interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'develop' into hackathon/zeroconf-dnssec

This commit is contained in:
Willem Toorop 2017-06-20 10:06:00 +02:00
parent 67d787d74a ac084db231
commit 4275ea6ffa
55 changed files with 2509 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ChangeLog
View File

@ -1,3 +1,19 @@
* 2017-06-15: Version 1.1.1
* Bugfix #306 hanging/segfaulting on certain (IPv6) upstream failures
* Spelling fix s/receive/receive. Thanks Andreas Schulze.
* Added stubby-setdns-macos.sh script to support Homebrew formula
* Include stubby.conf in the districution tarball
* Bugfix #286 reschedule reused listening addresses
* Bugfix #166 Allow parallel builds and unit-tests
* NSAP-PTR, EID and NIMLOC, TALINK, AVC support
* Bugfix of TA RR type
* OPENPGPKEY and SMIMEA support
* Bugfix TAG rdata type presentation format for CAA RR type
* Bugfix Zero sized gateways with IPSECKEY gateway_type 0
* Guidance for integration with systemd
* Also check for memory leaks with advances server capabilities.
* Bugfix convert IP string to IP dict with getdns_str2dict() directly.
* 2017-04-13: Version 1.1.0
* bugfix: Check size of tls_auth_name.
* Improvements that came from Visual Studio static analysis

19
Makefile.in
View File

@ -52,7 +52,7 @@ everything: default
default:
cd src && $(MAKE) $@
install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBBY@
install: default getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBBY@
$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir)
@ -98,27 +98,27 @@ example:
cd spec/example && $(MAKE) $@
test: default
cd src && $(MAKE) $@
cd src/test && $(MAKE) $@
getdns_query: default
cd src && $(MAKE) $@
cd src/tools && $(MAKE) $@
stubby: getdns_query
cd src && $(MAKE) $@
cd src/tools && $(MAKE) $@
scratchpad: default
cd src && $(MAKE) $@
cd src/test && $(MAKE) $@
pad: scratchpad
src/test/scratchpad || ./libtool exec gdb src/test/scratchpad
install-getdns_query:
install-getdns_query: getdns_query
cd src/tools && $(MAKE) $@
uninstall-getdns_query:
cd src/tools && $(MAKE) $@
install-stubby:
install-stubby: getdns_query
cd src/tools && $(MAKE) $@
uninstall-stubby:
@ -198,6 +198,7 @@ $(distdir):
mkdir -p $(distdir)/src/tools
mkdir -p $(distdir)/src/jsmn
mkdir -p $(distdir)/doc
mkdir -p $(distdir)/systemd
mkdir -p $(distdir)/spec
mkdir -p $(distdir)/spec/example
cp $(srcdir)/configure.ac $(distdir)
@ -240,8 +241,12 @@ $(distdir):
cp $(srcdir)/spec/*.html $(distdir)/spec
cp $(srcdir)/spec/example/Makefile.in $(distdir)/spec/example
cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example
cp $(srcdir)/systemd/README.md $(distdir)/systemd
cp $(srcdir)/systemd/stubby.* $(distdir)/systemd
cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools
cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools
cp $(srcdir)/src/tools/stubby.conf $(distdir)/src/tools
cp $(srcdir)/src/tools/stubby-setdns-macos.sh $(distdir)/src/tools
cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn
cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn
cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn

35
configure.ac
View File

@ -36,7 +36,11 @@ sinclude(./m4/acx_getaddrinfo.m4)
sinclude(./m4/ax_check_compile_flag.m4)
sinclude(./m4/pkg.m4)
AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
AC_INIT([getdns], [1.1.1], [users@getdnsapi.net], [], [https://getdnsapi.net])
# Dont forget to put a dash in front of the release candidate!!!
# That is how it is done with semantic versioning!
#
AC_SUBST(RELEASE_CANDIDATE, [])
# Set current date from system if not set
@ -47,7 +51,7 @@ AC_ARG_WITH([current-date],
[CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01010000])
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01010100])
AC_SUBST(API_VERSION, ["December 2015"])
AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
@ -77,10 +81,11 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE
# getdns-0.5.0 had libversion 4:0:3
# getdns-0.5.1 had libversion 4:1:3 (but should have been getdns-0.6.0)
# getdns-0.9.0 had libversion 5:0:4
# getdns-1.0.0 had libversion 5:1:4
# getdns-1.1.0 will have libversion 6:0:0
# getdns-1.0.0 had libversion 5:1:4
# getdns-1.1.0 had libversion 6:0:0
# getdns-1.1.1 has libversion 6:1:0
#
GETDNS_LIBVERSION=6:0:0
GETDNS_LIBVERSION=6:1:0
AC_SUBST(GETDNS_COMPILATION_COMMENT)
AC_SUBST(GETDNS_LIBVERSION)
@ -305,7 +310,7 @@ fi
AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/dsa.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method DSA_SIG_set0 EVP_dss1 SSL_CTX_set_min_proto_version])
AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_min_proto_version])
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
AC_INCLUDES_DEFAULT
#ifdef HAVE_OPENSSL_ERR_H
@ -508,6 +513,24 @@ case "$enable_dsa" in
;;
esac
AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support]))
use_ed25519="no"
case "$enable_ed25519" in
no)
;;
*)
if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
AC_CHECK_DECLS([NID_ED25519], [
AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
use_ed25519="yes"
], [ if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.])
fi ], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
fi
;;
esac
AC_ARG_ENABLE(all-drafts, AC_HELP_STRING([--enable-all-drafts], [Enables the draft mdns client support]))
case "$enable_all_drafts" in
yes)

21
src/gldns/keyraw.c
View File

@ -388,6 +388,27 @@ gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
}
#endif /* USE_ECDSA */
#ifdef USE_ED25519
EVP_PKEY*
gldns_ed255192pkey_raw(const unsigned char* key, size_t keylen)
{
/* ASN1 for ED25519 is 302a300506032b6570032100 <32byteskey> */
uint8_t pre[] = {0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x70, 0x03, 0x21, 0x00};
int pre_len = 12;
uint8_t buf[256];
EVP_PKEY *evp_key;
/* pp gets modified by d2i() */
const unsigned char* pp = (unsigned char*)buf;
if(keylen != 32 || keylen + pre_len > sizeof(buf))
return NULL; /* wrong length */
memmove(buf, pre, pre_len);
memmove(buf+pre_len, key, keylen);
evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
return evp_key;
}
#endif /* USE_ED25519 */
int
gldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
const EVP_MD* md)

9
src/gldns/keyraw.h
View File

@ -92,6 +92,15 @@ EVP_PKEY* gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
*/
RSA *gldns_key_buf2rsa_raw(unsigned char* key, size_t len);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
* Only available if ldns was compiled with ED25519.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return the key or NULL on error.
*/
EVP_PKEY* gldns_ed255192pkey_raw(const unsigned char* key, size_t len);
/**
* Utility function to calculate hash using generic EVP_MD pointer.
* \param[in] data the data to hash.

2
src/gldns/rrdef.c
View File

@ -606,7 +606,7 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
{GLDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
#ifdef DRAFT_RRTYPES
/* 258 */
{GLDNS_RR_TYPE_TXT, "AVC", 1, 0, NULL, GLDNS_RDF_TYPE_STR, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_AVC, "AVC", 1, 0, NULL, GLDNS_RDF_TYPE_STR, GLDNS_RR_NO_COMPRESS, 0 },
#else
{GLDNS_RR_TYPE_NULL, "TYPE258", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
#endif

10
src/gldns/str2wire.c
View File

@ -869,6 +869,8 @@ int gldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
/* we can have the situation, where we've read ok, but still got
* no bytes to play with, in this case size is 0 */
if(size == 0) {
if(*len > 0)
rr[0] = 0;
*len = 0;
*dname_len = 0;
return GLDNS_WIREPARSE_ERR_OK;
@ -876,6 +878,7 @@ int gldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
if(strncmp(line, "$ORIGIN", 7) == 0 && isspace((unsigned char)line[7])) {
int s;
strlcpy((char*)rr, line, *len);
*len = 0;
*dname_len = 0;
if(!parse_state) return GLDNS_WIREPARSE_ERR_OK;
@ -886,12 +889,19 @@ int gldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
return s;
} else if(strncmp(line, "$TTL", 4) == 0 && isspace((unsigned char)line[4])) {
const char* end = NULL;
strlcpy((char*)rr, line, *len);
*len = 0;
*dname_len = 0;
if(!parse_state) return GLDNS_WIREPARSE_ERR_OK;
parse_state->default_ttl = gldns_str2period(
gldns_strip_ws(line+5), &end);
} else if (strncmp(line, "$INCLUDE", 8) == 0) {
strlcpy((char*)rr, line, *len);
*len = 0;
*dname_len = 0;
return GLDNS_WIREPARSE_ERR_INCLUDE;
} else if (strncmp(line, "$", 1) == 0) {
strlcpy((char*)rr, line, *len);
*len = 0;
*dname_len = 0;
return GLDNS_WIREPARSE_ERR_INCLUDE;

2
src/gldns/str2wire.h
View File

@ -237,6 +237,8 @@ struct gldns_file_parse_state {
* @param rr: this is malloced by the user and the result is stored here,
* if an RR is read. If no RR is read this is signalled with the
* return len set to 0 (for ORIGIN, TTL directives).
* The read line is available in the rr_buf (zero terminated), for
* $DIRECTIVE style elements.
* @param len: on input, the length of the rr buffer. on output the rr len.
* Buffer size of 64k should be enough.
* @param dname_len: returns the length of the dname initial part of the rr.

5
src/mdns.c
View File

@ -1746,7 +1746,7 @@ mdns_udp_read_cb(void *userarg)
if (read < GLDNS_HEADER_SIZE)
return; /* Not DNS */
if (GLDNS_ID_WIRE(netreq->response) != netreq->query_id)
if (GLDNS_ID_WIRE(netreq->response) != GLDNS_ID_WIRE(netreq->query))
return; /* Cache poisoning attempt ;) */
// TODO: check whether EDNS server cookies are required for MDNS
@ -1788,8 +1788,7 @@ mdns_udp_write_cb(void *userarg)
netreq->debug_start_time = _getdns_get_time_as_uintt64();
netreq->debug_udp = 1;
netreq->query_id = (uint16_t) arc4random();
GLDNS_ID_SET(netreq->query, netreq->query_id);
GLDNS_ID_SET(netreq->query, (uint16_t) arc4random());
/* do we need to handle options valid in the MDNS context? */

1
src/request-internal.c
View File

@ -125,7 +125,6 @@ netreq_reset(getdns_network_req *net_req)
_getdns_netreq_change_state(net_req, NET_REQ_NOT_SENT);
net_req->dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
net_req->tsig_status = GETDNS_DNSSEC_INDETERMINATE;
net_req->query_id = 0;
net_req->response_len = 0;
/* Some fields to record info for return_call_reporting */
net_req->debug_start_time = 0;

5
src/server.c
View File

@ -995,15 +995,16 @@ getdns_return_t getdns_context_set_listen_addresses(
connection *conn;
loop->vmt->clear(loop, &l->to_replace->event);
(void) memset(&l->to_replace->event, 0,
sizeof(getdns_eventloop_event));
l->fd = l->to_replace->fd;
l->event = l->to_replace->event;
l->event.userarg = l;
l->connections = l->to_replace->connections;
for (conn = l->connections; conn; conn = conn->next)
conn->l = l;
(void) memset(&l->to_replace->event, 0,
sizeof(getdns_eventloop_event));
l->to_replace->connections = NULL;
l->to_replace->fd = -1;

88
src/stub.c
View File

@ -362,7 +362,7 @@ process_keepalive(
/* Use server sent value unless the client specified a shorter one.
Convert to ms first (wire value has units of 100ms) */
uint64_t server_keepalive = ((uint64_t)gldns_read_uint16(position))*100;
DEBUG_STUB("%s %-35s: FD: %d Server Keepalive recieved: %d ms\n",
DEBUG_STUB("%s %-35s: FD: %d Server Keepalive received: %d ms\n",
STUB_DEBUG_READ, __FUNC__, upstream->fd,
(int)server_keepalive);
if (netreq->owner->context->idle_timeout < server_keepalive)
@ -505,7 +505,6 @@ stub_cleanup(getdns_network_req *netreq)
getdns_dns_req *dnsreq = netreq->owner;
getdns_network_req *r, *prev_r;
getdns_upstream *upstream;
intptr_t query_id_intptr;
GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
@ -514,9 +513,8 @@ stub_cleanup(getdns_network_req *netreq)
return;
/* Delete from upstream->netreq_by_query_id (if present) */
query_id_intptr = (intptr_t)netreq->query_id;
(void) _getdns_rbtree_delete(
&upstream->netreq_by_query_id, (void *)query_id_intptr);
(void) _getdns_rbtree_delete(&upstream->netreq_by_query_id,
(void *)(intptr_t)GLDNS_ID_WIRE(netreq->query));
/* Delete from upstream->write_queue (if present) */
for (prev_r = NULL, r = upstream->write_queue; r;
@ -540,6 +538,8 @@ stub_cleanup(getdns_network_req *netreq)
static void
upstream_failed(getdns_upstream *upstream, int during_setup)
{
getdns_network_req *netreq;
DEBUG_STUB("%s %-35s: FD: %d Failure during connection setup = %d\n",
STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd, during_setup);
/* Fallback code should take care of queue queries and then close conn
@ -565,16 +565,14 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
} else {
upstream->conn_shutdowns++;
/* [TLS1]TODO: Re-try these queries if possible.*/
getdns_network_req *netreq;
while (upstream->netreq_by_query_id.count) {
netreq = (getdns_network_req *)
_getdns_rbtree_first(&upstream->netreq_by_query_id);
stub_cleanup(netreq);
_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
_getdns_check_dns_req_complete(netreq->owner);
}
}
while (upstream->netreq_by_query_id.count) {
netreq = (getdns_network_req *)
_getdns_rbtree_first(&upstream->netreq_by_query_id);
stub_cleanup(netreq);
_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
_getdns_check_dns_req_complete(netreq->owner);
}
upstream->conn_state = GETDNS_CONN_TEARDOWN;
}
@ -779,6 +777,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
&netreq->upstream->netreq_by_query_id, &netreq->node));
GLDNS_ID_SET(netreq->query, query_id);
if (netreq->opt) {
_getdns_network_req_clear_upstream_options(netreq);
/* no limits on the max udp payload size with tcp */
@ -836,8 +835,13 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
return STUB_TCP_WOULDBLOCK;
} else if (written == -1)
} else if (written == -1) {
DEBUG_STUB("%s %-35s: MSG: %p error while writing to TCP socket:"
" %s\n", STUB_DEBUG_WRITE, __FUNC__, (void*)netreq
, strerror(errno));
return STUB_TCP_ERROR;
}
/* We were able to write everything! Start reading. */
return (int) query_id;
@ -856,8 +860,13 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
if (written == -1) {
if (_getdns_EWOULDBLOCK)
return STUB_TCP_WOULDBLOCK;
else
else {
DEBUG_STUB("%s %-35s: MSG: %p error while writing to TCP socket:"
" %s\n", STUB_DEBUG_WRITE, __FUNC__, (void*)netreq
, strerror(errno));
return STUB_TCP_ERROR;
}
}
tcp->written += written;
if (tcp->written < tcp->write_buf_len)
@ -1269,6 +1278,7 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
&netreq->upstream->netreq_by_query_id, &netreq->node));
GLDNS_ID_SET(netreq->query, query_id);
/* TODO: Review if more EDNS0 handling can be centralised.*/
if (netreq->opt) {
_getdns_network_req_clear_upstream_options(netreq);
@ -1416,7 +1426,7 @@ stub_udp_read_cb(void *userarg)
if (read < GLDNS_HEADER_SIZE)
return; /* Not DNS */
if (GLDNS_ID_WIRE(netreq->response) != netreq->query_id)
if (GLDNS_ID_WIRE(netreq->response) != GLDNS_ID_WIRE(netreq->query))
return; /* Cache poisoning attempt ;) */
if (netreq->owner->edns_cookies && match_and_process_server_cookie(
@ -1480,6 +1490,7 @@ stub_udp_write_cb(void *userarg)
getdns_network_req *netreq = (getdns_network_req *)userarg;
getdns_dns_req *dnsreq = netreq->owner;
size_t pkt_len;
ssize_t written;
DEBUG_STUB("%s %-35s: MSG: %p \n", STUB_DEBUG_WRITE,
__FUNC__, (void *)netreq);
@ -1487,8 +1498,7 @@ stub_udp_write_cb(void *userarg)
netreq->debug_start_time = _getdns_get_time_as_uintt64();
netreq->debug_udp = 1;
netreq->query_id = arc4random();
GLDNS_ID_SET(netreq->query, netreq->query_id);
GLDNS_ID_SET(netreq->query, (uint16_t)arc4random());
if (netreq->opt) {
_getdns_network_req_clear_upstream_options(netreq);
if (netreq->edns_maximum_udp_payload_size == -1)
@ -1504,15 +1514,34 @@ stub_udp_write_cb(void *userarg)
return; /* too many upstream options */
}
pkt_len = _getdns_network_req_add_tsig(netreq);
if ((ssize_t)pkt_len != sendto(
if ((ssize_t)pkt_len != (written = sendto(
netreq->fd, (const void *)netreq->query, pkt_len, 0,
(struct sockaddr *)&netreq->upstream->addr,
netreq->upstream->addr_len)) {
#ifdef USE_WINSOCK
closesocket(netreq->fd);
#else
close(netreq->fd);
netreq->upstream->addr_len))) {
#if defined(STUB_DEBUG) && STUB_DEBUG
if (written == -1)
DEBUG_STUB( "%s %-35s: MSG: %p error: %s\n"
, STUB_DEBUG_WRITE, __FUNC__, (void *)netreq
, strerror(errno));
else
DEBUG_STUB( "%s %-35s: MSG: %p returned: %d, expeced: %d\n"
, STUB_DEBUG_WRITE, __FUNC__, (void *)netreq
, (int)written, (int)pkt_len);
#endif
stub_cleanup(netreq);
_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
/* Handle upstream*/
if (netreq->fd >= 0) {
#ifdef USE_WINSOCK
closesocket(netreq->fd);
#else
close(netreq->fd);
#endif
stub_next_upstream(netreq);
}
netreq->debug_end_time = _getdns_get_time_as_uintt64();
_getdns_check_dns_req_complete(netreq->owner);
return;
}
GETDNS_SCHEDULE_EVENT(dnsreq->loop, netreq->fd,
@ -1689,6 +1718,7 @@ upstream_write_cb(void *userarg)
*/
case STUB_TCP_WOULDBLOCK:
return;
case STUB_OUT_OF_OPTIONS:
case STUB_TCP_ERROR:
/* New problem with the TCP connection itself. Need to fallback.*/
/* Fall through */
@ -1696,6 +1726,8 @@ upstream_write_cb(void *userarg)
/* Could not complete the set up. Need to fallback.*/
DEBUG_STUB("%s %-35s: Upstream: %p ERROR = %d\n", STUB_DEBUG_WRITE,
__FUNC__, (void*)userarg, q);
(void) _getdns_rbtree_delete(&upstream->netreq_by_query_id,
(void *)(intptr_t)GLDNS_ID_WIRE(netreq->query));
upstream_failed(upstream, (q == STUB_TCP_ERROR ? 0:1));
/* Fall through */
case STUB_CONN_GONE:
@ -1709,7 +1741,7 @@ upstream_write_cb(void *userarg)
#endif
if (fallback_on_write(netreq) == STUB_TCP_ERROR) {
/* TODO: Need new state to report transport unavailable*/
_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
_getdns_check_dns_req_complete(netreq->owner);
}
return;
@ -1726,7 +1758,7 @@ upstream_write_cb(void *userarg)
/* Need this because auth status is reset on connection close */
netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
upstream->queries_sent++;
netreq->query_id = (uint16_t) q;
/* Unqueue the netreq from the write_queue */
if (!(upstream->write_queue = netreq->write_queue_tail)) {
upstream->write_queue_last = NULL;
@ -2056,6 +2088,8 @@ upstream_find_for_netreq(getdns_network_req *netreq)
netreq->transport_current = i;
netreq->upstream = upstream;
netreq->keepalive_sent = 0;
DEBUG_STUB("%s %-35s: MSG: %p found upstream %p with transport %d, fd: %d\n", STUB_DEBUG_SCHEDULE, __FUNC__, (void*)netreq, (void *)upstream, (int)netreq->transports[i], fd);
return fd;
}
/* Handle better, will give generic error*/

27
src/test/Makefile.in
View File

@ -148,13 +148,28 @@ nolibcheck:
@echo "***"
@false
test: $(NOLIBCHECK) all
(cd $(srcdir)/../.. && find . -type f -executable -and \( -name "*.[ch]" -or -name "*.html" -or -name "*.in" -or -name "*.good" -or -name "*.ac" \) | awk 'BEGIN{e=0}{print("ERROR! Executable bit found on", $$0);e=1}END{exit(e)}')
test_noeventloop: $(NOLIBCHECK) all
rm -f $(CHECK_GETDNS).failed
GETDNS_TEST_PORT=43210 CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_GETDNS).log" ./$(CHECK_GETDNS) || echo "$(CHECK_GETDNS) failed" >> $(CHECK_GETDNS).failed
test_libevent: $(NOLIBCHECK) all
rm -f $(CHECK_EVENT_PROG).failed
if test $(have_libevent) = 1 ; then GETDNS_TEST_PORT=44321 CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_EVENT_PROG).log" ./$(CHECK_EVENT_PROG) || echo "$(CHECK_EVENT_PROG) failed" >> $(CHECK_EVENT_PROG).failed; fi
test_libev: $(NOLIBCHECK) all
rm -f $(CHECK_EV_PROG).failed
if test $(have_libev) = 1 ; then GETDNS_TEST_PORT=45432 CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_EV_PROG).log" ./$(CHECK_EV_PROG) || echo "$(CHECK_EV_PROG) failed" >> $(CHECK_EV_PROG).failed; fi
test_libuv: $(NOLIBCHECK) all
rm -f $(CHECK_UV_PROG).failed
if test $(have_libev) = 1 ; then GETDNS_TEST_PORT=46543 CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_UV_PROG).log" ./$(CHECK_UV_PROG) || echo "$(CHECK_UV_PROG) failed" >> $(CHECK_UV_PROG).failed; fi
test: test_noeventloop test_libevent test_libev test_libuv
rm -f fails
CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_GETDNS).log" ./$(CHECK_GETDNS) || echo "$(CHECK_GETDNS) failed" >> fails
if test $(have_libevent) = 1 ; then CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_EVENT_PROG).log" ./$(CHECK_EVENT_PROG) || echo "$(CHECK_EVENT_PROG) failed" >> fails; fi
if test $(have_libev) = 1 ; then CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_EV_PROG).log" ./$(CHECK_EV_PROG) || echo "$(CHECK_EV_PROG) failed" >> fails; fi
if test $(have_libuv) = 1 ; then CK_TIMEOUT_MULTIPLIER=2 CK_LOG_FILE_NAME="$(CHECK_UV_PROG).log" ./$(CHECK_UV_PROG) || echo "$(CHECK_UV_PROG) failed" >> fails; fi
if test -f $(CHECK_GETDNS).failed ; then cat $(CHECK_GETDNS).failed >> fails ; fi
if test -f $(CHECK_EVENT_PROG).failed ; then cat $(CHECK_EVENT_PROG).failed >> fails ; fi
if test -f $(CHECK_EV_PROG).failed ; then cat $(CHECK_EV_PROG).failed >> fails ; fi
if test -f $(CHECK_UV_PROG).failed ; then cat $(CHECK_UV_PROG).failed >> fails ; fi
test ! -e fails
@echo "All tests OK"

4
src/test/check_getdns_context_create.h
View File

@ -55,9 +55,13 @@
* GETDNS_RETURN_GOOD
*/
struct getdns_context *context = NULL;
getdns_append_name_t append_name;
CONTEXT_CREATE(TRUE);
// TODO: Do something here to verify set_from_os = TRUE
getdns_context_set_append_name(context, GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST);
getdns_context_get_append_name(context, &append_name);
ck_assert_msg(append_name == GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST, "suffix is not correct");
CONTEXT_DESTROY;
}
END_TEST

41
src/test/check_getdns_context_set_context_update_callback.h
View File

@ -111,6 +111,8 @@
*/
struct getdns_context *context = NULL;
getdns_namespace_t namespace_arr[2] = {GETDNS_NAMESPACE_DNS, GETDNS_NAMESPACE_LOCALNAMES};
size_t count;
getdns_namespace_t *namespaces;
CONTEXT_CREATE(TRUE);
ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -118,8 +120,12 @@
expected_changed_item = GETDNS_CONTEXT_CODE_NAMESPACES;
ASSERT_RC(getdns_context_set_namespaces(context, 2,namespace_arr),
ASSERT_RC(getdns_context_set_namespaces(context, 2, namespace_arr),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_namespaces()");
ASSERT_RC(getdns_context_get_namespaces(context, &count, &namespaces),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_namespaces()");
ck_assert_msg(count == 2 && namespaces[0] == 500 && namespaces[1] == 501, "namespaces are not correctly set");
CONTEXT_DESTROY;
@ -207,6 +213,7 @@
* expect: GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS
*/
struct getdns_context *context = NULL;
getdns_redirects_t redir;
CONTEXT_CREATE(TRUE);
ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -215,6 +222,8 @@
expected_changed_item = GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS;
(void) getdns_context_set_follow_redirects(context, GETDNS_REDIRECTS_DO_NOT_FOLLOW);
(void) getdns_context_get_follow_redirects(context, &redir);
ck_assert_msg(redir == GETDNS_REDIRECTS_DO_NOT_FOLLOW, "getdns_context_get_follow_redirects failed");
CONTEXT_DESTROY;
@ -301,6 +310,8 @@
* expect: GETDNS_CONTEXT_CODE_EDNS_EXTENDED_RCODE
*/
struct getdns_context *context = NULL;
uint8_t extended_rcode;
CONTEXT_CREATE(TRUE);
ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -310,6 +321,9 @@
ASSERT_RC(getdns_context_set_edns_extended_rcode(context, 1),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_extended_rcode()");
ASSERT_RC(getdns_context_get_edns_extended_rcode(context, &extended_rcode),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_edns_extended_rcode()");
ck_assert_msg(extended_rcode == 1, "extended_rcode should be 1, got %d", (int)extended_rcode);
CONTEXT_DESTROY;
@ -325,6 +339,8 @@
* expect: GETDNS_CONTEXT_CODE_EDNS_VERSION
*/
struct getdns_context *context = NULL;
uint8_t version;
CONTEXT_CREATE(TRUE);
ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -334,6 +350,9 @@
ASSERT_RC(getdns_context_set_edns_version(context, 1),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_version()");
ASSERT_RC(getdns_context_get_edns_version(context, &version),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_edns_version()");
ck_assert_msg(version == 1, "version should be 1, got %d", (int)version);
CONTEXT_DESTROY;
@ -373,6 +392,8 @@
* expect: GETDNS_CONTEXT_CODE_EDNS_CLIENT_SUBNET_PRIVATE
*/
struct getdns_context *context = NULL;
uint8_t client_subnet_private;
CONTEXT_CREATE(TRUE);
ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -382,6 +403,9 @@
ASSERT_RC(getdns_context_set_edns_client_subnet_private(context, 1),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_client_subnet_private()");
ASSERT_RC(getdns_context_get_edns_client_subnet_private(context, &client_subnet_private),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_edns_client_subnet_private()");
ck_assert_msg(client_subnet_private == 1, "client_subnet_private should be 1, got %d", (int)client_subnet_private);
CONTEXT_DESTROY;
@ -397,6 +421,8 @@
* expect: GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE
*/
struct getdns_context *context = NULL;
uint16_t pad;
CONTEXT_CREATE(TRUE);
ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -406,6 +432,9 @@
ASSERT_RC(getdns_context_set_tls_query_padding_blocksize(context, 1400),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_tls_query_padding_blocksize()");
ASSERT_RC(getdns_context_get_tls_query_padding_blocksize(context, &pad),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_query_padding_blocksize()");
ck_assert_msg(pad == 1400, "padding_blocksize should be 1400 but got %d", (int) pad);
CONTEXT_DESTROY;
@ -438,11 +467,12 @@
START_TEST (getdns_context_set_context_update_callback_23)
{
/*
* value is NULL
* expect: GETDNS_RETURN_INVALID_PARAMETER
* expect: GETDNS_RETURN_GOOD
*/
struct getdns_context *context = NULL;
uint8_t round_robin;
CONTEXT_CREATE(TRUE);
ASSERT_RC(getdns_context_set_context_update_callback(context, update_callbackfn),
@ -451,7 +481,10 @@
expected_changed_item = GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS;
ASSERT_RC(getdns_context_set_round_robin_upstreams(context, 1),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_timeout()");
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_round_robin_upstream()");
ASSERT_RC(getdns_context_get_round_robin_upstreams(context, &round_robin),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_round_robin_upstream()");
ck_assert_msg( round_robin == 1, "round_robin should be 1, got %d", (int)round_robin);
CONTEXT_DESTROY;

101
src/test/check_getdns_context_set_dns_transport.h
View File

@ -39,7 +39,7 @@
{
/*
* context is NULL
* expect: GETDNS_RETURN_BAD_CONTEXT
* expect: GETDNS_RETURN_INVALID_PARAMETER
*/
struct getdns_context *context = NULL;
@ -47,7 +47,12 @@
ASSERT_RC(getdns_context_set_dns_transport(context, value),
GETDNS_RETURN_INVALID_PARAMETER, "Return code from getdns_context_set_dns_transport()");
ASSERT_RC(getdns_context_set_edns_maximum_udp_payload_size(context, 512),
GETDNS_RETURN_INVALID_PARAMETER, "Return code from getdns_context_set_edns_maximum_udp_payload_size()");
ASSERT_RC(getdns_context_unset_edns_maximum_udp_payload_size(context),
GETDNS_RETURN_INVALID_PARAMETER, "Return code from getdns_context_unset_edns_maximum_udp_payload_size()");
}
END_TEST
@ -55,6 +60,7 @@
{
/*
* value is an undefined transport value
* do_bit is not correct
* expect: GETDNS_RETURN_CONTEXT_UPDATE_FAIL
*/
@ -66,6 +72,9 @@
ASSERT_RC(getdns_context_set_dns_transport(context, 233),
GETDNS_RETURN_CONTEXT_UPDATE_FAIL, "Return code from getdns_context_set_dns_transport()");
ASSERT_RC(getdns_context_set_edns_do_bit(context, 5),
GETDNS_RETURN_CONTEXT_UPDATE_FAIL, "Return code from getdns_context_set_edns_do_bit()");
CONTEXT_DESTROY;
}
@ -132,6 +141,9 @@
uint32_t tc;
uint32_t transport;
uint32_t type;
uint16_t payload_size;
uint8_t do_bit;
getdns_transport_t trans;
/* Note that stricly this test just establishes that the requested transport
and the reported transport are consistent, it does not guarentee which
@ -147,10 +159,22 @@
/* Request a response that should be truncated over UDP */
ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_UDP_ONLY),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()");
ASSERT_RC(getdns_context_get_dns_transport(context, &trans),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_transport()");
ck_assert_msg(trans == 541, "dns_transport should be 541(GETDNS_TRANSPORT_UDP_ONLY) but got %d", (int)trans);
ASSERT_RC(getdns_context_set_edns_maximum_udp_payload_size(context, 512),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_maximum_udp_payload_size()");
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_maximum_udp_payload_size()");
ASSERT_RC(getdns_context_get_edns_maximum_udp_payload_size(context, &payload_size),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_edns_maximum_udp_payload_size()");
ck_assert_msg(payload_size == 512, "payload_size should be 512, got %d", (int)payload_size);
ASSERT_RC(getdns_context_set_edns_do_bit(context, 1),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_do_bit()");
ASSERT_RC(getdns_context_get_edns_do_bit(context, &do_bit),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_edns_do_bit()");
ck_assert_msg(do_bit == 1, "do_bit should be 1, got %d", (int)do_bit);
ASSERT_RC(getdns_general_sync(context, "large.getdnsapi.net", GETDNS_RRTYPE_TXT, extensions, &response),
GETDNS_RETURN_GOOD, "Return code from getdns_general_sync()");
@ -192,6 +216,9 @@
GETDNS_RETURN_GOOD, "Failed to extract \"tc\"");
ASSERT_RC(tc, 0, "Packet trucated - not as expected");
ASSERT_RC(getdns_context_unset_edns_maximum_udp_payload_size(context),
GETDNS_RETURN_GOOD, "Return code from getdns_context_unset_edns_maximum_udp_payload_size()");
CONTEXT_DESTROY;
}
@ -261,7 +288,9 @@
* suspect them to be a bit more reliable.
*/
struct getdns_list *root_servers = getdns_list_create();
struct getdns_list *root_servers2 = getdns_list_create();
struct getdns_bindata nlnetlabs_root = { 4, (void *)"\xB9\x31\x8D\x25" };
struct getdns_bindata *answer = NULL;
uint32_t status;
uint32_t type;
@ -277,10 +306,17 @@
/* Re-do over TCP */
ASSERT_RC(getdns_dict_set_int(extensions,"return_call_reporting", GETDNS_EXTENSION_TRUE),
GETDNS_RETURN_GOOD, "Return code from getdns_dict_set_int()");
ASSERT_RC(getdns_list_set_bindata(root_servers,0,&nlnetlabs_root),
ASSERT_RC(getdns_list_set_bindata(root_servers, 0, &nlnetlabs_root),
GETDNS_RETURN_GOOD, "Return code from getdns_list_set_bindata()");
ASSERT_RC(getdns_context_set_dns_root_servers(context, root_servers),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_root_servers()");
ASSERT_RC(getdns_context_get_dns_root_servers(context, &root_servers2),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_root_servers()");
ASSERT_RC(getdns_list_get_bindata(root_servers2, 0, &answer),
GETDNS_RETURN_GOOD, "Return code from getdns_list_get_bindata()");
ck_assert_msg(strncmp((char *)answer->data, (char *)nlnetlabs_root.data, 4) == 0,
"Expected answer data to be 185.49.141.37");
ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_TCP_ONLY),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()");
ASSERT_RC(getdns_context_set_edns_maximum_udp_payload_size(context, 512),
@ -348,6 +384,60 @@
}
END_TEST
START_TEST (getdns_context_set_dns_transport_recursing_9)
{
/*
* Check TLS
*/
struct getdns_context *context = NULL;
getdns_resolution_t resolution_type;
getdns_transport_list_t transport_list[1];
getdns_transport_list_t *transport_list2;
size_t count;
getdns_tls_authentication_t auth;
uint16_t backoff;
uint16_t retries;
transport_list[0] = GETDNS_TRANSPORT_TLS;
CONTEXT_CREATE(TRUE);
ASSERT_RC(getdns_context_set_resolution_type(context, GETDNS_RESOLUTION_STUB),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_resolution_type()");
ASSERT_RC(getdns_context_get_resolution_type(context, &resolution_type),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_resolution_type()");
ck_assert_msg(resolution_type == GETDNS_RESOLUTION_STUB, "resolution_type should be stub (520), got %d", (int)resolution_type);
ASSERT_RC(getdns_context_set_dns_transport_list(context, 1, transport_list),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport_list()");
ASSERT_RC(getdns_context_get_dns_transport_list(context, &count, &transport_list2),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_transport_list()");
ck_assert_msg(transport_list2[0] == GETDNS_TRANSPORT_TLS, "transport_list should be 1202 but got %d", (int) transport_list2[0]);
ASSERT_RC(getdns_context_set_tls_authentication(context, GETDNS_AUTHENTICATION_REQUIRED),
GETDNS_RETURN_GOOD, "Return cond from getdns_context_set_tls_authentication()");
ASSERT_RC(getdns_context_get_tls_authentication(context, &auth),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_authentication()");
ck_assert_msg(auth == 1301, "tls_authentication should be 1301, but got %d", (int) auth);
ASSERT_RC(getdns_context_set_tls_backoff_time(context, 1000),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_tls_backoff_time()");
ASSERT_RC(getdns_context_get_tls_backoff_time(context, &backoff),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_backoff_time()");
ck_assert_msg(backoff == 1000, "backoff should be 1000, but got %d", (int) backoff);
ASSERT_RC(getdns_context_set_tls_connection_retries(context, 5),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_tls_connection_retries()");
ASSERT_RC(getdns_context_get_tls_connection_retries(context, &retries),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_connection_retries()");
ck_assert_msg(retries == 5, "retries should be 5 but got %d", (int) retries);
/*TODO: should extend the test */
CONTEXT_DESTROY;
}
END_TEST
@ -372,7 +462,8 @@
tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_6);
tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_7);
tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_8);
/* TODO: TLS... */
/* TLS */
tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_9);
suite_add_tcase(s, tc_pos);

34
src/test/check_getdns_context_set_timeout.c
View File

@ -94,15 +94,21 @@ END_TEST
START_TEST (getdns_context_set_idle_timeout_2)
{
/*
* timeout is 0
* timeout is 0 and then 100
* expect: GETDNS_RETURN_GOOD
*/
struct getdns_context *context = NULL;
uint64_t time;
CONTEXT_CREATE(TRUE);
ASSERT_RC(getdns_context_set_idle_timeout(context, 0),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_timeout()");
ASSERT_RC(getdns_context_set_idle_timeout(context, 100),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_timeout()");
ASSERT_RC(getdns_context_get_idle_timeout(context, &time),
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_timeout()");
ck_assert_msg(time == 100, "idle_timeout should be 100, got %d", (int)time);
CONTEXT_DESTROY;
@ -114,6 +120,23 @@ END_TEST
#define GETDNS_STR_ADDRESS_TYPE "address_type"
#define GETDNS_STR_ADDRESS_DATA "address_data"
#define GETDNS_STR_PORT "port"
#define TEST_PORT 43210
static uint16_t get_test_port(void)
{
char *test_port_str;
uint16_t test_port;
struct timeval tv;
if (!(test_port_str = getenv("GETDNS_TEST_PORT")) ||
!(test_port = (uint16_t)atoi(test_port_str)))
test_port = TEST_PORT;
(void)gettimeofday(&tv, NULL);
srandom((int)getpid() + (int)tv.tv_usec);
test_port += random() % 1000;
return test_port;
}
/* utilities to start a junk udp listener */
typedef struct timeout_thread_data {
@ -281,7 +304,8 @@ START_TEST (getdns_context_set_timeout_3)
t_data.running = 0;
t_data.num_callbacks = 0;
t_data.num_timeouts = 0;
t_data.port = 43210;
uint64_t timeout;
t_data.port = get_test_port();
pthread_create(&thread, NULL, run_server, (void *)&t_data);
@ -301,7 +325,7 @@ START_TEST (getdns_context_set_timeout_3)
bindata.data = (uint8_t*) &local_addr;
ASSERT_RC(getdns_dict_set_bindata(server_dict, GETDNS_STR_ADDRESS_DATA, &bindata),
GETDNS_RETURN_GOOD, "set addr bindata");
ASSERT_RC(getdns_dict_set_int(server_dict, GETDNS_STR_PORT, 43210),
ASSERT_RC(getdns_dict_set_int(server_dict, GETDNS_STR_PORT, t_data.port),
GETDNS_RETURN_GOOD, "set addr port");
upstream_list = getdns_list_create_with_context(context);
@ -324,6 +348,10 @@ START_TEST (getdns_context_set_timeout_3)
RUN_EVENT_LOOP;
ASSERT_RC(getdns_context_get_timeout(context, &timeout),
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_timeout()");
ck_assert_msg(timeout == 500, "timeout should be 500, got %d", (int)timeout);
CONTEXT_DESTROY;
t_data.running = 0;

67
src/test/check_getdns_pretty_print_dict.h
View File

@ -88,6 +88,68 @@ static const char pretty_expected[] = "{\n"
" ]\n"
"}";
static const char pretty_expected2[] = "{\n"
" \"bindata\":\"bindata\",\n"
" \"dict\":\n"
" {\n"
" \"bindata\":\"bindata\",\n"
" \"dict\":\n"
" {\n"
" \"bindata\":\"bindata\",\n"
" \"dict\":\n"
" {\n"
" \"int\": 4\n"
" },\n"
" \"int\": 3,\n"
" \"list\":\n"
" [\n"
" 5\n"
" ]\n"
" },\n"
" \"int\": 2,\n"
" \"list\":\n"
" [\n"
" 6,\n"
" \"bindata\",\n"
" {\n"
" \"bindata\":\"bindata\"\n"
" },\n"
" [\n"
" \"bindata\"\n"
" ]\n"
" ]\n"
" },\n"
" \"int\": 1,\n"
" \"list\":\n"
" [\n"
" 7,\n"
" \"bindata\",\n"
" {\n"
" \"bindata\":\"bindata\",\n"
" \"dict\":\n"
" {\n"
" \"int\": 9\n"
" },\n"
" \"int\": 8,\n"
" \"list\":\n"
" [\n"
" 10\n"
" ]\n"
" },\n"
" [\n"
" 11,\n"
" \"bindata\",\n"
" {\n"
" \"bindata\":\"bindata\"\n"
" },\n"
" [\n"
" \"bindata\"\n"
" ]\n"
" ]\n"
" ]\n"
"}";
/*
**************************************************************************
* *
@ -267,6 +329,11 @@ static const char pretty_expected[] = "{\n"
ck_assert_msg(strcmp(pretty_expected, pretty) == 0,
"Expected:\n%s\ngot:\n%s\n", pretty_expected, pretty);
pretty = getdns_print_json_dict(dict1, 1);
ck_assert_msg(pretty != NULL, "NULL returned by getdns_print_json_dict()");
ck_assert_msg(strcmp(pretty_expected2, pretty) == 0,
"Expected:\n%s\ngot:\n%s\n", pretty_expected2, pretty);
/*
* Destroy all of the sub-dicts and sub-lists
*/

30
src/test/check_getdns_transport.c
View File

@ -35,6 +35,8 @@
#include <netinet/in.h>
#include <stdio.h>
#include <sys/param.h>
#include <stdlib.h>
#include <sys/time.h>
#define GETDNS_STR_IPV4 "IPv4"
@ -42,7 +44,23 @@
#define GETDNS_STR_ADDRESS_TYPE "address_type"
#define GETDNS_STR_ADDRESS_DATA "address_data"
#define GETDNS_STR_PORT "port"
#define TEST_PORT 43210
#define TEST_PORT 42100
static uint16_t get_test_port(void)
{
char *test_port_str;
uint16_t test_port;
struct timeval tv;
if (!(test_port_str = getenv("GETDNS_TEST_PORT")) ||
!(test_port = (uint16_t)atoi(test_port_str)))
test_port = TEST_PORT;
(void)gettimeofday(&tv, NULL);
srandom((int)getpid() + (int)tv.tv_usec);
test_port += random() % 1000;
return test_port;
}
/* utilities to start a junk listener */
typedef struct transport_thread_data {
@ -219,7 +237,7 @@ START_TEST(getdns_transport_udp_sync) {
t_data.running = 0;
t_data.udp_count = 0;
t_data.tcp_count = 0;
t_data.port = TEST_PORT;
t_data.port = get_test_port();
pthread_create(&thread, NULL, run_transport_server, (void *) &t_data);
@ -293,7 +311,7 @@ START_TEST(getdns_transport_tcp_sync) {
t_data.running = 0;
t_data.udp_count = 0;
t_data.tcp_count = 0;
t_data.port = TEST_PORT;
t_data.port = get_test_port();
pthread_create(&thread, NULL, run_transport_server, (void *) &t_data);
@ -367,7 +385,7 @@ START_TEST(getdns_transport_udp_async) {
t_data.running = 0;
t_data.udp_count = 0;
t_data.tcp_count = 0;
t_data.port = TEST_PORT;
t_data.port = get_test_port();
pthread_create(&thread, NULL, run_transport_server, (void *) &t_data);
@ -445,7 +463,7 @@ START_TEST(getdns_transport_tcp_async) {
t_data.running = 0;
t_data.udp_count = 0;
t_data.tcp_count = 0;
t_data.port = TEST_PORT;
t_data.port = get_test_port();
pthread_create(&thread, NULL, run_transport_server, (void *) &t_data);
@ -511,7 +529,7 @@ getdns_transport_suite(void) {
/* Note that the exact number of messages received depends on if a trust
* anchor is configured so these tests just check that no messages are
* received on the wrong transport and at least one is recieved on the
* received on the wrong transport and at least one is received on the
* expected transport */
/* Positive test cases */

4
src/test/tpkg/070-coding-practice.tpkg/070-coding-practice.test
View File

@ -5,6 +5,10 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
rm -f report.txt
(
cd ${SRCROOT}
find . -type f -executable -and \( -name "*.[ch]" -or -name "*.html" -or -name "*.in" -or -name "*.good" -or -name "*.ac" \) | sed 's/^/*** ERROR! Executable bit found on /g'
) >> report.txt
(
cd ${SRCROOT}/src
if [ `grep '[^!=]=[ ][ ]*NET_REQ_' *.[ch] */*.[ch] | wc -l` -gt 1 ]

2
src/test/tpkg/100-compile.tpkg/100-compile.test
View File

@ -5,4 +5,4 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
cd "${BUILDDIR}/build"
make XTRA_CFLAGS='-Werror'
make XTRA_CFLAGS='-Werror' -j 4

2
src/test/tpkg/105-install.tpkg/105-install.test
View File

@ -5,4 +5,4 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
cd "${BUILDDIR}/build"
make install
make -j 4 install

2
src/test/tpkg/110-link.tpkg/110-link.test
View File

@ -5,6 +5,6 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
cd "${BUILDDIR}/build"
make getdns_query \
make -j 4 getdns_query \
&& echo "export GETDNS_QUERY=\"${BUILDDIR}/build/src/tools/getdns_query\"" \
>> ../.tpkg.var.master

2
src/test/tpkg/115-install-linked.tpkg/115-install-linked.test
View File

@ -5,4 +5,4 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
cd "${BUILDDIR}/build"
make install-getdns_query
make -j 4 install-getdns_query

2
src/test/tpkg/200-stub-only-compile.tpkg/200-stub-only-compile.test
View File

@ -5,4 +5,4 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
cd "${BUILDDIR}/build-stub-only"
make XTRA_CFLAGS='-Werror'
make XTRA_CFLAGS='-Werror' -j 4

2
src/test/tpkg/210-stub-only-link.tpkg/210-stub-only-link.test
View File

@ -5,6 +5,6 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
cd "${BUILDDIR}/build-stub-only"
make getdns_query \
make -j 4 getdns_query \
&& echo "export GETDNS_STUB_QUERY=\"${BUILDDIR}/build-stub-only/src/tools/getdns_query\"" \
>> ../.tpkg.var.master

2
src/test/tpkg/230-stub-only-run-unit-tests.tpkg/230-stub-only-run-unit-tests.test
View File

@ -5,4 +5,4 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
cd "${BUILDDIR}/build-stub-only"
make test
make -j 4 test

9
src/test/tpkg/260-conversion-functions.tpkg/260-conversion-functions.c
View File

@ -27,6 +27,14 @@ void print_list(getdns_list *rr_list)
free(str);
}
void print_json_list(getdns_list *rr_list, int pretty)
{
char *str = getdns_print_json_list(rr_list, pretty);
printf("%s\n", str);
free(str);
}
void print_wire(uint8_t *wire, size_t wire_len)
{
size_t pos, i;
@ -254,6 +262,7 @@ int main(int argc, char const * const argv[])
fclose(in);
print_list(rr_list);
print_json_list(rr_list, 1);
/* Fill the wire_buf with wireformat RR's in rr_list

1531
src/test/tpkg/260-conversion-functions.tpkg/260-conversion-functions.good
View File

File diff suppressed because it is too large Load Diff

25
src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.good
View File

@ -918,9 +918,23 @@
"rdata":
{
"certificate_association_data": <bindata of 0x274c6f96c9885c8050e8a05ad1c3162c...>,
"certificate_usage": 3,
"certificate_usage": 0,
"matching_type": 1,
"rdata_raw": <bindata of 0x030101274c6f96c9885c8050e8a05ad1...>,
"rdata_raw": <bindata of 0x000001274c6f96c9885c8050e8a05ad1...>,
"selector": 0
},
"ttl": 30,
"type": GETDNS_RRTYPE_TLSA
},
{
"class": GETDNS_RRCLASS_IN,
"name": <bindata for _443._tcp.ww.net-dns.org.>,
"rdata":
{
"certificate_association_data": <bindata of 0x92003ba34942dc74152e2f2c408d29ec...>,
"certificate_usage": 1,
"matching_type": 2,
"rdata_raw": <bindata of 0x01010292003ba34942dc74152e2f2c40...>,
"selector": 1
},
"ttl": 30,
@ -1008,7 +1022,7 @@
}
]
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 0, ANSWER: 77, AUTHORITY: 0, ADDITIONAL: 0
;; flags: ; QUERY: 0, ANSWER: 78, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; ANSWER SECTION:
@ -1082,7 +1096,8 @@ spf.net-dns.org. 30 IN SPF "v=spf1 +mx a:colo.nlnetlabs.nl/28 -all"
srv.net-dns.org. 30 IN SRV 0 5 80 www.net-dns.org.
sshfp.net-dns.org. 30 IN SSHFP 1 1 450C7D19D5DA9A3A5B7C19992D1FBDE15D8DAD44
talink.net-dns.org. 30 IN TALINK h0.net-dns.org. h2.net-dns.org.
_443._tcp.net-dns.org. 30 IN TLSA 3 1 1 274C6F96C9885C8050E8A05AD1C3162C1D51752C35B6196474E3F05AD31CD923
_443._tcp.net-dns.org. 30 IN TLSA 0 0 1 274C6F96C9885C8050E8A05AD1C3162C1D51752C35B6196474E3F05AD31CD923
_443._tcp.ww.net-dns.org. 30 IN TLSA 1 1 2 92003BA34942DC74152E2F2C408D29ECA5A520E7F2E06BB944F4DCA346BAF63C1B177615D466F6C4B71C216A50292BD58C9EBDD2F74E38FE51FFD48C43326CBC
_443._tcp.www.net-dns.org. 30 IN TLSA 3 1 1 274C6F96C9885C8050E8A05AD1C3162C1D51752C35B6196474E3F05AD31CD923
dynup.net-dns.org. 30 IN TXT "fooFoo2" "Bla ; Foo"
default._domainkey.net-dns.org. 30 IN TXT "v=DKIM1; r=postmaster; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVG/lfF5GtPlMOcSGnfbp5u+EWM+OOg/f6QmbDXOW/zKQkRIRIZ+BtfSYchP8MeFPfMvUZtdRPzCWg1G7OdD7qaTUqc6kV84on6/8kPVMgdDLyLl2DeU/Lts9hfVHVDSpWuChwDAFXnbnW8jpp54zuof9OIbWSWIxZqLL8flgOsQIDAQAB"
@ -1093,5 +1108,5 @@ x25.net-dns.org. 30 IN X25 "1234567"
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; MSG SIZE rcvd: 6561
;; MSG SIZE rcvd: 6664

3
src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.net-dns.org
View File

@ -94,7 +94,8 @@ sshfp SSHFP 1 1 450c7d19d5da9a3a5b7c19992d1fbde15d8dad44
;ta TA
talink TALINK h0 h2
;tkey TKEY
_443._tcp TLSA 3 1 1 274c6f96c9885c8050e8a05ad1c3162c1d51752c35b6196474e3f05ad31cd923
_443._tcp TLSA 0 0 1 274c6f96c9885c8050e8a05ad1c3162c1d51752c35b6196474e3f05ad31cd923
_443._tcp.ww TLSA 1 1 2 92003ba34942dc74152e2f2c408d29eca5a520e7f2e06bb944f4dca346baf63c1b177615d466f6c4b71c216a50292bd58c9ebdd2f74e38fe51ffd48c43326cbc
_443._tcp.www TLSA 3 1 1 274c6f96c9885c8050e8a05ad1c3162c1d51752c35b6196474e3f05ad31cd923
;tsig TSIG
dynup TXT "fooFoo2" "Bla \; Foo"

2
src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.c
View File

@ -119,8 +119,8 @@ int main()
context, listeners, NULL, handler)))
; /* pass */
fprintf(stdout, "%d\n", (int)port2);
fprintf(stdout, "%d\n", (int)port1);
fprintf(stdout, "%d\n", (int)port2);
fflush(stdout);
getdns_context_run(context);
}

10
src/test/tpkg/275-server-capabilities.tpkg/275-server-capabilities.test
View File

@ -5,7 +5,7 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
make && "${BUILDDIR}/build/libtool" exec valgrind -v --log-file=valgrind.log --leak-check=full --error-exitcode=1 --track-origins=yes "./${TPKG_NAME}" | (
make && "${BUILDDIR}/build-stub-only/libtool" exec valgrind -v --log-file=valgrind.log --leak-check=full --error-exitcode=1 --track-origins=yes "./${TPKG_NAME}" | (
read PORT
read PORT2
@ -13,6 +13,8 @@ make && "${BUILDDIR}/build/libtool" exec valgrind -v --log-file=valgrind.log --l
${GETDNS_STUB_QUERY} -s @127.0.0.1:$PORT TXT test +return_call_reporting 2>&1 > tcp_out
${GETDNS_STUB_QUERY} -s -U @127.0.0.1:$PORT2 TXT test +return_call_reporting 2>&1 > udp_out
${GETDNS_STUB_QUERY} -s -q @127.0.0.1:$PORT TXT quit.
)
if grep -q 'definitely lost: [^0]' valgrind.log
@ -33,6 +35,12 @@ then
echo 'error: Query was not over TCP!'
exit 1
elif ! grep -q '"transport": GETDNS_TRANSPORT_UDP' udp_out
then
cat udp_out
echo 'error: Query was not over UDP!'
exit 1
elif ! grep -q '"Some answer"' tcp_out
then
cat tcp_out

2
src/test/tpkg/280-limit_outstanding_queries.tpkg/280-limit_outstanding_queries.dsc
View File

@ -3,7 +3,7 @@ Version: 1.0
Description: Test if outstanding queries setting is obeyed
CreationDate: Tue Mar 14 10:43:45 CET 2017
Maintainer: Willem Toorop
Category:
Category: Resource depletion
Component:
CmdDepends:
Depends: 210-stub-only-link.tpkg

2
src/test/tpkg/285-out_of_filedescriptors.tpkg/285-out_of_filedescriptors.dsc
View File

@ -3,7 +3,7 @@ Version: 1.0
Description: Test if outstanding queries setting is obeyed
CreationDate: ma 20 mrt 2017 15:17:45 CET
Maintainer: Willem Toorop
Category:
Category: Resource depletion
Component:
CmdDepends:
Depends: 210-stub-only-link.tpkg

16
src/test/tpkg/290-transports.tpkg/290-transports.dsc Normal file
View File

@ -0,0 +1,16 @@
BaseName: 290-transports
Version: 1.0
Description: Run the test_transports
CreationDate: di 9 mei 2017 14:16:58 CEST
Maintainer: Hoda Rohani
Category:
Component:
CmdDepends:
Depends: 110-link.tpkg
Help:
Pre:
Post:
Test: 290-transports.test
AuxFiles:
Passed:
Failure:

200
src/test/tpkg/290-transports.tpkg/290-transports.test Normal file
View File

@ -0,0 +1,200 @@
# #-- 290-transports.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
SERVER_IP="8.8.8.8"
SERVER_IPv6="2001:4860:4860::8888"
SERVER_IP_TSIG="185.49.141.37^"
SERVER_IPv6_TSIG="2a04:b900:0:100::37^"
TSIG_ALG="hmac-md5.sig-alg.reg.int"
TSIG_NAME="hmac-md5.tsigs.getdnsapi.net"
TSIG_SECRET="16G69OTeXW6xSQ=="
TLS_SERVER_IP="185.49.141.38~getdnsapi.net"
TLS_SERVER_IPv6="2a04:b900:0:100::38~getdnsapi.net"
TLS_SERVER_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S="
TLS_SERVER_WRONG_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc1S="
TLS_SERVER_SS_IP="184.105.193.78~tls-dns-u.odvr.dns-oarc.net" #Self signed cert
TLS_SERVER_SS_KEY="pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI="
GOOD_RESULT_SYNC="Status was: At least one response was returned"
GOOD_RESULT_ASYNC="successful"
BAD_RESULT_SYNC="1 'Generic error'"
BAD_RESULT_ASYNC="callback_type of 703"
BAD_RESULT_TRANSPORT="None of the configured upstreams could be used to send queries on the specified transports"
BAD_RESULT_NO_NAME="GETDNS_RESPSTATUS_NO_NAME"
NUM_ARGS=3
GOOD_COUNT=0
FAIL_COUNT=0
check_auth () {
local my_auth_ok=0;
auth_result=`echo $1 | sed 's/.*tls_auth_status\": <bindata of "//' | sed 's/\">.*//'`
if [[ $2 == "-" ]] ; then
my_auth_ok=1;
fi
if [[ $2 == "N" ]] && [[ $auth_result == "None" ]]; then
my_auth_ok=1;
fi
if [[ $2 == "F" ]] && [[ $auth_result == "Failed" ]]; then
my_auth_ok=1;
fi
if [[ $2 == "S" ]] && [[ $auth_result == "Success" ]]; then
my_auth_ok=1;
fi
echo $my_auth_ok;
}
check_trans () {
local my_trans_ok=0;
trans_result=`echo $1 | sed "s/.*\"transport\": GETDNS_TRANSPORT_//" | sed 's/ }.*//' | sed 's/,.*//'`
if [[ $2 == "U" ]] && [[ $trans_result == "UDP" ]]; then
my_trans_ok=1;
fi
if [[ $2 == "T" ]] && [[ $trans_result == "TCP" ]]; then
my_trans_ok=1;
fi
if [[ $2 == "L" ]] && [[ $trans_result == "TLS" ]]; then
my_trans_ok=1;
fi
echo $my_trans_ok;
}
check_good () {
auth_ok=0;
result_ok=0;
trans_ok=0;
result=`echo $1 | sed 's/ All done.'// | sed 's/.*Response code was: GOOD. '//`
async_success=`echo $result | grep -c "$GOOD_RESULT_ASYNC"`
if [[ $result =~ $GOOD_RESULT_SYNC ]] || [[ $async_success =~ 1 ]]; then
result_ok=1;
fi
if [[ $result_ok == 1 ]] ; then
trans_ok=$(check_trans "$1" "$2")
auth_ok=$(check_auth "$1" "$3")
fi
if [[ $result_ok == 1 ]] && [[ $auth_ok == 1 ]] && [[ $trans_ok == 1 ]]; then
(( GOOD_COUNT++ ))
echo -n "PASS: "
else
(( FAIL_COUNT++ ))
echo "FAIL (RESULT): Result: $result Auth: $auth_ok Trans: $trans_ok"
echo -n "FAIL: "
fi
}
check_bad () {
result=`echo $1 | grep "An error occurred:" | tail -1 | sed 's/ All done.'//`
error=` echo $result | sed 's/An error occurred: //'`
if [[ -z $result ]]; then
result=`echo $1 | grep "GETDNS_RESPSTATUS_NO_NAME" `
error=` echo $result | sed 's/"status": //'`
fi
if [[ ! -z $result ]]; then
if [[ $error =~ $BAD_RESULT_SYNC ]] || [[ $error =~ $BAD_RESULT_ASYNC ]] || [[ $error =~ $BAD_RESULT_TRANSPORT ]] || [[ $error =~ $BAD_RESULT_NO_NAME ]]; then
(( GOOD_COUNT++ ))
echo -n "PASS:"
else
(( FAIL_COUNT++ ))
echo "FAIL (RESULT): " $error
echo -n "FAIL: "
fi
else
(( FAIL_COUNT++ ))
echo "FAIL (RESULT): " $1
echo -n "FAIL: "
fi
}
# disable IPv6, travis cannot handle it?
for (( ii = 0; ii < 1; ii++)); do
if [[ ii -eq 1 ]]; then
SERVER_IP=$SERVER_IPv6
TLS_SERVER_IP=$TLS_SERVER_IPv6
SERVER_IP_TSIG=$SERVER_IPv6_TSIG
echo "Using IPv6"
fi
TLS_SERVER_IP_NO_NAME=`echo ${TLS_SERVER_IP%~*}`
TLS_SERVER_SS_IP_NO_NAME=`echo ${TLS_SERVER_SS_IP%~*}`
TLS_SERVER_IP_WRONG_NAME=`echo ${TLS_SERVER_IP::${#TLS_SERVER_IP}-1}`
SERVER_IP_TSIG_WRONG_NAME=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME::${#TSIG_NAME}-1}":"${TSIG_SECRET}`
SERVER_IP_TSIG_WRONG_SECRET=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME}":"${TSIG_SECRET::${#TSIG_SECRET}-1}`
NUM_GOOD_QUERIES=9
GOOD_QUERIES=(
"-s -A getdnsapi.net -l U @${SERVER_IP} +edns_cookies" "U" "-"
"-s -A getdnsapi.net -l T @${SERVER_IP}" "T" "-"
"-s -A getdnsapi.net -l U @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
"-s -A getdnsapi.net -l U @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
"-s -A getdnsapi.net -l L @${TLS_SERVER_IP_NO_NAME}" "L" "N"
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP}" "L" "S"
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
"-s -G DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D" "U" "-")
#"-s -A getdnsapi.net -l L -m @${TLS_SERVER_SS_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" "L" "S"
NUM_GOOD_FB_QUERIES=6
GOOD_FALLBACK_QUERIES=(
"-s -A getdnsapi.net -l LU @${SERVER_IP}" "U" "-"
"-s -A getdnsapi.net -l LT @${SERVER_IP}" "T" "-"
"-s -A getdnsapi.net -l LT @${TLS_SERVER_IP_NO_NAME}" "L" "N"
"-s -A getdnsapi.net -l LT -m @${TLS_SERVER_IP_NO_NAME}" "L" "N"
"-s -A getdnsapi.net -l L @${SERVER_IP} @${TLS_SERVER_IP_NO_NAME}" "L" "-"
"-s -G DNSKEY getdnsapi.net -l UT @${SERVER_IP} -b 512 -D" "T" "-")
NOT_AVAILABLE_QUERIES=(
"-s -A getdnsapi.net -l L @${SERVER_IP}"
"-s -A getdnsapi.net -l U @${SERVER_IP_TSIG_WRONG_NAME}"
"-s -A getdnsapi.net -l U @${SERVER_IP_TSIG_WRONG_SECRET}"
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_WRONG_NAME}"
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME}"
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\""
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\"")
#"-s -A getdnsapi.net -l L -m @${TLS_SERVER_SS_IP} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\""
echo "Starting transport test"
echo
for (( i = 0; i < 2; i+=1 )); do
if [[ i -eq 0 ]]; then
echo "**SYNC Mode**"
else
echo
echo "**ASYNC Mode**"
SYNC_MODE=" -a "
fi
echo "*Success cases:"
for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do
check_good "`"${GETDNS_QUERY}" +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}"
(( COUNT++ ))
done
echo "*Success fallback cases:"
for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
check_good "`"${GETDNS_QUERY}" +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
(( COUNT++ ))
done
echo "*Transport not available cases:"
for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do
check_bad "`"${GETDNS_QUERY}" $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}"
(( COUNT++ ))
done
done
echo
done
echo
echo "Finished transport test: did $COUNT queries, $GOOD_COUNT passes, $FAIL_COUNT failures"
echo

2
src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.dsc
View File

@ -6,7 +6,7 @@ Maintainer: Willem Toorop
Category:
Component:
CmdDepends:
Depends: 300-event-loops-configure.tpkg
Depends: 310-dependencies.tpkg
Help:
Pre: 320-event-loops-compile.pre
Post: 320-event-loops-compile.post

2
src/test/tpkg/320-event-loops-compile.tpkg/320-event-loops-compile.test
View File

@ -5,4 +5,4 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
cd "${BUILDDIR}/build-event-loops"
make XTRA_CFLAGS=-Werror
make XTRA_CFLAGS=-Werror -j 4

4
src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test
View File

@ -5,9 +5,9 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
cd "${BUILDDIR}/build-event-loops"
if make test
if make -j 4 test
then
if grep ERROR "${BUILDDIR}/build-event-loops/src/test/*.log"
if test -e "${BUILDDIR}/build-event-loops/src/test/fails"
then
exit 1
fi

16
src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.dsc
View File

@ -1,16 +0,0 @@
BaseName: 340-event-loops-scan-build
Version: 1.0
Description: Compile
CreationDate: do 28 apr 2016 16:50:43 CEST
Maintainer: Willem Toorop
Category:
Component:
CmdDepends: scan-build
Depends: 300-event-loops-configure.tpkg
Help:
Pre: 340-event-loops-scan-build.pre
Post: 340-event-loops-scan-build.post
Test: 340-event-loops-scan-build.test
AuxFiles:
Passed:
Failure:

24
src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.pre
View File

@ -1,24 +0,0 @@
# #-- 340-event-loops-scan-build.pre--#
# source the master var file when it's there
if [ -f ../.tpkg.var.master ]
then
source ../.tpkg.var.master
else
(
cd ..
[ -f "${TPKG_SRCDIR}/setup-env.sh" ] \
&& sh "${TPKG_SRCDIR}/setup-env.sh"
) && source ../.tpkg.var.master
fi
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
echo "" > restore-srcdir-configure-settings
for f in `grep 'CONFIG_[FH][IE][LA][ED][SE]' "${SRCROOT}/configure.ac" | sed -e 's/^.*(\[//g' -e 's/\])//g'`
do
if [ -f "${SRCROOT}/$f" ]
then
mv "${SRCROOT}/${f}" "${SRCROOT}/${f}.build-event-loops" && \
echo "$f" >> restore-srcdir-configure-settings
fi
done

16
src/test/tpkg/400-static-analysis.tpkg/400-static-analysis.dsc Normal file
View File

@ -0,0 +1,16 @@
BaseName: 400-static-analysis
Version: 1.0
Description: Compile
CreationDate: wo 10 mei 2017 14:56:19 CEST
Maintainer: Willem Toorop
Category:
Component:
CmdDepends: scan-build
Depends:
Help:
Pre: 400-static-analysis.pre
Post: 400-static-analysis.post
Test: 400-static-analysis.test
AuxFiles:
Passed:
Failure:

4
src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.post → src/test/tpkg/400-static-analysis.tpkg/400-static-analysis.post
View File

@ -1,4 +1,4 @@
# #-- 340-event-loops-scan-build.post --#
# #-- 400-static-analysis.post --#
# source the master var file when it's there
if [ -f ../.tpkg.var.master ]
then
@ -15,6 +15,6 @@ fi
for f in `cat restore-srcdir-configure-settings`
do
mv "${SRCROOT}/${f}.build-event-loops" "${SRCROOT}/${f}"
mv "${SRCROOT}/${f}.build-static-analysis" "${SRCROOT}/${f}"
done

35
src/test/tpkg/400-static-analysis.tpkg/400-static-analysis.pre Normal file
View File

@ -0,0 +1,35 @@
# #-- 400-static-analysis.pre--#
# source the master var file when it's there
if [ -f ../.tpkg.var.master ]
then
source ../.tpkg.var.master
else
(
cd ..
[ -f "${TPKG_SRCDIR}/setup-env.sh" ] \
&& sh "${TPKG_SRCDIR}/setup-env.sh"
) && source ../.tpkg.var.master
fi
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
echo "" > restore-srcdir-configure-settings
for f in `grep 'CONFIG_[FH][IE][LA][ED][SE]' "${SRCROOT}/configure.ac" | sed -e 's/^.*(\[//g' -e 's/\])//g'`
do
if [ -f "${SRCROOT}/$f" ]
then
mv "${SRCROOT}/${f}" "${SRCROOT}/${f}.build-static-analysis" && \
echo "$f" >> restore-srcdir-configure-settings
fi
done
rm -fr "${BUILDDIR}/build-static-analysis"
mkdir "${BUILDDIR}/build-static-analysis"
cd "${BUILDDIR}/build-static-analysis"
"${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev --with-libuv \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libevent \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libev \
|| "${SRCROOT}/configure" $* --enable-all-drafts --with-getdns_query --with-libuv

7
src/test/tpkg/340-event-loops-scan-build.tpkg/340-event-loops-scan-build.test → src/test/tpkg/400-static-analysis.tpkg/400-static-analysis.test
View File

@ -1,9 +1,8 @@
# #-- 340-event-loops-scan-build.test --#
# #-- 400-static-analysis.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
cd "${BUILDDIR}/build-event-loops"
make clean
scan-build -o ../scan-build-reports -v --status-bugs make everything
cd "${BUILDDIR}/build-static-analysis"
scan-build -o ../scan-build-reports -v --status-bugs make -j 4 everything

2
src/test/tpkg/clean.sh
View File

@ -3,5 +3,5 @@
export SRCDIR=`dirname $0`
( cd $SRCDIR
./tpkg clean
rm -fr build build-stub-only build-event-loops install scan-build-reports .tpkg.var.master *.info
rm -fr build build-stub-only build-event-loops build-static-analysis install scan-build-reports .tpkg.var.master *.info
)

2
src/test/tpkg/run-all-lcov.sh
View File

@ -15,7 +15,7 @@ LCOV_MERGE=""
for TEST_PKG in ${SRCDIR}/*.tpkg
do
# when we run our test, we need to compile with profiling
LDFLAGS="-lgcov --coverage" CFLAGS="-fprofile-arcs -ftest-coverage -O0" "${TPKG}" $* exe "${TEST_PKG}"
LDFLAGS="-lgcov --coverage" CFLAGS="-g -fprofile-arcs -ftest-coverage -O0" "${TPKG}" $* exe "${TEST_PKG}"
# after the test is complete, we need to collect the coverage data
INFO_FILE=`echo $TEST_PKG | sed 's/.tpkg$//'`.info
geninfo $SRCDIR/.. -o $INFO_FILE

55
src/test/tpkg/run-parallel.sh Executable file
View File

@ -0,0 +1,55 @@
#!/bin/sh
export SRCDIR=`dirname $0`
. `dirname $0`/setup-env.sh
cat > Makefile << MAKEFILE_HEADER
all: retry results
retry:
for f in result.* ; do if test ! -e .done-\$\${f#result.} ; then rm -f \$\$f ; fi; done
MAKEFILE_HEADER
# Resource depletion tests should be performed one-by-one after all
# other tests have been done.
#
RD_TESTS=""
OTHERS=""
ALL="results:"
for TEST_PKG in `echo ${SRCDIR}/*.tpkg | xargs -n1 echo | sort`
do
P="${TEST_PKG#${SRCDIR}/}"
P="${P%.tpkg}"
R="result.${P}"
ALL="${ALL} ${R}"
if grep -q 'Category:.*Resource depletion' "${TEST_PKG}/${P}.dsc"
then
RD_TESTS="${R} ${RD_TESTS}"
else
OTHERS="${OTHERS} ${R}"
fi
done
echo "${ALL}" >> Makefile
printf '\t"%s" r\n\n' "${TPKG}" >> Makefile
printf 'clean:\n\t"%s" clean\n\trm -fr build build-stub-only build-event-loops build-static-analysis install scan-build-reports .tpkg.var.master *.info\n\n' "${TPKG}" >> Makefile
for P in ${OTHERS}
do
P="${P#result.}"
TEST_PKG="${SRCDIR}/${P}.tpkg"
DEPS="result.${P}:"
for D in `grep "^Depends: " "${TEST_PKG}/${P}.dsc" | sed 's/^Depends: //g'`
do
D="${D%.tpkg}"
DEPS="${DEPS} result.${D}"
done
echo "${DEPS}" >> Makefile
printf '\t"%s" %s exe "%s"\n\n' "${TPKG}" "$*" "${TEST_PKG}" >> Makefile
done
for RD in ${RD_TESTS}
do
RD_TESTS="${RD_TESTS#$RD }"
TEST_PKG="${RD#result.}"
printf '%s: %s %s\n\t"%s" %s exe "%s/%s.tpkg"\n\n' "${RD}" "${OTHERS}" "${RD_TESTS}" "${TPKG}" "$*" "${SRCDIR}" "${TEST_PKG}" >> Makefile
done
make -j 2

2
src/tools/Makefile.in
View File

@ -86,7 +86,7 @@ uninstall-stubby:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
clean:
rm -f *.o *.lo $(PROGRAMS)
rm -f *.o *.lo $(PROGRAMS) stubby
rm -rf .libs
distclean : clean

96
src/tools/stubby-setdns-macos.sh Executable file
View File

@ -0,0 +1,96 @@
#!/bin/bash
#
# Copyright (c) 2017, Verisign, Inc., NLnet Labs
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the names of the copyright holders nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Stubby helper file to set DNS servers on macOS.
# Note - this script doesn't detect or handle network events, simply changes the
# current resolvers
# Must run as root.
usage () {
echo
echo "Update the system DNS resolvers so that Stubby is used for all DNS"
echo "queries on macOS. (Stubby must already be running)"
echo "This must be run as root."
echo
echo "Usage: $0 options"
echo
echo "Supported options:"
echo " -r Reset DNS resolvers to the default ones (e.g. from DHCP)"
echo " -l List the current DNS settings for all interfaces"
echo " -h Show this help."
}
RESET=0
LIST=0
SERVERS="127.0.0.1 ::1"
OS_X=`uname -a | grep -c 'Darwin'`
while getopts ":rlh" opt; do
case $opt in
r ) RESET=1 ;;
l ) LIST=1 ;;
h ) usage
exit 1 ;;
\? ) usage
exit 1 ;;
esac
done
if [[ $OS_X -eq 0 ]]; then
echo "Sorry - This script only works on macOS and you are on a different OS."
exit 1
fi
if [[ $LIST -eq 1 ]]; then
echo "** Current DNS settings **"
networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do
RESULT=`networksetup -getdnsservers "$x"`
RESULT=`echo $RESULT`
printf '%-30s %s\n' "$x:" "$RESULT"
done
exit 1
fi
if [ "$USER" != "root" ]; then
echo "Must be root to update system resolvers. Retry using 'sudo stubby-setdns'"
exit 1
fi
if [[ $RESET -eq 1 ]]; then
SERVERS="empty"
echo "Setting DNS servers to '"$SERVERS"' - the system will use default DNS service."
else
echo "Setting DNS servers to '"$SERVERS"' - the system will use Stubby if it is running."
fi
### Set the DNS settings via networksetup ###
networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do
networksetup -setdnsservers "$x" $SERVERS
done

12
src/tools/stubby.conf
View File

@ -49,18 +49,6 @@
, value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
} ]
},
{ address_data: 184.105.193.78
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=
} ]
},
{ address_data: 2620:ff:c000:0:1::64:25
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI=
} ]
},
{ address_data: 89.233.43.71
, tls_auth_name: "unicast.censurfridns.dk"
},

1
src/types-internal.h
View File

@ -226,7 +226,6 @@ typedef struct getdns_network_req
size_t transport_current;
getdns_tls_authentication_t tls_auth_min;
getdns_eventloop_event event;
uint16_t query_id;
int edns_maximum_udp_payload_size;
uint16_t max_udp_payload_size;

2
src/util/orig-headers/lruhash.h
View File

@ -326,7 +326,7 @@ void lru_demote(struct lruhash* table, struct lruhash_entry* entry);
* @param hash: hash value. User calculates the hash.
* @param entry: identifies the entry.
* @param data: the data.
* @param cb_override: if not null overrides the cb_arg for the deletefunc.
* @param cb_arg: if not null overrides the cb_arg for the deletefunc.
* @return: pointer to the existing entry if the key was already present,
* or to the entry argument if it was not.
*/

51
src/util/val_secalgo.c
View File

@ -228,6 +228,9 @@ dnskey_algo_id_is_supported(int id)
case LDNS_ECDSAP256SHA256:
case LDNS_ECDSAP384SHA384:
#endif
#ifdef USE_ED25519
case LDNS_ED25519:
#endif
#if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA)
return 1;
#endif
@ -555,6 +558,17 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
#endif
break;
#endif /* USE_ECDSA */
#ifdef USE_ED25519
case LDNS_ED25519:
*evp_key = sldns_ed255192pkey_raw(key, keylen);
if(!*evp_key) {
verbose(VERB_QUERY, "verify: "
"sldns_ed255192pkey_raw failed");
return 0;
}
*digest_type = NULL;
break;
#endif /* USE_ED25519 */
default:
verbose(VERB_QUERY, "verify: unknown algorithm %d",
algo);
@ -644,18 +658,29 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
else if(docrypto_free) OPENSSL_free(sigblock);
return sec_status_unchecked;
}
if(EVP_VerifyInit(ctx, digest_type) == 0) {
verbose(VERB_QUERY, "verify: EVP_VerifyInit failed");
#ifndef HAVE_EVP_DIGESTVERIFY
if(EVP_DigestInit(ctx, digest_type) == 0) {
verbose(VERB_QUERY, "verify: EVP_DigestInit failed");
#ifdef HAVE_EVP_MD_CTX_NEW
EVP_MD_CTX_destroy(ctx);
#else
EVP_MD_CTX_cleanup(ctx);
free(ctx);
#endif
EVP_PKEY_free(evp_key);
if(dofree) free(sigblock);
else if(docrypto_free) OPENSSL_free(sigblock);
return sec_status_unchecked;
}
if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf),
if(EVP_DigestUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf),
(unsigned int)sldns_buffer_limit(buf)) == 0) {
verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed");
verbose(VERB_QUERY, "verify: EVP_DigestUpdate failed");
#ifdef HAVE_EVP_MD_CTX_NEW
EVP_MD_CTX_destroy(ctx);
#else
EVP_MD_CTX_cleanup(ctx);
free(ctx);
#endif
EVP_PKEY_free(evp_key);
if(dofree) free(sigblock);
else if(docrypto_free) OPENSSL_free(sigblock);
@ -663,6 +688,24 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
}
res = EVP_VerifyFinal(ctx, sigblock, sigblock_len, evp_key);
#else /* HAVE_EVP_DIGESTVERIFY */
if(EVP_DigestVerifyInit(ctx, NULL, digest_type, NULL, evp_key) == 0) {
verbose(VERB_QUERY, "verify: EVP_DigestVerifyInit failed");
#ifdef HAVE_EVP_MD_CTX_NEW
EVP_MD_CTX_destroy(ctx);
#else
EVP_MD_CTX_cleanup(ctx);
free(ctx);
#endif
EVP_PKEY_free(evp_key);
if(dofree) free(sigblock);
else if(docrypto_free) OPENSSL_free(sigblock);
return sec_status_unchecked;
}
res = EVP_DigestVerify(ctx, sigblock, sigblock_len,
(unsigned char*)sldns_buffer_begin(buf),
sldns_buffer_limit(buf));
#endif
#ifdef HAVE_EVP_MD_CTX_NEW
EVP_MD_CTX_destroy(ctx);
#else