Whether to use ip6, 0->does not matter, 1 is IPv4, 2 is IPv6 */
/** Whether to use ip6: 0->does not matter, 1 is IPv4, 2 is IPv6 */
uint8_t _ip6;
/** If true append the default domain */
bool _defnames;
@ -128,6 +128,8 @@ struct ldns_struct_resolver
uint16_t _axfr_i;
/* EDNS0 available buffer size */
uint16_t _edns_udp_size;
/* serial for IXFR */
uint32_t _serial;
/* Optional tsig key for signing queries,
outgoing messages are signed if and only if both are set
@ -310,21 +312,24 @@ size_t ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos);
/**
* Return the tsig keyname as used by the nameserver
* \param[in] r the resolver
* \return the name used.
* \return the name used. Still owned by the resolver - change using
* ldns_resolver_set_tsig_keyname().
*/
char *ldns_resolver_tsig_keyname(const ldns_resolver *r);
const char *ldns_resolver_tsig_keyname(const ldns_resolver *r);
/**
* Return the tsig algorithm as used by the nameserver
* \param[in] r the resolver
* \return the algorithm used.
* \return the algorithm used. Still owned by the resolver - change using
* ldns_resolver_set_tsig_algorithm().
*/
char *ldns_resolver_tsig_algorithm(const ldns_resolver *r);
const char *ldns_resolver_tsig_algorithm(const ldns_resolver *r);
/**
* Return the tsig keydata as used by the nameserver
* \param[in] r the resolver
* \return the keydata used.
* \return the keydata used. Still owned by the resolver - change using
* ldns_resolver_set_tsig_keydata().
*/
char *ldns_resolver_tsig_keydata(const ldns_resolver *r);
const char *ldns_resolver_tsig_keydata(const ldns_resolver *r);
/**
* pop the last nameserver from the resolver.
* \param[in] r the resolver
@ -519,23 +524,23 @@ void ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s);
/**
* Set the tsig key name
* \param[in] r the resolver
* \param[in] tsig_keyname the tsig key name
* \param[in] tsig_keyname the tsig key name (copied into resolver)
*/
void ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname);
void ldns_resolver_set_tsig_keyname(ldns_resolver *r, const char *tsig_keyname);
/**
* Set the tsig algorithm
* \param[in] r the resolver
* \param[in] tsig_algorithm the tsig algorithm
* \param[in] tsig_algorithm the tsig algorithm (copied into resolver)
*/
void ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm);
void ldns_resolver_set_tsig_algorithm(ldns_resolver *r, const char *tsig_algorithm);
/**
* Set the tsig key data
* \param[in] r the resolver
* \param[in] tsig_keydata the key data
* \param[in] tsig_keydata the key data (copied into resolver)
*/
void ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata);
void ldns_resolver_set_tsig_keydata(ldns_resolver *r, const char *tsig_keydata);
/**
* Set round trip time for all nameservers. Note this currently
@ -568,7 +573,7 @@ void ldns_resolver_set_random(ldns_resolver *r, bool b);
* \param[in] n the ip address
* \return ldns_status a status
*/
ldns_status ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n);
ldns_status ldns_resolver_push_nameserver(ldns_resolver *r, const ldns_rdf *n);
/**
* Push a new nameserver to the resolver. It must be an
@ -577,7 +582,7 @@ ldns_status ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n);
* \param[in] rr the resource record
* \return ldns_status a status
*/
ldns_status ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr);
ldns_status ldns_resolver_push_nameserver_rr(ldns_resolver *r, const ldns_rr *rr);
/**
* Push a new nameserver rr_list to the resolver.
@ -585,7 +590,7 @@ ldns_status ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr);
* \param[in] rrlist the rr_list to push
* \return ldns_status a status
*/
ldns_status ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist);
ldns_status ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, const ldns_rr_list *rrlist);
/**
* Send the query for using the resolver and take the search list into account
@ -639,7 +644,7 @@ ldns_status ldns_resolver_prepare_query_pkt(ldns_pkt **q, ldns_resolver *r, cons
* \param[in] c query for this class (may be 0, default to IN)
* \param[in] flags the query flags
*
* \return ldns_pkt* a packet with the reply from the nameserver
* \return ldns_status LDNS_STATUS_OK on success
*/
ldns_status ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
@ -684,10 +689,17 @@ ldns_pkt* ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, ldns
/**
* Create a new resolver structure
* \return ldns_resolver* pointer to new strcture
* \return ldns_resolver* pointer to new structure
*/
ldns_resolver* ldns_resolver_new(void);
/**
* Clone a resolver
* \param[in] r the resolver to clone
* \return ldns_resolver* pointer to new structure
*/
ldns_resolver* ldns_resolver_clone(ldns_resolver *r);
/**
* Create a resolver structure from a file like /etc/resolv.conf
* \param[out] r the new resolver
@ -710,7 +722,7 @@ ldns_status ldns_resolver_new_frm_fp_l(ldns_resolver **r, FILE *fp, int *line_nr
/**
* Configure a resolver by means of a resolv.conf file
* The file may be NULL in which case there will be
* looked the RESOLV_CONF (defaults to /etc/resolv.conf
* looked the RESOLV_CONF (defaults to /etc/resolv.conf)
* \param[out] r the new resolver
* \param[in] filename the filename to use
* \return LDNS_STATUS_OK or the error
@ -760,6 +772,20 @@ bool ldns_axfr_complete(const ldns_resolver *resolver);
*/
ldns_pkt *ldns_axfr_last_pkt(const ldns_resolver *res);
/**
* Get the serial for requesting IXFR.
* \param[in] r the resolver
* \param[in] serial serial
*/
void ldns_resolver_set_ixfr_serial(ldns_resolver *r, uint32_t serial);
/**
* Get the serial for requesting IXFR.
* \param[in] res the resolver
* \return uint32_t serial
*/
uint32_t ldns_resolver_get_ixfr_serial(const ldns_resolver *res);
/**
* Randomize the nameserver list in the resolver
* \param[in] r the resolver

35
contrib/ldns/ldns/rr.h
View File

@ -37,7 +37,7 @@ extern "C" {
#define LDNS_RR_OVERHEAD 10
/* The first fields are contiguous and can be referenced instantly */
#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 258
#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 259
@ -180,6 +180,7 @@ enum ldns_enum_rr_type
LDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */
LDNS_RR_TYPE_NSEC3PARAMS = 51,
LDNS_RR_TYPE_TLSA = 52, /* RFC 6698 */
LDNS_RR_TYPE_SMIMEA = 53, /* draft-ietf-dane-smime */
LDNS_RR_TYPE_HIP = 55, /* RFC 5205 */
@ -189,8 +190,10 @@ enum ldns_enum_rr_type
LDNS_RR_TYPE_RKEY = 57,
/** draft-ietf-dnsop-trust-history */
LDNS_RR_TYPE_TALINK = 58,
/** draft-barwood-dnsop-ds-publis */
LDNS_RR_TYPE_CDS = 59,
LDNS_RR_TYPE_CDS = 59, /* RFC 7344 */
LDNS_RR_TYPE_CDNSKEY = 60, /* RFC 7344 */
LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
@ -217,9 +220,9 @@ enum ldns_enum_rr_type
LDNS_RR_TYPE_MAILA = 254,
/** any type (wildcard) */
LDNS_RR_TYPE_ANY = 255,
/** draft-faltstrom-uri-06 */
LDNS_RR_TYPE_URI = 256,
LDNS_RR_TYPE_URI = 256, /* RFC 7553 */
LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */
LDNS_RR_TYPE_AVC = 258, /* Cisco's DNS-AS RR, see www.dns-as.org */
/** DNSSEC Trust Authorities */
LDNS_RR_TYPE_TA = 32768,
@ -411,7 +414,7 @@ void ldns_rr_free(ldns_rr *rr);
* \return a status msg describing an error or LDNS_STATUS_OK
*/
ldns_status ldns_rr_new_frm_str(ldns_rr **n, const char *str,
uint32_t default_ttl, ldns_rdf *origin,
uint32_t default_ttl, const ldns_rdf *origin,
ldns_rdf **prev);
/**
@ -428,7 +431,7 @@ ldns_status ldns_rr_new_frm_str(ldns_rr **n, const char *str,
* \return a status msg describing an error or LDNS_STATUS_OK
*/
ldns_status ldns_rr_new_question_frm_str(ldns_rr **n, const char *str,
ldns_rdf *origin, ldns_rdf **prev);
const ldns_rdf *origin, ldns_rdf **prev);
/**
* creates a new rr from a file containing a string.
@ -648,7 +651,7 @@ void ldns_rr_list_deep_free(ldns_rr_list *rr_list);
* \param[in] right the rightside
* \return a left with right concatenated to it
*/
bool ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right);
bool ldns_rr_list_cat(ldns_rr_list *left, const ldns_rr_list *right);
/**
* concatenates two ldns_rr_lists together, but makes clones of the rr's
@ -657,7 +660,7 @@ bool ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right);
* \param[in] right the rightside
* \return a new rr_list with leftside/rightside concatenated
*/
ldns_rr_list* ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right);
ldns_rr_list* ldns_rr_list_cat_clone(const ldns_rr_list *left, const ldns_rr_list *right);
/**
* pushes an rr to an rrlist.
@ -697,14 +700,14 @@ ldns_rr_list* ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t size);
* \param[in] rr the rr to check
* \return true if rr_list contains rr, false otherwise
*/
bool ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr);
bool ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, const ldns_rr *rr);
/**
* checks if an rr_list is a rrset.
* \param[in] rr_list the rr_list to check
* \return true if it is an rrset otherwise false
*/
bool ldns_is_rrset(ldns_rr_list *rr_list);
bool ldns_is_rrset(const ldns_rr_list *rr_list);
/**
* pushes an rr to an rrset (which really are rr_list's).
@ -794,7 +797,7 @@ int ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2);
* -1 if rr1_buf comes before rr2_buf
* +1 if rr2_buf comes before rr1_buf
*/
int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf);
int ldns_rr_compare_wire(const ldns_buffer *rr1_buf, const ldns_buffer *rr2_buf);
/**
* returns true of the given rr's are equal.
@ -835,14 +838,14 @@ void ldns_rr2canonical(ldns_rr *rr);
* \param[in] rr_list the rr_list to work on
* \return void
*/
void ldns_rr_list2canonical(ldns_rr_list *rr_list);
void ldns_rr_list2canonical(const ldns_rr_list *rr_list);
/**
* counts the number of labels of the ownername.
* \param[in] rr count the labels of this rr
* \return the number of labels
*/
uint8_t ldns_rr_label_count(ldns_rr *rr);
uint8_t ldns_rr_label_count(const ldns_rr *rr);
/**
* returns the resource record descriptor for the given rr type.
@ -888,11 +891,11 @@ ldns_rdf_type ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor
* \return a new rr list with only the RRs that match
*
*/
ldns_rr_list *ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos);
ldns_rr_list *ldns_rr_list_subtype_by_rdf(const ldns_rr_list *l, const ldns_rdf *r, size_t pos);
/**
* convert an rdf of type LDNS_RDF_TYPE_TYPE to an actual
* LDNS_RR_TYPE. This is usefull in the case when inspecting
* LDNS_RR_TYPE. This is useful in the case when inspecting
* the rrtype covered field of an RRSIG.
* \param[in] rd the rdf to look at
* \return a ldns_rr_type with equivalent LDNS_RR_TYPE

26
contrib/ldns/ldns/str2host.h
View File

@ -165,13 +165,37 @@ ldns_status ldns_str2rdf_class(ldns_rdf **rd, const char *str);
ldns_status ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str);
/**
* convert and algorithm value into wireformat
* convert an algorithm value into wireformat
* \param[in] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
ldns_status ldns_str2rdf_alg(ldns_rdf **rd, const char *str);
/**
* convert a tlsa certificate usage value into wireformat
* \param[in] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
ldns_status ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str);
/**
* convert a tlsa selector value into wireformat
* \param[in] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
ldns_status ldns_str2rdf_selector(ldns_rdf **rd, const char *str);
/**
* convert a tlsa matching type value into wireformat
* \param[in] rd the rdf where to put the data
* \param[in] str the string to be converted
* \return ldns_status
*/
ldns_status ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str);
/**
* convert a string with a unknown RR into wireformat
* \param[in] rd the rdf where to put the data

24
contrib/ldns/ldns/tsig.h
View File

@ -25,17 +25,17 @@ extern "C" {
*/
typedef struct ldns_tsig_credentials_struct
{
char *algorithm;
char *keyname;
char *keydata;
const char *algorithm;
const char *keyname;
const char *keydata;
/* XXX More eventually. */
} ldns_tsig_credentials;
char *ldns_tsig_algorithm(ldns_tsig_credentials *);
char *ldns_tsig_keyname(ldns_tsig_credentials *);
char *ldns_tsig_keydata(ldns_tsig_credentials *);
char *ldns_tsig_keyname_clone(ldns_tsig_credentials *);
char *ldns_tsig_keydata_clone(ldns_tsig_credentials *);
const char *ldns_tsig_algorithm(const ldns_tsig_credentials *);
const char *ldns_tsig_keyname(const ldns_tsig_credentials *);
const char *ldns_tsig_keydata(const ldns_tsig_credentials *);
char *ldns_tsig_keyname_clone(const ldns_tsig_credentials *);
char *ldns_tsig_keydata_clone(const ldns_tsig_credentials *);
/**
* verifies the tsig rr for the given packet and key.
@ -48,7 +48,7 @@ char *ldns_tsig_keydata_clone(ldns_tsig_credentials *);
* \param[in] mac original mac
* \return true if tsig is correct, false if not, or if tsig is not set
*/
bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac);
bool ldns_pkt_tsig_verify(ldns_pkt *pkt, const uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, const ldns_rdf *mac);
/**
* verifies the tsig rr for the given packet and key.
@ -63,7 +63,7 @@ bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const
components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac.
* \return true if tsig is correct, false if not, or if tsig is not set
*/
bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac,
bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, const uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, const ldns_rdf *mac,
int tsig_timers_only);
/**
@ -77,7 +77,7 @@ bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, c
* \return status (OK if success)
*/
ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
const char *algorithm_name, ldns_rdf *query_mac);
const char *algorithm_name, const ldns_rdf *query_mac);
/**
* creates a tsig rr for the given packet and key.
@ -92,7 +92,7 @@ ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *
* \return status (OK if success)
*/
ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only);
const char *algorithm_name, const ldns_rdf *query_mac, int tsig_timers_only);
#ifdef __cplusplus
}

5
contrib/ldns/ldns/update.h
View File

@ -27,13 +27,14 @@ extern "C" {
/**
* create an update packet from zone name, class and the rr lists
* \param[in] zone_rdf name of the zone
* The returned packet will take ownership of zone_rdf, so the caller should not free it
* \param[in] clas zone class
* \param[in] pr_rrlist list of Prerequisite Section RRs
* \param[in] up_rrlist list of Updates Section RRs
* \param[in] ad_rrlist list of Additional Data Section RRs (currently unused)
* \return the new packet
*/
ldns_pkt *ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class clas, ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist);
ldns_pkt *ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class clas, const ldns_rr_list *pr_rrlist, const ldns_rr_list *up_rrlist, const ldns_rr_list *ad_rrlist);
/**
* add tsig credentials to
@ -43,7 +44,7 @@ ldns_pkt *ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class clas, ldns_rr_li
*
* \return status wether successfull or not
*/
ldns_status ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r);
ldns_status ldns_update_pkt_tsig_add(ldns_pkt *p, const ldns_resolver *r);
/* access functions */

6
contrib/ldns/ldns/util.h
View File

@ -27,8 +27,8 @@ extern "C" {
#define dprintf(X,Y) fprintf(stderr, (X), (Y))
/* #define dprintf(X, Y) */
#define LDNS_VERSION "1.6.17"
#define LDNS_REVISION ((1<<16)|(6<<8)|(17))
#define LDNS_VERSION "1.7.0"
#define LDNS_REVISION ((1<<16)|(7<<8)|(0))
/**
* splint static inline workaround
@ -276,7 +276,7 @@ time_t mktime_from_utc(const struct tm *tm);
* The function interprets time as the number of seconds since epoch
* with respect to now using serial arithmitics (rfc1982).
* That number of seconds is then converted to broken-out time information.
* This is especially usefull when converting the inception and expiration
* This is especially useful when converting the inception and expiration
* fields of RRSIG records.
*
* \param[in] time number of seconds since epoch (midnight, January 1st, 1970)

2
contrib/ldns/ldns/util.h.in
View File

@ -276,7 +276,7 @@ time_t mktime_from_utc(const struct tm *tm);
* The function interprets time as the number of seconds since epoch
* with respect to now using serial arithmitics (rfc1982).
* That number of seconds is then converted to broken-out time information.
* This is especially usefull when converting the inception and expiration
* This is especially useful when converting the inception and expiration
* fields of RRSIG records.
*
* \param[in] time number of seconds since epoch (midnight, January 1st, 1970)

7
contrib/ldns/ldns/wire2host.h
View File

@ -99,9 +99,6 @@ extern "C" {
/* Counter of the question section */
#define LDNS_QDCOUNT_OFF 4
/*
#define QDCOUNT(wirebuf) (ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF)))
*/
#define LDNS_QDCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_QDCOUNT_OFF))
/* Counter of the answer section */
@ -129,7 +126,7 @@ extern "C" {
ldns_status ldns_wire2pkt(ldns_pkt **packet, const uint8_t *data, size_t len);
/**
* converts the data on the uint8_t bytearray (in wire format) to a DNS packet.
* converts the data in the ldns_buffer (in wire format) to a DNS packet.
* This function will initialize and allocate memory space for the packet
* structure.
*
@ -137,7 +134,7 @@ ldns_status ldns_wire2pkt(ldns_pkt **packet, const uint8_t *data, size_t len);
* \param[in] buffer the buffer with the data
* \return LDNS_STATUS_OK if everything succeeds, error otherwise
*/
ldns_status ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer);
ldns_status ldns_buffer2pkt_wire(ldns_pkt **packet, const ldns_buffer *buffer);
/**
* converts the data on the uint8_t bytearray (in wire format) to a DNS

6
contrib/ldns/ldns/zone.h
View File

@ -99,7 +99,7 @@ void ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist);
* \param[in] list the list to add
* \return a true on succes otherwise falsed
*/
bool ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list);
bool ldns_zone_push_rr_list(ldns_zone *z, const ldns_rr_list *list);
/**
* push an single rr to a zone structure. This function use pointer
@ -135,7 +135,7 @@ ldns_rr_list *ldns_zone_glue_rr_list(const ldns_zone *z);
*
* \return ldns_status mesg with an error or LDNS_STATUS_OK
*/
ldns_status ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c);
ldns_status ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t ttl, ldns_rr_class c);
/**
* Create a new zone from a file, keep track of the line numbering
@ -148,7 +148,7 @@ ldns_status ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint
*
* \return ldns_status mesg with an error or LDNS_STATUS_OK
*/
ldns_status ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c, int *line_nr);
ldns_status ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t ttl, ldns_rr_class c, int *line_nr);
/**
* Frees the allocated memory for the zone, and the rr_list structure in it

2493
contrib/ldns/libdns.doxygen
View File

File diff suppressed because it is too large Load Diff

5585
contrib/ldns/ltmain.sh
View File

File diff suppressed because it is too large Load Diff

156
contrib/ldns/m4/ax_config_feature.m4 Normal file
View File

@ -0,0 +1,156 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_config_feature.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_CONFIG_FEATURE(FEATURE-NAME, FEATURE-DESCRIPTION, DEFINE, DEFINE-DESCRIPTION, [ACTION-IF-ENABLED [, ACTION-IF-NOT-ENABLED]])
#
# DESCRIPTION
#
# AX_CONFIG_FEATURE is a simple wrapper for AC_ARG_ENABLE, it enables the
# feature FEATURE-NAME and AC_DEFINEs the passed DEFINE, depending on the
# user choice. DESCRIPTION will be used for AC_DEFINEs. ACTION-IF-ENABLED
# and ACTION-IF-NOT-ENABLED are the actions that will be run. A feature is
# enabled by default, in order to change this behaviour use the
# AX_CONFIG_FEATURE_DEFAULT_ENABLED and AX_CONFIG_FEATURE_DEFAULT_DISABLED
# macros.
#
# A simple example:
#
# AX_CONFIG_FEATURE_DEFAULT_ENABLED
# AX_CONFIG_FEATURE(feature_xxxxx, [turns on/off XXXXX support],
# HAVE_XXXXX, [Define if you want XXXXX support])
#
# ...
#
# AX_CONFIG_FEATURE_DEFAULT_DISABLED
# AX_CONFIG_FEATURE(feature_yyyyy, [turns on/off YYYYY support],
# HAVE_YYYYY, [Define if you want YYYYY support],
# [enable_yyyyy="yes"], [enable_yyyyy="no"])
# AM_CONDITIONAL(YYYYY, [test "$enable_yyyyy" = "yes"])
#
# AX_CONFIG_FEATURE_DEFAULT_ENABLED
# AX_CONFIG_FEATURE(...)
#
# ...
#
# If you have lot of features and you want a verbose dumping of each user
# selection use AX_CONFIG_FEATURE_VERBOSE. Use AX_CONFIG_FEATURE_SILENT in
# order to remove a previously AX_CONFIG_FEATURE_VERBOSE. By default
# features are silent.
#
# Use AX_CONFIG_FEATURE_ENABLE or AX_CONFIG_FEATURE_DISABLE in order to
# enable or disable a specific feature.
#
# Another simple example:
#
# AS_IF([some_test_here],[AX_CONFIG_FEATURE_ENABLE(feature_xxxxx)],[])
#
# AX_CONFIG_FEATURE(feature_xxxxx, [turns on/off XXXXX support],
# HAVE_XXXXX, [Define if you want XXXXX support])
# AX_CONFIG_FEATURE(feature_yyyyy, [turns on/off YYYYY support],
# HAVE_YYYYY, [Define if you want YYYYY support],
# [enable_yyyyy="yes"], [enable_yyyyy="no"])
#
# ...
#
# NOTE: AX_CONFIG_FEATURE_ENABLE() must be placed first of the relative
# AX_CONFIG_FEATURE() macro ...
#
# LICENSE
#
# Copyright (c) 2008 Francesco Salvestrini <salvestrini@users.sourceforge.net>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 10
AC_DEFUN([AX_CONFIG_FEATURE],[ dnl
m4_pushdef([FEATURE], patsubst([$1], -, _))dnl
AC_ARG_ENABLE([$1],AS_HELP_STRING([--enable-$1],[$2]),[
case "${enableval}" in
yes)
ax_config_feature_[]FEATURE[]="yes"
;;
no)
ax_config_feature_[]FEATURE[]="no"
;;
*)
AC_MSG_ERROR([bad value ${enableval} for feature --$1])
;;
esac
])
AS_IF([test "$ax_config_feature_[]FEATURE[]" = yes],[ dnl
AC_DEFINE([$3])
$5
AS_IF([test "$ax_config_feature_verbose" = yes],[ dnl
AC_MSG_NOTICE([Feature $1 is enabled])
])
],[ dnl
$6
AS_IF([test "$ax_config_feature_verbose" = yes],[ dnl
AC_MSG_NOTICE([Feature $1 is disabled])
])
])
AH_TEMPLATE([$3],[$4])
m4_popdef([FEATURE])dnl
])
dnl Feature global
AC_DEFUN([AX_CONFIG_FEATURE_VERBOSE],[ dnl
ax_config_feature_verbose=yes
])
dnl Feature global
AC_DEFUN([AX_CONFIG_FEATURE_SILENT],[ dnl
ax_config_feature_verbose=no
])
dnl Feature specific
AC_DEFUN([AX_CONFIG_FEATURE_DEFAULT_ENABLED], [
ax_config_feature_[]FEATURE[]_default=yes
])
dnl Feature specific
AC_DEFUN([AX_CONFIG_FEATURE_DEFAULT_DISABLED], [
ax_config_feature_[]FEATURE[]_default=no
])
dnl Feature specific
AC_DEFUN([AX_CONFIG_FEATURE_ENABLE],[ dnl
ax_config_feature_[]patsubst([$1], -, _)[]=yes
])
dnl Feature specific
AC_DEFUN([AX_CONFIG_FEATURE_DISABLE],[ dnl
ax_config_feature_[]patsubst([$1], -, _)[]=no
])

72
contrib/ldns/m4/ax_have_poll.m4 Normal file
View File

@ -0,0 +1,72 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_have_poll.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_HAVE_POLL([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
# AX_HAVE_PPOLL([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
#
# DESCRIPTION
#
# This macro determines whether the system supports the poll I/O event
# interface. A neat usage example would be:
#
# AX_HAVE_POLL(
# [AX_CONFIG_FEATURE_ENABLE(poll)],
# [AX_CONFIG_FEATURE_DISABLE(poll)])
# AX_CONFIG_FEATURE(
# [poll], [This platform supports poll(7)],
# [HAVE_POLL], [This platform supports poll(7).])
#
# Some systems -- most notably Linux kernel 2.6.16 and later -- also have
# the variant ppoll(). The availability of that function can be tested
# with the second macro. Generally speaking, it is safe to assume that
# AX_HAVE_POLL would succeed if AX_HAVE_PPOLL has, but not the other way
# round.
#
# LICENSE
#
# Copyright (c) 2009 Peter Simons <simons@cryp.to>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 7
AC_DEFUN([AX_HAVE_POLL], [dnl
AC_MSG_CHECKING([for poll(2)])
AC_CACHE_VAL([ax_cv_have_poll], [dnl
AC_LINK_IFELSE([dnl
AC_LANG_PROGRAM(
[#include <poll.h>],
[int rc; rc = poll((struct pollfd *)(0), 0, 0);])],
[ax_cv_have_poll=yes],
[ax_cv_have_poll=no])])
AS_IF([test "${ax_cv_have_poll}" = "yes"],
[AC_MSG_RESULT([yes])
$1],[AC_MSG_RESULT([no])
$2])
])dnl
AC_DEFUN([AX_HAVE_PPOLL], [dnl
AC_MSG_CHECKING([for ppoll(2)])
AC_CACHE_VAL([ax_cv_have_ppoll], [dnl
AC_LINK_IFELSE([dnl
AC_LANG_PROGRAM(
[dnl
#include <poll.h>
#include <signal.h>],
[dnl
int rc;
rc = poll((struct pollfd *)(0), 0, 0);
rc = ppoll((struct pollfd *)(0), 0, (struct timespec const *)(0), (sigset_t const *)(0));])],
[ax_cv_have_ppoll=yes],
[ax_cv_have_ppoll=no])])
AS_IF([test "${ax_cv_have_ppoll}" = "yes"],
[AC_MSG_RESULT([yes])
$1],[AC_MSG_RESULT([no])
$2])
])

2564
contrib/ldns/m4/libtool.m4 vendored
View File

File diff suppressed because it is too large Load Diff

127
contrib/ldns/m4/ltoptions.m4 vendored
View File

@ -1,14 +1,14 @@
# Helper functions for option handling. -*- Autoconf -*-
#
# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
# Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
# serial 7 ltoptions.m4
# serial 8 ltoptions.m4
# This is to help aclocal find these macros, as it can't see m4_define.
AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
@ -29,7 +29,7 @@ m4_define([_LT_SET_OPTION],
[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
_LT_MANGLE_DEFUN([$1], [$2]),
[m4_warning([Unknown $1 option `$2'])])[]dnl
[m4_warning([Unknown $1 option '$2'])])[]dnl
])
@ -75,13 +75,15 @@ m4_if([$1],[LT_INIT],[
dnl
dnl If no reference was made to various pairs of opposing options, then
dnl we run the default mode handler for the pair. For example, if neither
dnl `shared' nor `disable-shared' was passed, we enable building of shared
dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
dnl archives by default:
_LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
_LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
_LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
_LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
[_LT_ENABLE_FAST_INSTALL])
[_LT_ENABLE_FAST_INSTALL])
_LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
[_LT_WITH_AIX_SONAME([aix])])
])
])# _LT_SET_OPTIONS
@ -112,7 +114,7 @@ AU_DEFUN([AC_LIBTOOL_DLOPEN],
[_LT_SET_OPTION([LT_INIT], [dlopen])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `dlopen' option into LT_INIT's first parameter.])
put the 'dlopen' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@ -148,7 +150,7 @@ AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
_LT_SET_OPTION([LT_INIT], [win32-dll])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `win32-dll' option into LT_INIT's first parameter.])
put the 'win32-dll' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@ -157,9 +159,9 @@ dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
# _LT_ENABLE_SHARED([DEFAULT])
# ----------------------------
# implement the --enable-shared flag, and supports the `shared' and
# `disable-shared' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
# implement the --enable-shared flag, and supports the 'shared' and
# 'disable-shared' LT_INIT options.
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_SHARED],
[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([shared],
@ -172,14 +174,14 @@ AC_ARG_ENABLE([shared],
*)
enable_shared=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_shared=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
@ -211,9 +213,9 @@ dnl AC_DEFUN([AM_DISABLE_SHARED], [])
# _LT_ENABLE_STATIC([DEFAULT])
# ----------------------------
# implement the --enable-static flag, and support the `static' and
# `disable-static' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
# implement the --enable-static flag, and support the 'static' and
# 'disable-static' LT_INIT options.
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_STATIC],
[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([static],
@ -226,14 +228,14 @@ AC_ARG_ENABLE([static],
*)
enable_static=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_static=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[enable_static=]_LT_ENABLE_STATIC_DEFAULT)
@ -265,9 +267,9 @@ dnl AC_DEFUN([AM_DISABLE_STATIC], [])
# _LT_ENABLE_FAST_INSTALL([DEFAULT])
# ----------------------------------
# implement the --enable-fast-install flag, and support the `fast-install'
# and `disable-fast-install' LT_INIT options.
# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
# implement the --enable-fast-install flag, and support the 'fast-install'
# and 'disable-fast-install' LT_INIT options.
# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
m4_define([_LT_ENABLE_FAST_INSTALL],
[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
AC_ARG_ENABLE([fast-install],
@ -280,14 +282,14 @@ AC_ARG_ENABLE([fast-install],
*)
enable_fast_install=no
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for pkg in $enableval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$pkg" = "X$p"; then
enable_fast_install=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
@ -304,14 +306,14 @@ AU_DEFUN([AC_ENABLE_FAST_INSTALL],
[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
the `fast-install' option into LT_INIT's first parameter.])
the 'fast-install' option into LT_INIT's first parameter.])
])
AU_DEFUN([AC_DISABLE_FAST_INSTALL],
[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
the `disable-fast-install' option into LT_INIT's first parameter.])
the 'disable-fast-install' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:
@ -319,11 +321,64 @@ dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
# _LT_WITH_AIX_SONAME([DEFAULT])
# ----------------------------------
# implement the --with-aix-soname flag, and support the `aix-soname=aix'
# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'.
m4_define([_LT_WITH_AIX_SONAME],
[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
shared_archive_member_spec=
case $host,$enable_shared in
power*-*-aix[[5-9]]*,yes)
AC_MSG_CHECKING([which variant of shared library versioning to provide])
AC_ARG_WITH([aix-soname],
[AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
[shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
[case $withval in
aix|svr4|both)
;;
*)
AC_MSG_ERROR([Unknown argument to --with-aix-soname])
;;
esac
lt_cv_with_aix_soname=$with_aix_soname],
[AC_CACHE_VAL([lt_cv_with_aix_soname],
[lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
with_aix_soname=$lt_cv_with_aix_soname])
AC_MSG_RESULT([$with_aix_soname])
if test aix != "$with_aix_soname"; then
# For the AIX way of multilib, we name the shared archive member
# based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
# and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
# Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
# the AIX toolchain works better with OBJECT_MODE set (default 32).
if test 64 = "${OBJECT_MODE-32}"; then
shared_archive_member_spec=shr_64
else
shared_archive_member_spec=shr
fi
fi
;;
*)
with_aix_soname=aix
;;
esac
_LT_DECL([], [shared_archive_member_spec], [0],
[Shared archive member basename, for filename based shared library versioning on AIX])dnl
])# _LT_WITH_AIX_SONAME
LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
# _LT_WITH_PIC([MODE])
# --------------------
# implement the --with-pic flag, and support the `pic-only' and `no-pic'
# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
# LT_INIT options.
# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'.
m4_define([_LT_WITH_PIC],
[AC_ARG_WITH([pic],
[AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
@ -334,19 +389,17 @@ m4_define([_LT_WITH_PIC],
*)
pic_mode=default
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
for lt_pkg in $withval; do
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
if test "X$lt_pkg" = "X$lt_p"; then
pic_mode=yes
fi
done
IFS="$lt_save_ifs"
IFS=$lt_save_ifs
;;
esac],
[pic_mode=default])
test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
[pic_mode=m4_default([$1], [default])])
_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
])# _LT_WITH_PIC
@ -359,7 +412,7 @@ AU_DEFUN([AC_LIBTOOL_PICMODE],
[_LT_SET_OPTION([LT_INIT], [pic-only])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the `pic-only' option into LT_INIT's first parameter.])
put the 'pic-only' option into LT_INIT's first parameter.])
])
dnl aclocal-1.4 backwards compatibility:

7
contrib/ldns/m4/ltsugar.m4 vendored
View File

@ -1,6 +1,7 @@
# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
#
# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
# Foundation, Inc.
# Written by Gary V. Vaughan, 2004
#
# This file is free software; the Free Software Foundation gives
@ -33,7 +34,7 @@ m4_define([_lt_join],
# ------------
# Manipulate m4 lists.
# These macros are necessary as long as will still need to support
# Autoconf-2.59 which quotes differently.
# Autoconf-2.59, which quotes differently.
m4_define([lt_car], [[$1]])
m4_define([lt_cdr],
[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
@ -44,7 +45,7 @@ m4_define([lt_unquote], $1)
# lt_append(MACRO-NAME, STRING, [SEPARATOR])
# ------------------------------------------
# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
# Note that neither SEPARATOR nor STRING are expanded; they are appended
# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
# No SEPARATOR is output if MACRO-NAME was previously undefined (different

12
contrib/ldns/m4/ltversion.m4 vendored
View File

@ -1,6 +1,6 @@
# ltversion.m4 -- version numbers -*- Autoconf -*-
#
# Copyright (C) 2004 Free Software Foundation, Inc.
# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
# Written by Scott James Remnant, 2004
#
# This file is free software; the Free Software Foundation gives
@ -9,15 +9,15 @@
# @configure_input@
# serial 3337 ltversion.m4
# serial 4179 ltversion.m4
# This file is part of GNU Libtool
m4_define([LT_PACKAGE_VERSION], [2.4.2])
m4_define([LT_PACKAGE_REVISION], [1.3337])
m4_define([LT_PACKAGE_VERSION], [2.4.6])
m4_define([LT_PACKAGE_REVISION], [2.4.6])
AC_DEFUN([LTVERSION_VERSION],
[macro_version='2.4.2'
macro_revision='1.3337'
[macro_version='2.4.6'
macro_revision='2.4.6'
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
_LT_DECL(, macro_revision, 0)
])

7
contrib/ldns/m4/lt~obsolete.m4 vendored
View File

@ -1,6 +1,7 @@
# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
#
# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc.
# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
# Foundation, Inc.
# Written by Scott James Remnant, 2004.
#
# This file is free software; the Free Software Foundation gives
@ -11,7 +12,7 @@
# These exist entirely to fool aclocal when bootstrapping libtool.
#
# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
# which have later been changed to m4_define as they aren't part of the
# exported API, or moved to Autoconf or Automake where they belong.
#
@ -25,7 +26,7 @@
# included after everything else. This provides aclocal with the
# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
# because those macros already exist, or will be overwritten later.
# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
#
# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
# Yes, that means every name once taken will need to remain here until

122
contrib/ldns/net.c
View File

@ -30,6 +30,9 @@
#include <sys/time.h>
#include <errno.h>
#include <fcntl.h>
#ifdef HAVE_POLL
#include <poll.h>
#endif
ldns_status
ldns_send(ldns_pkt **result_packet, ldns_resolver *r, const ldns_pkt *query_pkt)
@ -150,6 +153,7 @@ static int
ldns_sock_wait(int sockfd, struct timeval timeout, int write)
{
int ret;
#ifndef HAVE_POLL
#ifndef S_SPLINT_S
fd_set fds;
FD_ZERO(&fds);
@ -158,6 +162,21 @@ ldns_sock_wait(int sockfd, struct timeval timeout, int write)
ret = select(sockfd+1, NULL, &fds, NULL, &timeout);
else
ret = select(sockfd+1, &fds, NULL, NULL, &timeout);
#endif
#else
struct pollfd pfds[2];
memset(&pfds[0], 0, sizeof(pfds[0]) * 2);
pfds[0].fd = sockfd;
pfds[0].events = POLLIN|POLLERR;
if (write) {
pfds[0].events |= POLLOUT;
}
ret = poll(pfds, 1, (int)(timeout.tv_sec * 1000
+ timeout.tv_usec / 1000));
#endif
if(ret == 0)
/* timeout expired */
@ -178,30 +197,30 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
#ifndef S_SPLINT_S
if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_STREAM,
IPPROTO_TCP)) == -1) {
IPPROTO_TCP)) == SOCK_INVALID) {
return 0;
}
#endif
if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){
if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == SOCK_INVALID){
return 0;
}
/* perform nonblocking connect, to be able to wait with select() */
ldns_sock_nonblock(sockfd);
if (connect(sockfd, (struct sockaddr*)to, tolen) == -1) {
if (connect(sockfd, (struct sockaddr*)to, tolen) == SOCK_INVALID) {
#ifndef USE_WINSOCK
#ifdef EINPROGRESS
if(errno != EINPROGRESS) {
#else
if(1) {
#endif
close(sockfd);
close_socket(sockfd);
return 0;
}
#else /* USE_WINSOCK */
if(WSAGetLastError() != WSAEINPROGRESS &&
WSAGetLastError() != WSAEWOULDBLOCK) {
closesocket(sockfd);
close_socket(sockfd);
return 0;
}
#endif
@ -214,11 +233,7 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
socklen_t len = (socklen_t)sizeof(error);
if(!ldns_sock_wait(sockfd, timeout, 1)) {
#ifndef USE_WINSOCK
close(sockfd);
#else
closesocket(sockfd);
#endif
close_socket(sockfd);
return 0;
}
@ -237,7 +252,7 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
continue; /* try again */
#endif
else if(error != 0) {
close(sockfd);
close_socket(sockfd);
/* error in errno for our user */
errno = error;
return 0;
@ -248,7 +263,7 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
else if(error == WSAEWOULDBLOCK)
continue;
else if(error != 0) {
closesocket(sockfd);
close_socket(sockfd);
errno = error;
return 0;
}
@ -285,11 +300,7 @@ ldns_tcp_bgsend_from(ldns_buffer *qbin,
}
if (ldns_tcp_send_query(qbin, sockfd, to, tolen) == 0) {
#ifndef USE_WINSOCK
close(sockfd);
#else
closesocket(sockfd);
#endif
close_socket(sockfd);
return 0;
}
@ -324,11 +335,7 @@ ldns_tcp_send_from(uint8_t **result, ldns_buffer *qbin,
}
answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout);
#ifndef USE_WINSOCK
close(sockfd);
#else
closesocket(sockfd);
#endif
close_socket(sockfd);
if (*answer_size == 0) {
/* oops */
@ -387,11 +394,7 @@ ldns_udp_bgsend_from(ldns_buffer *qbin,
}
if (ldns_udp_send_query(qbin, sockfd, to, tolen) == 0) {
#ifndef USE_WINSOCK
close(sockfd);
#else
closesocket(sockfd);
#endif
close_socket(sockfd);
return 0;
}
return sockfd;
@ -422,11 +425,7 @@ ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin,
/* wait for an response*/
if(!ldns_sock_wait(sockfd, timeout, 0)) {
#ifndef USE_WINSOCK
close(sockfd);
#else
closesocket(sockfd);
#endif
close_socket(sockfd);
return LDNS_STATUS_NETWORK_ERR;
}
@ -436,11 +435,7 @@ ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin,
ldns_sock_nonblock(sockfd);
answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL);
#ifndef USE_WINSOCK
close(sockfd);
#else
closesocket(sockfd);
#endif
close_socket(sockfd);
if (*answer_size == 0) {
/* oops */
@ -827,7 +822,7 @@ ldns_tcp_read_wire(int sockfd, size_t *size)
#ifndef S_SPLINT_S
ldns_rdf *
ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port)
ldns_sockaddr_storage2rdf(const struct sockaddr_storage *sock, uint16_t *port)
{
ldns_rdf *addr;
struct sockaddr_in *data_in;
@ -862,7 +857,7 @@ ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port)
/* code from resolver.c */
ldns_status
ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
ldns_axfr_start(ldns_resolver *resolver, const ldns_rdf *domain, ldns_rr_class class)
{
ldns_pkt *query;
ldns_buffer *query_wire;
@ -892,7 +887,7 @@ ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
* @hostname is used */
for (ns_i = 0;
ns_i < ldns_resolver_nameserver_count(resolver) &&
resolver->_socket == 0;
resolver->_socket == SOCK_INVALID;
ns_i++) {
if (ns != NULL) {
LDNS_FREE(ns);
@ -900,6 +895,23 @@ ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
ns = ldns_rdf2native_sockaddr_storage(
resolver->_nameservers[ns_i],
ldns_resolver_port(resolver), &ns_len);
#ifndef S_SPLINT_S
if ((ns->ss_family == AF_INET) &&
(ldns_resolver_ip6(resolver) == LDNS_RESOLV_INET6)) {
/* not reachable */
LDNS_FREE(ns);
ns = NULL;
continue;
}
if ((ns->ss_family == AF_INET6) &&
(ldns_resolver_ip6(resolver) == LDNS_RESOLV_INET)) {
/* not reachable */
LDNS_FREE(ns);
ns = NULL;
continue;
}
#endif
resolver->_socket = ldns_tcp_connect_from(
ns, (socklen_t)ns_len,
@ -907,7 +919,7 @@ ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
ldns_resolver_timeout(resolver));
}
if (resolver->_socket == 0) {
if (resolver->_socket == SOCK_INVALID) {
ldns_pkt_free(query);
LDNS_FREE(ns);
return LDNS_STATUS_NETWORK_ERR;
@ -922,11 +934,7 @@ ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
if (status != LDNS_STATUS_OK) {
/* to prevent problems on subsequent calls to
* ldns_axfr_start we have to close the socket here! */
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
close_socket(resolver->_socket);
resolver->_socket = 0;
ldns_pkt_free(query);
@ -944,12 +952,8 @@ ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
if(!query_wire) {
ldns_pkt_free(query);
LDNS_FREE(ns);
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
resolver->_socket = 0;
close_socket(resolver->_socket);
return LDNS_STATUS_MEM_ERR;
}
@ -961,11 +965,7 @@ ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
/* to prevent problems on subsequent calls to ldns_axfr_start
* we have to close the socket here! */
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
close_socket(resolver->_socket);
resolver->_socket = 0;
return status;
@ -980,12 +980,8 @@ ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
/* to prevent problems on subsequent calls to ldns_axfr_start
* we have to close the socket here! */
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
resolver->_socket = 0;
close_socket(resolver->_socket);
return LDNS_STATUS_NETWORK_ERR;
}

6
contrib/ldns/packaging/ldns-config.1
View File

@ -24,7 +24,11 @@ Show the flags to be used to link with ldns
.TP
\fB--version\fR
Shows the version of the installed ldns library
Shows the ldns version of the installed ldns library
.TP
\fB--libversion\fR
Shows version of the binary api of the installed ldns library
.TP
\fB--help\fR

5
contrib/ldns/packaging/ldns-config.in
View File

@ -9,6 +9,7 @@ LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ @PYTHON_LDFLAGS@"
LIBS="@LIBS@ @LIBSSL_LIBS@"
LIBDIR="@libdir@"
INCLUDEDIR="@includedir@"
LIBVERSION="@VERSION_INFO@"
for arg in $@
do
@ -28,4 +29,8 @@ do
then
echo "${VERSION}"
fi
if [ $arg = "--libversion" ]
then
echo "${LIBVERSION}"
fi
done

26
contrib/ldns/packet.c
View File

@ -250,8 +250,8 @@ ldns_pkt_edns_data(const ldns_pkt *packet)
/* return only those rr that share the ownername */
ldns_rr_list *
ldns_pkt_rr_list_by_name(ldns_pkt *packet,
ldns_rdf *ownername,
ldns_pkt_rr_list_by_name(const ldns_pkt *packet,
const ldns_rdf *ownername,
ldns_pkt_section sec)
{
ldns_rr_list *rrs;
@ -273,9 +273,15 @@ ldns_pkt_rr_list_by_name(ldns_pkt *packet,
if (ret == NULL) {
ret = ldns_rr_list_new();
}
ldns_rr_list_push_rr(ret, ldns_rr_list_rr(rrs, i));
ldns_rr_list_push_rr(ret,
ldns_rr_clone(
ldns_rr_list_rr(rrs, i))
);
}
}
ldns_rr_list_deep_free(rrs);
return ret;
}
@ -354,7 +360,7 @@ ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet,
}
bool
ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr)
ldns_pkt_rr(const ldns_pkt *pkt, ldns_pkt_section sec, const ldns_rr *rr)
{
bool result = false;
@ -721,7 +727,8 @@ ldns_pkt_edns(const ldns_pkt *pkt) {
return (ldns_pkt_edns_udp_size(pkt) > 0 ||
ldns_pkt_edns_extended_rcode(pkt) > 0 ||
ldns_pkt_edns_data(pkt) ||
ldns_pkt_edns_do(pkt)
ldns_pkt_edns_do(pkt) ||
pkt->_edns_present
);
}
@ -774,6 +781,7 @@ ldns_pkt_new(void)
ldns_pkt_set_edns_version(packet, 0);
ldns_pkt_set_edns_z(packet, 0);
ldns_pkt_set_edns_data(packet, NULL);
packet->_edns_present = false;
ldns_pkt_set_tsig(packet, NULL);
@ -828,7 +836,7 @@ ldns_pkt_set_flags(ldns_pkt *packet, uint16_t flags)
static ldns_rr*
ldns_pkt_authsoa(ldns_rdf* rr_name, ldns_rr_class rr_class)
ldns_pkt_authsoa(const ldns_rdf* rr_name, ldns_rr_class rr_class)
{
ldns_rr* soa_rr = ldns_rr_new();
ldns_rdf *owner_rdf;
@ -1051,7 +1059,7 @@ ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class,
}
ldns_pkt_type
ldns_pkt_reply_type(ldns_pkt *p)
ldns_pkt_reply_type(const ldns_pkt *p)
{
ldns_rr_list *tmp;
@ -1097,7 +1105,7 @@ ldns_pkt_reply_type(ldns_pkt *p)
}
ldns_pkt *
ldns_pkt_clone(ldns_pkt *pkt)
ldns_pkt_clone(const ldns_pkt *pkt)
{
ldns_pkt *new_pkt;
@ -1123,6 +1131,7 @@ ldns_pkt_clone(ldns_pkt *pkt)
if (ldns_pkt_answerfrom(pkt))
ldns_pkt_set_answerfrom(new_pkt,
ldns_rdf_clone(ldns_pkt_answerfrom(pkt)));
ldns_pkt_set_timestamp(new_pkt, ldns_pkt_timestamp(pkt));
ldns_pkt_set_querytime(new_pkt, ldns_pkt_querytime(pkt));
ldns_pkt_set_size(new_pkt, ldns_pkt_size(pkt));
ldns_pkt_set_tsig(new_pkt, ldns_rr_clone(ldns_pkt_tsig(pkt)));
@ -1131,6 +1140,7 @@ ldns_pkt_clone(ldns_pkt *pkt)
ldns_pkt_set_edns_extended_rcode(new_pkt,
ldns_pkt_edns_extended_rcode(pkt));
ldns_pkt_set_edns_version(new_pkt, ldns_pkt_edns_version(pkt));
new_pkt->_edns_present = pkt->_edns_present;
ldns_pkt_set_edns_z(new_pkt, ldns_pkt_edns_z(pkt));
if(ldns_pkt_edns_data(pkt))
ldns_pkt_set_edns_data(new_pkt,

8
contrib/ldns/parse.c
View File

@ -161,7 +161,9 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
return (ssize_t)i;
tokenread:
ldns_fskipcs_l(f, del, line_nr);
if(*del == '"') /* do not skip over quotes, they are significant */
ldns_fskipcs_l(f, del+1, line_nr);
else ldns_fskipcs_l(f, del, line_nr);
*t = '\0';
if (p != 0) {
return -1;
@ -331,7 +333,9 @@ ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit)
return (ssize_t)i;
tokenread:
ldns_bskipcs(b, del);
if(*del == '"') /* do not skip over quotes, they are significant */
ldns_bskipcs(b, del+1);
else ldns_bskipcs(b, del);
*t = '\0';
if (p != 0) {

32
contrib/ldns/radix.c
View File

@ -23,16 +23,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
@ -311,7 +311,7 @@ ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len,
* Delete data from the tree.
*
*/
void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len)
void* ldns_radix_delete(ldns_radix_t* tree, const uint8_t* key, radix_strlen_t len)
{
ldns_radix_node_t* del = ldns_radix_search(tree, key, len);
void* data = NULL;
@ -331,7 +331,7 @@ void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len)
*
*/
ldns_radix_node_t*
ldns_radix_search(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len)
ldns_radix_search(ldns_radix_t* tree, const uint8_t* key, radix_strlen_t len)
{
ldns_radix_node_t* node = NULL;
radix_strlen_t pos = 0;
@ -377,7 +377,7 @@ ldns_radix_search(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len)
*
*/
int
ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key,
ldns_radix_find_less_equal(ldns_radix_t* tree, const uint8_t* key,
radix_strlen_t len, ldns_radix_node_t** result)
{
ldns_radix_node_t* node = NULL;
@ -477,7 +477,7 @@ ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key,
*
*/
ldns_radix_node_t*
ldns_radix_first(ldns_radix_t* tree)
ldns_radix_first(const ldns_radix_t* tree)
{
ldns_radix_node_t* first = NULL;
if (!tree || !tree->root) {
@ -496,7 +496,7 @@ ldns_radix_first(ldns_radix_t* tree)
*
*/
ldns_radix_node_t*
ldns_radix_last(ldns_radix_t* tree)
ldns_radix_last(const ldns_radix_t* tree)
{
if (!tree || !tree->root) {
return NULL;
@ -621,7 +621,7 @@ ldns_radix_node_print(FILE* fd, ldns_radix_node_t* node,
*
*/
void
ldns_radix_printf(FILE* fd, ldns_radix_t* tree)
ldns_radix_printf(FILE* fd, const ldns_radix_t* tree)
{
if (!fd || !tree) {
return;

26
contrib/ldns/rbtree.c
View File

@ -23,16 +23,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
@ -545,7 +545,7 @@ ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key, ldns_rbnode_
*
*/
ldns_rbnode_t *
ldns_rbtree_first (ldns_rbtree_t *rbtree)
ldns_rbtree_first(const ldns_rbtree_t *rbtree)
{
ldns_rbnode_t *node = rbtree->root;
@ -556,7 +556,7 @@ ldns_rbtree_first (ldns_rbtree_t *rbtree)
}
ldns_rbnode_t *
ldns_rbtree_last (ldns_rbtree_t *rbtree)
ldns_rbtree_last(const ldns_rbtree_t *rbtree)
{
ldns_rbnode_t *node = rbtree->root;
@ -571,7 +571,7 @@ ldns_rbtree_last (ldns_rbtree_t *rbtree)
*
*/
ldns_rbnode_t *
ldns_rbtree_next (ldns_rbnode_t *node)
ldns_rbtree_next(ldns_rbnode_t *node)
{
ldns_rbnode_t *parent;

13
contrib/ldns/rdata.c
View File

@ -351,6 +351,15 @@ ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str)
case LDNS_RDF_TYPE_LONG_STR:
status = ldns_str2rdf_long_str(&rdf, str);
break;
case LDNS_RDF_TYPE_CERTIFICATE_USAGE:
status = ldns_str2rdf_certificate_usage(&rdf, str);
break;
case LDNS_RDF_TYPE_SELECTOR:
status = ldns_str2rdf_selector(&rdf, str);
break;
case LDNS_RDF_TYPE_MATCHING_TYPE:
status = ldns_str2rdf_matching_type(&rdf, str);
break;
case LDNS_RDF_TYPE_NONE:
default:
/* default default ??? */
@ -401,7 +410,7 @@ ldns_rdf_new_frm_fp_l(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp, int *line_nr
}
ldns_rdf *
ldns_rdf_address_reverse(ldns_rdf *rd)
ldns_rdf_address_reverse(const ldns_rdf *rd)
{
uint8_t buf_4[LDNS_IP4ADDRLEN];
uint8_t buf_6[LDNS_IP6ADDRLEN * 2];
@ -466,7 +475,7 @@ ldns_rdf_address_reverse(ldns_rdf *rd)
/* some foo magic to reverse the nibbles ... */
for (nbit = 127; nbit >= 0; nbit = nbit - 4) {
/* calculate octett (8 bit) */
/* calculate octet (8 bit) */
octet = ( ((unsigned int) nbit) & 0x78) >> 3;
/* calculate nibble */
nnibble = ( ((unsigned int) nbit) & 0x04) >> 2;

245
contrib/ldns/resolver.c
View File

@ -203,19 +203,19 @@ ldns_resolver_timeout(const ldns_resolver *r)
return r->_timeout;
}
char *
const char *
ldns_resolver_tsig_keyname(const ldns_resolver *r)
{
return r->_tsig_keyname;
}
char *
const char *
ldns_resolver_tsig_algorithm(const ldns_resolver *r)
{
return r->_tsig_algorithm;
}
char *
const char *
ldns_resolver_tsig_keydata(const ldns_resolver *r)
{
return r->_tsig_keydata;
@ -285,7 +285,7 @@ ldns_resolver_pop_nameserver(ldns_resolver *r)
}
ldns_status
ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n)
ldns_resolver_push_nameserver(ldns_resolver *r, const ldns_rdf *n)
{
ldns_rdf **nameservers;
size_t ns_count;
@ -332,7 +332,7 @@ ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n)
}
ldns_status
ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr)
ldns_resolver_push_nameserver_rr(ldns_resolver *r, const ldns_rr *rr)
{
ldns_rdf *address;
if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_A &&
@ -348,7 +348,7 @@ ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr)
}
ldns_status
ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist)
ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, const ldns_rr_list *rrlist)
{
ldns_rr *rr;
ldns_status stat;
@ -577,21 +577,21 @@ ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *d)
}
void
ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname)
ldns_resolver_set_tsig_keyname(ldns_resolver *r, const char *tsig_keyname)
{
LDNS_FREE(r->_tsig_keyname);
r->_tsig_keyname = strdup(tsig_keyname);
}
void
ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm)
ldns_resolver_set_tsig_algorithm(ldns_resolver *r, const char *tsig_algorithm)
{
LDNS_FREE(r->_tsig_algorithm);
r->_tsig_algorithm = strdup(tsig_algorithm);
}
void
ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata)
ldns_resolver_set_tsig_keydata(ldns_resolver *r, const char *tsig_keydata)
{
LDNS_FREE(r->_tsig_keydata);
r->_tsig_keydata = strdup(tsig_keydata);
@ -638,6 +638,7 @@ ldns_resolver_new(void)
ldns_resolver_set_recursive(r, false);
ldns_resolver_set_dnsrch(r, true);
ldns_resolver_set_source(r, NULL);
ldns_resolver_set_ixfr_serial(r, 0);
/* randomize the nameserver to be queried
* when there are multiple
@ -649,9 +650,7 @@ ldns_resolver_new(void)
r->_timeout.tv_sec = LDNS_DEFAULT_TIMEOUT_SEC;
r->_timeout.tv_usec = LDNS_DEFAULT_TIMEOUT_USEC;
/* TODO: fd=0 is actually a valid socket (stdin),
replace with -1 */
r->_socket = 0;
r->_socket = -1;
r->_axfr_soa_count = 0;
r->_axfr_i = 0;
r->_cur_axfr_pkt = NULL;
@ -662,6 +661,100 @@ ldns_resolver_new(void)
return r;
}
ldns_resolver *
ldns_resolver_clone(ldns_resolver *src)
{
ldns_resolver *dst;
size_t i;
assert(src != NULL);
if (!(dst = LDNS_MALLOC(ldns_resolver))) return NULL;
(void) memcpy(dst, src, sizeof(ldns_resolver));
if (dst->_searchlist_count == 0)
dst->_searchlist = NULL;
else {
if (!(dst->_searchlist =
LDNS_XMALLOC(ldns_rdf *, dst->_searchlist_count)))
goto error;
for (i = 0; i < dst->_searchlist_count; i++)
if (!(dst->_searchlist[i] =
ldns_rdf_clone(src->_searchlist[i]))) {
dst->_searchlist_count = i;
goto error_searchlist;
}
}
if (dst->_nameserver_count == 0) {
dst->_nameservers = NULL;
dst->_rtt = NULL;
} else {
if (!(dst->_nameservers =
LDNS_XMALLOC(ldns_rdf *, dst->_nameserver_count)))
goto error_searchlist;
for (i = 0; i < dst->_nameserver_count; i++)
if (!(dst->_nameservers[i] =
ldns_rdf_clone(src->_nameservers[i]))) {
dst->_nameserver_count = i;
goto error_nameservers;
}
if (!(dst->_rtt =
LDNS_XMALLOC(size_t, dst->_nameserver_count)))
goto error_nameservers;
(void) memcpy(dst->_rtt, src->_rtt,
sizeof(size_t) * dst->_nameserver_count);
}
if (dst->_domain && (!(dst->_domain = ldns_rdf_clone(src->_domain))))
goto error_rtt;
if (dst->_tsig_keyname &&
(!(dst->_tsig_keyname = strdup(src->_tsig_keyname))))
goto error_domain;
if (dst->_tsig_keydata &&
(!(dst->_tsig_keydata = strdup(src->_tsig_keydata))))
goto error_tsig_keyname;
if (dst->_tsig_algorithm &&
(!(dst->_tsig_algorithm = strdup(src->_tsig_algorithm))))
goto error_tsig_keydata;
if (dst->_cur_axfr_pkt &&
(!(dst->_cur_axfr_pkt = ldns_pkt_clone(src->_cur_axfr_pkt))))
goto error_tsig_algorithm;
if (dst->_dnssec_anchors &&
(!(dst->_dnssec_anchors=ldns_rr_list_clone(src->_dnssec_anchors))))
goto error_cur_axfr_pkt;
return dst;
error_cur_axfr_pkt:
ldns_pkt_free(dst->_cur_axfr_pkt);
error_tsig_algorithm:
LDNS_FREE(dst->_tsig_algorithm);
error_tsig_keydata:
LDNS_FREE(dst->_tsig_keydata);
error_tsig_keyname:
LDNS_FREE(dst->_tsig_keyname);
error_domain:
ldns_rdf_deep_free(dst->_domain);
error_rtt:
LDNS_FREE(dst->_rtt);
error_nameservers:
for (i = 0; i < dst->_nameserver_count; i++)
ldns_rdf_deep_free(dst->_nameservers[i]);
LDNS_FREE(dst->_nameservers);
error_searchlist:
for (i = 0; i < dst->_searchlist_count; i++)
ldns_rdf_deep_free(dst->_searchlist[i]);
LDNS_FREE(dst->_searchlist);
error:
LDNS_FREE(dst);
return NULL;
}
ldns_status
ldns_resolver_new_frm_fp(ldns_resolver **res, FILE *fp)
{
@ -947,6 +1040,8 @@ ldns_resolver_deep_free(ldns_resolver *res)
size_t i;
if (res) {
close_socket(res->_socket);
if (res->_searchlist) {
for (i = 0; i < ldns_resolver_searchlist_count(res); i++) {
ldns_rdf_deep_free(res->_searchlist[i]);
@ -995,25 +1090,34 @@ ldns_resolver_search_status(ldns_pkt** pkt,
ldns_rdf **search_list;
size_t i;
ldns_status s = LDNS_STATUS_OK;
ldns_rdf root_dname = { 1, LDNS_RDF_TYPE_DNAME, (void *)"" };
if (ldns_dname_absolute(name)) {
/* query as-is */
return ldns_resolver_query_status(pkt, r, name, t, c, flags);
} else if (ldns_resolver_dnsrch(r)) {
search_list = ldns_resolver_searchlist(r);
for (i = 0; i < ldns_resolver_searchlist_count(r); i++) {
new_name = ldns_dname_cat_clone(name, search_list[i]);
for (i = 0; i <= ldns_resolver_searchlist_count(r); i++) {
if (i == ldns_resolver_searchlist_count(r)) {
new_name = ldns_dname_cat_clone(name,
&root_dname);
} else {
new_name = ldns_dname_cat_clone(name,
search_list[i]);
}
s = ldns_resolver_query_status(pkt, r,
new_name, t, c, flags);
ldns_rdf_free(new_name);
if (pkt) {
if (s == LDNS_STATUS_OK && *pkt &&
if (pkt && *pkt) {
if (s == LDNS_STATUS_OK &&
ldns_pkt_get_rcode(*pkt) ==
LDNS_RCODE_NOERROR) {
return LDNS_STATUS_OK;
}
ldns_pkt_free(*pkt);
*pkt = NULL;
}
}
}
@ -1117,6 +1221,7 @@ ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r,
ldns_pkt_set_edns_udp_size(query_pkt
, 4096);
ldns_pkt_free(answer_pkt);
answer_pkt = NULL;
/* Nameservers should not become
* unreachable because fragments are
* dropped (network error). We might
@ -1155,16 +1260,74 @@ ldns_resolver_prepare_query_pkt(ldns_pkt **query_pkt, ldns_resolver *r,
ldns_rr_class c, uint16_t flags)
{
struct timeval now;
ldns_rr* soa = NULL;
/* prepare a question pkt from the parameters
* and then send this */
if (t == LDNS_RR_TYPE_IXFR) {
ldns_rdf *owner_rdf;
ldns_rdf *mname_rdf;
ldns_rdf *rname_rdf;
ldns_rdf *serial_rdf;
ldns_rdf *refresh_rdf;
ldns_rdf *retry_rdf;
ldns_rdf *expire_rdf;
ldns_rdf *minimum_rdf;
soa = ldns_rr_new();
if (!soa) {
return LDNS_STATUS_ERR;
}
owner_rdf = ldns_rdf_clone(name);
if (!owner_rdf) {
ldns_rr_free(soa);
return LDNS_STATUS_ERR;
}
ldns_rr_set_owner(soa, owner_rdf);
ldns_rr_set_type(soa, LDNS_RR_TYPE_SOA);
ldns_rr_set_class(soa, c);
ldns_rr_set_question(soa, false);
if (ldns_str2rdf_dname(&mname_rdf, ".") != LDNS_STATUS_OK) {
ldns_rr_free(soa);
return LDNS_STATUS_ERR;
} else ldns_rr_push_rdf(soa, mname_rdf);
if (ldns_str2rdf_dname(&rname_rdf, ".") != LDNS_STATUS_OK) {
ldns_rr_free(soa);
return LDNS_STATUS_ERR;
} else ldns_rr_push_rdf(soa, rname_rdf);
serial_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, ldns_resolver_get_ixfr_serial(r));
if (!serial_rdf) {
ldns_rr_free(soa);
return LDNS_STATUS_ERR;
} else ldns_rr_push_rdf(soa, serial_rdf);
refresh_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
if (!refresh_rdf) {
ldns_rr_free(soa);
return LDNS_STATUS_ERR;
} else ldns_rr_push_rdf(soa, refresh_rdf);
retry_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
if (!retry_rdf) {
ldns_rr_free(soa);
return LDNS_STATUS_ERR;
} else ldns_rr_push_rdf(soa, retry_rdf);
expire_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
if (!expire_rdf) {
ldns_rr_free(soa);
return LDNS_STATUS_ERR;
} else ldns_rr_push_rdf(soa, expire_rdf);
minimum_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
if (!minimum_rdf) {
ldns_rr_free(soa);
return LDNS_STATUS_ERR;
} else ldns_rr_push_rdf(soa, minimum_rdf);
*query_pkt = ldns_pkt_ixfr_request_new(ldns_rdf_clone(name),
c, flags, NULL);
c, flags, soa);
} else {
*query_pkt = ldns_pkt_query_new(ldns_rdf_clone(name), t, c, flags);
}
if (!*query_pkt) {
ldns_rr_free(soa);
return LDNS_STATUS_ERR;
}
@ -1202,7 +1365,6 @@ ldns_resolver_prepare_query_pkt(ldns_pkt **query_pkt, ldns_resolver *r,
return LDNS_STATUS_OK;
}
ldns_status
ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name,
ldns_rr_type t, ldns_rr_class c, uint16_t flags)
@ -1276,11 +1438,10 @@ ldns_axfr_next(ldns_resolver *resolver)
ldns_rr *cur_rr;
uint8_t *packet_wire;
size_t packet_wire_size;
ldns_lookup_table *rcode;
ldns_status status;
/* check if start() has been called */
if (!resolver || resolver->_socket == 0) {
if (!resolver || resolver->_socket == -1) {
return NULL;
}
@ -1297,19 +1458,16 @@ ldns_axfr_next(ldns_resolver *resolver)
if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SOA) {
resolver->_axfr_soa_count++;
if (resolver->_axfr_soa_count >= 2) {
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
resolver->_socket = 0;
close_socket(resolver->_socket);
ldns_pkt_free(resolver->_cur_axfr_pkt);
resolver->_cur_axfr_pkt = NULL;
}
}
return cur_rr;
} else {
packet_wire = ldns_tcp_read_wire(resolver->_socket, &packet_wire_size);
packet_wire = ldns_tcp_read_wire_timeout(resolver->_socket, &packet_wire_size, resolver->_timeout);
if(!packet_wire)
return NULL;
@ -1327,17 +1485,15 @@ ldns_axfr_next(ldns_resolver *resolver)
/* we must now also close the socket, otherwise subsequent uses of the
same resolver structure will fail because the link is still open or
in an undefined state */
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
resolver->_socket = 0;
close_socket(resolver->_socket);
return NULL;
} else if (ldns_pkt_get_rcode(resolver->_cur_axfr_pkt) != 0) {
rcode = ldns_lookup_by_id(ldns_rcodes, (int) ldns_pkt_get_rcode(resolver->_cur_axfr_pkt));
#ifdef STDERR_MSGS
ldns_lookup_table *rcode = ldns_lookup_by_id(
ldns_rcodes,(int) ldns_pkt_get_rcode(
resolver->_cur_axfr_pkt));
if (rcode) {
fprintf(stderr, "Error in AXFR: %s\n",
rcode->name);
@ -1351,12 +1507,8 @@ ldns_axfr_next(ldns_resolver *resolver)
/* we must now also close the socket, otherwise subsequent uses of the
same resolver structure will fail because the link is still open or
in an undefined state */
#ifndef USE_WINSOCK
close(resolver->_socket);
#else
closesocket(resolver->_socket);
#endif
resolver->_socket = 0;
close_socket(resolver->_socket);
return NULL;
} else {
@ -1400,6 +1552,19 @@ ldns_axfr_last_pkt(const ldns_resolver *res)
return res->_cur_axfr_pkt;
}
void
ldns_resolver_set_ixfr_serial(ldns_resolver *r, uint32_t serial)
{
r->_serial = serial;
}
uint32_t
ldns_resolver_get_ixfr_serial(const ldns_resolver *res)
{
return res->_serial;
}
/* random isn't really that good */
void
ldns_resolver_nameservers_randomize(ldns_resolver *r)

122
contrib/ldns/rr.c
View File

@ -111,8 +111,8 @@ ldns_rdf_type_maybe_quoted(ldns_rdf_type rdf_type)
*/
static ldns_status
ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
uint32_t default_ttl, ldns_rdf *origin,
ldns_rdf **prev, bool question)
uint32_t default_ttl, const ldns_rdf *origin,
ldns_rdf **prev, bool question)
{
ldns_rr *new;
const ldns_rr_descriptor *desc;
@ -348,7 +348,7 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
case LDNS_RDF_TYPE_WKS : /* it is the last rd field. */
case LDNS_RDF_TYPE_IPSECKEY :
case LDNS_RDF_TYPE_NSEC : if (r_cnt == r_max - 1) {
delimiters = "\n\t";
delimiters = "\n";
break;
}
default : delimiters = "\n\t ";
@ -368,6 +368,11 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
delimiters = "\"\0";
ldns_buffer_skip(rd_buf, 1);
quoted = true;
} else if (ldns_rr_descriptor_field_type(desc, r_cnt)
== LDNS_RDF_TYPE_LONG_STR) {
status = LDNS_STATUS_SYNTAX_RDATA_ERR;
goto error;
}
}
@ -476,7 +481,7 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
}
LDNS_FREE(hex_data_str);
} else {
} else if(rd_strlen > 0 || quoted) {
/* Normal RR */
switch(ldns_rr_descriptor_field_type(desc, r_cnt)) {
@ -600,9 +605,14 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
} /* for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) */
LDNS_FREE(rd);
LDNS_FREE(xtok);
ldns_buffer_free(rd_buf);
ldns_buffer_free(rr_buf);
LDNS_FREE(rdata);
if (ldns_buffer_remaining(rd_buf) > 0) {
ldns_buffer_free(rd_buf);
ldns_rr_free(new);
return LDNS_STATUS_SYNTAX_SUPERFLUOUS_TEXT_ERR;
}
ldns_buffer_free(rd_buf);
if (!question && desc && !was_unknown_rr_format &&
ldns_rr_rd_count(new) < r_min) {
@ -647,8 +657,8 @@ error:
ldns_status
ldns_rr_new_frm_str(ldns_rr **newrr, const char *str,
uint32_t default_ttl, ldns_rdf *origin,
ldns_rdf **prev)
uint32_t default_ttl, const ldns_rdf *origin,
ldns_rdf **prev)
{
return ldns_rr_new_frm_str_internal(newrr,
str,
@ -660,7 +670,7 @@ ldns_rr_new_frm_str(ldns_rr **newrr, const char *str,
ldns_status
ldns_rr_new_question_frm_str(ldns_rr **newrr, const char *str,
ldns_rdf *origin, ldns_rdf **prev)
const ldns_rdf *origin, ldns_rdf **prev)
{
return ldns_rr_new_frm_str_internal(newrr,
str,
@ -670,6 +680,22 @@ ldns_rr_new_question_frm_str(ldns_rr **newrr, const char *str,
true);
}
/* Strip whitespace from the start and the end of <line>. */
static char *
ldns_strip_ws(char *line)
{
char *s = line, *e;
for (s = line; *s && isspace((unsigned char)*s); s++)
;
for (e = strchr(s, 0); e > s+2 && isspace((unsigned char)e[-1]) && e[-2] != '\\'; e--)
;
*e = 0;
return s;
}
ldns_status
ldns_rr_new_frm_fp(ldns_rr **newrr, FILE *fp, uint32_t *ttl, ldns_rdf **origin, ldns_rdf **prev)
{
@ -686,7 +712,6 @@ ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf
ldns_rdf *tmp;
ldns_status s;
ssize_t size;
int offset = 0;
if (default_ttl) {
ttl = *default_ttl;
@ -717,16 +742,13 @@ ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf
return LDNS_STATUS_SYNTAX_EMPTY;
}
if (strncmp(line, "$ORIGIN", 7) == 0 && isspace(line[7])) {
if (strncmp(line, "$ORIGIN", 7) == 0 && isspace((unsigned char)line[7])) {
if (*origin) {
ldns_rdf_deep_free(*origin);
*origin = NULL;
}
offset = 8;
while (isspace(line[offset])) {
offset++;
}
tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, line + offset);
tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
ldns_strip_ws(line + 8));
if (!tmp) {
/* could not parse what next to $ORIGIN */
LDNS_FREE(line);
@ -734,17 +756,17 @@ ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf
}
*origin = tmp;
s = LDNS_STATUS_SYNTAX_ORIGIN;
} else if (strncmp(line, "$TTL", 4) == 0 && isspace(line[4])) {
offset = 5;
while (isspace(line[offset])) {
offset++;
}
} else if (strncmp(line, "$TTL", 4) == 0 && isspace((unsigned char)line[4])) {
if (default_ttl) {
*default_ttl = ldns_str2period(line + offset, &endptr);
*default_ttl = ldns_str2period(
ldns_strip_ws(line + 5), &endptr);
}
s = LDNS_STATUS_SYNTAX_TTL;
} else if (strncmp(line, "$INCLUDE", 8) == 0) {
s = LDNS_STATUS_SYNTAX_INCLUDE;
} else if (!*ldns_strip_ws(line)) {
LDNS_FREE(line);
return LDNS_STATUS_SYNTAX_EMPTY;
} else {
if (origin && *origin) {
s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, *origin, prev);
@ -997,7 +1019,7 @@ ldns_rr_list_deep_free(ldns_rr_list *rr_list)
/* add right to left. So we modify *left! */
bool
ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right)
ldns_rr_list_cat(ldns_rr_list *left, const ldns_rr_list *right)
{
size_t r_rr_count;
size_t i;
@ -1020,7 +1042,7 @@ ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right)
}
ldns_rr_list *
ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right)
ldns_rr_list_cat_clone(const ldns_rr_list *left, const ldns_rr_list *right)
{
size_t l_rr_count;
size_t r_rr_count;
@ -1059,7 +1081,7 @@ ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right)
}
ldns_rr_list *
ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos)
ldns_rr_list_subtype_by_rdf(const ldns_rr_list *l, const ldns_rdf *r, size_t pos)
{
size_t i;
ldns_rr_list *subtyped;
@ -1200,7 +1222,7 @@ ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t howmany)
bool
ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr)
ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, const ldns_rr *rr)
{
size_t i;
@ -1219,7 +1241,7 @@ ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr)
}
bool
ldns_is_rrset(ldns_rr_list *rr_list)
ldns_is_rrset(const ldns_rr_list *rr_list)
{
ldns_rr_type t;
ldns_rr_class c;
@ -1560,7 +1582,7 @@ ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2)
return 0;
}
int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf)
int ldns_rr_compare_wire(const ldns_buffer *rr1_buf, const ldns_buffer *rr2_buf)
{
size_t rr1_len, rr2_len, min_len, i, offset;
@ -1793,7 +1815,7 @@ ldns_rr2canonical(ldns_rr *rr)
}
void
ldns_rr_list2canonical(ldns_rr_list *rr_list)
ldns_rr_list2canonical(const ldns_rr_list *rr_list)
{
size_t i;
for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
@ -1802,7 +1824,7 @@ ldns_rr_list2canonical(ldns_rr_list *rr_list)
}
uint8_t
ldns_rr_label_count(ldns_rr *rr)
ldns_rr_label_count(const ldns_rr *rr)
{
if (!rr) {
return 0;
@ -1928,6 +1950,14 @@ static const ldns_rdf_type type_dhcid_wireformat[] = {
static const ldns_rdf_type type_talink_wireformat[] = {
LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME
};
#ifdef RRTYPE_OPENPGPKEY
static const ldns_rdf_type type_openpgpkey_wireformat[] = {
LDNS_RDF_TYPE_B64
};
#endif
static const ldns_rdf_type type_csync_wireformat[] = {
LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC
};
/* nsec3 is some vars, followed by same type of data of nsec */
static const ldns_rdf_type type_nsec3_wireformat[] = {
/* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/
@ -1967,9 +1997,9 @@ static const ldns_rdf_type type_tsig_wireformat[] = {
LDNS_RDF_TYPE_INT16_DATA
};
static const ldns_rdf_type type_tlsa_wireformat[] = {
LDNS_RDF_TYPE_INT8,
LDNS_RDF_TYPE_INT8,
LDNS_RDF_TYPE_INT8,
LDNS_RDF_TYPE_CERTIFICATE_USAGE,
LDNS_RDF_TYPE_SELECTOR,
LDNS_RDF_TYPE_MATCHING_TYPE,
LDNS_RDF_TYPE_HEX
};
static const ldns_rdf_type type_hip_wireformat[] = {
@ -1997,13 +2027,11 @@ static const ldns_rdf_type type_eui48_wireformat[] = {
static const ldns_rdf_type type_eui64_wireformat[] = {
LDNS_RDF_TYPE_EUI64
};
#ifdef RRTYPE_URI
static const ldns_rdf_type type_uri_wireformat[] = {
LDNS_RDF_TYPE_INT16,
LDNS_RDF_TYPE_INT16,
LDNS_RDF_TYPE_LONG_STR
};
#endif
static const ldns_rdf_type type_caa_wireformat[] = {
LDNS_RDF_TYPE_INT8,
LDNS_RDF_TYPE_TAG,
@ -2124,7 +2152,7 @@ static ldns_rr_descriptor rdata_field_descriptors[] = {
/* 52 */
{LDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_SMIMEA, "SMIMEA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
/* 55
@ -2149,16 +2177,19 @@ static ldns_rr_descriptor rdata_field_descriptors[] = {
/* 58 */
{LDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 },
#ifdef RRTYPE_CDS
/* 59 */
{LDNS_RR_TYPE_CDS, "CDS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
/* 60 */
{LDNS_RR_TYPE_CDNSKEY, "CDNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#ifdef RRTYPE_OPENPGPKEY
/* 61 */
{LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#else
{LDNS_RR_TYPE_NULL, "TYPE59", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE61", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#endif
{LDNS_RR_TYPE_NULL, "TYPE60", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE61", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE62", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
@ -2383,15 +2414,18 @@ static ldns_rr_descriptor rdata_field_descriptors[] = {
/* ANY: A request for all (available) records */
{LDNS_RR_TYPE_NULL, "TYPE255", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#ifdef RRTYPE_URI
/* 256 */
{LDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#else
{LDNS_RR_TYPE_NULL, "TYPE256", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#endif
/* 257 */
{LDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#ifdef RRTYPE_AVC
/* 258 */
{LDNS_RR_TYPE_AVC, "AVC", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 },
#else
{LDNS_RR_TYPE_NULL, "TYPE258", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
#endif
/* split in array, no longer contiguous */
#ifdef RRTYPE_TA

8
contrib/ldns/rr_functions.c
View File

@ -320,6 +320,14 @@ ldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
return 256;
case LDNS_SIGN_ECDSAP384SHA384:
return 384;
#endif
#ifdef USE_ED25519
case LDNS_SIGN_ED25519:
return 256;
#endif
#ifdef USE_ED448
case LDNS_SIGN_ED448:
return 456;
#endif
case LDNS_SIGN_HMACMD5:
return len;

102
contrib/ldns/str2host.c
View File

@ -248,11 +248,11 @@ ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr)
/*
* Checks whether the escaped value at **s is an octal value or
* Checks whether the escaped value at **s is an decimal value or
* a 'normally' escaped character (and not eos)
*
* The string pointer at *s is increased by either 0 (on error), 1 (on
* normal escapes), or 3 (on octals)
* normal escapes), or 3 (on decimals)
*
* Returns the number of bytes read from the escaped string, or
* 0 on error
@ -262,9 +262,9 @@ parse_escape(uint8_t *ch_p, const char** str_p)
{
uint16_t val;
if ((*str_p)[0] && isdigit((*str_p)[0]) &&
(*str_p)[1] && isdigit((*str_p)[1]) &&
(*str_p)[2] && isdigit((*str_p)[2])) {
if ((*str_p)[0] && isdigit((unsigned char)(*str_p)[0]) &&
(*str_p)[1] && isdigit((unsigned char)(*str_p)[1]) &&
(*str_p)[2] && isdigit((unsigned char)(*str_p)[2])) {
val = (uint16_t)(((*str_p)[0] - '0') * 100 +
((*str_p)[1] - '0') * 10 +
@ -277,7 +277,7 @@ parse_escape(uint8_t *ch_p, const char** str_p)
*str_p += 3;
return true;
} else if ((*str_p)[0] && !isdigit((*str_p)[0])) {
} else if ((*str_p)[0] && !isdigit((unsigned char)(*str_p)[0])) {
*ch_p = (uint8_t)*(*str_p)++;
return true;
@ -777,29 +777,71 @@ ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str)
return st;
}
static ldns_lookup_table ldns_tlsa_certificate_usages[] = {
{ LDNS_TLSA_USAGE_PKIX_TA , "PKIX-TA" },
{ LDNS_TLSA_USAGE_PKIX_EE , "PKIX-EE" },
{ LDNS_TLSA_USAGE_DANE_TA , "DANE-TA" },
{ LDNS_TLSA_USAGE_DANE_EE , "DANE-EE" },
{ LDNS_TLSA_USAGE_PRIVCERT , "PrivCert" },
{ 0, NULL }
};
static ldns_lookup_table ldns_tlsa_selectors[] = {
{ LDNS_TLSA_SELECTOR_CERT , "Cert" },
{ LDNS_TLSA_SELECTOR_SPKI , "SPKI" },
{ LDNS_TLSA_SELECTOR_PRIVSEL , "PrivSel" },
{ 0, NULL }
};
static ldns_lookup_table ldns_tlsa_matching_types[] = {
{ LDNS_TLSA_MATCHING_TYPE_FULL , "Full" },
{ LDNS_TLSA_MATCHING_TYPE_SHA2_256 , "SHA2-256" },
{ LDNS_TLSA_MATCHING_TYPE_SHA2_512 , "SHA2-512" },
{ LDNS_TLSA_MATCHING_TYPE_PRIVMATCH , "PrivMatch" },
{ 0, NULL }
};
static ldns_status
ldns_str2rdf_mnemonic4int8(ldns_lookup_table *lt,
ldns_rdf **rd, const char *str)
{
if ((lt = ldns_lookup_by_name(lt, str))) {
/* it was given as a integer */
*rd = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t) lt->id);
if (!*rd)
return LDNS_STATUS_ERR;
else
return LDNS_STATUS_OK;
}
return ldns_str2rdf_int8(rd, str);
}
/* An alg field can either be specified as a 8 bits number
* or by its symbolic name. Handle both
*/
ldns_status
ldns_str2rdf_alg(ldns_rdf **rd, const char *str)
{
ldns_lookup_table *lt;
ldns_status st;
return ldns_str2rdf_mnemonic4int8(ldns_algorithms, rd, str);
}
lt = ldns_lookup_by_name(ldns_algorithms, str);
st = LDNS_STATUS_OK;
ldns_status
ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str)
{
return ldns_str2rdf_mnemonic4int8(
ldns_tlsa_certificate_usages, rd, str);
}
if (lt) {
/* it was given as a integer */
*rd = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t) lt->id);
if (!*rd) {
st = LDNS_STATUS_ERR;
}
} else {
/* try as-is (a number) */
st = ldns_str2rdf_int8(rd, str);
}
return st;
ldns_status
ldns_str2rdf_selector(ldns_rdf **rd, const char *str)
{
return ldns_str2rdf_mnemonic4int8(ldns_tlsa_selectors, rd, str);
}
ldns_status
ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str)
{
return ldns_str2rdf_mnemonic4int8(ldns_tlsa_matching_types, rd, str);
}
ldns_status
@ -827,7 +869,7 @@ loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e)
/* read <digits>[.<digits>][mM] */
/* into mantissa exponent format for LOC type */
uint32_t meters = 0, cm = 0, val;
while (isblank(*my_str)) {
while (isblank((unsigned char)*my_str)) {
my_str++;
}
meters = (uint32_t)strtol(my_str, &my_str, 10);
@ -932,7 +974,7 @@ north:
} else {
latitude = equator - latitude;
}
while (isblank(*my_str)) {
while (isblank((unsigned char)*my_str)) {
my_str++;
}
@ -954,7 +996,7 @@ north:
return LDNS_STATUS_INVALID_STR;
}
while (isblank(*my_str)) {
while (isblank((unsigned char)*my_str)) {
my_str++;
}
@ -963,7 +1005,7 @@ north:
}
east:
while (isblank(*my_str)) {
while (isblank((unsigned char)*my_str)) {
my_str++;
}
@ -1363,9 +1405,7 @@ ldns_str2rdf_eui48(ldns_rdf **rd, const char *str)
if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x%n",
&a, &b, &c, &d, &e, &f, &l) != 6 ||
l != (int)strlen(str) || /* more data to read */
strpbrk(str, "+-") /* signed hexes */
) {
l != (int)strlen(str)) {
return LDNS_STATUS_INVALID_EUI48;
} else {
bytes[0] = a;
@ -1388,9 +1428,7 @@ ldns_str2rdf_eui64(ldns_rdf **rd, const char *str)
if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x-%2x-%2x%n",
&a, &b, &c, &d, &e, &f, &g, &h, &l) != 8 ||
l != (int)strlen(str) || /* more data to read */
strpbrk(str, "+-") /* signed hexes */
) {
l != (int)strlen(str)) {
return LDNS_STATUS_INVALID_EUI64;
} else {
bytes[0] = a;
@ -1416,7 +1454,7 @@ ldns_str2rdf_tag(ldns_rdf **rd, const char *str)
return LDNS_STATUS_INVALID_TAG;
}
for (ptr = str; *ptr; ptr++) {
if (! isalnum(*ptr)) {
if (! isalnum((unsigned char)*ptr)) {
return LDNS_STATUS_INVALID_TAG;
}
}

52
contrib/ldns/tsig.c
View File

@ -18,32 +18,32 @@
#include <openssl/md5.h>
#endif /* HAVE_SSL */
char *
ldns_tsig_algorithm(ldns_tsig_credentials *tc)
const char *
ldns_tsig_algorithm(const ldns_tsig_credentials *tc)
{
return tc->algorithm;
}
char *
ldns_tsig_keyname(ldns_tsig_credentials *tc)
const char *
ldns_tsig_keyname(const ldns_tsig_credentials *tc)
{
return tc->keyname;
}
char *
ldns_tsig_keydata(ldns_tsig_credentials *tc)
const char *
ldns_tsig_keydata(const ldns_tsig_credentials *tc)
{
return tc->keydata;
}
char *
ldns_tsig_keyname_clone(ldns_tsig_credentials *tc)
ldns_tsig_keyname_clone(const ldns_tsig_credentials *tc)
{
return strdup(tc->keyname);
}
char *
ldns_tsig_keydata_clone(ldns_tsig_credentials *tc)
ldns_tsig_keydata_clone(const ldns_tsig_credentials *tc)
{
return strdup(tc->keydata);
}
@ -52,7 +52,7 @@ ldns_tsig_keydata_clone(ldns_tsig_credentials *tc)
* Makes an exact copy of the wire, but with the tsig rr removed
*/
static uint8_t *
ldns_tsig_prepare_pkt_wire(uint8_t *wire, size_t wire_len, size_t *result_len)
ldns_tsig_prepare_pkt_wire(const uint8_t *wire, size_t wire_len, size_t *result_len)
{
uint8_t *wire2 = NULL;
uint16_t qd_count;
@ -134,7 +134,19 @@ ldns_digest_function(char *name)
{
/* these are the mandatory algorithms from RFC4635 */
/* The optional algorithms are not yet implemented */
if (strcasecmp(name, "hmac-sha256.") == 0) {
if (strcasecmp(name, "hmac-sha512.") == 0) {
#ifdef HAVE_EVP_SHA512
return EVP_sha512();
#else
return NULL;
#endif
} else if (strcasecmp(name, "hmac-shac384.") == 0) {
#ifdef HAVE_EVP_SHA384
return EVP_sha384();
#else
return NULL;
#endif
} else if (strcasecmp(name, "hmac-sha256.") == 0) {
#ifdef HAVE_EVP_SHA256
return EVP_sha256();
#else
@ -152,10 +164,10 @@ ldns_digest_function(char *name)
#ifdef HAVE_SSL
static ldns_status
ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size,
const char *key_data, ldns_rdf *key_name_rdf, ldns_rdf *fudge_rdf,
ldns_rdf *algorithm_rdf, ldns_rdf *time_signed_rdf, ldns_rdf *error_rdf,
ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
ldns_tsig_mac_new(ldns_rdf **tsig_mac, const uint8_t *pkt_wire, size_t pkt_wire_size,
const char *key_data, const ldns_rdf *key_name_rdf, const ldns_rdf *fudge_rdf,
const ldns_rdf *algorithm_rdf, const ldns_rdf *time_signed_rdf, const ldns_rdf *error_rdf,
const ldns_rdf *other_data_rdf, const ldns_rdf *orig_mac_rdf, int tsig_timers_only)
{
ldns_status status;
char *wireformat;
@ -273,15 +285,15 @@ ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size,
#ifdef HAVE_SSL
bool
ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char *key_name,
const char *key_data, ldns_rdf *orig_mac_rdf)
ldns_pkt_tsig_verify(ldns_pkt *pkt, const uint8_t *wire, size_t wirelen, const char *key_name,
const char *key_data, const ldns_rdf *orig_mac_rdf)
{
return ldns_pkt_tsig_verify_next(pkt, wire, wirelen, key_name, key_data, orig_mac_rdf, 0);
}
bool
ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char* key_name,
const char *key_data, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
ldns_pkt_tsig_verify_next(ldns_pkt *pkt, const uint8_t *wire, size_t wirelen, const char* key_name,
const char *key_data, const ldns_rdf *orig_mac_rdf, int tsig_timers_only)
{
ldns_rdf *fudge_rdf;
ldns_rdf *algorithm_rdf;
@ -350,14 +362,14 @@ ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const ch
#ifdef HAVE_SSL
ldns_status
ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data,
uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac)
uint16_t fudge, const char *algorithm_name, const ldns_rdf *query_mac)
{
return ldns_pkt_tsig_sign_next(pkt, key_name, key_data, fudge, algorithm_name, query_mac, 0);
}
ldns_status
ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data,
uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only)
uint16_t fudge, const char *algorithm_name, const ldns_rdf *query_mac, int tsig_timers_only)
{
ldns_rr *tsig_rr;
ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name);

27
contrib/ldns/update.c
View File

@ -25,7 +25,7 @@
ldns_pkt *
ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class c,
ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist)
const ldns_rr_list *pr_rrlist, const ldns_rr_list *up_rrlist, const ldns_rr_list *ad_rrlist)
{
ldns_pkt *p;
@ -67,7 +67,7 @@ ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class c,
}
ldns_status
ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r)
ldns_update_pkt_tsig_add(ldns_pkt *p, const ldns_resolver *r)
{
#ifdef HAVE_SSL
uint16_t fudge = 300; /* Recommended fudge. [RFC2845 6.4] */
@ -135,6 +135,7 @@ ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r,
ldns_rdf *ipaddr, *fqdn_rdf, *tmp;
ldns_rdf **nslist;
ldns_pkt *query, *resp;
ldns_resolver *tmp_r;
size_t i;
/*
@ -201,8 +202,11 @@ ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r,
ipaddr = ldns_rr_rdf(rr, 0);
/* Put the SOA mname IP first in the nameserver list. */
nslist = ldns_resolver_nameservers(r);
for (i = 0; i < ldns_resolver_nameserver_count(r); i++) {
if (!(tmp_r = ldns_resolver_clone(r))) {
return LDNS_STATUS_MEM_ERR;
}
nslist = ldns_resolver_nameservers(tmp_r);
for (i = 0; i < ldns_resolver_nameserver_count(tmp_r); i++) {
if (ldns_rdf_compare(ipaddr, nslist[i]) == 0) {
if (i) {
tmp = nslist[0];
@ -212,11 +216,11 @@ ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r,
break;
}
}
if (i >= ldns_resolver_nameserver_count(r)) {
if (i >= ldns_resolver_nameserver_count(tmp_r)) {
/* SOA mname was not part of the resolver so add it first. */
(void) ldns_resolver_push_nameserver(r, ipaddr);
nslist = ldns_resolver_nameservers(r);
i = ldns_resolver_nameserver_count(r) - 1;
(void) ldns_resolver_push_nameserver(tmp_r, ipaddr);
nslist = ldns_resolver_nameservers(tmp_r);
i = ldns_resolver_nameserver_count(tmp_r) - 1;
tmp = nslist[0];
nslist[0] = nslist[i];
nslist[i] = tmp;
@ -224,21 +228,24 @@ ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r,
ldns_pkt_free(resp);
/* Make sure to ask the first in the list, i.e SOA mname */
ldns_resolver_set_random(r, false);
ldns_resolver_set_random(tmp_r, false);
/* Step 3 - Redo SOA query, sending to SOA MNAME directly. */
fqdn_rdf = ldns_dname_new_frm_str(fqdn);
query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD);
if (!query) {
ldns_resolver_free(tmp_r);
return LDNS_STATUS_ERR;
}
fqdn_rdf = NULL;
ldns_pkt_set_random_id(query);
if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) {
if (ldns_resolver_send_pkt(&resp, tmp_r, query) != LDNS_STATUS_OK) {
ldns_pkt_free(query);
ldns_resolver_free(tmp_r);
return LDNS_STATUS_ERR;
}
ldns_resolver_free(tmp_r);
ldns_pkt_free(query);
if (!resp) {
return LDNS_STATUS_ERR;

4
contrib/ldns/util.c
View File

@ -626,7 +626,7 @@ ldns_b32_pton_base(const char* src, size_t src_sz,
ch = *src++;
--src_sz;
} while (isspace(ch) && src_sz > 0);
} while (isspace((unsigned char)ch) && src_sz > 0);
if (ch == '=' || ch == '\0')
break;
@ -731,7 +731,7 @@ ldns_b32_pton_base(const char* src, size_t src_sz,
ch = *src++;
src_sz--;
} while (isspace(ch));
} while (isspace((unsigned char)ch));
if (ch != '=')
return -1;

8
contrib/ldns/wire2host.c
View File

@ -202,6 +202,9 @@ ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos)
break;
case LDNS_RDF_TYPE_CLASS:
case LDNS_RDF_TYPE_ALG:
case LDNS_RDF_TYPE_CERTIFICATE_USAGE:
case LDNS_RDF_TYPE_SELECTOR:
case LDNS_RDF_TYPE_MATCHING_TYPE:
case LDNS_RDF_TYPE_INT8:
cur_rdf_length = LDNS_RDF_SIZE_BYTE;
break;
@ -389,7 +392,7 @@ ldns_wire2pkt_hdr(ldns_pkt *packet, const uint8_t *wire, size_t max, size_t *pos
}
ldns_status
ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer)
ldns_buffer2pkt_wire(ldns_pkt **packet, const ldns_buffer *buffer)
{
/* lazy */
return ldns_wire2pkt(packet, ldns_buffer_begin(buffer),
@ -405,7 +408,7 @@ ldns_wire2pkt(ldns_pkt **packet_p, const uint8_t *wire, size_t max)
ldns_rr *rr;
ldns_pkt *packet = ldns_pkt_new();
ldns_status status = LDNS_STATUS_OK;
int have_edns = 0;
uint8_t have_edns = 0;
uint8_t data[4];
@ -477,6 +480,7 @@ ldns_wire2pkt(ldns_pkt **packet_p, const uint8_t *wire, size_t max)
if(have_edns)
ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet)
- have_edns);
packet->_edns_present = have_edns;
*packet_p = packet;
return status;

9
contrib/ldns/zone.c
View File

@ -44,16 +44,15 @@ ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist)
}
bool
ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list)
ldns_zone_push_rr_list(ldns_zone *z, const ldns_rr_list *list)
{
return ldns_rr_list_cat(ldns_zone_rrs(z), list);
}
bool
ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr)
{
return ldns_rr_list_push_rr( ldns_zone_rrs(z), rr);
return ldns_rr_list_push_rr(ldns_zone_rrs(z), rr);
}
@ -185,14 +184,14 @@ ldns_zone_new(void)
* $TTL, $ORIGIN
*/
ldns_status
ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c)
ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t ttl, ldns_rr_class c)
{
return ldns_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL);
}
/* XXX: class is never used */
ldns_status
ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl,
ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t ttl,
ldns_rr_class ATTR_UNUSED(c), int *line_nr)
{
ldns_zone *newzone;