From f949f4a1361ab7649d8d6bb6037a198ccbf7948c Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Tue, 22 Aug 2017 12:42:52 +0200 Subject: [PATCH] Sync with unbound --- src/gldns/gbuffer.c | 2 ++ src/gldns/parseutil.c | 9 +++++++++ src/gldns/str2wire.c | 8 ++++++++ src/gldns/wire2str.c | 6 ++++++ src/util/lookup3.c | 14 +++++++++++++ src/util/val_secalgo.c | 45 ++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 84 insertions(+) diff --git a/src/gldns/gbuffer.c b/src/gldns/gbuffer.c index 04c257fb..180fa631 100644 --- a/src/gldns/gbuffer.c +++ b/src/gldns/gbuffer.c @@ -50,6 +50,8 @@ gldns_buffer_new_frm_data(gldns_buffer *buffer, void *data, size_t size) buffer->_limit = buffer->_capacity = size; buffer->_fixed = 0; buffer->_vfixed = 0; + if (!buffer->_fixed && buffer->_data) + free(buffer->_data); buffer->_data = malloc(size); if(!buffer->_data) { buffer->_status_err = 1; diff --git a/src/gldns/parseutil.c b/src/gldns/parseutil.c index d68fa89c..558446cb 100644 --- a/src/gldns/parseutil.c +++ b/src/gldns/parseutil.c @@ -402,10 +402,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz, /* ........ ........ ....4444 4....... ........ */ c = src[3] >> 7 ; + /* fallthrough */ case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c]; /* ........ .......3 3333.... ........ ........ */ c = src[2] >> 4 ; + /* fallthrough */ case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c]; /* ........ ..22222. ........ ........ ........ */ @@ -413,6 +415,7 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz, /* .....111 11...... ........ ........ ........ */ c = src[1] >> 6 ; + /* fallthrough */ case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c]; /* 00000... ........ ........ ........ ........ */ @@ -423,9 +426,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz, switch (src_sz) { case 1: dst[2] = '='; dst[3] = '='; + /* fallthrough */ case 2: dst[4] = '='; + /* fallthrough */ case 3: dst[5] = '='; dst[6] = '='; + /* fallthrough */ case 4: dst[7] = '='; } } @@ -537,15 +543,18 @@ gldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz, /* ........ ........ ........ .55555.. ........ */ /* ........ ........ ....4444 4....... ........ */ dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3; + /* fallthrough */ case 5: /* ........ ........ ....4444 4....... ........ */ /* ........ .......3 3333.... ........ ........ */ dst[2] = buf[3] << 4 | buf[4] >> 1; + /* fallthrough */ case 4: /* ........ .......3 3333.... ........ ........ */ /* ........ ..22222. ........ ........ ........ */ /* .....111 11...... ........ ........ ........ */ dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4; + /* fallthrough */ case 2: /* .....111 11...... ........ ........ ........ */ /* 00000... ........ ........ ........ ........ */ diff --git a/src/gldns/str2wire.c b/src/gldns/str2wire.c index 2762aa38..ffd3d464 100644 --- a/src/gldns/str2wire.c +++ b/src/gldns/str2wire.c @@ -1190,6 +1190,10 @@ int gldns_str2wire_b64_buf(const char* str, uint8_t* rd, size_t* len) { size_t sz = gldns_b64_pton_calculate_size(strlen(str)); int n; + if(strcmp(str, "0") == 0) { + *len = 0; + return GLDNS_WIREPARSE_ERR_OK; + } if(*len < sz) return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; n = gldns_b64_pton(str, rd, *len); @@ -1223,6 +1227,10 @@ int gldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len) s++; continue; } + if(dlen == 0 && *s == '0' && *(s+1) == 0) { + *len = 0; + return GLDNS_WIREPARSE_ERR_OK; + } if(!isxdigit((unsigned char)*s)) return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str); if(*len < dlen/2 + 1) diff --git a/src/gldns/wire2str.c b/src/gldns/wire2str.c index 245c9794..2718925e 100644 --- a/src/gldns/wire2str.c +++ b/src/gldns/wire2str.c @@ -1220,11 +1220,17 @@ static int gldns_wire2str_b64_scan_num(uint8_t** d, size_t* dl, char** s, int gldns_wire2str_b64_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) { + if(*dl == 0) { + return gldns_str_print(s, sl, "0"); + } return gldns_wire2str_b64_scan_num(d, dl, s, sl, *dl); } int gldns_wire2str_hex_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) { + if(*dl == 0) { + return gldns_str_print(s, sl, "0"); + } return print_remainder_hex("", d, dl, s, sl); } diff --git a/src/util/lookup3.c b/src/util/lookup3.c index e9b05af3..cc110748 100644 --- a/src/util/lookup3.c +++ b/src/util/lookup3.c @@ -5,6 +5,7 @@ added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings. added include of lookup3.h to check definitions match declarations. removed include of stdint - config.h takes care of platform independence. + added fallthrough comments for new gcc warning suppression. url http://burtleburtle.net/bob/hash/index.html. */ /* @@ -235,7 +236,9 @@ uint32_t initval) /* the previous hash, or an arbitrary value */ switch(length) /* all the case statements fall through */ { case 3 : c+=k[2]; + /* fallthrough */ case 2 : b+=k[1]; + /* fallthrough */ case 1 : a+=k[0]; final(a,b,c); case 0: /* case 0: nothing left to add */ @@ -473,16 +476,27 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval) switch(length) /* all the case statements fall through */ { case 12: c+=((uint32_t)k[11])<<24; + /* fallthrough */ case 11: c+=((uint32_t)k[10])<<16; + /* fallthrough */ case 10: c+=((uint32_t)k[9])<<8; + /* fallthrough */ case 9 : c+=k[8]; + /* fallthrough */ case 8 : b+=((uint32_t)k[7])<<24; + /* fallthrough */ case 7 : b+=((uint32_t)k[6])<<16; + /* fallthrough */ case 6 : b+=((uint32_t)k[5])<<8; + /* fallthrough */ case 5 : b+=k[4]; + /* fallthrough */ case 4 : a+=((uint32_t)k[3])<<24; + /* fallthrough */ case 3 : a+=((uint32_t)k[2])<<16; + /* fallthrough */ case 2 : a+=((uint32_t)k[1])<<8; + /* fallthrough */ case 1 : a+=k[0]; break; case 0 : return c; diff --git a/src/util/val_secalgo.c b/src/util/val_secalgo.c index 88d23472..e9ec5a5b 100644 --- a/src/util/val_secalgo.c +++ b/src/util/val_secalgo.c @@ -1320,6 +1320,9 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, #include "ecdsa.h" #include "ecc-curve.h" #endif +#ifdef HAVE_NETTLE_EDDSA_H +#include "eddsa.h" +#endif static int _digest_nettle(int algo, uint8_t* buf, size_t len, @@ -1477,6 +1480,10 @@ dnskey_algo_id_is_supported(int id) case LDNS_ECDSAP384SHA384: #endif return 1; +#ifdef USE_ED25519 + case LDNS_ED25519: + return 1; +#endif case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */ case LDNS_ECC_GOST: default: @@ -1718,6 +1725,30 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char* } #endif +#ifdef USE_ED25519 +static char * +_verify_nettle_ed25519(sldns_buffer* buf, unsigned char* sigblock, + unsigned int sigblock_len, unsigned char* key, unsigned int keylen) +{ + int res = 0; + + if(sigblock_len != ED25519_SIGNATURE_SIZE) { + return "wrong ED25519 signature length"; + } + if(keylen != ED25519_KEY_SIZE) { + return "wrong ED25519 key length"; + } + + res = ed25519_sha512_verify((uint8_t*)key, sldns_buffer_limit(buf), + sldns_buffer_begin(buf), (uint8_t*)sigblock); + + if (!res) + return "ED25519 signature verification failed"; + else + return NULL; +} +#endif + /** * Check a canonical sig+rrset and signature against a dnskey * @param buf: buffer with data to verify, the first rrsig part and the @@ -1759,9 +1790,13 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, case LDNS_RSASHA1_NSEC3: digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE); #endif + /* double fallthrough annotation to please gcc parser */ + /* fallthrough */ #ifdef USE_SHA2 + /* fallthrough */ case LDNS_RSASHA256: digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); + /* fallthrough */ case LDNS_RSASHA512: digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE); @@ -1776,6 +1811,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, #ifdef USE_ECDSA case LDNS_ECDSAP256SHA256: digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); + /* fallthrough */ case LDNS_ECDSAP384SHA384: digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE); *reason = _verify_nettle_ecdsa(buf, digest_size, sigblock, @@ -1784,6 +1820,15 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, return sec_status_bogus; else return sec_status_secure; +#endif +#ifdef USE_ED25519 + case LDNS_ED25519: + *reason = _verify_nettle_ed25519(buf, sigblock, sigblock_len, + key, keylen); + if (*reason != NULL) + return sec_status_bogus; + else + return sec_status_secure; #endif case LDNS_RSAMD5: case LDNS_ECC_GOST: