Sync ldns & utils with unbound

src/gldns/import.sh

@@ -16,8 +16,8 @@ then
 	mv sbuffer.h gbuffer.h
 	mv sbuffer.c gbuffer.c
 else
-	svn co http://unbound.net/svn/trunk/ldns/
+	svn co http://unbound.net/svn/trunk/sldns/
-	for f in ldns/*.[ch]
+	for f in sldns/*.[ch]
 	do
 		sed -e 's/sldns_/gldns_/g' \
 		    -e 's/LDNS_/GLDNS_/g' \
@@ -27,5 +27,5 @@ else
 	done
 	mv sbuffer.h gbuffer.h
 	mv sbuffer.c gbuffer.c
-	rm -r ldns
+	rm -fr sldns
 fi

src/gldns/keyraw.c

@@ -89,6 +89,14 @@ gldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
                 return 256;
         case GLDNS_ECDSAP384SHA384:
                 return 384;
+#endif
+#ifdef USE_ED25519
+	case GLDNS_ED25519:
+		return 256;
+#endif
+#ifdef USE_ED448
+	case GLDNS_ED448:
+		return 456;
 #endif
 	default:
 		return 0;
@@ -409,6 +417,27 @@ gldns_ed255192pkey_raw(const unsigned char* key, size_t keylen)
 }
 #endif /* USE_ED25519 */
 
+#ifdef USE_ED448
+EVP_PKEY*
+gldns_ed4482pkey_raw(const unsigned char* key, size_t keylen)
+{
+	/* ASN1 for ED448 is 3043300506032b6571033a00 <57byteskey> */
+	uint8_t pre[] = {0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+		0x71, 0x03, 0x3a, 0x00};
+        int pre_len = 12;
+	uint8_t buf[256];
+        EVP_PKEY *evp_key;
+	/* pp gets modified by d2i() */
+        const unsigned char* pp = (unsigned char*)buf;
+	if(keylen != 57 || keylen + pre_len > sizeof(buf))
+		return NULL; /* wrong length */
+	memmove(buf, pre, pre_len);
+	memmove(buf+pre_len, key, keylen);
+	evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
+        return evp_key;
+}
+#endif /* USE_ED448 */
+
 int
 gldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
 	const EVP_MD* md)

src/gldns/keyraw.h

@@ -101,6 +101,15 @@ RSA *gldns_key_buf2rsa_raw(unsigned char* key, size_t len);
  */
 EVP_PKEY* gldns_ed255192pkey_raw(const unsigned char* key, size_t len);
 
+/**
+ * Converts a holding buffer with key material to EVP PKEY in openssl.
+ * Only available if ldns was compiled with ED448.
+ * \param[in] key the uncompressed wireformat of the key.
+ * \param[in] len length of key data
+ * \return the key or NULL on error.
+ */
+EVP_PKEY* gldns_ed4482pkey_raw(const unsigned char* key, size_t len);
+
 /**
  * Utility function to calculate hash using generic EVP_MD pointer.
  * \param[in] data the data to hash.

src/gldns/str2wire.c

@@ -1225,6 +1225,17 @@ int gldns_str2wire_b32_ext_buf(const char* str, uint8_t* rd, size_t* len)
 	return GLDNS_WIREPARSE_ERR_OK;
 }
 
+/** see if the string ends, or ends in whitespace */
+static int
+gldns_is_last_of_string(const char* str)
+{
+	if(*str == 0) return 1;
+	while(isspace((unsigned char)*str))
+		str++;
+	if(*str == 0) return 1;
+	return 0;
+}
+
 int gldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len)
 {
 	const char* s = str;
@@ -1234,7 +1245,7 @@ int gldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len)
 			s++;
 			continue;
 		}
-		if(dlen == 0 && *s == '0' && *(s+1) == 0) {
+		if(dlen == 0 && *s == '0' && gldns_is_last_of_string(s+1)) {
 			*len = 0;
 			return GLDNS_WIREPARSE_ERR_OK;
 		}

src/gldns/wire2str.c

@@ -1065,7 +1065,11 @@ int gldns_wire2str_tsigtime_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 	d4 = (*d)[4];
 	d5 = (*d)[5];
 	tsigtime = (d0<<40) | (d1<<32) | (d2<<24) | (d3<<16) | (d4<<8) | d5;
-	w = gldns_str_print(s, sl, "%"PRIu64, (uint64_t)tsigtime);
+#ifndef USE_WINSOCK
+	w = gldns_str_print(s, sl, "%llu", (long long)tsigtime);
+#else
+	w = gldns_str_print(s, sl, "%I64u", (long long)tsigtime);
+#endif
 	(*d)+=6;
 	(*dl)-=6;
 	return w;
@@ -1752,8 +1756,13 @@ int gldns_wire2str_edns_llq_print(char** s, size_t* sl, uint8_t* data,
 	if(error_code < llq_errors_num)
 		w += gldns_str_print(s, sl, " %s", llq_errors[error_code]);
 	else	w += gldns_str_print(s, sl, " error %d", (int)error_code);
-	w += gldns_str_print(s, sl, " id %"PRIx64" lease-life %lu",
+#ifndef USE_WINSOCK
-		(uint64_t)llq_id, (unsigned long)lease_life);
+	w += gldns_str_print(s, sl, " id %llx lease-life %lu",
+		(unsigned long long)llq_id, (unsigned long)lease_life);
+#else
+	w += gldns_str_print(s, sl, " id %I64x lease-life %lu",
+		(unsigned long long)llq_id, (unsigned long)lease_life);
+#endif
 	return w;
 }
 

src/util/val_secalgo.c

@@ -231,7 +231,10 @@ dnskey_algo_id_is_supported(int id)
 #ifdef USE_ED25519
 	case LDNS_ED25519:
 #endif
-#if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA)
+#ifdef USE_ED448
+	case LDNS_ED448:
+#endif
+#if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA) || defined(USE_ED25519) || defined(USE_ED448)
 		return 1;
 #endif
 
@@ -569,6 +572,17 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 			*digest_type = NULL;
 			break;
 #endif /* USE_ED25519 */
+#ifdef USE_ED448
+		case LDNS_ED448:
+			*evp_key = sldns_ed4482pkey_raw(key, keylen);
+			if(!*evp_key) {
+				verbose(VERB_QUERY, "verify: "
+					"sldns_ed4482pkey_raw failed");
+				return 0;
+			}
+			*digest_type = NULL;
+			break;
+#endif /* USE_ED448 */
 		default:
 			verbose(VERB_QUERY, "verify: unknown algorithm %d", 
 				algo);