Sync with unbound

src/gldns/gbuffer.c

@@ -50,6 +50,8 @@ gldns_buffer_new_frm_data(gldns_buffer *buffer, void *data, size_t size)
 	buffer->_limit = buffer->_capacity = size;
 	buffer->_fixed = 0;
 	buffer->_vfixed = 0;
+	if (!buffer->_fixed && buffer->_data)
+		free(buffer->_data);
 	buffer->_data = malloc(size);
 	if(!buffer->_data) {
 		buffer->_status_err = 1;

src/gldns/parseutil.c

@@ -402,10 +402,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
 
 		/* ........ ........ ....4444 4....... ........ */
 			 c =  src[3]         >> 7 ;
+		/* fallthrough */
 	case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c];
 
 		/* ........ .......3 3333.... ........ ........ */
 			 c =  src[2]         >> 4 ;
+		/* fallthrough */
 	case 2:	dst[3] = b32[(src[1] & 0x01) << 4 | c];
 
 		/* ........ ..22222. ........ ........ ........ */
@@ -413,6 +415,7 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
 
 		/* .....111 11...... ........ ........ ........ */
 			 c =  src[1]         >> 6 ;
+		/* fallthrough */
 	case 1:	dst[1] = b32[(src[0] & 0x07) << 2 | c];
 
 		/* 00000... ........ ........ ........ ........ */
@@ -423,9 +426,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
 		switch (src_sz) {
 			case 1: dst[2] = '=';
 				dst[3] = '=';
+				/* fallthrough */
 			case 2: dst[4] = '=';
+				/* fallthrough */
 			case 3: dst[5] = '=';
 				dst[6] = '=';
+				/* fallthrough */
 			case 4: dst[7] = '=';
 		}
 	}
@@ -537,15 +543,18 @@ gldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz,
 			/* ........ ........ ........ .55555.. ........ */
 			/* ........ ........ ....4444 4....... ........ */
 			dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3;
+			/* fallthrough */
 
 		case 5: /* ........ ........ ....4444 4....... ........ */
 			/* ........ .......3 3333.... ........ ........ */
 			dst[2] = buf[3] << 4 | buf[4] >> 1;
+			/* fallthrough */
 
 		case 4: /* ........ .......3 3333.... ........ ........ */
 			/* ........ ..22222. ........ ........ ........ */
 			/* .....111 11...... ........ ........ ........ */
 			dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4;
+			/* fallthrough */
 
 		case 2: /* .....111 11...... ........ ........ ........ */
 			/* 00000... ........ ........ ........ ........ */

src/gldns/str2wire.c

@@ -1190,6 +1190,10 @@ int gldns_str2wire_b64_buf(const char* str, uint8_t* rd, size_t* len)
 {
 	size_t sz = gldns_b64_pton_calculate_size(strlen(str));
 	int n;
+	if(strcmp(str, "0") == 0) {
+		*len = 0;
+		return GLDNS_WIREPARSE_ERR_OK;
+	}
 	if(*len < sz)
 		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
 	n = gldns_b64_pton(str, rd, *len);
@@ -1223,6 +1227,10 @@ int gldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len)
 			s++;
 			continue;
 		}
+		if(dlen == 0 && *s == '0' && *(s+1) == 0) {
+			*len = 0;
+			return GLDNS_WIREPARSE_ERR_OK;
+		}
 		if(!isxdigit((unsigned char)*s))
 			return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str);
 		if(*len < dlen/2 + 1)

src/gldns/wire2str.c

@@ -1220,11 +1220,17 @@ static int gldns_wire2str_b64_scan_num(uint8_t** d, size_t* dl, char** s,
 
 int gldns_wire2str_b64_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 {
+	if(*dl == 0) {
+		return gldns_str_print(s, sl, "0");
+	}
 	return gldns_wire2str_b64_scan_num(d, dl, s, sl, *dl);
 }
 
 int gldns_wire2str_hex_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 {
+	if(*dl == 0) {
+		return gldns_str_print(s, sl, "0");
+	}
 	return print_remainder_hex("", d, dl, s, sl);
 }
 

src/util/lookup3.c

@@ -5,6 +5,7 @@
      added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings.
      added include of lookup3.h to check definitions match declarations.
      removed include of stdint - config.h takes care of platform independence.
+     added fallthrough comments for new gcc warning suppression.
   url http://burtleburtle.net/bob/hash/index.html.
 */
 /*
@@ -235,7 +236,9 @@ uint32_t        initval)         /* the previous hash, or an arbitrary value */
   switch(length)                     /* all the case statements fall through */
   { 
   case 3 : c+=k[2];
+  	/* fallthrough */
   case 2 : b+=k[1];
+  	/* fallthrough */
   case 1 : a+=k[0];
     final(a,b,c);
   case 0:     /* case 0: nothing left to add */
@@ -473,16 +476,27 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
     switch(length)                   /* all the case statements fall through */
     {
     case 12: c+=((uint32_t)k[11])<<24;
+  	/* fallthrough */
     case 11: c+=((uint32_t)k[10])<<16;
+  	/* fallthrough */
     case 10: c+=((uint32_t)k[9])<<8;
+  	/* fallthrough */
     case 9 : c+=k[8];
+  	/* fallthrough */
     case 8 : b+=((uint32_t)k[7])<<24;
+  	/* fallthrough */
     case 7 : b+=((uint32_t)k[6])<<16;
+  	/* fallthrough */
     case 6 : b+=((uint32_t)k[5])<<8;
+  	/* fallthrough */
     case 5 : b+=k[4];
+  	/* fallthrough */
     case 4 : a+=((uint32_t)k[3])<<24;
+  	/* fallthrough */
     case 3 : a+=((uint32_t)k[2])<<16;
+  	/* fallthrough */
     case 2 : a+=((uint32_t)k[1])<<8;
+  	/* fallthrough */
     case 1 : a+=k[0];
              break;
     case 0 : return c;

src/util/val_secalgo.c

@@ -1320,6 +1320,9 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 #include "ecdsa.h"
 #include "ecc-curve.h"
 #endif
+#ifdef HAVE_NETTLE_EDDSA_H
+#include "eddsa.h"
+#endif
 
 static int
 _digest_nettle(int algo, uint8_t* buf, size_t len,
@@ -1477,6 +1480,10 @@ dnskey_algo_id_is_supported(int id)
 	case LDNS_ECDSAP384SHA384:
 #endif
 		return 1;
+#ifdef USE_ED25519
+	case LDNS_ED25519:
+		return 1;
+#endif
 	case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */
 	case LDNS_ECC_GOST:
 	default:
@@ -1718,6 +1725,30 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char*
 }
 #endif
 
+#ifdef USE_ED25519
+static char *
+_verify_nettle_ed25519(sldns_buffer* buf, unsigned char* sigblock,
+	unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
+{
+	int res = 0;
+
+	if(sigblock_len != ED25519_SIGNATURE_SIZE) {
+		return "wrong ED25519 signature length";
+	}
+	if(keylen != ED25519_KEY_SIZE) {
+		return "wrong ED25519 key length";
+	}
+
+	res = ed25519_sha512_verify((uint8_t*)key, sldns_buffer_limit(buf),
+		sldns_buffer_begin(buf), (uint8_t*)sigblock);
+
+	if (!res)
+		return "ED25519 signature verification failed";
+	else
+		return NULL;
+}
+#endif
+
 /**
  * Check a canonical sig+rrset and signature against a dnskey
  * @param buf: buffer with data to verify, the first rrsig part and the
@@ -1759,9 +1790,13 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 	case LDNS_RSASHA1_NSEC3:
 		digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE);
 #endif
+		/* double fallthrough annotation to please gcc parser */
+		/* fallthrough */
 #ifdef USE_SHA2
+		/* fallthrough */
 	case LDNS_RSASHA256:
 		digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);
+		/* fallthrough */
 	case LDNS_RSASHA512:
 		digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE);
 
@@ -1776,6 +1811,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 #ifdef USE_ECDSA
 	case LDNS_ECDSAP256SHA256:
 		digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);
+		/* fallthrough */
 	case LDNS_ECDSAP384SHA384:
 		digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE);
 		*reason = _verify_nettle_ecdsa(buf, digest_size, sigblock,
@@ -1784,6 +1820,15 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 			return sec_status_bogus;
 		else
 			return sec_status_secure;
+#endif
+#ifdef USE_ED25519
+	case LDNS_ED25519:
+		*reason = _verify_nettle_ed25519(buf, sigblock, sigblock_len,
+			key, keylen);
+		if (*reason != NULL)
+			return sec_status_bogus;
+		else
+			return sec_status_secure;
 #endif
 	case LDNS_RSAMD5:
 	case LDNS_ECC_GOST: