mirror of https://github.com/getdnsapi/getdns.git
Import unbound's crypto
This commit is contained in:
Willem Toorop
parent
fda5394540
commit
2e4c0928f7
|
|
@ -74,7 +74,7 @@ LIBOBJDIR=
|
|||
LIBOBJS=@LIBOBJS@
|
||||
COMPAT_OBJ=$(LIBOBJS:.o=.lo)
|
||||
|
||||
UTIL_OBJ=mini_event.lo rbtree.lo
|
||||
UTIL_OBJ=mini_event.lo rbtree.lo val_secalgo.lo
|
||||
|
||||
EXTENSION_OBJ=libmini_event.lo libevent.lo libev.lo
|
||||
|
||||
|
|
@ -241,7 +241,8 @@ dnssec.lo dnssec.o: $(srcdir)/dnssec.c getdns/getdns.h config.h $(srcdir)/contex
|
|||
$(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
|
||||
$(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h
|
||||
$(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h \
|
||||
$(srcdir)/util/val_secalgo.h
|
||||
general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h \
|
||||
getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
||||
|
|
@ -306,6 +307,8 @@ mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/
|
|||
$(srcdir)/util/fptr_wlist.h
|
||||
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/rbtree.h
|
||||
val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/gbuffer.h
|
||||
libev.lo libev.o: $(srcdir)/extension/libev.c $(srcdir)/getdns/getdns_ext_libev.h getdns/getdns.h \
|
||||
getdns/getdns_extra.h $(srcdir)/types-internal.h getdns/getdns.h \
|
||||
getdns/getdns_extra.h $(srcdir)/util/rbtree.h config.h
|
||||
|
|
|
|||
|
|
@ -207,6 +207,7 @@
|
|||
#include "general.h"
|
||||
#include "dict.h"
|
||||
#include "list.h"
|
||||
#include "util/val_secalgo.h"
|
||||
|
||||
/* Maximum number of canonical name redirections for one name */
|
||||
#define MAX_CNAMES 100
|
||||
|
|
|
|||
|
|
@ -30,5 +30,26 @@ do
|
|||
-e '/^ \* linkers crosslink library-private symbols with other symbols, it works \*\//d' \
|
||||
$f > ../$f
|
||||
done
|
||||
for f in val_secalgo.h val_secalgo.c
|
||||
do
|
||||
wget http://unbound.net/svn/trunk/validator/$f || \
|
||||
ftp http://unbound.net/svn/trunk/validator/$f || continue
|
||||
sed -e 's/sldns/gldns/g' \
|
||||
-e '/^\/\* packed_rrset on top to define enum types (forced by c99 standard) \*\/$/d' \
|
||||
-e '/^#include "util\/data\/packed_rrset.h"$/d' \
|
||||
-e 's/^#include "validator/#include "util/g' \
|
||||
-e 's/^#include "gldns\/sbuffer/#include "gldns\/gbuffer/g' \
|
||||
-e 's/ds_digest_size_supported/_getdns_ds_digest_size_supported/g' \
|
||||
-e 's/secalgo_ds_digest/_getdns_secalgo_ds_digest/g' \
|
||||
-e 's/dnskey_algo_id_is_supported/_getdns_dnskey_algo_id_is_supported/g' \
|
||||
-e 's/verify_canonrrset/_getdns_verify_canonrrset/g' \
|
||||
-e 's/LDNS_/GLDNS_/g' \
|
||||
-e 's/enum sec_status/int/g' \
|
||||
-e 's/sec_status_bogus/0/g' \
|
||||
-e 's/sec_status_unchecked/0/g' \
|
||||
-e 's/sec_status_secure/1/g' \
|
||||
$f > ../$f
|
||||
done
|
||||
|
||||
cd ..
|
||||
rm -r ub
|
||||
|
|
|
|||
|
|
@ -35,6 +35,8 @@
|
|||
#define UTIL_LOG_H
|
||||
|
||||
#define log_assert(x)
|
||||
#define verbose(...)
|
||||
#define log_err(...)
|
||||
|
||||
#endif /* UTIL_LOG_H */
|
||||
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,84 @@
|
|||
/*
|
||||
* validator/val_secalgo.h - validator security algorithm functions.
|
||||
*
|
||||
* Copyright (c) 2012, NLnet Labs. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file
|
||||
*
|
||||
* This file contains helper functions for the validator module.
|
||||
* The functions take buffers with raw data and convert to library calls.
|
||||
*/
|
||||
|
||||
#ifndef VALIDATOR_VAL_SECALGO_H
|
||||
#define VALIDATOR_VAL_SECALGO_H
|
||||
struct gldns_buffer;
|
||||
|
||||
/**
|
||||
* Return size of DS digest according to its hash algorithm.
|
||||
* @param algo: DS digest algo.
|
||||
* @return size in bytes of digest, or 0 if not supported.
|
||||
*/
|
||||
size_t _getdns_ds_digest_size_supported(int algo);
|
||||
|
||||
/**
|
||||
* @param algo: the DS digest algo
|
||||
* @param buf: the buffer to digest
|
||||
* @param len: length of buffer to digest.
|
||||
* @param res: result stored here (must have sufficient space).
|
||||
* @return false on failure.
|
||||
*/
|
||||
int _getdns_secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
|
||||
unsigned char* res);
|
||||
|
||||
/** return true if DNSKEY algorithm id is supported */
|
||||
int _getdns_dnskey_algo_id_is_supported(int id);
|
||||
|
||||
/**
|
||||
* Check a canonical sig+rrset and signature against a dnskey
|
||||
* @param buf: buffer with data to verify, the first rrsig part and the
|
||||
* canonicalized rrset.
|
||||
* @param algo: DNSKEY algorithm.
|
||||
* @param sigblock: signature rdata field from RRSIG
|
||||
* @param sigblock_len: length of sigblock data.
|
||||
* @param key: public key data from DNSKEY RR.
|
||||
* @param keylen: length of keydata.
|
||||
* @param reason: bogus reason in more detail.
|
||||
* @return secure if verification succeeded, bogus on crypto failure,
|
||||
* unchecked on format errors and alloc failures.
|
||||
*/
|
||||
int _getdns_verify_canonrrset(struct gldns_buffer* buf, int algo,
|
||||
unsigned char* sigblock, unsigned int sigblock_len,
|
||||
unsigned char* key, unsigned int keylen, char** reason);
|
||||
|
||||
#endif /* VALIDATOR_VAL_SECALGO_H */
|
||||
Loading…
Reference in New Issue