Merge branch 'getdnsapi:develop' into develop4

CMakeLists.txt

@@ -102,7 +102,7 @@ elseif (APPLE)
 elseif (UNIX)
   set(HOSTOS "unix")
 
-  if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD")
+  if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD" AND NOT ${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_POSIX_C_SOURCE=200112L -D_XOPEN_SOURCE=600")
   endif ()
   if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
@@ -334,6 +334,9 @@ check_include_file(openssl/err.h HAVE_OPENSSL_ERR_H)
 check_include_file(openssl/rand.h HAVE_OPENSSL_RAND_H)
 check_include_file(openssl/conf.h HAVE_OPENSSL_CONF_H)
 check_include_file(openssl/engine.h HAVE_OPENSSL_ENGINE_H)
+check_include_file(openssl/bn.h HAVE_OPENSSL_BN_H)
+check_include_file(openssl/dsa.h HAVE_OPENSSL_DSA_H)
+check_include_file(openssl/rsa.h HAVE_OPENSSL_RSA_H)
 
 set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES} ${getdns_system_libs})
 check_function_exists(DSA_SIG_set0 HAVE_DSA_SIG_SET0)
@@ -530,7 +533,7 @@ set(STRPTIME_TEST_SOURCE "\n
   res = strptime(\"20070207111842\", \"%Y%m%d%H%M%S\", &tm);\n
   if (!res) return 1; return 0; }")
 
-if (HAVE_STRPTIME)
+if (HAVE_STRPTIME AND NOT CMAKE_CROSSCOMPILING)
   check_c_source_runs("${STRPTIME_TEST_SOURCE}" STRPTIME_WORKS)
 endif ()
 
@@ -559,6 +562,8 @@ else ()
   endif ()
 endif ()
 
+check_symbol_exists(TCP_USER_TIMEOUT "sys/socket.h;netinet/tcp.h" HAVE_DECL_TCP_USER_TIMEOUT)
+
 # Main library
 add_library(getdns_objects OBJECT
   src/anchor.c
@@ -1065,22 +1070,22 @@ if (ENABLE_STATIC)
   endif ()
 endif ()
 if (ENABLE_SHARED)
-  install(TARGETS getdns_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+  install(TARGETS getdns_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
   if (USE_LIBEV)
-    install(TARGETS getdns_ext_ev_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+    install(TARGETS getdns_ext_ev_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
   endif ()
   if (USE_LIBEVENT2)
-    install(TARGETS getdns_ext_event_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+    install(TARGETS getdns_ext_event_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
   endif ()
   if (USE_LIBUV)
-    install(TARGETS getdns_ext_uv_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+    install(TARGETS getdns_ext_uv_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
   endif ()
 endif ()
 if (BUILD_GETDNS_QUERY)
-  install(TARGETS getdns_query RUNTIME DESTINATION bin)
+  install(TARGETS getdns_query RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
 endif ()
 if (BUILD_GETDNS_SERVER_MON)
-  install(TARGETS getdns_server_mon RUNTIME DESTINATION bin)
+  install(TARGETS getdns_server_mon RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
 endif ()
 
 install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/getdns DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})

ChangeLog

@@ -5,6 +5,11 @@
     detectable (as with TCP_FASTOPEN on MacOS).
   * Issue #466: Memory leak with retrying queries (for examples
     with search paths). Thanks doublez13.
+  * Issue #480: Cross compiling is broken with CMake
+  * Setting of the number of milliseconds send data may remain
+    unacknowledged by the peer in a TCP connection (when supported 
+    by the OS) with getdns_context_set_tcp_send_timeout()
+    Thanks maciejsszmigiero.
 
 * 2020-02-28: Version 1.6.0
   * Issues #457, #458, #461: New symbols with libnettle >= 3.4.

cmake/include/cmakeconfig.h.in

@@ -58,6 +58,9 @@
 #cmakedefine HAVE_OPENSSL_RAND_H        1
 #cmakedefine HAVE_OPENSSL_CONF_H        1
 #cmakedefine HAVE_OPENSSL_ENGINE_H      1
+#cmakedefine HAVE_OPENSSL_BN_H          1
+#cmakedefine HAVE_OPENSSL_DSA_H         1
+#cmakedefine HAVE_OPENSSL_RSA_H         1
 
 #cmakedefine HAVE_DSA_SIG_SET0		1
 #cmakedefine HAVE_DSA_SET0_PQG		1
@@ -211,6 +214,8 @@
 
 #cmakedefine USE_OSX_TCP_FASTOPEN	1
 
+#cmakedefine HAVE_DECL_TCP_USER_TIMEOUT	1
+
 #cmakedefine HAVE_NEW_UV_TIMER_CB	1
 
 #cmakedefine HAVE_TARGET_ENDIANNESS

src/compat/mkstemp.c

@@ -39,5 +39,5 @@ int mkstemp(char *template)
 {
 		if (_mktemp_s(template, strlen(template) + 1) != 0)
 				return -1;
-		return open(template, _O_CREAT | _O_EXCL, _S_IWRITE);
+		return open(template, _O_CREAT | _O_EXCL | _O_RDWR, _S_IWRITE | _S_IREAD);
 }

src/const-info.c

@@ -328,6 +328,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_GPOS", 27 },
 	{ "GETDNS_RRTYPE_HINFO", 13 },
 	{ "GETDNS_RRTYPE_HIP", 55 },
+	{ "GETDNS_RRTYPE_HTTPS", 65 },
 	{ "GETDNS_RRTYPE_IPSECKEY", 45 },
 	{ "GETDNS_RRTYPE_ISDN", 20 },
 	{ "GETDNS_RRTYPE_IXFR", 251 },
@@ -373,6 +374,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_SPF", 99 },
 	{ "GETDNS_RRTYPE_SRV", 33 },
 	{ "GETDNS_RRTYPE_SSHFP", 44 },
+	{ "GETDNS_RRTYPE_SVCB", 64 },
 	{ "GETDNS_RRTYPE_TA", 32768 },
 	{ "GETDNS_RRTYPE_TALINK", 58 },
 	{ "GETDNS_RRTYPE_TKEY", 249 },

src/context.c

@@ -1435,6 +1435,7 @@ getdns_context_create_with_extended_memory_functions(
 
 	result->timeout = 5000;
 	result->idle_timeout = 0;
+	result->tcp_send_timeout = -1;
 	result->follow_redirects = GETDNS_REDIRECTS_FOLLOW;
 	result->dns_root_servers = NULL;
 #if defined(HAVE_LIBUNBOUND) && !defined(HAVE_UB_CTX_SET_STUB)
@@ -2367,6 +2368,34 @@ getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout)
 	return GETDNS_RETURN_GOOD;
 }               /* getdns_context_set_timeout */
 
+/*
+ * getdns_context_unset_tcp_send_timeout
+ *
+ */
+getdns_return_t
+getdns_context_unset_tcp_send_timeout(getdns_context *context)
+{
+	if (!context)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	context->tcp_send_timeout = -1;
+	return GETDNS_RETURN_GOOD;
+}
+
+/*
+ * getdns_context_set_tcp_send_timeout
+ *
+ */
+getdns_return_t
+getdns_context_set_tcp_send_timeout(struct getdns_context *context,
+    uint32_t value)
+{
+	if (!context || value > INT_MAX)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	context->tcp_send_timeout = value;
+	return GETDNS_RETURN_GOOD;
+}
 
 /*
  * getdns_context_set_follow_redirects
@@ -3837,6 +3866,9 @@ _get_context_settings(const getdns_context* context)
 	                           (context->timeout > 0xFFFFFFFFull) ? 0xFFFFFFFF: (uint32_t) context->timeout)
 	    || getdns_dict_set_int(result, "idle_timeout",
 	                           (context->idle_timeout > 0xFFFFFFFFull) ? 0xFFFFFFFF : (uint32_t) context->idle_timeout)
+	    || (  context->tcp_send_timeout != -1
+	       && getdns_dict_set_int(result, "tcp_send_timeout",
+	                              context->tcp_send_timeout))
 	    || getdns_dict_set_int(result, "limit_outstanding_queries",
 	                           context->limit_outstanding_queries)
             || getdns_dict_set_int(result, "dnssec_allowed_skew",
@@ -4308,6 +4340,16 @@ CONTEXT_GETTER(timeout                    , uint64_t)
 CONTEXT_GETTER(idle_timeout               , uint64_t)
 CONTEXT_GETTER(follow_redirects           , getdns_redirects_t)
 
+getdns_return_t
+getdns_context_get_tcp_send_timeout(
+    const getdns_context *context, uint32_t* value)
+{
+	if (!context || !value) return GETDNS_RETURN_INVALID_PARAMETER;
+	*value = context->tcp_send_timeout == -1 ? 0
+	       : context->tcp_send_timeout;
+	return GETDNS_RETURN_GOOD;
+}
+
 getdns_return_t
 getdns_context_get_dns_root_servers(
     const getdns_context *context, getdns_list **value)
@@ -4647,6 +4689,7 @@ _getdns_context_config_setting(getdns_context *context,
 	CONTEXT_SETTING_INT(dns_transport)
 	CONTEXT_SETTING_ARRAY(dns_transport_list, transport_list)
 	CONTEXT_SETTING_INT(idle_timeout)
+	CONTEXT_SETTING_INT(tcp_send_timeout)
 	CONTEXT_SETTING_INT(limit_outstanding_queries)
 	CONTEXT_SETTING_INT(timeout)
 	CONTEXT_SETTING_INT(follow_redirects)
@@ -4889,7 +4932,7 @@ FILE *_getdns_context_get_priv_fp(
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
 		           , "Error opening \"%s\": %s\n"
-			   , path, _getdns_errnostr());
+			   , path, _getdns_fileerrnostr());
 	return f;
 }
 
@@ -4968,31 +5011,31 @@ int _getdns_context_write_priv_file(getdns_context *context,
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
 		           , "Could not create temporary file \"%s\": %s\n"
-			   , tmpfn, _getdns_errnostr());
+			   , tmpfn, _getdns_fileerrnostr());
 
 	else if (!(f = fdopen(fd, "w")))
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
 		           , "Error opening temporary file \"%s\": %s\n"
-			   , tmpfn, _getdns_errnostr());
+			   , tmpfn, _getdns_fileerrnostr());
 
 	else if (fwrite(content->data, 1, content->size, f) < content->size)
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
 		           , "Error writing to temporary file \"%s\": %s\n"
-			   , tmpfn, _getdns_errnostr());
+			   , tmpfn, _getdns_fileerrnostr());
 
-	else if (fclose(f) < 0)
+	else if (fclose(f))
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
-		           , "Error closing temporary file \"%s\": %s\n"
+		           , "Error closing temporary file \"%s\": %s (%p)\n"
-			   , tmpfn, _getdns_errnostr());
+			    , tmpfn, _getdns_fileerrnostr(), f);
 
 	else if (rename(tmpfn, path) < 0)
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
 		           , "Error renaming temporary file \"%s\" to \"%s\""
-			     ": %s\n", tmpfn, path, _getdns_errnostr());
+			     ": %s\n", tmpfn, path, _getdns_fileerrnostr());
 	else {
 		context->can_write_appdata = PROP_ABLE;
 		return 1;
@@ -5045,7 +5088,7 @@ int _getdns_context_can_write_appdata(getdns_context *context)
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
 		           , "Error unlinking write test file: \"%s\": %s\n"
-			   , path, _getdns_errnostr());
+			   , path, _getdns_fileerrnostr());
 	return 1;
 }
 

src/context.h

@@ -325,6 +325,7 @@ struct getdns_context {
 	size_t               namespace_count;
 	uint64_t             timeout;
 	uint64_t             idle_timeout;
+	int                  tcp_send_timeout; /* -1 is unset */
 	getdns_redirects_t   follow_redirects;
 	getdns_list          *dns_root_servers;
 

src/extension/select_eventloop.c

@@ -244,7 +244,7 @@ select_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	} else {
 #endif
 	if (select(max_fd + 1, &readfds, &writefds, NULL,
-	    (timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) {
+		   ((blocking && timeout == TIMEOUT_FOREVER) ? NULL : &tv)) < 0) {
 		if (_getdns_socketerror_wants_retry())
 			return;
 

src/getdns/getdns.h.in

@@ -417,6 +417,8 @@ typedef enum getdns_callback_type_t {
 #define GETDNS_RRTYPE_OPENPGPKEY 61
 #define GETDNS_RRTYPE_CSYNC     62
 #define GETDNS_RRTYPE_ZONEMD    63
+#define GETDNS_RRTYPE_SVCB      64
+#define GETDNS_RRTYPE_HTTPS     65
 #define GETDNS_RRTYPE_SPF       99
 #define GETDNS_RRTYPE_UINFO     100
 #define GETDNS_RRTYPE_UID       101
@@ -1514,6 +1516,24 @@ getdns_context_set_dns_transport_list(getdns_context *context,
 getdns_return_t
 getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout);
 
+/**
+ * Set the number of milliseconds send data may remain unacknowledged by
+ * the peer in a TCP connection, if supported by the operation system.
+ * When not set (the default), the system default is left alone.
+ *
+ * @see getdns_context_get_tcp_send_timeout
+ * @see getdns_context_unset_tcp_send_timeout
+ * @param context The context to configure
+ * @param value The number of milliseconds the send data may remain
+ *              unacknowledged by the peer in a TCP connection.
+ * @return GETDNS_RETURN_GOOD when successful.
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL or the
+ *         value was too high.
+ */
+getdns_return_t
+getdns_context_set_tcp_send_timeout(getdns_context *context,
+    uint32_t value);
+
 /**
  * Limit the number of outstanding DNS queries. When more than limit requests
  * are scheduled, they are kept on an internal queue, to be rescheduled when

src/getdns/getdns_extra.h.in

@@ -540,6 +540,18 @@ getdns_context_set_tls_query_padding_blocksize(getdns_context *context, uint16_t
 getdns_return_t
 getdns_context_unset_edns_maximum_udp_payload_size(getdns_context *context);
 
+/**
+ * Configure context to use the system default setting for the time
+ * send data may remain unacknowledged by the peer in a TCP connection.
+ * @see getdns_context_set_tcp_send_timeout
+ * @see getdns_context_get_tcp_send_timeout
+ * @param context The context to configure
+ * @return GETDNS_RETURN_GOOD on success
+ * @return GETDNS_RETURN_INVALID_PARAMETER if context is null.
+ */
+getdns_return_t
+getdns_context_unset_tcp_send_timeout(getdns_context *context);
+
 
 typedef enum getdns_loglevel_type {
 	GETDNS_LOG_EMERG   = 0,
@@ -992,6 +1004,22 @@ getdns_return_t
 getdns_context_get_idle_timeout(
     const getdns_context *context, uint64_t *timeout);
 
+/**
+ * Get the number of milliseconds send data may remain unacknowledged by
+ * the peer in a TCP connection setting from context.
+ * @see getdns_context_set_tcp_send_timeout
+ * @see getdns_context_unset_tcp_send_timeout
+ * @param[in]  context The context from which to get the setting
+ * @param[out] value   The number of milliseconds the send data may remain
+ *                     unacknowledged by the peer in a TCP connection.
+ *                     When the value is unset, 0 is returned.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
+ */
+getdns_return_t
+getdns_context_get_tcp_send_timeout(const getdns_context *context,
+    uint32_t *value);
+
 /**
  * Get the setting that says whether or not DNS queries follow redirects.
  * @see getdns_context_set_follow_redirects

src/gldns/rrdef.h

@@ -196,6 +196,8 @@ enum gldns_enum_rr_type
 	GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
 	GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
 	GLDNS_RR_TYPE_ZONEMD = 63, /* draft-wessels-dns-zone-digest */
+	GLDNS_RR_TYPE_SVCB = 64,
+	GLDNS_RR_TYPE_HTTPS = 65,
 
 	GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
 

src/libgetdns.symbols

@@ -30,6 +30,7 @@ getdns_context_get_resolution_type
 getdns_context_get_resolvconf
 getdns_context_get_round_robin_upstreams
 getdns_context_get_suffix
+getdns_context_get_tcp_send_timeout
 getdns_context_get_timeout
 getdns_context_get_tls_authentication
 getdns_context_get_tls_backoff_time
@@ -78,6 +79,7 @@ getdns_context_set_resolvconf
 getdns_context_set_return_dnssec_status
 getdns_context_set_round_robin_upstreams
 getdns_context_set_suffix
+getdns_context_set_tcp_send_timeout
 getdns_context_set_timeout
 getdns_context_set_tls_authentication
 getdns_context_set_tls_backoff_time
@@ -98,6 +100,7 @@ getdns_context_set_update_callback
 getdns_context_set_upstream_recursive_servers
 getdns_context_set_use_threads
 getdns_context_unset_edns_maximum_udp_payload_size
+getdns_context_unset_tcp_send_timeout
 getdns_convert_alabel_to_ulabel
 getdns_convert_dns_name_to_fqdn
 getdns_convert_fqdn_to_dns_name

src/openssl/keyraw-internal.c

@@ -35,6 +35,9 @@
 #ifdef HAVE_OPENSSL_DSA_H
 #include <openssl/dsa.h>
 #endif
+#ifdef HAVE_OPENSSL_RSA_H
+#include <openssl/rsa.h>
+#endif
 #endif /* HAVE_SSL */
 
 #ifdef HAVE_SSL
@@ -74,7 +77,6 @@ gldns_key_EVP_load_gost_id(void)
 	if(!e) {
 		/* load it ourself, in case statically linked */
 		ENGINE_load_builtin_engines();
-		ENGINE_load_dynamic();
 		e = ENGINE_by_id("gost");
 	}
 	if(!e) {

src/openssl/tls.c

@@ -48,19 +48,21 @@
 #include "context.h"
 #include "const-info.h"
 
-#ifdef USE_DANESSL
+#if defined(USE_DANESSL) || defined(LIBRESSL_VERSION_NUMBER)
 # include "ssl_dane/danessl.h"
 #endif
 
 #include "tls.h"
 
 /* Double check configure has worked as expected. */
+#ifndef LIBRESSL_VERSION_NUMBER
 #if defined(USE_DANESSL) && \
 	(defined(HAVE_SSL_DANE_ENABLE) || \
 	 defined(HAVE_OPENSSL_INIT_CRYPTO) || \
 	 defined(HAVE_SSL_CTX_DANE_ENABLE))
 #error Configure error USE_DANESSL defined with OpenSSL 1.1 functions!
 #endif
+#endif
 
 /* Cipher suites recommended in RFC7525. */
 static char const * const _getdns_tls_context_default_cipher_list =

src/platform.c

@@ -166,6 +166,11 @@ const char *_getdns_strerror(DWORD errnum)
 	}
 }
 
+const char *_getdns_filestrerror(int errnum)
+{
+	return strerror(errnum);
+}
+
 #else
 
 void _getdns_perror(const char *str)

src/platform.h

@@ -60,6 +60,7 @@ typedef u_short sa_family_t;
 #define _getdns_socketerror() (WSAGetLastError())
 
 const char *_getdns_strerror(DWORD errnum);
+const char *_getdns_filestrerror(int errnum);
 #else /* USE_WINSOCK */
 
 #ifndef HAVE_SYS_POLL_H
@@ -132,10 +133,13 @@ const char *_getdns_strerror(DWORD errnum);
 #define _getdns_socketerror() (errno)
 
 const char *_getdns_strerror(int errnum);
+#define _getdns_filestrerror(errnum) (_getdns_strerror(errnum))
 #endif
 
 void _getdns_perror(const char *str);
 
+#define _getdns_fileerror() (errno)
+#define _getdns_fileerrnostr() (_getdns_filestrerror(_getdns_fileerror()))
 #define _getdns_errnostr() (_getdns_strerror(_getdns_socketerror()))
 #define _getdns_error_wants_retry(X) (  (X) != 0 \
                                      && (  (X) == _getdns_EINTR \

src/stub.c

@@ -448,8 +448,27 @@ getdns_sock_nonblock(int sockfd)
 #endif
 }
 
+/** best effort to set TCP send timeout */
+static void
+getdns_sock_tcp_send_timeout(getdns_upstream *upstream, int sockfd,
+                             int send_timeout)
+{
+#if defined(HAVE_DECL_TCP_USER_TIMEOUT)
+	unsigned int val = send_timeout;
+	if (setsockopt(sockfd, IPPROTO_TCP, TCP_USER_TIMEOUT,
+	    &val, sizeof(val)) != 0) {
+		_getdns_upstream_log(upstream,
+		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
+		    "%-40s : Upstream   : "
+		    "Could not enable TCP send timeout\n",
+		     upstream->addr_str);
+	}
+#endif
+}
+
 static int
-tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport) 
+tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
+            int send_timeout)
 {
 #if defined(TCP_FASTOPEN) || defined(TCP_FASTOPEN_CONNECT)
 # ifdef USE_WINSOCK
@@ -468,6 +487,8 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
 		return -1;
 
 	getdns_sock_nonblock(fd);
+	if (send_timeout != -1)
+		getdns_sock_tcp_send_timeout(upstream, fd, send_timeout);
 #ifdef USE_OSX_TCP_FASTOPEN
 	sa_endpoints_t endpoints;
 	endpoints.sae_srcif = 0;
@@ -2148,7 +2169,8 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		/* Use existing if available*/
 		if (upstream->fd != -1)
 			return upstream->fd;
-		fd = tcp_connect(upstream, transport);
+		fd = tcp_connect(upstream, transport,
+				 dnsreq->context->tcp_send_timeout);
 		if (fd == -1) {
 			upstream_failed(upstream, 1);
 			return -1;

src/test/check_getdns_cancel_callback.h

@@ -466,23 +466,23 @@
          callback_canceled++;
          ck_assert_msg(transaction_id % 2,
            "Only callbacks with odd transaction_ids were canceled, this one is even: %d",
-           transaction_id);
+           (int)transaction_id);
        }
        else if(callback_type == GETDNS_CALLBACK_COMPLETE)
        {
          callback_completed++;
          ck_assert_msg((transaction_id % 2) == 0,
            "One callbacks with even transaction_ids should complete, this one is odd: %d",
-           transaction_id);
+           (int)transaction_id);
        }
        else
        {
          if(transaction_id % 2)
            ck_abort_msg("callback_type should == GETDNS_CALLBACK_CANCEL for odd transaction_id (%d), got: %d",
-             transaction_id, callback_type);
+             (int)transaction_id, (int)callback_type);
          else
            ck_abort_msg("callback_type should == GETDNS_CALLBACK_COMPLETE for even transaction_id (%d), got %d",
-             transaction_id, callback_type);
+             (int)transaction_id, (int)callback_type);
        }
      }
 

src/test/check_getdns_common.c

@@ -196,7 +196,7 @@ void assert_nodata(struct extracted_response *ex_response)
 
   ASSERT_RC(getdns_list_get_length(ex_response->answer, &length),
     GETDNS_RETURN_GOOD, "Failed to extract \"answer\" length");
-  ck_assert_msg(length == 0, "Expected \"answer\" length == 0, got %d", length);
+  ck_assert_msg(length == 0, "Expected \"answer\" length == 0, got %d", (int)length);
 
   ASSERT_RC(ex_response->status, GETDNS_RESPSTATUS_NO_NAME, "Unexpected value for \"status\"");
 }
@@ -222,7 +222,7 @@ void assert_address_in_answer(struct extracted_response *ex_response, int a, int
 
   ASSERT_RC(getdns_list_get_length(ex_response->answer, &length),
     GETDNS_RETURN_GOOD, "Failed to extract \"answer\" length");
-  ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", ancount, length);
+  ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", (int)ancount, (int)length);
 
   for(i = 0; i < length; i++)
   {
@@ -257,7 +257,7 @@ void assert_address_in_just_address_answers(struct extracted_response *ex_respon
     GETDNS_RETURN_GOOD, "Failed to extract \"just_address_answers\" length");
   
   if (length == 0) resp_str = getdns_pretty_print_dict(ex_response->response);
-  ck_assert_msg(length > 0, "Expected \"just_address_answers\" length > 0, got %d\n%s", length, resp_str);
+  ck_assert_msg(length > 0, "Expected \"just_address_answers\" length > 0, got %d\n%s", (int)length, resp_str);
   if (length == 0) free(resp_str);
 }
 
@@ -294,7 +294,7 @@ void assert_soa_in_authority(struct extracted_response *ex_response)
 
   ASSERT_RC(getdns_list_get_length(ex_response->authority, &length),
     GETDNS_RETURN_GOOD, "Failed to extract \"authority\" length");
-  ck_assert_msg(length == nscount, "Expected \"authority\" length == nscount: %d, got %d", nscount, length);
+  ck_assert_msg(length == nscount, "Expected \"authority\" length == nscount: %d, got %d", (int)nscount, (int)length);
 
   for(i = 0; i < length; i++)
   {
@@ -328,7 +328,7 @@ void assert_ptr_in_answer(struct extracted_response *ex_response)
 
   ASSERT_RC(getdns_list_get_length(ex_response->answer, &length),
     GETDNS_RETURN_GOOD, "Failed to extract \"answer\" length");
-  ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", ancount, length);
+  ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", (int)ancount, (int)length);
 
   for(i = 0; i < length; i++)
   {

src/test/check_getdns_convert_alabel_to_ulabel.h

@@ -44,7 +44,7 @@
       char *alabel = NULL;
 
       ck_assert_msg( getdns_convert_alabel_to_ulabel( alabel ) == 0,
-               "Was not expecting %d from getdns_convert_alabel_to_ulabel()", getdns_convert_alabel_to_ulabel( alabel ) );
+               "Was not expecting %p from getdns_convert_alabel_to_ulabel()", getdns_convert_alabel_to_ulabel( alabel ) );
 
      }
      END_TEST

src/test/check_getdns_convert_ulabel_to_alabel.h

@@ -45,7 +45,7 @@
 
 
       ck_assert_msg(( getdns_convert_ulabel_to_alabel( ulabel ) == 0 ),
-               "Was not expecting %d from getdns_convert_ulabel_to_alabel()", getdns_convert_ulabel_to_alabel( ulabel ) );
+               "Was not expecting %p from getdns_convert_ulabel_to_alabel()", getdns_convert_ulabel_to_alabel( ulabel ) );
      }
      END_TEST
 

src/test/check_getdns_dict_get_bindata.h

@@ -161,7 +161,7 @@
         GETDNS_RETURN_GOOD, "Return code from getdns_dict_get_bindata()");
 
       ck_assert_msg(answer->size == bindata.size, "Expected bindata size == %d, got: %d",
-        bindata.size, answer->size);
+        (int)bindata.size, (int)answer->size);
       ck_assert_msg(strcmp((char *)answer->data, (char *)bindata.data) == 0, 
         "Expected bindata data to be \"%s\", got: \"%s\"",
         (char *)bindata.data, (char *)answer->data);

src/test/check_getdns_dict_get_names.h

@@ -98,7 +98,7 @@
       ASSERT_RC(getdns_list_get_length(answer, &length),
         GETDNS_RETURN_GOOD, "Return code from getdns_list_get_length()");
  
-      ck_assert_msg(length == 3, "Expected length == 3, got %d", length);
+      ck_assert_msg(length == 3, "Expected length == 3, got %d", (int)length);
 
       for(i = 0; i < length; i++)
       {

src/test/check_getdns_dict_set_bindata.h

@@ -112,9 +112,9 @@
       ASSERT_RC(getdns_dict_get_bindata(this_dict, "bindata", &retrieved_bindata),
         GETDNS_RETURN_GOOD, "Return code from getdns_dict_get_bindata()");
 
-      ck_assert_msg(retrieved_bindata->size, second_bindata.size,
+      ck_assert_msg(retrieved_bindata->size == second_bindata.size,
         "Expected retrieved bindata size == %d, got: %d",
-        second_bindata.size, retrieved_bindata->size);
+        (int)second_bindata.size, (int)retrieved_bindata->size);
 
       ck_assert_msg(strcmp((char *)retrieved_bindata->data, (char *)second_bindata.data) == 0,
         "Expected retrieved bindata to be \"%s\", got: \"%s\"",
@@ -152,7 +152,7 @@
 
       ck_assert_msg(retrieved_bindata->size == bindata.size, 
         "Expected retrieved bindata size == %d, got: %d",
-        bindata.size, retrieved_bindata->size);
+        (int)bindata.size, (int)retrieved_bindata->size);
 
       ck_assert_msg(strcmp((char *)retrieved_bindata->data, (char *)bindata.data) == 0, 
         "Expected bindata data to be \"%s\", got: \"%s\"",

src/test/check_getdns_list_get_length.h

@@ -89,7 +89,7 @@
       ASSERT_RC(getdns_list_get_length(list, &length),
         GETDNS_RETURN_GOOD, "Return code from getdns_list_get_length()");
 
-      ck_assert_msg(length == 3, "Expected length == 3, got %d", length);
+      ck_assert_msg(length == 3, "Expected length == 3, got %d", (int)length);
 
       LIST_DESTROY(list);
     }
@@ -110,7 +110,7 @@
       ASSERT_RC(getdns_list_get_length(list, &length),
         GETDNS_RETURN_GOOD, "Return code from getdns_list_get_length()");
 
-      ck_assert_msg(length == 0, "Expected length == 3, got %d", length);
+      ck_assert_msg(length == 0, "Expected length == 3, got %d", (int)length);
 
       LIST_DESTROY(list);    
     }

src/tls/val_secalgo.c

@@ -72,6 +72,10 @@
 #include <openssl/engine.h>
 #endif
 
+#if defined(HAVE_OPENSSL_DSA_H) && defined(USE_DSA)
+#include <openssl/dsa.h>
+#endif
+
 /** fake DSA support for unit tests */
 int fake_dsa = 0;
 /** fake SHA1 support for unit tests */
@@ -138,6 +142,69 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
 #endif
 }
 
+/** hash structure for keeping track of running hashes */
+struct secalgo_hash {
+	/** the openssl message digest context */
+	EVP_MD_CTX* ctx;
+};
+
+/** create secalgo hash with hash type */
+static struct secalgo_hash* secalgo_hash_create_md(const EVP_MD* md)
+{
+	struct secalgo_hash* h;
+	if(!md)
+		return NULL;
+	h = calloc(1, sizeof(*h));
+	if(!h)
+		return NULL;
+	h->ctx = EVP_MD_CTX_create();
+	if(!h->ctx) {
+		free(h);
+		return NULL;
+	}
+	if(!EVP_DigestInit_ex(h->ctx, md, NULL)) {
+		EVP_MD_CTX_destroy(h->ctx);
+		free(h);
+		return NULL;
+	}
+	return h;
+}
+
+struct secalgo_hash* secalgo_hash_create_sha384(void)
+{
+	return secalgo_hash_create_md(EVP_sha384());
+}
+
+struct secalgo_hash* secalgo_hash_create_sha512(void)
+{
+	return secalgo_hash_create_md(EVP_sha512());
+}
+
+int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len)
+{
+	return EVP_DigestUpdate(hash->ctx, (unsigned char*)data,
+		(unsigned int)len);
+}
+
+int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
+        size_t maxlen, size_t* resultlen)
+{
+	if(EVP_MD_CTX_size(hash->ctx) > (int)maxlen) {
+		*resultlen = 0;
+		log_err("secalgo_hash_final: hash buffer too small");
+		return 0;
+	}
+	*resultlen = EVP_MD_CTX_size(hash->ctx);
+	return EVP_DigestFinal_ex(hash->ctx, result, NULL);
+}
+
+void secalgo_hash_delete(struct secalgo_hash* hash)
+{
+	if(!hash) return;
+	EVP_MD_CTX_destroy(hash->ctx);
+	free(hash);
+}
+
 /**
  * Return size of DS digest according to its hash algorithm.
  * @param algo: DS digest algo.
@@ -820,6 +887,64 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
 	(void)HASH_HashBuf(HASH_AlgSHA256, res, buf, (unsigned long)len);
 }
 
+/** the secalgo hash structure */
+struct secalgo_hash {
+	/** hash context */
+	HASHContext* ctx;
+};
+
+/** create hash struct of type */
+static struct secalgo_hash* secalgo_hash_create_type(HASH_HashType tp)
+{
+	struct secalgo_hash* h = calloc(1, sizeof(*h));
+	if(!h)
+		return NULL;
+	h->ctx = HASH_Create(tp);
+	if(!h->ctx) {
+		free(h);
+		return NULL;
+	}
+	return h;
+}
+
+struct secalgo_hash* secalgo_hash_create_sha384(void)
+{
+	return secalgo_hash_create_type(HASH_AlgSHA384);
+}
+
+struct secalgo_hash* secalgo_hash_create_sha512(void)
+{
+	return secalgo_hash_create_type(HASH_AlgSHA512);
+}
+
+int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len)
+{
+	HASH_Update(hash->ctx, (unsigned char*)data, (unsigned int)len);
+	return 1;
+}
+
+int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
+        size_t maxlen, size_t* resultlen)
+{
+	unsigned int reslen = 0;
+	if(HASH_ResultLenContext(hash->ctx) > (unsigned int)maxlen) {
+		*resultlen = 0;
+		log_err("secalgo_hash_final: hash buffer too small");
+		return 0;
+	}
+	HASH_End(hash->ctx, (unsigned char*)result, &reslen,
+		(unsigned int)maxlen);
+	*resultlen = (size_t)reslen;
+	return 1;
+}
+
+void secalgo_hash_delete(struct secalgo_hash* hash)
+{
+	if(!hash) return;
+	HASH_Destroy(hash->ctx);
+	free(hash);
+}
+
 size_t
 ds_digest_size_supported(int algo)
 {
@@ -987,6 +1112,7 @@ static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo)
 	return pk;
 }
 
+#if defined(USE_DSA) && defined(USE_SHA1)
 static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len)
 {
 	SECKEYPublicKey* pk;
@@ -1047,6 +1173,7 @@ static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len)
 	}
 	return pk;
 }
+#endif /* USE_DSA && USE_SHA1 */
 
 static SECKEYPublicKey* nss_buf2rsa(unsigned char* key, size_t len)
 {
@@ -1446,6 +1573,82 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
 	_digest_nettle(SHA256_DIGEST_SIZE, (uint8_t*)buf, len, res);
 }
 
+/** secalgo hash structure */
+struct secalgo_hash {
+	/** if it is 384 or 512 */
+	int active;
+	/** context for sha384 */
+	struct sha384_ctx ctx384;
+	/** context for sha512 */
+	struct sha512_ctx ctx512;
+};
+
+struct secalgo_hash* secalgo_hash_create_sha384(void)
+{
+	struct secalgo_hash* h = calloc(1, sizeof(*h));
+	if(!h)
+		return NULL;
+	h->active = 384;
+	sha384_init(&h->ctx384);
+	return h;
+}
+
+struct secalgo_hash* secalgo_hash_create_sha512(void)
+{
+	struct secalgo_hash* h = calloc(1, sizeof(*h));
+	if(!h)
+		return NULL;
+	h->active = 512;
+	sha512_init(&h->ctx512);
+	return h;
+}
+
+int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len)
+{
+	if(hash->active == 384) {
+		sha384_update(&hash->ctx384, len, data);
+	} else if(hash->active == 512) {
+		sha512_update(&hash->ctx512, len, data);
+	} else {
+		return 0;
+	}
+	return 1;
+}
+
+int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
+        size_t maxlen, size_t* resultlen)
+{
+	if(hash->active == 384) {
+		if(SHA384_DIGEST_SIZE > maxlen) {
+			*resultlen = 0;
+			log_err("secalgo_hash_final: hash buffer too small");
+			return 0;
+		}
+		*resultlen = SHA384_DIGEST_SIZE;
+		sha384_digest(&hash->ctx384, SHA384_DIGEST_SIZE,
+			(unsigned char*)result);
+	} else if(hash->active == 512) {
+		if(SHA512_DIGEST_SIZE > maxlen) {
+			*resultlen = 0;
+			log_err("secalgo_hash_final: hash buffer too small");
+			return 0;
+		}
+		*resultlen = SHA512_DIGEST_SIZE;
+		sha512_digest(&hash->ctx512, SHA512_DIGEST_SIZE,
+			(unsigned char*)result);
+	} else {
+		*resultlen = 0;
+		return 0;
+	}
+	return 1;
+}
+
+void secalgo_hash_delete(struct secalgo_hash* hash)
+{
+	if(!hash) return;
+	free(hash);
+}
+
 /**
  * Return size of DS digest according to its hash algorithm.
  * @param algo: DS digest algo.

src/util/locks.c

@@ -42,7 +42,6 @@
 #include "config.h"
 #include "util/locks.h"
 #include <signal.h>
-#include <string.h>
 #ifdef HAVE_SYS_WAIT_H
 #include <sys/wait.h>
 #endif

src/util/lookup3.c

@@ -53,18 +53,21 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
 #include "util/storage/lookup3.h"
 #include <stdio.h>      /* defines printf for tests */
 #include <time.h>       /* defines time_t for timings in the test */
-
+/*#include <stdint.h>     defines uint32_t etc  (from config.h) */
-#if defined(HAVE_TARGET_ENDIANNESS)
+#include <sys/param.h>  /* attempt to define endianness */
-# if defined(TARGET_IS_BIG_ENDIAN)
+#ifdef HAVE_SYS_TYPES_H
-#  define HASH_LITTLE_ENDIAN 0
+# include <sys/types.h> /* attempt to define endianness (solaris) */
-#  define HASH_BIG_ENDIAN 1
-# else
-#  define HASH_LITTLE_ENDIAN 1
-#  define HASH_BIG_ENDIAN 0
 #endif
+#if defined(linux) || defined(__OpenBSD__)
+#  ifdef HAVE_ENDIAN_H
+#    include <endian.h>    /* attempt to define endianness */
 #  else
-# error "Target endianness required."
+#    include <machine/endian.h> /* on older OpenBSD */
-#endif /* defined(HAVE_TARGET_ENDIANNESS) */
+#  endif
+#endif
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
+#include <sys/endian.h> /* attempt to define endianness */
+#endif
 
 /* random initial value */
 static uint32_t raninit = (uint32_t)0xdeadbeef;
@@ -75,6 +78,36 @@ hash_set_raninit(uint32_t v)
 	raninit = v;
 }
 
+/*
+ * My best guess at if you are big-endian or little-endian.  This may
+ * need adjustment.
+ */
+#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
+     __BYTE_ORDER == __LITTLE_ENDIAN) || \
+    (defined(i386) || defined(__i386__) || defined(__i486__) || \
+     defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL) || defined(__x86))
+# define HASH_LITTLE_ENDIAN 1
+# define HASH_BIG_ENDIAN 0
+#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
+       __BYTE_ORDER == __BIG_ENDIAN) || \
+      (defined(sparc) || defined(__sparc) || defined(__sparc__) || defined(POWERPC) || defined(mc68000) || defined(sel))
+# define HASH_LITTLE_ENDIAN 0
+# define HASH_BIG_ENDIAN 1
+#elif defined(_MACHINE_ENDIAN_H_)
+/* test for machine_endian_h protects failure if some are empty strings */
+# if defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN
+#  define HASH_LITTLE_ENDIAN 0
+#  define HASH_BIG_ENDIAN 1
+# endif
+# if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN
+#  define HASH_LITTLE_ENDIAN 1
+#  define HASH_BIG_ENDIAN 0
+# endif /* _MACHINE_ENDIAN_H_ */
+#else
+# define HASH_LITTLE_ENDIAN 0
+# define HASH_BIG_ENDIAN 0
+#endif
+
 #define hashsize(n) ((uint32_t)1<<(n))
 #define hashmask(n) (hashsize(n)-1)
 #define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))

src/util/lruhash.c

@@ -40,8 +40,6 @@
  *
  */
 
-#include <stdlib.h>
-
 #include "config.h"
 #include "util/storage/lruhash.h"
 #include "util/fptr_wlist.h"
@@ -401,12 +399,12 @@ lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key)
 	}
 	table->num--;
 	table->space_used -= (*table->sizefunc)(entry->key, entry->data);
-	lock_quick_unlock(&table->lock);
 	lock_rw_wrlock(&entry->lock);
 	if(table->markdelfunc)
 		(*table->markdelfunc)(entry->key);
 	lock_rw_unlock(&entry->lock);
 	lock_quick_unlock(&bin->lock);
+	lock_quick_unlock(&table->lock);
 	/* finish removal */
 	d = entry->data;
 	(*table->delkeyfunc)(entry->key, table->cb_arg);

src/util/orig-headers/locks.h

@@ -36,8 +36,6 @@
 #ifndef UTIL_LOCKS_H
 #define UTIL_LOCKS_H
 
-#include <string.h>
-
 /**
  * \file
  * Locking primitives.
@@ -221,7 +219,6 @@ void* ub_thread_key_get(ub_thread_key_type key);
 #else /* we do not HAVE_SOLARIS_THREADS and no PTHREADS */
 /******************* WINDOWS THREADS ************************/
 #ifdef HAVE_WINDOWS_THREADS
-#include <winsock2.h>
 #include <windows.h>
 
 /* Use a mutex */

src/util/orig-headers/val_secalgo.h

@@ -43,6 +43,7 @@
 #ifndef VALIDATOR_VAL_SECALGO_H
 #define VALIDATOR_VAL_SECALGO_H
 struct sldns_buffer;
+struct secalgo_hash;
 
 /** Return size of nsec3 hash algorithm, 0 if not supported */
 size_t nsec3_hash_algo_size_supported(int id);
@@ -67,6 +68,48 @@ int secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len,
  */
 void secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res);
 
+/**
+ * Start a hash of type sha384. Allocates structure, then inits it,
+ * so that a series of updates can be performed, before the final result.
+ * @return hash structure.  NULL on malloc failure or no support.
+ */
+struct secalgo_hash* secalgo_hash_create_sha384(void);
+
+/**
+ * Start a hash of type sha512. Allocates structure, then inits it,
+ * so that a series of updates can be performed, before the final result.
+ * @return hash structure.  NULL on malloc failure or no support.
+ */
+struct secalgo_hash* secalgo_hash_create_sha512(void);
+
+/**
+ * Update a hash with more information to add to it.
+ * @param hash: the hash that is updated.
+ * @param data: data to add.
+ * @param len: length of data.
+ * @return false on failure.
+ */
+int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len);
+
+/**
+ * Get the final result of the hash.
+ * @param hash: the hash that has had updates to it.
+ * @param result: where to store the result.
+ * @param maxlen: length of the result buffer, eg. size of the allocation.
+ *	If not large enough the routine fails.
+ * @param resultlen: the length of the result, returned to the caller.
+ *	How much of maxlen is used.
+ * @return false on failure.
+ */
+int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
+	size_t maxlen, size_t* resultlen);
+
+/**
+ * Delete the hash structure.
+ * @param hash: the hash to delete.
+ */
+void secalgo_hash_delete(struct secalgo_hash* hash);
+
 /**
  * Return size of DS digest according to its hash algorithm.
  * @param algo: DS digest algo.

src/util/rbtree.c

@@ -39,8 +39,6 @@
  * Implementation of a redblack tree.
  */
 
-#include <stdlib.h>
-
 #include "config.h"
 #include "log.h"
 #include "fptr_wlist.h"