interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Sync with unbound

This commit is contained in:
Willem Toorop 2017-08-22 12:42:52 +02:00
parent c570114bf6
commit f949f4a136
6 changed files with 84 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/gldns/gbuffer.c
View File

@ -50,6 +50,8 @@ gldns_buffer_new_frm_data(gldns_buffer *buffer, void *data, size_t size)
buffer->_limit = buffer->_capacity = size;
buffer->_fixed = 0;
buffer->_vfixed = 0;
if (!buffer->_fixed && buffer->_data)
free(buffer->_data);
buffer->_data = malloc(size);
if(!buffer->_data) {
buffer->_status_err = 1;

9
src/gldns/parseutil.c
View File

@ -402,10 +402,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
/* ........ ........ ....4444 4....... ........ */
c = src[3] >> 7 ;
/* fallthrough */
case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c];
/* ........ .......3 3333.... ........ ........ */
c = src[2] >> 4 ;
/* fallthrough */
case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c];
/* ........ ..22222. ........ ........ ........ */
@ -413,6 +415,7 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
/* .....111 11...... ........ ........ ........ */
c = src[1] >> 6 ;
/* fallthrough */
case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c];
/* 00000... ........ ........ ........ ........ */
@ -423,9 +426,12 @@ gldns_b32_ntop_base(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz,
switch (src_sz) {
case 1: dst[2] = '=';
dst[3] = '=';
/* fallthrough */
case 2: dst[4] = '=';
/* fallthrough */
case 3: dst[5] = '=';
dst[6] = '=';
/* fallthrough */
case 4: dst[7] = '=';
}
}
@ -537,15 +543,18 @@ gldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz,
/* ........ ........ ........ .55555.. ........ */
/* ........ ........ ....4444 4....... ........ */
dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3;
/* fallthrough */
case 5: /* ........ ........ ....4444 4....... ........ */
/* ........ .......3 3333.... ........ ........ */
dst[2] = buf[3] << 4 | buf[4] >> 1;
/* fallthrough */
case 4: /* ........ .......3 3333.... ........ ........ */
/* ........ ..22222. ........ ........ ........ */
/* .....111 11...... ........ ........ ........ */
dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4;
/* fallthrough */
case 2: /* .....111 11...... ........ ........ ........ */
/* 00000... ........ ........ ........ ........ */

8
src/gldns/str2wire.c
View File

@ -1190,6 +1190,10 @@ int gldns_str2wire_b64_buf(const char* str, uint8_t* rd, size_t* len)
{
size_t sz = gldns_b64_pton_calculate_size(strlen(str));
int n;
if(strcmp(str, "0") == 0) {
*len = 0;
return GLDNS_WIREPARSE_ERR_OK;
}
if(*len < sz)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
n = gldns_b64_pton(str, rd, *len);
@ -1223,6 +1227,10 @@ int gldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len)
s++;
continue;
}
if(dlen == 0 && *s == '0' && *(s+1) == 0) {
*len = 0;
return GLDNS_WIREPARSE_ERR_OK;
}
if(!isxdigit((unsigned char)*s))
return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str);
if(*len < dlen/2 + 1)

6
src/gldns/wire2str.c
View File

@ -1220,11 +1220,17 @@ static int gldns_wire2str_b64_scan_num(uint8_t** d, size_t* dl, char** s,
int gldns_wire2str_b64_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
{
if(*dl == 0) {
return gldns_str_print(s, sl, "0");
}
return gldns_wire2str_b64_scan_num(d, dl, s, sl, *dl);
}
int gldns_wire2str_hex_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
{
if(*dl == 0) {
return gldns_str_print(s, sl, "0");
}
return print_remainder_hex("", d, dl, s, sl);
}

14
src/util/lookup3.c
View File

@ -5,6 +5,7 @@
added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings.
added include of lookup3.h to check definitions match declarations.
removed include of stdint - config.h takes care of platform independence.
added fallthrough comments for new gcc warning suppression.
url http://burtleburtle.net/bob/hash/index.html.
*/
/*
@ -235,7 +236,9 @@ uint32_t initval) /* the previous hash, or an arbitrary value */
switch(length) /* all the case statements fall through */
{
case 3 : c+=k[2];
/* fallthrough */
case 2 : b+=k[1];
/* fallthrough */
case 1 : a+=k[0];
final(a,b,c);
case 0: /* case 0: nothing left to add */
@ -473,16 +476,27 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
switch(length) /* all the case statements fall through */
{
case 12: c+=((uint32_t)k[11])<<24;
/* fallthrough */
case 11: c+=((uint32_t)k[10])<<16;
/* fallthrough */
case 10: c+=((uint32_t)k[9])<<8;
/* fallthrough */
case 9 : c+=k[8];
/* fallthrough */
case 8 : b+=((uint32_t)k[7])<<24;
/* fallthrough */
case 7 : b+=((uint32_t)k[6])<<16;
/* fallthrough */
case 6 : b+=((uint32_t)k[5])<<8;
/* fallthrough */
case 5 : b+=k[4];
/* fallthrough */
case 4 : a+=((uint32_t)k[3])<<24;
/* fallthrough */
case 3 : a+=((uint32_t)k[2])<<16;
/* fallthrough */
case 2 : a+=((uint32_t)k[1])<<8;
/* fallthrough */
case 1 : a+=k[0];
break;
case 0 : return c;

45
src/util/val_secalgo.c
View File

@ -1320,6 +1320,9 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
#include "ecdsa.h"
#include "ecc-curve.h"
#endif
#ifdef HAVE_NETTLE_EDDSA_H
#include "eddsa.h"
#endif
static int
_digest_nettle(int algo, uint8_t* buf, size_t len,
@ -1477,6 +1480,10 @@ dnskey_algo_id_is_supported(int id)
case LDNS_ECDSAP384SHA384:
#endif
return 1;
#ifdef USE_ED25519
case LDNS_ED25519:
return 1;
#endif
case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */
case LDNS_ECC_GOST:
default:
@ -1718,6 +1725,30 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char*
}
#endif
#ifdef USE_ED25519
static char *
_verify_nettle_ed25519(sldns_buffer* buf, unsigned char* sigblock,
unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
{
int res = 0;
if(sigblock_len != ED25519_SIGNATURE_SIZE) {
return "wrong ED25519 signature length";
}
if(keylen != ED25519_KEY_SIZE) {
return "wrong ED25519 key length";
}
res = ed25519_sha512_verify((uint8_t*)key, sldns_buffer_limit(buf),
sldns_buffer_begin(buf), (uint8_t*)sigblock);
if (!res)
return "ED25519 signature verification failed";
else
return NULL;
}
#endif
/**
* Check a canonical sig+rrset and signature against a dnskey
* @param buf: buffer with data to verify, the first rrsig part and the
@ -1759,9 +1790,13 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
case LDNS_RSASHA1_NSEC3:
digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE);
#endif
/* double fallthrough annotation to please gcc parser */
/* fallthrough */
#ifdef USE_SHA2
/* fallthrough */
case LDNS_RSASHA256:
digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);
/* fallthrough */
case LDNS_RSASHA512:
digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE);
@ -1776,6 +1811,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
#ifdef USE_ECDSA
case LDNS_ECDSAP256SHA256:
digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE);
/* fallthrough */
case LDNS_ECDSAP384SHA384:
digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE);
*reason = _verify_nettle_ecdsa(buf, digest_size, sigblock,
@ -1784,6 +1820,15 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
return sec_status_bogus;
else
return sec_status_secure;
#endif
#ifdef USE_ED25519
case LDNS_ED25519:
*reason = _verify_nettle_ed25519(buf, sigblock, sigblock_len,
key, keylen);
if (*reason != NULL)
return sec_status_bogus;
else
return sec_status_secure;
#endif
case LDNS_RSAMD5:
case LDNS_ECC_GOST: