From 2267863a53ffb6fe85ee0efd64785246895e161c Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Fri, 23 Nov 2018 16:20:48 +0000
Subject: [PATCH] Attempt to improve the preprocessor horror that is
 util/val_secalgo.h.

Convert the main util/val_secalgo.h to a plain interface. Move the preprocessor redefines into validator/val_secalgo.h, and move THAT under openssl, because it is OpenSSL implementation specific at present - you can compile with NSS and Nettle if config allows.
---
 src/Makefile.in                               |  9 ++-
 .../validator/val_nsec3.h                     |  0
 src/openssl/validator/val_secalgo.h           | 48 ++++++++++++++++
 src/util/auxiliary/validator/val_secalgo.h    |  1 -
 src/util/val_secalgo.h                        | 56 +++++--------------
 5 files changed, 67 insertions(+), 47 deletions(-)
 rename src/{util/auxiliary => openssl}/validator/val_nsec3.h (100%)
 create mode 100644 src/openssl/validator/val_secalgo.h
 delete mode 100644 src/util/auxiliary/validator/val_secalgo.h

diff --git a/src/Makefile.in b/src/Makefile.in
index c7faf32c..ed5c95bf 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -342,7 +342,7 @@ dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/tls.h $(srcdir)/openssl/tls-internal.h $(srcdir)/util-internal.h \
  $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
  $(srcdir)/gldns/keyraw.h $(srcdir)/openssl/keyraw-internal.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h \
- $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/orig-headers/val_secalgo.h
+ $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h $(srcdir)/gldns/gbuffer.h
 general.lo general.o: $(srcdir)/general.c config.h \
  $(srcdir)/general.h getdns/getdns.h \
  $(srcdir)/types-internal.h \
@@ -531,12 +531,11 @@ tls.lo tls.o: $(srcdir)/openssl/tls.c config.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/tls.h $(srcdir)/openssl/tls-internal.h $(srcdir)/tls.h
 val_secalgo.lo val_secalgo.o: $(srcdir)/openssl/val_secalgo.c \
  config.h \
- $(srcdir)/util/auxiliary/util/data/packed_rrset.h \
- $(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
- $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/util/auxiliary/validator/val_nsec3.h \
+ $(srcdir)/util/auxiliary/util/data/packed_rrset.h $(srcdir)/openssl/validator/val_secalgo.h \
+ $(srcdir)/util/val_secalgo.h $(srcdir)/gldns/gbuffer.h $(srcdir)/openssl/validator/val_nsec3.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
- $(srcdir)/openssl/keyraw-internal.h $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
+ $(srcdir)/openssl/keyraw-internal.h $(srcdir)/util/auxiliary/sldns/sbuffer.h
 yxml.lo yxml.o: $(srcdir)/yxml/yxml.c $(srcdir)/yxml/yxml.h
 libev.lo libev.o: $(srcdir)/extension/libev.c \
  config.h $(srcdir)/types-internal.h \
diff --git a/src/util/auxiliary/validator/val_nsec3.h b/src/openssl/validator/val_nsec3.h
similarity index 100%
rename from src/util/auxiliary/validator/val_nsec3.h
rename to src/openssl/validator/val_nsec3.h
diff --git a/src/openssl/validator/val_secalgo.h b/src/openssl/validator/val_secalgo.h
new file mode 100644
index 00000000..e4e2a7a7
--- /dev/null
+++ b/src/openssl/validator/val_secalgo.h
@@ -0,0 +1,48 @@
+#ifndef VAL_SECALGO_H_VALIDATOR
+#define VAL_SECALGO_H_VALIDATOR
+
+#define sldns_buffer                    gldns_buffer
+
+#define nsec3_hash_algo_size_supported  _getdns_nsec3_hash_algo_size_supported
+#define secalgo_nsec3_hash              _getdns_secalgo_nsec3_hash
+#define secalgo_hash_sha256             _getdns_secalgo_hash_sha256
+#define ds_digest_size_supported        _getdns_ds_digest_size_supported
+#define secalgo_ds_digest               _getdns_secalgo_ds_digest
+#define dnskey_algo_id_is_supported     _getdns_dnskey_algo_id_is_supported
+#define verify_canonrrset               _getdns_verify_canonrrset
+#define sec_status                      _getdns_sec_status
+#define sec_status_secure               _getdns_sec_status_secure
+#define sec_status_insecure             _getdns_sec_status_insecure
+#define sec_status_unchecked            _getdns_sec_status_unchecked
+#define sec_status_bogus                _getdns_sec_status_bogus
+#define fake_sha1                       _getdns_fake_sha1
+#define fake_dsa                        _getdns_fake_dsa
+
+#define NSEC3_HASH_SHA1                 0x01
+
+#define LDNS_SHA1                       GLDNS_SHA1
+#define LDNS_SHA256                     GLDNS_SHA256
+#define LDNS_SHA384                     GLDNS_SHA384
+#define LDNS_HASH_GOST                  GLDNS_HASH_GOST
+#define LDNS_RSAMD5                     GLDNS_RSAMD5
+#define LDNS_DSA                        GLDNS_DSA
+#define LDNS_DSA_NSEC3                  GLDNS_DSA_NSEC3
+#define LDNS_RSASHA1                    GLDNS_RSASHA1
+#define LDNS_RSASHA1_NSEC3              GLDNS_RSASHA1_NSEC3
+#define LDNS_RSASHA256                  GLDNS_RSASHA256
+#define LDNS_RSASHA512                  GLDNS_RSASHA512
+#define LDNS_ECDSAP256SHA256            GLDNS_ECDSAP256SHA256
+#define LDNS_ECDSAP384SHA384            GLDNS_ECDSAP384SHA384
+#define LDNS_ECC_GOST                   GLDNS_ECC_GOST
+#define sldns_key_EVP_load_gost_id      gldns_key_EVP_load_gost_id
+#define sldns_digest_evp                gldns_digest_evp
+#define sldns_key_buf2dsa_raw           gldns_key_buf2dsa_raw
+#define sldns_key_buf2rsa_raw           gldns_key_buf2rsa_raw
+#define sldns_gost2pkey_raw             gldns_gost2pkey_raw
+#define sldns_ecdsa2pkey_raw            gldns_ecdsa2pkey_raw
+#define sldns_buffer_begin              gldns_buffer_begin
+#define sldns_buffer_limit              gldns_buffer_limit
+
+#include "util/val_secalgo.h"
+
+#endif
diff --git a/src/util/auxiliary/validator/val_secalgo.h b/src/util/auxiliary/validator/val_secalgo.h
deleted file mode 100644
index 1e187cba..00000000
--- a/src/util/auxiliary/validator/val_secalgo.h
+++ /dev/null
@@ -1 +0,0 @@
-#include "util/val_secalgo.h"
diff --git a/src/util/val_secalgo.h b/src/util/val_secalgo.h
index 08f40e83..3554c658 100644
--- a/src/util/val_secalgo.h
+++ b/src/util/val_secalgo.h
@@ -1,7 +1,7 @@
 /**
  *
- * \file rbtree.h
- * /brief Alternative symbol names for unbound's rbtree.h
+ * \file val_secalgo.h
+ * /brief secalgo interface.
  *
  */
 /*
@@ -32,49 +32,23 @@
  */
 #ifndef VAL_SECALGO_H_SYMBOLS
 #define VAL_SECALGO_H_SYMBOLS
-#define sldns_buffer			gldns_buffer
-#define nsec3_hash_algo_size_supported	_getdns_nsec3_hash_algo_size_supported
-#define secalgo_nsec3_hash		_getdns_secalgo_nsec3_hash
-#define secalgo_hash_sha256		_getdns_secalgo_hash_sha256
-#define ds_digest_size_supported	_getdns_ds_digest_size_supported
-#define secalgo_ds_digest		_getdns_secalgo_ds_digest
-#define dnskey_algo_id_is_supported	_getdns_dnskey_algo_id_is_supported
-#define verify_canonrrset		_getdns_verify_canonrrset
-#define sec_status			_getdns_sec_status
-#define sec_status_secure		_getdns_sec_status_secure
-#define sec_status_insecure		_getdns_sec_status_insecure
-#define sec_status_unchecked		_getdns_sec_status_unchecked
-#define sec_status_bogus		_getdns_sec_status_bogus
-#define fake_sha1			_getdns_fake_sha1
-#define fake_dsa			_getdns_fake_dsa
+
+#include "gldns/gbuffer.h"
 
 enum sec_status { sec_status_bogus     = 0
                 , sec_status_unchecked = 0
                 , sec_status_insecure  = 0
 		, sec_status_secure    = 1 };
-#define NSEC3_HASH_SHA1			0x01
 
-#define	LDNS_SHA1			GLDNS_SHA1
-#define	LDNS_SHA256			GLDNS_SHA256
-#define LDNS_SHA384			GLDNS_SHA384
-#define LDNS_HASH_GOST			GLDNS_HASH_GOST
-#define LDNS_RSAMD5			GLDNS_RSAMD5
-#define LDNS_DSA			GLDNS_DSA
-#define LDNS_DSA_NSEC3			GLDNS_DSA_NSEC3
-#define LDNS_RSASHA1			GLDNS_RSASHA1
-#define LDNS_RSASHA1_NSEC3		GLDNS_RSASHA1_NSEC3
-#define LDNS_RSASHA256			GLDNS_RSASHA256
-#define LDNS_RSASHA512			GLDNS_RSASHA512
-#define LDNS_ECDSAP256SHA256		GLDNS_ECDSAP256SHA256
-#define LDNS_ECDSAP384SHA384		GLDNS_ECDSAP384SHA384
-#define LDNS_ECC_GOST			GLDNS_ECC_GOST
-#define sldns_key_EVP_load_gost_id	gldns_key_EVP_load_gost_id
-#define sldns_digest_evp		gldns_digest_evp
-#define sldns_key_buf2dsa_raw		gldns_key_buf2dsa_raw
-#define sldns_key_buf2rsa_raw		gldns_key_buf2rsa_raw
-#define sldns_gost2pkey_raw		gldns_gost2pkey_raw
-#define sldns_ecdsa2pkey_raw		gldns_ecdsa2pkey_raw
-#define sldns_buffer_begin		gldns_buffer_begin
-#define sldns_buffer_limit		gldns_buffer_limit
-#include "util/orig-headers/val_secalgo.h"
+size_t _getdns_ds_digest_size_supported(int algo);
+
+int _getdns_secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
+	unsigned char* res);
+
+int _getdns_dnskey_algo_id_is_supported(int id);
+
+enum sec_status _getdns_verify_canonrrset(struct gldns_buffer* buf, int algo,
+	unsigned char* sigblock, unsigned int sigblock_len,
+	unsigned char* key, unsigned int keylen, char** reason);
+
 #endif