mirror of https://github.com/getdnsapi/getdns.git
Import unbound's crypto
This commit is contained in:
Willem Toorop
parent
fda5394540
commit
2e4c0928f7
|
|
@ -74,7 +74,7 @@ LIBOBJDIR=
|
||||||
LIBOBJS=@LIBOBJS@
|
LIBOBJS=@LIBOBJS@
|
||||||
COMPAT_OBJ=$(LIBOBJS:.o=.lo)
|
COMPAT_OBJ=$(LIBOBJS:.o=.lo)
|
||||||
|
|
||||||
UTIL_OBJ=mini_event.lo rbtree.lo
|
UTIL_OBJ=mini_event.lo rbtree.lo val_secalgo.lo
|
||||||
|
|
||||||
EXTENSION_OBJ=libmini_event.lo libevent.lo libev.lo
|
EXTENSION_OBJ=libmini_event.lo libevent.lo libev.lo
|
||||||
|
|
||||||
|
|
@ -241,7 +241,8 @@ dnssec.lo dnssec.o: $(srcdir)/dnssec.c getdns/getdns.h config.h $(srcdir)/contex
|
||||||
$(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/types-internal.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
$(srcdir)/types-internal.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
|
$(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
|
||||||
$(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h
|
$(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h \
|
||||||
|
$(srcdir)/util/val_secalgo.h
|
||||||
general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h \
|
general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h \
|
||||||
getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
|
getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/extension/libmini_event.h config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
||||||
|
|
@ -306,6 +307,8 @@ mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/
|
||||||
$(srcdir)/util/fptr_wlist.h
|
$(srcdir)/util/fptr_wlist.h
|
||||||
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
|
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
|
||||||
$(srcdir)/util/rbtree.h
|
$(srcdir)/util/rbtree.h
|
||||||
|
val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/log.h \
|
||||||
|
$(srcdir)/gldns/rrdef.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/gbuffer.h
|
||||||
libev.lo libev.o: $(srcdir)/extension/libev.c $(srcdir)/getdns/getdns_ext_libev.h getdns/getdns.h \
|
libev.lo libev.o: $(srcdir)/extension/libev.c $(srcdir)/getdns/getdns_ext_libev.h getdns/getdns.h \
|
||||||
getdns/getdns_extra.h $(srcdir)/types-internal.h getdns/getdns.h \
|
getdns/getdns_extra.h $(srcdir)/types-internal.h getdns/getdns.h \
|
||||||
getdns/getdns_extra.h $(srcdir)/util/rbtree.h config.h
|
getdns/getdns_extra.h $(srcdir)/util/rbtree.h config.h
|
||||||
|
|
|
||||||
|
|
@ -207,6 +207,7 @@
|
||||||
#include "general.h"
|
#include "general.h"
|
||||||
#include "dict.h"
|
#include "dict.h"
|
||||||
#include "list.h"
|
#include "list.h"
|
||||||
|
#include "util/val_secalgo.h"
|
||||||
|
|
||||||
/* Maximum number of canonical name redirections for one name */
|
/* Maximum number of canonical name redirections for one name */
|
||||||
#define MAX_CNAMES 100
|
#define MAX_CNAMES 100
|
||||||
|
|
|
||||||
|
|
@ -30,5 +30,26 @@ do
|
||||||
-e '/^ \* linkers crosslink library-private symbols with other symbols, it works \*\//d' \
|
-e '/^ \* linkers crosslink library-private symbols with other symbols, it works \*\//d' \
|
||||||
$f > ../$f
|
$f > ../$f
|
||||||
done
|
done
|
||||||
|
for f in val_secalgo.h val_secalgo.c
|
||||||
|
do
|
||||||
|
wget http://unbound.net/svn/trunk/validator/$f || \
|
||||||
|
ftp http://unbound.net/svn/trunk/validator/$f || continue
|
||||||
|
sed -e 's/sldns/gldns/g' \
|
||||||
|
-e '/^\/\* packed_rrset on top to define enum types (forced by c99 standard) \*\/$/d' \
|
||||||
|
-e '/^#include "util\/data\/packed_rrset.h"$/d' \
|
||||||
|
-e 's/^#include "validator/#include "util/g' \
|
||||||
|
-e 's/^#include "gldns\/sbuffer/#include "gldns\/gbuffer/g' \
|
||||||
|
-e 's/ds_digest_size_supported/_getdns_ds_digest_size_supported/g' \
|
||||||
|
-e 's/secalgo_ds_digest/_getdns_secalgo_ds_digest/g' \
|
||||||
|
-e 's/dnskey_algo_id_is_supported/_getdns_dnskey_algo_id_is_supported/g' \
|
||||||
|
-e 's/verify_canonrrset/_getdns_verify_canonrrset/g' \
|
||||||
|
-e 's/LDNS_/GLDNS_/g' \
|
||||||
|
-e 's/enum sec_status/int/g' \
|
||||||
|
-e 's/sec_status_bogus/0/g' \
|
||||||
|
-e 's/sec_status_unchecked/0/g' \
|
||||||
|
-e 's/sec_status_secure/1/g' \
|
||||||
|
$f > ../$f
|
||||||
|
done
|
||||||
|
|
||||||
cd ..
|
cd ..
|
||||||
rm -r ub
|
rm -r ub
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,8 @@
|
||||||
#define UTIL_LOG_H
|
#define UTIL_LOG_H
|
||||||
|
|
||||||
#define log_assert(x)
|
#define log_assert(x)
|
||||||
|
#define verbose(...)
|
||||||
|
#define log_err(...)
|
||||||
|
|
||||||
#endif /* UTIL_LOG_H */
|
#endif /* UTIL_LOG_H */
|
||||||
|
|
||||||
|
|
|
||||||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,84 @@
|
||||||
|
/*
|
||||||
|
* validator/val_secalgo.h - validator security algorithm functions.
|
||||||
|
*
|
||||||
|
* Copyright (c) 2012, NLnet Labs. All rights reserved.
|
||||||
|
*
|
||||||
|
* This software is open source.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* Redistributions of source code must retain the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
|
* and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||||
|
* be used to endorse or promote products derived from this software without
|
||||||
|
* specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||||
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \file
|
||||||
|
*
|
||||||
|
* This file contains helper functions for the validator module.
|
||||||
|
* The functions take buffers with raw data and convert to library calls.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef VALIDATOR_VAL_SECALGO_H
|
||||||
|
#define VALIDATOR_VAL_SECALGO_H
|
||||||
|
struct gldns_buffer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return size of DS digest according to its hash algorithm.
|
||||||
|
* @param algo: DS digest algo.
|
||||||
|
* @return size in bytes of digest, or 0 if not supported.
|
||||||
|
*/
|
||||||
|
size_t _getdns_ds_digest_size_supported(int algo);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param algo: the DS digest algo
|
||||||
|
* @param buf: the buffer to digest
|
||||||
|
* @param len: length of buffer to digest.
|
||||||
|
* @param res: result stored here (must have sufficient space).
|
||||||
|
* @return false on failure.
|
||||||
|
*/
|
||||||
|
int _getdns_secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
|
||||||
|
unsigned char* res);
|
||||||
|
|
||||||
|
/** return true if DNSKEY algorithm id is supported */
|
||||||
|
int _getdns_dnskey_algo_id_is_supported(int id);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check a canonical sig+rrset and signature against a dnskey
|
||||||
|
* @param buf: buffer with data to verify, the first rrsig part and the
|
||||||
|
* canonicalized rrset.
|
||||||
|
* @param algo: DNSKEY algorithm.
|
||||||
|
* @param sigblock: signature rdata field from RRSIG
|
||||||
|
* @param sigblock_len: length of sigblock data.
|
||||||
|
* @param key: public key data from DNSKEY RR.
|
||||||
|
* @param keylen: length of keydata.
|
||||||
|
* @param reason: bogus reason in more detail.
|
||||||
|
* @return secure if verification succeeded, bogus on crypto failure,
|
||||||
|
* unchecked on format errors and alloc failures.
|
||||||
|
*/
|
||||||
|
int _getdns_verify_canonrrset(struct gldns_buffer* buf, int algo,
|
||||||
|
unsigned char* sigblock, unsigned int sigblock_len,
|
||||||
|
unsigned char* key, unsigned int keylen, char** reason);
|
||||||
|
|
||||||
|
#endif /* VALIDATOR_VAL_SECALGO_H */
|
||||||
Loading…
Reference in New Issue