From 31031d7c57a73f612ca2b4c457283e30ec7c87e5 Mon Sep 17 00:00:00 2001 From: Renaud Allard Date: Tue, 24 Mar 2020 14:14:39 +0100 Subject: [PATCH 01/16] Added checks for LibreSSL and OpenBSD --- CMakeLists.txt | 2 +- src/openssl/tls.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 10d10b99..5169c68c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -102,7 +102,7 @@ elseif (APPLE) elseif (UNIX) set(HOSTOS "unix") - if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD") + if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD" AND NOT ${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_POSIX_C_SOURCE=200112L -D_XOPEN_SOURCE=600") endif () if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux") diff --git a/src/openssl/tls.c b/src/openssl/tls.c index af1c3122..8730165a 100644 --- a/src/openssl/tls.c +++ b/src/openssl/tls.c @@ -48,19 +48,21 @@ #include "context.h" #include "const-info.h" -#ifdef USE_DANESSL +#if defined(USE_DANESSL) || defined(LIBRESSL_VERSION_NUMBER) # include "ssl_dane/danessl.h" #endif #include "tls.h" /* Double check configure has worked as expected. */ +#ifndef LIBRESSL_VERSION_NUMBER #if defined(USE_DANESSL) && \ (defined(HAVE_SSL_DANE_ENABLE) || \ defined(HAVE_OPENSSL_INIT_CRYPTO) || \ defined(HAVE_SSL_CTX_DANE_ENABLE)) #error Configure error USE_DANESSL defined with OpenSSL 1.1 functions! #endif +#endif /* Cipher suites recommended in RFC7525. */ static char const * const _getdns_tls_context_default_cipher_list = From 320dd098a8d4d936f439348821e2d7cb707503d5 Mon Sep 17 00:00:00 2001 From: cohall-2020 <62623706+cohall-2020@users.noreply.github.com> Date: Tue, 28 Apr 2020 23:56:40 +0200 Subject: [PATCH 02/16] Update CMakeLists.txt --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 10d10b99..902fbeb3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -530,7 +530,7 @@ set(STRPTIME_TEST_SOURCE "\n res = strptime(\"20070207111842\", \"%Y%m%d%H%M%S\", &tm);\n if (!res) return 1; return 0; }") -if (HAVE_STRPTIME) +if (HAVE_STRPTIME AND NOT CMAKE_CROSSCOMPILING) check_c_source_runs("${STRPTIME_TEST_SOURCE}" STRPTIME_WORKS) endif () From 8a95f3d279e32b0015881cd5dcc9488fcefe3439 Mon Sep 17 00:00:00 2001 From: Jim Hague Date: Fri, 12 Jun 2020 10:49:47 +0100 Subject: [PATCH 03/16] Observe blocking flag in select run_once. Currently run_once always blocks. --- src/extension/select_eventloop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/extension/select_eventloop.c b/src/extension/select_eventloop.c index 7855c21d..3311669b 100644 --- a/src/extension/select_eventloop.c +++ b/src/extension/select_eventloop.c @@ -244,7 +244,7 @@ select_eventloop_run_once(getdns_eventloop *loop, int blocking) } else { #endif if (select(max_fd + 1, &readfds, &writefds, NULL, - (timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) { + ((blocking && timeout == TIMEOUT_FOREVER) ? NULL : &tv)) < 0) { if (_getdns_socketerror_wants_retry()) return; From 1c97459ec35481a66f4cbe627b594a09bc634226 Mon Sep 17 00:00:00 2001 From: Jim Hague Date: Wed, 24 Jun 2020 11:44:02 +0100 Subject: [PATCH 04/16] Install the DLLs when installing on Windows. --- CMakeLists.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index d7c79e78..e9b6eded 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1065,22 +1065,22 @@ if (ENABLE_STATIC) endif () endif () if (ENABLE_SHARED) - install(TARGETS getdns_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}) + install(TARGETS getdns_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) if (USE_LIBEV) - install(TARGETS getdns_ex_ev_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}) + install(TARGETS getdns_ex_ev_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) endif () if (USE_LIBEVENT2) - install(TARGETS getdns_ex_event_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}) + install(TARGETS getdns_ex_event_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) endif () if (USE_LIBUV) - install(TARGETS getdns_ex_uv_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}) + install(TARGETS getdns_ex_uv_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) endif () endif () if (BUILD_GETDNS_QUERY) - install(TARGETS getdns_query RUNTIME DESTINATION bin) + install(TARGETS getdns_query RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) endif () if (BUILD_GETDNS_SERVER_MON) - install(TARGETS getdns_server_mon RUNTIME DESTINATION bin) + install(TARGETS getdns_server_mon RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) endif () install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/getdns DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) From 606a88f9aa5e4368fe1dcef64e41966799f9cb25 Mon Sep 17 00:00:00 2001 From: "Maciej S. Szmigiero" Date: Thu, 9 Jul 2020 01:12:55 +0200 Subject: [PATCH 05/16] Add "tcp_send_timeout" option to set a TCP send data timeout When using Stubby as a system DNS over TLS resolver with a Internet connection that disconnects and reconnects from time to time there is often a long waiting time (~20 minutes) after the connection reconnects before DNS queries start to work again. This is because in this particular case all the upstream TLS TCP connections in Stubby are stuck waiting for upstream server response. Which will never arrive since the host external IP address might have changed and / or NAT router connection tracking entries for these TCP connections might have been removed when the Internet connection reconnected. By default Linux tries to retransmit data on a TCP connection 15 times before finally terminating it. This takes 16 - 20 minutes, which is obviously a very long time to wait for system DNS resolving to work again. This is a real problem on weak mobile connections. Thankfully, there is a "TCP_USER_TIMEOUT" per-socket option that allows explicitly setting how long the network stack will wait in such cases. Let's add a matching "tcp_send_timeout" option to getdns that allows setting this option on outgoing TCP sockets. For backward compatibility the code won't try to set it by default. With this option set to, for example, 15 seconds Stubby recovers pretty much instantly in such cases. Signed-off-by: Maciej S. Szmigiero --- CMakeLists.txt | 2 ++ cmake/include/cmakeconfig.h.in | 2 ++ src/context.c | 43 ++++++++++++++++++++++++++++++++++ src/context.h | 1 + src/getdns/getdns.h.in | 18 ++++++++++++++ src/getdns/getdns_extra.h.in | 28 ++++++++++++++++++++++ src/libgetdns.symbols | 3 +++ src/stub.c | 25 ++++++++++++++++++-- 8 files changed, 120 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 43d4d8e3..ea60bb67 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -559,6 +559,8 @@ else () endif () endif () +check_symbol_exists(TCP_USER_TIMEOUT "sys/socket.h;netinet/tcp.h" HAVE_DECL_TCP_USER_TIMEOUT) + # Main library add_library(getdns_objects OBJECT src/anchor.c diff --git a/cmake/include/cmakeconfig.h.in b/cmake/include/cmakeconfig.h.in index 834a23cf..203c5d77 100644 --- a/cmake/include/cmakeconfig.h.in +++ b/cmake/include/cmakeconfig.h.in @@ -211,6 +211,8 @@ #cmakedefine USE_OSX_TCP_FASTOPEN 1 +#cmakedefine HAVE_DECL_TCP_USER_TIMEOUT 1 + #cmakedefine HAVE_NEW_UV_TIMER_CB 1 #cmakedefine HAVE_TARGET_ENDIANNESS diff --git a/src/context.c b/src/context.c index dcb1aacf..6d5836f4 100644 --- a/src/context.c +++ b/src/context.c @@ -1435,6 +1435,7 @@ getdns_context_create_with_extended_memory_functions( result->timeout = 5000; result->idle_timeout = 0; + result->tcp_send_timeout = -1; result->follow_redirects = GETDNS_REDIRECTS_FOLLOW; result->dns_root_servers = NULL; #if defined(HAVE_LIBUNBOUND) && !defined(HAVE_UB_CTX_SET_STUB) @@ -2367,6 +2368,34 @@ getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout) return GETDNS_RETURN_GOOD; } /* getdns_context_set_timeout */ +/* + * getdns_context_unset_tcp_send_timeout + * + */ +getdns_return_t +getdns_context_unset_tcp_send_timeout(getdns_context *context) +{ + if (!context) + return GETDNS_RETURN_INVALID_PARAMETER; + + context->tcp_send_timeout = -1; + return GETDNS_RETURN_GOOD; +} + +/* + * getdns_context_set_tcp_send_timeout + * + */ +getdns_return_t +getdns_context_set_tcp_send_timeout(struct getdns_context *context, + uint32_t value) +{ + if (!context || value > INT_MAX) + return GETDNS_RETURN_INVALID_PARAMETER; + + context->tcp_send_timeout = value; + return GETDNS_RETURN_GOOD; +} /* * getdns_context_set_follow_redirects @@ -3837,6 +3866,9 @@ _get_context_settings(const getdns_context* context) (context->timeout > 0xFFFFFFFFull) ? 0xFFFFFFFF: (uint32_t) context->timeout) || getdns_dict_set_int(result, "idle_timeout", (context->idle_timeout > 0xFFFFFFFFull) ? 0xFFFFFFFF : (uint32_t) context->idle_timeout) + || ( context->tcp_send_timeout != -1 + && getdns_dict_set_int(result, "tcp_send_timeout", + context->tcp_send_timeout)) || getdns_dict_set_int(result, "limit_outstanding_queries", context->limit_outstanding_queries) || getdns_dict_set_int(result, "dnssec_allowed_skew", @@ -4308,6 +4340,16 @@ CONTEXT_GETTER(timeout , uint64_t) CONTEXT_GETTER(idle_timeout , uint64_t) CONTEXT_GETTER(follow_redirects , getdns_redirects_t) +getdns_return_t +getdns_context_get_tcp_send_timeout( + const getdns_context *context, uint32_t* value) +{ + if (!context || !value) return GETDNS_RETURN_INVALID_PARAMETER; + *value = context->tcp_send_timeout == -1 ? 0 + : context->tcp_send_timeout; + return GETDNS_RETURN_GOOD; +} + getdns_return_t getdns_context_get_dns_root_servers( const getdns_context *context, getdns_list **value) @@ -4647,6 +4689,7 @@ _getdns_context_config_setting(getdns_context *context, CONTEXT_SETTING_INT(dns_transport) CONTEXT_SETTING_ARRAY(dns_transport_list, transport_list) CONTEXT_SETTING_INT(idle_timeout) + CONTEXT_SETTING_INT(tcp_send_timeout) CONTEXT_SETTING_INT(limit_outstanding_queries) CONTEXT_SETTING_INT(timeout) CONTEXT_SETTING_INT(follow_redirects) diff --git a/src/context.h b/src/context.h index 2d9cd879..6e7a8960 100644 --- a/src/context.h +++ b/src/context.h @@ -325,6 +325,7 @@ struct getdns_context { size_t namespace_count; uint64_t timeout; uint64_t idle_timeout; + int tcp_send_timeout; /* -1 is unset */ getdns_redirects_t follow_redirects; getdns_list *dns_root_servers; diff --git a/src/getdns/getdns.h.in b/src/getdns/getdns.h.in index 1cc462b7..4026bc39 100644 --- a/src/getdns/getdns.h.in +++ b/src/getdns/getdns.h.in @@ -1514,6 +1514,24 @@ getdns_context_set_dns_transport_list(getdns_context *context, getdns_return_t getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout); +/** + * Set the number of milliseconds send data may remain unacknowledged by + * the peer in a TCP connection, if supported by the operation system. + * When not set (the default), the system default is left alone. + * + * @see getdns_context_get_tcp_send_timeout + * @see getdns_context_unset_tcp_send_timeout + * @param context The context to configure + * @param value The number of milliseconds the send data may remain + * unacknowledged by the peer in a TCP connection. + * @return GETDNS_RETURN_GOOD when successful. + * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL or the + * value was too high. + */ +getdns_return_t +getdns_context_set_tcp_send_timeout(getdns_context *context, + uint32_t value); + /** * Limit the number of outstanding DNS queries. When more than limit requests * are scheduled, they are kept on an internal queue, to be rescheduled when diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in index d515ef08..c4fcf561 100644 --- a/src/getdns/getdns_extra.h.in +++ b/src/getdns/getdns_extra.h.in @@ -540,6 +540,18 @@ getdns_context_set_tls_query_padding_blocksize(getdns_context *context, uint16_t getdns_return_t getdns_context_unset_edns_maximum_udp_payload_size(getdns_context *context); +/** + * Configure context to use the system default setting for the time + * send data may remain unacknowledged by the peer in a TCP connection. + * @see getdns_context_set_tcp_send_timeout + * @see getdns_context_get_tcp_send_timeout + * @param context The context to configure + * @return GETDNS_RETURN_GOOD on success + * @return GETDNS_RETURN_INVALID_PARAMETER if context is null. + */ +getdns_return_t +getdns_context_unset_tcp_send_timeout(getdns_context *context); + typedef enum getdns_loglevel_type { GETDNS_LOG_EMERG = 0, @@ -992,6 +1004,22 @@ getdns_return_t getdns_context_get_idle_timeout( const getdns_context *context, uint64_t *timeout); +/** + * Get the number of milliseconds send data may remain unacknowledged by + * the peer in a TCP connection setting from context. + * @see getdns_context_set_tcp_send_timeout + * @see getdns_context_unset_tcp_send_timeout + * @param[in] context The context from which to get the setting + * @param[out] value The number of milliseconds the send data may remain + * unacknowledged by the peer in a TCP connection. + * When the value is unset, 0 is returned. + * @return GETDNS_RETURN_GOOD when successful + * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL. + */ +getdns_return_t +getdns_context_get_tcp_send_timeout(const getdns_context *context, + uint32_t *value); + /** * Get the setting that says whether or not DNS queries follow redirects. * @see getdns_context_set_follow_redirects diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols index b8b6cffe..676400ce 100644 --- a/src/libgetdns.symbols +++ b/src/libgetdns.symbols @@ -30,6 +30,7 @@ getdns_context_get_resolution_type getdns_context_get_resolvconf getdns_context_get_round_robin_upstreams getdns_context_get_suffix +getdns_context_get_tcp_send_timeout getdns_context_get_timeout getdns_context_get_tls_authentication getdns_context_get_tls_backoff_time @@ -78,6 +79,7 @@ getdns_context_set_resolvconf getdns_context_set_return_dnssec_status getdns_context_set_round_robin_upstreams getdns_context_set_suffix +getdns_context_set_tcp_send_timeout getdns_context_set_timeout getdns_context_set_tls_authentication getdns_context_set_tls_backoff_time @@ -98,6 +100,7 @@ getdns_context_set_update_callback getdns_context_set_upstream_recursive_servers getdns_context_set_use_threads getdns_context_unset_edns_maximum_udp_payload_size +getdns_context_unset_tcp_send_timeout getdns_convert_alabel_to_ulabel getdns_convert_dns_name_to_fqdn getdns_convert_fqdn_to_dns_name diff --git a/src/stub.c b/src/stub.c index d76f30a1..49d2ac9d 100644 --- a/src/stub.c +++ b/src/stub.c @@ -448,8 +448,27 @@ getdns_sock_nonblock(int sockfd) #endif } +/** best effort to set TCP send timeout */ +static void +getdns_sock_tcp_send_timeout(getdns_upstream *upstream, int sockfd, + int send_timeout) +{ +#if defined(HAVE_DECL_TCP_USER_TIMEOUT) + unsigned int val = send_timeout; + if (setsockopt(sockfd, IPPROTO_TCP, TCP_USER_TIMEOUT, + &val, sizeof(val)) != 0) { + _getdns_upstream_log(upstream, + GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING, + "%-40s : Upstream : " + "Could not enable TCP send timeout\n", + upstream->addr_str); + } +#endif +} + static int -tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport) +tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport, + int send_timeout) { #if defined(TCP_FASTOPEN) || defined(TCP_FASTOPEN_CONNECT) # ifdef USE_WINSOCK @@ -468,6 +487,7 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport) return -1; getdns_sock_nonblock(fd); + getdns_sock_tcp_send_timeout(upstream, fd, send_timeout); #ifdef USE_OSX_TCP_FASTOPEN sa_endpoints_t endpoints; endpoints.sae_srcif = 0; @@ -2148,7 +2168,8 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport, /* Use existing if available*/ if (upstream->fd != -1) return upstream->fd; - fd = tcp_connect(upstream, transport); + fd = tcp_connect(upstream, transport, + dnsreq->context->tcp_send_timeout); if (fd == -1) { upstream_failed(upstream, 1); return -1; From 80cdfb3bd09135dd69b35805da566edd7f077682 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Tue, 7 Jul 2020 14:52:40 -0700 Subject: [PATCH 06/16] fix compilation without deprecated OpenSSL APIs Several cmake header checks were missing and added. Added rsa.h include. Remove ENGINE_load_dynamic. ENGINE_load_builtin_engines already does this. Signed-off-by: Rosen Penev --- CMakeLists.txt | 3 +++ cmake/include/cmakeconfig.h.in | 3 +++ src/openssl/keyraw-internal.c | 8 +++++--- src/tls/val_secalgo.c | 4 ++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 43d4d8e3..7679c420 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -334,6 +334,9 @@ check_include_file(openssl/err.h HAVE_OPENSSL_ERR_H) check_include_file(openssl/rand.h HAVE_OPENSSL_RAND_H) check_include_file(openssl/conf.h HAVE_OPENSSL_CONF_H) check_include_file(openssl/engine.h HAVE_OPENSSL_ENGINE_H) +check_include_file(openssl/bn.h HAVE_OPENSSL_BN_H) +check_include_file(openssl/dsa.h HAVE_OPENSSL_DSA_H) +check_include_file(openssl/rsa.h HAVE_OPENSSL_RSA_H) set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES} ${getdns_system_libs}) check_function_exists(DSA_SIG_set0 HAVE_DSA_SIG_SET0) diff --git a/cmake/include/cmakeconfig.h.in b/cmake/include/cmakeconfig.h.in index 834a23cf..5cfb7c06 100644 --- a/cmake/include/cmakeconfig.h.in +++ b/cmake/include/cmakeconfig.h.in @@ -58,6 +58,9 @@ #cmakedefine HAVE_OPENSSL_RAND_H 1 #cmakedefine HAVE_OPENSSL_CONF_H 1 #cmakedefine HAVE_OPENSSL_ENGINE_H 1 +#cmakedefine HAVE_OPENSSL_BN_H 1 +#cmakedefine HAVE_OPENSSL_DSA_H 1 +#cmakedefine HAVE_OPENSSL_RSA_H 1 #cmakedefine HAVE_DSA_SIG_SET0 1 #cmakedefine HAVE_DSA_SET0_PQG 1 diff --git a/src/openssl/keyraw-internal.c b/src/openssl/keyraw-internal.c index 6dab968a..99633e45 100644 --- a/src/openssl/keyraw-internal.c +++ b/src/openssl/keyraw-internal.c @@ -21,10 +21,10 @@ #include #include #ifdef HAVE_OPENSSL_CONF_H -# include +#include #endif #ifdef HAVE_OPENSSL_ENGINE_H -# include +#include #endif #ifdef HAVE_OPENSSL_BN_H #include @@ -35,6 +35,9 @@ #ifdef HAVE_OPENSSL_DSA_H #include #endif +#ifdef HAVE_OPENSSL_RSA_H +#include +#endif #endif /* HAVE_SSL */ #ifdef HAVE_SSL @@ -74,7 +77,6 @@ gldns_key_EVP_load_gost_id(void) if(!e) { /* load it ourself, in case statically linked */ ENGINE_load_builtin_engines(); - ENGINE_load_dynamic(); e = ENGINE_by_id("gost"); } if(!e) { diff --git a/src/tls/val_secalgo.c b/src/tls/val_secalgo.c index e4d8787a..dfc9e9c0 100644 --- a/src/tls/val_secalgo.c +++ b/src/tls/val_secalgo.c @@ -72,6 +72,10 @@ #include #endif +#if defined(HAVE_OPENSSL_DSA_H) && defined(USE_DSA) +#include +#endif + /** fake DSA support for unit tests */ int fake_dsa = 0; /** fake SHA1 support for unit tests */ From 6439b0407a7a3979896b7543e89fc34a21eee7f7 Mon Sep 17 00:00:00 2001 From: Jim Hague Date: Fri, 11 Dec 2020 16:08:02 +0000 Subject: [PATCH 07/16] Add platform functions for reporting file errors. Windows socket error numbers are not reported using errno, but with WSAGetLastError(). _getdns_errnostr() and friends as implemented on Windows don't work for errors resulting from file open/close/read/write etc. So add a parallel set of functions specifically for file errors. --- src/context.c | 18 +++++++++--------- src/platform.c | 5 +++++ src/platform.h | 4 ++++ 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/src/context.c b/src/context.c index dcb1aacf..bc70993a 100644 --- a/src/context.c +++ b/src/context.c @@ -4889,7 +4889,7 @@ FILE *_getdns_context_get_priv_fp( _getdns_log(&context->log , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO , "Error opening \"%s\": %s\n" - , path, _getdns_errnostr()); + , path, _getdns_fileerrnostr()); return f; } @@ -4968,31 +4968,31 @@ int _getdns_context_write_priv_file(getdns_context *context, _getdns_log(&context->log , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO , "Could not create temporary file \"%s\": %s\n" - , tmpfn, _getdns_errnostr()); + , tmpfn, _getdns_fileerrnostr()); else if (!(f = fdopen(fd, "w"))) _getdns_log(&context->log , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR , "Error opening temporary file \"%s\": %s\n" - , tmpfn, _getdns_errnostr()); + , tmpfn, _getdns_fileerrnostr()); else if (fwrite(content->data, 1, content->size, f) < content->size) _getdns_log(&context->log , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR , "Error writing to temporary file \"%s\": %s\n" - , tmpfn, _getdns_errnostr()); + , tmpfn, _getdns_fileerrnostr()); - else if (fclose(f) < 0) + else if (fclose(f)) _getdns_log(&context->log , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR - , "Error closing temporary file \"%s\": %s\n" - , tmpfn, _getdns_errnostr()); + , "Error closing temporary file \"%s\": %s (%p)\n" + , tmpfn, _getdns_fileerrnostr(), f); else if (rename(tmpfn, path) < 0) _getdns_log(&context->log , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR , "Error renaming temporary file \"%s\" to \"%s\"" - ": %s\n", tmpfn, path, _getdns_errnostr()); + ": %s\n", tmpfn, path, _getdns_fileerrnostr()); else { context->can_write_appdata = PROP_ABLE; return 1; @@ -5045,7 +5045,7 @@ int _getdns_context_can_write_appdata(getdns_context *context) _getdns_log(&context->log , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR , "Error unlinking write test file: \"%s\": %s\n" - , path, _getdns_errnostr()); + , path, _getdns_fileerrnostr()); return 1; } diff --git a/src/platform.c b/src/platform.c index 49a7e225..76ebd0ce 100644 --- a/src/platform.c +++ b/src/platform.c @@ -166,6 +166,11 @@ const char *_getdns_strerror(DWORD errnum) } } +const char *_getdns_filestrerror(int errnum) +{ + return strerror(errnum); +} + #else void _getdns_perror(const char *str) diff --git a/src/platform.h b/src/platform.h index c7ac17c2..a4da66cc 100644 --- a/src/platform.h +++ b/src/platform.h @@ -60,6 +60,7 @@ typedef u_short sa_family_t; #define _getdns_socketerror() (WSAGetLastError()) const char *_getdns_strerror(DWORD errnum); +const char *_getdns_filestrerror(int errnum); #else /* USE_WINSOCK */ #ifndef HAVE_SYS_POLL_H @@ -132,10 +133,13 @@ const char *_getdns_strerror(DWORD errnum); #define _getdns_socketerror() (errno) const char *_getdns_strerror(int errnum); +#define _getdns_filestrerror(errnum) (_getdns_strerror(errnum)) #endif void _getdns_perror(const char *str); +#define _getdns_fileerror() (errno) +#define _getdns_fileerrnostr() (_getdns_filestrerror(_getdns_fileerror())) #define _getdns_errnostr() (_getdns_strerror(_getdns_socketerror())) #define _getdns_error_wants_retry(X) ( (X) != 0 \ && ( (X) == _getdns_EINTR \ From 42e4cfc3837b3b39347c0b6ed1e15b3767e90783 Mon Sep 17 00:00:00 2001 From: Jim Hague Date: Sat, 12 Dec 2020 21:16:46 +0000 Subject: [PATCH 08/16] Windowqs mkstemp: open() needs more permissions. Specifically: 1. The open must be for read only or read/write - use read/write. 2. The file permission must permit read and write. --- src/compat/mkstemp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/compat/mkstemp.c b/src/compat/mkstemp.c index 4d5acc8f..49d3e919 100644 --- a/src/compat/mkstemp.c +++ b/src/compat/mkstemp.c @@ -39,5 +39,5 @@ int mkstemp(char *template) { if (_mktemp_s(template, strlen(template) + 1) != 0) return -1; - return open(template, _O_CREAT | _O_EXCL, _S_IWRITE); + return open(template, _O_CREAT | _O_EXCL | _O_RDWR, _S_IWRITE | _S_IREAD); } From fa282a59ec0b44bbf0b54894eb7128f7a589cfc4 Mon Sep 17 00:00:00 2001 From: Andrzej Mialkowski Date: Sat, 15 May 2021 00:19:40 -0700 Subject: [PATCH 09/16] Add missing rr types: SVCB and HTTPS --- src/getdns/getdns.h.in | 2 ++ src/gldns/rrdef.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/getdns/getdns.h.in b/src/getdns/getdns.h.in index 1cc462b7..69b1f247 100644 --- a/src/getdns/getdns.h.in +++ b/src/getdns/getdns.h.in @@ -417,6 +417,8 @@ typedef enum getdns_callback_type_t { #define GETDNS_RRTYPE_OPENPGPKEY 61 #define GETDNS_RRTYPE_CSYNC 62 #define GETDNS_RRTYPE_ZONEMD 63 +#define GETDNS_RRTYPE_SVCB 64 +#define GETDNS_RRTYPE_HTTPS 65 #define GETDNS_RRTYPE_SPF 99 #define GETDNS_RRTYPE_UINFO 100 #define GETDNS_RRTYPE_UID 101 diff --git a/src/gldns/rrdef.h b/src/gldns/rrdef.h index ef3c8d9d..23a9685a 100644 --- a/src/gldns/rrdef.h +++ b/src/gldns/rrdef.h @@ -196,6 +196,8 @@ enum gldns_enum_rr_type GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */ GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ GLDNS_RR_TYPE_ZONEMD = 63, /* draft-wessels-dns-zone-digest */ + GLDNS_RR_TYPE_SVCB = 64, + GLDNS_RR_TYPE_HTTPS = 65, GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ From 7f606ea14f37097a8f2bc28492b18183df5829be Mon Sep 17 00:00:00 2001 From: Andrzej Mialkowski Date: Sat, 15 May 2021 00:58:55 -0700 Subject: [PATCH 10/16] Add missing rr types: SVCB and HTTPS --- src/const-info.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/const-info.c b/src/const-info.c index 0c6cb802..3c1bc073 100644 --- a/src/const-info.c +++ b/src/const-info.c @@ -328,6 +328,7 @@ static struct const_name_info consts_name_info[] = { { "GETDNS_RRTYPE_GPOS", 27 }, { "GETDNS_RRTYPE_HINFO", 13 }, { "GETDNS_RRTYPE_HIP", 55 }, + { "GETDNS_RRTYPE_HTTPS", 65 }, { "GETDNS_RRTYPE_IPSECKEY", 45 }, { "GETDNS_RRTYPE_ISDN", 20 }, { "GETDNS_RRTYPE_IXFR", 251 }, @@ -373,6 +374,7 @@ static struct const_name_info consts_name_info[] = { { "GETDNS_RRTYPE_SPF", 99 }, { "GETDNS_RRTYPE_SRV", 33 }, { "GETDNS_RRTYPE_SSHFP", 44 }, + { "GETDNS_RRTYPE_SVCB", 64 }, { "GETDNS_RRTYPE_TA", 32768 }, { "GETDNS_RRTYPE_TALINK", 58 }, { "GETDNS_RRTYPE_TKEY", 249 }, From 55be327f690fe3f594d75c66c51c08dc98879325 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 26 May 2021 15:42:35 +0200 Subject: [PATCH 11/16] Fix wrong extension names from merge --- CMakeLists.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index f9365b47..84f0e4d1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1067,13 +1067,13 @@ endif () if (ENABLE_SHARED) install(TARGETS getdns_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) if (USE_LIBEV) - install(TARGETS getdns_ex_ev_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + install(TARGETS getdns_ext_ev_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) endif () if (USE_LIBEVENT2) - install(TARGETS getdns_ex_event_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + install(TARGETS getdns_ext_event_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) endif () if (USE_LIBUV) - install(TARGETS getdns_ex_uv_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + install(TARGETS getdns_ext_uv_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) endif () endif () if (BUILD_GETDNS_QUERY) From 1184f2b8ea9ed0d6969d8a05d0f9dda5907a8d3d Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 26 May 2021 15:43:40 +0200 Subject: [PATCH 12/16] Update components from Unbound --- src/tls/val_secalgo.c | 199 ++++++++++++++++++++++++++++ src/util/locks.c | 1 - src/util/lookup3.c | 57 ++++++-- src/util/lruhash.c | 4 +- src/util/orig-headers/locks.h | 3 - src/util/orig-headers/val_secalgo.h | 43 ++++++ src/util/rbtree.c | 2 - 7 files changed, 288 insertions(+), 21 deletions(-) diff --git a/src/tls/val_secalgo.c b/src/tls/val_secalgo.c index e4d8787a..c41b9a06 100644 --- a/src/tls/val_secalgo.c +++ b/src/tls/val_secalgo.c @@ -138,6 +138,69 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) #endif } +/** hash structure for keeping track of running hashes */ +struct secalgo_hash { + /** the openssl message digest context */ + EVP_MD_CTX* ctx; +}; + +/** create secalgo hash with hash type */ +static struct secalgo_hash* secalgo_hash_create_md(const EVP_MD* md) +{ + struct secalgo_hash* h; + if(!md) + return NULL; + h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->ctx = EVP_MD_CTX_create(); + if(!h->ctx) { + free(h); + return NULL; + } + if(!EVP_DigestInit_ex(h->ctx, md, NULL)) { + EVP_MD_CTX_destroy(h->ctx); + free(h); + return NULL; + } + return h; +} + +struct secalgo_hash* secalgo_hash_create_sha384(void) +{ + return secalgo_hash_create_md(EVP_sha384()); +} + +struct secalgo_hash* secalgo_hash_create_sha512(void) +{ + return secalgo_hash_create_md(EVP_sha512()); +} + +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len) +{ + return EVP_DigestUpdate(hash->ctx, (unsigned char*)data, + (unsigned int)len); +} + +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen) +{ + if(EVP_MD_CTX_size(hash->ctx) > (int)maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + *resultlen = EVP_MD_CTX_size(hash->ctx); + return EVP_DigestFinal_ex(hash->ctx, result, NULL); +} + +void secalgo_hash_delete(struct secalgo_hash* hash) +{ + if(!hash) return; + EVP_MD_CTX_destroy(hash->ctx); + free(hash); +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. @@ -820,6 +883,64 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) (void)HASH_HashBuf(HASH_AlgSHA256, res, buf, (unsigned long)len); } +/** the secalgo hash structure */ +struct secalgo_hash { + /** hash context */ + HASHContext* ctx; +}; + +/** create hash struct of type */ +static struct secalgo_hash* secalgo_hash_create_type(HASH_HashType tp) +{ + struct secalgo_hash* h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->ctx = HASH_Create(tp); + if(!h->ctx) { + free(h); + return NULL; + } + return h; +} + +struct secalgo_hash* secalgo_hash_create_sha384(void) +{ + return secalgo_hash_create_type(HASH_AlgSHA384); +} + +struct secalgo_hash* secalgo_hash_create_sha512(void) +{ + return secalgo_hash_create_type(HASH_AlgSHA512); +} + +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len) +{ + HASH_Update(hash->ctx, (unsigned char*)data, (unsigned int)len); + return 1; +} + +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen) +{ + unsigned int reslen = 0; + if(HASH_ResultLenContext(hash->ctx) > (unsigned int)maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + HASH_End(hash->ctx, (unsigned char*)result, &reslen, + (unsigned int)maxlen); + *resultlen = (size_t)reslen; + return 1; +} + +void secalgo_hash_delete(struct secalgo_hash* hash) +{ + if(!hash) return; + HASH_Destroy(hash->ctx); + free(hash); +} + size_t ds_digest_size_supported(int algo) { @@ -987,6 +1108,7 @@ static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo) return pk; } +#if defined(USE_DSA) && defined(USE_SHA1) static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len) { SECKEYPublicKey* pk; @@ -1047,6 +1169,7 @@ static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len) } return pk; } +#endif /* USE_DSA && USE_SHA1 */ static SECKEYPublicKey* nss_buf2rsa(unsigned char* key, size_t len) { @@ -1446,6 +1569,82 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) _digest_nettle(SHA256_DIGEST_SIZE, (uint8_t*)buf, len, res); } +/** secalgo hash structure */ +struct secalgo_hash { + /** if it is 384 or 512 */ + int active; + /** context for sha384 */ + struct sha384_ctx ctx384; + /** context for sha512 */ + struct sha512_ctx ctx512; +}; + +struct secalgo_hash* secalgo_hash_create_sha384(void) +{ + struct secalgo_hash* h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->active = 384; + sha384_init(&h->ctx384); + return h; +} + +struct secalgo_hash* secalgo_hash_create_sha512(void) +{ + struct secalgo_hash* h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->active = 512; + sha512_init(&h->ctx512); + return h; +} + +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len) +{ + if(hash->active == 384) { + sha384_update(&hash->ctx384, len, data); + } else if(hash->active == 512) { + sha512_update(&hash->ctx512, len, data); + } else { + return 0; + } + return 1; +} + +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen) +{ + if(hash->active == 384) { + if(SHA384_DIGEST_SIZE > maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + *resultlen = SHA384_DIGEST_SIZE; + sha384_digest(&hash->ctx384, SHA384_DIGEST_SIZE, + (unsigned char*)result); + } else if(hash->active == 512) { + if(SHA512_DIGEST_SIZE > maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + *resultlen = SHA512_DIGEST_SIZE; + sha512_digest(&hash->ctx512, SHA512_DIGEST_SIZE, + (unsigned char*)result); + } else { + *resultlen = 0; + return 0; + } + return 1; +} + +void secalgo_hash_delete(struct secalgo_hash* hash) +{ + if(!hash) return; + free(hash); +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. diff --git a/src/util/locks.c b/src/util/locks.c index e6e848a2..b65a02bd 100644 --- a/src/util/locks.c +++ b/src/util/locks.c @@ -42,7 +42,6 @@ #include "config.h" #include "util/locks.h" #include -#include #ifdef HAVE_SYS_WAIT_H #include #endif diff --git a/src/util/lookup3.c b/src/util/lookup3.c index 5a826193..bb25eb43 100644 --- a/src/util/lookup3.c +++ b/src/util/lookup3.c @@ -53,18 +53,21 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy. #include "util/storage/lookup3.h" #include /* defines printf for tests */ #include /* defines time_t for timings in the test */ - -#if defined(HAVE_TARGET_ENDIANNESS) -# if defined(TARGET_IS_BIG_ENDIAN) -# define HASH_LITTLE_ENDIAN 0 -# define HASH_BIG_ENDIAN 1 -# else -# define HASH_LITTLE_ENDIAN 1 -# define HASH_BIG_ENDIAN 0 -# endif -#else -# error "Target endianness required." -#endif /* defined(HAVE_TARGET_ENDIANNESS) */ +/*#include defines uint32_t etc (from config.h) */ +#include /* attempt to define endianness */ +#ifdef HAVE_SYS_TYPES_H +# include /* attempt to define endianness (solaris) */ +#endif +#if defined(linux) || defined(__OpenBSD__) +# ifdef HAVE_ENDIAN_H +# include /* attempt to define endianness */ +# else +# include /* on older OpenBSD */ +# endif +#endif +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) +#include /* attempt to define endianness */ +#endif /* random initial value */ static uint32_t raninit = (uint32_t)0xdeadbeef; @@ -75,6 +78,36 @@ hash_set_raninit(uint32_t v) raninit = v; } +/* + * My best guess at if you are big-endian or little-endian. This may + * need adjustment. + */ +#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \ + __BYTE_ORDER == __LITTLE_ENDIAN) || \ + (defined(i386) || defined(__i386__) || defined(__i486__) || \ + defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL) || defined(__x86)) +# define HASH_LITTLE_ENDIAN 1 +# define HASH_BIG_ENDIAN 0 +#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \ + __BYTE_ORDER == __BIG_ENDIAN) || \ + (defined(sparc) || defined(__sparc) || defined(__sparc__) || defined(POWERPC) || defined(mc68000) || defined(sel)) +# define HASH_LITTLE_ENDIAN 0 +# define HASH_BIG_ENDIAN 1 +#elif defined(_MACHINE_ENDIAN_H_) +/* test for machine_endian_h protects failure if some are empty strings */ +# if defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN +# define HASH_LITTLE_ENDIAN 0 +# define HASH_BIG_ENDIAN 1 +# endif +# if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN +# define HASH_LITTLE_ENDIAN 1 +# define HASH_BIG_ENDIAN 0 +# endif /* _MACHINE_ENDIAN_H_ */ +#else +# define HASH_LITTLE_ENDIAN 0 +# define HASH_BIG_ENDIAN 0 +#endif + #define hashsize(n) ((uint32_t)1<<(n)) #define hashmask(n) (hashsize(n)-1) #define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k)))) diff --git a/src/util/lruhash.c b/src/util/lruhash.c index 2c21ad2d..0968663e 100644 --- a/src/util/lruhash.c +++ b/src/util/lruhash.c @@ -40,8 +40,6 @@ * */ -#include - #include "config.h" #include "util/storage/lruhash.h" #include "util/fptr_wlist.h" @@ -401,12 +399,12 @@ lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key) } table->num--; table->space_used -= (*table->sizefunc)(entry->key, entry->data); - lock_quick_unlock(&table->lock); lock_rw_wrlock(&entry->lock); if(table->markdelfunc) (*table->markdelfunc)(entry->key); lock_rw_unlock(&entry->lock); lock_quick_unlock(&bin->lock); + lock_quick_unlock(&table->lock); /* finish removal */ d = entry->data; (*table->delkeyfunc)(entry->key, table->cb_arg); diff --git a/src/util/orig-headers/locks.h b/src/util/orig-headers/locks.h index 7e61bcc0..d86ee492 100644 --- a/src/util/orig-headers/locks.h +++ b/src/util/orig-headers/locks.h @@ -36,8 +36,6 @@ #ifndef UTIL_LOCKS_H #define UTIL_LOCKS_H -#include - /** * \file * Locking primitives. @@ -221,7 +219,6 @@ void* ub_thread_key_get(ub_thread_key_type key); #else /* we do not HAVE_SOLARIS_THREADS and no PTHREADS */ /******************* WINDOWS THREADS ************************/ #ifdef HAVE_WINDOWS_THREADS -#include #include /* Use a mutex */ diff --git a/src/util/orig-headers/val_secalgo.h b/src/util/orig-headers/val_secalgo.h index 52aaeb9f..8b6080dc 100644 --- a/src/util/orig-headers/val_secalgo.h +++ b/src/util/orig-headers/val_secalgo.h @@ -43,6 +43,7 @@ #ifndef VALIDATOR_VAL_SECALGO_H #define VALIDATOR_VAL_SECALGO_H struct sldns_buffer; +struct secalgo_hash; /** Return size of nsec3 hash algorithm, 0 if not supported */ size_t nsec3_hash_algo_size_supported(int id); @@ -67,6 +68,48 @@ int secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, */ void secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res); +/** + * Start a hash of type sha384. Allocates structure, then inits it, + * so that a series of updates can be performed, before the final result. + * @return hash structure. NULL on malloc failure or no support. + */ +struct secalgo_hash* secalgo_hash_create_sha384(void); + +/** + * Start a hash of type sha512. Allocates structure, then inits it, + * so that a series of updates can be performed, before the final result. + * @return hash structure. NULL on malloc failure or no support. + */ +struct secalgo_hash* secalgo_hash_create_sha512(void); + +/** + * Update a hash with more information to add to it. + * @param hash: the hash that is updated. + * @param data: data to add. + * @param len: length of data. + * @return false on failure. + */ +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len); + +/** + * Get the final result of the hash. + * @param hash: the hash that has had updates to it. + * @param result: where to store the result. + * @param maxlen: length of the result buffer, eg. size of the allocation. + * If not large enough the routine fails. + * @param resultlen: the length of the result, returned to the caller. + * How much of maxlen is used. + * @return false on failure. + */ +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen); + +/** + * Delete the hash structure. + * @param hash: the hash to delete. + */ +void secalgo_hash_delete(struct secalgo_hash* hash); + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. diff --git a/src/util/rbtree.c b/src/util/rbtree.c index b1a94b78..ff4e3e46 100644 --- a/src/util/rbtree.c +++ b/src/util/rbtree.c @@ -39,8 +39,6 @@ * Implementation of a redblack tree. */ -#include - #include "config.h" #include "log.h" #include "fptr_wlist.h" From df2997d9b762d705d5f7add338e460686c9bd88f Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 26 May 2021 15:44:24 +0200 Subject: [PATCH 13/16] Eliminate compiler warnings in tests --- src/test/check_getdns_cancel_callback.h | 8 ++++---- src/test/check_getdns_common.c | 10 +++++----- src/test/check_getdns_convert_alabel_to_ulabel.h | 2 +- src/test/check_getdns_convert_ulabel_to_alabel.h | 2 +- src/test/check_getdns_dict_get_bindata.h | 2 +- src/test/check_getdns_dict_get_names.h | 2 +- src/test/check_getdns_dict_set_bindata.h | 6 +++--- src/test/check_getdns_list_get_length.h | 4 ++-- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/test/check_getdns_cancel_callback.h b/src/test/check_getdns_cancel_callback.h index facf31bc..c6cad3c7 100644 --- a/src/test/check_getdns_cancel_callback.h +++ b/src/test/check_getdns_cancel_callback.h @@ -466,23 +466,23 @@ callback_canceled++; ck_assert_msg(transaction_id % 2, "Only callbacks with odd transaction_ids were canceled, this one is even: %d", - transaction_id); + (int)transaction_id); } else if(callback_type == GETDNS_CALLBACK_COMPLETE) { callback_completed++; ck_assert_msg((transaction_id % 2) == 0, "One callbacks with even transaction_ids should complete, this one is odd: %d", - transaction_id); + (int)transaction_id); } else { if(transaction_id % 2) ck_abort_msg("callback_type should == GETDNS_CALLBACK_CANCEL for odd transaction_id (%d), got: %d", - transaction_id, callback_type); + (int)transaction_id, (int)callback_type); else ck_abort_msg("callback_type should == GETDNS_CALLBACK_COMPLETE for even transaction_id (%d), got %d", - transaction_id, callback_type); + (int)transaction_id, (int)callback_type); } } diff --git a/src/test/check_getdns_common.c b/src/test/check_getdns_common.c index 723f7f81..b43f5d8b 100644 --- a/src/test/check_getdns_common.c +++ b/src/test/check_getdns_common.c @@ -196,7 +196,7 @@ void assert_nodata(struct extracted_response *ex_response) ASSERT_RC(getdns_list_get_length(ex_response->answer, &length), GETDNS_RETURN_GOOD, "Failed to extract \"answer\" length"); - ck_assert_msg(length == 0, "Expected \"answer\" length == 0, got %d", length); + ck_assert_msg(length == 0, "Expected \"answer\" length == 0, got %d", (int)length); ASSERT_RC(ex_response->status, GETDNS_RESPSTATUS_NO_NAME, "Unexpected value for \"status\""); } @@ -222,7 +222,7 @@ void assert_address_in_answer(struct extracted_response *ex_response, int a, int ASSERT_RC(getdns_list_get_length(ex_response->answer, &length), GETDNS_RETURN_GOOD, "Failed to extract \"answer\" length"); - ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", ancount, length); + ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", (int)ancount, (int)length); for(i = 0; i < length; i++) { @@ -257,7 +257,7 @@ void assert_address_in_just_address_answers(struct extracted_response *ex_respon GETDNS_RETURN_GOOD, "Failed to extract \"just_address_answers\" length"); if (length == 0) resp_str = getdns_pretty_print_dict(ex_response->response); - ck_assert_msg(length > 0, "Expected \"just_address_answers\" length > 0, got %d\n%s", length, resp_str); + ck_assert_msg(length > 0, "Expected \"just_address_answers\" length > 0, got %d\n%s", (int)length, resp_str); if (length == 0) free(resp_str); } @@ -294,7 +294,7 @@ void assert_soa_in_authority(struct extracted_response *ex_response) ASSERT_RC(getdns_list_get_length(ex_response->authority, &length), GETDNS_RETURN_GOOD, "Failed to extract \"authority\" length"); - ck_assert_msg(length == nscount, "Expected \"authority\" length == nscount: %d, got %d", nscount, length); + ck_assert_msg(length == nscount, "Expected \"authority\" length == nscount: %d, got %d", (int)nscount, (int)length); for(i = 0; i < length; i++) { @@ -328,7 +328,7 @@ void assert_ptr_in_answer(struct extracted_response *ex_response) ASSERT_RC(getdns_list_get_length(ex_response->answer, &length), GETDNS_RETURN_GOOD, "Failed to extract \"answer\" length"); - ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", ancount, length); + ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", (int)ancount, (int)length); for(i = 0; i < length; i++) { diff --git a/src/test/check_getdns_convert_alabel_to_ulabel.h b/src/test/check_getdns_convert_alabel_to_ulabel.h index b58ef41e..37530888 100644 --- a/src/test/check_getdns_convert_alabel_to_ulabel.h +++ b/src/test/check_getdns_convert_alabel_to_ulabel.h @@ -44,7 +44,7 @@ char *alabel = NULL; ck_assert_msg( getdns_convert_alabel_to_ulabel( alabel ) == 0, - "Was not expecting %d from getdns_convert_alabel_to_ulabel()", getdns_convert_alabel_to_ulabel( alabel ) ); + "Was not expecting %p from getdns_convert_alabel_to_ulabel()", getdns_convert_alabel_to_ulabel( alabel ) ); } END_TEST diff --git a/src/test/check_getdns_convert_ulabel_to_alabel.h b/src/test/check_getdns_convert_ulabel_to_alabel.h index 3af671f8..d20c8c84 100644 --- a/src/test/check_getdns_convert_ulabel_to_alabel.h +++ b/src/test/check_getdns_convert_ulabel_to_alabel.h @@ -45,7 +45,7 @@ ck_assert_msg(( getdns_convert_ulabel_to_alabel( ulabel ) == 0 ), - "Was not expecting %d from getdns_convert_ulabel_to_alabel()", getdns_convert_ulabel_to_alabel( ulabel ) ); + "Was not expecting %p from getdns_convert_ulabel_to_alabel()", getdns_convert_ulabel_to_alabel( ulabel ) ); } END_TEST diff --git a/src/test/check_getdns_dict_get_bindata.h b/src/test/check_getdns_dict_get_bindata.h index 60366983..874d124d 100644 --- a/src/test/check_getdns_dict_get_bindata.h +++ b/src/test/check_getdns_dict_get_bindata.h @@ -161,7 +161,7 @@ GETDNS_RETURN_GOOD, "Return code from getdns_dict_get_bindata()"); ck_assert_msg(answer->size == bindata.size, "Expected bindata size == %d, got: %d", - bindata.size, answer->size); + (int)bindata.size, (int)answer->size); ck_assert_msg(strcmp((char *)answer->data, (char *)bindata.data) == 0, "Expected bindata data to be \"%s\", got: \"%s\"", (char *)bindata.data, (char *)answer->data); diff --git a/src/test/check_getdns_dict_get_names.h b/src/test/check_getdns_dict_get_names.h index 0881ad0f..4275d4fb 100644 --- a/src/test/check_getdns_dict_get_names.h +++ b/src/test/check_getdns_dict_get_names.h @@ -98,7 +98,7 @@ ASSERT_RC(getdns_list_get_length(answer, &length), GETDNS_RETURN_GOOD, "Return code from getdns_list_get_length()"); - ck_assert_msg(length == 3, "Expected length == 3, got %d", length); + ck_assert_msg(length == 3, "Expected length == 3, got %d", (int)length); for(i = 0; i < length; i++) { diff --git a/src/test/check_getdns_dict_set_bindata.h b/src/test/check_getdns_dict_set_bindata.h index ac51c3a5..c73030cf 100644 --- a/src/test/check_getdns_dict_set_bindata.h +++ b/src/test/check_getdns_dict_set_bindata.h @@ -112,9 +112,9 @@ ASSERT_RC(getdns_dict_get_bindata(this_dict, "bindata", &retrieved_bindata), GETDNS_RETURN_GOOD, "Return code from getdns_dict_get_bindata()"); - ck_assert_msg(retrieved_bindata->size, second_bindata.size, + ck_assert_msg(retrieved_bindata->size == second_bindata.size, "Expected retrieved bindata size == %d, got: %d", - second_bindata.size, retrieved_bindata->size); + (int)second_bindata.size, (int)retrieved_bindata->size); ck_assert_msg(strcmp((char *)retrieved_bindata->data, (char *)second_bindata.data) == 0, "Expected retrieved bindata to be \"%s\", got: \"%s\"", @@ -152,7 +152,7 @@ ck_assert_msg(retrieved_bindata->size == bindata.size, "Expected retrieved bindata size == %d, got: %d", - bindata.size, retrieved_bindata->size); + (int)bindata.size, (int)retrieved_bindata->size); ck_assert_msg(strcmp((char *)retrieved_bindata->data, (char *)bindata.data) == 0, "Expected bindata data to be \"%s\", got: \"%s\"", diff --git a/src/test/check_getdns_list_get_length.h b/src/test/check_getdns_list_get_length.h index 3ccb8551..e1bceb68 100644 --- a/src/test/check_getdns_list_get_length.h +++ b/src/test/check_getdns_list_get_length.h @@ -89,7 +89,7 @@ ASSERT_RC(getdns_list_get_length(list, &length), GETDNS_RETURN_GOOD, "Return code from getdns_list_get_length()"); - ck_assert_msg(length == 3, "Expected length == 3, got %d", length); + ck_assert_msg(length == 3, "Expected length == 3, got %d", (int)length); LIST_DESTROY(list); } @@ -110,7 +110,7 @@ ASSERT_RC(getdns_list_get_length(list, &length), GETDNS_RETURN_GOOD, "Return code from getdns_list_get_length()"); - ck_assert_msg(length == 0, "Expected length == 3, got %d", length); + ck_assert_msg(length == 0, "Expected length == 3, got %d", (int)length); LIST_DESTROY(list); } From 7b388a157640baae20d41edc64ee312ff864c093 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 26 May 2021 15:44:54 +0200 Subject: [PATCH 14/16] ChangeLog update for issue #480 --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index a92f667c..3e2bcf77 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ detectable (as with TCP_FASTOPEN on MacOS). * Issue #466: Memory leak with retrying queries (for examples with search paths). Thanks doublez13. + * Issue #480: Cross compiling is broken with CMake * 2020-02-28: Version 1.6.0 * Issues #457, #458, #461: New symbols with libnettle >= 3.4. From 624f68896767e1831ae656dbd7d4634e2ab6f342 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 26 May 2021 15:57:52 +0200 Subject: [PATCH 15/16] Honour the claim from documentation: When not set (the default), the system default is left alone. --- src/stub.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/stub.c b/src/stub.c index 49d2ac9d..afe03459 100644 --- a/src/stub.c +++ b/src/stub.c @@ -487,7 +487,8 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport, return -1; getdns_sock_nonblock(fd); - getdns_sock_tcp_send_timeout(upstream, fd, send_timeout); + if (send_timeout != -1) + getdns_sock_tcp_send_timeout(upstream, fd, send_timeout); #ifdef USE_OSX_TCP_FASTOPEN sa_endpoints_t endpoints; endpoints.sae_srcif = 0; From 45ef080bad8f362f144bf15af98bfa80fa96f059 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 26 May 2021 16:03:56 +0200 Subject: [PATCH 16/16] Changelog entry for getdns_context_set_tcp_send_timeout() contribution Thanks a lot @maciejsszmigiero , this looks really valueable! --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3e2bcf77..670681d1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ * Issue #466: Memory leak with retrying queries (for examples with search paths). Thanks doublez13. * Issue #480: Cross compiling is broken with CMake + * Setting of the number of milliseconds send data may remain + unacknowledged by the peer in a TCP connection (when supported + by the OS) with getdns_context_set_tcp_send_timeout() + Thanks maciejsszmigiero. * 2020-02-28: Version 1.6.0 * Issues #457, #458, #461: New symbols with libnettle >= 3.4.