From 74b57d4679abe9d1d7deaad175229f3036c61b25 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 13:33:11 +0200 Subject: [PATCH 01/14] Resync utils with unbound source --- src/util/import.sh | 4 ++ src/util/val_secalgo.c | 96 +++++++++++++++++++++++++----------------- src/util/val_secalgo.h | 12 +++++- 3 files changed, 72 insertions(+), 40 deletions(-) diff --git a/src/util/import.sh b/src/util/import.sh index ee903681..82f03921 100755 --- a/src/util/import.sh +++ b/src/util/import.sh @@ -44,6 +44,10 @@ do -e 's/secalgo_ds_digest/_getdns_secalgo_ds_digest/g' \ -e 's/dnskey_algo_id_is_supported/_getdns_dnskey_algo_id_is_supported/g' \ -e 's/verify_canonrrset/_getdns_verify_canonrrset/g' \ + -e 's/nsec3_hash_algo_size_supported/_getdns_nsec3_hash_algo_size_supported/g' \ + -e 's/secalgo_nsec3_hash/_getdns_secalgo_nsec3_hash/g' \ + -e 's/secalgo_hash_sha256/_getdns_secalgo_hash_sha256/g' \ + -e 's/ecdsa_evp_workaround_init/_getdns_ecdsa_evp_workaround_init/g' \ -e 's/LDNS_/GLDNS_/g' \ -e 's/enum sec_status/int/g' \ -e 's/sec_status_bogus/0/g' \ diff --git a/src/util/val_secalgo.c b/src/util/val_secalgo.c index b04400cc..edbf538b 100644 --- a/src/util/val_secalgo.c +++ b/src/util/val_secalgo.c @@ -72,7 +72,7 @@ /* return size of digest if supported, or 0 otherwise */ size_t -nsec3_hash_algo_size_supported(int id) +_getdns_nsec3_hash_algo_size_supported(int id) { switch(id) { case NSEC3_HASH_SHA1: @@ -84,7 +84,7 @@ nsec3_hash_algo_size_supported(int id) /* perform nsec3 hash. return false on failure */ int -secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, +_getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, unsigned char* res) { switch(algo) { @@ -96,6 +96,12 @@ secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, } } +void +_getdns_secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) +{ + (void)SHA256(buf, len, res); +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. @@ -342,6 +348,23 @@ i * the '44' is the total remaining length. } #endif /* USE_ECDSA */ +#ifdef USE_ECDSA_EVP_WORKAROUND +static EVP_MD ecdsa_evp_256_md; +static EVP_MD ecdsa_evp_384_md; +void _getdns_ecdsa_evp_workaround_init(void) +{ + /* openssl before 1.0.0 fixes RSA with the SHA256 + * hash in EVP. We create one for ecdsa_sha256 */ + ecdsa_evp_256_md = *EVP_sha256(); + ecdsa_evp_256_md.required_pkey_type[0] = EVP_PKEY_EC; + ecdsa_evp_256_md.verify = (void*)ECDSA_verify; + + ecdsa_evp_384_md = *EVP_sha384(); + ecdsa_evp_384_md.required_pkey_type[0] = EVP_PKEY_EC; + ecdsa_evp_384_md.verify = (void*)ECDSA_verify; +} +#endif /* USE_ECDSA_EVP_WORKAROUND */ + /** * Setup key and digest for verification. Adjust sig if necessary. * @@ -470,20 +493,7 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, return 0; } #ifdef USE_ECDSA_EVP_WORKAROUND - /* openssl before 1.0.0 fixes RSA with the SHA256 - * hash in EVP. We create one for ecdsa_sha256 */ - { - static int md_ecdsa_256_done = 0; - static EVP_MD md; - if(!md_ecdsa_256_done) { - EVP_MD m = *EVP_sha256(); - md_ecdsa_256_done = 1; - m.required_pkey_type[0] = (*evp_key)->type; - m.verify = (void*)ECDSA_verify; - md = m; - } - *digest_type = &md; - } + *digest_type = &ecdsa_evp_256_md; #else *digest_type = EVP_sha256(); #endif @@ -497,20 +507,7 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, return 0; } #ifdef USE_ECDSA_EVP_WORKAROUND - /* openssl before 1.0.0 fixes RSA with the SHA384 - * hash in EVP. We create one for ecdsa_sha384 */ - { - static int md_ecdsa_384_done = 0; - static EVP_MD md; - if(!md_ecdsa_384_done) { - EVP_MD m = *EVP_sha384(); - md_ecdsa_384_done = 1; - m.required_pkey_type[0] = (*evp_key)->type; - m.verify = (void*)ECDSA_verify; - md = m; - } - *digest_type = &md; - } + *digest_type = &ecdsa_evp_384_md; #else *digest_type = EVP_sha384(); #endif @@ -544,7 +541,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, { const EVP_MD *digest_type; EVP_MD_CTX* ctx; - int res, dofree = 0; + int res, dofree = 0, docrypto_free = 0; EVP_PKEY *evp_key = NULL; if(!setup_key_digest(algo, &evp_key, &digest_type, key, keylen)) { @@ -563,7 +560,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, EVP_PKEY_free(evp_key); return 0; } - dofree = 1; + docrypto_free = 1; } #endif #if defined(USE_ECDSA) && defined(USE_DSA) @@ -593,6 +590,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, log_err("EVP_MD_CTX_new: malloc failure"); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); + else if(docrypto_free) CRYPTO_free(sigblock); return 0; } if(EVP_VerifyInit(ctx, digest_type) == 0) { @@ -600,6 +598,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); + else if(docrypto_free) CRYPTO_free(sigblock); return 0; } if(EVP_VerifyUpdate(ctx, (unsigned char*)gldns_buffer_begin(buf), @@ -608,15 +607,21 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); + else if(docrypto_free) CRYPTO_free(sigblock); return 0; } res = EVP_VerifyFinal(ctx, sigblock, sigblock_len, evp_key); +#ifdef HAVE_EVP_MD_CTX_NEW EVP_MD_CTX_destroy(ctx); +#else + EVP_MD_CTX_cleanup(ctx); + free(ctx); +#endif EVP_PKEY_free(evp_key); - if(dofree) - free(sigblock); + if(dofree) free(sigblock); + else if(docrypto_free) CRYPTO_free(sigblock); if(res == 1) { return 1; @@ -644,7 +649,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, /* return size of digest if supported, or 0 otherwise */ size_t -nsec3_hash_algo_size_supported(int id) +_getdns_nsec3_hash_algo_size_supported(int id) { switch(id) { case NSEC3_HASH_SHA1: @@ -656,7 +661,7 @@ nsec3_hash_algo_size_supported(int id) /* perform nsec3 hash. return false on failure */ int -secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, +_getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, unsigned char* res) { switch(algo) { @@ -668,6 +673,12 @@ secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, } } +void +_getdns_secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) +{ + (void)HASH_HashBuf(HASH_AlgSHA256, res, buf, (unsigned long)len); +} + size_t _getdns_ds_digest_size_supported(int algo) { @@ -1185,6 +1196,9 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, #include "macros.h" #include "rsa.h" #include "dsa.h" +#ifdef HAVE_NETTLE_DSA_COMPAT_H +#include "dsa-compat.h" +#endif #include "asn1.h" #ifdef USE_ECDSA #include "ecdsa.h" @@ -1236,7 +1250,7 @@ _digest_nettle(int algo, uint8_t* buf, size_t len, /* return size of digest if supported, or 0 otherwise */ size_t -nsec3_hash_algo_size_supported(int id) +_getdns_nsec3_hash_algo_size_supported(int id) { switch(id) { case NSEC3_HASH_SHA1: @@ -1248,7 +1262,7 @@ nsec3_hash_algo_size_supported(int id) /* perform nsec3 hash. return false on failure */ int -secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, +_getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, unsigned char* res) { switch(algo) { @@ -1260,6 +1274,12 @@ secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, } } +void +_getdns_secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) +{ + _digest_nettle(SHA256_DIGEST_SIZE, (uint8_t*)buf, len, res); +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. diff --git a/src/util/val_secalgo.h b/src/util/val_secalgo.h index 917ebc00..704449ec 100644 --- a/src/util/val_secalgo.h +++ b/src/util/val_secalgo.h @@ -45,7 +45,7 @@ struct gldns_buffer; /** Return size of nsec3 hash algorithm, 0 if not supported */ -size_t nsec3_hash_algo_size_supported(int id); +size_t _getdns_nsec3_hash_algo_size_supported(int id); /** * Hash a single hash call of an NSEC3 hash algorithm. @@ -56,9 +56,17 @@ size_t nsec3_hash_algo_size_supported(int id); * @param res: result stored here (must have sufficient space). * @return false on failure. */ -int secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, +int _getdns_secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, unsigned char* res); +/** + * Calculate the sha256 hash for the data buffer into the result. + * @param buf: buffer to digest. + * @param len: length of the buffer to digest. + * @param res: result is stored here (space 256/8 bytes). + */ +void _getdns_secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res); + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. From b4e7a82e11d644e7309d9de1fa9989feaf81635b Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 13:40:49 +0200 Subject: [PATCH 02/14] EDNS0 padding is RFC --- src/gldns/rrdef.h | 3 ++- src/gldns/wire2str.c | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/gldns/rrdef.h b/src/gldns/rrdef.h index 703ee31e..b13580ea 100644 --- a/src/gldns/rrdef.h +++ b/src/gldns/rrdef.h @@ -421,7 +421,8 @@ enum gldns_enum_edns_option GLDNS_EDNS_DHU = 6, /* RFC6975 */ GLDNS_EDNS_N3U = 7, /* RFC6975 */ GLDNS_EDNS_CLIENT_SUBNET = 8, /* draft-vandergaast-edns-client-subnet */ - GLDNS_EDNS_KEEPALIVE = 11 /* draft-ietf-dnsop-edns-tcp-keepalive*/ + GLDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/ + GLDNS_EDNS_PADDING = 12 /* RFC7830 */ }; typedef enum gldns_enum_edns_option gldns_edns_option; diff --git a/src/gldns/wire2str.c b/src/gldns/wire2str.c index b9a979eb..abc055d7 100644 --- a/src/gldns/wire2str.c +++ b/src/gldns/wire2str.c @@ -166,6 +166,7 @@ static gldns_lookup_table gldns_edns_options_data[] = { { 7, "N3U" }, { 8, "edns-client-subnet" }, { 11, "edns-tcp-keepalive"}, + { 12, "Padding" }, { 0, NULL} }; gldns_lookup_table* gldns_edns_options = gldns_edns_options_data; @@ -1886,7 +1887,10 @@ int gldns_wire2str_edns_option_print(char** s, size_t* sl, break; case GLDNS_EDNS_KEEPALIVE: w += gldns_wire2str_edns_keepalive_print(s, sl, optdata, optlen); - break; + break; + case GLDNS_EDNS_PADDING: + w += print_hex_buf(s, sl, optdata, optlen); + break; default: /* unknown option code */ w += print_hex_buf(s, sl, optdata, optlen); From af706716412503707267b3fa8eacf2155fe15126 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 13:46:12 +0200 Subject: [PATCH 03/14] =?UTF-8?q?parentheses=20around=20comparison=20in=20?= =?UTF-8?q?operand=20of=20=E2=80=98&=E2=80=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/context.c b/src/context.c index b0c9a198..edea6aef 100644 --- a/src/context.c +++ b/src/context.c @@ -1297,7 +1297,7 @@ getdns_context_create_with_extended_memory_functions( /* Unbound needs SSL to be init'ed this early when TLS is used. However we * don't know that till later so we will have to do this every time. */ - if (set_from_os & 2 == 0) + if ((set_from_os & 2) == 0) SSL_library_init(); #ifdef HAVE_LIBUNBOUND From 2485c11e32d7b617b9dc8bb7eadf9ac38b62f309 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 14:02:29 +0200 Subject: [PATCH 04/14] Include jsmn in dist tarball --- Makefile.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile.in b/Makefile.in index 331c889e..3f727468 100644 --- a/Makefile.in +++ b/Makefile.in @@ -178,6 +178,7 @@ $(distdir): mkdir -p $(distdir)/src mkdir -p $(distdir)/src/getdns mkdir -p $(distdir)/src/test + mkdir -p $(distdir)/src/test/jsmn mkdir -p $(distdir)/src/extension mkdir -p $(distdir)/src/compat mkdir -p $(distdir)/src/util @@ -224,6 +225,9 @@ $(distdir): cp $(srcdir)/spec/*.tgz $(distdir)/spec || true cp $(srcdir)/spec/example/Makefile.in $(distdir)/spec/example cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example + cp $(srcdir)/src/test/jsmn/*.[ch] $(distdir)/src/test/jsmn + cp $(srcdir)/src/test/jsmn/LICENSE $(distdir)/src/test/jsmn + cp $(srcdir)/src/test/jsmn/README.md $(distdir)/src/test/jsmn rm -f $(distdir)/Makefile $(distdir)/src/Makefile $(distdir)/src/getdns/getdns.h $(distdir)/spec/example/Makefile $(distdir)/src/test/Makefile $(distdir)/doc/Makefile $(distdir)/src/config.h distcheck: $(distdir).tar.gz From 906a8d68c241c15b9d4812e4340a8af53603cc52 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 14:06:00 +0200 Subject: [PATCH 05/14] fix for converting empty lists and dicts --- src/test/getdns_str2dict.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/test/getdns_str2dict.c b/src/test/getdns_str2dict.c index ae5fb1d9..28323d9d 100644 --- a/src/test/getdns_str2dict.c +++ b/src/test/getdns_str2dict.c @@ -410,7 +410,10 @@ static int _jsmn_get_dict(struct mem_funcs *mf, const char *js, jsmntok_t *t, char key_spc[1024], *key = NULL; getdns_item child_item; - for (i = 0; i < t->size; i++) { + if (t->size <= 0) + *r = GETDNS_RETURN_GOOD; + + else for (i = 0; i < t->size; i++) { if (t[j].type != JSMN_STRING && t[j].type != JSMN_PRIMITIVE) { @@ -484,7 +487,10 @@ static int _jsmn_get_list(struct mem_funcs *mf, const char *js, jsmntok_t *t, size_t i, j = 1, index = 0; getdns_item child_item; - for (i = 0; i < t->size; i++) { + if (t->size <= 0) + *r = GETDNS_RETURN_GOOD; + + else for (i = 0; i < t->size; i++) { j += _jsmn_get_item(mf, js, t + j, count - j, &child_item, r); if (*r) break; From bae426a0e224c3ac54ac672431493261bb054e58 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 14:09:08 +0200 Subject: [PATCH 06/14] Unread assignment --- src/test/getdns_query.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/test/getdns_query.c b/src/test/getdns_query.c index 6ff6097c..05645a5f 100644 --- a/src/test/getdns_query.c +++ b/src/test/getdns_query.c @@ -442,12 +442,11 @@ static void parse_config(const char *config_str) * will get destroyed. */ if (!listen_dict && - !(listen_dict = getdns_dict_create())) { + !(listen_dict = getdns_dict_create())) fprintf(stderr, "Could not create " "listen_dict"); - r = GETDNS_RETURN_MEMORY_ERROR; - } else if ((r = getdns_dict_set_list( + else if ((r = getdns_dict_set_list( listen_dict, "listen_list", list))) fprintf(stderr, "Could not set listen_list"); From 689fc02fd2fe37a29301ad9d4ee2b664f0a76f02 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 14:14:15 +0200 Subject: [PATCH 07/14] Allow errors while setting up listeners --- src/test/getdns_context_set_listen_addresses.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/test/getdns_context_set_listen_addresses.c b/src/test/getdns_context_set_listen_addresses.c index 3b05e803..9246b640 100644 --- a/src/test/getdns_context_set_listen_addresses.c +++ b/src/test/getdns_context_set_listen_addresses.c @@ -804,6 +804,8 @@ getdns_return_t getdns_context_set_listen_addresses(getdns_context *context, new_set->count = new_set_count * n_transports; (void) memset(new_set->items, 0, sizeof(listener) * new_set_count * n_transports); + for (i = 0; i < new_set->count; i++) + new_set->items[i].fd = -1; (void) memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_family = AF_UNSPEC; @@ -906,7 +908,7 @@ getdns_return_t getdns_context_set_listen_addresses(getdns_context *context, /* So the event can be rescheduled */ } } - if ((r = add_listeners(new_set))) { + if (r || (r = add_listeners(new_set))) { for (i = 0; i < new_set->count; i++) new_set->items[i].action = to_remove; From 99d8672bee82ad5358be501dd3c66e98f8b200ed Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 14:24:32 +0200 Subject: [PATCH 08/14] Fix few possible NULL dereference issues --- src/dnssec.c | 6 ++++-- src/rr-iter.c | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/dnssec.c b/src/dnssec.c index b46be44b..f567b96b 100644 --- a/src/dnssec.c +++ b/src/dnssec.c @@ -2049,7 +2049,8 @@ static int find_nsec_covering_name( , SECTION_NO_ADDITIONAL) ; i ; i = _getdns_rrset_iter_next(i)) { - if ((n = _getdns_rrset_iter_value(i))->rr_type == GETDNS_RRTYPE_NSEC3 + if ((n = _getdns_rrset_iter_value(i)) + && n->rr_type == GETDNS_RRTYPE_NSEC3 /* Get the bitmap rdata field */ && (nsec_rr = _getdns_rrtype_iter_init(&nsec_spc, n)) @@ -2085,7 +2086,8 @@ static int find_nsec_covering_name( return keytag; } - if ((n = _getdns_rrset_iter_value(i))->rr_type == GETDNS_RRTYPE_NSEC + if ((n = _getdns_rrset_iter_value(i)) + && n->rr_type == GETDNS_RRTYPE_NSEC && nsec_covers_name(n, name, NULL) /* Get the bitmap rdata field */ diff --git a/src/rr-iter.c b/src/rr-iter.c index e6a711de..9b332603 100644 --- a/src/rr-iter.c +++ b/src/rr-iter.c @@ -306,7 +306,7 @@ static int rr_owner_equal(_getdns_rr_iter *rr, const uint8_t *name) return (owner = _getdns_owner_if_or_as_decompressed(rr, owner_spc ,&owner_len)) - && _getdns_dname_equal(owner, name); + && name && _getdns_dname_equal(owner, name); } /* First a few filter functions that filter a RR iterator to point only From 9cb38bc82236721e125802c5a3b2b69b2712ac8c Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 15:18:27 +0200 Subject: [PATCH 09/14] Release today --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4dae9ffb..e154f85e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -* 2016-??-??: Version 1.0.0b2 +* 2016-07-14: Version 1.0.0b2 * Collect coverage information from the unit tests Thanks Shane Kerr * pkg-config for the getdns_ext_event library From 255cc9ab36f791c25ad04166d3268e83934de623 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 15:42:49 +0200 Subject: [PATCH 10/14] First bit of set_from_os loads OS defaults --- src/context.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/context.c b/src/context.c index edea6aef..a93e6f14 100644 --- a/src/context.c +++ b/src/context.c @@ -1277,10 +1277,10 @@ getdns_context_create_with_extended_memory_functions( // resolv.conf does not exist on Windows, handle differently #ifndef USE_WINSOCK - if (set_from_os && (r = set_os_defaults(result))) + if ((set_from_os & 1) && (r = set_os_defaults(result))) goto error; #else - if (set_from_os && (r = set_os_defaults_windows(result))) + if ((set_from_os & 1) && (r = set_os_defaults_windows(result))) goto error; #endif From 0736453bed0654a8f54270086391bd9666a51b46 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 15:53:53 +0200 Subject: [PATCH 11/14] Doxygen fixes --- src/getdns/getdns.h.in | 14 +++++++++----- src/getdns/getdns_extra.h.in | 36 ++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 23 deletions(-) diff --git a/src/getdns/getdns.h.in b/src/getdns/getdns.h.in index fedf9f2f..2a8f7f2a 100644 --- a/src/getdns/getdns.h.in +++ b/src/getdns/getdns.h.in @@ -965,7 +965,8 @@ getdns_service(getdns_context *context, * If used multi-threaded, user must define appropriate OpenSSL callback locking functions * (e.g. CRYPTO_THREADID_set_call) depending on the library version used. * @param context context that can be used immediately with other API calls - * @param set_from_os select to use os defaults or to specify user defined values + * @param set_from_os set to 1 to initialize the context with os defaults + * the second bit set (2) prevents OpenSSL library initialization. * @return GETDNS_RETURN_GOOD on success */ getdns_return_t @@ -977,10 +978,11 @@ getdns_context_create(getdns_context ** context, int set_from_os); * If used multi-threaded, user must define appropriate OpenSSL callback locking functions * (e.g. CRYPTO_THREADID_set_call) depending on the library version used. * @param context context that can be used immediately with other API calls - * @param set_from_os select to use os defaults or to specify user defined values + * @param set_from_os set to 1 to initialize the context with os defaults + * the second bit set (2) prevents OpenSSL library initialization. * @param malloc custom malloc function * @param realloc custom realloc function - * @param malloc custom free function + * @param free custom free function * @return GETDNS_RETURN_GOOD on success */ getdns_return_t @@ -998,10 +1000,12 @@ getdns_context_create_with_memory_functions( * If used multi-threaded, user must define appropriate OpenSSL callback locking functions * (e.g. CRYPTO_THREADID_set_call) depending on the library version used. * @param context context that can be used immediately with other API calls - * @param set_from_os select to use os defaults or to specify user defined values + * @param set_from_os set to 1 to initialize the context with os defaults + * the second bit set (2) prevents OpenSSL library initialization. + * @param userarg parameter passed to the custom malloc, realloc and free functions * @param malloc custom malloc function * @param realloc custom realloc function - * @param malloc custom free function + * @param free custom free function * @return GETDNS_RETURN_GOOD on success */ getdns_return_t diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in index 3f7647d4..752076a9 100644 --- a/src/getdns/getdns_extra.h.in +++ b/src/getdns/getdns_extra.h.in @@ -361,9 +361,9 @@ getdns_context_get_tls_authentication(getdns_context *context, * "chain" context update callbacks and in this way create a subscription * service catering multiple interested parties. * @param context The context to monitor for changes - * @return userarg A user defined argument to be passed to the callback + * @param userarg A user defined argument to be passed to the callback * function. - * @return value The callback function to be called on context value + * @param value The callback function to be called on context value * changes. * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ @@ -484,7 +484,7 @@ getdns_dict* getdns_pubkey_pin_create_from_string( * * @param pinset the set of public key pins to check for sanity. This * should be a list of dicts. - * @return errorlist if not NULL, a list of human-readable strings is + * @param errorlist if not NULL, a list of human-readable strings is * appended to errorlist. * @return GETDNS_RETURN_GOOD if the pinset passes the sanity check. */ @@ -592,8 +592,8 @@ getdns_snprint_json_list( * Convert rr_dict to wireformat representation of the resource record. * * @param rr_dict The getdns dict representation of the resource record - * @return wire A newly allocated buffer which will contain the wireformat. - * @return wire_sz The size of the allocated buffer and the wireformat. + * @param wire A newly allocated buffer which will contain the wireformat. + * @param wire_sz The size of the allocated buffer and the wireformat. * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ getdns_return_t @@ -644,7 +644,7 @@ getdns_rr_dict2wire_scan( * * @param wire Buffer containing the wireformat rr * @param wire_sz Size of the wire buffer - * @return rr_dict The returned rr_dict + * @param rr_dict The returned rr_dict * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ getdns_return_t @@ -657,7 +657,7 @@ getdns_wire2rr_dict( * @param wire Buffer containing the wireformat rr * @param wire_sz On input the size of the wire buffer * On output the length of the wireformat rr. - * @return rr_dict The returned rr_dict + * @param rr_dict The returned rr_dict * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ getdns_return_t @@ -673,7 +673,7 @@ getdns_wire2rr_dict_buf( * @param wire_sz On input the size of the wire buffer * On output the size is decreased with the length * of the wireformat resource record. - * @return rr_dict The returned rr_dict + * @param rr_dict The returned rr_dict * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ getdns_return_t @@ -685,7 +685,7 @@ getdns_wire2rr_dict_scan( * Convert rr_dict to the string representation of the resource record. * * @param rr_dict The getdns dict representation of the resource record - * @return str A newly allocated string representation of the rr + * @param str A newly allocated string representation of the rr * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ getdns_return_t @@ -735,7 +735,7 @@ getdns_rr_dict2str_scan( * Convert the string representation of the resource record to rr_dict format. * * @param str String representation of the resource record. - * @return rr_dict The result getdns dict representation of the resource record + * @param rr_dict The result getdns dict representation of the resource record * @param origin Default suffix for not fully qualified domain names * @param default_ttl Default ttl * @return GETDNS_RETURN_GOOD on success or an error code on failure. @@ -748,8 +748,8 @@ getdns_str2rr_dict( /** * Read the zonefile and convert to a list of rr_dict's. * - * @param FILE An opened FILE pointer on the zone file. - * @return rr_list The result list of rr_dicts representing the zone file. + * @param in An opened FILE pointer on the zone file. + * @param rr_list The result list of rr_dicts representing the zone file. * @param origin Default suffix for not fully qualified domain names * @param default_ttl Default ttl * @return GETDNS_RETURN_GOOD on success or an error code on failure. @@ -763,8 +763,8 @@ getdns_fp2rr_list( * Convert DNS message dict to wireformat representation. * * @param msg_dict The getdns dict representation of a DNS message - * @return wire A newly allocated buffer which will contain the wireformat. - * @return wire_sz The size of the allocated buffer and the wireformat. + * @param wire A newly allocated buffer which will contain the wireformat. + * @param wire_sz The size of the allocated buffer and the wireformat. * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ getdns_return_t @@ -815,7 +815,7 @@ getdns_msg_dict2wire_scan( * * @param wire Buffer containing the wireformat rr * @param wire_sz Size of the wire buffer - * @return msg_dict The returned DNS message + * @param msg_dict The returned DNS message * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ getdns_return_t @@ -828,7 +828,7 @@ getdns_wire2msg_dict( * @param wire Buffer containing the wireformat rr * @param wire_sz On input the size of the wire buffer * On output the length of the wireformat rr. - * @return msg_dict The returned DNS message + * @param msg_dict The returned DNS message * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ getdns_return_t @@ -844,7 +844,7 @@ getdns_wire2msg_dict_buf( * @param wire_sz On input the size of the wire buffer * On output the size is decreased with the length * of the wireformat DNS message. - * @return msg_dict The returned DNS message + * @param msg_dict The returned DNS message * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ getdns_return_t @@ -856,7 +856,7 @@ getdns_wire2msg_dict_scan( * Convert msg_dict to the string representation of the DNS message. * * @param msg_dict The getdns dict representation of the DNS message - * @return str A newly allocated string representation of the rr + * @param str A newly allocated string representation of the rr * @return GETDNS_RETURN_GOOD on success or an error code on failure. */ getdns_return_t From d9a089a6a0b6cb189d5a178eefa0305711a844d7 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 16:00:55 +0200 Subject: [PATCH 12/14] Update .so versioning --- configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index da1dccd3..483c2964 100644 --- a/configure.ac +++ b/configure.ac @@ -76,7 +76,8 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE # getdns-0.3.3 had libversion 3:6:2 # getdns-0.5.0 had libversion 4:0:3 # getdns-0.5.1 had libversion 4:1:3 (but should have been getdns-0.6.0) -# getdns-0.9.0 will have libversion 5:0:4 +# getdns-0.9.0 had libversion 5:0:4 +# getdns-1.0.0 will have libversion 5:1:4 # GETDNS_LIBVERSION=5:0:4 From f685a0c8b85b89f56c3d179439e8763f58708031 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 16:18:50 +0200 Subject: [PATCH 13/14] Unsigned expression >= 0 is always true --- src/test/getdns_query.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/test/getdns_query.c b/src/test/getdns_query.c index 05645a5f..5c98d8f9 100644 --- a/src/test/getdns_query.c +++ b/src/test/getdns_query.c @@ -475,7 +475,7 @@ static void parse_config(const char *config_str) getdns_return_t parse_args(int argc, char **argv) { getdns_return_t r = GETDNS_RETURN_GOOD; - size_t i, j; + size_t i, j, klass; char *arg, *c, *endptr; int t, print_api_info = 0, print_trust_anchors = 0; getdns_list *upstream_list = NULL; @@ -486,7 +486,6 @@ getdns_return_t parse_args(int argc, char **argv) getdns_bindata bindata; size_t upstream_count = 0; FILE *fh; - uint32_t klass; char *config_file = NULL; long config_file_sz; @@ -507,7 +506,7 @@ getdns_return_t parse_args(int argc, char **argv) } else if (strncmp(arg+1, "specify_class=", 14) == 0) { if ((klass = get_rrclass(arg+15)) >= 0) r = getdns_dict_set_int(extensions, - "specify_class", klass); + "specify_class", (uint32_t )klass); else fprintf(stderr, "Unknown class: %s\n", arg+15); From d67507fff82cddbac6fb8b714ded9dad8f95035d Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Thu, 14 Jul 2016 16:24:02 +0200 Subject: [PATCH 14/14] Actually do lib versioning too! --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 483c2964..b2c066a2 100644 --- a/configure.ac +++ b/configure.ac @@ -79,7 +79,7 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE # getdns-0.9.0 had libversion 5:0:4 # getdns-1.0.0 will have libversion 5:1:4 # -GETDNS_LIBVERSION=5:0:4 +GETDNS_LIBVERSION=5:1:4 AC_SUBST(GETDNS_COMPILATION_COMMENT) AC_SUBST(GETDNS_LIBVERSION)