interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: interesting:develop
Branches Tags
interesting:develop
interesting:windows_build
interesting:master
interesting:philip-proxy-config
interesting:proxy-control
interesting:gnu_tls_alpn
interesting:use_dot_alpn
interesting:release/1.7.0
interesting:release/1.6.0
interesting:release/1.6.0-rc.1
interesting:feature/readme-polish
interesting:release/1.6.0-beta.1
interesting:help-grammar
interesting:hackathon/getdns_validate
interesting:release/1.5.2
interesting:devel/abstract-tls
interesting:release/1.5.1
interesting:release/1.5.0
interesting:bugfix/140-getentropy_failure
interesting:release/1.4.2
interesting:release/1.4.1
interesting:release/1.4.0
interesting:release/1.3.0
interesting:features/upstream_by_name
interesting:release/1.2.1
interesting:features/valchain_without_lookups
interesting:features/trailing_data
interesting:release/1.2.0
interesting:features/DNS64
interesting:features/NULL-name-requests
interesting:release/1.1.3
interesting:release/1.1.2
interesting:release/1.1.1
interesting:release/1.1.0
interesting:release/1.0.0
interesting:release/v1.1.0a2
interesting:release/v1.1.0a1
interesting:release/v1.0.0b2
interesting:release/v1.0.0b1
interesting:release/v0.9.0
interesting:release/v0.5.1
interesting:release/v0.5.0
interesting:release/v0.3.3
interesting:release/v0.3.2
interesting:release/v0.3.1
interesting:release/v0.3.0
interesting:release/v0.2.0
interesting:release/v0.1.9
interesting:release/v0.1.8
interesting:release/v0.1.7
interesting:release/v0.1.6
interesting:release/v0.1.5
interesting:release/v0.1.4
interesting:release/v0.1.3
interesting:release/v0.1.2
interesting:features/getdns_dane_example
interesting:features/getdns_dane_verify
interesting:release/v0.1.1
interesting:v1.7.3
interesting:v1.7.2
interesting:v1.7.1
interesting:v1.7.1-rc.1
interesting:v1.7.0_stubby_win_0.4.0.0
interesting:v1.7.0
interesting:v1.7.0-rc.1
interesting:v1.6.0
interesting:v1.6.0-rc.1
interesting:v1.6.0-beta.1
interesting:v1.5.2
interesting:v1.5.2_stubby_win_0.2.6.0
interesting:v1.5.2-rc1
interesting:v1.5.1_stubby_win_0.2.5.0
interesting:v1.5.1
interesting:v1.5.0
interesting:v1.5.0-rc1
interesting:v1.4.2
interesting:v1.4.2-rc1
interesting:v1.4.1
interesting:v1.4.1-rc1
interesting:v1.4.0
interesting:v1.4.0-rc1
interesting:v1.3.0
interesting:v1.2.2-rc1
interesting:v1.2.1
interesting:v1.2.1-rc1
interesting:v1.2.0
interesting:v1.1.3
interesting:v1.1.3-rc1
interesting:v1.1.2
interesting:v1.1.2-rc1
interesting:v1.1.1
interesting:v1.1.1rc1
interesting:v1.1.0
interesting:v1.1.0-rc2
interesting:v1.1.0-rc1
interesting:v1.0.0
interesting:list
interesting:v1.1.0-a2
interesting:v1.1.0a1
interesting:v1.0.0b2
interesting:v1.0.0b1
interesting:v0.9.0
interesting:v0.9.0rc1
interesting:v0.5.1
interesting:v0.5.1rc1
interesting:v0.5.0
interesting:v0.5.0rc1
interesting:v0.3.3
interesting:v0.3.2
interesting:v0.3.2rc1
interesting:v0.3.1
interesting:v0.3.0
interesting:v0.3.0rc1
interesting:v0.2.0
interesting:v0.2.0rc1
interesting:TNW2015
interesting:v0.1.8
interesting:v0.1.7
interesting:v0.1.7rc2
interesting:v0.1.7rc1
interesting:v0.1.6
interesting:v0.1.5
interesting:v0.1.4
interesting:v0.1.3
interesting:v0.1.2
interesting:v0.1.1
interesting:v0.1.0
..
compare: interesting:v1.4.1
Branches Tags
interesting:windows_build
interesting:develop
interesting:master
interesting:philip-proxy-config
interesting:proxy-control
interesting:gnu_tls_alpn
interesting:use_dot_alpn
interesting:release/1.7.0
interesting:release/1.6.0
interesting:release/1.6.0-rc.1
interesting:feature/readme-polish
interesting:release/1.6.0-beta.1
interesting:help-grammar
interesting:hackathon/getdns_validate
interesting:release/1.5.2
interesting:devel/abstract-tls
interesting:release/1.5.1
interesting:release/1.5.0
interesting:bugfix/140-getentropy_failure
interesting:release/1.4.2
interesting:release/1.4.1
interesting:release/1.4.0
interesting:release/1.3.0
interesting:features/upstream_by_name
interesting:release/1.2.1
interesting:features/valchain_without_lookups
interesting:features/trailing_data
interesting:release/1.2.0
interesting:features/DNS64
interesting:features/NULL-name-requests
interesting:release/1.1.3
interesting:release/1.1.2
interesting:release/1.1.1
interesting:release/1.1.0
interesting:release/1.0.0
interesting:release/v1.1.0a2
interesting:release/v1.1.0a1
interesting:release/v1.0.0b2
interesting:release/v1.0.0b1
interesting:release/v0.9.0
interesting:release/v0.5.1
interesting:release/v0.5.0
interesting:release/v0.3.3
interesting:release/v0.3.2
interesting:release/v0.3.1
interesting:release/v0.3.0
interesting:release/v0.2.0
interesting:release/v0.1.9
interesting:release/v0.1.8
interesting:release/v0.1.7
interesting:release/v0.1.6
interesting:release/v0.1.5
interesting:release/v0.1.4
interesting:release/v0.1.3
interesting:release/v0.1.2
interesting:features/getdns_dane_example
interesting:features/getdns_dane_verify
interesting:release/v0.1.1
interesting:v1.7.3
interesting:v1.7.2
interesting:v1.7.1
interesting:v1.7.1-rc.1
interesting:v1.7.0_stubby_win_0.4.0.0
interesting:v1.7.0
interesting:v1.7.0-rc.1
interesting:v1.6.0
interesting:v1.6.0-rc.1
interesting:v1.6.0-beta.1
interesting:v1.5.2
interesting:v1.5.2_stubby_win_0.2.6.0
interesting:v1.5.2-rc1
interesting:v1.5.1_stubby_win_0.2.5.0
interesting:v1.5.1
interesting:v1.5.0
interesting:v1.5.0-rc1
interesting:v1.4.2
interesting:v1.4.2-rc1
interesting:v1.4.1
interesting:v1.4.1-rc1
interesting:v1.4.0
interesting:v1.4.0-rc1
interesting:v1.3.0
interesting:v1.2.2-rc1
interesting:v1.2.1
interesting:v1.2.1-rc1
interesting:v1.2.0
interesting:v1.1.3
interesting:v1.1.3-rc1
interesting:v1.1.2
interesting:v1.1.2-rc1
interesting:v1.1.1
interesting:v1.1.1rc1
interesting:v1.1.0
interesting:v1.1.0-rc2
interesting:v1.1.0-rc1
interesting:v1.0.0
interesting:list
interesting:v1.1.0-a2
interesting:v1.1.0a1
interesting:v1.0.0b2
interesting:v1.0.0b1
interesting:v0.9.0
interesting:v0.9.0rc1
interesting:v0.5.1
interesting:v0.5.1rc1
interesting:v0.5.0
interesting:v0.5.0rc1
interesting:v0.3.3
interesting:v0.3.2
interesting:v0.3.2rc1
interesting:v0.3.1
interesting:v0.3.0
interesting:v0.3.0rc1
interesting:v0.2.0
interesting:v0.2.0rc1
interesting:TNW2015
interesting:v0.1.8
interesting:v0.1.7
interesting:v0.1.7rc2
interesting:v0.1.7rc1
interesting:v0.1.6
interesting:v0.1.5
interesting:v0.1.4
interesting:v0.1.3
interesting:v0.1.2
interesting:v0.1.1
interesting:v0.1.0

No commits in common. "develop" and "v1.4.1" have entirely different histories.
develop ... v1.4.1

242 changed files with 9404 additions and 13433 deletions
Show Stats Expand all files Collapse all files

18
.gitattributes vendored
View File

@ -1,18 +0,0 @@
/.dir-locals.el export-ignore
/.gitattributes export-ignore
/.gitignore export-ignore
/.gitmodules export-ignore
/.indent.pro export-ignore
/.travis.yml export-ignore
/getdns.pmdoc export-ignore
/gldns/compare.sh export-ignore
/gldns/import.sh export-ignore
/project-doc export-ignore
/src/test/tpkg export-ignore
/src/test/README export-ignore
/src/tools/Dockerfile export-ignore
/src/tools/README.adoc export-ignore
/src/util/import.sh export-ignore
/src/mk-const-info.c.sh export-ignore
/src/mk-symfiles.sh export-ignore
/README export-ignore

2
.gitignore vendored
View File

@ -1,7 +1,5 @@
*~
.DS_Store
build*/
tests*/
getdns*.tar.gz
*.o
*.so

7
.travis.yml
View File

@ -1,5 +1,4 @@
sudo: false
dist: bionic
language: c
compiler:
- gcc
@ -7,9 +6,8 @@ compiler:
addons:
apt:
packages:
- libssl-dev
- libunbound-dev
- libidn2-0-dev
- libidn11-dev
- libyaml-dev
- check
- libevent-dev
@ -19,9 +17,8 @@ addons:
- clang
- wget
- openssh-client
- libgnutls28-dev
script:
- mkdir tests
- cd tests
- ../src/test/tpkg/run-all.sh
# - ../src/test/tpkg/run-one.sh 290-transports.tpkg -V
# - ../src/test/tpkg/run-one.sh 225-stub-only-valgrind-checks

1180
CMakeLists.txt
View File

File diff suppressed because it is too large Load Diff

164
ChangeLog
View File

@ -1,167 +1,3 @@
* 2023-??-??: Version 1.7.4
* Issue #536: Broken trust anchor files are silently ignored
Thanks Stéphane Bortzmeyer
* 2022-12-22: Version 1.7.3
* PR #532: Increase CMake required version 3.5 -> 3.20, because we
need cmake_path for Absolute paths in pkg-config (See Issue #517)
Thanks Gabriel Ganne
* Updated to Stubby 0.4.3 quickfix release
* 2022-08-19: Version 1.7.2
* Updated to Stubby 0.4.2 quickfix release
* 2022-08-19: Version 1.7.1
* Always send the `dot` ALPN when using DoT
* Strengthen version determination for Libidn2 during cmake processing
(thanks jpbion).
* Fix for issue in UDP stream selection in case of timeouts.
Thanks Shikha Sharma
* Fix using asterisk in ipstr for any address. Thanks uzlonewolf.
* Issue stubby#295: rdata not correctly written for validation for
certain RR type. Also, set default built type to RelWithDebInfo and
expose CFLAGS via GETDNS_BUILD_CFLAGS define and via
getdns_context_get_api_information()
* Issue #524: Bug fixes from submodules' upstream?
Thanks Johnnyslee
* Issue #517: Allow Absolute path CMAKE_INSTALL_{INCLUDE,LIB}DIR in
pkg-config files. Thanks Alex Shpilkin
* Issue #512: Update README.md to show correct PGP key location.
Thanks Katze Prior.
* 2021-06-04: Version 1.7.0
* Make TLS Handshake timeout max 4/5th of timeout for the query,
just like connection setup timeout was, so fallback transport
have a chance too when TCP connection setup is less well
detectable (as with TCP_FASTOPEN on MacOS).
* Issue #466: Memory leak with retrying queries (for examples
with search paths). Thanks doublez13.
* Issue #480: Handling of strptime when Cross compiling with CMake.
A new option to FORCE_COMPAT_STRPTIME (default disabled) will
(when disabled) make cmake assume the target platform has a POSIX
compatible strptime when cross-compiling.
* Setting of the number of milliseconds send data may remain
unacknowledged by the peer in a TCP connection (when supported
by the OS) with getdns_context_set_tcp_send_timeout()
Thanks maciejsszmigiero.
* Issue #497: Fix typo in CMAKE included files, so Stubby can use
TLS v1.3 with chipersuites options ON. Thanks har-riz.
* Basic name compression on server replied messages. Thanks amialkow!
This alleviates (but might not completely resolve) issues #495 and
#320 .
* Eventloop extensions back to the old names libgetdns_ext_event,
libgetdns_ext_ev and libgetdns_ext_uv.
* Compilation warning fixes. Thanks Andreas!
* 2020-02-28: Version 1.6.0
* Issues #457, #458, #461: New symbols with libnettle >= 3.4.
Thanks hanvinke & kometchtech for testing & reporting.
* Issue #432: answer_ipv4_address and answer_ipv6_address in reply
and response dicts.
* Issue #430: Record and guard UDP max payload size with servers.
* Issue #407: Run only offline-tests option with:
src/test/tpkg/run-offline-only.sh (only with git checkouts).
* Issue #175: Include the packet the stub resolver sent to the
upstream the call_reporting dict. Thanks Tom Pusateri
* Issue #169: Build eventloop support libraries if event libraries
are available. Thanks Tom Pusateri
* 2019-12-20: Version 1.6.0-beta.1
* Migration of build system to cmake. Build now works on Ubuntu,
Windows 10 and macOS.
Some notes on minor differences in the new cmake build:
* OpenSSL 1.0.2 or higher is now required
* libunbound 1.5.9 is now required
* Only libidn2 2.0.0 and later is supported (not libidn)
* Windows uses ENABLE_STUB_ONLY=ON as the default
* Unit and regression tests work on Linux/macOS
(but not Windows yet)
* 2019-04-03: Version 1.5.2
* PR #424: Two small trust anchor fetcher fixes
Thanks Maciej S. Szmigiero
* Issue #422: Enable server side and update client side TCP Fast
Open implementation. Thanks Craig Andrews
* Issue #423: Fix insecure delegation detection while scheduling.
Thanks Charles Milette
* Issue #419: Escape backslashed when printing in JSON format.
Thanks boB Rudis
* Use GnuTLS instead of OpenSSL for TLS with the --with-gnutls
option to configure. libcrypto (from OpenSSL) still needed
for Zero configuration DNSSEC.
* DOA rr-type
* AMTRELAY rr-type
* 2019-01-11: Version 1.5.1
* Introduce proof of concept GnuTLS implementation. Incomplete support
for Trust Anchor validation. Requires GnuTLS DANE library. Currently
untested with GnuTLS prior to 3.5.19, so configure demands a minumum
version of 3.5.0.
* Be consistent and always fail connection setup if setting ciphers/curves/
TLS version/cipher suites fails.
* Refactor OpenSSL usage into modules under src/openssl.
Drop support for LibreSSL and versions of OpenSSL prior to 1.0.2.
* PR #414: remove TLS13 ciphers from cipher_list, but
only when SSL_CTX_set_ciphersuites is available.
Thanks Bruno Pagani
* Issue #415: Filter out #defines etc. when creating
symbols file. Thanks Zero King
* 2018-12-21: Version 1.5.0
* RFE getdnsapi/stubby#121 log re-instantiating TLS
upstreams (because they reached tls_backoff_time) at
log level 4 (WARNING)
* GETDNS_RESPSTATUS_NO_NAME for NODATA answers too
* ZONEMD rr-type
* getdns_query queries for addresses when a query name
without a type is given.
* RFE #408: Fetching of trust anchors will be retried
after failure, after a certain backoff time. The time
can be configured with
getdns_context_set_trust_anchors_backoff_time().
* RFE #408: A "dnssec" extension that requires DNSSEC
verification. When this extension is set, Indeterminate
DNSSEC status will not be returned.
* Issue #410: Unspecified ownership of get_api_information()
* Fix for DNSSEC bug in finding most specific key when
trust anchor proves non-existance of one of the labels
along the authentication chain other than the non-
existance of a DS record on a zonecut.
* Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130:
Configurable minimum and maximum TLS versions with
getdns_context_set_tls_min_version() and
getdns_context_set_tls_max_version() functions and
tls_min_version and tls_max_version configuration parameters
for upstreams.
* Configurable TLS1.3 ciphersuites with the
getdns_context_set_tls_ciphersuites() function and
tls_ciphersuites config parameter for upstreams.
* Bugfix in upstream string configurations: tls_cipher_list and
tls_curve_list
* Bugfix finding signer for validating NSEC and NSEC3s, which
caused trouble with the partly tracing DNSSEC from the root
up, introduced in 1.4.2. Thanks Philip Homburg
* 2018-05-11: Version 1.4.2
* Bugfix getdnsapi/stubby#87: Detect and ignore duplicate certs
in the Windows root CA store.
* PR #397: No TCP sendto without TCP_FASTOPEN
Thanks Emery Hemingway
* Bugfix getdnsapi/stubby#106: Core dump when printing certain
configuration. Thanks Han Vinke
* Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root
up (for tld and sld), to find insecure delegations quicker.
Thanks UniverseXXX
* Bugfix: Allow NSEC spans starting from (unexpanded) wildcards
Bug was introduced when dealing with CVE-2017-15105
* Bugfix getdnsapi/stubby#46: Don't assume trailing zero with
string bindata's. Thanks Lonnie Abelbeck
* Bugfix #394: Update src/compat/getentropy_linux.c in order to
handle ENOSYS (not implemented) fallback.
Thanks Brent Blood
* Bugfix #395: Clarify that libidn2 dependency is for version 2.0.0
or higher. Thanks mire3212
* 2018-03-12: Version 1.4.1
* Bugfix #388: Prevent fallback to an earlier tries upstream within a
single query. Thanks Robert Groenenberg

0
project-doc/CodingStyle → CodingStyle
View File

401
INSTALL Normal file
View File

@ -0,0 +1,401 @@
Installation Instructions
*************************
Copyright (C) 1994-1996, 1999-2002, 2004-2012 Free Software Foundation,
Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without warranty of any kind.
(Options specific to getdns are listed at the end of this document.)
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root
privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location.
This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required
root privileges, verifies that the installation completed
correctly.
6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
7. Often, you can also type `make uninstall' to remove the installed
files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the
GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make
distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly.
This target is generally not run by end users.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'. This
is known as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CPP="gcc -E" CXXCPP="g++ -E"
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an
absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the
default for these options is expressed in terms of `${prefix}', so that
specifying just `--prefix' will affect all of the other directory
specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without
having to reconfigure or recompile.
The first method involves providing an override variable for each
affected directory. For example, `make install
prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure',
but not in terms of `${prefix}', must each be overridden at install
time for the entire installation to be relocated. The approach of
makefile variable overrides for each directory variable is required by
the GNU Coding Standards, and ideally causes no recompilation.
However, some platforms have known limitations with the semantics of
shared libraries that end up requiring recompilation when using this
method, particularly noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}'
at `configure' time.
Optional Features
=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure
--enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure
--disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'.
Particular systems
==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
HP-UX `make' updates targets which have the same time stamps as
their prerequisites, which makes it generally unusable when shipped
generated files such as `configure' are involved. Use GNU `make'
instead.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
to try
./configure CC="cc"
and if that doesn't work, try
./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common',
not `/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
On Mac OSX getdns will not build against the version of OpenSSL shipped with
OSX. If you link against a self-complied version of OpenSSL then manual
configuration of certificates into the default OpenSSL directory
/usr/local/etc/openssl/certs is currently required for TLS authentication to work.
However if linking against the version of OpenSSL installed via Homebrew TLS
authentication will work out of the box.
Specifying the System Type
==========================
There may be some features `configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS
KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf limitation. Until the limitation is lifted, you can use
this workaround:
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of all of the options to `configure', and exit.
`--help=short'
`--help=recursive'
Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used
only in the top level, while the `recursive' variant lists options
also present in any nested packages.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
`--no-create'
`-n'
Run the configure checks, but stop before creating any output
files.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
getdns-specific Options
=======================
`--with-libidn=pathname'
path to libidn (default: search /usr/local ..)
`--with-libunbound=pathname'
path to libunbound (default: search /usr/local ..)
`--with-libevent'
path to libevent (default: search /usr/local ..)
`--with-libuv'
path to libuv (default: search /usr/local ..)
`--with-libev'
path to libev (default: search /usr/local ..)
`--with-trust-anchor=KEYFILE'
Default location of the trust anchor file.
[default=SYSCONFDIR/unbound/getdns-root.key]

312
Makefile.in Normal file
View File

@ -0,0 +1,312 @@
#
# @configure_input@
#
#
# Copyright (c) 2013, Verisign, Inc., NLnet Labs
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the names of the copyright holders nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package = @PACKAGE_NAME@
version = @PACKAGE_VERSION@@RELEASE_CANDIDATE@
tarname = @PACKAGE_TARNAME@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
distdir = $(tarname)-$(version)
bintar = $(distdir)-bin.tar.gz
prefix = @prefix@
datarootdir=@datarootdir@
exec_prefix = @exec_prefix@
bindir = @bindir@
docdir = @docdir@
libdir = @libdir@
srcdir = @srcdir@
INSTALL = @INSTALL@
all : default @GETDNS_QUERY@ @GETDNS_SERVER_MON@
everything: default
cd src/test && $(MAKE)
default:
cd src && $(MAKE) $@
install-lib:
cd src && $(MAKE) install
install: getdns.pc getdns_ext_event.pc install-lib @INSTALL_GETDNS_QUERY@ @INSTALL_GETDNS_SERVER_MON@
$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/COPYING $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/INSTALL $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/LICENSE $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/NEWS $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/README.md $(DESTDIR)$(docdir)
$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)/pkgconfig
$(INSTALL) -m 644 getdns.pc $(DESTDIR)$(libdir)/pkgconfig
$(INSTALL) -m 644 getdns_ext_event.pc $(DESTDIR)$(libdir)/pkgconfig
$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)/spec
$(INSTALL) -m 644 $(srcdir)/spec/index.html $(DESTDIR)$(docdir)/spec
cd doc && $(MAKE) install
@echo "***"
@echo "*** !!! IMPORTANT !!!!"
@echo "***"
@echo "*** From release 1.2.0, getdns comes with built-in DNSSEC"
@echo "*** trust anchor management. External trust anchor management,"
@echo "*** for example with unbound-anchor, is no longer necessary"
@echo "*** and no longer recommended."
@echo "***"
@echo "*** Previously installed trust anchors, in the default location -"
@echo "***"
@echo "*** @TRUST_ANCHOR_FILE@"
@echo "***"
@echo "*** - will be preferred and used for DNSSEC validation, however"
@echo "*** getdns will fallback to trust-anchors obtained via built-in"
@echo "*** trust anchor management when the anchors from the default"
@echo "*** location fail to validate the root DNSKEY rrset."
@echo "***"
@echo "*** To prevent expired DNSSEC trust anchors to be used for"
@echo "*** validation, we strongly recommend removing the trust anchors"
@echo "*** on the default location when there is no active external"
@echo "*** trust anchor management keeping it up-to-date."
@echo "***"
uninstall: @UNINSTALL_GETDNS_QUERY@ @UNINSTALL_GETDNS_SERVER_MON@
rm -rf $(DESTDIR)$(docdir)
cd doc && $(MAKE) $@
cd src && $(MAKE) $@
doc: FORCE
cd doc && $(MAKE) $@
example:
cd spec/example && $(MAKE) $@
test: default
cd src/test && $(MAKE) $@
getdns_query: default
cd src/tools && $(MAKE) $@
getdns_server_mon: default
cd src/tools && $(MAKE) $@
stubby:
cd src && $(MAKE) $@
scratchpad: default
cd src/test && $(MAKE) $@
pad: scratchpad
src/test/scratchpad || ./libtool exec gdb src/test/scratchpad
install-getdns_query: install-lib
cd src/tools && $(MAKE) $@
uninstall-getdns_query:
cd src/tools && $(MAKE) $@
install-getdns_server_mon: install-lib @INSTALL_GETDNS_QUERY@
cd src/tools && $(MAKE) $@
uninstall-getdns_server_mon:
cd src/tools && $(MAKE) $@
install-stubby:
cd src && $(MAKE) $@
uninstall-stubby:
cd src && $(MAKE) $@
clean:
cd src && $(MAKE) $@
cd doc && $(MAKE) $@
cd spec/example && $(MAKE) $@
rm -f *.o *.pc
depend:
cd src && $(MAKE) $@
cd spec/example && $(MAKE) $@
distclean:
cd src && $(MAKE) $@
rmdir src 2>/dev/null || true
cd doc && $(MAKE) $@
rmdir doc 2>/dev/null || true
cd spec/example && $(MAKE) $@
rmdir spec/example 2>/dev/null || true
rmdir spec 2>/dev/null || true
rm -f config.log config.status Makefile libtool getdns.pc getdns_ext_event.pc
rm -fR autom4te.cache
rm -f m4/libtool.m4
rm -f m4/lt~obsolete.m4
rm -f m4/ltoptions.m4
rm -f m4/ltsugar.m4
rm -f m4/ltversion.m4
rm -f $(distdir).tar.gz $(distdir).tar.gz.sha256
rm -f $(distdir).tar.gz.md5 $(distdir).tar.gz.asc
megaclean:
cd $(srcdir) && rm -fr * .dir-locals.el .gitignore .indent.pro .travis.yml && git reset --hard && git submodule update --init
autoclean: megaclean
libtoolize -ci
autoreconf -fi
dist: $(distdir).tar.gz
pub: $(distdir).tar.gz.sha256 $(distdir).tar.gz.md5 $(distdir).tar.gz.asc
$(distdir).tar.gz.sha256: $(distdir).tar.gz
openssl sha256 $(distdir).tar.gz >$@
$(distdir).tar.gz.md5: $(distdir).tar.gz
openssl md5 $(distdir).tar.gz >$@
$(distdir).tar.gz.asc: $(distdir).tar.gz
gpg --armor --detach-sig $(distdir).tar.gz
bindist: $(bintar)
$(bintar): $(distdir)
chown -R 0:0 $(distdir) 2>/dev/null || true
cd $(distdir); ./configure; make
tar chof - $(distdir) | gzip -9 -c > $@
rm -rf $(distdir)
$(distdir).tar.gz: $(distdir)
chown -R 0:0 $(distdir) 2>/dev/null || true
tar chof - $(distdir) | gzip -9 -c > $@
rm -rf $(distdir)
$(distdir):
mkdir -p $(distdir)/m4
mkdir -p $(distdir)/src
mkdir -p $(distdir)/src/getdns
mkdir -p $(distdir)/src/test
mkdir -p $(distdir)/src/extension
mkdir -p $(distdir)/src/compat
mkdir -p $(distdir)/src/util
mkdir -p $(distdir)/src/gldns
mkdir -p $(distdir)/src/tools
mkdir -p $(distdir)/src/jsmn
mkdir -p $(distdir)/src/yxml
mkdir -p $(distdir)/src/ssl_dane
mkdir -p $(distdir)/doc
mkdir -p $(distdir)/spec
mkdir -p $(distdir)/spec/example
mkdir -p $(distdir)/stubby
mkdir -p $(distdir)/stubby/src
mkdir -p $(distdir)/stubby/src/yaml
mkdir -p $(distdir)/stubby/doc
cp $(srcdir)/configure.ac $(distdir)
cp $(srcdir)/configure $(distdir)
cp $(srcdir)/AUTHORS $(distdir)
cp $(srcdir)/ChangeLog $(distdir)
cp $(srcdir)/COPYING $(distdir)
cp $(srcdir)/INSTALL $(distdir)
cp $(srcdir)/LICENSE $(distdir)
cp $(srcdir)/NEWS $(distdir)
cp $(srcdir)/README.md $(distdir)
cp $(srcdir)/Makefile.in $(distdir)
cp $(srcdir)/install-sh $(distdir)
cp $(srcdir)/config.sub $(distdir)
cp $(srcdir)/config.guess $(distdir)
cp $(srcdir)/getdns.pc.in $(distdir)
cp $(srcdir)/getdns_ext_event.pc.in $(distdir)
cp libtool $(distdir)
cp $(srcdir)/ltmain.sh $(distdir)
cp $(srcdir)/m4/*.m4 $(distdir)/m4
cp $(srcdir)/src/*.in $(distdir)/src
cp $(srcdir)/src/*.[ch] $(distdir)/src
cp $(srcdir)/src/*.symbols $(distdir)/src
cp $(srcdir)/src/extension/*.[ch] $(distdir)/src/extension
cp $(srcdir)/src/extension/*.symbols $(distdir)/src/extension
cp $(srcdir)/src/getdns/*.in $(distdir)/src/getdns
cp $(srcdir)/src/getdns/getdns_*.h $(distdir)/src/getdns
cp $(srcdir)/src/test/Makefile.in $(distdir)/src/test
cp $(srcdir)/src/test/*.[ch] $(distdir)/src/test
cp $(srcdir)/src/test/*.sh $(distdir)/src/test
cp $(srcdir)/src/test/*.good $(distdir)/src/test
cp $(srcdir)/src/compat/*.[ch] $(distdir)/src/compat
cp $(srcdir)/src/util/*.[ch] $(distdir)/src/util
cp -r $(srcdir)/src/util/orig-headers $(distdir)/src/util
cp -r $(srcdir)/src/util/auxiliary $(distdir)/src/util
cp $(srcdir)/src/gldns/*.[ch] $(distdir)/src/gldns
cp $(srcdir)/doc/Makefile.in $(distdir)/doc
cp $(srcdir)/doc/*.in $(distdir)/doc
cp $(srcdir)/doc/manpgaltnames $(distdir)/doc
cp $(srcdir)/spec/*.html $(distdir)/spec
cp $(srcdir)/spec/example/Makefile.in $(distdir)/spec/example
cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example
cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools
cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools
cp $(srcdir)/stubby/stubby.yml.example $(distdir)/stubby
cp $(srcdir)/stubby/macos/stubby-setdns-macos.sh $(distdir)/stubby
cp $(srcdir)/stubby/src/*.[ch] $(distdir)/stubby/src
cp $(srcdir)/stubby/src/yaml/*.[ch] $(distdir)/stubby/src/yaml
cp $(srcdir)/stubby/COPYING $(distdir)/stubby
cp $(srcdir)/stubby/README.md $(distdir)/stubby
cp $(srcdir)/stubby/doc/stubby.1.in $(distdir)/stubby/doc
cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn
cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn
cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn
cp $(srcdir)/src/yxml/*.[ch] $(distdir)/src/yxml
cp $(srcdir)/src/yxml/COPYING $(distdir)/src/yxml
cp $(srcdir)/src/yxml/yxml.pod $(distdir)/src/yxml
cp $(srcdir)/src/ssl_dane/danessl.[ch] $(distdir)/src/ssl_dane
cp $(srcdir)/src/ssl_dane/README.md $(distdir)/src/ssl_dane
rm -f $(distdir)/Makefile $(distdir)/src/Makefile $(distdir)/src/getdns/getdns.h $(distdir)/spec/example/Makefile $(distdir)/src/test/Makefile $(distdir)/doc/Makefile $(distdir)/src/config.h
distcheck: $(distdir).tar.gz
gzip -cd $(distdir).tar.gz | tar xvf -
cd $(distdir) && ./configure
cd $(distdir) && $(MAKE) all
cd $(distdir) && $(MAKE) check
cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst install
cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst uninstall
@remaining="`find $${PWD}/$(distdir)/_inst -type f | wc -l`"; \
if test "$${remaining}" -ne 0; then
echo "@@@ $${remaining} file(s) remaining in stage directory!"; \
exit 1; \
fi
cd $(distdir) && $(MAKE) clean
rm -rf $(distdir)
@echo "*** Package $(distdir).tar.gz is ready for distribution"
getdns.pc: $(srcdir)/getdns.pc.in
./config.status $@
getdns_ext_event.pc: $(srcdir)/getdns_ext_event.pc.in
./config.status $@
Makefile: $(srcdir)/Makefile.in config.status
./config.status $@
configure.status: configure
./config.status --recheck
.PHONY: all distclean clean default doc test
FORCE:

211
README.md
View File

@ -37,10 +37,10 @@ Obtaining and getting started with getdns
=========================================
The project home page at [getdnsapi.net](https://getdnsapi.net) provides documentation, binary downloads, and news regarding the getdns API implementation. This README file captures the goals and direction of the project and the current state of the implementation.
If you are just getting started with the library take a look at the section below that describes building and handling external dependencies for the library.
If you are just getting started with the library take a look at the section below that describes building and handling external dependencies for the library.
### Examples
Once it is built you should take a look at `spec/example` to see how the library is used.
Once it is built you should take a look at src/examples to see how the library is used.
# Download
@ -48,9 +48,9 @@ Once it is built you should take a look at `spec/example` to see how the library
Download the sources from our [github repo](https://github.com/getdnsapi/getdns)
or from [getdnsapi.net](https://getdnsapi.net) and verify the download using
the checksums (SHA1 or MD5) or using gpg to verify the signature. Our keys are
available from the [openpgp keyserver](https://keys.openpgp.org/)
available from the [pgp keyservers](https://keyserver.pgp.com)
* `willem@nlnetlabs.nl`, key id E5F8F8212F77A498
* willem@nlnetlabs.nl, key id E5F8F8212F77A498
# Releases
@ -59,96 +59,68 @@ approach. The code is currently under active development.
The following requirements were met as conditions for the present release:
* code compiles cleanly on at least the primary target platforms: OSX, Linux (RHEL/CentOS, Ubuntu), FreeBSD
* code compiles cleanly on at least the primary target platforms: OSX, RHEL/CentOS Linux, FreeBSD
* examples must compile and run cleanly
* there must be clear documentation of supported and unsupported elements of the API
# External Dependencies
# Building and External Dependencies
If you are installing from packages, you have to install the library and also the library-devel (or -dev) for your package management system to get the the necessary compile time files.
If you are installing from packages, you have to install the library and also the library-devel (or -dev) for your package management system to get the the necessary compile time files.
External dependencies are linked outside the getdns API build tree (we rely on CMake to find them). We would like to keep the dependency tree short, see [Minimising Dependancies](#minimizing-dependancies) for more details.
External dependencies are linked outside the getdns API build tree (we rely on configure to find them). We would like to keep the dependency tree short. Please refer to section for building on Windows for separate dependency and build instructions for that platform.
Required for all builds:
* [libunbound from NLnet Labs](https://unbound.net/) version 1.4.16 or later.
* [libidn from the FSF](https://www.gnu.org/software/libidn/) version 1 or 2. (Note that the libidn version means the conversions between A-labels and U-labels may permit conversion of formally invalid labels under IDNA2008.)
* [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2 or later is required for TLS hostname authentication)
* Doxygen is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant.
* [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 1.0.2 or later. Using OpenSSL 1.1 is recommended due to TSL 1.3 support.
For example, to build on a recent version of Ubuntu, you would need the following packages:
Required for all builds that include recursive functionality:
* [libunbound from NLnet Labs](https://unbound.net/) version 1.5.9 or later. (Note: linking to libunbound is not yet supported on Windows, see [Windows 10](#microsoft-windows-10))
Required for all builds that include IDN functionality:
* [libidn2 from the FSF](https://www.gnu.org/software/libidn/) version 2.0.0 and higher.
Required to build the documentation:
* [Doxygen](http://www.doxygen.nl) is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant.
For example, to build on Ubuntu 18.04 or later, you would need the following packages for a full build:
# apt install build-essential libunbound-dev libidn2-dev libssl-dev cmake
# Building
# apt install build-essential libunbound-dev libidn2-dev libssl-dev libtool m4 autoconf
If you are building from git, you need to do the following before building:
# git submodule update --init
From release 1.6.0 getdns uses CMake (previous versions used autoconf/libtool). To build from this release and later use:
# libtoolize -ci # (use glibtoolize for OS X, libtool is installed as glibtool to avoid name conflict on OS X)
# autoreconf -fi
# cmake .
# make
If you are unfamiliar with CMake, see our [CMake Quick Start](https://getdnsapi.net/quick-start/cmake-quick-start/) for how to use CMake options to customise the getdns build.
As well as building the getdns library three other tools may be installed:
As well as building the getdns library two other tools are installed by default:
* getdns_query: a command line test script wrapper for getdns. This can be used to quickly check the functionality of the library, see (#using-getdnsquery)
* getdns_query: a command line test script wrapper for getdns
* stubby: an experimental DNS Privacy enabled client
* getdns_server_mon: test DNS server function and capabilities
Additionally `Stubby` a DNS Privacy enabled client can also be built and installed by using the `BUILD_STUBBY` option when running `cmake`, see [Stubby](#stubby).
Note: If you only want to build stubby, then use the `--with-stubby` option when running 'configure'.
## Minimizing dependencies
* getdns can be configured for stub resolution mode only with the `ENABLE_STUB_ONLY` option to `cmake`. This removes the dependency on `libunbound`.
* Currently getdns only offers two helper functions to deal with IDN: `getdns_convert_ulabel_to_alabel` and `getdns_convert_alabel_to_ulabel`. If you do not need these functions, getdns can be configured to compile without them by setting the`USE_LIBIDN2` option to `cmake` to OFF.
* When `ENABLE_STUB_ONLY` is ON, and `USE_LIBIDN2` is OFF, getdns has only one dependency left, which is OpenSSL.
* getdns can be configured for stub resolution mode only with the `--enable-stub-only` option to configure. This removes the dependency on `libunbound`.
* Currently getdns only offers two helper functions to deal with IDN: `getdns_convert_ulabel_to_alabel` and `getdns_convert_alabel_to_ulabel`. If you do not need these functions, getdns can be configured to compile without them with the `--without-libidn` and `--without-libidn2` options to configure.
* When `--enable-stub-only`, `--without-libidn` and `--without-libidn2` options are used, getdns has only one dependency left, which is OpenSSL.
## Extensions and Event loop dependencies
The implementation works with a variety of event loops, each built as a separate shared library. See [this Doxygen page](https://getdnsapi.net/doxygen/group__eventloops.html) and [this man page](https://getdnsapi.net/documentation/manpages/#ASYNCHRONOUS USE) for more details.
* [libevent](http://libevent.org). Note: the examples *require* this. libevent 2.x is required.
* [libuv](https://libuv.org/)
* [libevent](http://libevent.org). Note: the examples *require* this and should work with either libevent 1.x or 2.x. 2.x is preferred.
* [libuv](https://github.com/joyent/libuv)
* [libev](http://software.schmorp.de/pkg/libev.html)
## Using getdns_query
Example test queries using `getdns_query` (pointed at Google Public DNS) and requesting the `call_reporting` extension which provides information on the transport and query time:
getdns_query -s example.com A @8.8.8.8 +return_call_reporting (UDP)
getdns_query -s example.com A @8.8.8.8 -T +return_call_reporting (TCP)
getdns_query -s example.com A @8.8.8.8 -L +return_call_reporting (TLS without authentication)
getdns_query -s getdnsapi.net A +dnssec_return_status +return_call_reporting (DNSSEC)
## Stubby
* Stubby is an implementation of a DNS Privacy enabled stub resolver that encrypts DNS queries using TLS. It is currently suitable for advanced/technical users - all feedback is welcome!
* Stubby is an experimental implementation of a DNS Privacy enabled stub resolver than encrypts DNS queries using TLS. It is currently suitable for advanced/technical users - all feedback is welcome!
* Details on how to use Stubby can be found in the [Stubby Reference Guide](https://dnsprivacy.org/wiki/x/JYAT).
* Also see [dnsprivacy.org](https://dnsprivacy.org) for more information on DNS Privacy.
## Experimental support for GnuTLS
A project to allow user selection of either OpenSSL or GnuTLS is currently a work in progress. At present a user may select to use GnuTLS for the majority of the supported functionality, however, OpenSSL is still required for some cryptographic functions.
## Regression Tests
A suite of regression tests are included with the library, if you make changes or just
want to sanity check things on your system take a look at src/test. You will need
to install [libcheck](https://libcheck.github.io/check/). The check library is also available from many of the package repositories for the more popular operating systems.
Note: The tests currently do not run on Windows because of a dependancy on bash.
## DNSSEC dependencies
@ -158,13 +130,13 @@ The library will try to load the root trust anchor from
or more `DS` or `DNSKEY` resource records in presentation (i.e. zone file)
format. Note that this is different than the format of BIND.keys.
## Zero configuration DNSSEC
##$ Zero configuration DNSSEC
When the root trust anchor is not installed in the default location and a DNSSEC query is done, getdns will try to use the trust anchors published here: http://data.iana.org/root-anchors/root-anchors.xml .
It will validate these anchors with the ICANN Certificate Authority certificate following the procedure described in [RFC7958].
The `root-anchors.xml` and `root-anchors.p7s` S/MIME signature will be cached in the `$HOME/.getdns` directory on Unixes, and the `%appdata%\getdns` directory on Windows.
The `root-anchors.xml` and `root-anchors.p7s` S/MIME signature will be cached in the `$HOME/.getdns` directory.
When using trust-anchors from the `root-anchors.xml` file, getdns will track the keys in the root DNSKEY rrset and store a copy in `$HOME/.getdns/root.key` on Unixes, and `%appdata%\getdns\root.key` on Windows.
When using trust-anchors from the `root-anchors.xml` file, getdns will track the keys in the root DNSKEY rrset and store a copy in $HOME/.getdns/root.key.
Only when the KSK DNSKEY's change, a new version of `root-anchors.xml` is tried to be retrieved from [data.iana.org](https://data.iana.org/root-anchors/).
A installed trust-anchor from the default location (`/etc/unbound/getdns-root.key`) that fails to validate the root DNSKEY RRset, will also trigger the "Zero configuration DNSSEC" procedure described above.
@ -174,7 +146,9 @@ Support
## Mailing lists
We have a [getdns users list](https://lists.getdnsapi.net/mailman/listinfo/users) for this implementation.
We have a [getdns users list](https://getdnsapi.net/mailman/listinfo/users) for this implementation.
The [getdns-api mailing list](https://getdnsapi.net/mailman/listinfo/spec) is a good place to engage in discussions regarding the design of the API.
## Tickets and Bug Reports
@ -188,8 +162,8 @@ Features of this release
The goals of this implementation of the getdns API are:
* Provide an open source implementation, in C, of the formally described getdns API by getdns API team at <https://getdnsapi.net/spec.html>
* Support FreeBSD, OSX, Linux (CentOS/RHEL, Ubuntu)
* Support Windows 10
* Support FreeBSD, OSX, Linux (CentOS/RHEL, Ubuntu) via functional "configure" script
* Support Windows 8.1
* Include examples and tests as part of the build
* Document code using doxygen
* Leverage github as much as possible for project coordination
@ -230,37 +204,69 @@ Stub mode does not support:
# Supported Platforms
The platforms listed here are intended to help ensure that we catch platform specific breakage prior to release.
The primary platforms targeted are Linux and FreeBSD, other platform are supported as we get time. The names listed here are intended to help ensure that we catch platform specific breakage, not to limit the work that folks are doing.
* Ubuntu 18.04 LTS and newer LTS releases
* Microsoft Windows 10
* FreeBSD 11.3 and newer
* RHEL/CentOS 8
* OSX 10.14 and 10.15
* RHEL/CentOS 6.4
* OSX 10.8
* Ubuntu 16.04
* Microsoft Windows 8.1
We intend to add Android and other platforms to future releases as we have time to port it.
### Platform Specific Build Notes
## Platform Specific Build Reports
[![Build Status](https://travis-ci.org/getdnsapi/getdns.png?branch=master)](https://travis-ci.org/getdnsapi/getdns)
## FreeBSD
### FreeBSD
If you're using [FreeBSD](https://www.freebsd.org/), you may install getdns via the [ports tree](https://www.freshports.org/dns/getdns/) by running: `cd /usr/ports/dns/getdns && make install clean`
If you are using FreeBSD 10 getdns can be intalled via 'pkg install getdns'.
## Ubuntu
### CentOS and RHEL 6.5
getdns should also work on Ubuntu 16.04, however if you require IDN functionality you will have to install a recent version of libidn2 via a ppa e.g. from https://launchpad.net/~ondrej/+archive/ubuntu/php
We rely on the most excellent package manager fpm to build the linux packages, which
means that the packaging platform requires ruby 2.1.0. There are other ways to
build the packages; this is simply the one we chose to use.
You will also have to build Unbound from source code to provide libunbound at version >= 1.5.9.
# cat /etc/redhat-release
CentOS release 6.5 (Final)
# uname -a
Linux host-10-1-1-6 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
# cd getdns-0.2.0rc1
# ./configure --prefix=/home/deploy/build
# make; make install
# cd /home/deploy/build
# mv lib lib64
# . /usr/local/rvm/config/alias
# fpm -x "*.la" -a native -s dir -t rpm -n getdns -v 0.2.0rc1 -d "unbound" -d "libevent" -d "libidn" --prefix /usr --vendor "Verisign Inc., NLnet Labs" --license "BSD New" --url "https://getdnsapi.net" --description "Modern asynchronous API to the DNS" .
## OSX
### OSX
A self-compiled version of OpenSSL or the version installed via Homebrew is required and the options OPENSSL_ROOT_DIR, OPENSSL_CRYPTO_LIBRARY and OPENSSL_SSL_LIBRARY can be used to specify the location of the libraries.
Note: If using a self-compiled version, manual configuration of certificates into /usr/local/etc/openssl/certs is required for TLS authentication to work.
# sw_vers
ProductName: Mac OS X
ProductVersion: 10.8.5
BuildVersion: 12F45
### Homebrew
Built using PackageMaker, libevent2.
# ./configure --with-libevent --prefix=$HOME/getdnsosx/export
# make
# make install
edit/fix hardcoded paths in lib/*.la to reference /usr/local
update getdns.pmdoc to match release info
build package using PackageMaker
create dmg
A self-compiled version of OpenSSL or the version installed via Homebrew is required.
Note: If using a self-compiled version, manual configuration of certificates into /usr/local/etc/openssl/certs is required for TLS authentication to work.
#### Homebrew
If you're using [Homebrew](http://brew.sh/), you may run `brew install getdns`. By default, this will only build the core library without any 3rd party event loop support.
@ -268,37 +274,48 @@ To install the [event loop integration libraries](https://getdnsapi.net/doxygen/
Note that in order to compile the examples, the `--with-libevent` switch is required.
Additionally, getdns is linked against the the OpenSSL library installed by Homebrew. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS certificate authentication should work out of the box.
Additionally, the OpenSSL library installed by Homebrew is linked against. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS certificate authentication should work out of the box.
## Microsoft Windows 10
### Microsoft Windows 8.1
You will need CMake for Windows. Installers can be downloaded from https://cmake.org/download/.
The build has been tested using the following:
32 bit only Mingw: [Mingw(3.21.0) and Msys 1.0](http://www.mingw.org/) on Windows 8.1
32 bit build on a 64 bit Mingw [Download latest from: http://mingw-w64.org/doku.php/download/mingw-builds and http://msys2.github.io/]. IMPORTANT: Install tested ONLY on the "x86_64" for 64-bit installer of msys2.
Windows versions of the following libraries are available using [the vcpkg package manager](https://docs.microsoft.com/en-us/cpp/build/vcpkg).
#### Dependencies
The following dependencies are
* openssl-1.0.2j
* libidn
* OpenSSL
* libevent
* libiconv (required for libidn2)
* libidn2
* libyaml
* libuv
Instructions to build openssl-1.0.2j:
Open the mingw32_shell.bat from msys2 in order to build:
Once these are installed, set CMake variables CMAKE_INCLUDE_PATH and CMAKE_LIBRARY_PATH to the vcpkg include and library directories e.g. `../vcpkg/installed/x64-windows/include` and `../vcpkg/installed/x64-windows/lib`.
If necessary, install the following using pacman:
To generate a project suitable for use in Visual Studio, select the appropriate Visual Studio generator in CMake. Once generated, the cmake-gui Open Project button can be used to load the project into Visual Studio.
pacman -S pkg-config libtool automake
pacman -S autoconf automake-wrapper
### Limitations on Windows
tar -xvf openssl-1.0.2j.tar
cd openssl-1.0.2j/
./Configure --prefix=${LOCALDESTDIR} --openssldir=${LOCALDESTDIR}/etc/ssl --libdir=lib shared zlib-dynamic mingw
make
make install
Full support for Windows is a work in progress. The following limitations will be addresses in future:
To configure:
./configure --enable-stub-only --with-trust-anchor="c:\\\MinGW\\\msys\\\1.0\\\etc\\\unbound\\\getdns-root.key" --with-ssl=<location of openssl from above> --with-getdns_query
* At present, no native Windows DLL version of libunbound exists; support for linking against libunbound is not currently available. The default build option for ENABLE_STUB_ONLY_ is ON for Windows.
The trust anchor is also installed by unbound on `c:\program Files (X86)\unbound\root.key` and can be referenced from there
or anywhere else that the user chooses to configure it.
* The getdns unit tests (built with `make test`) require libcheck which is not currently available for Windows and so cannot be built.
* The getdns tpkg test suite is not currently supported on Windows.
* The detection of the location of the `/etc/hosts` file should be optimised - it currently assumes Windows is installed in the default directory on the C: drive
After configuring, do a `make` and `make install` to build getdns for Windows.
Example test queries:
./getdns_query.exe -s gmadkat.com A @64.6.64.6 +return_call_reporting (UDP)
./getdns_query.exe -s gmadkat.com A @64.6.64.6 -T +return_call_reporting (TCP)
./getdns_query.exe -s gmadkat.com A -l L @185.49.141.37 +return_call_reporting (TLS without authentication)
./getdns_query.exe -s www.huque.com A +dnssec_return_status +return_call_reporting (DNSSEC)
Contributors
============
@ -351,4 +368,4 @@ Contributors
Acknowledgements
================
The development team explicitly acknowledges Paul Hoffman for his initiative and efforts to develop a consensus based DNS API. We would like to thank the participants of the getdns-api mailing list (discontinued) for their contributions.
The development team explicitly acknowledges Paul Hoffman for his initiative and efforts to develop a consensus based DNS API. We would like to thank the participants of the [mailing list](https://getdnsapi.net/mailman/listinfo/spec) for their contributions.

540
cmake/include/cmakeconfig.h.in
View File

@ -1,540 +0,0 @@
#ifndef CONFIG_H
#define CONFIG_H
#cmakedefine PACKAGE "@PACKAGE@"
#cmakedefine PACKAGE_NAME "@PACKAGE_NAME@"
#cmakedefine PACKAGE_VERSION "@PACKAGE_VERSION@"
#cmakedefine PACKAGE_URL "@PACKAGE_URL@"
#cmakedefine PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@"
#cmakedefine PACKAGE_STRING "@PACKAGE_STRING@"
#cmakedefine PACKAGE_TARNAME "@PACKAGE_TARNAME@"
#cmakedefine HAVE_ASSERT_H 1
#cmakedefine HAVE_INTTYPES_H 1
#cmakedefine HAVE_LIMITS_H 1
#cmakedefine HAVE_SYS_LIMITS_H 1
#cmakedefine HAVE_STDARG_H 1
#cmakedefine HAVE_STDDEF_H 1
#cmakedefine HAVE_STDINT_H 1
#cmakedefine HAVE_STDIO_H 1
#cmakedefine HAVE_STDLIB_H 1
#cmakedefine HAVE_STRING_H 1
#cmakedefine HAVE_TIME_H 1
#cmakedefine HAVE_UNISTD_H 1
#cmakedefine HAVE_FCNTL_H 1
#cmakedefine HAVE_SIGNAL_H 1
#cmakedefine HAVE_SYS_POLL_H 1
#cmakedefine HAVE_POLL_H 1
#cmakedefine HAVE_RESOURCE_H 1
#cmakedefine HAVE_SYS_TYPES_H 1
#cmakedefine HAVE_SYS_STAT_H 1
#cmakedefine HAVE_ENDIAN_H 1
#cmakedefine HAVE_NETDB_H 1
#cmakedefine HAVE_ARPA_INET_H 1
#cmakedefine HAVE_NETINET_IN_H 1
#cmakedefine HAVE_NETINET_TCP_H 1
#cmakedefine HAVE_SYS_SELECT_H 1
#cmakedefine HAVE_SYS_SOCKET_H 1
#cmakedefine HAVE_SYS_SYSCTL_H 1
#cmakedefine HAVE_SYS_TIME_H 1
#cmakedefine HAVE_SYS_WAIT_H 1
#cmakedefine HAVE_WINDOWS_H 1
#cmakedefine HAVE_WINSOCK_H 1
#cmakedefine HAVE_WINSOCK2_H 1
#cmakedefine HAVE_WS2TCPIP_H 1
#cmakedefine GETDNS_ON_WINDOWS 1
#cmakedefine USE_WINSOCK 1
#cmakedefine HAVE_SSL 1
#cmakedefine USE_DANESSL 1
#cmakedefine HAVE_OPENSSL_SSL_H 1
#cmakedefine HAVE_OPENSSL_EVP_H 1
#cmakedefine HAVE_OPENSSL_ERR_H 1
#cmakedefine HAVE_OPENSSL_RAND_H 1
#cmakedefine HAVE_OPENSSL_CONF_H 1
#cmakedefine HAVE_OPENSSL_ENGINE_H 1
#cmakedefine HAVE_OPENSSL_BN_H 1
#cmakedefine HAVE_OPENSSL_DSA_H 1
#cmakedefine HAVE_OPENSSL_RSA_H 1
#cmakedefine HAVE_OPENSSL_PARAM_BUILD_H 1
#cmakedefine HAVE_DSA_SIG_SET0 1
#cmakedefine HAVE_DSA_SET0_PQG 1
#cmakedefine HAVE_DSA_SET0_KEY 1
#cmakedefine HAVE_RSA_SET0_KEY 1
#cmakedefine HAVE_EVP_MD5 1
#cmakedefine HAVE_EVP_SHA1 1
#cmakedefine HAVE_EVP_SHA224 1
#cmakedefine HAVE_EVP_SHA256 1
#cmakedefine HAVE_EVP_SHA384 1
#cmakedefine HAVE_EVP_SHA512 1
#cmakedefine HAVE_EVP_DSS1 1
#cmakedefine HAVE_EVP_DIGESTVERIFY 1
#cmakedefine HAVE_EVP_MD_CTX_NEW 1
#cmakedefine HAVE_HMAC_CTX_NEW 1
#cmakedefine HAVE_NETTLE_GET_SECP_256R1 1
#cmakedefine HAVE_NETTLE_GET_SECP_384R1 1
#cmakedefine HAVE_TLS_CLIENT_METHOD 1
#cmakedefine HAVE_OPENSSL_VERSION_NUM 1
#cmakedefine HAVE_OPENSSL_VERSION 1
#cmakedefine HAVE_SSL_CTX_DANE_ENABLE 1
#cmakedefine HAVE_SSL_CTX_SET_CIPHERSUITES 1
#cmakedefine HAVE_SSL_SET_CIPHERSUITES 1
#cmakedefine HAVE_OPENSSL_INIT_CRYPTO 1
#cmakedefine HAVE_OSSL_PARAM_BLD_NEW 1
#cmakedefine HAVE_SSL_DANE_ENABLE 1
#cmakedefine HAVE_DECL_SSL_CTX_SET1_CURVES_LIST 1
#cmakedefine HAVE_DECL_SSL_SET1_CURVES_LIST 1
#cmakedefine HAVE_DECL_SSL_SET_MIN_PROTO_VERSION 1
#cmakedefine HAVE_X509_GET_NOTAFTER 1
#cmakedefine HAVE_X509_GET0_NOTAFTER 1
#cmakedefine HAVE_PTHREAD 1
#cmakedefine HAVE_WINDOWS_THREADS 1
#cmakedefine RUNSTATEDIR "@RUNSTATEDIR@"
#cmakedefine TRUST_ANCHOR_FILE "@PATH_TRUST_ANCHOR_FILE@"
#cmakedefine GETDNS_FN_RESOLVCONF "@PATH_RESOLVCONF@"
#cmakedefine GETDNS_FN_HOSTS "@PATH_HOSTS@"
#cmakedefine DNSSEC_ROADBLOCK_AVOIDANCE 1
#cmakedefine HAVE_MDNS_SUPPORT 1
#cmakedefine STUB_NATIVE_DNSSEC 1
#cmakedefine MAXIMUM_UPSTREAM_OPTION_SPACE @MAXIMUM_UPSTREAM_OPTION_SPACE@
#cmakedefine EDNS_PADDING_OPCODE @EDNS_PADDING_OPCODE@
#cmakedefine MAX_CNAME_REFERRALS @MAX_CNAME_REFERRALS@
#cmakedefine DRAFT_RRTYPES @DRAFT_RRTYPES@
#cmakedefine EDNS_COOKIES 1
#cmakedefine EDNS_COOKIE_OPCODE @EDNS_COOKIE_OPCODE@
#cmakedefine EDNS_COOKIE_ROLLOVER_TIME @EDNS_COOKIE_ROLLOVER_TIME@
#cmakedefine UDP_MAX_BACKOFF @MAX_UDP_BACKOFF@
#cmakedefine HAVE_DECL_GETENTROPY 1
#cmakedefine HAVE_DECL_INET_PTON 1
#cmakedefine HAVE_DECL_INET_NTOP 1
#cmakedefine HAVE_WIN_DECL_INET_PTON 1
#cmakedefine HAVE_WIN_DECL_INET_NTOP 1
#cmakedefine HAVE_DECL_MKSTEMP 1
#cmakedefine HAVE_DECL_SIGEMPTYSET 1
#cmakedefine HAVE_DECL_SIGFILLSET 1
#cmakedefine HAVE_DECL_SIGADDSET 1
#cmakedefine HAVE_DECL_STRPTIME 1
#cmakedefine HAVE_DECL_TCP_FASTOPEN 1
#cmakedefine HAVE_DECL_TCP_FASTOPEN_CONNECT 1
#cmakedefine HAVE_DECL_MSG_FASTOPEN 1
#if defined(HAVE_DECL_INET_PTON) || defined(HAVE_WIN_DECL_INET_PTON)
#undef HAVE_DECL_INET_PTON
#define HAVE_DECL_INET_PTON 1
#endif
#if defined(HAVE_DECL_INET_NTOP) || defined(HAVE_WIN_DECL_INET_NTOP)
#undef HAVE_DECL_INET_NTOP
#define HAVE_DECL_INET_NTOP 1
#endif
#cmakedefine HAVE_FCNTL 1
#cmakedefine HAVE_GETTIMEOFDAY 1
#cmakedefine HAVE_IOCTLSOCKET 1
#cmakedefine HAVE_SIGEMPTYSET 1
#cmakedefine HAVE_SIGFILLSET 1
#cmakedefine HAVE_SIGADDSET 1
#cmakedefine HAVE_STRPTIME 1
#cmakedefine HAVE_SIGSET_T 1
#cmakedefine HAVE__SIGSET_T 1
#cmakedefine HAVE_BSD_STDLIB_H 1
#cmakedefine HAVE_BSD_STRING_H 1
#cmakedefine HAVE_DECL_STRLCPY 1
#cmakedefine HAVE_DECL_ARC4RANDOM 1
#cmakedefine HAVE_DECL_ARC4RANDOM_UNIFORM 1
#cmakedefine HAVE_BSD_DECL_STRLCPY 1
#cmakedefine HAVE_BSD_DECL_ARC4RANDOM 1
#cmakedefine HAVE_BSD_DECL_ARC4RANDOM_UNIFORM 1
#cmakedefine HAVE_STRLCPY 1
#cmakedefine HAVE_ARC4RANDOM 1
#cmakedefine HAVE_ARC4RANDOM_UNIFORM 1
#cmakedefine HAVE_LIBUNBOUND 1
#cmakedefine HAVE_UNBOUND_EVENT_H 1
#cmakedefine HAVE_UNBOUND_EVENT_API 1
#cmakedefine HAVE_UB_CTX_SET_STUB 1
#cmakedefine HAVE_LIBIDN 1
#cmakedefine HAVE_LIBIDN2 1
#cmakedefine HAVE_NETTLE 1
#cmakedefine HAVE_NETTLE_DSA_COMPAT_H 1
#cmakedefine HAVE_NETTLE_EDDSA_H 1
#cmakedefine HAVE_EVENT2_EVENT_H 1
#cmakedefine HAVE_EVENT_BASE_NEW 1
#cmakedefine HAVE_EVENT_BASE_FREE 1
#cmakedefine DEFAULT_EVENTLOOP "@DEFAULT_EVENTLOOP@"
#cmakedefine USE_POLL_DEFAULT_EVENTLOOP 1
#cmakedefine STRPTIME_WORKS 1
#cmakedefine FD_SETSIZE @FD_SETSIZE@
#cmakedefine REQ_DEBUG 1
#cmakedefine SCHED_DEBUG 1
#cmakedefine STUB_DEBUG 1
#cmakedefine DAEMON_DEBUG 1
#cmakedefine SEC_DEBUG 1
#cmakedefine SERVER_DEBUG 1
#cmakedefine ANCHOR_DEBUG 1
#cmakedefine KEEP_CONNECTIONS_OPEN_DEBUG 1
#cmakedefine USE_SHA1 1
#cmakedefine USE_SHA2 1
#cmakedefine USE_GOST 1
#cmakedefine USE_ECDSA 1
#cmakedefine USE_DSA 1
#cmakedefine USE_ED25519 1
#cmakedefine USE_ED448 1
#cmakedefine USE_OSX_TCP_FASTOPEN 1
#cmakedefine HAVE_DECL_TCP_USER_TIMEOUT 1
#cmakedefine HAVE_NEW_UV_TIMER_CB 1
#cmakedefine HAVE_TARGET_ENDIANNESS
#cmakedefine TARGET_IS_BIG_ENDIAN
#cmakedefine HAVE___FUNC__ 1
#ifdef HAVE___FUNC__
#define __FUNC__ __func__
#else
#define __FUNC__ __FUNCTION__
#endif
#ifdef GETDNS_ON_WINDOWS
/* On windows it is allowed to increase the FD_SETSIZE
* (and nescessary to make our custom eventloop work)
* See: https://support.microsoft.com/en-us/kb/111855
*/
# ifndef FD_SETSIZE
# define FD_SETSIZE 1024
# endif
#ifdef __cplusplus
extern "C" {
#endif
/* the version of the windows API enabled */
# ifndef WINVER
# define WINVER 0x0600 // 0x0502
# endif
# ifndef _WIN32_WINNT
# define _WIN32_WINNT 0x0600 // 0x0502
# endif
# ifdef HAVE_WS2TCPIP_H
# include <ws2tcpip.h>
# endif
# ifdef _MSC_VER
# if _MSC_VER >= 1800
# define PRIsz "zu"
# else
# define PRIsz "Iu"
# endif
# include <BaseTsd.h>
typedef SSIZE_T ssize_t;
# else
# define PRIsz "Iu"
# endif
# ifdef HAVE_WINSOCK2_H
# include <winsock2.h>
# endif
/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
# ifdef HAVE_WINSOCK2_H
# define FD_SET_T (u_int)
# else
# define FD_SET_T
# endif
/* Windows wants us to use _strdup instead of strdup */
# ifndef strdup
# define strdup _strdup
# endif
/* Windows doesn't have strcasecmp and strncasecmp. */
# define strcasecmp _stricmp
# define strncasecmp _strnicmp
#else
# define PRIsz "zu"
#endif
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#ifdef HAVE_STDIO_H
#include <stdio.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_ASSERT_H
#include <assert.h>
#endif
#ifdef HAVE_STRING_H
#include <string.h>
#endif
#ifdef HAVE_STDLIB_H
#include <stdlib.h>
#endif
#ifdef HAVE_STDDEF_H
#include <stddef.h>
#endif
#ifdef HAVE_BSD_STDLIB_H
#include <bsd/stdlib.h>
#endif
#ifdef HAVE_BSD_STRING_H
#include <bsd/string.h>
#endif
#if !defined(HAVE_STRLCPY) || !HAVE_DECL_STRLCPY || !defined(strlcpy)
size_t strlcpy(char *dst, const char *src, size_t siz);
#else
#ifndef __BSD_VISIBLE
#define __BSD_VISIBLE 1
#endif
#endif
#if !defined(HAVE_ARC4RANDOM) || !HAVE_DECL_ARC4RANDOM
uint32_t arc4random(void);
#endif
#if !defined(HAVE_ARC4RANDOM_UNIFORM) || !HAVE_DECL_ARC4RANDOM_UNIFORM
uint32_t arc4random_uniform(uint32_t upper_bound);
#endif
#ifndef HAVE_ARC4RANDOM
void explicit_bzero(void* buf, size_t len);
int getentropy(void* buf, size_t len);
void arc4random_buf(void* buf, size_t n);
void _ARC4_LOCK(void);
void _ARC4_UNLOCK(void);
#endif
#ifdef COMPAT_SHA512
#ifndef SHA512_DIGEST_LENGTH
#define SHA512_BLOCK_LENGTH 128
#define SHA512_DIGEST_LENGTH 64
#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)
typedef struct _SHA512_CTX {
uint64_t state[8];
uint64_t bitcount[2];
uint8_t buffer[SHA512_BLOCK_LENGTH];
} SHA512_CTX;
#endif /* SHA512_DIGEST_LENGTH */
void SHA512_Init(SHA512_CTX*);
void SHA512_Update(SHA512_CTX*, void*, size_t);
void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest);
#endif /* COMPAT_SHA512 */
#ifdef USE_WINSOCK
# ifndef _CUSTOM_VSNPRINTF
# define _CUSTOM_VSNPRINTF
static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *format, va_list ap)
{ int r = vsnprintf(str, size, format, ap); return r == -1 ? _vscprintf(format, ap) : r; }
# define vsnprintf _gldns_custom_vsnprintf
# endif
#endif
#ifdef __cplusplus
}
#endif
/** Use on-board gldns */
#define USE_GLDNS 1
#ifdef HAVE_SSL
# define GLDNS_BUILD_CONFIG_HAVE_SSL 1
#endif
#ifdef HAVE_STDARG_H
#include <stdarg.h>
#endif
#include <errno.h>
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETINET_TCP_H
#include <netinet/tcp.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#endif
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#ifdef HAVE_SYS_LIMITS_H
#include <sys/limits.h>
#endif
#ifdef PATH_MAX
#define _GETDNS_PATH_MAX PATH_MAX
#else
#define _GETDNS_PATH_MAX 2048
#endif
#ifndef PRIu64
#define PRIu64 "llu"
#endif
#ifdef HAVE_ATTR_FORMAT
# define ATTR_FORMAT(archetype, string_index, first_to_check) \
__attribute__ ((format (archetype, string_index, first_to_check)))
#else /* !HAVE_ATTR_FORMAT */
# define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */
#endif /* !HAVE_ATTR_FORMAT */
#if defined(DOXYGEN)
# define ATTR_UNUSED(x) x
#elif defined(__cplusplus)
# define ATTR_UNUSED(x)
#elif defined(__GNUC__)
# define ATTR_UNUSED(x) x __attribute__((unused))
#else /* !HAVE_ATTR_UNUSED */
# define ATTR_UNUSED(x) x
#endif /* !HAVE_ATTR_UNUSED */
#ifdef TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>
# endif
#endif
#ifdef __cplusplus
extern "C" {
#endif
#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
#define strptime unbound_strptime
struct tm;
char *strptime(const char *s, const char *format, struct tm *tm);
#endif
#if !defined(HAVE_SIGSET_T) && defined(HAVE__SIGSET_T)
typedef _sigset_t sigset_t;
#endif
#if !defined(HAVE_SIGEMPTYSET)
# define sigemptyset(pset) (*(pset) = 0)
#endif
#if !defined(HAVE_SIGFILLSET)
# define sigfillset(pset) (*(pset) = (sigset_t)-1)
#endif
#if !defined(HAVE_SIGADDSET)
# define sigaddset(pset, num) (*(pset) |= (1L<<(num)))
#endif
#ifdef HAVE_LIBUNBOUND
# include <unbound.h>
# ifdef HAVE_UNBOUND_EVENT_H
# include <unbound-event.h>
# else
# ifdef HAVE_UNBOUND_EVENT_API
# ifndef _UB_EVENT_PRIMITIVES
# define _UB_EVENT_PRIMITIVES
struct ub_event_base;
struct ub_ctx* ub_ctx_create_ub_event(struct ub_event_base* base);
typedef void (*ub_event_callback_t)(void*, int, void*, int, int, char*);
int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype,
int rrclass, void* mydata, ub_event_callback_t callback, int* async_id);
# endif
# endif
# endif
#endif
#ifndef HAVE_DECL_INET_PTON
int inet_pton(int af, const char* src, void* dst);
#endif
#ifndef HAVE_DECL_INET_NTOP
const char *inet_ntop(int af, const void *src, char *dst, size_t size);
#endif
#ifndef HAVE_DECL_MKSTEMP
int mkstemp(char *template);
#endif
#ifndef HAVE_GETTIMEOFDAY
int gettimeofday(struct timeval* tv, void* tz);
#endif
#ifdef __cplusplus
}
#endif
#endif /* CONFIG_H */

19
cmake/include/getdns_shared_version.rc.in
View File

@ -1,19 +0,0 @@
1 VERSIONINFO
FILEVERSION @version_current@,@version_revision@,@version_age@,0
PRODUCTVERSION @version_current@,@version_revision@,0,0
FILEOS 4
FILETYPE 2
FILESUBTYPE 0
BEGIN
BLOCK "StringFileInfo"
BEGIN
BLOCK "040904e4"
BEGIN
VALUE "CompanyName", "getdns project\0"
VALUE "ProductName", "getdns\0"
VALUE "FileVersion", "@version_current@.@version_revision@\0"
VALUE "ProductVersion", "@version_current@.@version_revision@\0"
VALUE "LegalCopyright", "NLnet Labs, Sinodun, No Mountain Software. New BSD licence.\0"
END
END
END

114
cmake/modules/FindCheck.cmake
View File

@ -1,114 +0,0 @@
#[=======================================================================[.rst:
FindCheck
--------
Find the Check (Unit Testing Framework for C) library
Imported targets
^^^^^^^^^^^^^^^^
This module defines the following :prop_tgt:`IMPORTED` targets:
``Check::Check``
The Check library, if found.
Result variables
^^^^^^^^^^^^^^^^
This module will set the following variables in your project:
``Check_FOUND``
If false, do not try to use Check.
``CHECK_INCLUDE_DIR``
where to find check.h, etc.
``CHECK_LIBRARIES``
the libraries needed to use Check.
``CHECK_VERSION``
the version of the Check library found
#]=======================================================================]
find_package(PkgConfig QUIET)
if (PKG_CONFIG_FOUND)
pkg_check_modules(PkgCheck IMPORTED_TARGET GLOBAL check)
endif ()
if (PkgCheck_FOUND)
set(CHECK_INCLUDE_DIR ${PkgCheck_INCLUDE_DIRS} CACHE FILEPATH "check include path")
set(CHECK_LIBRARIES ${PkgCheck_LIBRARIES} CACHE STRING "check libraries")
set(CHECK_VERSION ${PkgCheck_VERSION})
add_library(Check::Check ALIAS PkgConfig::PkgCheck)
set(Check_FOUND ON)
else ()
find_path(CHECK_INCLUDE_DIR check.h
HINTS
"${CHECK_DIR}"
"${CHECK_DIR}/include"
)
# Check for PIC and non-PIC libraries. If PIC present, use that
# in preference (as per Debian check.pc).
find_library(CHECK_LIBRARY NAMES check_pic libcheck_pic
HINTS
"${CHECK_DIR}"
"${CHECK_DIR}/lib"
)
if (NOT CHECK_LIBRARY)
find_library(CHECK_LIBRARY NAMES check libcheck
HINTS
"${CHECK_DIR}"
"${CHECK_DIR}/lib"
)
endif ()
set(_CHECK_LIBARIES "")
# Check may need the math, subunit and rt libraries on Unix
if (UNIX)
find_library(CHECK_MATH_LIBRARY m)
find_library(CHECK_RT_LIBRARY rt)
find_library(CHECK_SUBUNIT_LIBRARY subunit)
if (CHECK_MATH_LIBRARY)
list(APPEND _CHECK_LIBARIES "${CHECK_MATH_LIBRARY}")
endif ()
if (CHECK_RT_LIBRARY)
list(APPEND _CHECK_LIBARIES "${CHECK_RT_LIBRARY}")
endif ()
if (CHECK_SUBUNIT_LIBRARY)
list(APPEND _CHECK_LIBARIES "${CHECK_SUBUNIT_LIBRARY}")
endif ()
endif()
set(CHECK_LIBRARIES ${_CHECK_LIBARIES} ${CHECK_LIBRARY} CACHE STRING "check libraries")
if (CHECK_INCLUDE_DIR AND CHECK_LIBRARY)
if (NOT TARGET Check::Check)
add_library(Check::Check UNKNOWN IMPORTED)
set_target_properties(Check::Check PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${CHECK_INCLUDE_DIR}"
INTERFACE_LINK_LIBRARIES "${CHECK_LIBRARIES}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
IMPORTED_LOCATION "${CHECK_LIBRARY}"
)
endif ()
if (NOT CHECK_VERSION AND CHECK_INCLUDE_DIR AND EXISTS "${CHECK_INCLUDE_DIR}/check.h")
file(STRINGS "${CHECK_INCLUDE_DIR}/check.h" CHECK_H REGEX "^#define CHECK_M[A-Z]+_VERSION")
string(REGEX REPLACE "^.*\(([0-9]+)\).*\(([0-9]+)\).*\(([0-9]+)\).*$" "\\1.\\2.\\3" CHECK_VERSION "${CHECK_H}")
endif ()
endif()
list(APPEND CHECK_LIBRARIES "${CHECK_LIBRARY}")
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(Check
REQUIRED_VARS CHECK_LIBRARIES CHECK_INCLUDE_DIR
VERSION_VAR CHECK_VERSION
)
endif()
mark_as_advanced(CHECK_INCLUDE_DIR CHECK_LIBRARIES CHECK_LIBRARY
CHECK_MATH_LIBRARY CHECK_RT_LIBRARY CHECK_SUBUNIT_LIBRARY)

101
cmake/modules/FindGnuTLS.cmake
View File

@ -1,101 +0,0 @@
#[=======================================================================[.rst:
FindGnuTLS
----------
Find the GnuTLS library.
Imported targets
^^^^^^^^^^^^^^^^
This module defines the following :prop_tgt:`IMPORTED` targets:
``GnuTLS::GnuTLS``
The GnuTLS library, if found.
``GnuTLS::Dane``
The GnuTLS DANE library, if found.
Result variables
^^^^^^^^^^^^^^^^
This module will set the following variables in your project:
``GnuTLS_FOUND``
If false, do not try to use GnuTLS.
``GNUTLS_INCLUDE_DIR``
where to find GnuTLS headers.
``GNUTLS_LIBRARIES``
the libraries needed to use GnuTLS.
``GNUTLS_VERSION``
the version of the GnuTLS library found
#]=======================================================================]
find_package(PkgConfig QUIET)
if (PKG_CONFIG_FOUND)
pkg_check_modules(PkgGnuTLS IMPORTED_TARGET GLOBAL QUIET gnutls)
pkg_check_modules(PkgGnuTLSDane IMPORTED_TARGET GLOBAL QUIET gnutls-dane)
endif ()
if (PkgGnuTLS_FOUND AND PkgGnuTLSDane_FOUND)
set(GNUTLS_INCLUDE_DIR ${PkgGnuTLS_INCLUDE_DIRS} $PkgGnuTLSDane_INCLUDE_DIRS} CACHE FILEPATH "GnuTLS include path")
set(NETTLE_LIBRARIES ${PkgGnuTLS_LIBRARIES} ${PkgGnuTLSDane_LIBRARIES} CACHE STRING "GnuTLS libraries")
set(NETTLE_VERSION ${PkgGnuTLS_VERSION})
add_library(GnuTLS::GnuTLS ALIAS PkgConfig::PkgGnuTLS)
add_library(GnuTLS::Dane ALIAS PkgConfig::PkgGnuTLSDane)
set(GnuTLS_FOUND ON)
else ()
find_path(GNUTLS_INCLUDE_DIR gnutls/gnutls.h
HINTS
"${GNUTLS_DIR}"
"${GNUTLS_DIR}/include"
)
find_library(GNUTLS_LIBRARY NAMES gnutls libgnutls
HINTS
"${GNUTLS_DIR}"
"${GNUTLS_DIR}/lib"
)
find_library(GNUTLS_DANE_LIBRARY NAMES gnutls-dane libgnutls-dane
HINTS
"${GNUTLS_DIR}"
"${GNUTLS_DIR}/lib"
)
set(_GNUTLS_LIBRARIES "")
if (GNUTLS_INCLUDE_DIR AND GNUTLS_LIBRARY AND GNUTLS_DANE_LIBRARY)
if (NOT TARGET GnuTLS::GnuTLS)
add_library(GnuTLS::GnuTLS UNKNOWN IMPORTED)
set_target_properties(GnuTLS::GnuTLS PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${GNUTLS_INCLUDE_DIR}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
IMPORTED_LOCATION "${GNUTLS_LIBRARY}"
)
endif ()
if (NOT TARGET GnuTLS::Dane)
add_library(GnuTLS::Dane UNKNOWN IMPORTED)
set_target_properties(GnuTLS::Dane PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${GNUTLS_INCLUDE_DIR}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
IMPORTED_LOCATION "${GNUTLS_DANE_LIBRARY}"
)
endif ()
if (NOT GNUTLS_VERSION AND GNUTLS_INCLUDE_DIR)
file(STRINGS "${GNUTLS_INCLUDE_DIR}/gnutls/gnutls.h" GNUTLS_VER_H REGEX "^#define GNUTLS_VERSION_(MAJOR|MINOR|PATCH) ")
string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*_PATCH ([0-9]+).*$" "\\1.\\2.\\3c" GNUTLS_VERSION "${GNUTLS_VER_H}")
endif ()
endif ()
list(APPEND _GNUTLS_LIBRARIES "${GNUTLS_LIBRARY}" "${GNUTLS_DANE_LIBRARY}")
set(GNUTLS_LIBRARIES ${_GNUTLS_LIBRARIES} CACHE STRING "GnuTLS libraries")
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(GnuTLS
REQUIRED_VARS GNUTLS_LIBRARIES GNUTLS_INCLUDE_DIR
VERSION_VAR GNUTLS_VERSION
)
endif ()
mark_as_advanced(GNUTLS_INCLUDE_DIR GNUTLS_LIBRARIES GNUTLS_LIBRARY GNUTLS_DANE_LIBRARY)

63
cmake/modules/FindLibev.cmake
View File

@ -1,63 +0,0 @@
#[=======================================================================[.rst:
FindLibev
---------
Find the Libev library.
Imported targets
^^^^^^^^^^^^^^^^
This module defines the following :prop_tgt:`IMPORTED` targets:
``Libev::Libev``
The Libev library, if found.
Result variables
^^^^^^^^^^^^^^^^
This module will set the following variables in your project:
``Libev_FOUND``
If false, do not try to use Libev.
``LIBEV_INCLUDE_DIR``
where to find libev headers.
``LIBEV_LIBRARIES``
the libraries needed to use Libev.
``LIBEV_VERSION``
the version of the Libev library found
#]=======================================================================]
find_path(LIBEV_INCLUDE_DIR ev.h
HINTS
"${LIBEV_DIR}"
"${LIBEV_DIR}/include"
)
find_library(LIBEV_LIBRARY NAMES ev libev
HINTS
"${LIBEV_DIR}"
"${LIBEV_DIR}/lib"
)
set(LIBEV_LIBRARIES "")
if (LIBEV_INCLUDE_DIR AND LIBEV_LIBRARY)
if (NOT TARGET Libev::Libev)
add_library(Libev::Libev UNKNOWN IMPORTED)
set_target_properties(Libev::Libev PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${LIBEV_INCLUDE_DIR}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
IMPORTED_LOCATION "${LIBEV_LIBRARY}"
)
endif ()
endif()
list(APPEND LIBEV_LIBRARIES "${LIBEV_LIBRARY}")
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(Libev
REQUIRED_VARS LIBEV_LIBRARIES LIBEV_INCLUDE_DIR
)
mark_as_advanced(LIBEV_INCLUDE_DIR LIBEV_LIBRARIES LIBEV_LIBRARY)

78
cmake/modules/FindLibevent2.cmake
View File

@ -1,78 +0,0 @@
#[=======================================================================[.rst:
FindLibevent2
-------------
Find the Libevent2 library. For now this finds the core library only.
Imported targets
^^^^^^^^^^^^^^^^
This module defines the following :prop_tgt:`IMPORTED` targets:
``Libevent2::Libevent_core``
The Libevent2 library, if found.
Result variables
^^^^^^^^^^^^^^^^
This module will set the following variables in your project:
``Libevent2_FOUND``
If false, do not try to use Libevent2.
``LIBEVENT2_INCLUDE_DIR``
where to find libevent headers.
``LIBEVENT2_LIBRARIES``
the libraries needed to use Libevent2.
``LIBEVENT2_VERSION``
the version of the Libevent2 library found
#]=======================================================================]
find_package(PkgConfig QUIET)
if (PKG_CONFIG_FOUND)
pkg_check_modules(PkgLibevent IMPORTED_TARGET GLOBAL QUIET libevent>=2)
endif ()
if (PkgLibevent_FOUND)
set(LIBEVENT2_INCLUDE_DIR ${PkgLibevent_INCLUDE_DIRS} CACHE FILEPATH "libevent2 include path")
set(LIBEVENT2_LIBRARIES ${PkgLibevent_LIBRARIES} CACHE STRING "libevent2 libraries")
set(LIBEVENT2_VERSION ${PkgLibevent_VERSION})
add_library(Libevent2::Libevent_core ALIAS PkgConfig::PkgLibevent)
set(Libevent2_FOUND ON)
else ()
find_path(LIBEVENT2_INCLUDE_DIR event2/event.h
HINTS
"${LIBEVENT2_DIR}"
"${LIBEVENT2_DIR}/include"
)
find_library(LIBEVENT2_LIBRARIES NAMES event_core libevent_core
HINTS
"${LIBEVENT2_DIR}"
"${LIBEVENT2_DIR}/lib"
)
if (LIBEVENT2_INCLUDE_DIR AND LIBEVENT2_LIBRARIES)
if (NOT TARGET Libevent2::Libevent_core)
add_library(Libevent2::Libevent_core UNKNOWN IMPORTED)
set_target_properties(Libevent2::Libevent_core PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${LIBEVENT2_INCLUDE_DIR}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
IMPORTED_LOCATION "${LIBEVENT2_LIBRARIES}"
)
endif ()
if (NOT LIBEVENT2_VERSION AND LIBEVENT2_INCLUDE_DIR AND EXISTS "${LIBEVENT2_INCLUDE_DIR}/event2/event.h")
file(STRINGS "${LIBEVENT2_INCLUDE_DIR}/event2/event-config.h" LIBEVENT2_H REGEX "^#define _?EVENT_+VERSION ")
string(REGEX REPLACE "^.*EVENT_+VERSION \"([^\"]+)\".*$" "\\1" LIBEVENT2_VERSION "${LIBEVENT2_H}")
endif ()
endif ()
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(Libevent2
REQUIRED_VARS LIBEVENT2_LIBRARIES LIBEVENT2_INCLUDE_DIR
VERSION_VAR LIBEVENT2_VERSION
)
endif ()
mark_as_advanced(LIBEVENT2_INCLUDE_DIR LIBEVENT2_LIBRARIES)

77
cmake/modules/FindLibidn2.cmake
View File

@ -1,77 +0,0 @@
#[=======================================================================[.rst:
FindLibidn2
-----------
Find the Libidn2 library
Imported targets
^^^^^^^^^^^^^^^^
This module defines the following :prop_tgt:`IMPORTED` targets:
``Libidn2::Libidn2``
The Libidn2 library, if found.
Result variables
^^^^^^^^^^^^^^^^
This module will set the following variables in your project:
``Libidn2_FOUND``
If false, do not try to use Libidn2.
``LIBIDN2_INCLUDE_DIR``
where to find libidn2 headers.
``LIBIDN2_LIBRARIES``
the libraries needed to use Libidn2.
``LIBIDN2_VERSION``
the version of the Libidn2 library found
#]=======================================================================]
find_package(PkgConfig QUIET)
if (PKG_CONFIG_FOUND)
pkg_check_modules(PkgLibIdn2 IMPORTED_TARGET GLOBAL libidn2)
endif ()
if (PkgLibIdn2_FOUND)
set(LIBIDN2_INCLUDE_DIR ${PkgLibIdn2_INCLUDE_DIRS} CACHE FILEPATH "libidn2 include path")
set(LIBIDN2_LIBRARIES ${PkgLibIdn2_LIBRARIES} CACHE STRING "libidn2 libraries")
set(LIBIDN2_VERSION ${PkgLibIdn2_VERSION})
add_library(Libidn2::Libidn2 ALIAS PkgConfig::PkgLibIdn2)
set(Libidn2_FOUND ON)
else ()
find_path(LIBIDN2_INCLUDE_DIR idn2.h
HINTS
"${LIBIDN2_DIR}"
"${LIBIDN2_DIR}/include"
)
find_library(LIBIDN2_LIBRARIES NAMES idn2 libidn2
HINTS
"${LIBIDN2_DIR}"
"${LIBIDN2_DIR}/lib"
)
if (LIBIDN2_INCLUDE_DIR AND LIBIDN2_LIBRARIES)
if (NOT TARGET Libidn2::Libidn2)
add_library(Libidn2::Libidn2 UNKNOWN IMPORTED)
set_target_properties(Libidn2::Libidn2 PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${LIBIDN2_INCLUDE_DIR}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
IMPORTED_LOCATION "${LIBIDN2_LIBRARIES}"
)
endif ()
if (NOT LIBIDN2_VERSION AND LIBIDN2_INCLUDE_DIR AND EXISTS "${LIBIDN2_INCLUDE_DIR}/idn2.h")
file(STRINGS "${LIBIDN2_INCLUDE_DIR}/idn2.h" LIBIDN2_H REGEX "^[ \t]*#[ \t]*define[ \t]+IDN2_VERSION[ \t]")
string(REGEX REPLACE "^.*IDN2_VERSION[ \t]+\"([0-9.]+)\".*$" "\\1" LIBIDN2_VERSION "${LIBIDN2_H}")
endif ()
endif ()
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(Libidn2
REQUIRED_VARS LIBIDN2_LIBRARIES LIBIDN2_INCLUDE_DIR
VERSION_VAR LIBIDN2_VERSION
)
endif ()
mark_as_advanced(LIBIDN2_INCLUDE_DIR LIBIDN2_LIBRARIES)

104
cmake/modules/FindLibunbound.cmake
View File

@ -1,104 +0,0 @@
#[=======================================================================[.rst:
FindLibunbound
--------------
Find the Libunbound library
Imported targets
^^^^^^^^^^^^^^^^
This module defines the following :prop_tgt:`IMPORTED` targets:
``Libunbound::Libunbound``
The Libunbound library, if found.
Result variables
^^^^^^^^^^^^^^^^
This module will set the following variables in your project:
``Libunbound_FOUND``
If false, do not try to use Libunbound.
``LIBUNBOUND_INCLUDE_DIR``
where to find libunbound headers.
``LIBUNBOUND_LIBRARIES``
the libraries needed to use Libunbound.
``LIBUNBOUND_VERSION``
the version of the Libunbound library found
#]=======================================================================]
find_package(PkgConfig QUIET)
if (PKG_CONFIG_FOUND)
pkg_check_modules(PkgLibunbound IMPORTED_TARGET GLOBAL QUIET libunbound)
endif ()
if (PkgLibunbound_FOUND)
set(LIBUNBOUND_INCLUDE_DIR ${PkgLibunbound_INCLUDE_DIRS} CACHE FILEPATH "libunbound include path")
set(LIBUNBOUND_LIBRARIES ${PkgLibunbound_LIBRARIES} CACHE STRING "libunbound libraries")
set(LIBUNBOUND_VERSION ${PkgLibunbound_VERSION})
add_library(Libunbound::Libunbound ALIAS PkgConfig::PkgLibunbound)
set(Libunbound_FOUND ON)
else ()
find_path(LIBUNBOUND_INCLUDE_DIR unbound.h
HINTS
"${LIBUNBOUND_DIR}"
"${LIBUNBOUND_DIR}/include"
)
find_library(LIBUNBOUND_LIBRARY NAMES unbound
HINTS
"${LIBUNBOUND_DIR}"
"${LIBUNBOUND_DIR}/lib"
)
set(_LIBUNBOUND_LIBRARIES "")
if (UNIX)
find_package(Threads REQUIRED)
find_package(OpenSSL REQUIRED)
list(APPEND _LIBUNBOUND_LIBRARIES "${CMAKE_THREAD_LIBS_INIT}")
list(APPEND _LIBUNBOUND_LIBRARIES "${OPENSSL_LIBRARIES}")
endif()
if (LIBUNBOUND_INCLUDE_DIR AND LIBUNBOUND_LIBRARY)
if (NOT TARGET Libunbound::Libunbound)
add_library(Libunbound::Libunbound UNKNOWN IMPORTED)
set_target_properties(Libunbound::Libunbound PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${LIBUNBOUND_INCLUDE_DIR}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
IMPORTED_LOCATION "${LIBUNBOUND_LIBRARY}"
)
if(UNIX AND TARGET Threads::Threads)
set_property(TARGET Libunbound::Libunbound APPEND PROPERTY
INTERFACE_LINK_LIBRARIES Threads::Threads)
endif ()
if(UNIX AND TARGET OpenSSL::SSL)
set_property(TARGET Libunbound::Libunbound APPEND PROPERTY
INTERFACE_LINK_LIBRARIES OpenSSL::SSL)
endif ()
if(UNIX AND TARGET OpenSSL::Crypto)
set_property(TARGET Libunbound::Libunbound APPEND PROPERTY
INTERFACE_LINK_LIBRARIES OpenSSL::Crypto)
endif ()
endif ()
if (NOT LIBUNBOUND_VERSION AND LIBUNBOUND_INCLUDE_DIR AND EXISTS "${LIBUNBOUND_INCLUDE_DIR}/unbound.h")
file(STRINGS "${LIBUNBOUND_INCLUDE_DIR}/unbound.h" LIBUNBOUND_H REGEX "^#define UNBOUND_VERSION_M[A-Z]+")
string(REGEX REPLACE "^.*MAJOR ([0-9]+).*MINOR ([0-9]+).*MICRO ([0-9]+).*$" "\\1.\\2.\\3" LIBUNBOUND_VERSION "${LIBUNBOUND_H}")
endif ()
endif ()
list(APPEND _LIBUNBOUND_LIBRARIES "${LIBUNBOUND_LIBRARY}")
set(LIBUNBOUND_LIBRARIES ${_LIBUNBOUND_LIBRARIES} CACHE STRING "libunbound libraries")
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(Libunbound
REQUIRED_VARS LIBUNBOUND_LIBRARIES LIBUNBOUND_INCLUDE_DIR
VERSION_VAR LIBUNBOUND_VERSION
)
endif ()
mark_as_advanced(LIBUNBOUND_INCLUDE_DIR LIBUNBOUND_LIBRARIES LIBUNBOUND_LIBRARY)

82
cmake/modules/FindLibuv.cmake
View File

@ -1,82 +0,0 @@
#[=======================================================================[.rst:
FindLibuv
---------
Find the Libuv library.
Imported targets
^^^^^^^^^^^^^^^^
This module defines the following :prop_tgt:`IMPORTED` targets:
``Libuv::Libuv``
The Libuv library, if found.
Result variables
^^^^^^^^^^^^^^^^
This module will set the following variables in your project:
``Libuv_FOUND``
If false, do not try to use Libuv.
``LIBUV_INCLUDE_DIR``
where to find libuv headers.
``LIBUV_LIBRARIES``
the libraries needed to use Libuv.
``LIBUV_VERSION``
the version of the Libuv library found
#]=======================================================================]
find_package(PkgConfig QUIET)
if (PKG_CONFIG_FOUND)
pkg_check_modules(PkgLibuv IMPORTED_TARGET GLOBAL libuv)
endif ()
if (PkgLibuv_FOUND)
set(LIBUV_INCLUDE_DIR ${PkgLibuv_INCLUDE_DIRS} CACHE FILEPATH "libuv include path")
set(LIBUV_LIBRARIES ${PkgLibuv_LIBRARIES} CACHE STRING "libuv libraries")
set(LIBUV_VERSION ${PkgLibuv_VERSION})
add_library(Libuv::Libuv ALIAS PkgConfig::PkgLibuv)
set(Libuv_FOUND ON)
else ()
find_path(LIBUV_INCLUDE_DIR uv.h
HINTS
"${LIBUV_DIR}"
"${LIBUV_DIR}/include"
)
find_library(LIBUV_LIBRARIES NAMES uv libuv
HINTS
"${LIBUV_DIR}"
"${LIBUV_DIR}/lib"
)
if (LIBUV_INCLUDE_DIR AND LIBUV_LIBRARIES)
if (NOT TARGET Libuv::Libuv)
add_library(Libuv::Libuv UNKNOWN IMPORTED)
set_target_properties(Libuv::Libuv PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${LIBUV_INCLUDE_DIR}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
IMPORTED_LOCATION "${LIBUV_LIBRARIES}"
)
endif ()
if (NOT LIBUV_VERSION AND LIBUV_INCLUDE_DIR)
if (EXISTS "${LIBUV_INCLUDE_DIR}/uv-version.h")
file(STRINGS "${LIBUV_INCLUDE_DIR}/uv-version.h" LIBUV_VER_H REGEX "^#define UV_VERSION_(MAJOR|MINOR|PATCH) ")
elseif (EXISTS "${LIBUV_INCLUDE_DIR}/uv/version.h")
file(STRINGS "${LIBUV_INCLUDE_DIR}/uv/version.h" LIBUV_VER_H REGEX "^#define UV_VERSION_(MAJOR|MINOR|PATCH) ")
endif ()
string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*_PATCH ([0-9]+).*$" "\\1.\\2.\\3" LIBUV_VERSION "${LIBUV_VER_H}")
endif ()
endif ()
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(Libuv
REQUIRED_VARS LIBUV_LIBRARIES LIBUV_INCLUDE_DIR
VERSION_VAR LIBUV_VERSION
)
endif ()
mark_as_advanced(LIBUV_INCLUDE_DIR LIBUV_LIBRARIES)

111
cmake/modules/FindNettle.cmake
View File

@ -1,111 +0,0 @@
#[=======================================================================[.rst:
FindNettle
----------
Find the Nettle library.
Imported targets
^^^^^^^^^^^^^^^^
This module defines the following :prop_tgt:`IMPORTED` targets:
``Nettle::Nettle``
The Nettle library, if found.
``Nettle::Hogweed``
The Hogweed library, if found.
Result variables
^^^^^^^^^^^^^^^^
This module will set the following variables in your project:
``Nettle_FOUND``
If false, do not try to use Nettle.
``NETTLE_INCLUDE_DIR``
where to find Nettle headers.
``NETTLE_LIBRARIES``
the libraries needed to use Nettle.
``NETTLE_VERSION``
the version of the Nettle library found
#]=======================================================================]
find_package(PkgConfig QUIET)
if(PKG_CONFIG_FOUND)
pkg_check_modules(PkgNettle IMPORTED_TARGET GLOBAL nettle)
pkg_check_modules(PkgHogweed IMPORTED_TARGET GLOBAL QUIET hogweed)
endif()
if(PkgNettle_FOUND AND PkHogweed_FOUND)
set(NETTLE_INCLUDE_DIR ${PkgNettle_INCLUDE_DIRS} ${PkgHogweed_INCLUDE_DIRS} CACHE FILEPATH "Nettle include path")
set(NETTLE_LIBRARIES ${PkgNettle_LIBRARIES} ${PkgHogweed_LIBRARIES} CACHE STRING "Nettle libraries")
set(NETTLE_VERSION ${PkgNettle_VERSION})
add_library(Nettle::Nettle ALIAS PkgConfig::PkgNettle)
add_library(Nettle::Hogweed ALIAS PkgConfig::PkgHogweed)
set(Nettle_FOUND ON)
else()
find_path(NETTLE_INCLUDE_DIR nettle/version.h
HINTS
"${NETTLE_DIR}"
"${NETTLE_DIR}/include"
)
find_library(NETTLE_LIBRARY NAMES nettle libnettle
HINTS
"${NETTLE_DIR}"
"${NETTLE_DIR}/lib"
)
find_library(HOGWEED_LIBRARY NAMES hogweed libhogweed
HINTS
"${NETTLE_DIR}"
"${NETTLE_DIR}/lib"
)
set(_NETTLE_LIBRARIES ${NETTLE_LIBRARY} ${HOGWEED_LIBRARY})
# May need gmp library on Unix.
if (UNIX)
find_library(NETTLE_GMP_LIBRARY gmp)
endif ()
if (NETTLE_GMP_LIBRARY)
list(APPEND _NETTLE_LIBRARIES "${NETTLE_GMP_LIBRARY}")
endif ()
set(NETTLE_LIBRARIES ${_NETTLE_LIBRARIES} CACHE STRING "nettle libraries")
if (NETTLE_INCLUDE_DIR AND NETTLE_LIBRARY AND HOGWEED_LIBRARY)
if (NOT TARGET Nettle::Nettle)
add_library(Nettle::Nettle UNKNOWN IMPORTED)
set_target_properties(Nettle::Nettle PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${NETTLE_INCLUDE_DIR}"
INTERFACE_LINK_LIBRARIES "${NETTLE_LIBRARIES}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
IMPORTED_LOCATION "${NETTLE_LIBRARY}"
)
endif ()
if (NOT TARGET Nettle::Hogweed)
add_library(Nettle::Hogweed UNKNOWN IMPORTED)
set_target_properties(Nettle::Hogweed PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${NETTLE_INCLUDE_DIR}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
IMPORTED_LOCATION "${HOGWEED_LIBRARY}"
)
endif ()
if (NOT NETTLE_VERSION AND NETTLE_INCLUDE_DIR)
file(STRINGS "${NETTLE_INCLUDE_DIR}/nettle/version.h" NETTLE_VER_H REGEX "^#define NETTLE_VERSION_(MAJOR|MINOR) ")
string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*$" "\\1.\\2" NETTLE_VERSION "${NETTLE_VER_H}")
endif ()
endif()
list(APPEND NETTLE_LIBRARIES "${NETTLE_LIBRARY}" "${HOGWEED_LIBRARY}")
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(Nettle
REQUIRED_VARS NETTLE_LIBRARIES NETTLE_INCLUDE_DIR
VERSION_VAR NETTLE_VERSION
)
endif()
mark_as_advanced(NETTLE_INCLUDE_DIR NETTLE_LIBRARIES NETTLE_LIBRARY HOGWEED_LIBRARY NETTLE_GMP_LIBRARY)

27
cmake/modules/TargetSharedLibraryExports.cmake
View File

@ -1,27 +0,0 @@
# Export only named entry points from shared library.
function(target_shared_library_exports lib libname symbols)
if (WIN32)
file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.def" "LIBRARY ${libname}\n EXPORTS\n")
foreach (symbol IN LISTS symbols)
file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.def" " ${symbol}\n")
endforeach ()
target_sources(${lib} PRIVATE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.def")
elseif (APPLE)
file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.syms" "")
foreach (symbol IN LISTS symbols)
file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.syms" "_${symbol}\n")
endforeach ()
target_sources(${lib} PRIVATE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.syms")
target_link_libraries(${lib} PRIVATE "-exported_symbols_list ${libname}.syms")
elseif (UNIX)
# Assume GNU ld.
file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" "{ global:\n")
foreach (symbol IN LISTS symbols)
file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" " ${symbol};\n")
endforeach ()
file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" "local:\n *;\n};\n")
target_link_libraries(${lib} PRIVATE "-Wl,--version-script=${libname}.ver")
else ()
message(WARNING "Unknown platform, ${lib} exports not set.")
endif ()
endfunction ()

25
cmake/modules/TargetSharedLibraryVersion.cmake
View File

@ -1,25 +0,0 @@
# Add version to given shared library linkage.
function(target_shared_library_version lib version_current version_revision version_age)
if (APPLE)
# Follow libtool. Add one to major version, as version 0 doesn't work.
# But tag dynlib name with current-age.
math(EXPR major_version "${version_current}+1")
math(EXPR dynlib_version "${version_current}-${version_age}")
set_target_properties(${lib} PROPERTIES VERSION "${dynlib_version}")
target_link_libraries(${lib} PRIVATE "-compatibility_version ${major_version}")
target_link_libraries(${lib} PRIVATE "-current_version ${major_version}.${version_revision}")
elseif (UNIX OR MINGW OR MSYS OR CYGWIN)
# Assume GNU ld, and again follow libtool. Major version is current-age.
math(EXPR compat_version "${version_current}-${version_age}")
set_target_properties(${lib} PROPERTIES VERSION "${compat_version}.${version_age}.${version_revision}" SOVERSION "${compat_version}")
elseif (WIN32)
set(rc_template "${CMAKE_CURRENT_SOURCE_DIR}/cmake/include/${lib}_version.rc.in")
if (EXISTS ${rc_template})
configure_file(${rc_template} ${lib}.rc @ONLY)
target_sources(${lib} PRIVATE ${lib}.rc)
endif ()
target_link_libraries(${lib} PRIVATE "-VERSION:${version_current}.${version_revision}")
else ()
message(WARNING "Unknown platform, ${lib} will not be versioned.")
endif ()
endfunction ()

4
cmake/tests/test___func__.c
View File

@ -1,4 +0,0 @@
int main (int ac, char *av[])
{
char *s = __func__;
}

11
cmake/tests/test_poll.c
View File

@ -1,11 +0,0 @@
#ifdef HAVE_SYS_POLL_H
#include <sys/poll.h>
#else
#include <poll.h>
#endif
int main (int ac, char *av[])
{
int rc;
rc = poll((struct pollfd *)(0), 0, 0);
}

12
cmake/tests/test_uv_cb.c
View File

@ -1,12 +0,0 @@
#include <uv.h>
void test_cb(uv_timer_t *handle)
{
(void) handle;
}
int main(int ac, char *av[])
{
uv_timer_cb cb = test_cb;
(*cb)(0);
}

1761
configure.ac Normal file
View File

File diff suppressed because it is too large Load Diff

93
doc/Makefile.in Normal file
View File

@ -0,0 +1,93 @@
#
# @configure_input@
#
#
# Copyright (c) 2013, Verisign, Inc., NLnet Labs
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the names of the copyright holders nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package = @PACKAGE_NAME@
version = @PACKAGE_VERSION@
tarname = @PACKAGE_TARNAME@
distdir = $(tarname)-$(version)
api_version = @API_VERSION@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
# datarootdir is here to please some checkers
datarootdir=@datarootdir@
mandir = @mandir@
INSTALL = @INSTALL@
srcdir = @srcdir@
VPATH = @srcdir@
EDITS=-e 's/@''version@/$(version)/g'
DOXYGEN = @DOXYGEN@
DOCDIRS = html latex man
MANPAGES3 = libgetdns.3 getdns_address.3 getdns_cancel_callback.3 getdns_context.3 getdns_context_set.3 getdns_context_set_context_update_callback.3 getdns_convert.3 getdns_dict.3 getdns_dict_get.3 getdns_dict_set.3 getdns_display_ip_address.3 getdns_general.3 getdns_hostname.3 getdns_list.3 getdns_list_get.3 getdns_list_set.3 getdns_pretty_print_dict.3 getdns_root_trust_anchor.3 getdns_service.3 getdns_validate_dnssec.3
default: all
all: doc
doc: $(MANPAGES3)
if test x_$(DOXYGEN) != x_ ; then cd ../src; doxygen; fi
.SUFFIXES: .3.in .3
.3.in.3:
sed $(EDITS) -e "s/@date@/$(api_version)/g" $< > $@
# we assume that we want a separate file for each "name" specified for each man page
# and consider these "alternate names" simple copies of the main man page
install: $(MANPAGES3)
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man3
for x in $(MANPAGES3); do echo $(INSTALL) -m 644 $$x $(DESTDIR)$(mandir)/man3; $(INSTALL) -m 644 $$x $(DESTDIR)$(mandir)/man3; for altpg in $$($(srcdir)/manpgaltnames $$x); do cp $$x $$altpg; echo $(INSTALL) -m 644 $$altpg $(DESTDIR)$(mandir)/man3; $(INSTALL) -m 644 $$altpg $(DESTDIR)$(mandir)/man3; done; done
check: $(MANPAGES3)
for x in $(MANPAGES3); do LC_ALL=en_US.UTF-8 MANROFFSEQ='' MANWIDTH=80 man --warnings -E UTF-8 -l -Tutf8 -Z $$x 2>&1 >/dev/null | awk "-vpage=$$x" '{printf("%s: ", page);print}'; if ! lexgrog $$x >/dev/null 2>&1 ; then echo $$x: manpage-has-bad-whatis-entry; fi; done
uninstall:
for x in $(MANPAGES3); do echo rm -f $(DESTDIR)$(mandir)/man3/$$x; rm -f $(DESTDIR)$(mandir)/man3/$$x; for altpg in $$($(srcdir)/manpgaltnames $$x); do echo rm -f $(DESTDIR)$(mandir)/man3/$$altpg; rm -f $(DESTDIR)$(mandir)/man3/$$altpg; done; done
clean:
for x in $(MANPAGES3); do rm -f $$($(srcdir)/manpgaltnames $$x); done
rm -f tagfile
rm -rf $(DOCDIRS) $(MANPAGES3)
distclean : clean
rm -f Makefile config.status config.log
rm -Rf autom4te.cache
Makefile: Makefile.in ../config.status
cd .. && ./config.status $@
configure.status: configure
cd .. && ./config.status --recheck
.PHONY: clean $(DOC)

0
project-doc/check_getdns_testcases.doc → doc/check_getdns_testcases.doc
View File

2
doc/getdns_general.3.in
View File

@ -76,7 +76,7 @@ getdns_dict **response)
The getdns_general(3) and getdns_general_sync functions provide public entry
points into the getdns API library to retrieve any valid responses to a query
from the DNS (note that other namespaces in the context are not used). Most
typical use cases for applications are probably satisfied via calls to
typical use cases for applications are probably satisifed via calls to
getdns_address(3) which would replace getaddrinfo(3).
.HP 3

6
getdns.pc.in
View File

@ -1,9 +1,9 @@
prefix=@prefix@
exec_prefix=${prefix}
libdir=@libdir_for_pc_file@
includedir=@includedir_for_pc_file@
libdir=${exec_prefix}/lib
includedir=${prefix}/include
Name: getdns
Name: getdns
Version: @GETDNS_VERSION@
Description: A modern asynchronous DNS library

6
getdns_ext_event.pc.in
View File

@ -1,9 +1,9 @@
prefix=@prefix@
exec_prefix=${prefix}
libdir=${exec_prefix}/@CMAKE_INSTALL_LIBDIR@
includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
libdir=${exec_prefix}/lib
includedir=${prefix}/include
Name: getdns_ext_event
Name: getdns_ext_event
Version: @GETDNS_VERSION@
Description: A modern asynchronous DNS library

81
m4/acx_getaddrinfo.m4 Normal file
View File

@ -0,0 +1,81 @@
# Taken from acx_nlnetlabs.m4 - common macros for configure checks
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
dnl Check getaddrinfo.
dnl Works on linux, solaris, bsd and windows(links winsock).
dnl defines HAVE_GETADDRINFO, USE_WINSOCK.
AC_DEFUN([ACX_CHECK_GETADDRINFO_WITH_INCLUDES],
[AC_REQUIRE([AC_PROG_CC])
AC_MSG_CHECKING(for getaddrinfo)
ac_cv_func_getaddrinfo=no
AC_LINK_IFELSE(
[AC_LANG_SOURCE([[
#ifdef __cplusplus
extern "C"
{
#endif
char* getaddrinfo();
char* (*f) () = getaddrinfo;
#ifdef __cplusplus
}
#endif
int main() {
;
return 0;
}
]])],
dnl this case on linux, solaris, bsd
[ac_cv_func_getaddrinfo="yes"
dnl see if on windows
if test "$ac_cv_header_windows_h" = "yes"; then
AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
USE_WINSOCK="1"
LIBS="$LIBS -lws2_32 -lcrypt32"
fi
],
dnl no quick getaddrinfo, try mingw32 and winsock2 library.
ORIGLIBS="$LIBS"
LIBS="$LIBS -lws2_32 -lcrypt32"
AC_LINK_IFELSE(
[AC_LANG_PROGRAM(
[
#define _WIN32_WINNT 0x0501
#ifdef HAVE_WINDOWS_H
#include <windows.h>
#endif
#ifdef HAVE_WINSOCK_H
#include <winsock.h>
#endif
#ifdef HAVE_WINSOCK2_H
#include <winsock2.h>
#endif
#include <stdio.h>
#ifdef HAVE_WS2TCPIP_H
#include <ws2tcpip.h>
#endif
],
[
(void)getaddrinfo(NULL, NULL, NULL, NULL);
]
)],
[
ac_cv_func_getaddrinfo="yes"
dnl already: LIBS="$LIBS -lws2_32 -lcrypt32"
AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
USE_WINSOCK="1"
],
[
ac_cv_func_getaddrinfo="no"
LIBS="$ORIGLIBS"
])
)
AC_MSG_RESULT($ac_cv_func_getaddrinfo)
if test $ac_cv_func_getaddrinfo = yes; then
AC_DEFINE(HAVE_GETADDRINFO, 1, [Whether getaddrinfo is available])
fi
])dnl Endof AC_CHECK_GETADDRINFO_WITH_INCLUDES
dnl End of file

164
m4/acx_openssl.m4 Normal file
View File

@ -0,0 +1,164 @@
# Taken from acx_nlnetlabs.m4 - common macros for configure checks
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
dnl Add a -R to the RUNTIME_PATH. Only if rpath is enabled and it is
dnl an absolute path.
dnl $1: the pathname to add.
AC_DEFUN([ACX_RUNTIME_PATH_ADD], [
if test "x$enable_rpath" = xyes; then
if echo "$1" | grep "^/" >/dev/null; then
RUNTIME_PATH="$RUNTIME_PATH -R$1"
fi
fi
])
dnl Common code for both ACX_WITH_SSL and ACX_WITH_SSL_OPTIONAL
dnl Takes one argument; the withval checked in those 2 functions
dnl sets up the environment for the given openssl path
AC_DEFUN([ACX_SSL_CHECKS], [
withval=$1
if test x_$withval != x_no; then
AC_MSG_CHECKING(for SSL)
if test x_$withval = x_ -o x_$withval = x_yes; then
withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr"
fi
for dir in $withval; do
ssldir="$dir"
if test -f "$dir/include/openssl/ssl.h"; then
found_ssl="yes"
AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.])
dnl assume /usr/include is already in the include-path.
if test "$ssldir" != "/usr"; then
CPPFLAGS="$CPPFLAGS -I$ssldir/include"
LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir/include"
fi
break;
fi
done
if test x_$found_ssl != x_yes; then
AC_MSG_ERROR(Cannot find the SSL libraries in $withval)
else
AC_MSG_RESULT(found in $ssldir)
HAVE_SSL=yes
dnl assume /usr is already in the lib and dynlib paths.
if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
LDFLAGS="$LDFLAGS -L$ssldir/lib"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
ACX_RUNTIME_PATH_ADD([$ssldir/lib])
fi
AC_MSG_CHECKING([for HMAC_Update in -lcrypto])
LIBS="-lssl -lcrypto $LIBS"
LIBSSL_LIBS="-lssl -lcrypto $LIBSSL_LIBS"
AC_TRY_LINK(, [
int HMAC_Update(void);
(void)HMAC_Update();
], [
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_MSG_RESULT(yes)
], [
AC_MSG_RESULT(no)
# check if -lwsock32 or -lgdi32 are needed.
BAKLIBS="$LIBS"
BAKSSLLIBS="$LIBSSL_LIBS"
LIBS="$LIBS -lgdi32"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
LIBS="$LIBS -ldl"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
AC_MSG_CHECKING([if -lcrypto needs -ldl])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])
])
])
])
fi
AC_SUBST(HAVE_SSL)
AC_SUBST(RUNTIME_PATH)
fi
AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT])
dnl TLS v1.2 requires OpenSSL 1.0.1
AC_CHECK_FUNC(TLSv1_2_client_method,AC_DEFINE([HAVE_TLS_v1_2], [1],
[Define if you have libssl with tls 1.2]),[AC_MSG_WARN([Cannot find TLSv1_2_client_method in libssl library. TLS will not be available.])])
dnl Native OpenSSL hostname verification requires OpenSSL 1.0.2
AC_CHECK_FUNC(SSL_CTX_get0_param,AC_DEFINE([HAVE_SSL_HN_AUTH], [1],
[Define if you have libssl with host name verification]),[AC_MSG_WARN([Cannot find SSL_CTX_get0_param in libssl library. TLS hostname verification will not be available.])])
])
dnl Check for SSL, where SSL is mandatory
dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found
dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS.
dnl Checks main header files of SSL.
dnl
AC_DEFUN([ACX_WITH_SSL],
[
AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
[enable SSL (will check /usr/local/ssl
/usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
])
if test x_$withval = x_no; then
AC_MSG_ERROR([Need SSL library to do digital signature cryptography])
fi
ACX_SSL_CHECKS($withval)
])dnl End of ACX_WITH_SSL
dnl Check for SSL, where ssl is optional (--without-ssl is allowed)
dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found
dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS.
dnl Checks main header files of SSL.
dnl
AC_DEFUN([ACX_WITH_SSL_OPTIONAL],
[
AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
[enable SSL (will check /usr/local/ssl
/usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
])
ACX_SSL_CHECKS($withval)
])dnl End of ACX_WITH_SSL_OPTIONAL
dnl Setup to use -lssl
dnl To use -lcrypto, use the ACX_WITH_SSL setup (before this one).
AC_DEFUN([ACX_LIB_SSL],
[
# check if libssl needs libdl
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
AC_MSG_CHECKING([if libssl needs libdl])
AC_TRY_LINK_FUNC([SSL_CTX_new], [
AC_MSG_RESULT([no])
LIBS="$BAKLIBS"
] , [
AC_MSG_RESULT([yes])
LIBS="$BAKLIBS"
AC_SEARCH_LIBS([dlopen], [dl])
]) ])dnl End of ACX_LIB_SSL

74
m4/ax_check_compile_flag.m4 Normal file
View File

@ -0,0 +1,74 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
#
# DESCRIPTION
#
# Check whether the given FLAG works with the current language's compiler
# or gives an error. (Warnings, however, are ignored)
#
# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
# success/failure.
#
# If EXTRA-FLAGS is defined, it is added to the current language's default
# flags (e.g. CFLAGS) when the check is done. The check is thus made with
# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
# force the compiler to issue an error when a bad flag is given.
#
# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
#
# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
#
# LICENSE
#
# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 3
AC_DEFUN([AX_CHECK_COMPILE_FLAG],
[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
_AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
[AS_VAR_SET(CACHEVAR,[yes])],
[AS_VAR_SET(CACHEVAR,[no])])
_AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
[m4_default([$2], :)],
[m4_default([$3], :)])
AS_VAR_POPDEF([CACHEVAR])dnl
])dnl AX_CHECK_COMPILE_FLAGS

214
m4/pkg.m4 Normal file
View File

@ -0,0 +1,214 @@
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
# serial 1 (pkg-config-0.24)
#
# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# PKG_PROG_PKG_CONFIG([MIN-VERSION])
# ----------------------------------
AC_DEFUN([PKG_PROG_PKG_CONFIG],
[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=m4_default([$1], [0.9.0])
AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
PKG_CONFIG=""
fi
fi[]dnl
])# PKG_PROG_PKG_CONFIG
# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
#
# Check to see whether a particular set of modules exists. Similar
# to PKG_CHECK_MODULES(), but does not set variables or print errors.
#
# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
# only at the first occurence in configure.ac, so if the first place
# it's called might be skipped (such as if it is within an "if", you
# have to call PKG_CHECK_EXISTS manually
# --------------------------------------------------------------
AC_DEFUN([PKG_CHECK_EXISTS],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
if test -n "$PKG_CONFIG" && \
AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
m4_default([$2], [:])
m4_ifvaln([$3], [else
$3])dnl
fi])
# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
# ---------------------------------------------
m4_define([_PKG_CONFIG],
[if test -n "$$1"; then
pkg_cv_[]$1="$$1"
elif test -n "$PKG_CONFIG"; then
PKG_CHECK_EXISTS([$3],
[pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes ],
[pkg_failed=yes])
else
pkg_failed=untried
fi[]dnl
])# _PKG_CONFIG
# _PKG_SHORT_ERRORS_SUPPORTED
# -----------------------------
AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
_pkg_short_errors_supported=yes
else
_pkg_short_errors_supported=no
fi[]dnl
])# _PKG_SHORT_ERRORS_SUPPORTED
# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
# [ACTION-IF-NOT-FOUND])
#
#
# Note that if there is a possibility the first call to
# PKG_CHECK_MODULES might not happen, you should be sure to include an
# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
#
#
# --------------------------------------------------------------
AC_DEFUN([PKG_CHECK_MODULES],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
pkg_failed=no
AC_MSG_CHECKING([for $1])
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
and $1[]_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.])
if test $pkg_failed = yes; then
AC_MSG_RESULT([no])
_PKG_SHORT_ERRORS_SUPPORTED
if test $_pkg_short_errors_supported = yes; then
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
else
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
m4_default([$4], [AC_MSG_ERROR(
[Package requirements ($2) were not met:
$$1_PKG_ERRORS
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
_PKG_TEXT])[]dnl
])
elif test $pkg_failed = untried; then
AC_MSG_RESULT([no])
m4_default([$4], [AC_MSG_FAILURE(
[The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
_PKG_TEXT
To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
])
else
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
AC_MSG_RESULT([yes])
$3
fi[]dnl
])# PKG_CHECK_MODULES
# PKG_INSTALLDIR(DIRECTORY)
# -------------------------
# Substitutes the variable pkgconfigdir as the location where a module
# should install pkg-config .pc files. By default the directory is
# $libdir/pkgconfig, but the default can be changed by passing
# DIRECTORY. The user can override through the --with-pkgconfigdir
# parameter.
AC_DEFUN([PKG_INSTALLDIR],
[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
m4_pushdef([pkg_description],
[pkg-config installation directory @<:@]pkg_default[@:>@])
AC_ARG_WITH([pkgconfigdir],
[AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
[with_pkgconfigdir=]pkg_default)
AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
m4_popdef([pkg_default])
m4_popdef([pkg_description])
]) dnl PKG_INSTALLDIR
# PKG_NOARCH_INSTALLDIR(DIRECTORY)
# -------------------------
# Substitutes the variable noarch_pkgconfigdir as the location where a
# module should install arch-independent pkg-config .pc files. By
# default the directory is $datadir/pkgconfig, but the default can be
# changed by passing DIRECTORY. The user can override through the
# --with-noarch-pkgconfigdir parameter.
AC_DEFUN([PKG_NOARCH_INSTALLDIR],
[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
m4_pushdef([pkg_description],
[pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
AC_ARG_WITH([noarch-pkgconfigdir],
[AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
[with_noarch_pkgconfigdir=]pkg_default)
AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
m4_popdef([pkg_default])
m4_popdef([pkg_description])
]) dnl PKG_NOARCH_INSTALLDIR
# PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
# -------------------------------------------
# Retrieves the value of the pkg-config variable for the given module.
AC_DEFUN([PKG_CHECK_VAR],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
_PKG_CONFIG([$1], [variable="][$3]["], [$2])
AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl
])# PKG_CHECK_VAR

10
project-doc/freebsd-tests-notes.txt
View File

@ -1,10 +0,0 @@
pkg update
pkg upgrade
pkg install -y gawk unbound valgrind bash check cmake git libyaml libevent libuv
git clone git@github.com:getdnsapi/getdns.git
cd getdns/
git checkout remotes/origin/release/1.6.0-beta.1
mkdir test
cd test/
../src/test/tpkg/run-all.sh

21
project-doc/makedist.sh
View File

@ -1,21 +0,0 @@
#!/bin/bash
[ ! -f git-archive-all.sh ] && wget "https://raw.githubusercontent.com/meitar/git-archive-all.sh/master/git-archive-all.sh"
[ ! -x git-archive-all.sh ] && chmod +x git-archive-all.sh
[ ! -f git-archive-all.sh ] && exit 1
GIT_ARCHIVE="`pwd`/git-archive-all.sh"
git submodule update --init
GIT_ROOT=`git rev-parse --show-toplevel`
version=`awk '/^set\(PACKAGE_VERSION/{V=$2}
/^set\(RELEASE_CANDIDATE/{RC=$2}
END{print V""RC}' "$GIT_ROOT/CMakeLists.txt" | sed 's/[")]//g'`
output_file="getdns-${version}.tar.gz"
( cd "$GIT_ROOT" \
&& "$GIT_ARCHIVE" --prefix "getdns-$version/" --format tar.gz \
--worktree-attributes -- - ) > "$output_file"
openssl md5 "$output_file" > "${output_file}.md5"
openssl sha1 "$output_file" > "${output_file}.sha1"
openssl sha256 "$output_file" > "${output_file}.sha256"
gpg --armor --detach-sig "$output_file"
[ -f "$output_file" -a -f "${output_file}.md5" -a -f "${output_file}.sha1" -a -f "${output_file}.sha256" -a -f "${output_file}.asc" ] \
&& rm git-archive-all.sh

20
project-doc/packages.txt
View File

@ -1,20 +0,0 @@
Some notes about packages and maintainers.
For Homebrew, created and maintained by ilovezfs
https://github.com/Homebrew/homebrew-core/Formula/getdns.rb
https://github.com/Homebrew/homebrew-core/Formula/stubby.rb
For Arch, created and maintained by Bruno Pagani (ArchangeGabriel)
For OpenWRT, created and maintained by David Mora (iamperson347)
https://github.com/openwrt/packages/tree/master/libs/getdns
https://github.com/openwrt/packages/tree/master/net/stubby
For AstLinux Project, created and maintained by Lonnie Abelbeck (abelbeck)
https://github.com/astlinux-project/astlinux/tree/master/package/getdns
For Genode, created and maintained by Emery Hemingway (ehmry)
https://github.com/genodelabs/genode/blob/master/repos/ports/ports/getdns.port
For Gentoo, created and maintained by CaseOf (Quentin R.?)
https://packages.gentoo.org/packages/net-dns/getdns

172
spec/example/Makefile.in Normal file
View File

@ -0,0 +1,172 @@
#
# @configure_input@
#
# Copyright (c) 2013, Verisign, Inc., NLNet Labs
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the names of the copyright holders nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package = @PACKAGE_NAME@
version = @PACKAGE_VERSION@
tarname = @PACKAGE_TARNAME@
distdir = $(tarname)-$(version)
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
LIBTOOL = ../../libtool
srcdir = @srcdir@
EXTENSION_LIBEVENT_EXT_LIBS=@EXTENSION_LIBEVENT_EXT_LIBS@
EXTENSION_LIBEVENT_LDFLAGS=@EXTENSION_LIBEVENT_LDFLAGS@
EXTENSION_LIBEVENT_LIB=../../src/libgetdns_ext_event.la
CC=@CC@
CFLAGS=-I$(srcdir) -I$(srcdir)/../../src -I../../src @CFLAGS@
LDFLAGS=@LDFLAGS@ -L../../src
LDLIBS=../../src/libgetdns.la @LIBS@
OBJS=example-all-functions.lo example-simple-answers.lo example-tree.lo example-synchronous.lo example-reverse.lo
PROGRAMS=example-all-functions example-synchronous example-simple-answers example-tree example-reverse
.SUFFIXES: .c .o .a .lo .h
.c.o:
$(CC) $(CFLAGS) -c $< -o $@
.c.lo:
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
default: all
example: all
all: $(PROGRAMS)
$(OBJS):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@
example-all-functions: example-all-functions.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ example-all-functions.lo
example-synchronous: example-synchronous.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ example-synchronous.lo
$(EXTENSION_LIBEVENT_LIB):
@echo "***"
@echo "*** Three examples from the specification need libevent."
@echo "*** libevent was not found or usable at configure time."
@echo "*** To compile and run all examples from the spec, make sure"
@echo "*** libevent is available and usable during configuration."
@echo "***"
@false
example-simple-answers: example-simple-answers.lo $(EXTENSION_LIBEVENT_LIB)
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) $(LDLIBS) -o $@ example-simple-answers.lo
example-tree: example-tree.lo $(EXTENSION_LIBEVENT_LIB)
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) $(LDLIBS) -o $@ example-tree.lo
example-reverse: example-reverse.lo $(EXTENSION_LIBEVENT_LIB)
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) $(LDLIBS) -o $@ example-reverse.lo
clean:
rm -f *.o *.lo $(PROGRAMS)
rm -rf .libs
distclean : clean
rm -f Makefile config.status config.log
rm -Rf autom4te.cache
$(distdir): FORCE
mkdir -p $(distdir)/src
cp configure.ac $(distdir)
cp configure $(distdir)
cp Makefile.in $(distdir)
cp src/Makefile.in $(distdir)/src
distcheck: $(distdir).tar.gz
gzip -cd $(distdir).tar.gz | tar xvf -
cd $(distdir) && ./configure
cd $(distdir) && $(MAKE) all
cd $(distdir) && $(MAKE) check
cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst install
cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst uninstall
@remaining="`find $${PWD}/$(distdir)/_inst -type f | wc -l`"; \
if test "$${remaining}" -ne 0; then
echo "@@@ $${remaining} file(s) remaining in stage directory!"; \
exit 1; \
fi
cd $(distdir) && $(MAKE) clean
rm -rf $(distdir)
@echo "*** Package $(distdir).tar.gz is ready for distribution"
Makefile: $(srcdir)/Makefile.in ../../config.status
cd ../.. && ./config.status spec/example/Makefile
configure.status: configure
cd ../.. && ./config.status --recheck
.PHONY: clean
depend:
(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I../../src -I"$$blddir"/../../src *.c | \
sed -e "s? $$blddir/? ?g" \
-e 's? \([a-z_-]*\)\.\([ch]\)? $$(srcdir)/\1.\2?g' \
-e 's? \$$(srcdir)/\.\./\.\./src/config\.h? ../../src/config.h?g' \
-e 's? $$(srcdir)/\.\./\.\./src/getdns/getdns_extra\.h? ../../src/getdns/getdns_extra.h?g' \
-e 's? \.\./\.\./src/getdns/getdns_ext_libevent\.h? $$(srcdir)/../../src/getdns/getdns_ext_libevent.h?g' \
-e 's? \.\./\.\./src/getdns/getdns_ext_libev\.h? $$(srcdir)/../../src/getdns/getdns_ext_libev.h?g' \
-e 's? \.\./\.\./src/getdns/getdns_ext_libuv\.h? $$(srcdir)/../../src/getdns/getdns_ext_libuv.h?g' \
-e 's? \.\./\.\./src/debug\.h? $$(srcdir)/../../src/debug.h?g' \
-e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' >> Makefile.in.new )
(cd $(srcdir) ; diff Makefile.in.new Makefile.in && rm Makefile.in.new \
|| mv Makefile.in.new Makefile.in )
# Dependencies for the examples
example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
../../src/config.h \
../../src/getdns/getdns.h \
$(srcdir)/../../src/getdns/getdns_ext_libevent.h \
../../src/getdns/getdns_extra.h
example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
../../src/config.h \
../../src/getdns/getdns.h \
$(srcdir)/../../src/getdns/getdns_ext_libevent.h \
../../src/getdns/getdns_extra.h
example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
../../src/config.h \
../../src/getdns/getdns.h \
$(srcdir)/../../src/getdns/getdns_ext_libevent.h \
../../src/getdns/getdns_extra.h
example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
../../src/getdns/getdns.h
example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
../../src/config.h \
../../src/getdns/getdns.h \
$(srcdir)/../../src/getdns/getdns_ext_libevent.h \
../../src/getdns/getdns_extra.h

2
src/Doxyfile.in
View File

@ -58,7 +58,7 @@ PROJECT_LOGO =
# entered, it will be relative to the location where doxygen was started. If
# left blank the current directory will be used.
OUTPUT_DIRECTORY = doc
OUTPUT_DIRECTORY = ../doc
# If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub-
# directories (in 2 levels) under the output directory of each output format and

618
src/Makefile.in Normal file
View File

@ -0,0 +1,618 @@
#
# @configure_input@
#
# Copyright (c) 2013, Verisign, Inc., NLnet Labs
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the names of the copyright holders nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package = @PACKAGE_NAME@
version = @PACKAGE_VERSION@
tarname = @PACKAGE_TARNAME@
distdir = $(tarname)-$(version)
libversion = @GETDNS_LIBVERSION@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libdir = @libdir@
includedir = @includedir@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
runstatedir = @runstatedir@
stubbyconfdir = $(sysconfdir)/stubby
have_libevent = @have_libevent@
have_libuv = @have_libuv@
have_libev = @have_libev@
# datarootdir is here to please some checkers
datarootdir=@datarootdir@
mandir=@mandir@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
srcdir = @srcdir@
stubbysrcdir = $(srcdir)/../stubby
LIBTOOL = ../libtool
CC=@CC@
CFLAGS=-I$(srcdir) -I. -I$(srcdir)/util/auxiliary -I$(stubbysrcdir)/src @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
WPEDANTICFLAG=@WPEDANTICFLAG@
WNOERRORFLAG=@WNOERRORFLAG@
LDFLAGS=@LDFLAGS@ @LIBS@
STUBBY_LDFLAGS=@STUBBY_LDFLAGS@ @STUBBY_LIBS@
EXTENSION_LIBEVENT_LIB=@EXTENSION_LIBEVENT_LIB@
EXTENSION_LIBEVENT_EXT_LIBS=@EXTENSION_LIBEVENT_EXT_LIBS@
EXTENSION_LIBEVENT_LDFLAGS=@EXTENSION_LIBEVENT_LDFLAGS@
EXTENSION_LIBEV_LIB=@EXTENSION_LIBEV_LIB@
EXTENSION_LIBEV_EXT_LIBS=@EXTENSION_LIBEV_EXT_LIBS@
EXTENSION_LIBEV_LDFLAGS=@EXTENSION_LIBEV_LDFLAGS@
EXTENSION_LIBUV_LIB=@EXTENSION_LIBUV_LIB@
EXTENSION_LIBUV_EXT_LIBS=@EXTENSION_LIBUV_EXT_LIBS@
EXTENSION_LIBUV_LDFLAGS=@EXTENSION_LIBUV_LDFLAGS@
C99COMPATFLAGS=@C99COMPATFLAGS@
DEFAULT_EVENTLOOP_OBJ=@DEFAULT_EVENTLOOP@.lo
GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
list.lo request-internal.lo platform.lo pubkey-pinning.lo rr-dict.lo \
rr-iter.lo server.lo stub.lo sync.lo ub_loop.lo util-internal.lo \
mdns.lo
GLDNS_OBJ=keyraw.lo gbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \
str2wire.lo
PROGRAMS=@STUBBY@
LIBOBJDIR=
LIBOBJS=@LIBOBJS@
COMPAT_OBJ=$(LIBOBJS:.o=.lo)
UTIL_OBJ=rbtree.lo val_secalgo.lo lruhash.lo lookup3.lo locks.lo
JSMN_OBJ=jsmn.lo
YXML_OBJ=yxml.lo
YAML_OBJ=convert_yaml_to_json.lo
DANESSL_OBJ=danessl.lo
GETDNS_XTRA_OBJS=@GETDNS_XTRA_OBJS@ @DANESSL_XTRA_OBJS@
STUBBY_XTRA_OBJS=@STUBBY_XTRA_OBJS@
EXTENSION_OBJ=$(DEFAULT_EVENTLOOP_OBJ) libevent.lo libev.lo
NON_C99_OBJS=libuv.lo context.lo anchor.lo
.SUFFIXES: .c .o .a .lo .h
.c.o:
$(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $< -o $@
.c.lo:
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $< -o $@
default: all
all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB) $(PROGRAMS)
$(GETDNS_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/$(@:.lo=.c) -o $@
$(GLDNS_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/gldns/$(@:.lo=.c) -o $@
$(COMPAT_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/compat/$(@:.lo=.c) -o $@
$(UTIL_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WNOERRORFLAG) -c $(srcdir)/util/$(@:.lo=.c) -o $@
$(JSMN_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -DJSMN_GETDNS -c $(srcdir)/jsmn/$(@:.lo=.c) -o $@
$(YAML_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(stubbysrcdir)/src/yaml/$(@:.lo=.c) -o $@
$(DANESSL_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WNOERRORFLAG) -c $(srcdir)/ssl_dane/$(@:.lo=.c) -o $@
$(YXML_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -I$(srcdir)/yxml -DYXML_GETDNS -Wno-unused-parameter -c $(srcdir)/yxml/$(@:.lo=.c) -o $@
$(EXTENSION_OBJ):
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/extension/$(@:.lo=.c) -o $@
anchor.lo:
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/anchor.c -o anchor.lo
context.lo:
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/context.c -o context.lo
libuv.lo:
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/extension/libuv.c -o libuv.lo
install-headers: getdns/getdns.h getdns/getdns_extra.h
$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)
$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/getdns
$(INSTALL) -m 644 getdns/getdns.h $(DESTDIR)$(includedir)/getdns/getdns.h
$(INSTALL) -m 644 getdns/getdns_extra.h $(DESTDIR)$(includedir)/getdns/getdns_extra.h
if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; fi
if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; fi
if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; fi
uninstall-headers:
rm -rf $(DESTDIR)$(includedir)/getdns
install-libs: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB)
$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)
$(LIBTOOL) --mode=install cp libgetdns.la $(DESTDIR)$(libdir)
if test $(have_libevent) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libuv) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
if test $(have_libev) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
$(LIBTOOL) --mode=finish $(DESTDIR)$(libdir)
uninstall-libs:
if test $(have_libevent) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEVENT_LIB) ; fi
if test $(have_libuv) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBUV_LIB) ; fi
if test $(have_libev) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEV_LIB) ; fi
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
install: install-libs install-headers @INSTALL_STUBBY@
uninstall: @UNINSTALL_STUBBY@ uninstall-headers uninstall-libs
libgetdns_ext_event.la: libgetdns.la libevent.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libevent.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libevent.symbols
libgetdns_ext_uv.la: libgetdns.la libuv.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libuv.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBUV_LDFLAGS) $(EXTENSION_LIBUV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libuv.symbols
libgetdns_ext_ev.la: libgetdns.la libev.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
libgetdns.la: $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(GETDNS_XTRA_OBJS)
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(GETDNS_XTRA_OBJS) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
test: default
cd test && $(MAKE) $@
getdns_query: default
cd tools && $(MAKE) $@
getdns_server_mon: default
cd tools && $(MAKE) $@
stubby.1: $(stubbysrcdir)/doc/stubby.1.in
sed -e "s|@ETCDIR@|$(stubbyconfdir)|g" $(stubbysrcdir)/doc/stubby.1.in > $@
stubby.lo: $(stubbysrcdir)/src/stubby.c
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -DSTUBBYCONFDIR=\"$(sysconfdir)/stubby\" -DRUNSTATEDIR=\"$(runstatedir)\" -c $(stubbysrcdir)/src/stubby.c -o $@
stubby: stubby.lo libgetdns.la $(STUBBY_XTRA_OBJS)
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(STUBBY_XTRA_OBJS) $(STUBBY_LDFLAGS) libgetdns.la
install-stubby-files-unix: $(stubbysrcdir)/stubby.yml.example
$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
test -f $(DESTDIR)$(stubbyconfdir)/stubby.yml || \
$(INSTALL_DATA) $(stubbysrcdir)/stubby.yml.example $(DESTDIR)$(stubbyconfdir)/stubby.yml
install-stubby-files-macos: $(stubbysrcdir)/macos/stubby-setdns-macos.sh install-stubby-files-unix
$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)
$(INSTALL) -m 755 $(stubbysrcdir)/macos/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
stubby.yml.windows: $(stubbysrcdir)/stubby.yml.example
awk "{sub(/$$/,\"\r\")}1" $(stubbysrcdir)/stubby.yml.example > stubby.yml.windows
install-stubby-files-windows: stubby.yml.windows
$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
test -f $(DESTDIR)$(stubbyconfdir)/stubby.yml || \
$(INSTALL_DATA) stubby.yml.windows $(DESTDIR)$(stubbyconfdir)/stubby.yml
install-stubby: stubby stubby.1 install-stubby-files-@HOSTOS@
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
$(LIBTOOL) --mode=install cp stubby $(DESTDIR)$(bindir)
$(INSTALL) -m 755 -d $(DESTDIR)$(runstatedir)
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man1
$(INSTALL) -m 644 stubby\.1 $(DESTDIR)$(mandir)/man1
uninstall-stubby:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
rm -f $(DESTDIR)$(sbindir)/stubby-setdns-macos.sh
rm -f $(DESTDIR)$(mandir)/man1/stubby.1
scratchpad: default
cd test && $(MAKE) $@
pad: scratchpad
clean:
cd tools && $(MAKE) $@
cd test && $(MAKE) $@
rm -f *.o *.lo extension/*.lo extension/*.o $(PROGRAMS) libgetdns.la libgetdns_ext_*.la
rm -rf .libs extension/.libs
distclean : clean
cd tools && $(MAKE) $@
cd test && $(MAKE) $@
rmdir test 2>/dev/null || true
rm -f Makefile config.status config.log Doxyfile config.h version.c getdns/Makefile getdns/getdns.h getdns/getdns_extra.h
rmdir getdns 2>/dev/null || true
rmdir extension 2>/dev/null || true
rm -Rf autom4te.cache
Makefile: $(srcdir)/Makefile.in ../config.status
cd .. && ./config.status src/Makefile
depend:
(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iyxml -Iutil/auxiliary -I../stubby/src *.c gldns/*.c compat/*.c util/*.c jsmn/*.c yxml/*.c ssl_dane/danessl.c extension/*.c ../stubby/src/*.c | \
sed -e "s? $$blddir/? ?g" \
-e 's? gldns/? $$(srcdir)/gldns/?g' \
-e 's? compat/? $$(srcdir)/compat/?g' \
-e 's? util/auxiliary/util/? $$(srcdir)/util/auxiliary/util/?g' \
-e 's? util/? $$(srcdir)/util/?g' \
-e 's? jsmn/? $$(srcdir)/jsmn/?g' \
-e 's? yxml/? $$(srcdir)/yxml/?g' \
-e 's? ssl_dane/? $$(srcdir)/ssl_dane/?g' \
-e 's? extension/? $$(srcdir)/extension/?g' \
-e 's? \.\./stubby/? $$(stubbysrcdir)/?g' \
-e 's? \([a-z_-]*\)\.\([ch]\)? $$(srcdir)/\1.\2?g' \
-e 's? \$$(srcdir)/config\.h? config.h?g' \
-e 's? \$$(srcdir)/getdns/getdns_extra\.h? getdns/getdns_extra.h?g' \
-e 's? \$$(srcdir)/version\.c? version.c?g' \
-e 's? getdns/getdns_ext_libevent\.h? $$(srcdir)/getdns/getdns_ext_libevent.h?g' \
-e 's? getdns/getdns_ext_libev\.h? $$(srcdir)/getdns/getdns_ext_libev.h?g' \
-e 's? getdns/getdns_ext_libuv\.h? $$(srcdir)/getdns/getdns_ext_libuv.h?g' \
-e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' >> Makefile.in.new )
(cd $(srcdir) ; diff Makefile.in.new Makefile.in && rm Makefile.in.new \
|| mv Makefile.in.new Makefile.in )
cd tools && $(MAKE) $@
cd test && $(MAKE) $@
.PHONY: clean test
FORCE:
# Dependencies for gldns, utils, the extensions and compat functions
anchor.lo anchor.o: $(srcdir)/anchor.c \
config.h \
$(srcdir)/debug.h $(srcdir)/anchor.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/types-internal.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/yxml/yxml.h \
$(srcdir)/gldns/parseutil.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
$(srcdir)/gldns/keyraw.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/platform.h
const-info.lo const-info.o: $(srcdir)/const-info.c \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/const-info.h
context.lo context.o: $(srcdir)/context.c \
config.h \
$(srcdir)/anchor.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/debug.h \
$(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/platform.h $(srcdir)/dnssec.h \
$(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h $(srcdir)/ssl_dane/danessl.h
convert.lo convert.o: $(srcdir)/convert.c \
config.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
$(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
$(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/wire2str.h \
$(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
$(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
dict.lo dict.o: $(srcdir)/dict.c \
config.h \
$(srcdir)/types-internal.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
$(srcdir)/gldns/parseutil.h
dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
config.h \
$(srcdir)/debug.h \
getdns/getdns.h \
$(srcdir)/context.h \
getdns/getdns_extra.h \
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
$(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h \
$(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
$(srcdir)/util/orig-headers/val_secalgo.h
general.lo general.o: $(srcdir)/general.c \
config.h \
$(srcdir)/general.h \
getdns/getdns.h \
$(srcdir)/types-internal.h \
getdns/getdns_extra.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
$(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
$(srcdir)/dict.h $(srcdir)/mdns.h $(srcdir)/platform.h
list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
config.h \
$(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/list.h $(srcdir)/dict.h
mdns.lo mdns.o: $(srcdir)/mdns.c \
config.h \
$(srcdir)/debug.h $(srcdir)/context.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h \
$(srcdir)/platform.h $(srcdir)/mdns.h $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
$(srcdir)/util/orig-headers/lookup3.h
platform.lo platform.o: $(srcdir)/platform.c $(srcdir)/platform.h \
config.h
pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
config.h \
$(srcdir)/debug.h \
getdns/getdns.h \
$(srcdir)/context.h \
getdns/getdns_extra.h \
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h
request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
config.h \
$(srcdir)/types-internal.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
$(srcdir)/dict.h $(srcdir)/convert.h $(srcdir)/general.h
rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
config.h \
getdns/getdns.h \
$(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
getdns/getdns_extra.h \
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h \
$(srcdir)/dict.h
rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
config.h \
getdns/getdns.h \
$(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
server.lo server.o: $(srcdir)/server.c \
config.h \
getdns/getdns_extra.h \
getdns/getdns.h \
$(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/platform.h
stub.lo stub.o: $(srcdir)/stub.c \
config.h \
$(srcdir)/debug.h $(srcdir)/stub.h \
getdns/getdns.h \
$(srcdir)/types-internal.h \
getdns/getdns_extra.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
$(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h \
$(srcdir)/rr-dict.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
$(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/anchor.h \
$(srcdir)/util-internal.h $(srcdir)/platform.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h $(srcdir)/ssl_dane/danessl.h
sync.lo sync.o: $(srcdir)/sync.c \
getdns/getdns.h \
config.h \
$(srcdir)/context.h \
getdns/getdns_extra.h \
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
$(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
config.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
config.h \
getdns/getdns.h \
$(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
getdns/getdns_extra.h \
$(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
$(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
$(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/str2wire.h \
$(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
config.h \
$(srcdir)/gldns/gbuffer.h
keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
config.h \
$(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
parse.lo parse.o: $(srcdir)/gldns/parse.c \
config.h \
$(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
config.h \
$(srcdir)/gldns/parseutil.h
rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
config.h \
$(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
config.h \
$(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
config.h \
$(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
$(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
config.h
arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
config.h \
$(srcdir)/compat/chacha_private.h
arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
config.h
explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
config.h
getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
config.h
getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
config.h
getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
config.h
getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
config.h
inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
config.h
inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
config.h
sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
config.h
strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
config.h
strptime.lo strptime.o: $(srcdir)/compat/strptime.c \
config.h
locks.lo locks.o: $(srcdir)/util/locks.c \
config.h \
$(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c \
config.h \
$(srcdir)/util/auxiliary/util/storage/lookup3.h $(srcdir)/util/lookup3.h \
$(srcdir)/util/orig-headers/lookup3.h
lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c \
config.h \
$(srcdir)/util/auxiliary/util/storage/lruhash.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/util/fptr_wlist.h
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
config.h \
$(srcdir)/util/auxiliary/log.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
$(srcdir)/util/auxiliary/fptr_wlist.h $(srcdir)/util/auxiliary/util/fptr_wlist.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
config.h \
$(srcdir)/util/auxiliary/util/data/packed_rrset.h \
$(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
$(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/util/auxiliary/validator/val_nsec3.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
$(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
$(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
yxml.lo yxml.o: $(srcdir)/yxml/yxml.c $(srcdir)/yxml/yxml.h
danessl.lo danessl.o: $(srcdir)/ssl_dane/danessl.c $(srcdir)/ssl_dane/danessl.h
libev.lo libev.o: $(srcdir)/extension/libev.c \
config.h \
$(srcdir)/types-internal.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
config.h \
$(srcdir)/types-internal.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
config.h \
$(srcdir)/debug.h $(srcdir)/types-internal.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
config.h \
$(srcdir)/util-internal.h $(srcdir)/context.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/platform.h
select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
config.h \
$(srcdir)/debug.h $(srcdir)/types-internal.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/platform.h \
$(srcdir)/extension/select_eventloop.h
stubby.lo stubby.o: $(stubbysrcdir)/src/stubby.c \
config.h \
getdns/getdns.h \
getdns/getdns_extra.h \
$(stubbysrcdir)/src/yaml/convert_yaml_to_json.h

619
src/anchor.c
View File

@ -33,7 +33,10 @@
#include "debug.h"
#include "anchor.h"
#include <fcntl.h>
#include <string.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <strings.h>
#include <time.h>
#include "types-internal.h"
#include "context.h"
@ -49,6 +52,141 @@
#include "util-internal.h"
#include "platform.h"
/* get key usage out of its extension, returns 0 if no key_usage extension */
static unsigned long
_getdns_get_usage_of_ex(X509* cert)
{
unsigned long val = 0;
ASN1_BIT_STRING* s;
if((s=X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL))) {
if(s->length > 0) {
val = s->data[0];
if(s->length > 1)
val |= s->data[1] << 8;
}
ASN1_BIT_STRING_free(s);
}
return val;
}
/** get valid signers from the list of signers in the signature */
static STACK_OF(X509)*
_getdns_get_valid_signers(PKCS7* p7, const char* p7signer)
{
int i;
STACK_OF(X509)* validsigners = sk_X509_new_null();
STACK_OF(X509)* signers = PKCS7_get0_signers(p7, NULL, 0);
unsigned long usage = 0;
if(!validsigners) {
DEBUG_ANCHOR("ERROR %s(): Failed to allocated validsigners\n"
, __FUNC__);
sk_X509_free(signers);
return NULL;
}
if(!signers) {
DEBUG_ANCHOR("ERROR %s(): Failed to allocated signers\n"
, __FUNC__);
sk_X509_free(validsigners);
return NULL;
}
for(i=0; i<sk_X509_num(signers); i++) {
char buf[1024];
X509_NAME* nm = X509_get_subject_name(
sk_X509_value(signers, i));
if(!nm) {
DEBUG_ANCHOR("%s(): cert %d has no subject name\n"
, __FUNC__, i);
continue;
}
if(!p7signer || strcmp(p7signer, "")==0) {
/* there is no name to check, return all records */
DEBUG_ANCHOR("%s(): did not check commonName of signer\n"
, __FUNC__);
} else {
if(!X509_NAME_get_text_by_NID(nm,
NID_pkcs9_emailAddress,
buf, (int)sizeof(buf))) {
DEBUG_ANCHOR("%s(): removed cert with no name\n"
, __FUNC__);
continue; /* no name, no use */
}
if(strcmp(buf, p7signer) != 0) {
DEBUG_ANCHOR("%s(): removed cert with wrong name\n"
, __FUNC__);
continue; /* wrong name, skip it */
}
}
/* check that the key usage allows digital signatures
* (the p7s) */
usage = _getdns_get_usage_of_ex(sk_X509_value(signers, i));
if(!(usage & KU_DIGITAL_SIGNATURE)) {
DEBUG_ANCHOR("%s(): removed cert with no key usage "
"Digital Signature allowed\n"
, __FUNC__);
continue;
}
/* we like this cert, add it to our list of valid
* signers certificates */
sk_X509_push(validsigners, sk_X509_value(signers, i));
}
sk_X509_free(signers);
return validsigners;
}
static int
_getdns_verify_p7sig(BIO* data, BIO* p7s, X509_STORE *store, const char* p7signer)
{
PKCS7* p7;
STACK_OF(X509)* validsigners;
int secure = 0;
#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
X509_VERIFY_PARAM* param = X509_VERIFY_PARAM_new();
if(!param) {
DEBUG_ANCHOR("ERROR %s(): Failed to allocated param\n"
, __FUNC__);
return 0;
}
/* do the selfcheck on the root certificate; it checks that the
* input is valid */
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CHECK_SS_SIGNATURE);
X509_STORE_set1_param(store, param);
X509_VERIFY_PARAM_free(param);
#endif
(void)BIO_reset(p7s);
(void)BIO_reset(data);
/* convert p7s to p7 (the signature) */
p7 = d2i_PKCS7_bio(p7s, NULL);
if(!p7) {
DEBUG_ANCHOR("ERROR %s(): could not parse p7s signature file\n"
, __FUNC__);
return 0;
}
/* check what is in the Subject name of the certificates,
* and build a stack that contains only the right certificates */
validsigners = _getdns_get_valid_signers(p7, p7signer);
if(!validsigners) {
PKCS7_free(p7);
return 0;
}
if(PKCS7_verify(p7, validsigners, store, data, NULL, PKCS7_NOINTERN) == 1) {
secure = 1;
}
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
else {
DEBUG_ANCHOR("ERROR %s(): the PKCS7 signature did not verify\n"
, __FUNC__);
ERR_print_errors_cb(_getdns_ERR_print_errors_cb_f, NULL);
}
#endif
sk_X509_free(validsigners);
PKCS7_free(p7);
return secure;
}
typedef struct ta_iter {
uint8_t yxml_buf[4096];
yxml_t x;
@ -68,15 +206,6 @@ typedef struct ta_iter {
char digest[2048];
} ta_iter;
static void strcpytrunc(char* dst, const char* src, size_t dstsize)
{
size_t to_copy = strlen(src);
if (to_copy >= dstsize)
to_copy = dstsize -1;
memcpy(dst, src, to_copy);
dst[to_copy] = '\0';
}
/**
* XML convert DateTime element to time_t.
* [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]
@ -84,7 +213,7 @@ static void strcpytrunc(char* dst, const char* src, size_t dstsize)
* @param str: the string
* @return a time_t representation or 0 on failure.
*/
time_t
static time_t
_getdns_xml_convertdate(const char* str)
{
time_t t = 0;
@ -199,8 +328,8 @@ static ta_iter *ta_iter_next(ta_iter *ta)
else if (level == 0 && cur) {
/* <Zone> content ready */
strcpytrunc( ta->zone, value
, sizeof(ta->zone));
(void) strncpy( ta->zone, value
, sizeof(ta->zone));
/* Reset to start of <TrustAnchor> */
cur = NULL;
@ -375,20 +504,20 @@ static ta_iter *ta_iter_next(ta_iter *ta)
DEBUG_ANCHOR("elem end: %s\n", value);
switch (elem_type) {
case KEYTAG:
strcpytrunc( ta->keytag, value
, sizeof(ta->keytag));
(void) strncpy( ta->keytag, value
, sizeof(ta->keytag));
break;
case ALGORITHM:
strcpytrunc( ta->algorithm, value
, sizeof(ta->algorithm));
(void) strncpy( ta->algorithm, value
, sizeof(ta->algorithm));
break;
case DIGESTTYPE:
strcpytrunc( ta->digesttype, value
, sizeof(ta->digesttype));
(void) strncpy( ta->digesttype, value
, sizeof(ta->digesttype));
break;
case DIGEST:
strcpytrunc( ta->digest, value
, sizeof(ta->digest));
(void) strncpy( ta->digest, value
, sizeof(ta->digest));
break;
}
break;
@ -429,7 +558,7 @@ static ta_iter *ta_iter_init(ta_iter *ta, const char *doc, size_t doc_len)
return ta_iter_next(ta);
}
uint16_t _getdns_parse_xml_trust_anchors_buf(
static uint16_t _getdns_parse_xml_trust_anchors_buf(
gldns_buffer *gbuf, uint64_t *now_ms, char *xml_data, size_t xml_len)
{
ta_iter ta_spc, *ta;
@ -518,6 +647,200 @@ uint16_t _getdns_parse_xml_trust_anchors_buf(
return ta_count;
}
static uint8_t *tas_validate(struct mem_funcs *mf,
const getdns_bindata *xml_bd, const getdns_bindata *p7s_bd,
const getdns_bindata *crt_bd, const char *p7signer,
uint64_t *now_ms, uint8_t *tas, size_t *tas_len)
{
BIO *xml = NULL, *p7s = NULL, *crt = NULL;
X509 *x = NULL;
X509_STORE *store = NULL;
uint8_t *success = NULL;
if (!(xml = BIO_new_mem_buf(xml_bd->data, xml_bd->size)))
DEBUG_ANCHOR("ERROR %s(): Failed allocating xml BIO\n"
, __FUNC__);
else if (!(p7s = BIO_new_mem_buf(p7s_bd->data, p7s_bd->size)))
DEBUG_ANCHOR("ERROR %s(): Failed allocating p7s BIO\n"
, __FUNC__);
else if (!(crt = BIO_new_mem_buf(crt_bd->data, crt_bd->size)))
DEBUG_ANCHOR("ERROR %s(): Failed allocating crt BIO\n"
, __FUNC__);
else if (!(x = PEM_read_bio_X509(crt, NULL, 0, NULL)))
DEBUG_ANCHOR("ERROR %s(): Parsing builtin certificate\n"
, __FUNC__);
else if (!(store = X509_STORE_new()))
DEBUG_ANCHOR("ERROR %s(): Failed allocating store\n"
, __FUNC__);
else if (!X509_STORE_add_cert(store, x))
DEBUG_ANCHOR("ERROR %s(): Adding certificate to store\n"
, __FUNC__);
else if (_getdns_verify_p7sig(xml, p7s, store, p7signer)) {
gldns_buffer gbuf;
gldns_buffer_init_vfixed_frm_data(&gbuf, tas, *tas_len);
if (!_getdns_parse_xml_trust_anchors_buf(&gbuf, now_ms,
(char *)xml_bd->data, xml_bd->size))
DEBUG_ANCHOR("Failed to parse trust anchor XML data");
else if (gldns_buffer_position(&gbuf) > *tas_len) {
*tas_len = gldns_buffer_position(&gbuf);
if ((success = GETDNS_XMALLOC(*mf, uint8_t, *tas_len))) {
gldns_buffer_init_frm_data(&gbuf, success, *tas_len);
if (!_getdns_parse_xml_trust_anchors_buf(&gbuf,
now_ms, (char *)xml_bd->data, xml_bd->size)) {
DEBUG_ANCHOR("Failed to re-parse trust"
" anchor XML data\n");
GETDNS_FREE(*mf, success);
success = NULL;
}
} else
DEBUG_ANCHOR("Could not allocate space for "
"trust anchors\n");
} else {
success = tas;
*tas_len = gldns_buffer_position(&gbuf);
}
} else {
DEBUG_ANCHOR("Verifying trust-anchors failed!\n");
}
if (store) X509_STORE_free(store);
if (x) X509_free(x);
if (crt) BIO_free(crt);
if (xml) BIO_free(xml);
if (p7s) BIO_free(p7s);
return success;
}
void _getdns_context_equip_with_anchor(
getdns_context *context, uint64_t *now_ms)
{
uint8_t xml_spc[4096], *xml_data = NULL;
uint8_t p7s_spc[4096], *p7s_data = NULL;
size_t xml_len, p7s_len;
const char *verify_email = NULL;
const char *verify_CA = NULL;
getdns_return_t r;
BIO *xml = NULL, *p7s = NULL, *crt = NULL;
X509 *x = NULL;
X509_STORE *store = NULL;
if ((r = getdns_context_get_trust_anchors_verify_CA(
context, &verify_CA)))
DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
" CA: \"%s\"\n", __FUNC__
, getdns_get_errorstr_by_id(r));
else if (!verify_CA || !*verify_CA)
DEBUG_ANCHOR("NOTICE: Trust anchor verification explicitely "
"disabled by empty verify CA\n");
else if ((r = getdns_context_get_trust_anchors_verify_email(
context, &verify_email)))
DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify email "
"address: \"%s\"\n", __FUNC__
, getdns_get_errorstr_by_id(r));
else if (!verify_email || !*verify_email)
DEBUG_ANCHOR("NOTICE: Trust anchor verification explicitely "
"disabled by empty verify email\n");
else if (!(xml_data = _getdns_context_get_priv_file(context,
"root-anchors.xml", xml_spc, sizeof(xml_spc), &xml_len)))
DEBUG_ANCHOR("DEBUG %s(): root-anchors.xml not present\n"
, __FUNC__);
else if (!(p7s_data = _getdns_context_get_priv_file(context,
"root-anchors.p7s", p7s_spc, sizeof(p7s_spc), &p7s_len)))
DEBUG_ANCHOR("DEBUG %s(): root-anchors.p7s not present\n"
, __FUNC__);
else if (!(xml = BIO_new_mem_buf(xml_data, xml_len)))
DEBUG_ANCHOR("ERROR %s(): Failed allocating xml BIO\n"
, __FUNC__);
else if (!(p7s = BIO_new_mem_buf(p7s_data, p7s_len)))
DEBUG_ANCHOR("ERROR %s(): Failed allocating p7s BIO\n"
, __FUNC__);
else if (!(crt = BIO_new_mem_buf((void *)verify_CA, -1)))
DEBUG_ANCHOR("ERROR %s(): Failed allocating crt BIO\n"
, __FUNC__);
else if (!(x = PEM_read_bio_X509(crt, NULL, 0, NULL)))
DEBUG_ANCHOR("ERROR %s(): Parsing builtin certificate\n"
, __FUNC__);
else if (!(store = X509_STORE_new()))
DEBUG_ANCHOR("ERROR %s(): Failed allocating store\n"
, __FUNC__);
else if (!X509_STORE_add_cert(store, x))
DEBUG_ANCHOR("ERROR %s(): Adding certificate to store\n"
, __FUNC__);
else if (_getdns_verify_p7sig(xml, p7s, store, verify_email)) {
uint8_t ta_spc[sizeof(context->trust_anchors_spc)];
size_t ta_len;
uint8_t *ta = NULL;
gldns_buffer gbuf;
gldns_buffer_init_vfixed_frm_data(
&gbuf, ta_spc, sizeof(ta_spc));
if (!_getdns_parse_xml_trust_anchors_buf(&gbuf, now_ms,
(char *)xml_data, xml_len))
DEBUG_ANCHOR("Failed to parse trust anchor XML data");
else if ((ta_len = gldns_buffer_position(&gbuf)) > sizeof(ta_spc)) {
if ((ta = GETDNS_XMALLOC(context->mf, uint8_t, ta_len))) {
gldns_buffer_init_frm_data(&gbuf, ta,
gldns_buffer_position(&gbuf));
if (!_getdns_parse_xml_trust_anchors_buf(
&gbuf, now_ms, (char *)xml_data, xml_len)) {
DEBUG_ANCHOR("Failed to re-parse trust"
" anchor XML data");
GETDNS_FREE(context->mf, ta);
} else {
context->trust_anchors = ta;
context->trust_anchors_len = ta_len;
context->trust_anchors_source = GETDNS_TASRC_XML;
_getdns_ta_notify_dnsreqs(context);
}
} else
DEBUG_ANCHOR("Could not allocate space for XML file");
} else {
(void)memcpy(context->trust_anchors_spc, ta_spc, ta_len);
context->trust_anchors = context->trust_anchors_spc;
context->trust_anchors_len = ta_len;
context->trust_anchors_source = GETDNS_TASRC_XML;
_getdns_ta_notify_dnsreqs(context);
}
DEBUG_ANCHOR("ta: %p, ta_len: %d\n",
(void *)context->trust_anchors, (int)context->trust_anchors_len);
} else {
DEBUG_ANCHOR("Verifying trust-anchors failed!\n");
}
if (store) X509_STORE_free(store);
if (x) X509_free(x);
if (crt) BIO_free(crt);
if (xml) BIO_free(xml);
if (p7s) BIO_free(p7s);
if (xml_data && xml_data != xml_spc)
GETDNS_FREE(context->mf, xml_data);
if (p7s_data && p7s_data != p7s_spc)
GETDNS_FREE(context->mf, p7s_data);
}
static const char tas_write_p7s_buf[] =
"GET %s HTTP/1.1\r\n"
"Host: %s\r\n"
@ -532,8 +855,10 @@ static const char tas_write_xml_p7s_buf[] =
"\r\n";
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
static inline const char * rt_str(uint16_t rt)
{ return rt == GETDNS_RRTYPE_A ? "A" : rt == GETDNS_RRTYPE_AAAA ? "AAAA" : "?"; }
#endif
static int tas_busy(tas_connection *a)
{
@ -580,8 +905,7 @@ static void tas_success(getdns_context *context, tas_connection *a)
tas_cleanup(context, a);
tas_cleanup(context, other);
_getdns_log( &context->log, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
, "Successfully fetched new trust anchors\n");
DEBUG_ANCHOR("Successfully fetched new trust anchors\n");
context->trust_anchors_source = GETDNS_TASRC_XML;
_getdns_ta_notify_dnsreqs(context);
}
@ -589,26 +913,20 @@ static void tas_success(getdns_context *context, tas_connection *a)
static void tas_fail(getdns_context *context, tas_connection *a)
{
tas_connection *other = &context->a == a ? &context->aaaa : &context->a;
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
uint16_t rt = &context->a == a ? GETDNS_RRTYPE_A : GETDNS_RRTYPE_AAAA;
uint16_t ort = rt == GETDNS_RRTYPE_A ? GETDNS_RRTYPE_AAAA : GETDNS_RRTYPE_A;
#endif
tas_cleanup(context, a);
if (!tas_busy(other)) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Fatal error fetching trust anchor: "
DEBUG_ANCHOR("Fatal error fetching trust anchor: "
"%s connection failed too\n", rt_str(rt));
context->trust_anchors_source = GETDNS_TASRC_FAILED;
context->trust_anchors_backoff_expiry =
_getdns_get_now_ms() + context->trust_anchors_backoff_time;
_getdns_ta_notify_dnsreqs(context);
} else
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
, "%s connection failed, waiting for %s\n"
, rt_str(rt)
, rt_str( rt == GETDNS_RRTYPE_A
? GETDNS_RRTYPE_AAAA : GETDNS_RRTYPE_A));
DEBUG_ANCHOR("%s connection failed, waiting for %s\n"
, rt_str(rt), rt_str(ort));
}
static void tas_connect(getdns_context *context, tas_connection *a);
@ -640,9 +958,7 @@ static void tas_timeout_cb(void *userarg)
a = &context->a;
else a = &context->aaaa;
_getdns_log( &context->log, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
, "Trust anchor fetch timeout\n");
DEBUG_ANCHOR("Trust anchor fetch timeout\n");
GETDNS_CLEAR_EVENT(a->loop, &a->event);
tas_next(context, a);
}
@ -658,9 +974,7 @@ static void tas_reconnect_cb(void *userarg)
a = &context->a;
else a = &context->aaaa;
_getdns_log( &context->log, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
, "Waiting for second document timeout. Reconnecting...\n");
DEBUG_ANCHOR("Waiting for second document timeout. Reconnecting...\n");
GETDNS_CLEAR_EVENT(a->loop, &a->event);
close(a->fd);
a->fd = -1;
@ -675,6 +989,8 @@ static void tas_read_cb(void *userarg);
static void tas_write_cb(void *userarg);
static void tas_doc_read(getdns_context *context, tas_connection *a)
{
DEBUG_ANCHOR("doc (size: %d)\n", (int)a->tcp.read_buf_len);
assert(a->tcp.read_pos == a->tcp.read_buf + a->tcp.read_buf_len);
assert(context);
@ -703,22 +1019,20 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
if ((r = getdns_context_get_trust_anchors_verify_CA(
context, (const char **)&verify_CA.data)))
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Cannot get trust anchor verify CA: "
"\"%s\"\n", getdns_get_errorstr_by_id(r));
DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
" CA: \"%s\"\n", __FUNC__
, getdns_get_errorstr_by_id(r));
else if (!(verify_CA.size = strlen((const char *)verify_CA.data)))
; /* pass */
else if ((r = getdns_context_get_trust_anchors_verify_email(
context, &verify_email)))
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Cannot get trust anchor verify email: "
"\"%s\"\n", getdns_get_errorstr_by_id(r));
DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
" email address: \"%s\"\n", __FUNC__
, getdns_get_errorstr_by_id(r));
else if (!(tas = _getdns_tas_validate(&context->mf, &a->xml, &p7s_bd,
else if (!(tas = tas_validate(&context->mf, &a->xml, &p7s_bd,
&verify_CA, verify_email, &now_ms, tas, &tas_len)))
; /* pass */
@ -750,7 +1064,7 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
a->tcp.read_pos = a->tcp.read_buf;
a->tcp.to_read = sizeof(context->tas_hdr_spc);
}
GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 2000,
GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 50,
getdns_eventloop_event_init(&a->event, a->req->owner,
tas_read_cb, NULL, tas_reconnect_cb));
return;
@ -841,11 +1155,7 @@ static void tas_read_cb(void *userarg)
DEBUG_ANCHOR("i: %d, n: %d, doc_len: %d\n"
, (int)i, (int)n, doc_len);
if (!doc)
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR
, GETDNS_LOG_ERR
, "Memory error while reading "
"trust anchor\n");
DEBUG_ANCHOR("Memory error");
else {
ssize_t surplus = n - i;
@ -892,11 +1202,7 @@ static void tas_read_cb(void *userarg)
} else if (_getdns_socketerror_wants_retry())
return;
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Error while receiving trust anchor: %s\n"
, _getdns_errnostr());
DEBUG_ANCHOR("Read error: %d %s\n", (int)n, _getdns_errnostr());
GETDNS_CLEAR_EVENT(a->loop, &a->event);
tas_next(context, a);
}
@ -946,9 +1252,7 @@ static void tas_write_cb(void *userarg)
} else if (_getdns_socketerror_wants_retry())
return;
_getdns_log( &context->log, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Error while sending to trust anchor site: %s\n"
, _getdns_errnostr());
DEBUG_ANCHOR("Write error: %s\n", _getdns_errnostr());
GETDNS_CLEAR_EVENT(a->loop, &a->event);
tas_next(context, a);
}
@ -987,7 +1291,9 @@ static getdns_return_t _getdns_get_tas_url_hostname(
static void tas_connect(getdns_context *context, tas_connection *a)
{
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
char a_buf[40];
#endif
int r;
#ifdef HAVE_FCNTL
@ -1003,19 +1309,15 @@ static void tas_connect(getdns_context *context, tas_connection *a)
tas_next(context, a);
return;
}
_getdns_log( &context->log, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
, "Setting op connection to: %s\n"
, inet_ntop( ( a->req->request_type == GETDNS_RRTYPE_A
? AF_INET : AF_INET6)
, a->rr->rr_i.rr_type + 10
, a_buf, sizeof(a_buf)));
DEBUG_ANCHOR("Initiating connection to %s\n"
, inet_ntop(( a->req->request_type == GETDNS_RRTYPE_A
? AF_INET : AF_INET6)
, a->rr->rr_i.rr_type + 10, a_buf, sizeof(a_buf)));
if ((a->fd = socket(( a->req->request_type == GETDNS_RRTYPE_A
? AF_INET : AF_INET6), SOCK_STREAM, IPPROTO_TCP)) == -1) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Error creating socket: %s\n", _getdns_errnostr());
DEBUG_ANCHOR("Error creating socket: %s\n",
_getdns_errnostr());
tas_next(context, a);
return;
}
@ -1066,11 +1368,9 @@ static void tas_connect(getdns_context *context, tas_connection *a)
}
if ((R = _getdns_get_tas_url_hostname(
context, tas_hostname, &path))) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Cannot get hostname from trust anchor "
"url: \"%s\"\n"
, getdns_get_errorstr_by_id(r));
DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname"
": \"%s\"", __FUNC__
, getdns_get_errorstr_by_id(r));
goto error;
}
hostname_len = strlen(tas_hostname);
@ -1078,26 +1378,22 @@ static void tas_connect(getdns_context *context, tas_connection *a)
tas_hostname[--hostname_len] = '\0';
path_len = strlen(path);
if (path_len < 4) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Trust anchor path \"%s\" too small\n"
, path);
DEBUG_ANCHOR("ERROR %s(): path of tas_url \"%s\" too "
"small\n", __FUNC__, path);
goto error;
}
if (a->state == TAS_RETRY_GET_PS7) {
buf_sz = sizeof(tas_write_p7s_buf)
+ 1 * (hostname_len - 2) + 1 * (path_len - 2);
+ 1 * (hostname_len - 2) + 1 * (path_len - 2) + 1;
fmt = tas_write_p7s_buf;
} else {
buf_sz = sizeof(tas_write_xml_p7s_buf)
+ 2 * (hostname_len - 2) + 2 * (path_len - 2);
+ 2 * (hostname_len - 2) + 2 * (path_len - 2) + 1;
fmt = tas_write_xml_p7s_buf;
}
if (!(write_buf = GETDNS_XMALLOC(context->mf, char, buf_sz))) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Cannot allocate write buffer for "
"sending to trust anchor host\n");
DEBUG_ANCHOR("ERROR %s(): Could not allocate write "
"buffer\n", __FUNC__);
goto error;
}
if (a->state == TAS_RETRY_GET_PS7) {
@ -1131,10 +1427,8 @@ static void tas_connect(getdns_context *context, tas_connection *a)
DEBUG_ANCHOR("Scheduled write with event\n");
return;
} else
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Error connecting to trust anchor host: %s\n "
, _getdns_errnostr());
DEBUG_ANCHOR("Connect error: %s\n", _getdns_errnostr());
error:
tas_next(context, a);
}
@ -1148,10 +1442,7 @@ static void tas_happy_eyeballs_cb(void *userarg)
if (tas_fetching(&context->aaaa))
return;
else {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
, "Too late reception of AAAA for trust anchor "
"host for Happy Eyeballs\n");
DEBUG_ANCHOR("AAAA came too late, clearing Happy Eyeballs timer\n");
GETDNS_CLEAR_EVENT(context->a.loop, &context->a.event);
tas_connect(context, &context->a);
}
@ -1170,31 +1461,28 @@ static void _tas_hostname_lookup_cb(getdns_dns_req *dnsreq)
&a->rrset_spc, a->req->response, a->req->response_len);
if (!a->rrset) {
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
char tas_hostname[256] = "<no hostname>";
(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
, "%s lookup for %s returned no response\n"
DEBUG_ANCHOR("%s lookup for %s returned no response\n"
, rt_str(a->req->request_type), tas_hostname);
#endif
} else if (a->req->response_len < dnsreq->name_len + 12 ||
!_getdns_dname_equal(a->req->response + 12, dnsreq->name) ||
a->rrset->rr_type != a->req->request_type) {
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
char tas_hostname[256] = "<no hostname>";
(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
, "%s lookup for %s returned wrong response\n"
DEBUG_ANCHOR("%s lookup for %s returned wrong response\n"
, rt_str(a->req->request_type), tas_hostname);
#endif
} else if (!(a->rr = _getdns_rrtype_iter_init(&a->rr_spc, a->rrset))) {
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
char tas_hostname[256] = "<no hostname>";
(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
, "%s lookup for %s returned no addresses\n"
DEBUG_ANCHOR("%s lookup for %s returned no addresses\n"
, rt_str(a->req->request_type), tas_hostname);
#endif
} else {
tas_connection *other = a == &context->a ? &context->aaaa
: &context->a;
@ -1204,9 +1492,8 @@ static void _tas_hostname_lookup_cb(getdns_dns_req *dnsreq)
; /* pass */
else if (a == &context->a && tas_busy(other)) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
, "Waiting 25ms for AAAA to arrive\n");
DEBUG_ANCHOR("Postponing connection initiation: "
"Happy Eyeballs\n");
GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 25,
getdns_eventloop_event_init(&a->event,
a->req->owner, NULL, NULL, tas_happy_eyeballs_cb));
@ -1223,57 +1510,47 @@ static void _tas_hostname_lookup_cb(getdns_dns_req *dnsreq)
tas_fail(context, a);
}
void _getdns_start_fetching_ta(
getdns_context *context, getdns_eventloop *loop, uint64_t *now_ms)
void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
{
getdns_return_t r;
size_t scheduled;
char tas_hostname[256] = "";
char tas_hostname[256];
const char *verify_CA;
const char *verify_email;
if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Cannot get hostname from trust anchor url: "
"\"%s\"\n", getdns_get_errorstr_by_id(r));
DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname"
": \"%s\"", __FUNC__
, getdns_get_errorstr_by_id(r));
return;
} else if ((r = getdns_context_get_trust_anchors_verify_CA(
context, &verify_CA))) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Cannot get trust anchor verify CA: \"%s\"\n"
, getdns_get_errorstr_by_id(r));
DEBUG_ANCHOR("ERROR %s(): Could not get verify CA"
": \"%s\"", __FUNC__
, getdns_get_errorstr_by_id(r));
return;
} else if (!verify_CA || !*verify_CA) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
, "Trust anchor verification explicitly "
DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely "
"disabled by empty verify CA\n");
return;
} else if ((r = getdns_context_get_trust_anchors_verify_email(
context, &verify_email))) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Cannot get trust anchor verify email: \"%s\"\n"
, getdns_get_errorstr_by_id(r));
DEBUG_ANCHOR("ERROR %s(): Could not get verify email address"
": \"%s\"", __FUNC__
, getdns_get_errorstr_by_id(r));
return;
} else if (!verify_email || !*verify_email) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
, "Trust anchor verification explicitly "
"disabled by empty verify email\n");
DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely "
"disabled by empty verify email address\n");
return;
} else if (!_getdns_context_can_write_appdata(context)) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
, "Not fetching TA, because "
"non writeable appdata directory\n");
DEBUG_ANCHOR("NOTICE %s(): Not fetching TA, because "
"non writeable appdata directory\n", __FUNC__);
return;
}
DEBUG_ANCHOR("Hostname: %s\n", tas_hostname);
@ -1281,44 +1558,35 @@ void _getdns_start_fetching_ta(
loop == &context->sync_eventloop.loop ? "" : "a");
scheduled = 0;
#if 1
context->a.state = TAS_LOOKUP_ADDRESSES;
if ((r = _getdns_general_loop(context, loop,
tas_hostname, GETDNS_RRTYPE_A,
no_dnssec_checking_disabled_opportunistic,
context, &context->a.req, NULL, _tas_hostname_lookup_cb))) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
, "Error scheduling A lookup for %s: %s\n"
, tas_hostname, getdns_get_errorstr_by_id(r));
DEBUG_ANCHOR("Error scheduling A lookup for %s: %s\n"
, tas_hostname, getdns_get_errorstr_by_id(r));
} else
scheduled += 1;
#endif
#if 1
context->aaaa.state = TAS_LOOKUP_ADDRESSES;
if ((r = _getdns_general_loop(context, loop,
tas_hostname, GETDNS_RRTYPE_AAAA,
no_dnssec_checking_disabled_opportunistic,
context, &context->aaaa.req, NULL, _tas_hostname_lookup_cb))) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
, "Error scheduling AAAA lookup for %s: %s\n"
, tas_hostname, getdns_get_errorstr_by_id(r));
DEBUG_ANCHOR("Error scheduling AAAA lookup for %s: %s\n"
, tas_hostname, getdns_get_errorstr_by_id(r));
} else
scheduled += 1;
#endif
if (!scheduled) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
, "Error scheduling address lookups for %s\n"
, tas_hostname);
DEBUG_ANCHOR("Fatal error fetching trust anchor: Unable to "
"schedule address requests for %s\n"
, tas_hostname);
context->trust_anchors_source = GETDNS_TASRC_FAILED;
if (now_ms) {
if (*now_ms == 0) *now_ms = _getdns_get_now_ms();
context->trust_anchors_backoff_expiry =
*now_ms + context->trust_anchors_backoff_time;
} else
context->trust_anchors_backoff_expiry =
_getdns_get_now_ms() + context->trust_anchors_backoff_time;
_getdns_ta_notify_dnsreqs(context);
} else
context->trust_anchors_source = GETDNS_TASRC_FETCHING;
@ -1435,10 +1703,7 @@ static void _getdns_context_read_root_ksk(getdns_context *context)
buf_sz *= 2;
}
if (!(buf = GETDNS_XMALLOC(context->mf, uint8_t, buf_sz))) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Error allocating memory to read "
"root.key\n");
DEBUG_ANCHOR("ERROR %s(): Memory error\n", __FUNC__);
break;;
}
ptr = buf;
@ -1523,10 +1788,8 @@ _getdns_context_update_root_ksk(
break;
}
if (str_buf != str_spc) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Error determining buffer size for root "
"KSK\n");
DEBUG_ANCHOR("ERROR %s(): Buffer size determination "
"error\n", __FUNC__);
if (str_buf)
GETDNS_FREE(context->mf, str_buf);
@ -1534,13 +1797,11 @@ _getdns_context_update_root_ksk(
}
if (!(str_pos = str_buf = GETDNS_XMALLOC( context->mf, char,
(str_sz = sizeof(str_spc) - remaining) + 1))) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
, "Error allocating memory to read "
"root KSK\n");
DEBUG_ANCHOR("ERROR %s(): Memory error\n", __FUNC__);
return;
}
remaining = str_sz + 1;
DEBUG_ANCHOR("Retrying with buf size: %d\n", remaining);
};
/* Write presentation format DNSKEY rrset to "root.key" file */
@ -1615,21 +1876,17 @@ _getdns_context_update_root_ksk(
break;
}
if (!ta) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR
, GETDNS_LOG_NOTICE
, "Key with id %d not found in TA; "
"\"root-anchors.xml\" needs to be "
"updated.\n"
DEBUG_ANCHOR("NOTICE %s(): Key with id %d "
"*not* found in TA.\n"
"\"root-anchors.xml\" need "
"updating.\n", __FUNC__
, context->root_ksk.ids[i]);
context->trust_anchors_source =
GETDNS_TASRC_XML_UPDATE;
break;
}
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
, "Key with id %d found in TA\n"
, context->root_ksk.ids[i]);
DEBUG_ANCHOR("DEBUG %s(): Key with id %d found in TA\n"
, __FUNC__, context->root_ksk.ids[i]);
}
}
if (str_buf && str_buf != str_spc)

26
src/anchor.h
View File

@ -39,33 +39,9 @@
#include <time.h>
#include "rr-iter.h"
#include "types-internal.h"
/**
** Internal functions, implemented in anchor-internal.c.
**/
void _getdns_context_equip_with_anchor(getdns_context *context, uint64_t *now_ms);
uint8_t *_getdns_tas_validate(struct mem_funcs *mf,
const getdns_bindata *xml_bd, const getdns_bindata *p7s_bd,
const getdns_bindata *crt_bd, const char *p7signer,
uint64_t *now_ms, uint8_t *tas, size_t *tas_len);
/**
** anchor.c functions used by anchor-internal.c.
**/
time_t _getdns_xml_convertdate(const char* str);
uint16_t _getdns_parse_xml_trust_anchors_buf(gldns_buffer *gbuf, uint64_t *now_ms, char *xml_data, size_t xml_len);
/**
** Public interface.
**/
void _getdns_context_equip_with_anchor(getdns_context *context, uint64_t *now_ms);
void _getdns_start_fetching_ta(
getdns_context *context, getdns_eventloop *loop, uint64_t *now_ms);
void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop);
#define MAX_KSKS 16
#define RRSIG_RDATA_LEN 16

100
src/compat/arc4random.c
View File

@ -31,11 +31,11 @@
#endif
#include <stdlib.h>
#include <string.h>
#ifndef GETDNS_ON_WINDOWS
#include <unistd.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#ifndef GETDNS_ON_WINDOWS
#include <sys/mman.h>
#endif
#if defined(GETDNS_ON_WINDOWS) && !defined(MAP_INHERIT_ZERO)
@ -51,9 +51,6 @@
#else /* !__GNUC__ */
#define inline
#endif /* !__GNUC__ */
#ifndef MAP_ANON
#define MAP_ANON MAP_ANONYMOUS
#endif
#define KEYSZ 32
#define IVSZ 8
@ -74,72 +71,6 @@ static struct {
static inline void _rs_rekey(u_char *dat, size_t datlen);
/*
* Basic sanity checking; wish we could do better.
*/
static int
fallback_gotdata(char *buf, size_t len)
{
char any_set = 0;
size_t i;
for (i = 0; i < len; ++i)
any_set |= buf[i];
if (any_set == 0)
return -1;
return 0;
}
/* fallback for getentropy in case libc returns failure */
static int
fallback_getentropy_urandom(void *buf, size_t len)
{
size_t i;
int fd, flags;
int save_errno = errno;
start:
flags = O_RDONLY;
#ifdef O_NOFOLLOW
flags |= O_NOFOLLOW;
#endif
#ifdef O_CLOEXEC
flags |= O_CLOEXEC;
#endif
fd = open("/dev/urandom", flags, 0);
if (fd == -1) {
if (errno == EINTR)
goto start;
goto nodevrandom;
}
#ifndef O_CLOEXEC
# ifdef HAVE_FCNTL
fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
# endif
#endif
for (i = 0; i < len; ) {
size_t wanted = len - i;
ssize_t ret = read(fd, (char*)buf + i, wanted);
if (ret == -1) {
if (errno == EAGAIN || errno == EINTR)
continue;
close(fd);
goto nodevrandom;
}
i += ret;
}
close(fd);
if (fallback_gotdata(buf, len) == 0) {
errno = save_errno;
return 0; /* satisfied */
}
nodevrandom:
errno = EIO;
return -1;
}
static inline void
_rs_init(u_char *buf, size_t n)
{
@ -171,9 +102,6 @@ _rs_init(u_char *buf, size_t n)
if(!rsx)
abort();
#endif
/* Pleast older clang scan-build */
if (!buf)
buf = rsx->rs_buf;
}
chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0);
@ -186,14 +114,14 @@ _rs_stir(void)
u_char rnd[KEYSZ + IVSZ];
if (getentropy(rnd, sizeof rnd) == -1) {
if(errno != ENOSYS ||
fallback_getentropy_urandom(rnd, sizeof rnd) == -1) {
#ifdef SIGKILL
raise(SIGKILL);
raise(SIGKILL);
#else
exit(9); /* windows */
#ifdef GETDNS_ON_WINDOWS
DebugBreak();
#endif
exit(9); /* windows */
#endif
}
}
if (!rs)
@ -203,6 +131,9 @@ _rs_stir(void)
explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */
/* invalidate rs_buf */
#ifdef GETDNS_ON_WINDOWS
_Analysis_assume_(rs != NULL);
#endif
rs->rs_have = 0;
memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
@ -212,9 +143,17 @@ _rs_stir(void)
static inline void
_rs_stir_if_needed(size_t len)
{
#if !defined(GETDNS_ON_WINDOWS) && !defined(MAP_INHERIT_ZERO)
#ifndef MAP_INHERIT_ZERO
static pid_t _rs_pid = 0;
#ifdef GETDNS_ON_WINDOWS
/*
* TODO: if compiling for the Windows Runtime, use GetCurrentProcessId(),
* but this requires linking with kernel32.lib
*/
pid_t pid = _getpid();
#else
pid_t pid = getpid();
#endif
/* If a system lacks MAP_INHERIT_ZERO, resort to getpid() */
if (_rs_pid == 0 || _rs_pid != pid) {
@ -225,6 +164,9 @@ _rs_stir_if_needed(size_t len)
#endif
if (!rs || rs->rs_count <= len)
_rs_stir();
#ifdef GETDNS_ON_WINDOWS
_Analysis_assume_(rs != NULL);
#endif
if (rs->rs_count <= len)
rs->rs_count = 0;
else

2
src/compat/arc4random_uniform.c
View File

@ -39,7 +39,7 @@ arc4random_uniform(uint32_t upper_bound)
return 0;
/* 2**32 % x == (2**32 - x) % x */
min = -upper_bound % upper_bound;
min = ((uint32_t)(-(int32_t)upper_bound)) % upper_bound;
/*
* This could theoretically loop forever but each retry has

11
src/compat/explicit_bzero.c
View File

@ -6,12 +6,17 @@
#include "config.h"
#include <string.h>
__attribute__((weak)) void
__explicit_bzero_hook(void *ATTR_UNUSED(buf), size_t ATTR_UNUSED(len))
{
}
void
explicit_bzero(void *buf, size_t len)
{
#ifdef GETDNS_ON_WINDOWS
#ifdef UB_ON_WINDOWS
SecureZeroMemory(buf, len);
#else
memset(buf, 0, len);
#endif
memset(buf, 0, len);
__explicit_bzero_hook(buf, len);
}

9
src/compat/getentropy_linux.c
View File

@ -60,9 +60,6 @@
#include <sys/auxv.h>
#endif
#include <sys/vfs.h>
#ifndef MAP_ANON
#define MAP_ANON MAP_ANONYMOUS
#endif
#define REPEAT 5
#define min(a, b) (((a) < (b)) ? (a) : (b))
@ -97,7 +94,7 @@ int getentropy(void *buf, size_t len);
extern int main(int, char *argv[]);
#endif
static int gotdata(char *buf, size_t len);
#if defined(SYS_getrandom) && defined(__NR_getrandom)
#ifdef SYS_getrandom
static int getentropy_getrandom(void *buf, size_t len);
#endif
static int getentropy_urandom(void *buf, size_t len);
@ -116,7 +113,7 @@ getentropy(void *buf, size_t len)
return -1;
}
#if defined(SYS_getrandom) && defined(__NR_getrandom)
#ifdef SYS_getrandom
/*
* Try descriptor-less getrandom()
*/
@ -212,7 +209,7 @@ gotdata(char *buf, size_t len)
return 0;
}
#if defined(SYS_getrandom) && defined(__NR_getrandom)
#ifdef SYS_getrandom
static int
getentropy_getrandom(void *buf, size_t len)
{

7
src/compat/gettimeofday.c
View File

@ -21,9 +21,8 @@
*/
#include "config.h"
#ifndef HAVE_GETTIMEOFDAY
int gettimeofday(struct timeval* tv, void* tz)
#ifdef GETDNS_ON_WINDOWS
int gettimeofday(struct timeval* tv, struct timezone* tz)
{
FILETIME ft;
uint64_t now = 0;
@ -71,4 +70,4 @@ int gettimeofday(struct timeval* tv, void* tz)
return 0;
}
#endif /* HAVE_GETTIMEOFDAY */
#endif /* GETDNS_ON_WINDOWS */

4
src/compat/inet_ntop.c
View File

@ -19,6 +19,8 @@
#include <config.h>
#ifndef HAVE_INET_NTOP
#include <sys/param.h>
#include <sys/types.h>
#ifdef HAVE_SYS_SOCKET_H
@ -212,3 +214,5 @@ inet_ntop6(const u_char *src, char *dst, size_t size)
strlcpy(dst, tmp, size);
return (dst);
}
#endif /* !HAVE_INET_NTOP */

1
src/compat/inet_pton.c
View File

@ -17,6 +17,7 @@
*/
#include <config.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>

43
src/compat/mkstemp.c
View File

@ -1,43 +0,0 @@
/**
* \file mkstemp.c
* @brief Implementation of mkstemp for Windows.
*/
/*
* Copyright (c) 2019 Sinodun
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of the copyright holders nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
int mkstemp(char *template)
{
if (_mktemp_s(template, strlen(template) + 1) != 0)
return -1;
return open(template, _O_CREAT | _O_EXCL | _O_RDWR, _S_IWRITE | _S_IREAD);
}

3
src/compat/strlcpy.c
View File

@ -18,6 +18,7 @@
/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
#include <config.h>
#ifndef HAVE_STRLCPY
#include <sys/types.h>
#include <string.h>
@ -52,3 +53,5 @@ strlcpy(char *dst, const char *src, size_t siz)
return(s - src - 1); /* count does not include NUL */
}
#endif /* !HAVE_STRLCPY */

44
src/const-info.c
View File

@ -93,10 +93,6 @@ static struct const_info consts_info[] = {
{ 632, "GETDNS_CONTEXT_CODE_TLS_CA_FILE", GETDNS_CONTEXT_CODE_TLS_CA_FILE_TEXT },
{ 633, "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT },
{ 634, "GETDNS_CONTEXT_CODE_TLS_CURVES_LIST", GETDNS_CONTEXT_CODE_TLS_CURVES_LIST_TEXT },
{ 635, "GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES", GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES_TEXT },
{ 636, "GETDNS_CONTEXT_CODE_TLS_MIN_VERSION", GETDNS_CONTEXT_CODE_TLS_MIN_VERSION_TEXT },
{ 637, "GETDNS_CONTEXT_CODE_TLS_MAX_VERSION", GETDNS_CONTEXT_CODE_TLS_MAX_VERSION_TEXT },
{ 638, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME_TEXT },
{ 699, "GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE", GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE_TEXT },
{ 700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
{ 701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
@ -119,16 +115,7 @@ static struct const_info consts_info[] = {
{ 1202, "GETDNS_TRANSPORT_TLS", GETDNS_TRANSPORT_TLS_TEXT },
{ 1300, "GETDNS_AUTHENTICATION_NONE", GETDNS_AUTHENTICATION_NONE_TEXT },
{ 1301, "GETDNS_AUTHENTICATION_REQUIRED", GETDNS_AUTHENTICATION_REQUIRED_TEXT },
{ 1400, "GETDNS_SSL3", GETDNS_SSL3_TEXT },
{ 1401, "GETDNS_TLS1", GETDNS_TLS1_TEXT },
{ 1402, "GETDNS_TLS1_1", GETDNS_TLS1_1_TEXT },
{ 1403, "GETDNS_TLS1_2", GETDNS_TLS1_2_TEXT },
{ 1404, "GETDNS_TLS1_3", GETDNS_TLS1_3_TEXT },
{ 8192, "GETDNS_LOG_SYS_STUB", GETDNS_LOG_SYS_STUB_TEXT },
{ 12288, "GETDNS_LOG_UPSTREAM_STATS", GETDNS_LOG_UPSTREAM_STATS_TEXT },
{ 16384, "GETDNS_LOG_SYS_RECURSING", GETDNS_LOG_SYS_RECURSING_TEXT },
{ 24576, "GETDNS_LOG_SYS_RESOLVING", GETDNS_LOG_SYS_RESOLVING_TEXT },
{ 32768, "GETDNS_LOG_SYS_ANCHOR", GETDNS_LOG_SYS_ANCHOR_TEXT },
{ 4096, "GETDNS_LOG_UPSTREAM_STATS", GETDNS_LOG_UPSTREAM_STATS_TEXT },
};
static int const_info_cmp(const void *a, const void *b)
@ -203,14 +190,10 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 },
{ "GETDNS_CONTEXT_CODE_TLS_CA_FILE", 632 },
{ "GETDNS_CONTEXT_CODE_TLS_CA_PATH", 631 },
{ "GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES", 635 },
{ "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", 633 },
{ "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 },
{ "GETDNS_CONTEXT_CODE_TLS_CURVES_LIST", 634 },
{ "GETDNS_CONTEXT_CODE_TLS_MAX_VERSION", 637 },
{ "GETDNS_CONTEXT_CODE_TLS_MIN_VERSION", 636 },
{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },
{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME", 638 },
{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL", 625 },
{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA", 626 },
{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL", 627 },
@ -229,11 +212,7 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_LOG_ERR", 3 },
{ "GETDNS_LOG_INFO", 6 },
{ "GETDNS_LOG_NOTICE", 5 },
{ "GETDNS_LOG_SYS_ANCHOR", 32768 },
{ "GETDNS_LOG_SYS_RECURSING", 16384 },
{ "GETDNS_LOG_SYS_RESOLVING", 24576 },
{ "GETDNS_LOG_SYS_STUB", 8192 },
{ "GETDNS_LOG_UPSTREAM_STATS", 12288 },
{ "GETDNS_LOG_UPSTREAM_STATS", 4096 },
{ "GETDNS_LOG_WARNING", 4 },
{ "GETDNS_NAMESPACE_DNS", 500 },
{ "GETDNS_NAMESPACE_LOCALNAMES", 501 },
@ -248,7 +227,6 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_OPCODE_STATUS", 2 },
{ "GETDNS_OPCODE_UPDATE", 5 },
{ "GETDNS_RCODE_BADALG", 21 },
{ "GETDNS_RCODE_BADCOOKIE", 23 },
{ "GETDNS_RCODE_BADKEY", 17 },
{ "GETDNS_RCODE_BADMODE", 19 },
{ "GETDNS_RCODE_BADNAME", 20 },
@ -256,6 +234,7 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_RCODE_BADTIME", 18 },
{ "GETDNS_RCODE_BADTRUNC", 22 },
{ "GETDNS_RCODE_BADVERS", 16 },
{ "GETDNS_RCODE_COOKIE", 23 },
{ "GETDNS_RCODE_FORMERR", 1 },
{ "GETDNS_RCODE_NOERROR", 0 },
{ "GETDNS_RCODE_NOTAUTH", 9 },
@ -300,10 +279,8 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_RRCLASS_IN", 1 },
{ "GETDNS_RRCLASS_NONE", 254 },
{ "GETDNS_RRTYPE_A", 1 },
{ "GETDNS_RRTYPE_A6", 38 },
{ "GETDNS_RRTYPE_AAAA", 28 },
{ "GETDNS_RRTYPE_AFSDB", 18 },
{ "GETDNS_RRTYPE_AMTRELAY", 260 },
{ "GETDNS_RRTYPE_ANY", 255 },
{ "GETDNS_RRTYPE_APL", 42 },
{ "GETDNS_RRTYPE_ATMA", 34 },
@ -322,20 +299,15 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_RRTYPE_DOA", 259 },
{ "GETDNS_RRTYPE_DS", 43 },
{ "GETDNS_RRTYPE_EID", 31 },
{ "GETDNS_RRTYPE_EUI48", 108 },
{ "GETDNS_RRTYPE_EUI64", 109 },
{ "GETDNS_RRTYPE_GID", 102 },
{ "GETDNS_RRTYPE_GPOS", 27 },
{ "GETDNS_RRTYPE_HINFO", 13 },
{ "GETDNS_RRTYPE_HIP", 55 },
{ "GETDNS_RRTYPE_HTTPS", 65 },
{ "GETDNS_RRTYPE_IPSECKEY", 45 },
{ "GETDNS_RRTYPE_ISDN", 20 },
{ "GETDNS_RRTYPE_IXFR", 251 },
{ "GETDNS_RRTYPE_KEY", 25 },
{ "GETDNS_RRTYPE_KX", 36 },
{ "GETDNS_RRTYPE_L32", 105 },
{ "GETDNS_RRTYPE_L64", 106 },
{ "GETDNS_RRTYPE_LOC", 29 },
{ "GETDNS_RRTYPE_LP", 107 },
{ "GETDNS_RRTYPE_MAILA", 254 },
@ -355,8 +327,6 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_RRTYPE_NSAP", 22 },
{ "GETDNS_RRTYPE_NSAP_PTR", 23 },
{ "GETDNS_RRTYPE_NSEC", 47 },
{ "GETDNS_RRTYPE_NSEC3", 50 },
{ "GETDNS_RRTYPE_NSEC3PARAM", 51 },
{ "GETDNS_RRTYPE_NULL", 10 },
{ "GETDNS_RRTYPE_NXT", 30 },
{ "GETDNS_RRTYPE_OPENPGPKEY", 61 },
@ -374,7 +344,6 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_RRTYPE_SPF", 99 },
{ "GETDNS_RRTYPE_SRV", 33 },
{ "GETDNS_RRTYPE_SSHFP", 44 },
{ "GETDNS_RRTYPE_SVCB", 64 },
{ "GETDNS_RRTYPE_TA", 32768 },
{ "GETDNS_RRTYPE_TALINK", 58 },
{ "GETDNS_RRTYPE_TKEY", 249 },
@ -386,13 +355,6 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_RRTYPE_UNSPEC", 103 },
{ "GETDNS_RRTYPE_URI", 256 },
{ "GETDNS_RRTYPE_WKS", 11 },
{ "GETDNS_RRTYPE_X25", 19 },
{ "GETDNS_RRTYPE_ZONEMD", 63 },
{ "GETDNS_SSL3", 1400 },
{ "GETDNS_TLS1", 1401 },
{ "GETDNS_TLS1_1", 1402 },
{ "GETDNS_TLS1_2", 1403 },
{ "GETDNS_TLS1_3", 1404 },
{ "GETDNS_TRANSPORT_TCP", 1201 },
{ "GETDNS_TRANSPORT_TCP_ONLY", 542 },
{ "GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN", 543 },

1405
src/context.c
View File

File diff suppressed because it is too large Load Diff

94
src/context.h
View File

@ -50,7 +50,6 @@
#endif
#include "rr-iter.h"
#include "anchor.h"
#include "tls.h"
struct getdns_dns_req;
struct ub_ctx;
@ -128,7 +127,7 @@ const getdns_tsig_info *_getdns_get_tsig_info(getdns_tsig_algo tsig_alg);
/* for doing public key pinning of TLS-capable upstreams: */
typedef struct sha256_pin {
uint8_t pin[SHA256_DIGEST_LENGTH];
char pin[SHA256_DIGEST_LENGTH];
struct sha256_pin *next;
} sha256_pin_t;
@ -201,26 +200,15 @@ typedef struct getdns_upstream {
getdns_network_req *write_queue_last;
_getdns_rbtree_t netreq_by_query_id;
/* TCP specific connection handling*/
unsigned tfo_use_sendto : 1;
/* TLS specific connection handling*/
unsigned tls_fallback_ok : 1;
_getdns_tls_connection* tls_obj;
_getdns_tls_session* tls_session;
/* TLS specific connection handling*/
SSL* tls_obj;
SSL_SESSION* tls_session;
getdns_tls_hs_state_t tls_hs_state;
getdns_auth_state_t tls_auth_state;
uint64_t expires; /* Expire time of waiting netreqs.
* This is how long a handshake may
* take.
*/
/* TLS settings */
unsigned tls_fallback_ok : 1;
char *tls_cipher_list;
char *tls_ciphersuites;
char *tls_curves_list;
getdns_tls_version_t tls_min_version;
getdns_tls_version_t tls_max_version;
/* Auth credentials */
/* Auth credentials*/
char tls_auth_name[256];
sha256_pin_t *tls_pubkey_pinset;
@ -243,13 +231,15 @@ typedef struct getdns_upstream {
unsigned is_sync_loop : 1;
/* EDNS cookies */
uint8_t server_cookie[40];
size_t server_cookie_len;
uint64_t src_addr_checked;
struct sockaddr_storage src_addr;
socklen_t src_addr_len;
char src_addr_str[INET6_ADDRSTRLEN];
uint32_t secret;
uint8_t client_cookie[8];
uint8_t prev_client_cookie[8];
uint8_t server_cookie[32];
unsigned has_client_cookie : 1;
unsigned has_prev_client_cookie : 1;
unsigned has_server_cookie : 1;
unsigned server_cookie_len : 5;
/* TSIG */
uint8_t tsig_dname[256];
@ -273,7 +263,7 @@ typedef struct getdns_upstreams {
size_t count;
size_t current_udp;
size_t current_stateful;
uint16_t max_backoff_value;
uint16_t max_backoff_value;
uint16_t tls_backoff_time;
uint16_t tls_connection_retries;
getdns_log_config log;
@ -325,7 +315,6 @@ struct getdns_context {
size_t namespace_count;
uint64_t timeout;
uint64_t idle_timeout;
int tcp_send_timeout; /* -1 is unset */
getdns_redirects_t follow_redirects;
getdns_list *dns_root_servers;
@ -352,8 +341,6 @@ struct getdns_context {
char *trust_anchors_url;
char *trust_anchors_verify_CA;
char *trust_anchors_verify_email;
uint64_t trust_anchors_backoff_time;
uint64_t trust_anchors_backoff_expiry;
_getdns_ksks root_ksk;
@ -363,10 +350,7 @@ struct getdns_context {
char *tls_ca_path;
char *tls_ca_file;
char *tls_cipher_list;
char *tls_ciphersuites;
char *tls_curves_list;
getdns_tls_version_t tls_min_version;
getdns_tls_version_t tls_max_version;
getdns_upstreams *upstreams;
uint16_t limit_outstanding_queries;
@ -374,7 +358,7 @@ struct getdns_context {
getdns_tls_authentication_t tls_auth; /* What user requested for TLS*/
getdns_tls_authentication_t tls_auth_min; /* Derived minimum auth allowed*/
uint8_t round_robin_upstreams;
uint16_t max_backoff_value;
uint16_t max_backoff_value;
uint16_t tls_backoff_time;
uint16_t tls_connection_retries;
@ -387,7 +371,7 @@ struct getdns_context {
int edns_maximum_udp_payload_size; /* -1 is unset */
uint8_t edns_client_subnet_private;
uint16_t tls_query_padding_blocksize;
_getdns_tls_context* tls_ctx;
SSL_CTX* tls_ctx;
getdns_update_callback update_callback;
getdns_update_callback2 update_callback2;
@ -397,7 +381,6 @@ struct getdns_context {
int processing;
int destroying;
int to_destroy;
struct mem_funcs mf;
struct mem_funcs my_mf;
@ -450,7 +433,6 @@ struct getdns_context {
getdns_dict *header;
getdns_dict *add_opt_parameters;
unsigned add_warning_for_bad_dns : 1;
unsigned dnssec : 1;
unsigned dnssec_return_all_statuses : 1;
unsigned dnssec_return_full_validation_chain : 1;
unsigned dnssec_return_only_secure : 1;
@ -508,38 +490,11 @@ struct getdns_context {
#endif /* HAVE_MDNS_SUPPORT */
}; /* getdns_context */
static inline int _getdns_check_log(const getdns_log_config *log,
uint64_t system, getdns_loglevel_type level)
{ assert(log)
; return log->func && (log->system & system) && level <= log->level; }
void _getdns_upstream_log(getdns_upstream *upstream, uint64_t system,
getdns_loglevel_type level, const char *fmt, ...);
static inline void _getdns_log(const getdns_log_config *log,
uint64_t system, getdns_loglevel_type level, const char *fmt, ...)
{
va_list args;
if (!_getdns_check_log(log, system, level))
return;
va_start(args, fmt);
log->func(log->userarg, system, level, fmt, args);
va_end(args);
}
static inline void _getdns_upstream_log(const getdns_upstream *up,
uint64_t system, getdns_loglevel_type level, const char *fmt, ...)
{
va_list args;
if (!up || !up->upstreams
|| !_getdns_check_log(&up->upstreams->log, system, level))
return;
va_start(args, fmt);
up->upstreams->log.func(
up->upstreams->log.userarg, system, level, fmt, args);
va_end(args);
}
void _getdns_context_log(getdns_context *context, uint64_t system,
getdns_loglevel_type level, const char *fmt, ...);
/** internal functions **/
@ -596,9 +551,8 @@ void _getdns_upstreams_dereference(getdns_upstreams *upstreams);
void _getdns_upstream_shutdown(getdns_upstream *upstream);
FILE *_getdns_context_get_priv_fp(
const getdns_context *context, const char *fn);
uint8_t *_getdns_context_get_priv_file(const getdns_context *context,
FILE *_getdns_context_get_priv_fp(getdns_context *context, const char *fn);
uint8_t *_getdns_context_get_priv_file(getdns_context *context,
const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz);
int _getdns_context_write_priv_file(getdns_context *context,

160
src/convert.c
View File

@ -41,6 +41,9 @@
#endif
#if defined(HAVE_LIBIDN2)
#include <idn2.h>
#elif defined(HAVE_LIBIDN)
#include <stringprep.h>
#include <idna.h>
#endif
#include "getdns/getdns.h"
#include "getdns/getdns_extra.h"
@ -121,8 +124,34 @@ getdns_convert_ulabel_to_alabel(const char *ulabel)
if (idn2_lookup_u8((uint8_t *)ulabel, &alabel, IDN2_TRANSITIONAL) == IDN2_OK)
return (char *)alabel;
#elif defined(HAVE_LIBIDN)
char *alabel;
char *prepped;
char prepped2[BUFSIZ];
if (!ulabel) return NULL;
setlocale(LC_ALL, "");
if ((prepped = stringprep_locale_to_utf8(ulabel))) {
if(strlen(prepped)+1 > BUFSIZ) {
free(prepped);
return NULL;
}
memcpy(prepped2, prepped, strlen(prepped)+1);
free(prepped);
/* convert to utf8 fails, which it can, but continue anyway */
} else if (strlen(ulabel)+1 > BUFSIZ)
return NULL;
else
memcpy(prepped2, ulabel, strlen(ulabel)+1);
if (stringprep(prepped2, BUFSIZ, 0, stringprep_nameprep) == STRINGPREP_OK
&& idna_to_ascii_8z(prepped2, &alabel, 0) == IDNA_SUCCESS)
return alabel;
#else
(void)ulabel; /* unused parameter */
(void)ulabel;
#endif
return NULL;
}
@ -141,15 +170,19 @@ getdns_convert_ulabel_to_alabel(const char *ulabel)
char *
getdns_convert_alabel_to_ulabel(const char *alabel)
{
#if defined(HAVE_LIBIDN2)
#if defined(HAVE_LIBIDN2) || defined(HAVE_LIBIDN)
char *ulabel;
if (!alabel) return NULL;
# if defined(HAVE_LIBIDN2)
if (idn2_to_unicode_8z8z(alabel, &ulabel, 0) == IDN2_OK)
# else
if (idna_to_unicode_8z8z(alabel, &ulabel, 0) == IDNA_SUCCESS)
# endif
return ulabel;
#else
(void)alabel; /* unused parameter */
(void)alabel;
#endif
return NULL;
}
@ -427,7 +460,7 @@ getdns_rr_dict2str_scan(
prev_str_len = *str_len;
sz = (size_t)*str_len;
sz_needed = gldns_wire2str_rr_scan(
&scan_buf, &scan_sz, str, &sz, NULL, 0, NULL);
&scan_buf, &scan_sz, str, &sz, NULL, 0);
if (sz_needed > prev_str_len) {
*str = prev_str + sz_needed;
@ -529,10 +562,8 @@ _getdns_fp2rr_list(struct mem_funcs *mf,
else while (r == GETDNS_RETURN_GOOD && !feof(in)) {
len = GLDNS_RR_BUF_SIZE;
dname_len = 0;
if (gldns_fp2wire_rr_buf(in, rr, &len, &dname_len, &pst)) {
r = GETDNS_RETURN_GENERIC_ERROR;
if (gldns_fp2wire_rr_buf(in, rr, &len, &dname_len, &pst))
break;
}
if (dname_len && dname_len < sizeof(pst.prev_rr)) {
memcpy(pst.prev_rr, rr, dname_len);
pst.prev_rr_len = dname_len;
@ -746,75 +777,6 @@ getdns_wire2msg_dict_scan(
else GLDNS_ ## Y ## _CLR(header); \
}
static getdns_return_t
_getdns_reply_dict2wire_hdr(
const getdns_dict *reply, gldns_buffer *gbuf, getdns_bindata *wf_reply)
{
size_t pkt_start = gldns_buffer_position(gbuf);
size_t pkt_len = wf_reply->size;
uint8_t *header = gldns_buffer_current(gbuf);
uint8_t *pkt_end = header + pkt_len;
getdns_list *sec;
size_t sec_len;
uint32_t n, i;
_getdns_rr_iter rr_iter_storage, *rr_iter;
getdns_list *section;
size_t rrs2skip;
getdns_dict *rr_dict;
gldns_buffer_write(gbuf, wf_reply->data, wf_reply->size);
if (GLDNS_QDCOUNT(header) != 1
|| (GLDNS_ARCOUNT(header) != 0 && GLDNS_ARCOUNT(header) != 1))
return GETDNS_RETURN_GENERIC_ERROR;
sec_len = 0;
if (!getdns_dict_get_list(reply, "answer", &sec))
(void) getdns_list_get_length(sec, &sec_len);
if (sec_len != GLDNS_ANCOUNT(header))
return GETDNS_RETURN_GENERIC_ERROR;
sec_len = 0;
if (!getdns_dict_get_list(reply, "authority", &sec))
(void) getdns_list_get_length(sec, &sec_len);
if (sec_len != GLDNS_NSCOUNT(header))
return GETDNS_RETURN_GENERIC_ERROR;
rrs2skip = 1 + GLDNS_ANCOUNT(header) + GLDNS_NSCOUNT(header);
SET_HEADER_INT(id, ID);
SET_HEADER_BIT(qr, QR);
SET_HEADER_BIT(aa, AA);
SET_HEADER_BIT(tc, TC);
SET_HEADER_BIT(rd, RD);
SET_HEADER_BIT(cd, CD);
SET_HEADER_BIT(ra, RA);
SET_HEADER_BIT(ad, AD);
SET_HEADER_INT(opcode, OPCODE);
SET_HEADER_INT(rcode, RCODE);
SET_HEADER_BIT(z, Z);
for ( rr_iter = _getdns_rr_iter_init(&rr_iter_storage, header, pkt_len)
; rr_iter
; rr_iter = _getdns_rr_iter_next(rr_iter)) {
if (rr_iter->nxt > pkt_end)
return GETDNS_RETURN_GENERIC_ERROR;
if (!--rrs2skip)
break;
/* TODO: Delete sigs when do bit was off */
}
gldns_buffer_set_position(gbuf, rr_iter->nxt - header);
if (!getdns_dict_get_list(reply, "additional", &section)) {
for ( n = 0, i = 0
; !getdns_list_get_dict(section, i, &rr_dict); i++) {
if (!_getdns_rr_dict2wire(rr_dict, gbuf))
n++;
}
gldns_buffer_write_u16_at(gbuf, pkt_start+GLDNS_ARCOUNT_OFF, n);
}
return GETDNS_RETURN_GOOD;
}
getdns_return_t
_getdns_reply_dict2wire(
const getdns_dict *reply, gldns_buffer *buf, int reuse_header)
@ -825,7 +787,6 @@ _getdns_reply_dict2wire(
getdns_list *section;
getdns_dict *rr_dict;
getdns_bindata *qname;
name_cache_t name_cache = {0};
int remove_dnssec;
pkt_start = gldns_buffer_position(buf);
@ -855,7 +816,7 @@ _getdns_reply_dict2wire(
if (!getdns_dict_get_bindata(reply, "/question/qname", &qname) &&
!getdns_dict_get_int(reply, "/question/qtype", &qtype)) {
(void)getdns_dict_get_int(reply, "/question/qclass", &qclass);
_getdns_rr_buffer_write_cached_name(buf, qname, &name_cache);
gldns_buffer_write(buf, qname->data, qname->size);
gldns_buffer_write_u16(buf, (uint16_t)qtype);
gldns_buffer_write_u16(buf, (uint16_t)qclass);
gldns_buffer_write_u16_at(buf, pkt_start+GLDNS_QDCOUNT_OFF, 1);
@ -878,7 +839,7 @@ _getdns_reply_dict2wire(
!getdns_dict_get_int(rr_dict, "type", &rr_type) &&
rr_type == GETDNS_RRTYPE_RRSIG)
continue;
if (!_getdns_rr_dict2wire_cache(rr_dict, buf, &name_cache))
if (!_getdns_rr_dict2wire(rr_dict, buf))
n++;
}
gldns_buffer_write_u16_at(buf, pkt_start+GLDNS_ANCOUNT_OFF, n);
@ -920,10 +881,8 @@ getdns_return_t
_getdns_msg_dict2wire_buf(const getdns_dict *msg_dict, gldns_buffer *gbuf)
{
getdns_return_t r;
getdns_list *replies;
getdns_dict *reply;
getdns_list *wf_replies = NULL;
getdns_bindata *wf_reply;
getdns_list *replies;
getdns_dict *reply;
size_t i;
if ((r = getdns_dict_get_list(msg_dict, "replies_tree", &replies))) {
@ -931,23 +890,8 @@ _getdns_msg_dict2wire_buf(const getdns_dict *msg_dict, gldns_buffer *gbuf)
return r;
return _getdns_reply_dict2wire(msg_dict, gbuf, 0);
}
(void) getdns_dict_get_list(msg_dict, "replies_full", &wf_replies);
for (i = 0; r == GETDNS_RETURN_GOOD; i++) {
if ((r = getdns_list_get_dict(replies, i, &reply)))
;
else if (wf_replies
&& !getdns_list_get_bindata(wf_replies, i, &wf_reply)) {
size_t pkt_start = gldns_buffer_position(gbuf);
if (!gldns_buffer_reserve(gbuf, wf_reply->size))
return GETDNS_RETURN_NEED_MORE_SPACE;
if ((r = _getdns_reply_dict2wire_hdr( reply, gbuf
, wf_reply))) {
gldns_buffer_set_position(gbuf, pkt_start);
r = _getdns_reply_dict2wire(reply, gbuf, 0);
}
} else
if (!(r = getdns_list_get_dict(replies, i, &reply)))
r = _getdns_reply_dict2wire(reply, gbuf, 0);
}
return r == GETDNS_RETURN_NO_SUCH_LIST_ITEM ? GETDNS_RETURN_GOOD : r;
@ -1191,7 +1135,7 @@ _getdns_ipaddr_dict_mf(struct mem_funcs *mf, const char *ipstr)
tsig_name_str = "";
}
}
if (*ipstr == '*' && *(ipstr+1) == '\0') {
if (*ipstr == '*') {
getdns_dict_util_set_string(r, "address_type", "IPv6");
addr.size = 16;
(void) memset(buf, 0, 16);
@ -1445,7 +1389,7 @@ static int _jsmn_get_int(const char *js, jsmntok_t *t, uint32_t *value)
static int _jsmn_get_const(const char *js, jsmntok_t *t, uint32_t *value)
{
char value_str[80] = "";
char value_str[80];
int size = t->end - t->start;
if (size <= 0 || size >= (int)sizeof(value_str))
@ -1726,7 +1670,7 @@ getdns_str2dict(const char *str, getdns_dict **dict)
if (!str || !dict)
return GETDNS_RETURN_INVALID_PARAMETER;
while (*str && isspace((unsigned char)*str))
while (*str && isspace(*str))
str++;
if (*str != '{') {
@ -1903,8 +1847,8 @@ getdns_yaml2list(const char *str, getdns_list **list)
return GETDNS_RETURN_GENERIC_ERROR;
}
#else /* USE_YAML_CONFIG */
(void) str; /* unused parameter */
(void) list; /* unused parameter */
(void) str;
(void) list;
return GETDNS_RETURN_NOT_IMPLEMENTED;
#endif /* USE_YAML_CONFIG */
}
@ -1927,8 +1871,8 @@ getdns_yaml2bindata(const char *str, getdns_bindata **bindata)
return GETDNS_RETURN_GENERIC_ERROR;
}
#else /* USE_YAML_CONFIG */
(void) str; /* unused parameter */
(void) bindata; /* unused parameter */
(void) str;
(void) bindata;
return GETDNS_RETURN_NOT_IMPLEMENTED;
#endif /* USE_YAML_CONFIG */
}
@ -1951,8 +1895,8 @@ getdns_yaml2int(const char *str, uint32_t *value)
return GETDNS_RETURN_GENERIC_ERROR;
}
#else /* USE_YAML_CONFIG */
(void) str; /* unused parameter */
(void) value; /* unused parameter */
(void) str;
(void) value;
return GETDNS_RETURN_NOT_IMPLEMENTED;
#endif /* USE_YAML_CONFIG */
}

4
src/convert.h
View File

@ -38,10 +38,6 @@
#include "types-internal.h"
#include <stdio.h>
getdns_return_t
_getdns_wire2msg_dict_scan(struct mem_funcs *mf,
const uint8_t **wire, size_t *wire_len, getdns_dict **msg_dict);
getdns_return_t _getdns_wire2rr_dict(struct mem_funcs *mf,
const uint8_t *wire, size_t wire_len, getdns_dict **rr_dict);

114
src/dict.c
View File

@ -83,7 +83,7 @@ static char *_json_ptr_first(const struct mem_funcs *mf,
static struct getdns_dict_item *
_find_dict_item(const getdns_dict *dict, const char *jptr)
{
char first_spc[1024] = "", *first;
char first_spc[1024], *first;
struct getdns_dict_item *d;
first = _json_ptr_first(&dict->mf, jptr,
@ -434,7 +434,7 @@ getdns_dict_create_with_memory_functions(void *(*malloc)(size_t),
/*-------------------------- getdns_dict_create_with_context */
struct getdns_dict *
getdns_dict_create_with_context(const getdns_context *context)
getdns_dict_create_with_context(struct getdns_context *context)
{
if (context)
return getdns_dict_create_with_extended_memory_functions(
@ -655,8 +655,7 @@ getdns_dict_set_bindata(
/*---------------------------------------- getdns_dict_set_bindata */
getdns_return_t
getdns_dict_util_set_string(getdns_dict *dict,
const char *name, const char *value)
getdns_dict_util_set_string(getdns_dict *dict, char *name, const char *value)
{
getdns_item *item;
getdns_bindata *newbindata;
@ -738,16 +737,21 @@ getdns_pp_base64(gldns_buffer *buf, getdns_bindata *bindata)
{
size_t p = gldns_buffer_position(buf);
size_t base64str_sz;
char *target;
size_t avail;
if (gldns_buffer_printf(buf, " <bindata of ") < 0)
return -1;
base64str_sz = gldns_b64_ntop_calculate_size(bindata->size);
if (!gldns_buffer_reserve(buf, base64str_sz))
return -1;
gldns_buffer_skip(buf, gldns_b64_ntop(bindata->data, bindata->size,
(char *)gldns_buffer_current(buf), base64str_sz));
target = (char *)gldns_buffer_current(buf);
avail = gldns_buffer_remaining(buf);
if (avail >= base64str_sz)
gldns_buffer_skip(buf, gldns_b64_ntop(
bindata->data, bindata->size,
target, base64str_sz));
else
gldns_buffer_skip(buf, base64str_sz);
if (gldns_buffer_printf(buf, ">") < 0)
return -1;
@ -782,37 +786,13 @@ getdns_pp_bindata(gldns_buffer *buf, getdns_bindata *bindata,
if (bindata->size > 0 && i == bindata->size) { /* all printable? */
if (json) {
const uint8_t *s = bindata->data;
const uint8_t *e = s + bindata->size;
const uint8_t *b;
if (!gldns_buffer_reserve(buf, (e - s) + 2))
return -1;
gldns_buffer_write_u8(buf, '"');
for (;;) {
for ( b = s
; b < e && *b != '\\' && *b != '"'
; b++)
; /* pass */
if (b == e)
break;
if (!gldns_buffer_reserve(buf, (b - s) + 3))
return -1;
gldns_buffer_write(buf, s, b - s);
gldns_buffer_write_u8(buf, '\\');
gldns_buffer_write_u8(buf, *b);
s = b + 1;
}
if (s < e)
gldns_buffer_write(buf, s, e - s);
gldns_buffer_write_u8(buf, '"');
} else {
if (json)
(void)snprintf(spc, sizeof(spc), "\"%%.%ds\"", (int)i);
else
(void)snprintf(spc, sizeof(spc), "of \"%%.%ds\"%s>",
(int)(i > 32 ? 32 : i), (i > 32 ? "..." : ""));
if (gldns_buffer_printf(buf, spc, bindata->data) < 0)
return -1;
}
if (gldns_buffer_printf(buf, spc, bindata->data) < 0)
return -1;
} else if (bindata->size > 1 && /* null terminated printable */
i == bindata->size - 1 && bindata->data[i] == 0) {
@ -892,7 +872,6 @@ getdns_pp_list(gldns_buffer *buf, size_t indent, const getdns_list *list,
struct getdns_bindata *bindata_item;
uint32_t int_item;
const char *strval;
char abuf[80];
if (list == NULL)
return 0;
@ -934,21 +913,7 @@ getdns_pp_list(gldns_buffer *buf, size_t indent, const getdns_list *list,
if (getdns_list_get_bindata(list, i, &bindata_item) !=
GETDNS_RETURN_GOOD)
return -1;
if (for_literals && (bindata_item->size == 4 ||
bindata_item->size == 16 )) {
if (gldns_buffer_printf(buf,
(json ? "\"%s\"" : " <bindata for %s>"),
inet_ntop(( bindata_item->size == 4
? AF_INET : AF_INET6)
, bindata_item->data
, abuf
, sizeof(abuf) - 1
)) < 0)
return -1;
} else if (getdns_pp_bindata(
if (getdns_pp_bindata(
buf, bindata_item, 0, json) < 0)
return -1;
break;
@ -1036,21 +1001,21 @@ static int
_getdns_print_rcode(gldns_buffer *buf, uint32_t rcode)
{
static const char *rcodes[] = {
" GETDNS_RCODE_NOERROR" , " GETDNS_RCODE_FORMERR" ,
" GETDNS_RCODE_SERVFAIL", " GETDNS_RCODE_NXDOMAIN" ,
" GETDNS_RCODE_NOTIMP" , " GETDNS_RCODE_REFUSED" ,
" GETDNS_RCODE_YXDOMAIN", " GETDNS_RCODE_YXRRSET" ,
" GETDNS_RCODE_NXRRSET" , " GETDNS_RCODE_NOTAUTH" ,
" GETDNS_RCODE_NOERROR" , " GETDNS_RCODE_FORMERR" ,
" GETDNS_RCODE_SERVFAIL", " GETDNS_RCODE_NXDOMAIN",
" GETDNS_RCODE_NOTIMP" , " GETDNS_RCODE_REFUSED" ,
" GETDNS_RCODE_YXDOMAIN", " GETDNS_RCODE_YXRRSET" ,
" GETDNS_RCODE_NXRRSET" , " GETDNS_RCODE_NOTAUTH" ,
" GETDNS_RCODE_NOTZONE" ,
" GETDNS_RCODE_BADSIG" , " GETDNS_RCODE_BADKEY" ,
" GETDNS_RCODE_BADTIME" , " GETDNS_RCODE_BADMODE" ,
" GETDNS_RCODE_BADNAME" , " GETDNS_RCODE_BADALG" ,
" GETDNS_RCODE_BADTRUNC", " GETDNS_RCODE_BADCOOKIE"
" GETDNS_RCODE_BADSIG" , " GETDNS_RCODE_BADKEY" ,
" GETDNS_RCODE_BADTIME" , " GETDNS_RCODE_BADMODE" ,
" GETDNS_RCODE_BADNAME" , " GETDNS_RCODE_BADALG" ,
" GETDNS_RCODE_BADTRUNC"
};
if (rcode <= 10)
(void) gldns_buffer_printf(buf, "%s", rcodes[rcode]);
else if (rcode >= 16 && rcode <= 23)
(void) gldns_buffer_printf(buf, "%s", rcodes[rcode-5]);
else if (rcode >= 16 && rcode <= 22)
(void) gldns_buffer_printf(buf, "%s", rcodes[rcode-6]);
else
return 0;
return 1;
@ -1118,12 +1083,9 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
strcmp(item->node.key, "transport") == 0 ||
strcmp(item->node.key, "resolution_type") == 0 ||
strcmp(item->node.key, "tls_authentication") == 0 ||
strcmp(item->node.key, "tls_min_version") == 0 ||
strcmp(item->node.key, "tls_max_version") == 0 ||
/* extensions */
strcmp(item->node.key, "add_warning_for_bad_dns") == 0 ||
strcmp(item->node.key, "dnssec") == 0 ||
strcmp(item->node.key, "dnssec_return_all_statuses") == 0 ||
strcmp(item->node.key, "dnssec_return_full_validation_chain") == 0 ||
strcmp(item->node.key, "dnssec_return_only_secure") == 0 ||
@ -1156,11 +1118,6 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
if (!json && strcmp(item->node.key, "rcode") == 0 &&
_getdns_print_rcode(buf, item->i.data.n))
break;
if (!json &&
strcmp(item->node.key, "extended_rcode") == 0 &&
item->i.data.n >= 16 &&
_getdns_print_rcode(buf, item->i.data.n))
break;
if (gldns_buffer_printf(
buf,(json < 2 ? " %d" : "%d"), item->i.data.n) < 0)
return -1;
@ -1169,9 +1126,7 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
case t_bindata:
if ((strcmp(item->node.key, "address_data") == 0 ||
strcmp(item->node.key, "ipv4_address") == 0 ||
strcmp(item->node.key, "ipv6_address") == 0 ||
strcmp(item->node.key, "answer_ipv4_address") == 0 ||
strcmp(item->node.key, "answer_ipv6_address") == 0) &&
strcmp(item->node.key, "ipv6_address") == 0 ) &&
(item->i.data.bindata->size == 4 ||
item->i.data.bindata->size == 16 )) {
@ -1184,7 +1139,7 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
, 40
)) < 0)
return -1;
} else if (!json &&
(strcmp(item->node.key, "pin-sha256") == 0 ||
strcmp(item->node.key, "value") == 0) &&
@ -1219,9 +1174,8 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
if (getdns_pp_list(buf, indent, item->i.data.list,
(strcmp(item->node.key, "namespaces") == 0 ||
strcmp(item->node.key, "dns_transport_list") == 0
|| strcmp(item->node.key, "bad_dns") == 0 ||
strcmp(item->node.key, "dns_root_servers") == 0
), json) < 0)
|| strcmp(item->node.key, "bad_dns") == 0),
json) < 0)
return -1;
break;

414
src/dnssec.c
View File

@ -178,7 +178,7 @@
* "DNSSEC Validation".
*
* Many functions are of key verification boolean return type; e.g.
* key_proves_nonexistance(), ds_authenticates_keys(), a_key_signed_rrset()
* key_proves_non_existance(), ds_authenticates_keys(), a_key_signed_rrset()
* These will return the keytag identifying the key that was used to
* authenticate + 0x10000 to allow keytag 0.
*
@ -192,7 +192,9 @@
#include "debug.h"
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <ctype.h>
#include <openssl/sha.h>
#include "getdns/getdns.h"
#include "context.h"
#include "util-internal.h"
@ -208,7 +210,6 @@
#include "list.h"
#include "util/val_secalgo.h"
#include "anchor.h"
#include "tls.h"
#define SIGNATURE_VERIFIED 0x10000
#define NSEC3_ITERATION_COUNT_HIGH 0x20000
@ -243,16 +244,13 @@ static inline int _dname_equal(const uint8_t *left, const uint8_t *right)
static int _dname_is_parent(
const uint8_t * const parent, const uint8_t *subdomain)
{
if (*parent == 0)
return 1;
else while (*subdomain) {
while (*subdomain) {
if (_dname_equal(parent, subdomain))
return 1;
subdomain += *subdomain + 1;
}
return 0;
return *parent == 0;
}
static uint8_t *_dname_label_copy(uint8_t *dst, const uint8_t *src, size_t dst_len)
@ -398,7 +396,7 @@ static inline void debug_sec_print_rr(const char *msg, _getdns_rr_iter *rr)
}
(void) gldns_wire2str_rr_scan(
(UNCONST_UINT8_p *) &data, &data_len, &str, &str_len,
(UNCONST_UINT8_p) rr->pkt, rr->pkt_end - rr->pkt, NULL);
(UNCONST_UINT8_p) rr->pkt, rr->pkt_end - rr->pkt);
DEBUG_SEC("%s%s", msg, str_spc);
}
static inline void debug_sec_print_dname(const char *msg, const uint8_t *label)
@ -522,7 +520,7 @@ static void val_chain_sched(chain_head *head, const uint8_t *dname);
static void val_chain_sched_ds(chain_head *head, const uint8_t *dname);
static void val_chain_sched_signer(chain_head *head, _getdns_rrsig_iter *rrsig);
static chain_head *add_rrset2val_chain(const struct mem_funcs *mf,
static chain_head *add_rrset2val_chain(struct mem_funcs *mf,
chain_head **chain_p, _getdns_rrset *rrset, getdns_network_req *netreq)
{
chain_head *head;
@ -673,24 +671,6 @@ static chain_head *add_rrset2val_chain(const struct mem_funcs *mf,
if (!(node[-1].parent = max_node))
val_chain_sched(head, (uint8_t *)"\0");
/* For an NSEC or NSEC3 query, stop at that. If it is valid it will
* have a signature which will be chased.
*/
if (head->rrset.rr_type == GETDNS_RRTYPE_NSEC ||
head->rrset.rr_type == GETDNS_RRTYPE_NSEC3)
return head;
/* Otherwise, schedule key lookups for the tld and sld too. */
if (!max_node) {
if (head->node_count > 1)
val_chain_sched(head, node[-2].ds.name);
if (head->node_count > 2)
val_chain_sched(head, node[-3].ds.name);
} else if ((max_labels == 1 || max_labels == 2) && head->node_count > 0)
val_chain_sched(head, node[-1].ds.name);
if (max_labels == 1 && head->node_count > 1)
val_chain_sched(head, node[-2].ds.name);
return head;
}
@ -787,7 +767,7 @@ static int is_synthesized_cname(_getdns_rrset *cname)
* When a SOA query was successful, a query for DS will follow for that
* owner name.
*/
static void add_pkt2val_chain(const struct mem_funcs *mf,
static void add_pkt2val_chain(struct mem_funcs *mf,
chain_head **chain_p, uint8_t *pkt, size_t pkt_len,
getdns_network_req *netreq)
{
@ -849,7 +829,7 @@ static void add_pkt2val_chain(const struct mem_funcs *mf,
* checked eventually.
* But only if we know the question of course...
*/
static void add_question2val_chain(const struct mem_funcs *mf,
static void add_question2val_chain(struct mem_funcs *mf,
chain_head **chain_p, uint8_t *pkt, size_t pkt_len,
const uint8_t *qname, uint16_t qtype, uint16_t qclass,
getdns_network_req *netreq)
@ -922,7 +902,7 @@ static getdns_dict *CD_extension(getdns_dns_req *dnsreq)
? dnssec_ok_checking_disabled_roadblock_avoidance
: dnssec_ok_checking_disabled_avoid_roadblocks;
#else
(void)dnsreq; /* unused parameter */
(void)dnsreq;
return dnssec_ok_checking_disabled;
#endif
}
@ -1071,105 +1051,6 @@ static void val_chain_sched_signer(chain_head *head, _getdns_rrsig_iter *rrsig)
val_chain_sched_signer_node(head->parent, rrsig);
}
/* Cancel all DS and DNSKEY for subdomains of parent_dname,
* and also the DNSKEY query at the parent_dname
*/
static void cancel_requests_for_subdomains_of(
chain_head *head, const uint8_t *parent_dname)
{
chain_head *next;
chain_node *node;
size_t node_count;
while (head) {
next = head->next;
if (!_dname_is_parent(parent_dname, head->rrset.name)) {
head = next;
continue;
}
for ( node_count = head->node_count, node = head->parent
; node_count
; node_count--, node = node->parent ) {
if (!_getdns_netreq_finished(node->dnskey_req)) {
_getdns_context_cancel_request(
node->dnskey_req->owner);
node->dnskey_req = NULL;
}
if (_dname_equal(parent_dname, node->ds.name))
break;
if (!_getdns_netreq_finished(node->ds_req)) {
_getdns_context_cancel_request(
node->ds_req->owner);
node->ds_req = NULL;
}
}
head = next;
}
}
static int nsec3_matches_name(_getdns_rrset *nsec3, const uint8_t *name);
static int nsec3_covers_name(
_getdns_rrset *nsec3, const uint8_t *name, int *opt_out);
static int insecure_delegation(_getdns_rrset *ds_rrset)
{
_getdns_rrset nsec_rrset;
_getdns_rrtype_iter *rr, rr_spc;
_getdns_rrsig_iter rrsig_spc;
_getdns_rdf_iter bitmap_spc, *bitmap;
_getdns_rrset_iter *i, i_spc;
/* For NSEC, an insecure delegation is a NODATA proof for DS */
nsec_rrset = *ds_rrset;
nsec_rrset.rr_type = GETDNS_RRTYPE_NSEC;
if (!_getdns_rrsig_iter_init(&rrsig_spc, &nsec_rrset))
; /* pass */
else for ( rr = _getdns_rrtype_iter_init(&rr_spc, &nsec_rrset)
; rr ; rr = _getdns_rrtype_iter_next(rr)) {
if ((bitmap = _getdns_rdf_iter_init_at( &bitmap_spc
, &rr->rr_i, 1))
&& bitmap_has_type(bitmap, GETDNS_RRTYPE_NS)
&& !bitmap_has_type(bitmap, GETDNS_RRTYPE_DS)
&& _getdns_rrsig_iter_init(&rrsig_spc, &nsec_rrset))
return 1;
}
/* For NSEC3 it is either a NODATA proof with a delegation,
or a NSEC3 opt-out coverage */
for ( i = _getdns_rrset_iter_init(&i_spc, ds_rrset->pkt
, ds_rrset->pkt_len
, SECTION_NO_ADDITIONAL)
; i ; i = _getdns_rrset_iter_next(i)) {
_getdns_rrset *nsec3_rrset = _getdns_rrset_iter_value(i);
int opt_out;
if ( !nsec3_rrset
|| nsec3_rrset->rr_type != GETDNS_RRTYPE_NSEC3
||!(rr = _getdns_rrtype_iter_init(&rr_spc, nsec3_rrset)))
continue;
if (!nsec3_covers_name(nsec3_rrset, ds_rrset->name, &opt_out))
continue;
if (nsec3_matches_name(nsec3_rrset, ds_rrset->name)) {
bitmap = _getdns_rdf_iter_init_at( &bitmap_spc
, &rr->rr_i, 5);
return bitmap
&& bitmap_has_type(bitmap, GETDNS_RRTYPE_NS)
&& !bitmap_has_type(bitmap, GETDNS_RRTYPE_DS);
}
else if (opt_out)
return 1;
}
return 0;
}
static void val_chain_node_cb(getdns_dns_req *dnsreq)
{
chain_node *node = (chain_node *)dnsreq->user_pointer;
@ -1211,28 +1092,12 @@ static void val_chain_node_cb(getdns_dns_req *dnsreq)
n_signers++;
}
}
if (netreq->request_type != GETDNS_RRTYPE_DS)
; /* pass */
else if (n_signers) {
_getdns_rrtype_iter ds_spc;
if (_getdns_rrtype_iter_init(&ds_spc, &node->ds))
; /* pass */
else if (insecure_delegation(&node->ds)) {
debug_sec_print_rrset("Insecure delegation. "
"Canceling requests below ", &node->ds);
cancel_requests_for_subdomains_of(
node->chains, node->ds.name);
} else {
debug_sec_print_rrset("No DS at ", &node->ds);
}
} else {
if (netreq->request_type == GETDNS_RRTYPE_DS && n_signers == 0)
/* No signed DS and no signed proof of non-existance.
* Search further up the tree...
*/
val_chain_sched_ds_node(node->parent);
}
if (node->lock) node->lock--;
check_chain_complete(node->chains);
}
@ -1428,9 +1293,8 @@ static int _rr_iter_rdata_cmp(const void *a, const void *b)
* nc_name will be set to the next closer (within rrset->name).
*/
#define VAL_RRSET_SPC_SZ 256
static int _getdns_verify_rrsig(const struct mem_funcs *mf,
_getdns_rrset *rrset, _getdns_rrsig_iter *rrsig, _getdns_rrtype_iter *key,
const uint8_t **nc_name)
static int _getdns_verify_rrsig(struct mem_funcs *mf,
_getdns_rrset *rrset, _getdns_rrsig_iter *rrsig, _getdns_rrtype_iter *key, const uint8_t **nc_name)
{
int r;
int to_skip;
@ -1554,7 +1418,7 @@ static int _getdns_verify_rrsig(const struct mem_funcs *mf,
for ( rdf = _getdns_rdf_iter_init(&rdf_spc, &val_rrset[i])
; rdf
; rdf = _getdns_rdf_iter_next(rdf) ) {
if ((rdf->rdd_pos->type & GETDNS_RDF_N) != GETDNS_RDF_N) {
if (!(rdf->rdd_pos->type & GETDNS_RDF_N)) {
gldns_buffer_write(
&valbuf, rdf->pos, rdf->nxt - rdf->pos);
continue;
@ -1648,12 +1512,12 @@ static uint8_t *_getdns_nsec3_hash_label(uint8_t *label, size_t label_len,
(void)memcpy(dst, salt + 1, *salt);
dst += *salt;
_getdns_tls_sha1(buf, dst - buf, md);
(void)SHA1(buf, dst - buf, md);
if (iterations) {
(void)memcpy(buf + SHA_DIGEST_LENGTH, salt + 1, *salt);
while (iterations--) {
(void)memcpy(buf, md, SHA_DIGEST_LENGTH);
_getdns_tls_sha1(buf, SHA_DIGEST_LENGTH + *salt, md);
SHA1(buf, SHA_DIGEST_LENGTH + *salt, md);
}
}
*label = gldns_b32_ntop_extended_hex(
@ -1748,9 +1612,8 @@ static int check_dates(time_t now, int32_t skew, int32_t exp, int32_t inc)
/* Returns whether dnskey signed rrset. If the rrset was a valid wildcard
* expansion, nc_name will point to the next closer part of the name in rrset.
*/
static int dnskey_signed_rrset(const struct mem_funcs *mf, time_t now,
uint32_t skew, _getdns_rrtype_iter *dnskey, _getdns_rrset *rrset,
const uint8_t **nc_name)
static int dnskey_signed_rrset(struct mem_funcs *mf, time_t now, uint32_t skew,
_getdns_rrtype_iter *dnskey, _getdns_rrset *rrset, const uint8_t **nc_name)
{
_getdns_rrsig_iter rrsig_spc, *rrsig;
_getdns_rdf_iter rdf_spc, *rdf;
@ -1818,11 +1681,11 @@ static int dnskey_signed_rrset(const struct mem_funcs *mf, time_t now,
}
/* Returns whether a dnskey for keyset signed a non wildcard rrset. */
static int a_key_signed_rrset_no_wc(const struct mem_funcs *mf, time_t now,
static int a_key_signed_rrset_no_wc(struct mem_funcs *mf, time_t now,
uint32_t skew, _getdns_rrset *keyset, _getdns_rrset *rrset)
{
_getdns_rrtype_iter dnskey_spc, *dnskey;
const uint8_t *nc_name; /* Initialized by dnskey_signed_rrset() */
const uint8_t *nc_name;
int keytag;
assert(keyset->rr_type == GETDNS_RRTYPE_DNSKEY);
@ -1830,33 +1693,23 @@ static int a_key_signed_rrset_no_wc(const struct mem_funcs *mf, time_t now,
for ( dnskey = _getdns_rrtype_iter_init(&dnskey_spc, keyset)
; dnskey ; dnskey = _getdns_rrtype_iter_next(dnskey) ) {
if (!(keytag = dnskey_signed_rrset(mf, now, skew,
dnskey, rrset, &nc_name)))
continue;
if (!nc_name) /* Not a wildcard, then success! */
return keytag;
/* Not a wildcard expansion, but the wildcard name itself. */
if (rrset->rr_type == GETDNS_RRTYPE_NSEC &&
rrset->name[0] == 1 && rrset->name[1] == '*' &&
nc_name == rrset->name)
if ((keytag = dnskey_signed_rrset(mf, now, skew,
dnskey, rrset, &nc_name)) && !nc_name)
return keytag;
}
return 0;
}
static int find_nsec_covering_name(const struct mem_funcs *mf,
time_t now, uint32_t skew, _getdns_rrset *dnskey,
static int find_nsec_covering_name(
struct mem_funcs *mf, time_t now, uint32_t skew, _getdns_rrset *dnskey,
_getdns_rrset *rrset, const uint8_t *name, int *opt_out);
/* Returns whether a dnskey for keyset signed rrset. */
static int a_key_signed_rrset(const struct mem_funcs *mf, time_t now,
uint32_t skew, _getdns_rrset *keyset, _getdns_rrset *rrset)
static int a_key_signed_rrset(struct mem_funcs *mf, time_t now, uint32_t skew,
_getdns_rrset *keyset, _getdns_rrset *rrset)
{
_getdns_rrtype_iter dnskey_spc, *dnskey;
const uint8_t *nc_name; /* Initialized by dnskey_signed_rrset() */
const uint8_t *nc_name;
int keytag;
assert(keyset->rr_type == GETDNS_RRTYPE_DNSKEY);
@ -1875,8 +1728,7 @@ static int a_key_signed_rrset(const struct mem_funcs *mf, time_t now,
* There is no more specific!
*/
if (rrset->rr_type == GETDNS_RRTYPE_NSEC &&
rrset->name[0] == 1 && rrset->name[1] == '*' &&
nc_name == rrset->name)
rrset->name[0] == 1 && rrset->name[1] == '*')
return keytag;
debug_sec_print_rrset("wildcard expanded to: ", rrset);
@ -1893,13 +1745,13 @@ static int a_key_signed_rrset(const struct mem_funcs *mf, time_t now,
/* Returns whether a DS in ds_set matches a dnskey in dnskey_set which in turn
* signed the dnskey set.
*/
static int ds_authenticates_keys(const struct mem_funcs *mf,
static int ds_authenticates_keys(struct mem_funcs *mf,
time_t now, uint32_t skew, _getdns_rrset *ds_set, _getdns_rrset *dnskey_set)
{
_getdns_rrtype_iter dnskey_spc, *dnskey;
_getdns_rrtype_iter ds_spc, *ds;
uint16_t keytag;
const uint8_t *nc_name; /* Initialized by dnskey_signed_rrset() */
const uint8_t *nc_name;
size_t valid_dsses = 0, supported_dsses = 0;
uint8_t max_supported_digest = 0;
int max_supported_result = 0;
@ -2178,8 +2030,8 @@ static int nsec3_covers_name(
}
}
static int find_nsec_covering_name(const struct mem_funcs *mf, time_t now,
uint32_t skew, _getdns_rrset *dnskey,
static int find_nsec_covering_name(
struct mem_funcs *mf, time_t now, uint32_t skew, _getdns_rrset *dnskey,
_getdns_rrset *rrset, const uint8_t *name, int *opt_out)
{
_getdns_rrset_iter i_spc, *i;
@ -2281,7 +2133,7 @@ static int find_nsec_covering_name(const struct mem_funcs *mf, time_t now,
}
static int nsec3_find_next_closer(
const struct mem_funcs *mf, time_t now, uint32_t skew,
struct mem_funcs *mf, time_t now, uint32_t skew,
_getdns_rrset *dnskey, _getdns_rrset *rrset,
const uint8_t *nc_name, int *opt_out)
{
@ -2333,7 +2185,7 @@ static int nsec3_find_next_closer(
* verifying key: it returns keytag + NSEC3_ITERATION_COUNT_HIGH (0x20000)
*/
static int key_proves_nonexistance(
const struct mem_funcs *mf, time_t now, uint32_t skew,
struct mem_funcs *mf, time_t now, uint32_t skew,
_getdns_rrset *keyset, _getdns_rrset *rrset, int *opt_out)
{
_getdns_rrset nsec_rrset, *cover, *ce;
@ -2346,7 +2198,6 @@ static int key_proves_nonexistance(
assert(keyset->rr_type == GETDNS_RRTYPE_DNSKEY);
debug_sec_print_rrset("Commencing NX proof for: ", rrset);
if (opt_out)
*opt_out = 0;
@ -2396,14 +2247,6 @@ static int key_proves_nonexistance(
&& (keytag = a_key_signed_rrset_no_wc(
mf, now, skew, keyset, &nsec_rrset))) {
/* Flag an insecure delegation via opt_out.
* See usage of key_proves_nonexistance() from
* chain_node_get_trusted_keys() for explanation.
*/
if (opt_out && rrset->rr_type == GETDNS_RRTYPE_DS)
*opt_out = bitmap_has_type(bitmap, GETDNS_RRTYPE_NS)
&& !bitmap_has_type(bitmap, GETDNS_RRTYPE_SOA);
debug_sec_print_rrset("NSEC NODATA proof for: ", rrset);
return keytag;
}
@ -2549,15 +2392,6 @@ static int key_proves_nonexistance(
&& ( keytag & NSEC3_ITERATION_COUNT_HIGH
|| nsec3_matches_name(ce, rrset->name))) {
/* Flag an insecure delegation via opt_out.
* See usage of key_proves_nonexistance() from
* chain_node_get_trusted_keys() for explanation.
*/
if (opt_out && rrset->rr_type == GETDNS_RRTYPE_DS)
*opt_out =
bitmap_has_type(bitmap, GETDNS_RRTYPE_NS)
&& !bitmap_has_type(bitmap, GETDNS_RRTYPE_SOA);
debug_sec_print_rrset("NSEC3 No Data for: ", rrset);
return keytag;
}
@ -2637,11 +2471,10 @@ static int key_proves_nonexistance(
* non-existence of a DS along the path is proofed, and SECURE otherwise.
*/
static int chain_node_get_trusted_keys(
const struct mem_funcs *mf, time_t now, uint32_t skew,
struct mem_funcs *mf, time_t now, uint32_t skew,
chain_node *node, _getdns_rrset *ta, _getdns_rrset **keys)
{
int s, keytag;
int opt_out;
/* Ascend up to the root */
if (! node)
@ -2672,33 +2505,16 @@ static int chain_node_get_trusted_keys(
*keys = ta;
return GETDNS_DNSSEC_SECURE;
}
/* ta is parent's ZSK proving insecurity below this node? */
/* ta is parent's ZSK */
if ((keytag = key_proves_nonexistance(
mf, now, skew, ta, &node->ds, &opt_out))) {
mf, now, skew, ta, &node->ds, NULL))) {
node->ds_signer = keytag;
return GETDNS_DNSSEC_INSECURE;
}
/* When the proof is in an opt_out span, result will
* be INSECURE regardless the purpose of the searched
* for key.
*
* Otherwise, INSECURE only when this is a zonecut.
* i.e. a NODATA proof, with the NS bit and no SOA bit.
*
* key_proves_nonexistance() will set opt_out also for
* these conditions.
*/
if (opt_out)
return GETDNS_DNSSEC_INSECURE;
/* If this is not an insecurity proof,
* continue searching one label up.
*/
/* ta is parent's ZSK authenticating DS? */
} else if ((keytag = a_key_signed_rrset_no_wc(
if ((keytag = a_key_signed_rrset_no_wc(
mf, now, skew, ta, &node->ds))) {
node->ds_signer = keytag;
/* DS should authenticate the DNSKEY rrset now */
if ((keytag = ds_authenticates_keys(
mf, now, skew, &node->ds, &node->dnskey))) {
*keys = &node->dnskey;
@ -2707,7 +2523,6 @@ static int chain_node_get_trusted_keys(
? GETDNS_DNSSEC_INSECURE
: GETDNS_DNSSEC_SECURE;
}
/* DS without DNSKEY rrset == BOGUS */
return GETDNS_DNSSEC_BOGUS;
}
} else
@ -2725,22 +2540,10 @@ static int chain_node_get_trusted_keys(
/* keys is an authenticated dnskey rrset always now (i.e. ZSK) */
ta = *keys;
/* Back down to the head */
/*************************/
if ((keytag = key_proves_nonexistance(
mf, now, skew, ta, &node->ds, &opt_out))) {
mf, now, skew, ta, &node->ds, NULL))) {
node->ds_signer = keytag;
/* When the proof is in an opt_out span, result will be
* INSECURE regardless the purpose of the searched for key.
*
* Otherwise, INSECURE only when this is a zonecut.
* i.e. a NODATA proof, with the NS bit, but no SOA bit.
*
* key_proves_nonexistance() will set opt_out also for these
* conditions. (NODATA of DS with NS bit and wihout SOA bit)
*/
return opt_out ? GETDNS_DNSSEC_INSECURE
: GETDNS_DNSSEC_SECURE;
return GETDNS_DNSSEC_INSECURE;
}
if (key_matches_signer(ta, &node->ds)) {
@ -2780,64 +2583,22 @@ static int chain_node_get_trusted_keys(
* For this first a secure keyset is looked up, with which the keyset is
* evaluated.
*/
static int chain_head_validate_with_ta(const struct mem_funcs *mf,
static int chain_head_validate_with_ta(struct mem_funcs *mf,
time_t now, uint32_t skew, chain_head *head, _getdns_rrset *ta)
{
_getdns_rrset *keys;
int s, keytag, opt_out;
_getdns_rrtype_iter nsec_spc, *nsec_rr;
_getdns_rdf_iter bitmap_spc, *bitmap;
chain_node *parent;
debug_sec_print_rrset("Validating ", &head->rrset);
debug_sec_print_rrset("\twith trust anchor ", ta);
/* A DS is never at the apex */
if ( head->rrset.rr_type == GETDNS_RRTYPE_DS
&& head->parent->parent)
parent = head->parent->parent;
/* Only at the apex, a NSEC is signed with a DNSKEY with the same
* owner name. All other are signed by the parent domain or higher.
* Besides a shortcut, choosing to search for a trusted key from the
* parent is essential for NSECs at a delagation point! (which would
* otherwise turn out BOGUS).
*/
else if (head->rrset.rr_type == GETDNS_RRTYPE_NSEC
&& head->parent->parent
&& (nsec_rr = _getdns_rrtype_iter_init(&nsec_spc, &head->rrset))
&& (bitmap = _getdns_rdf_iter_init_at(
&bitmap_spc, &nsec_rr->rr_i, 1))
&& !bitmap_has_type(bitmap, GETDNS_RRTYPE_SOA))
parent = head->parent->parent;
/* NSEC3 is always signed by the parent domain!
* ( the ownername of the NSEC3 itself is not in the original zone!
* so a search for a trusted key at that name gives either INSECURE
* (with opt-out) or BOGUS! )
*/
else if (head->rrset.rr_type == GETDNS_RRTYPE_NSEC3
&& head->parent->parent)
parent = head->parent->parent;
else
parent = head->parent;
debug_sec_print_rrset("validating ", &head->rrset);
debug_sec_print_rrset("with trust anchor ", ta);
if ((s = chain_node_get_trusted_keys(
mf, now, skew, parent, ta, &keys)) != GETDNS_DNSSEC_SECURE) {
debug_sec_print_rrset("Could not get trusted keys "
"for validating ", &head->rrset);
DEBUG_SEC("\tstatus: %d\n", (int)s);
mf, now, skew, head->parent, ta, &keys)) != GETDNS_DNSSEC_SECURE)
return s;
}
debug_sec_print_rrset("Validating ", &head->rrset);
debug_sec_print_rrset("\twith keys ", keys);
if (_getdns_rrset_has_rrs(&head->rrset)) {
if ((keytag = a_key_signed_rrset(
mf, now, skew, keys, &head->rrset))) {
DEBUG_SEC("Key %d proved\n", (int)keytag);
debug_sec_print_rrset("\tSECURE: ", &head->rrset);
head->signer = keytag;
return GETDNS_DNSSEC_SECURE;
@ -2846,29 +2607,23 @@ static int chain_head_validate_with_ta(const struct mem_funcs *mf,
skew, keys, &head->rrset, &opt_out))
&& opt_out) {
DEBUG_SEC("Key %d proved (optout)\n", (int)keytag);
debug_sec_print_rrset("\tINSECURE: ", &head->rrset);
head->signer = keytag;
return GETDNS_DNSSEC_INSECURE;
}
} else if ((keytag = key_proves_nonexistance(mf, now, skew,
keys, &head->rrset, &opt_out))) {
DEBUG_SEC("Key %d proved (NX)\n", (int)keytag);
debug_sec_print_rrset("\tSECURE: ", &head->rrset);
head->signer = keytag;
return opt_out || (keytag & NSEC3_ITERATION_COUNT_HIGH)
? GETDNS_DNSSEC_INSECURE : GETDNS_DNSSEC_SECURE;
}
debug_sec_print_rrset("BOGUS: ", &head->rrset);
debug_sec_print_rrset("\twith trust anchor: ", ta);
return GETDNS_DNSSEC_BOGUS;
}
/* The DNSSEC status of the rrset in head is evaluated by trying the trust
* anchors in tas in turn. The best outcome counts.
*/
static int chain_head_validate(const struct mem_funcs *mf, time_t now,
uint32_t skew, chain_head *head, _getdns_rrset_iter *tas)
static int chain_head_validate(struct mem_funcs *mf, time_t now, uint32_t skew,
chain_head *head, _getdns_rrset_iter *tas)
{
_getdns_rrset_iter *i;
_getdns_rrset *ta, dnskey_ta, ds_ta;
@ -3017,7 +2772,7 @@ static void chain_clear_netreq_dnssec_status(chain_head *chain)
* processing each head in turn. The worst outcome is the dnssec status for
* the whole.
*/
static int chain_validate_dnssec(const struct mem_funcs *mf,
static int chain_validate_dnssec(struct mem_funcs *mf,
time_t now, uint32_t skew, chain_head *chain, _getdns_rrset_iter *tas)
{
int s = GETDNS_DNSSEC_INDETERMINATE, t;
@ -3353,6 +3108,7 @@ static void check_chain_complete(chain_head *chain)
} else if (_getdns_bogus(dnsreq)) {
_getdns_rrsig_iter rrsig_spc;
DEBUG_ANCHOR("Request was bogus!\n");
if ((head = chain) && (node = _to_the_root(head->parent))
/* The root DNSKEY rrset */
@ -3365,15 +3121,13 @@ static void check_chain_complete(chain_head *chain)
&& _getdns_rrsig_iter_init(&rrsig_spc, &node->dnskey)
){
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_NOTICE
, "root DNSKEY set was bogus!\n");
DEBUG_ANCHOR("root DNSKEY set was bogus!\n");
if (!dnsreq->waiting_for_ta) {
uint64_t now_ms = 0;
uint64_t now = 0;
dnsreq->waiting_for_ta = 1;
_getdns_context_equip_with_anchor(
context, &now_ms);
context, &now);
if (context->trust_anchors_source
== GETDNS_TASRC_XML) {
@ -3381,19 +3135,9 @@ static void check_chain_complete(chain_head *chain)
check_chain_complete(chain);
return;
}
if (context->trust_anchors_source ==
GETDNS_TASRC_FAILED
&& 0 == _getdns_ms_until_expiry2(
context->trust_anchors_backoff_expiry,
&now_ms)) {
context->trust_anchors_source =
GETDNS_TASRC_NONE;
}
if (context->trust_anchors_source
!= GETDNS_TASRC_FAILED) {
_getdns_start_fetching_ta(
context, dnsreq->loop, &now_ms);
}
_getdns_start_fetching_ta(
context, dnsreq->loop);
if (dnsreq->waiting_for_ta &&
context->trust_anchors_source
== GETDNS_TASRC_FETCHING) {
@ -3548,7 +3292,7 @@ void _getdns_ta_notify_dnsreqs(getdns_context *context)
getdns_network_req *netreq, **netreq_p;
int r = GETDNS_RETURN_GOOD;
(void) _getdns_context_prepare_for_resolution(context);
(void) _getdns_context_prepare_for_resolution(context);
*dnsreq_p = dnsreq->ta_notify;
for ( netreq_p = dnsreq->netreqs
@ -3568,7 +3312,31 @@ void _getdns_ta_notify_dnsreqs(getdns_context *context)
void _getdns_validation_chain_timeout(getdns_dns_req *dnsreq)
{
cancel_requests_for_subdomains_of(dnsreq->chain, (uint8_t *)"\0");
chain_head *head = dnsreq->chain, *next;
chain_node *node;
size_t node_count;
while (head) {
next = head->next;
for ( node_count = head->node_count, node = head->parent
; node_count
; node_count--, node = node->parent ) {
if (!_getdns_netreq_finished(node->dnskey_req)) {
_getdns_context_cancel_request(
node->dnskey_req->owner);
node->dnskey_req = NULL;
}
if (!_getdns_netreq_finished(node->ds_req)) {
_getdns_context_cancel_request(
node->ds_req->owner);
node->ds_req = NULL;
}
}
head = next;
}
dnsreq->request_timed_out = 1;
check_chain_complete(dnsreq->chain);
}
@ -3673,7 +3441,7 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
*****************************************************************************/
static int wire_validate_dnssec(const struct mem_funcs *mf,
static int wire_validate_dnssec(struct mem_funcs *mf,
time_t now, uint32_t skew, uint8_t *to_val, size_t to_val_len,
uint8_t *support, size_t support_len, uint8_t *tas, size_t tas_len)
{
@ -3755,9 +3523,9 @@ static int wire_validate_dnssec(const struct mem_funcs *mf,
*
*/
getdns_return_t
getdns_validate_dnssec2(const getdns_list *records_to_validate,
const getdns_list *support_records,
const getdns_list *trust_anchors,
getdns_validate_dnssec2(getdns_list *records_to_validate,
getdns_list *support_records,
getdns_list *trust_anchors,
time_t now, uint32_t skew)
{
uint8_t to_val_buf[4096], *to_val,
@ -3769,7 +3537,7 @@ getdns_validate_dnssec2(const getdns_list *records_to_validate,
tas_len = sizeof(tas_buf);
int r = GETDNS_RETURN_MEMORY_ERROR;
const struct mem_funcs *mf;
struct mem_funcs *mf;
size_t i;
getdns_dict *reply;
@ -3850,9 +3618,9 @@ exit_free_support:
getdns_return_t
getdns_validate_dnssec(const getdns_list *records_to_validate,
const getdns_list *support_records,
const getdns_list *trust_anchors)
getdns_validate_dnssec(getdns_list *records_to_validate,
getdns_list *support_records,
getdns_list *trust_anchors)
{
return getdns_validate_dnssec2(records_to_validate, support_records,
trust_anchors, time(NULL), 0);

6
src/extension/libev.c
View File

@ -97,7 +97,7 @@ static void
getdns_libev_read_cb(struct ev_loop *l, struct ev_io *io, int revents)
{
getdns_eventloop_event *el_ev = (getdns_eventloop_event *)io->data;
(void)l; (void)revents; /* unused parameters */
(void)l; (void)revents;
assert(el_ev->read_cb);
el_ev->read_cb(el_ev->userarg);
}
@ -106,7 +106,7 @@ static void
getdns_libev_write_cb(struct ev_loop *l, struct ev_io *io, int revents)
{
getdns_eventloop_event *el_ev = (getdns_eventloop_event *)io->data;
(void)l; (void)revents; /* unused parameters */
(void)l; (void)revents;
assert(el_ev->write_cb);
el_ev->write_cb(el_ev->userarg);
}
@ -115,7 +115,7 @@ static void
getdns_libev_timeout_cb(struct ev_loop *l, struct ev_timer *timer, int revents)
{
getdns_eventloop_event *el_ev = (getdns_eventloop_event *)timer->data;
(void)l; (void)revents; /* unused parameters */
(void)l; (void)revents;
assert(el_ev->timeout_cb);
el_ev->timeout_cb(el_ev->userarg);
}

8
src/extension/libevent.c
View File

@ -33,11 +33,7 @@
#include "config.h"
#include "types-internal.h"
#ifndef USE_WINSOCK
#include <sys/time.h>
#else
#include <winsock2.h>
#endif
#include "getdns/getdns_ext_libevent.h"
#ifdef HAVE_EVENT2_EVENT_H
@ -99,7 +95,7 @@ static getdns_return_t
getdns_libevent_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
{
struct event *my_ev = (struct event *)el_ev->ev;
(void)loop; /* unused parameter */
(void)loop;
assert(my_ev);
@ -115,7 +111,7 @@ static void
getdns_libevent_callback(evutil_socket_t fd, short bits, void *arg)
{
getdns_eventloop_event *el_ev = (getdns_eventloop_event *)arg;
(void)fd; /* unused parameter */
(void)fd;
if (bits & EV_READ) {
assert(el_ev->read_cb);

77
src/extension/libuv.c
View File

@ -73,7 +73,8 @@ getdns_libuv_cleanup(getdns_eventloop *loop)
}
typedef struct poll_timer {
uv_poll_t poll;
uv_poll_t read;
uv_poll_t write;
uv_timer_t timer;
int to_close;
struct mem_funcs mf;
@ -103,15 +104,22 @@ getdns_libuv_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
poll_timer *my_ev = (poll_timer *)el_ev->ev;
uv_poll_t *my_poll;
uv_timer_t *my_timer;
(void)loop; /* unused parameter */
(void)loop;
assert(my_ev);
DEBUG_UV("enter libuv_clear(el_ev = %p, my_ev = %p, to_close = %d)\n"
, el_ev, my_ev, my_ev->to_close);
if (el_ev->read_cb || el_ev->write_cb) {
my_poll = &my_ev->poll;
if (el_ev->read_cb) {
my_poll = &my_ev->read;
uv_poll_stop(my_poll);
my_ev->to_close += 1;
my_poll->data = my_ev;
uv_close((uv_handle_t *)my_poll, getdns_libuv_close_cb);
}
if (el_ev->write_cb) {
my_poll = &my_ev->write;
uv_poll_stop(my_poll);
my_ev->to_close += 1;
my_poll->data = my_ev;
@ -131,29 +139,29 @@ getdns_libuv_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
}
static void
getdns_libuv_cb(uv_poll_t *poll, int status, int events)
getdns_libuv_read_cb(uv_poll_t *poll, int status, int events)
{
getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
(void)status; (void)events;
assert(el_ev->read_cb);
DEBUG_UV("enter libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
, el_ev, el_ev->ev);
el_ev->read_cb(el_ev->userarg);
DEBUG_UV("exit libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
, el_ev, el_ev->ev);
}
if (status == 0) {
if (events & UV_READABLE) {
assert(el_ev->read_cb);
DEBUG_UV("enter libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
, el_ev, el_ev->ev);
el_ev->read_cb(el_ev->userarg);
DEBUG_UV("exit libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
, el_ev, el_ev->ev);
} else if (events & UV_WRITABLE) {
assert(el_ev->write_cb);
DEBUG_UV("enter libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
, el_ev, el_ev->ev);
el_ev->write_cb(el_ev->userarg);
DEBUG_UV("exit libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
, el_ev, el_ev->ev);
} else {
assert(ASSERT_UNREACHABLE);
}
}
static void
getdns_libuv_write_cb(uv_poll_t *poll, int status, int events)
{
getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
(void)status; (void)events;
assert(el_ev->write_cb);
DEBUG_UV("enter libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
, el_ev, el_ev->ev);
el_ev->write_cb(el_ev->userarg);
DEBUG_UV("exit libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
, el_ev, el_ev->ev);
}
static void
@ -165,7 +173,7 @@ getdns_libuv_timeout_cb(uv_timer_t *timer, int status)
{
getdns_eventloop_event *el_ev = (getdns_eventloop_event *)timer->data;
#ifndef HAVE_NEW_UV_TIMER_CB
(void)status; /* unused parameter */
(void)status;
#endif
assert(el_ev->timeout_cb);
DEBUG_UV("enter libuv_timeout_cb(el_ev = %p, el_ev->ev = %p)\n"
@ -197,15 +205,18 @@ getdns_libuv_schedule(getdns_eventloop *loop,
my_ev->to_close = 0;
my_ev->mf = ext->mf;
el_ev->ev = my_ev;
if (el_ev->read_cb || el_ev->write_cb) {
my_poll = &my_ev->poll;
if (el_ev->read_cb) {
my_poll = &my_ev->read;
my_poll->data = el_ev;
uv_poll_init(ext->loop, my_poll, fd);
int events =
(el_ev->read_cb ? UV_READABLE : 0) |
(el_ev->write_cb ? UV_WRITABLE : 0);
uv_poll_start(my_poll, events, getdns_libuv_cb);
uv_poll_start(my_poll, UV_READABLE, getdns_libuv_read_cb);
}
if (el_ev->write_cb) {
my_poll = &my_ev->write;
my_poll->data = el_ev;
uv_poll_init(ext->loop, my_poll, fd);
uv_poll_start(my_poll, UV_WRITABLE, getdns_libuv_write_cb);
}
if (el_ev->timeout_cb) {
my_timer = &my_ev->timer;

4
src/extension/poll_eventloop.c
View File

@ -288,7 +288,7 @@ static void
poll_read_cb(int fd, getdns_eventloop_event *event)
{
#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
(void)fd; /* unused parameter */
(void)fd;
#endif
DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
if (event && event->read_cb)
@ -299,7 +299,7 @@ static void
poll_write_cb(int fd, getdns_eventloop_event *event)
{
#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
(void)fd; /* unused parameter */
(void)fd;
#endif
DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
if (event && event->write_cb)

12
src/extension/select_eventloop.c
View File

@ -154,14 +154,14 @@ select_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
static void
select_eventloop_cleanup(getdns_eventloop *loop)
{
(void)loop; /* unused parameter */
(void)loop;
}
static void
select_read_cb(int fd, getdns_eventloop_event *event)
{
#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
(void)fd; /* unused parameter */
(void)fd;
#endif
DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
event->read_cb(event->userarg);
@ -171,7 +171,7 @@ static void
select_write_cb(int fd, getdns_eventloop_event *event)
{
#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
(void)fd; /* unused parameter */
(void)fd;
#endif
DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
event->write_cb(event->userarg);
@ -181,7 +181,7 @@ static void
select_timeout_cb(int fd, getdns_eventloop_event *event)
{
#if !defined(SCHED_DEBUG) || !SCHED_DEBUG
(void)fd; /* unused parameter */
(void)fd;
#endif
DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
event->timeout_cb(event->userarg);
@ -244,7 +244,7 @@ select_eventloop_run_once(getdns_eventloop *loop, int blocking)
} else {
#endif
if (select(max_fd + 1, &readfds, &writefds, NULL,
((blocking && timeout == TIMEOUT_FOREVER) ? NULL : &tv)) < 0) {
(timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) {
if (_getdns_socketerror_wants_retry())
return;
@ -309,7 +309,7 @@ _getdns_select_eventloop_init(struct mem_funcs *mf, _getdns_select_eventloop *lo
select_eventloop_run,
select_eventloop_run_once
};
(void) mf; /* unused parameter */
(void) mf;
(void) memset(loop, 0, sizeof(_getdns_select_eventloop));
loop->loop.vmt = &select_eventloop_vmt;
}

56
src/general.c
View File

@ -218,14 +218,12 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
&& !dns_req->avoid_dnssec_roadblocks
&& (dns_req->dnssec_return_status ||
dns_req->dnssec_return_only_secure ||
dns_req->dnssec ||
dns_req->dnssec_return_all_statuses
))
#endif
|| ( dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
&& (dns_req->dnssec_return_status ||
dns_req->dnssec_return_only_secure ||
dns_req->dnssec ||
dns_req->dnssec_return_all_statuses)
&& _getdns_bogus(dns_req))
)) {
@ -243,6 +241,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
#if defined(REQ_DEBUG) && REQ_DEBUG
debug_req("getting validation chain for ", *dns_req->netreqs);
#endif
DEBUG_ANCHOR("Valchain lookup\n");
_getdns_get_validation_chain(dns_req);
} else
_getdns_call_user_callback(
@ -251,18 +250,10 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
#ifdef HAVE_LIBUNBOUND
#ifdef HAVE_UNBOUND_EVENT_API
#if UNBOUND_VERSION_MAJOR > 1 || (UNBOUND_VERSION_MAJOR == 1 && UNBOUND_VERSION_MINOR >= 8)
static void
ub_resolve_event_callback(void* arg, int rcode, void *pkt, int pkt_len,
int sec, char* why_bogus, int was_ratelimited)
{
(void) was_ratelimited; /* unused parameter */
#else
static void
ub_resolve_event_callback(void* arg, int rcode, void *pkt, int pkt_len,
int sec, char* why_bogus)
{
#endif
getdns_network_req *netreq = (getdns_network_req *) arg;
getdns_dns_req *dns_req = netreq->owner;
@ -432,7 +423,6 @@ _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms)
if ( context->resolution_type == GETDNS_RESOLUTION_RECURSING
|| dns_req->dnssec_return_status
|| dns_req->dnssec_return_only_secure
|| dns_req->dnssec
|| dns_req->dnssec_return_all_statuses
|| dns_req->dnssec_return_validation_chain) {
#endif
@ -502,7 +492,7 @@ extformatcmp(const void *a, const void *b)
/*---------------------------------------- validate_extensions */
static getdns_return_t
validate_extensions(const getdns_dict * extensions)
validate_extensions(struct getdns_dict * extensions)
{
/**
* this is a comprehensive list of extensions and their data types
@ -513,7 +503,6 @@ validate_extensions(const getdns_dict * extensions)
static getdns_extension_format extformats[] = {
{"add_opt_parameters" , t_dict, 1},
{"add_warning_for_bad_dns" , t_int , 1},
{"dnssec" , t_int , 1},
{"dnssec_return_all_statuses" , t_int , 1},
{"dnssec_return_full_validation_chain", t_int , 1},
{"dnssec_return_only_secure" , t_int , 1},
@ -566,7 +555,7 @@ validate_extensions(const getdns_dict * extensions)
static getdns_return_t
getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
const char *name, uint16_t request_type, const getdns_dict *extensions,
const char *name, uint16_t request_type, getdns_dict *extensions,
void *userarg, getdns_network_req **return_netreq_p,
getdns_callback_t callbackfn, internal_cb_t internal_cb, int usenamespaces)
{
@ -602,18 +591,13 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
_getdns_context_track_outbound_request(req);
if (req->dnssec_extension_set) {
if (context->trust_anchors_source == GETDNS_TASRC_FAILED
&& _getdns_ms_until_expiry2(
context->trust_anchors_backoff_expiry, &now_ms) == 0) {
context->trust_anchors_source = GETDNS_TASRC_NONE;
}
if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
_getdns_start_fetching_ta(context, loop, &now_ms);
_getdns_start_fetching_ta(context, loop);
else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
_getdns_context_equip_with_anchor(context, &now_ms);
if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
_getdns_start_fetching_ta(context, loop, &now_ms);
_getdns_start_fetching_ta(context, loop);
}
}
}
@ -651,8 +635,6 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
req->is_dns_request = 0;
_getdns_call_user_callback
( req, localnames_response);
if (return_netreq_p)
*return_netreq_p = NULL;
break;
}
#ifdef HAVE_MDNS_SUPPORT
@ -724,7 +706,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
getdns_return_t
_getdns_general_loop(getdns_context *context, getdns_eventloop *loop,
const char *name, uint16_t request_type, const getdns_dict *extensions,
const char *name, uint16_t request_type, getdns_dict *extensions,
void *userarg, getdns_network_req **netreq_p,
getdns_callback_t callback, internal_cb_t internal_cb)
{
@ -736,33 +718,33 @@ _getdns_general_loop(getdns_context *context, getdns_eventloop *loop,
getdns_return_t
_getdns_address_loop(getdns_context *context, getdns_eventloop *loop,
const char *name, const getdns_dict *extensions, void *userarg,
const char *name, getdns_dict *extensions, void *userarg,
getdns_transaction_t *transaction_id, getdns_callback_t callback)
{
getdns_dict *my_extensions = NULL;
getdns_dict *my_extensions = extensions;
getdns_return_t r;
uint32_t value;
getdns_network_req *netreq = NULL;
if (!extensions) {
if (!my_extensions) {
if (!(my_extensions=getdns_dict_create_with_context(context)))
return GETDNS_RETURN_MEMORY_ERROR;
} else if (
getdns_dict_get_int(extensions, "return_both_v4_and_v6", &value)
getdns_dict_get_int(my_extensions, "return_both_v4_and_v6", &value)
&& (r = _getdns_dict_copy(extensions, &my_extensions)))
return r;
if (my_extensions && (r = getdns_dict_set_int(
if (my_extensions != extensions && (r = getdns_dict_set_int(
my_extensions, "return_both_v4_and_v6", GETDNS_EXTENSION_TRUE)))
return r;
r = getdns_general_ns(context, loop,
name, GETDNS_RRTYPE_AAAA, my_extensions ? my_extensions : extensions,
name, GETDNS_RRTYPE_AAAA, my_extensions,
userarg, &netreq, callback, NULL, 1);
if (netreq && transaction_id)
*transaction_id = netreq->owner->trans_id;
if (my_extensions)
if (my_extensions != extensions)
getdns_dict_destroy(my_extensions);
return r;
@ -770,7 +752,7 @@ _getdns_address_loop(getdns_context *context, getdns_eventloop *loop,
getdns_return_t
_getdns_hostname_loop(getdns_context *context, getdns_eventloop *loop,
const getdns_dict *address, const getdns_dict *extensions, void *userarg,
getdns_dict *address, getdns_dict *extensions, void *userarg,
getdns_transaction_t *transaction_id, getdns_callback_t callback)
{
struct getdns_bindata *address_data;
@ -860,7 +842,7 @@ _getdns_hostname_loop(getdns_context *context, getdns_eventloop *loop,
getdns_return_t
_getdns_service_loop(getdns_context *context, getdns_eventloop *loop,
const char *name, const getdns_dict *extensions, void *userarg,
const char *name, getdns_dict *extensions, void *userarg,
getdns_transaction_t * transaction_id, getdns_callback_t callback)
{
getdns_return_t r;
@ -877,7 +859,7 @@ _getdns_service_loop(getdns_context *context, getdns_eventloop *loop,
*/
getdns_return_t
getdns_general(getdns_context *context,
const char *name, uint16_t request_type, const getdns_dict *extensions,
const char *name, uint16_t request_type, getdns_dict *extensions,
void *userarg, getdns_transaction_t * transaction_id,
getdns_callback_t callbackfn)
{
@ -899,7 +881,7 @@ getdns_general(getdns_context *context,
*/
getdns_return_t
getdns_address(getdns_context *context,
const char *name, const getdns_dict *extensions, void *userarg,
const char *name, getdns_dict *extensions, void *userarg,
getdns_transaction_t *transaction_id, getdns_callback_t callbackfn)
{
if (!context) return GETDNS_RETURN_INVALID_PARAMETER;
@ -914,7 +896,7 @@ getdns_address(getdns_context *context,
*/
getdns_return_t
getdns_hostname(getdns_context *context,
const getdns_dict *address, const getdns_dict *extensions, void *userarg,
getdns_dict *address, getdns_dict *extensions, void *userarg,
getdns_transaction_t *transaction_id, getdns_callback_t callbackfn)
{
if (!context) return GETDNS_RETURN_INVALID_PARAMETER;
@ -928,7 +910,7 @@ getdns_hostname(getdns_context *context,
*/
getdns_return_t
getdns_service(getdns_context *context,
const char *name, const getdns_dict *extensions, void *userarg,
const char *name, getdns_dict *extensions, void *userarg,
getdns_transaction_t *transaction_id, getdns_callback_t callbackfn)
{
if (!context) return GETDNS_RETURN_INVALID_PARAMETER;

8
src/general.h
View File

@ -63,25 +63,25 @@ int _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms);
getdns_return_t
_getdns_general_loop(getdns_context *context, getdns_eventloop *loop,
const char *name, uint16_t request_type, const getdns_dict *extensions,
const char *name, uint16_t request_type, getdns_dict *extensions,
void *userarg, getdns_network_req **netreq_p,
getdns_callback_t callbackfn, internal_cb_t internal_cb);
getdns_return_t
_getdns_address_loop(getdns_context *context, getdns_eventloop *loop,
const char *name, const getdns_dict *extensions,
const char *name, getdns_dict *extensions,
void *userarg, getdns_transaction_t *transaction_id,
getdns_callback_t callbackfn);
getdns_return_t
_getdns_hostname_loop(getdns_context *context, getdns_eventloop *loop,
const getdns_dict *address, const getdns_dict *extensions,
getdns_dict *address, getdns_dict *extensions,
void *userarg, getdns_transaction_t *transaction_id,
getdns_callback_t callbackfn);
getdns_return_t
_getdns_service_loop(getdns_context *context, getdns_eventloop *loop,
const char *name, const getdns_dict *extensions,
const char *name, getdns_dict *extensions,
void *userarg, getdns_transaction_t *transaction_id,
getdns_callback_t callbackfn);

107
src/getdns/getdns.h.in
View File

@ -416,9 +416,6 @@ typedef enum getdns_callback_type_t {
#define GETDNS_RRTYPE_CDNSKEY 60
#define GETDNS_RRTYPE_OPENPGPKEY 61
#define GETDNS_RRTYPE_CSYNC 62
#define GETDNS_RRTYPE_ZONEMD 63
#define GETDNS_RRTYPE_SVCB 64
#define GETDNS_RRTYPE_HTTPS 65
#define GETDNS_RRTYPE_SPF 99
#define GETDNS_RRTYPE_UINFO 100
#define GETDNS_RRTYPE_UID 101
@ -441,7 +438,6 @@ typedef enum getdns_callback_type_t {
#define GETDNS_RRTYPE_CAA 257
#define GETDNS_RRTYPE_AVC 258
#define GETDNS_RRTYPE_DOA 259
#define GETDNS_RRTYPE_AMTRELAY 260
#define GETDNS_RRTYPE_TA 32768
#define GETDNS_RRTYPE_DLV 32769
/** @}
@ -475,26 +471,26 @@ typedef enum getdns_callback_type_t {
* \defgroup rcodes Rcodes
* @{
*/
#define GETDNS_RCODE_NOERROR 0
#define GETDNS_RCODE_FORMERR 1
#define GETDNS_RCODE_SERVFAIL 2
#define GETDNS_RCODE_NXDOMAIN 3
#define GETDNS_RCODE_NOTIMP 4
#define GETDNS_RCODE_REFUSED 5
#define GETDNS_RCODE_YXDOMAIN 6
#define GETDNS_RCODE_YXRRSET 7
#define GETDNS_RCODE_NXRRSET 8
#define GETDNS_RCODE_NOTAUTH 9
#define GETDNS_RCODE_NOTZONE 10
#define GETDNS_RCODE_BADVERS 16
#define GETDNS_RCODE_BADSIG 16
#define GETDNS_RCODE_BADKEY 17
#define GETDNS_RCODE_BADTIME 18
#define GETDNS_RCODE_BADMODE 19
#define GETDNS_RCODE_BADNAME 20
#define GETDNS_RCODE_BADALG 21
#define GETDNS_RCODE_BADTRUNC 22
#define GETDNS_RCODE_BADCOOKIE 23
#define GETDNS_RCODE_NOERROR 0
#define GETDNS_RCODE_FORMERR 1
#define GETDNS_RCODE_SERVFAIL 2
#define GETDNS_RCODE_NXDOMAIN 3
#define GETDNS_RCODE_NOTIMP 4
#define GETDNS_RCODE_REFUSED 5
#define GETDNS_RCODE_YXDOMAIN 6
#define GETDNS_RCODE_YXRRSET 7
#define GETDNS_RCODE_NXRRSET 8
#define GETDNS_RCODE_NOTAUTH 9
#define GETDNS_RCODE_NOTZONE 10
#define GETDNS_RCODE_BADVERS 16
#define GETDNS_RCODE_BADSIG 16
#define GETDNS_RCODE_BADKEY 17
#define GETDNS_RCODE_BADTIME 18
#define GETDNS_RCODE_BADMODE 19
#define GETDNS_RCODE_BADNAME 20
#define GETDNS_RCODE_BADALG 21
#define GETDNS_RCODE_BADTRUNC 22
#define GETDNS_RCODE_COOKIE 23
/** @}
*/
@ -747,7 +743,7 @@ getdns_list *getdns_list_create();
* used to create and initialize the list.
* @return pointer to an allocated list, NULL if insufficient memory
*/
getdns_list *getdns_list_create_with_context(const getdns_context *context);
getdns_list *getdns_list_create_with_context(getdns_context *context);
/**
* create a new list with no items, creating and initializing it with the
@ -867,7 +863,7 @@ getdns_dict *getdns_dict_create();
* used to create and initialize the dict.
* @return pointer to an allocated dict, NULL if insufficient memory
*/
getdns_dict *getdns_dict_create_with_context(const getdns_context *context);
getdns_dict *getdns_dict_create_with_context(getdns_context *context);
/**
* create a new dict with no items, creating and initializing it with the
@ -1034,9 +1030,9 @@ getdns_return_t
getdns_general(getdns_context *context,
const char *name,
uint16_t request_type,
const getdns_dict *extensions,
getdns_dict *extensions,
void *userarg,
getdns_transaction_t *transaction_id, getdns_callback_t callbackfn);
getdns_transaction_t * transaction_id, getdns_callback_t callbackfn);
/**
* retrieve address assigned to a DNS name
@ -1052,9 +1048,9 @@ getdns_general(getdns_context *context,
getdns_return_t
getdns_address(getdns_context *context,
const char *name,
const getdns_dict *extensions,
getdns_dict *extensions,
void *userarg,
getdns_transaction_t *transaction_id, getdns_callback_t callbackfn);
getdns_transaction_t * transaction_id, getdns_callback_t callbackfn);
/**
* retrieve hostname assigned to an IP address
@ -1069,10 +1065,10 @@ getdns_address(getdns_context *context,
*/
getdns_return_t
getdns_hostname(getdns_context *context,
const getdns_dict *address,
const getdns_dict *extensions,
getdns_dict *address,
getdns_dict *extensions,
void *userarg,
getdns_transaction_t *transaction_id, getdns_callback_t callbackfn);
getdns_transaction_t * transaction_id, getdns_callback_t callbackfn);
/**
* retrieve a service assigned to a DNS name
@ -1088,9 +1084,9 @@ getdns_hostname(getdns_context *context,
getdns_return_t
getdns_service(getdns_context *context,
const char *name,
const getdns_dict *extensions,
getdns_dict *extensions,
void *userarg,
getdns_transaction_t *transaction_id, getdns_callback_t callbackfn);
getdns_transaction_t * transaction_id, getdns_callback_t callbackfn);
/** @}
*/
@ -1205,7 +1201,7 @@ getdns_return_t
getdns_general_sync(getdns_context *context,
const char *name,
uint16_t request_type,
const getdns_dict *extensions,
getdns_dict *extensions,
getdns_dict **response);
/**
@ -1220,7 +1216,7 @@ getdns_general_sync(getdns_context *context,
getdns_return_t
getdns_address_sync(getdns_context *context,
const char *name,
const getdns_dict *extensions,
getdns_dict *extensions,
getdns_dict **response);
/**
@ -1234,8 +1230,8 @@ getdns_address_sync(getdns_context *context,
*/
getdns_return_t
getdns_hostname_sync(getdns_context *context,
const getdns_dict *address,
const getdns_dict *extensions,
getdns_dict *address,
getdns_dict *extensions,
getdns_dict **response);
/**
@ -1250,7 +1246,7 @@ getdns_hostname_sync(getdns_context *context,
getdns_return_t
getdns_service_sync(getdns_context *context,
const char *name,
const getdns_dict *extensions,
getdns_dict *extensions,
getdns_dict **response);
/** @}
@ -1345,8 +1341,9 @@ char *getdns_convert_alabel_to_ulabel(const char *alabel);
* depending on the validation status.
*/
getdns_return_t
getdns_validate_dnssec(const getdns_list *to_validate,
const getdns_list *support_records, const getdns_list *trust_anchors);
getdns_validate_dnssec(getdns_list *to_validate,
getdns_list *support_records,
getdns_list *trust_anchors);
/**
* Get the default list of trust anchor records that is used by the library
@ -1447,7 +1444,7 @@ getdns_context_set_resolution_type(getdns_context *context,
*/
getdns_return_t
getdns_context_set_namespaces(getdns_context *context,
size_t namespace_count, const getdns_namespace_t *namespaces);
size_t namespace_count, getdns_namespace_t *namespaces);
/**
* Specifies what transport are used for DNS lookups. The default is
@ -1516,24 +1513,6 @@ getdns_context_set_dns_transport_list(getdns_context *context,
getdns_return_t
getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout);
/**
* Set the number of milliseconds send data may remain unacknowledged by
* the peer in a TCP connection, if supported by the operation system.
* When not set (the default), the system default is left alone.
*
* @see getdns_context_get_tcp_send_timeout
* @see getdns_context_unset_tcp_send_timeout
* @param context The context to configure
* @param value The number of milliseconds the send data may remain
* unacknowledged by the peer in a TCP connection.
* @return GETDNS_RETURN_GOOD when successful.
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL or the
* value was too high.
*/
getdns_return_t
getdns_context_set_tcp_send_timeout(getdns_context *context,
uint32_t value);
/**
* Limit the number of outstanding DNS queries. When more than limit requests
* are scheduled, they are kept on an internal queue, to be rescheduled when
@ -1599,7 +1578,7 @@ getdns_context_set_follow_redirects(getdns_context *context,
* contains at least two names: address_type (whose value is
* a bindata; it is currently either "IPv4" or "IPv6") and
* address_data (whose value is a bindata).
* This implementation also accepts a list of address
* This implementation also accepts a list of addressxi
* bindatas. Or a list of rr_dicts for address records (i.e.
* the additional section of a NS query for ".", or a with
* getdns_fp2rr_list() converted root.hints file).
@ -1833,11 +1812,9 @@ getdns_context_set_extended_memory_functions(getdns_context *context,
* GETDNS_RESOLUTION_STUB.
* - all_context (a dict) with names for all the other settings in
* context.
* The application is responsible for cleaning up the returned dictionary
* object with getdns_dict_destroy.
*/
getdns_dict*
getdns_context_get_api_information(const getdns_context *context);
getdns_context_get_api_information(getdns_context* context);
/** @}
*/

329
src/getdns/getdns_extra.h.in
View File

@ -36,14 +36,10 @@
#define _GETDNS_EXTRA_H_
#include <getdns/getdns.h>
#include <stdarg.h>
#include <stdio.h>
#if defined(_WIN32)
/* For struct timeval, see getdns_context_get_num_pending_requests */
#include <winsock2.h>
#else
#include <sys/time.h>
#endif
#include <stdio.h>
#include <time.h>
#include <stdarg.h>
#ifdef __cplusplus
extern "C" {
@ -106,15 +102,6 @@ extern "C" {
#define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT "Change related to getdns_context_set_tls_cipher_list"
#define GETDNS_CONTEXT_CODE_TLS_CURVES_LIST 634
#define GETDNS_CONTEXT_CODE_TLS_CURVES_LIST_TEXT "Change related to getdns_context_set_tls_curves_list"
#define GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES 635
#define GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES_TEXT "Change related to getdns_context_set_tls_ciphersuites"
#define GETDNS_CONTEXT_CODE_TLS_MIN_VERSION 636
#define GETDNS_CONTEXT_CODE_TLS_MIN_VERSION_TEXT "Change related to getdns_context_set_tls_min_version"
#define GETDNS_CONTEXT_CODE_TLS_MAX_VERSION 637
#define GETDNS_CONTEXT_CODE_TLS_MAX_VERSION_TEXT "Change related to getdns_context_set_tls_max_version"
#define GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME 638
#define GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME_TEXT "Change related to getdns_context_set_trust_anchors_backoff_time"
/** @}
*/
@ -128,7 +115,6 @@ extern "C" {
#define GETDNS_NUMERIC_VERSION @GETDNS_NUMERIC_VERSION@
#define GETDNS_API_VERSION "@API_VERSION@"
#define GETDNS_API_NUMERIC_VERSION @API_NUMERIC_VERSION@
#define GETDNS_BUILD_CFLAGS "@GETDNS_BUILD_CFLAGS@"
/** @}
*/
@ -366,7 +352,7 @@ struct getdns_eventloop_vmt {
* @return GETDNS_RETURN_INVALID_PARAMETER when context or eventloop were NULL.
*/
getdns_return_t
getdns_context_set_eventloop(getdns_context *context,
getdns_context_set_eventloop(getdns_context* context,
getdns_eventloop *eventloop);
/**
@ -382,7 +368,7 @@ getdns_context_set_eventloop(getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or evenloop were NULL
*/
getdns_return_t
getdns_context_get_eventloop(const getdns_context *context,
getdns_context_get_eventloop(getdns_context* context,
getdns_eventloop **eventloop);
/**
@ -541,18 +527,6 @@ getdns_context_set_tls_query_padding_blocksize(getdns_context *context, uint16_t
getdns_return_t
getdns_context_unset_edns_maximum_udp_payload_size(getdns_context *context);
/**
* Configure context to use the system default setting for the time
* send data may remain unacknowledged by the peer in a TCP connection.
* @see getdns_context_set_tcp_send_timeout
* @see getdns_context_get_tcp_send_timeout
* @param context The context to configure
* @return GETDNS_RETURN_GOOD on success
* @return GETDNS_RETURN_INVALID_PARAMETER if context is null.
*/
getdns_return_t
getdns_context_unset_tcp_send_timeout(getdns_context *context);
typedef enum getdns_loglevel_type {
GETDNS_LOG_EMERG = 0,
@ -574,18 +548,8 @@ typedef enum getdns_loglevel_type {
#define GETDNS_LOG_INFO_TEXT "Informational message"
#define GETDNS_LOG_DEBUG_TEXT "Debug-level message"
#define GETDNS_LOG_UPSTREAM_STATS 0x3000
#define GETDNS_LOG_UPSTREAM_STATS 4096
#define GETDNS_LOG_UPSTREAM_STATS_TEXT "Log messages about upstream statistics"
#define GETDNS_LOG_SYS_STUB 0x2000
#define GETDNS_LOG_SYS_STUB_TEXT "Log messages about stub resolving"
#define GETDNS_LOG_SYS_RECURSING 0x4000
#define GETDNS_LOG_SYS_RECURSING_TEXT "Log messages about recursive resolving"
#define GETDNS_LOG_SYS_RESOLVING 0x6000
#define GETDNS_LOG_SYS_RESOLVING_TEXT "Log messages about resolving"
#define GETDNS_LOG_SYS_ANCHOR 0x8000
#define GETDNS_LOG_SYS_ANCHOR_TEXT "Log messages about fetching trust anchors"
typedef void (*getdns_logfunc_type) (void *userarg, uint64_t log_systems,
getdns_loglevel_type, const char *, va_list ap);
@ -730,22 +694,6 @@ getdns_return_t
getdns_context_set_trust_anchors_verify_email(
getdns_context *context, const char *verify_email);
/**
* Configure the amount of milliseconds the trust anchors should not be tried
* to be fetched after failure. Default is 2500 which is two and a half seconds.
* Setting the trust anchors backoff time will cause fetching to be retried
* immediatly.
* @see getdns_context_get_trust_anchors_backoff_time
* @param context The context to configure
* @param value Number of milliseconds before fetch trust anchors
* will be retried.
* @return GETDNS_RETURN_GOOD on success
* @return GETDNS_RETURN_INVALID_PARAMETER if context is null.
*/
getdns_return_t
getdns_context_set_trust_anchors_backoff_time(
getdns_context *context, uint64_t value);
/**
* Initialized the context's upstream recursive servers and suffixes
* with the values from the given resolv.conf file.
@ -807,18 +755,6 @@ getdns_return_t
getdns_context_set_tls_cipher_list(
getdns_context *context, const char *cipher_list);
/**
* Configure the available TLS1.3 ciphersuites for authenticated TLS upstreams.
* @see getdns_context_get_tls_ciphersuites
* @param[in] context The context to configure
* @param[in] ciphersuites The cipher list
* @return GETDNS_RETURN_GOOD when successful
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
*/
getdns_return_t
getdns_context_set_tls_ciphersuites(
getdns_context *context, const char *ciphersuites);
/**
* Sets the supported curves TLS upstreams.
* @see getdns_context_get_tls_curves_list
@ -832,80 +768,6 @@ getdns_return_t
getdns_context_set_tls_curves_list(
getdns_context *context, const char *curves_list);
typedef enum getdns_tls_version_t {
GETDNS_SSL3 = 1400,
GETDNS_TLS1 = 1401,
GETDNS_TLS1_1 = 1402,
GETDNS_TLS1_2 = 1403,
GETDNS_TLS1_3 = 1404
} getdns_tls_version_t;
#define GETDNS_SSL3_TEXT "See getdns_context_(set|get)_tls_(min|max)_version()"
#define GETDNS_TLS1_TEXT "See getdns_context_(set|get)_tls_(min|max)_version()"
#define GETDNS_TLS1_1_TEXT "See getdns_context_(set|get)_tls_(min|max)_version()"
#define GETDNS_TLS1_2_TEXT "See getdns_context_(set|get)_tls_(min|max)_version()"
#define GETDNS_TLS1_3_TEXT "See getdns_context_(set|get)_tls_(min|max)_version()"
/**
* Configure context for minimum supported TLS version.
* @see getdns_context_set_tls_max_version
* @see getdns_context_get_tls_min_version
* @param context The context to configure
* @param min_version is one of GETDNS_SSL3, GETDNS_TLS1, GETDNS_TLS1_1,
* GETDNS_TLS1_2, GETDNS_TLS1_3
* @return GETDNS_RETURN_GOOD on success
* @return GETDNS_RETURN_INVALID_PARAMETER if context is null or value has an
* invalid value.
*/
getdns_return_t
getdns_context_set_tls_min_version(
getdns_context *context, getdns_tls_version_t min_version);
/**
* Get configured minimum supported TLS version.
* @see getdns_context_get_tls_max_version
* @see getdns_context_set_tls_min_version
* @param context The context to configure
* @param min_version is one of GETDNS_SSL3, GETDNS_TLS1, GETDNS_TLS1_1,
* GETDNS_TLS1_2, GETDNS_TLS1_3
* @return GETDNS_RETURN_GOOD on success
* @return GETDNS_RETURN_INVALID_PARAMETER if context is null or value has an
* invalid value.
*/
getdns_return_t
getdns_context_get_tls_min_version(
const getdns_context *context, getdns_tls_version_t *min_version);
/**
* Configure context for maximum supported TLS version.
* @see getdns_context_set_tls_min_version
* @see getdns_context_get_tls_max_version
* @param context The context to configure
* @param max_version is one of GETDNS_SSL3, GETDNS_TLS1, GETDNS_TLS1_1,
* GETDNS_TLS1_2, GETDNS_TLS1_3
* @return GETDNS_RETURN_GOOD on success
* @return GETDNS_RETURN_INVALID_PARAMETER if context is null or value has an
* invalid value.
*/
getdns_return_t
getdns_context_set_tls_max_version(
getdns_context *context, getdns_tls_version_t max_version);
/**
* Get configured maximum supported TLS version.
* @see getdns_context_get_tls_min_version
* @see getdns_context_set_tls_max_version
* @param context The context to configure
* @param max_version is one of GETDNS_SSL3, GETDNS_TLS1, GETDNS_TLS1_1,
* GETDNS_TLS1_2, GETDNS_TLS1_3
* @return GETDNS_RETURN_GOOD on success
* @return GETDNS_RETURN_INVALID_PARAMETER if context is null or value has an
* invalid value.
*/
getdns_return_t
getdns_context_get_tls_max_version(
const getdns_context *context, getdns_tls_version_t *max_version);
/**
* Get the current resolution type setting from this context.
* @see getdns_context_set_resolution_type
@ -917,8 +779,8 @@ getdns_context_get_tls_max_version(
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_resolution_type(const getdns_context *context,
getdns_resolution_t *value);
getdns_context_get_resolution_type(getdns_context *context,
getdns_resolution_t* value);
/**
* Get a copy of the namespaces list setting from this context.
@ -932,8 +794,8 @@ getdns_context_get_resolution_type(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
*/
getdns_return_t
getdns_context_get_namespaces(const getdns_context *context,
size_t *namespace_count, getdns_namespace_t **namespaces);
getdns_context_get_namespaces(getdns_context *context,
size_t* namespace_count, getdns_namespace_t **namespaces);
/**
* Get what transports are used for DNS lookups.
@ -946,8 +808,8 @@ getdns_context_get_namespaces(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
*/
getdns_return_t
getdns_context_get_dns_transport(const getdns_context *context,
getdns_transport_t *value);
getdns_context_get_dns_transport(getdns_context *context,
getdns_transport_t* value);
/**
* Get a copy of the transports list setting from this context.
@ -962,8 +824,8 @@ getdns_context_get_dns_transport(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
*/
getdns_return_t
getdns_context_get_dns_transport_list(const getdns_context *context,
size_t *transport_count, getdns_transport_list_t **transports);
getdns_context_get_dns_transport_list(getdns_context *context,
size_t* transport_count, getdns_transport_list_t **transports);
/**
* Get the current limit for outstanding queries setting from this context.
@ -974,8 +836,8 @@ getdns_context_get_dns_transport_list(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or limit was NULL.
*/
getdns_return_t
getdns_context_get_limit_outstanding_queries(const getdns_context *context,
uint16_t *limit);
getdns_context_get_limit_outstanding_queries(getdns_context *context,
uint16_t* limit);
/**
* Get the current number of milliseconds the API will wait for request
@ -988,7 +850,7 @@ getdns_context_get_limit_outstanding_queries(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or limit was NULL.
*/
getdns_return_t
getdns_context_get_timeout(const getdns_context *context, uint64_t *timeout);
getdns_context_get_timeout(getdns_context *context, uint64_t* timeout);
/**
* Get the current number of milliseconds the API will leave an idle TCP or TLS
@ -1002,24 +864,7 @@ getdns_context_get_timeout(const getdns_context *context, uint64_t *timeout);
* @return GETDNS_RETURN_INVALID_PARAMETER when context or timeout was NULL.
*/
getdns_return_t
getdns_context_get_idle_timeout(
const getdns_context *context, uint64_t *timeout);
/**
* Get the number of milliseconds send data may remain unacknowledged by
* the peer in a TCP connection setting from context.
* @see getdns_context_set_tcp_send_timeout
* @see getdns_context_unset_tcp_send_timeout
* @param[in] context The context from which to get the setting
* @param[out] value The number of milliseconds the send data may remain
* unacknowledged by the peer in a TCP connection.
* When the value is unset, 0 is returned.
* @return GETDNS_RETURN_GOOD when successful
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_tcp_send_timeout(const getdns_context *context,
uint32_t *value);
getdns_context_get_idle_timeout(getdns_context *context, uint64_t* timeout);
/**
* Get the setting that says whether or not DNS queries follow redirects.
@ -1031,8 +876,8 @@ getdns_context_get_tcp_send_timeout(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_follow_redirects(const getdns_context *context,
getdns_redirects_t *value);
getdns_context_get_follow_redirects(getdns_context *context,
getdns_redirects_t* value);
/**
* Get a copy of the list of addresses in use for looking up top-level domains
@ -1049,7 +894,7 @@ getdns_context_get_follow_redirects(const getdns_context *context,
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
*/
getdns_return_t
getdns_context_get_dns_root_servers(const getdns_context *context,
getdns_context_get_dns_root_servers(getdns_context *context,
getdns_list **addresses);
/**
@ -1067,8 +912,8 @@ getdns_context_get_dns_root_servers(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_append_name(const getdns_context *context,
getdns_append_name_t *value);
getdns_context_get_append_name(getdns_context *context,
getdns_append_name_t* value);
/**
* Get a copy of the list of suffixes to be appended based on the value off the
@ -1084,7 +929,7 @@ getdns_context_get_append_name(const getdns_context *context,
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
*/
getdns_return_t
getdns_context_get_suffix(const getdns_context *context, getdns_list **value);
getdns_context_get_suffix(getdns_context *context, getdns_list **value);
/**
* Get a copy of the list of DNSSEC trust anchors in use by context.
@ -1099,7 +944,7 @@ getdns_context_get_suffix(const getdns_context *context, getdns_list **value);
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
*/
getdns_return_t
getdns_context_get_dnssec_trust_anchors(const getdns_context *context,
getdns_context_get_dnssec_trust_anchors(getdns_context *context,
getdns_list **value);
/**
@ -1113,8 +958,8 @@ getdns_context_get_dnssec_trust_anchors(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_dnssec_allowed_skew(const getdns_context *context,
uint32_t *value);
getdns_context_get_dnssec_allowed_skew(getdns_context *context,
uint32_t* value);
/**
* Get a copy of the list of upstream that will be targeted in stub resolution
@ -1130,7 +975,7 @@ getdns_context_get_dnssec_allowed_skew(const getdns_context *context,
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
*/
getdns_return_t
getdns_context_get_upstream_recursive_servers(const getdns_context *context,
getdns_context_get_upstream_recursive_servers(getdns_context *context,
getdns_list **upstream_list);
/**
@ -1145,8 +990,8 @@ getdns_context_get_upstream_recursive_servers(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_edns_maximum_udp_payload_size(const getdns_context *context,
uint16_t *value);
getdns_context_get_edns_maximum_udp_payload_size(getdns_context *context,
uint16_t* value);
/**
* Get the rcode advertised in an EDNS0 OPT record setting from context
@ -1157,8 +1002,8 @@ getdns_context_get_edns_maximum_udp_payload_size(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_edns_extended_rcode(const getdns_context *context,
uint8_t *value);
getdns_context_get_edns_extended_rcode(getdns_context *context,
uint8_t* value);
/**
* Get the version advertised in an EDNS0 OPT record setting from context
@ -1169,7 +1014,7 @@ getdns_context_get_edns_extended_rcode(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_edns_version(const getdns_context *context, uint8_t *value);
getdns_context_get_edns_version(getdns_context *context, uint8_t* value);
/**
* Get the DO bit advertised in an EDNS0 OPT record setting from context
@ -1181,7 +1026,7 @@ getdns_context_get_edns_version(const getdns_context *context, uint8_t *value);
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_edns_do_bit(const getdns_context *context, uint8_t *value);
getdns_context_get_edns_do_bit(getdns_context *context, uint8_t* value);
/**
* Get whether queries with this context will have the EDNS Client Subnet
@ -1194,8 +1039,7 @@ getdns_context_get_edns_do_bit(const getdns_context *context, uint8_t *value);
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_edns_client_subnet_private(const getdns_context *context,
uint8_t *value);
getdns_context_get_edns_client_subnet_private(getdns_context *context, uint8_t* value);
/**
* Get the blocksize that will be used to pad outgoing queries over TLS.
@ -1207,8 +1051,7 @@ getdns_context_get_edns_client_subnet_private(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_tls_query_padding_blocksize(
const getdns_context *context, uint16_t *value);
getdns_context_get_tls_query_padding_blocksize(getdns_context *context, uint16_t* value);
/**
* Get whether the upstream needs to be authenticated with DNS over TLS.
@ -1226,8 +1069,8 @@ getdns_context_get_tls_query_padding_blocksize(
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_tls_authentication(const getdns_context *context,
getdns_tls_authentication_t *value);
getdns_context_get_tls_authentication(getdns_context *context,
getdns_tls_authentication_t* value);
/**
* Get whether the context is configured to round robin queries over the available
@ -1239,8 +1082,8 @@ getdns_context_get_tls_authentication(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_round_robin_upstreams(const getdns_context *context,
uint8_t *value);
getdns_context_get_round_robin_upstreams(getdns_context *context,
uint8_t* value);
/**
* Get the amount of seconds a TLS connection should not be tried with
@ -1254,8 +1097,8 @@ getdns_context_get_round_robin_upstreams(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_tls_backoff_time(const getdns_context *context,
uint16_t *value);
getdns_context_get_tls_backoff_time(getdns_context *context,
uint16_t* value);
/**
* Get the number of times getdns retries to setup DNS over TLS with a
@ -1269,8 +1112,8 @@ getdns_context_get_tls_backoff_time(const getdns_context *context,
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
*/
getdns_return_t
getdns_context_get_tls_connection_retries(const getdns_context *context,
uint16_t *value);
getdns_context_get_tls_connection_retries(getdns_context *context,
uint16_t* value);
/**
* Get the currently registered callback function and user defined argument
@ -1287,8 +1130,7 @@ getdns_context_get_tls_connection_retries(const getdns_context *context,
* @return GETDNS_RETURN_GOOD on success or an error code on failure.
*/
getdns_return_t
getdns_context_get_update_callback(const getdns_context *context,
void **userarg,
getdns_context_get_update_callback(getdns_context *context, void **userarg,
void (**value) (getdns_context *, getdns_context_code_t, void *));
@ -1342,7 +1184,7 @@ getdns_context_get_update_callback(const getdns_context *context,
*/
getdns_return_t
getdns_context_get_trust_anchors_url(
const getdns_context *context, const char **url);
getdns_context *context, const char **url);
/**
* Gets the public certificate for the Certificate Authority with which to
@ -1361,7 +1203,7 @@ getdns_context_get_trust_anchors_url(
*/
getdns_return_t
getdns_context_get_trust_anchors_verify_CA(
const getdns_context *context, const char **verify_CA);
getdns_context *context, const char **verify_CA);
/**
* Gets the email address for the Subject of the signer's certificate from the
@ -1378,21 +1220,7 @@ getdns_context_get_trust_anchors_verify_CA(
*/
getdns_return_t
getdns_context_get_trust_anchors_verify_email(
const getdns_context *context, const char **verify_email);
/**
* Get the amount of milliseconds the trust anchors will not be tried to be
* fetched after failure.
* @see getdns_context_set_trust_anchors_backoff_time
* @param context The context to configure
* @param value Number of milliseconds before fetch trust anchors
* will be retried.
* @return GETDNS_RETURN_GOOD on success
* @return GETDNS_RETURN_INVALID_PARAMETER if context is null.
*/
getdns_return_t
getdns_context_get_trust_anchors_backoff_time(
const getdns_context *context, uint64_t *value);
getdns_context *context, const char **verify_email);
/**
* Get the value with which the context's upstream recursive servers
@ -1405,8 +1233,7 @@ getdns_context_get_trust_anchors_backoff_time(
* @return GETDNS_RETURN_GOOD when successful and error code otherwise.
*/
getdns_return_t
getdns_context_get_resolvconf(
const getdns_context *context, const char **resolvconf);
getdns_context_get_resolvconf(getdns_context *context, const char **resolvconf);
/**
* Get the value with which the context's GETDNS_NAMESPACE_LOCALNAMES namespace
@ -1419,8 +1246,7 @@ getdns_context_get_resolvconf(
* @return GETDNS_RETURN_GOOD when successful and error code otherwise.
*/
getdns_return_t
getdns_context_get_hosts(
const getdns_context *context, const char **hosts);
getdns_context_get_hosts(getdns_context *context, const char **hosts);
/**
* Get the location of the directory for CA certificates for verification
@ -1434,8 +1260,7 @@ getdns_context_get_hosts(
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
*/
getdns_return_t
getdns_context_get_tls_ca_path(
const getdns_context *context, const char **tls_ca_path);
getdns_context_get_tls_ca_path(getdns_context *context, const char **tls_ca_path);
/**
* Get the file location with CA certificates for verification purposes.
@ -1448,8 +1273,7 @@ getdns_context_get_tls_ca_path(
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
*/
getdns_return_t
getdns_context_get_tls_ca_file(
const getdns_context *context, const char **tls_ca_file);
getdns_context_get_tls_ca_file(getdns_context *context, const char **tls_ca_file);
/**
* Get the list of available ciphers for authenticated TLS upstreams.
@ -1461,20 +1285,7 @@ getdns_context_get_tls_ca_file(
*/
getdns_return_t
getdns_context_get_tls_cipher_list(
const getdns_context *context, const char **cipher_list);
/**
* Get the configured available TLS1.3 ciphersuited for authenticated TLS
* upstreams.
* @see getdns_context_set_tls_ciphersuites
* @param[in] context The context configure
* @param[out] ciphersuites The cipher list
* @return GETDNS_RETURN_GOOD when successful
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
*/
getdns_return_t
getdns_context_get_tls_ciphersuites(
const getdns_context *context, const char **ciphersuites);
getdns_context *context, const char **cipher_list);
/**
* Get the supported curves list if one has been set earlier.
@ -1489,7 +1300,7 @@ getdns_context_get_tls_ciphersuites(
*/
getdns_return_t
getdns_context_get_tls_curves_list(
const getdns_context *context, const char **curves_list);
getdns_context *context, const char **curves_list);
/** @}
*/
@ -1577,8 +1388,7 @@ const char *getdns_get_errorstr_by_id(uint16_t err);
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
*/
getdns_return_t
getdns_dict_util_set_string(
getdns_dict *dict, const char *name, const char *value);
getdns_dict_util_set_string(getdns_dict *dict, char *name, const char *value);
/**
* Get the string associated with the speicifed name. The string should not
@ -1591,8 +1401,7 @@ getdns_dict_util_set_string(
* @return GETDNS_RETURN_NO_SUCH_DICT_NAME if dict is invalid or name does not exist
*/
getdns_return_t
getdns_dict_util_get_string(
const getdns_dict * dict, const char *name, char **result);
getdns_dict_util_get_string(getdns_dict * dict, char *name, char **result);
/** @}
*/
@ -1633,9 +1442,9 @@ getdns_dict_util_get_string(
* return code.
*/
getdns_return_t
getdns_validate_dnssec2(const getdns_list *to_validate,
const getdns_list *support_records,
const getdns_list *trust_anchors,
getdns_validate_dnssec2(getdns_list *to_validate,
getdns_list *support_records,
getdns_list *trust_anchors,
time_t validation_time, uint32_t skew);
@ -1678,9 +1487,9 @@ getdns_validate_dnssec2(const getdns_list *to_validate,
* @param str the pinning string to parse
* @return a dict created from ctx, or NULL if the string did not match.
*/
getdns_dict *getdns_pubkey_pin_create_from_string(
const getdns_context *context,
const char *str);
getdns_dict* getdns_pubkey_pin_create_from_string(
getdns_context* context,
const char* str);
/**
@ -1697,8 +1506,8 @@ getdns_dict *getdns_pubkey_pin_create_from_string(
* @return GETDNS_RETURN_GOOD if the pinset passes the sanity check.
*/
getdns_return_t getdns_pubkey_pinset_sanity_check(
const getdns_list *pinset,
getdns_list *errorlist);
const getdns_list* pinset,
getdns_list* errorlist);
/** @}
*/
@ -2346,7 +2155,7 @@ getdns_context_set_listen_addresses(
*/
getdns_return_t
getdns_reply(getdns_context *context,
const getdns_dict *reply, getdns_transaction_t request_id);
getdns_dict *reply, getdns_transaction_t request_id);
/** @}
@ -2370,7 +2179,7 @@ getdns_return_t getdns_strerror(getdns_return_t err, char *buf, size_t buflen);
* WARNING! Do not use this function. This function will be removed in
* future versions of getdns.
*/
getdns_return_t getdns_context_process_async(getdns_context *context);
getdns_return_t getdns_context_process_async(getdns_context* context);
/**
* Return the number of pending requests and the point of time of the next
@ -2378,8 +2187,8 @@ getdns_return_t getdns_context_process_async(getdns_context *context);
* WARNING! Do not use this function. This function will be removed in
* future versions of getdns.
*/
uint32_t getdns_context_get_num_pending_requests(const getdns_context *context,
struct timeval *next_timeout);
uint32_t getdns_context_get_num_pending_requests(getdns_context* context,
struct timeval* next_timeout);
/**
* Detach the eventloop from the context. Resets the context with the default
@ -2404,7 +2213,7 @@ getdns_context_detach_eventloop(getdns_context *context);
* @return GETDNS_RETURN_GOOD on success
* @return GETDNS_RETURN_INVALID_PARAMETER if context is NULL
*/
getdns_return_t getdns_context_set_use_threads(getdns_context *context,
getdns_return_t getdns_context_set_use_threads(getdns_context* context,
int use_threads);
/** @}

2
src/gldns/compare.sh
View File

@ -3,7 +3,7 @@
# Meant to be run from this directory
rm -fr gldns
mkdir gldns
svn co https://github.com/NLnetLabs/unbound/trunk/sldns/
svn co http://unbound.net/svn/trunk/sldns/
mv gbuffer.h sbuffer.h
mv gbuffer.c sbuffer.c
for f in sldns/*.[ch]

3
src/gldns/gbuffer.c
View File

@ -14,7 +14,6 @@
#include "config.h"
#include "gldns/gbuffer.h"
#include <stdarg.h>
#include <stdlib.h>
gldns_buffer *
gldns_buffer_new(size_t capacity)
@ -107,8 +106,6 @@ int
gldns_buffer_reserve(gldns_buffer *buffer, size_t amount)
{
gldns_buffer_invariant(buffer);
if (buffer->_vfixed)
return 1;
assert(!buffer->_fixed);
if (buffer->_capacity < buffer->_position + amount) {
size_t new_capacity = buffer->_capacity * 3 / 2;

13
src/gldns/gbuffer.h
View File

@ -13,12 +13,6 @@
#ifndef GLDNS_SBUFFER_H
#define GLDNS_SBUFFER_H
#include <stdint.h>
#if defined(_MSC_VER)
#include <BaseTsd.h>
typedef SSIZE_T ssize_t;
#endif
#ifdef __cplusplus
extern "C" {
#endif
@ -136,7 +130,7 @@ struct gldns_buffer
/** If the buffer is fixed it cannot be resized */
unsigned _fixed : 1;
/** If the buffer is vfixed, no more than capacity bytes will be
/** If the buffer is vfixed, no more than capacity bytes willl be
* written to _data, however the _position counter will be updated
* with the amount that would have been written in consecutive
* writes. This allows for a modus operandi in which a sequence is
@ -166,7 +160,7 @@ gldns_buffer_invariant(gldns_buffer *buffer)
assert(buffer != NULL);
assert(buffer->_position <= buffer->_limit || buffer->_vfixed);
assert(buffer->_limit <= buffer->_capacity);
assert(buffer->_data != NULL || (buffer->_vfixed && buffer->_capacity == 0 && buffer->_limit == 0));
assert(buffer->_data != NULL || (buffer->_vfixed && buffer->_capacity == 0));
}
#endif
@ -232,6 +226,7 @@ INLINE void gldns_buffer_clear(gldns_buffer *buffer)
* the position is set to 0.
*
* \param[in] buffer the buffer to flip
* \return void
*/
INLINE void gldns_buffer_flip(gldns_buffer *buffer)
{
@ -781,6 +776,7 @@ int gldns_buffer_printf(gldns_buffer *buffer, const char *format, ...)
/**
* frees the buffer.
* \param[in] *buffer the buffer to be freed
* \return void
*/
void gldns_buffer_free(gldns_buffer *buffer);
@ -788,6 +784,7 @@ void gldns_buffer_free(gldns_buffer *buffer);
* Makes the buffer fixed and returns a pointer to the data. The
* caller is responsible for free'ing the result.
* \param[in] *buffer the buffer to be exported
* \return void
*/
void *gldns_buffer_export(gldns_buffer *buffer);

13
src/gldns/import.sh
View File

@ -16,5 +16,16 @@ then
mv sbuffer.h gbuffer.h
mv sbuffer.c gbuffer.c
else
echo Run compare first
svn co http://unbound.net/svn/trunk/ldns/
for f in ldns/*.[ch]
do
sed -e 's/sldns_/gldns_/g' \
-e 's/LDNS_/GLDNS_/g' \
-e 's/include "sldns/include "gldns/g' \
-e 's/<sldns\/rrdef\.h>/<gldns\/rrdef.h>/g' \
-e 's/sbuffer\.h/gbuffer.h/g' $f > ${f#ldns/}
done
mv sbuffer.h gbuffer.h
mv sbuffer.c gbuffer.c
rm -r ldns
fi

337
src/gldns/keyraw.c
View File

@ -14,6 +14,26 @@
#include "gldns/keyraw.h"
#include "gldns/rrdef.h"
#ifdef HAVE_SSL
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/md5.h>
#ifdef HAVE_OPENSSL_ENGINE_H
# include <openssl/engine.h>
#endif
#ifdef HAVE_OPENSSL_BN_H
#include <openssl/bn.h>
#endif
#ifdef HAVE_OPENSSL_RSA_H
#include <openssl/rsa.h>
#endif
#ifdef HAVE_OPENSSL_DSA_H
#include <openssl/dsa.h>
#endif
#endif /* HAVE_SSL */
size_t
gldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
const size_t len, int alg)
@ -69,14 +89,6 @@ gldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
return 256;
case GLDNS_ECDSAP384SHA384:
return 384;
#endif
#ifdef USE_ED25519
case GLDNS_ED25519:
return 256;
#endif
#ifdef USE_ED448
case GLDNS_ED448:
return 456;
#endif
default:
return 0;
@ -106,3 +118,312 @@ uint16_t gldns_calc_keytag_raw(const uint8_t* key, size_t keysize)
return (uint16_t) (ac32 & 0xFFFF);
}
}
#ifdef HAVE_SSL
#ifdef USE_GOST
/** store GOST engine reference loaded into OpenSSL library */
ENGINE* gldns_gost_engine = NULL;
int
gldns_key_EVP_load_gost_id(void)
{
static int gost_id = 0;
const EVP_PKEY_ASN1_METHOD* meth;
ENGINE* e;
if(gost_id) return gost_id;
/* see if configuration loaded gost implementation from other engine*/
meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1);
if(meth) {
EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
return gost_id;
}
/* see if engine can be loaded already */
e = ENGINE_by_id("gost");
if(!e) {
/* load it ourself, in case statically linked */
ENGINE_load_builtin_engines();
ENGINE_load_dynamic();
e = ENGINE_by_id("gost");
}
if(!e) {
/* no gost engine in openssl */
return 0;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
ENGINE_finish(e);
ENGINE_free(e);
return 0;
}
meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1);
if(!meth) {
/* algo not found */
ENGINE_finish(e);
ENGINE_free(e);
return 0;
}
/* Note: do not ENGINE_finish and ENGINE_free the acquired engine
* on some platforms this frees up the meth and unloads gost stuff */
gldns_gost_engine = e;
EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
return gost_id;
}
void gldns_key_EVP_unload_gost(void)
{
if(gldns_gost_engine) {
ENGINE_finish(gldns_gost_engine);
ENGINE_free(gldns_gost_engine);
gldns_gost_engine = NULL;
}
}
#endif /* USE_GOST */
DSA *
gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
{
uint8_t T;
uint16_t length;
uint16_t offset;
DSA *dsa;
BIGNUM *Q; BIGNUM *P;
BIGNUM *G; BIGNUM *Y;
if(len == 0)
return NULL;
T = (uint8_t)key[0];
length = (64 + T * 8);
offset = 1;
if (T > 8) {
return NULL;
}
if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length)
return NULL;
Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
offset += SHA_DIGEST_LENGTH;
P = BN_bin2bn(key+offset, (int)length, NULL);
offset += length;
G = BN_bin2bn(key+offset, (int)length, NULL);
offset += length;
Y = BN_bin2bn(key+offset, (int)length, NULL);
/* create the key and set its properties */
if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
BN_free(Q);
BN_free(P);
BN_free(G);
BN_free(Y);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#ifndef S_SPLINT_S
dsa->p = P;
dsa->q = Q;
dsa->g = G;
dsa->pub_key = Y;
#endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!DSA_set0_pqg(dsa, P, Q, G)) {
/* QPG not yet attached, need to free */
BN_free(Q);
BN_free(P);
BN_free(G);
DSA_free(dsa);
BN_free(Y);
return NULL;
}
if (!DSA_set0_key(dsa, Y, NULL)) {
/* QPG attached, cleaned up by DSA_fre() */
DSA_free(dsa);
BN_free(Y);
return NULL;
}
#endif
return dsa;
}
RSA *
gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
{
uint16_t offset;
uint16_t exp;
uint16_t int16;
RSA *rsa;
BIGNUM *modulus;
BIGNUM *exponent;
if (len == 0)
return NULL;
if (key[0] == 0) {
if(len < 3)
return NULL;
memmove(&int16, key+1, 2);
exp = ntohs(int16);
offset = 3;
} else {
exp = key[0];
offset = 1;
}
/* key length at least one */
if(len < (size_t)offset + exp + 1)
return NULL;
/* Exponent */
exponent = BN_new();
if(!exponent) return NULL;
(void) BN_bin2bn(key+offset, (int)exp, exponent);
offset += exp;
/* Modulus */
modulus = BN_new();
if(!modulus) {
BN_free(exponent);
return NULL;
}
/* length of the buffer must match the key length! */
(void) BN_bin2bn(key+offset, (int)(len - offset), modulus);
rsa = RSA_new();
if(!rsa) {
BN_free(exponent);
BN_free(modulus);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#ifndef S_SPLINT_S
rsa->n = modulus;
rsa->e = exponent;
#endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
BN_free(exponent);
BN_free(modulus);
RSA_free(rsa);
return NULL;
}
#endif
return rsa;
}
#ifdef USE_GOST
EVP_PKEY*
gldns_gost2pkey_raw(unsigned char* key, size_t keylen)
{
/* prefix header for X509 encoding */
uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85,
0x03, 0x02, 0x02, 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85,
0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07, 0x2a, 0x85, 0x03,
0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40};
unsigned char encoded[37+64];
const unsigned char* pp;
if(keylen != 64) {
/* key wrong size */
return NULL;
}
/* create evp_key */
memmove(encoded, asn, 37);
memmove(encoded+37, key, 64);
pp = (unsigned char*)&encoded[0];
return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded));
}
#endif /* USE_GOST */
#ifdef USE_ECDSA
EVP_PKEY*
gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
{
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
const unsigned char* pp = buf;
EVP_PKEY *evp_key;
EC_KEY *ec;
/* check length, which uncompressed must be 2 bignums */
if(algo == GLDNS_ECDSAP256SHA256) {
if(keylen != 2*256/8) return NULL;
ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
} else if(algo == GLDNS_ECDSAP384SHA384) {
if(keylen != 2*384/8) return NULL;
ec = EC_KEY_new_by_curve_name(NID_secp384r1);
} else ec = NULL;
if(!ec) return NULL;
if(keylen+1 > sizeof(buf)) { /* sanity check */
EC_KEY_free(ec);
return NULL;
}
/* prepend the 0x02 (from docs) (or actually 0x04 from implementation
* of openssl) for uncompressed data */
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
memmove(buf+1, key, keylen);
if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) {
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
return evp_key;
}
#endif /* USE_ECDSA */
#ifdef USE_ED25519
EVP_PKEY*
gldns_ed255192pkey_raw(const unsigned char* key, size_t keylen)
{
/* ASN1 for ED25519 is 302a300506032b6570032100 <32byteskey> */
uint8_t pre[] = {0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x70, 0x03, 0x21, 0x00};
int pre_len = 12;
uint8_t buf[256];
EVP_PKEY *evp_key;
/* pp gets modified by d2i() */
const unsigned char* pp = (unsigned char*)buf;
if(keylen != 32 || keylen + pre_len > sizeof(buf))
return NULL; /* wrong length */
memmove(buf, pre, pre_len);
memmove(buf+pre_len, key, keylen);
evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
return evp_key;
}
#endif /* USE_ED25519 */
int
gldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
const EVP_MD* md)
{
EVP_MD_CTX* ctx;
ctx = EVP_MD_CTX_create();
if(!ctx)
return 0;
if(!EVP_DigestInit_ex(ctx, md, NULL) ||
!EVP_DigestUpdate(ctx, data, len) ||
!EVP_DigestFinal_ex(ctx, dest, NULL)) {
EVP_MD_CTX_destroy(ctx);
return 0;
}
EVP_MD_CTX_destroy(ctx);
return 1;
}
#endif /* HAVE_SSL */

74
src/gldns/keyraw.h
View File

@ -20,11 +20,13 @@
#ifndef GLDNS_KEYRAW_H
#define GLDNS_KEYRAW_H
#include "keyraw-internal.h"
#ifdef __cplusplus
extern "C" {
#endif
#if GLDNS_BUILD_CONFIG_HAVE_SSL
# include <openssl/ssl.h>
# include <openssl/evp.h>
#endif /* GLDNS_BUILD_CONFIG_HAVE_SSL */
/**
* get the length of the keydata in bits
@ -44,6 +46,74 @@ size_t gldns_rr_dnskey_key_size_raw(const unsigned char *keydata,
*/
uint16_t gldns_calc_keytag_raw(const uint8_t* key, size_t keysize);
#if GLDNS_BUILD_CONFIG_HAVE_SSL
/**
* Get the PKEY id for GOST, loads GOST into openssl as a side effect.
* Only available if GOST is compiled into the library and openssl.
* \return the gost id for EVP_CTX creation.
*/
int gldns_key_EVP_load_gost_id(void);
/** Release the engine reference held for the GOST engine. */
void gldns_key_EVP_unload_gost(void);
/**
* Like gldns_key_buf2dsa, but uses raw buffer.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return a DSA * structure with the key material
*/
DSA *gldns_key_buf2dsa_raw(unsigned char* key, size_t len);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
* Only available if ldns was compiled with GOST.
* \param[in] key data to convert
* \param[in] keylen length of the key data
* \return the key or NULL on error.
*/
EVP_PKEY* gldns_gost2pkey_raw(unsigned char* key, size_t keylen);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
* Only available if ldns was compiled with ECDSA.
* \param[in] key data to convert
* \param[in] keylen length of the key data
* \param[in] algo precise algorithm to initialize ECC group values.
* \return the key or NULL on error.
*/
EVP_PKEY* gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
/**
* Like gldns_key_buf2rsa, but uses raw buffer.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return a RSA * structure with the key material
*/
RSA *gldns_key_buf2rsa_raw(unsigned char* key, size_t len);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
* Only available if ldns was compiled with ED25519.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return the key or NULL on error.
*/
EVP_PKEY* gldns_ed255192pkey_raw(const unsigned char* key, size_t len);
/**
* Utility function to calculate hash using generic EVP_MD pointer.
* \param[in] data the data to hash.
* \param[in] len length of data.
* \param[out] dest the destination of the hash, must be large enough.
* \param[in] md the message digest to use.
* \return true if worked, false on failure.
*/
int gldns_digest_evp(unsigned char* data, unsigned int len,
unsigned char* dest, const EVP_MD* md);
#endif /* GLDNS_BUILD_CONFIG_HAVE_SSL */
#ifdef __cplusplus
}
#endif

69
src/gldns/parse.c
View File

@ -34,7 +34,7 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
{
int c, prev_c;
int p; /* 0 -> no parentheses seen, >0 nr of ( seen */
int com, quoted, only_blank;
int com, quoted;
char *t;
size_t i;
const char *d;
@ -53,7 +53,6 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
com = 0;
quoted = 0;
prev_c = 0;
only_blank = 1; /* Assume we got only <blank> until now */
t = token;
if (del[0] == '"') {
quoted = 1;
@ -102,22 +101,6 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
if (line_nr) {
*line_nr = *line_nr + 1;
}
if (only_blank && i > 0) {
/* Got only <blank> so far. Reset and try
* again with the next line.
*/
i = 0;
t = token;
}
if (p == 0) {
/* If p != 0 then the next line is a continuation. So
* we assume that the next line starts with a blank only
* if it is actually a new line.
*/
only_blank = 1; /* Assume next line starts with
* <blank>.
*/
}
if (p == 0 && i > 0) {
goto tokenread;
} else {
@ -137,7 +120,7 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
if (line_nr) {
*line_nr = *line_nr + 1;
}
if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
*t = '\0';
return -1;
}
@ -148,49 +131,23 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
/* check if we hit the delim */
for (d = del; *d; d++) {
if (c == *d)
break;
}
if (c == *d && i > 0 && prev_c != '\\' && p == 0) {
if (c == '\n' && line_nr) {
*line_nr = *line_nr + 1;
if (c == *d && i > 0 && prev_c != '\\' && p == 0) {
if (c == '\n' && line_nr) {
*line_nr = *line_nr + 1;
}
goto tokenread;
}
if (only_blank) {
/* Got only <blank> so far. Reset and
* try again with the next line.
*/
i = 0;
t = token;
only_blank = 1;
prev_c = c;
continue;
}
goto tokenread;
}
if (c != ' ' && c != '\t') {
/* Found something that is not <blank> */
only_blank= 0;
}
if (c != '\0' && c != '\n') {
i++;
}
/* is there space for the character and the zero after it */
if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
*t = '\0';
return -1;
}
if (c != '\0' && c != '\n') {
*t++ = c;
}
if (c == '\n') {
if (line_nr) {
*line_nr = *line_nr + 1;
}
only_blank = 1; /* Assume next line starts with
* <blank>.
*/
}
if (c == '\\' && prev_c == '\\')
prev_c = 0;
else prev_c = c;
@ -368,14 +325,8 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
if (c == '\n' && p != 0) {
/* in parentheses */
/* do not write ' ' if we want to skip spaces */
if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) {
/* check for space for the space character and a zero delimiter after that. */
if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
*t = '\0';
return -1;
}
if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' '))))
*t++ = ' ';
}
lc = c;
continue;
}
@ -397,7 +348,7 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
}
i++;
if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
*t = '\0';
return -1;
}

3
src/gldns/parse.h
View File

@ -153,6 +153,7 @@ int gldns_bgetc(struct gldns_buffer *buffer);
* the position to the first character that is not in *s.
* \param[in] *buffer buffer to use
* \param[in] *s characters to skip
* \return void
*/
void gldns_bskipcs(struct gldns_buffer *buffer, const char *s);
@ -161,6 +162,7 @@ void gldns_bskipcs(struct gldns_buffer *buffer, const char *s);
* the position to the first character that is not in *s.
* \param[in] *fp file to use
* \param[in] *s characters to skip
* \return void
*/
void gldns_fskipcs(FILE *fp, const char *s);
@ -171,6 +173,7 @@ void gldns_fskipcs(FILE *fp, const char *s);
* \param[in] *fp file to use
* \param[in] *s characters to skip
* \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
* \return void
*/
void gldns_fskipcs_l(FILE *fp, const char *s, int *line_nr);

152
src/gldns/parseutil.c
View File

@ -167,7 +167,7 @@ gldns_gmtime64_r(int64_t clock, struct tm *result)
static int64_t
gldns_serial_arithmetics_time(int32_t time, time_t now)
{
int32_t offset = (int32_t)((uint32_t) time - (uint32_t) now);
int32_t offset = time - (int32_t) now;
return (int64_t) now + offset;
}
@ -209,13 +209,11 @@ gldns_hexdigit_to_int(char ch)
}
uint32_t
gldns_str2period(const char *nptr, const char **endptr, int* overflow)
gldns_str2period(const char *nptr, const char **endptr)
{
int sign = 0;
uint32_t i = 0;
uint32_t seconds = 0;
const uint32_t maxint = 0xffffffff;
*overflow = 0;
for(*endptr = nptr; **endptr; (*endptr)++) {
switch (**endptr) {
@ -238,46 +236,26 @@ gldns_str2period(const char *nptr, const char **endptr, int* overflow)
break;
case 's':
case 'S':
if(seconds > maxint-i) {
*overflow = 1;
return 0;
}
seconds += i;
i = 0;
break;
case 'm':
case 'M':
if(i > maxint/60 || seconds > maxint-(i*60)) {
*overflow = 1;
return 0;
}
seconds += i * 60;
i = 0;
break;
case 'h':
case 'H':
if(i > maxint/(60*60) || seconds > maxint-(i*60*60)) {
*overflow = 1;
return 0;
}
seconds += i * 60 * 60;
i = 0;
break;
case 'd':
case 'D':
if(i > maxint/(60*60*24) || seconds > maxint-(i*60*60*24)) {
*overflow = 1;
return 0;
}
seconds += i * 60 * 60 * 24;
i = 0;
break;
case 'w':
case 'W':
if(i > maxint/(60*60*24*7) || seconds > maxint-(i*60*60*24*7)) {
*overflow = 1;
return 0;
}
seconds += i * 60 * 60 * 24 * 7;
i = 0;
break;
@ -291,27 +269,15 @@ gldns_str2period(const char *nptr, const char **endptr, int* overflow)
case '7':
case '8':
case '9':
if(i > maxint/10 || i*10 > maxint - (**endptr - '0')) {
*overflow = 1;
return 0;
}
i *= 10;
i += (**endptr - '0');
break;
default:
if(seconds > maxint-i) {
*overflow = 1;
return 0;
}
seconds += i;
/* disregard signedness */
return seconds;
}
}
if(seconds > maxint-i) {
*overflow = 1;
return 0;
}
seconds += i;
/* disregard signedness */
return seconds;
@ -653,18 +619,13 @@ size_t gldns_b64_ntop_calculate_size(size_t srcsize)
*
* This routine does not insert spaces or linebreaks after 76 characters.
*/
static int gldns_b64_ntop_base(uint8_t const *src, size_t srclength,
char *target, size_t targsize, int base64url, int padding)
int gldns_b64_ntop(uint8_t const *src, size_t srclength,
char *target, size_t targsize)
{
char* b64;
const char* b64 =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
const char pad64 = '=';
size_t i = 0, o = 0;
if(base64url)
b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123"
"456789-_";
else
b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123"
"456789+/";
if(targsize < gldns_b64_ntop_calculate_size(srclength))
return -1;
/* whole chunks: xxxxxxyy yyyyzzzz zzwwwwww */
@ -684,26 +645,18 @@ static int gldns_b64_ntop_base(uint8_t const *src, size_t srclength,
target[o] = b64[src[i] >> 2];
target[o+1] = b64[ ((src[i]&0x03)<<4) | (src[i+1]>>4) ];
target[o+2] = b64[ ((src[i+1]&0x0f)<<2) ];
if(padding) {
target[o+3] = pad64;
/* i += 2; */
o += 4;
} else {
o += 3;
}
target[o+3] = pad64;
/* i += 2; */
o += 4;
break;
case 1:
/* one at end, converted into A B = = */
target[o] = b64[src[i] >> 2];
target[o+1] = b64[ ((src[i]&0x03)<<4) ];
if(padding) {
target[o+2] = pad64;
target[o+3] = pad64;
/* i += 1; */
o += 4;
} else {
o += 2;
}
target[o+2] = pad64;
target[o+3] = pad64;
/* i += 1; */
o += 4;
break;
case 0:
default:
@ -716,36 +669,19 @@ static int gldns_b64_ntop_base(uint8_t const *src, size_t srclength,
return (int)o;
}
int gldns_b64_ntop(uint8_t const *src, size_t srclength, char *target,
size_t targsize)
{
return gldns_b64_ntop_base(src, srclength, target, targsize,
0 /* no base64url */, 1 /* padding */);
}
int gldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target,
size_t targsize)
{
return gldns_b64_ntop_base(src, srclength, target, targsize,
1 /* base64url */, 0 /* no padding */);
}
size_t gldns_b64_pton_calculate_size(size_t srcsize)
{
return (((((srcsize + 3) / 4) * 3)) + 1);
}
/* padding not required if srcsize is set */
static int gldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target,
size_t targsize, int base64url)
int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
{
const uint8_t pad64 = 64; /* is 64th in the b64 array */
const char* s = src;
uint8_t in[4];
size_t o = 0, incount = 0;
int check_padding = (srcsize) ? 0 : 1;
while(*s && (check_padding || srcsize)) {
while(*s) {
/* skip any character that is not base64 */
/* conceptually we do:
const char* b64 = pad'=' is appended to array
@ -754,43 +690,30 @@ static int gldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target,
and use d-b64;
*/
char d = *s++;
srcsize--;
if(d <= 'Z' && d >= 'A')
d -= 'A';
else if(d <= 'z' && d >= 'a')
d = d - 'a' + 26;
else if(d <= '9' && d >= '0')
d = d - '0' + 52;
else if(!base64url && d == '+')
else if(d == '+')
d = 62;
else if(base64url && d == '-')
d = 62;
else if(!base64url && d == '/')
else if(d == '/')
d = 63;
else if(base64url && d == '_')
d = 63;
else if(d == '=') {
if(!check_padding)
continue;
else if(d == '=')
d = 64;
} else continue;
else continue;
in[incount++] = (uint8_t)d;
/* work on block of 4, unless padding is not used and there are
* less than 4 chars left */
if(incount != 4 && (check_padding || srcsize))
if(incount != 4)
continue;
assert(!check_padding || incount==4);
/* process whole block of 4 characters into 3 output bytes */
if((incount == 2 ||
(incount == 4 && in[3] == pad64 && in[2] == pad64))) { /* A B = = */
if(in[3] == pad64 && in[2] == pad64) { /* A B = = */
if(o+1 > targsize)
return -1;
target[o] = (in[0]<<2) | ((in[1]&0x30)>>4);
o += 1;
break; /* we are done */
} else if(incount == 3 ||
(incount == 4 && in[3] == pad64)) { /* A B C = */
} else if(in[3] == pad64) { /* A B C = */
if(o+2 > targsize)
return -1;
target[o] = (in[0]<<2) | ((in[1]&0x30)>>4);
@ -798,7 +721,7 @@ static int gldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target,
o += 2;
break; /* we are done */
} else {
if(incount != 4 || o+3 > targsize)
if(o+3 > targsize)
return -1;
/* write xxxxxxyy yyyyzzzz zzwwwwww */
target[o] = (in[0]<<2) | ((in[1]&0x30)>>4);
@ -810,32 +733,3 @@ static int gldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target,
}
return (int)o;
}
int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
{
return gldns_b64_pton_base(src, 0, target, targsize, 0);
}
int gldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
size_t targsize)
{
if(!srcsize) {
return 0;
}
return gldns_b64_pton_base(src, srcsize, target, targsize, 1);
}
int gldns_b64_contains_nonurl(char const *src, size_t srcsize)
{
const char* s = src;
while(*s && srcsize) {
char d = *s++;
srcsize--;
/* the '+' and the '/' and padding '=' is not allowed in b64
* url encoding */
if(d == '+' || d == '/' || d == '=') {
return 1;
}
}
return 0;
}

10
src/gldns/parseutil.h
View File

@ -74,11 +74,9 @@ struct tm * gldns_serial_arithmetics_gmtime_r(int32_t time, time_t now, struct t
* converts a ttl value (like 5d2h) to a long.
* \param[in] nptr the start of the string
* \param[out] endptr points to the last char in case of error
* \param[out] overflow returns if the string causes integer overflow error,
* the number is too big, string of digits too long.
* \return the convert duration value
*/
uint32_t gldns_str2period(const char *nptr, const char **endptr, int* overflow);
uint32_t gldns_str2period(const char *nptr, const char **endptr);
/**
* Returns the int value of the given (hex) digit
@ -94,17 +92,13 @@ size_t gldns_b64_ntop_calculate_size(size_t srcsize);
int gldns_b64_ntop(uint8_t const *src, size_t srclength,
char *target, size_t targsize);
int gldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target,
size_t targsize);
/**
* calculates the size needed to store the result of gldns_b64_pton
*/
size_t gldns_b64_pton_calculate_size(size_t srcsize);
int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
int gldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
size_t targsize);
int gldns_b64_contains_nonurl(char const *src, size_t srcsize);
/**
* calculates the size needed to store the result of b32_ntop

4
src/gldns/pkthdr.h
View File

@ -97,22 +97,18 @@ extern "C" {
#define QDCOUNT(wirebuf) (ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF)))
*/
#define GLDNS_QDCOUNT(wirebuf) (gldns_read_uint16(wirebuf+GLDNS_QDCOUNT_OFF))
#define GLDNS_QDCOUNT_SET(wirebuf, i) (gldns_write_uint16(wirebuf+GLDNS_QDCOUNT_OFF, i))
/* Counter of the answer section */
#define GLDNS_ANCOUNT_OFF 6
#define GLDNS_ANCOUNT(wirebuf) (gldns_read_uint16(wirebuf+GLDNS_ANCOUNT_OFF))
#define GLDNS_ANCOUNT_SET(wirebuf, i) (gldns_write_uint16(wirebuf+GLDNS_ANCOUNT_OFF, i))
/* Counter of the authority section */
#define GLDNS_NSCOUNT_OFF 8
#define GLDNS_NSCOUNT(wirebuf) (gldns_read_uint16(wirebuf+GLDNS_NSCOUNT_OFF))
#define GLDNS_NSCOUNT_SET(wirebuf, i) (gldns_write_uint16(wirebuf+GLDNS_NSCOUNT_OFF, i))
/* Counter of the additional section */
#define GLDNS_ARCOUNT_OFF 10
#define GLDNS_ARCOUNT(wirebuf) (gldns_read_uint16(wirebuf+GLDNS_ARCOUNT_OFF))
#define GLDNS_ARCOUNT_SET(wirebuf, i) (gldns_write_uint16(wirebuf+GLDNS_ARCOUNT_OFF, i))
/**
* The sections of a packet

415
src/gldns/rrdef.c
View File

@ -16,8 +16,6 @@
#include "gldns/rrdef.h"
#include "gldns/parseutil.h"
#include <stdlib.h>
/* classes */
static gldns_lookup_table gldns_rr_classes_data[] = {
{ GLDNS_RR_CLASS_IN, "IN" },
@ -152,12 +150,6 @@ static const gldns_rdf_type type_openpgpkey_wireformat[] = {
static const gldns_rdf_type type_csync_wireformat[] = {
GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT16, GLDNS_RDF_TYPE_NSEC
};
static const gldns_rdf_type type_zonemd_wireformat[] = {
GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT8, GLDNS_RDF_TYPE_INT8, GLDNS_RDF_TYPE_HEX
};
static const gldns_rdf_type type_svcb_wireformat[] = {
GLDNS_RDF_TYPE_INT16, GLDNS_RDF_TYPE_DNAME
};
/* nsec3 is some vars, followed by same type of data of nsec */
static const gldns_rdf_type type_nsec3_wireformat[] = {
/* GLDNS_RDF_TYPE_NSEC3_VARS, GLDNS_RDF_TYPE_NSEC3_NEXT_OWNER, GLDNS_RDF_TYPE_NSEC*/
@ -237,15 +229,6 @@ static const gldns_rdf_type type_caa_wireformat[] = {
GLDNS_RDF_TYPE_TAG,
GLDNS_RDF_TYPE_LONG_STR
};
#ifdef DRAFT_RRTYPES
static const gldns_rdf_type type_doa_wireformat[] = {
GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT8,
GLDNS_RDF_TYPE_STR, GLDNS_RDF_TYPE_B64
};
static const gldns_rdf_type type_amtrelay_wireformat[] = {
GLDNS_RDF_TYPE_AMTRELAY
};
#endif
/* All RR's defined in 1035 are well known and can thus
* be compressed. See RFC3597. These RR's are:
@ -253,7 +236,7 @@ static const gldns_rdf_type type_amtrelay_wireformat[] = {
*/
static gldns_rr_descriptor rdata_field_descriptors[] = {
/* 0 */
{(enum gldns_enum_rr_type)0, NULL, 0, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{ 0, NULL, 0, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 1 */
{GLDNS_RR_TYPE_A, "A", 1, 1, type_a_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 2 */
@ -358,10 +341,13 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
{GLDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 52 */
{GLDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 53 */
/*53 */
#ifdef DRAFT_RRTYPES
{GLDNS_RR_TYPE_SMIMEA, "SMIMEA", 4, 4, type_tlsa_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 54 */
{(enum gldns_enum_rr_type)0, "TYPE54", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
#else
{GLDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
#endif
{GLDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 55
* Hip ends with 0 or more Rendezvous Servers represented as dname's.
* Hence the GLDNS_RDF_TYPE_DNAME _variable field and the _maximum field
@ -375,8 +361,8 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
/* 57 */
{GLDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
#else
{(enum gldns_enum_rr_type)0, "TYPE56", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE57", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
#endif
/* 58 */
{GLDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 2 },
@ -389,57 +375,54 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
{GLDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 62 */
{GLDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 63 */
{GLDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 64 */
{GLDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, GLDNS_RDF_TYPE_SVCPARAM, GLDNS_RR_NO_COMPRESS, 1 },
/* 65 */
{GLDNS_RR_TYPE_HTTPS, "HTTPS", 2, 2, type_svcb_wireformat, GLDNS_RDF_TYPE_SVCPARAM, GLDNS_RR_NO_COMPRESS, 1 },
{(enum gldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE68", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE69", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE70", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE71", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE72", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE73", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE74", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE75", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE76", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE77", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE78", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE79", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE80", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE81", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE82", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE83", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE84", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE85", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE86", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE87", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE88", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE89", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE90", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE91", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE92", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE93", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE94", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE95", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE96", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE97", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE98", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE72", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE73", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE74", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE75", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE76", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE77", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE78", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE79", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE80", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE81", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE82", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE83", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE84", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE85", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE86", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE87", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE88", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE89", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE90", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE91", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE92", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE93", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE94", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE95", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE96", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE97", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE98", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 99 */
{GLDNS_RR_TYPE_SPF, "SPF", 1, 0, NULL, GLDNS_RDF_TYPE_STR, GLDNS_RR_NO_COMPRESS, 0 },
/* UINFO [IANA-Reserved] */
{(enum gldns_enum_rr_type)0, "TYPE100", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE100", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* UID [IANA-Reserved] */
{(enum gldns_enum_rr_type)0, "TYPE101", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE101", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* GID [IANA-Reserved] */
{(enum gldns_enum_rr_type)0, "TYPE102", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE102", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* UNSPEC [IANA-Reserved] */
{(enum gldns_enum_rr_type)0, "TYPE103", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE103", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 104 */
{GLDNS_RR_TYPE_NID, "NID", 2, 2, type_nid_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
@ -455,145 +438,145 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
/* 109 */
{GLDNS_RR_TYPE_EUI64, "EUI64", 1, 1, type_eui64_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE110", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE111", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE112", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE113", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE114", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE115", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE116", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE117", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE118", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE119", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE120", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE121", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE122", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE123", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE124", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE125", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE126", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE127", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE128", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE129", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE130", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE131", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE132", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE133", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE134", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE135", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE136", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE137", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE138", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE139", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE140", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE141", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE142", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE143", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE144", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE145", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE146", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE147", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE148", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE149", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE150", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE151", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE152", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE153", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE154", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE155", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE156", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE157", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE158", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE159", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE160", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE161", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE162", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE163", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE164", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE165", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE166", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE167", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE168", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE169", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE170", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE171", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE172", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE173", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE174", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE175", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE176", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE177", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE178", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE179", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE180", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE181", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE182", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE183", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE184", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE185", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE186", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE187", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE188", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE189", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE190", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE191", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE192", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE193", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE194", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE195", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE196", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE197", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE198", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE199", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE200", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE201", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE202", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE203", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE204", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE205", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE206", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE207", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE208", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE209", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE210", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE211", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE212", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE213", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE214", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE215", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE216", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE217", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE218", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE219", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE220", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE221", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE222", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE223", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE224", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE225", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE226", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE227", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE228", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE229", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE230", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE231", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE232", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE233", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE234", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE235", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE236", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE237", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE238", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE239", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE240", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE241", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE242", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE243", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE244", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE245", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE246", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE247", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE248", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE110", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE111", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE112", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE113", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE114", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE115", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE116", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE117", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE118", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE119", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE120", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE121", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE122", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE123", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE124", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE125", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE126", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE127", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE128", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE129", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE130", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE131", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE132", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE133", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE134", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE135", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE136", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE137", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE138", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE139", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE140", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE141", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE142", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE143", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE144", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE145", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE146", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE147", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE148", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE149", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE150", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE151", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE152", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE153", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE154", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE155", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE156", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE157", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE158", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE159", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE160", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE161", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE162", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE163", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE164", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE165", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE166", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE167", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE168", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE169", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE170", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE171", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE172", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE173", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE174", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE175", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE176", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE177", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE178", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE179", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE180", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE181", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE182", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE183", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE184", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE185", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE186", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE187", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE188", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE189", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE190", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE191", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE192", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE193", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE194", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE195", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE196", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE197", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE198", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE199", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE200", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE201", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE202", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE203", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE204", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE205", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE206", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE207", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE208", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE209", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE210", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE211", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE212", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE213", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE214", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE215", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE216", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE217", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE218", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE219", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE220", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE221", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE222", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE223", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE224", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE225", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE226", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE227", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE228", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE229", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE230", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE231", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE232", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE233", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE234", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE235", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE236", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE237", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE238", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE239", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE240", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE241", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE242", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE243", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE244", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE245", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE246", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE247", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE248", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* GLDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one.
* So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9.
@ -624,14 +607,8 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
#ifdef DRAFT_RRTYPES
/* 258 */
{GLDNS_RR_TYPE_AVC, "AVC", 1, 0, NULL, GLDNS_RDF_TYPE_STR, GLDNS_RR_NO_COMPRESS, 0 },
/* 259 */
{GLDNS_RR_TYPE_DOA, "DOA", 1, 0, type_doa_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
/* 260 */
{GLDNS_RR_TYPE_AMTRELAY, "AMTRELAY", 1, 0, type_amtrelay_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
#else
{(enum gldns_enum_rr_type)0, "TYPE258", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE259", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{(enum gldns_enum_rr_type)0, "TYPE260", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE258", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
#endif
/* split in array, no longer contiguous */
@ -640,7 +617,7 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
/* 32768 */
{GLDNS_RR_TYPE_TA, "TA", 4, 4, type_ds_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
#else
{(enum gldns_enum_rr_type)0, "TYPE32768", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
{GLDNS_RR_TYPE_NULL, "TYPE32768", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
#endif
/* 32769 */
{GLDNS_RR_TYPE_DLV, "DLV", 4, 4, type_ds_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 }
@ -736,18 +713,18 @@ gldns_get_rr_type_by_name(const char *name)
/* special cases for query types */
if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) {
return GLDNS_RR_TYPE_IXFR;
return 251;
} else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) {
return GLDNS_RR_TYPE_AXFR;
return 252;
} else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) {
return GLDNS_RR_TYPE_MAILB;
return 253;
} else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) {
return GLDNS_RR_TYPE_MAILA;
return 254;
} else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) {
return GLDNS_RR_TYPE_ANY;
return 255;
}
return (enum gldns_enum_rr_type)0;
return 0;
}
gldns_rr_class

57
src/gldns/rrdef.h
View File

@ -38,7 +38,7 @@ extern "C" {
#define GLDNS_KEY_REVOKE_KEY 0x0080 /* used to revoke KSK, rfc 5011 */
/* The first fields are contiguous and can be referenced instantly */
#define GLDNS_RDATA_FIELD_DESCRIPTORS_COMMON 260
#define GLDNS_RDATA_FIELD_DESCRIPTORS_COMMON 259
/** lookuptable for rr classes */
extern struct gldns_struct_lookup_table* gldns_rr_classes;
@ -182,7 +182,9 @@ enum gldns_enum_rr_type
GLDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */
GLDNS_RR_TYPE_NSEC3PARAMS = 51,
GLDNS_RR_TYPE_TLSA = 52, /* RFC 6698 */
GLDNS_RR_TYPE_SMIMEA = 53, /* RFC 8162 */
GLDNS_RR_TYPE_SMIMEA = 53, /* draft-ietf-dane-smime, TLSA-like but may
be extended */
GLDNS_RR_TYPE_HIP = 55, /* RFC 5205 */
/** draft-reid-dnsext-zs */
@ -195,9 +197,6 @@ enum gldns_enum_rr_type
GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
GLDNS_RR_TYPE_ZONEMD = 63, /* RFC8976 */
GLDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
GLDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
@ -228,8 +227,7 @@ enum gldns_enum_rr_type
GLDNS_RR_TYPE_URI = 256, /* RFC 7553 */
GLDNS_RR_TYPE_CAA = 257, /* RFC 6844 */
GLDNS_RR_TYPE_AVC = 258,
GLDNS_RR_TYPE_DOA = 259, /* draft-durand-doa-over-dns */
GLDNS_RR_TYPE_AMTRELAY = 260, /* draft-ietf-mboned-driad-amt-discovery */
GLDNS_RR_TYPE_DOA = 259,
/** DNSSEC Trust Authorities */
GLDNS_RR_TYPE_TA = 32768,
@ -354,19 +352,11 @@ enum gldns_enum_rdf_type
*/
GLDNS_RDF_TYPE_LONG_STR,
/* draft-ietf-mboned-driad-amt-discovery */
GLDNS_RDF_TYPE_AMTRELAY,
/** TSIG extended 16bit error value */
GLDNS_RDF_TYPE_TSIGERROR,
/* draft-ietf-dnsop-svcb-https-05:
* each SvcParam consisting of a SvcParamKey=SvcParamValue pair or
* a standalone SvcParamKey */
GLDNS_RDF_TYPE_SVCPARAM,
/* Aliases */
GLDNS_RDF_TYPE_BITMAP = GLDNS_RDF_TYPE_NSEC,
GLDNS_RDF_TYPE_BITMAP = GLDNS_RDF_TYPE_NSEC
};
typedef enum gldns_enum_rdf_type gldns_rdf_type;
@ -439,43 +429,10 @@ enum gldns_enum_edns_option
GLDNS_EDNS_N3U = 7, /* RFC6975 */
GLDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */
GLDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/
GLDNS_EDNS_PADDING = 12, /* RFC7830 */
GLDNS_EDNS_EDE = 15, /* RFC8914 */
GLDNS_EDNS_CLIENT_TAG = 16 /* draft-bellis-dnsop-edns-tags-01 */
GLDNS_EDNS_PADDING = 12 /* RFC7830 */
};
typedef enum gldns_enum_edns_option gldns_edns_option;
enum gldns_enum_ede_code
{
GLDNS_EDE_NONE = -1, /* EDE undefined for internal use */
GLDNS_EDE_OTHER = 0,
GLDNS_EDE_UNSUPPORTED_DNSKEY_ALG = 1,
GLDNS_EDE_UNSUPPORTED_DS_DIGEST = 2,
GLDNS_EDE_STALE_ANSWER = 3,
GLDNS_EDE_FORGED_ANSWER = 4,
GLDNS_EDE_DNSSEC_INDETERMINATE = 5,
GLDNS_EDE_DNSSEC_BOGUS = 6,
GLDNS_EDE_SIGNATURE_EXPIRED = 7,
GLDNS_EDE_SIGNATURE_NOT_YET_VALID = 8,
GLDNS_EDE_DNSKEY_MISSING = 9,
GLDNS_EDE_RRSIGS_MISSING = 10,
GLDNS_EDE_NO_ZONE_KEY_BIT_SET = 11,
GLDNS_EDE_NSEC_MISSING = 12,
GLDNS_EDE_CACHED_ERROR = 13,
GLDNS_EDE_NOT_READY = 14,
GLDNS_EDE_BLOCKED = 15,
GLDNS_EDE_CENSORED = 16,
GLDNS_EDE_FILTERED = 17,
GLDNS_EDE_PROHIBITED = 18,
GLDNS_EDE_STALE_NXDOMAIN_ANSWER = 19,
GLDNS_EDE_NOT_AUTHORITATIVE = 20,
GLDNS_EDE_NOT_SUPPORTED = 21,
GLDNS_EDE_NO_REACHABLE_AUTHORITY = 22,
GLDNS_EDE_NETWORK_ERROR = 23,
GLDNS_EDE_INVALID_DATA = 24,
};
typedef enum gldns_enum_ede_code gldns_ede_code;
#define GLDNS_EDNS_MASK_DO_BIT 0x8000
/** TSIG and TKEY extended rcodes (16bit), 0-15 are the normal rcodes. */

832
src/gldns/str2wire.c
View File

@ -24,14 +24,12 @@
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#include <stdlib.h>
/** bits for the offset */
#define RET_OFFSET_MASK (((unsigned)(~GLDNS_WIREPARSE_MASK))>>GLDNS_WIREPARSE_SHIFT)
/** return an error */
#define RET_ERR(e, off) ((int)(((e)&GLDNS_WIREPARSE_MASK)|(((off)&RET_OFFSET_MASK)<<GLDNS_WIREPARSE_SHIFT)))
#define RET_ERR(e, off) ((int)((e)|((off)<<GLDNS_WIREPARSE_SHIFT)))
/** Move parse error but keep its ID */
#define RET_ERR_SHIFT(e, move) RET_ERR(GLDNS_WIREPARSE_ERROR(e), GLDNS_WIREPARSE_OFFSET(e)+(move));
#define GLDNS_IP6ADDRLEN (128/8)
/*
* No special care is taken, all dots are translated into
@ -82,7 +80,7 @@ static int gldns_str2wire_dname_buf_rel(const char* str, uint8_t* buf,
for (s = str; *s; s++, q++) {
if (q >= buf + *olen)
return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, q-buf);
if (q >= buf + GLDNS_MAX_DOMAINLEN)
if (q > buf + GLDNS_MAX_DOMAINLEN)
return RET_ERR(GLDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, q-buf);
switch (*s) {
case '.':
@ -119,7 +117,7 @@ static int gldns_str2wire_dname_buf_rel(const char* str, uint8_t* buf,
if(rel) *rel = 1;
if (q >= buf + *olen)
return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, q-buf);
if (q >= buf + GLDNS_MAX_DOMAINLEN) {
if (q > buf + GLDNS_MAX_DOMAINLEN) {
return RET_ERR(GLDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, q-buf);
}
if (label_len > GLDNS_MAX_LABELLEN) {
@ -152,10 +150,6 @@ int gldns_str2wire_dname_buf_origin(const char* str, uint8_t* buf, size_t* len,
if(s) return s;
if(rel && origin && dlen > 0) {
if((unsigned)dlen >= 0x00ffffffU ||
(unsigned)origin_len >= 0x00ffffffU)
/* guard against integer overflow in addition */
return RET_ERR(GLDNS_WIREPARSE_ERR_GENERAL, *len);
if(dlen + origin_len - 1 > GLDNS_MAX_DOMAINLEN)
return RET_ERR(GLDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW,
GLDNS_MAX_DOMAINLEN);
@ -174,9 +168,7 @@ uint8_t* gldns_str2wire_dname(const char* str, size_t* len)
uint8_t dname[GLDNS_MAX_DOMAINLEN+1];
*len = sizeof(dname);
if(gldns_str2wire_dname_buf(str, dname, len) == 0) {
uint8_t* r;
if(*len > sizeof(dname)) return NULL;
r = (uint8_t*)malloc(*len);
uint8_t* r = (uint8_t*)malloc(*len);
if(r) return memcpy(r, dname, *len);
}
*len = 0;
@ -195,10 +187,7 @@ rrinternal_get_owner(gldns_buffer* strbuf, uint8_t* rr, size_t* len,
gldns_buffer_position(strbuf));
}
if(token_len < 2) /* make sure there is space to read "@" or "" */
return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL,
gldns_buffer_position(strbuf));
if(token[0]=='@' && token[1]=='\0') {
if(strcmp(token, "@") == 0) {
uint8_t* tocopy;
if (origin) {
*dname_len = origin_len;
@ -250,16 +239,11 @@ rrinternal_get_ttl(gldns_buffer* strbuf, char* token, size_t token_len,
int* not_there, uint32_t* ttl, uint32_t default_ttl)
{
const char* endptr;
int overflow;
if(gldns_bget_token(strbuf, token, "\t\n ", token_len) == -1) {
return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_TTL,
gldns_buffer_position(strbuf));
}
*ttl = (uint32_t) gldns_str2period(token, &endptr, &overflow);
if(overflow) {
return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW,
gldns_buffer_position(strbuf));
}
*ttl = (uint32_t) gldns_str2period(token, &endptr);
if (strlen(token) > 0 && !isdigit((unsigned char)token[0])) {
*not_there = 1;
@ -379,8 +363,7 @@ rrinternal_get_quoted(gldns_buffer* strbuf, const char** delimiters,
/* skip spaces */
while(gldns_buffer_remaining(strbuf) > 0 &&
(*(gldns_buffer_current(strbuf)) == ' ' ||
*(gldns_buffer_current(strbuf)) == '\t')) {
*(gldns_buffer_current(strbuf)) == ' ') {
gldns_buffer_skip(strbuf, 1);
}
@ -552,10 +535,9 @@ gldns_parse_rdf_token(gldns_buffer* strbuf, char* token, size_t token_len,
{
size_t slen;
/* skip spaces and tabs */
/* skip spaces */
while(gldns_buffer_remaining(strbuf) > 0 && !*quoted &&
(*(gldns_buffer_current(strbuf)) == ' ' ||
*(gldns_buffer_current(strbuf)) == '\t')) {
*(gldns_buffer_current(strbuf)) == ' ') {
gldns_buffer_skip(strbuf, 1);
}
@ -611,10 +593,7 @@ gldns_affix_token(gldns_buffer* strbuf, char* token, size_t* token_len,
size_t addstrlen = 0;
/* add space */
/* when addlen < 2, the token buffer is full considering the NULL byte
* from strlen and will lead to buffer overflow with the second
* assignment below. */
if(addlen < 2) return 0;
if(addlen < 1) return 0;
token[*token_strlen] = ' ';
token[++(*token_strlen)] = 0;
@ -627,122 +606,6 @@ gldns_affix_token(gldns_buffer* strbuf, char* token, size_t* token_len,
return 1;
}
static int gldns_str2wire_svcparam_key_cmp(const void *a, const void *b)
{
return gldns_read_uint16(*(uint8_t**) a)
- gldns_read_uint16(*(uint8_t**) b);
}
/**
* Add constraints to the SVCB RRs which involve the whole set
*/
static int gldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len)
{
size_t nparams = 0, i;
uint8_t new_rdata[GLDNS_MAX_RDFLEN];
uint8_t* new_rdata_ptr = new_rdata;
uint8_t* svcparams[MAX_NUMBER_OF_SVCPARAMS];
uint8_t* rdata_ptr = rdata;
uint16_t rdata_remaining = rdata_len;
/* find the SvcParams */
while (rdata_remaining) {
uint16_t svcbparam_len;
svcparams[nparams] = rdata_ptr;
if (rdata_remaining < 4)
return GLDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA;
svcbparam_len = gldns_read_uint16(rdata_ptr + 2);
rdata_remaining -= 4;
rdata_ptr += 4;
if (rdata_remaining < svcbparam_len)
return GLDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA;
rdata_remaining -= svcbparam_len;
rdata_ptr += svcbparam_len;
nparams += 1;
if (nparams >= MAX_NUMBER_OF_SVCPARAMS)
return GLDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS;
}
/* In draft-ietf-dnsop-svcb-https-06 Section 7:
*
* In wire format, the keys are represented by their numeric
* values in network byte order, concatenated in ascending order.
*/
qsort((void *)svcparams
,nparams
,sizeof(uint8_t*)
,gldns_str2wire_svcparam_key_cmp);
/* The code below revolves around semantic errors in the SVCParam set.
* So long as we do not distinguish between running Unbound as a primary
* or as a secondary, we default to secondary behavior and we ignore the
* semantic errors. */
#ifdef SVCB_SEMANTIC_ERRORS
{
uint8_t* mandatory = NULL;
/* In draft-ietf-dnsop-svcb-https-06 Section 7:
*
* Keys (...) MUST NOT appear more than once.
*
* If they key has already been seen, we have a duplicate
*/
for(i=0; i < nparams; i++) {
uint16_t key = gldns_read_uint16(svcparams[i]);
if(i + 1 < nparams && key == gldns_read_uint16(svcparams[i+1]))
return GLDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS;
if(key == SVCB_KEY_MANDATORY)
mandatory = svcparams[i];
}
/* 4. verify that all the SvcParamKeys in mandatory are present */
if(mandatory) {
/* Divide by sizeof(uint16_t)*/
uint16_t mandatory_nkeys = gldns_read_uint16(mandatory + 2) / sizeof(uint16_t);
/* Guaranteed by gldns_str2wire_svcparam_key_value */
assert(mandatory_nkeys > 0);
for(i=0; i < mandatory_nkeys; i++) {
uint16_t mandatory_key = gldns_read_uint16(
mandatory
+ 2 * sizeof(uint16_t)
+ i * sizeof(uint16_t));
uint8_t found = 0;
size_t j;
for(j=0; j < nparams; j++) {
if(mandatory_key == gldns_read_uint16(svcparams[j])) {
found = 1;
break;
}
}
if(!found)
return GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM;
}
}
}
#endif
/* Write rdata in correct order */
for (i = 0; i < nparams; i++) {
uint16_t svcparam_len = gldns_read_uint16(svcparams[i] + 2)
+ 2 * sizeof(uint16_t);
if ((unsigned)(new_rdata_ptr - new_rdata) + svcparam_len > sizeof(new_rdata))
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
memcpy(new_rdata_ptr, svcparams[i], svcparam_len);
new_rdata_ptr += svcparam_len;
}
memcpy(rdata, new_rdata, rdata_len);
return GLDNS_WIREPARSE_ERR_OK;
}
/** parse rdata from string into rr buffer(-remainder after dname). */
static int
rrinternal_parse_rdata(gldns_buffer* strbuf, char* token, size_t token_len,
@ -782,8 +645,7 @@ rrinternal_parse_rdata(gldns_buffer* strbuf, char* token, size_t token_len,
/* unknown RR data */
if(token_strlen>=2 && strncmp(token, "\\#", 2) == 0 &&
!quoted && (token_strlen == 2 || token[2]==' ' ||
token[2]=='\t')) {
!quoted && (token_strlen == 2 || token[2]==' ')) {
was_unknown_rr_format = 1;
if((status=rrinternal_parse_unknown(strbuf, token,
token_len, rr, rr_len, &rr_cur_len,
@ -841,42 +703,6 @@ rrinternal_parse_rdata(gldns_buffer* strbuf, char* token, size_t token_len,
/* write rdata length */
gldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10));
*rr_len = rr_cur_len;
/* SVCB/HTTPS handling */
if (rr_type == GLDNS_RR_TYPE_SVCB || rr_type == GLDNS_RR_TYPE_HTTPS) {
size_t rdata_len = rr_cur_len - dname_len - 10;
uint8_t *rdata = rr+dname_len + 10;
/* skip 1st rdata field SvcPriority (uint16_t) */
if (rdata_len < sizeof(uint16_t))
return GLDNS_WIREPARSE_ERR_OK;
rdata_len -= sizeof(uint16_t);
rdata += sizeof(uint16_t);
/* skip 2nd rdata field dname */
while (rdata_len && *rdata != 0) {
uint8_t label_len;
if (*rdata & 0xC0)
return GLDNS_WIREPARSE_ERR_OK;
label_len = *rdata + 1;
if (rdata_len < label_len)
return GLDNS_WIREPARSE_ERR_OK;
rdata_len -= label_len;
rdata += label_len;
}
/* The root label is one more character, so smaller
* than 1 + 1 means no Svcparam Keys */
if (rdata_len < 2 || *rdata != 0)
return GLDNS_WIREPARSE_ERR_OK;
rdata_len -= 1;
rdata += 1;
return gldns_str2wire_check_svcbparams(rdata, rdata_len);
}
return GLDNS_WIREPARSE_ERR_OK;
}
@ -1063,15 +889,12 @@ int gldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
return s;
} else if(strncmp(line, "$TTL", 4) == 0 && isspace((unsigned char)line[4])) {
const char* end = NULL;
int overflow = 0;
strlcpy((char*)rr, line, *len);
*len = 0;
*dname_len = 0;
if(!parse_state) return GLDNS_WIREPARSE_ERR_OK;
parse_state->default_ttl = gldns_str2period(
gldns_strip_ws(line+5), &end, &overflow);
if(overflow)
return GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW;
gldns_strip_ws(line+5), &end);
} else if (strncmp(line, "$INCLUDE", 8) == 0) {
strlcpy((char*)rr, line, *len);
*len = 0;
@ -1097,533 +920,11 @@ int gldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
memmove(parse_state->prev_rr, rr, *dname_len);
parse_state->prev_rr_len = (*dname_len);
}
if(r == GLDNS_WIREPARSE_ERR_OK && parse_state) {
parse_state->default_ttl = gldns_wirerr_get_ttl(
rr, *len, *dname_len);
}
return r;
}
return GLDNS_WIREPARSE_ERR_OK;
}
static int
gldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len)
{
char buf[64];
char *endptr;
unsigned long int key_value;
if (key_len >= 4 && key_len <= 8 && !strncmp(key, "key", 3)) {
memcpy(buf, key + 3, key_len - 3);
buf[key_len - 3] = 0;
key_value = strtoul(buf, &endptr, 10);
if (endptr > buf /* digits seen */
&& *endptr == 0 /* no non-digit chars after digits */
&& key_value <= 65535) /* no overflow */
return key_value;
} else switch (key_len) {
case sizeof("mandatory")-1:
if (!strncmp(key, "mandatory", sizeof("mandatory")-1))
return SVCB_KEY_MANDATORY;
if (!strncmp(key, "echconfig", sizeof("echconfig")-1))
return SVCB_KEY_ECH; /* allow "echconfig" as well as "ech" */
break;
case sizeof("alpn")-1:
if (!strncmp(key, "alpn", sizeof("alpn")-1))
return SVCB_KEY_ALPN;
if (!strncmp(key, "port", sizeof("port")-1))
return SVCB_KEY_PORT;
break;
case sizeof("no-default-alpn")-1:
if (!strncmp( key , "no-default-alpn"
, sizeof("no-default-alpn")-1))
return SVCB_KEY_NO_DEFAULT_ALPN;
break;
case sizeof("ipv4hint")-1:
if (!strncmp(key, "ipv4hint", sizeof("ipv4hint")-1))
return SVCB_KEY_IPV4HINT;
if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1))
return SVCB_KEY_IPV6HINT;
break;
case sizeof("ech")-1:
if (!strncmp(key, "ech", sizeof("ech")-1))
return SVCB_KEY_ECH;
break;
default:
break;
}
/* Although the returned value might be used by the caller,
* the parser has erred, so the zone will not be loaded.
*/
return -1;
}
static int
gldns_str2wire_svcparam_port(const char* val, uint8_t* rd, size_t* rd_len)
{
unsigned long int port;
char *endptr;
if (*rd_len < 6)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
port = strtoul(val, &endptr, 10);
if (endptr > val /* digits seen */
&& *endptr == 0 /* no non-digit chars after digits */
&& port <= 65535) { /* no overflow */
gldns_write_uint16(rd, SVCB_KEY_PORT);
gldns_write_uint16(rd + 2, sizeof(uint16_t));
gldns_write_uint16(rd + 4, port);
*rd_len = 6;
return GLDNS_WIREPARSE_ERR_OK;
}
return GLDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX;
}
static int
gldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len)
{
size_t count;
char ip_str[INET_ADDRSTRLEN+1];
char *next_ip_str;
size_t i;
for (i = 0, count = 1; val[i]; i++) {
if (val[i] == ',')
count += 1;
if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
return GLDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES;
}
}
if (*rd_len < (GLDNS_IP4ADDRLEN * count) + 4)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
/* count is number of comma's in val + 1; so the actual number of IPv4
* addresses in val
*/
gldns_write_uint16(rd, SVCB_KEY_IPV4HINT);
gldns_write_uint16(rd + 2, GLDNS_IP4ADDRLEN * count);
*rd_len = 4;
while (count) {
if (!(next_ip_str = strchr(val, ','))) {
if (inet_pton(AF_INET, val, rd + *rd_len) != 1)
break;
*rd_len += GLDNS_IP4ADDRLEN;
assert(count == 1);
} else if (next_ip_str - val >= (int)sizeof(ip_str))
break;
else {
memcpy(ip_str, val, next_ip_str - val);
ip_str[next_ip_str - val] = 0;
if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) {
break;
}
*rd_len += GLDNS_IP4ADDRLEN;
val = next_ip_str + 1;
}
count--;
}
if (count) /* verify that we parsed all values */
return GLDNS_WIREPARSE_ERR_SYNTAX_IP4;
return GLDNS_WIREPARSE_ERR_OK;
}
static int
gldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len)
{
size_t count;
char ip_str[INET6_ADDRSTRLEN+1];
char *next_ip_str;
size_t i;
for (i = 0, count = 1; val[i]; i++) {
if (val[i] == ',')
count += 1;
if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
return GLDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES;
}
}
if (*rd_len < (GLDNS_IP6ADDRLEN * count) + 4)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
/* count is number of comma's in val + 1; so the actual number of IPv6
* addresses in val
*/
gldns_write_uint16(rd, SVCB_KEY_IPV6HINT);
gldns_write_uint16(rd + 2, GLDNS_IP6ADDRLEN * count);
*rd_len = 4;
while (count) {
if (!(next_ip_str = strchr(val, ','))) {
if (inet_pton(AF_INET6, val, rd + *rd_len) != 1)
break;
*rd_len += GLDNS_IP6ADDRLEN;
assert(count == 1);
} else if (next_ip_str - val >= (int)sizeof(ip_str))
break;
else {
memcpy(ip_str, val, next_ip_str - val);
ip_str[next_ip_str - val] = 0;
if (inet_pton(AF_INET6, ip_str, rd + *rd_len) != 1) {
break;
}
*rd_len += GLDNS_IP6ADDRLEN;
val = next_ip_str + 1;
}
count--;
}
if (count) /* verify that we parsed all values */
return GLDNS_WIREPARSE_ERR_SYNTAX_IP6;
return GLDNS_WIREPARSE_ERR_OK;
}
/* compare function used for sorting uint16_t's */
static int
gldns_network_uint16_cmp(const void *a, const void *b)
{
return ((int)gldns_read_uint16(a)) - ((int)gldns_read_uint16(b));
}
static int
gldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len)
{
size_t i, count, val_len;
char* next_key;
val_len = strlen(val);
for (i = 0, count = 1; val[i]; i++) {
if (val[i] == ',')
count += 1;
if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
return GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS;
}
}
if (sizeof(uint16_t) * (count + 2) > *rd_len)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
gldns_write_uint16(rd, SVCB_KEY_MANDATORY);
gldns_write_uint16(rd + 2, sizeof(uint16_t) * count);
*rd_len = 4;
while (1) {
int svcparamkey;
if (!(next_key = strchr(val, ','))) {
svcparamkey = gldns_str2wire_svcparam_key_lookup(val, val_len);
if (svcparamkey < 0) {
return GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
}
gldns_write_uint16(rd + *rd_len, svcparamkey);
*rd_len += 2;
break;
} else {
svcparamkey = gldns_str2wire_svcparam_key_lookup(val, next_key - val);
if (svcparamkey < 0) {
return GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
}
gldns_write_uint16(rd + *rd_len,
svcparamkey);
*rd_len += 2;
}
val_len -= next_key - val + 1;
val = next_key + 1; /* skip the comma */
}
/* In draft-ietf-dnsop-svcb-https-06 Section 7:
*
* "In wire format, the keys are represented by their numeric
* values in network byte order, concatenated in ascending order."
*/
qsort((void *)(rd + 4), count, sizeof(uint16_t), gldns_network_uint16_cmp);
/* The code below revolves around semantic errors in the SVCParam set.
* So long as we do not distinguish between running Unbound as a primary
* or as a secondary, we default to secondary behavior and we ignore the
* semantic errors. */
#ifdef SVCB_SEMANTIC_ERRORS
/* In draft-ietf-dnsop-svcb-https-06 Section 8
* automatically mandatory MUST NOT appear in its own value-list
*/
if (gldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY)
return GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY;
/* Guarantee key uniqueness. After the sort we only need to
* compare neighbouring keys */
if (count > 1) {
for (i = 0; i < count - 1; i++) {
uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i));
uint16_t key = gldns_read_uint16(current_pos);
if (key == gldns_read_uint16(current_pos + 2)) {
return GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY;
}
}
}
#endif
return GLDNS_WIREPARSE_ERR_OK;
}
static int
gldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len)
{
uint8_t buffer[GLDNS_MAX_RDFLEN];
int wire_len;
/* single 0 represents empty buffer */
if(strcmp(val, "0") == 0) {
if (*rd_len < 4)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
gldns_write_uint16(rd, SVCB_KEY_ECH);
gldns_write_uint16(rd + 2, 0);
return GLDNS_WIREPARSE_ERR_OK;
}
wire_len = gldns_b64_pton(val, buffer, GLDNS_MAX_RDFLEN);
if (wire_len <= 0) {
return GLDNS_WIREPARSE_ERR_SYNTAX_B64;
} else if ((unsigned)wire_len + 4 > *rd_len) {
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
} else {
gldns_write_uint16(rd, SVCB_KEY_ECH);
gldns_write_uint16(rd + 2, wire_len);
memcpy(rd + 4, buffer, wire_len);
*rd_len = 4 + wire_len;
return GLDNS_WIREPARSE_ERR_OK;
}
}
static const char*
gldns_str2wire_svcbparam_parse_next_unescaped_comma(const char *val)
{
while (*val) {
/* Only return when the comma is not escaped*/
if (*val == '\\'){
++val;
if (!*val)
break;
} else if (*val == ',')
return val;
val++;
}
return NULL;
}
/* The source is already properly unescaped, this double unescaping is purely to allow for
* comma's in comma separated alpn lists.
*
* In draft-ietf-dnsop-svcb-https-06 Section 7:
* To enable simpler parsing, this SvcParamValue MUST NOT contain escape sequences.
*/
static size_t
gldns_str2wire_svcbparam_parse_copy_unescaped(uint8_t *dst,
const char *src, size_t len)
{
uint8_t *orig_dst = dst;
while (len) {
if (*src == '\\') {
src++;
len--;
if (!len)
break;
}
*dst++ = *src++;
len--;
}
return (size_t)(dst - orig_dst);
}
static int
gldns_str2wire_svcbparam_alpn_value(const char* val,
uint8_t* rd, size_t* rd_len)
{
uint8_t unescaped_dst[GLDNS_MAX_RDFLEN];
uint8_t *dst = unescaped_dst;
const char *next_str;
size_t str_len;
size_t dst_len;
size_t val_len;
val_len = strlen(val);
if (val_len > sizeof(unescaped_dst)) {
return GLDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE;
}
while (val_len) {
size_t key_len;
str_len = (next_str = gldns_str2wire_svcbparam_parse_next_unescaped_comma(val))
? (size_t)(next_str - val) : val_len;
if (str_len > 255) {
return GLDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE;
}
key_len = gldns_str2wire_svcbparam_parse_copy_unescaped(dst + 1, val, str_len);
*dst++ = key_len;
dst += key_len;
if (!next_str)
break;
/* skip the comma in the next iteration */
val_len -= next_str - val + 1;
val = next_str + 1;
}
dst_len = dst - unescaped_dst;
if (*rd_len < 4 + dst_len)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
gldns_write_uint16(rd, SVCB_KEY_ALPN);
gldns_write_uint16(rd + 2, dst_len);
memcpy(rd + 4, unescaped_dst, dst_len);
*rd_len = 4 + dst_len;
return GLDNS_WIREPARSE_ERR_OK;
}
static int
gldns_str2wire_svcparam_value(const char *key, size_t key_len,
const char *val, uint8_t* rd, size_t* rd_len)
{
size_t str_len;
int svcparamkey = gldns_str2wire_svcparam_key_lookup(key, key_len);
if (svcparamkey < 0) {
return GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
}
/* key without value */
if (val == NULL) {
switch (svcparamkey) {
#ifdef SVCB_SEMANTIC_ERRORS
case SVCB_KEY_MANDATORY:
case SVCB_KEY_ALPN:
case SVCB_KEY_PORT:
case SVCB_KEY_IPV4HINT:
case SVCB_KEY_IPV6HINT:
return GLDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM;
#endif
default:
if (*rd_len < 4)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
gldns_write_uint16(rd, svcparamkey);
gldns_write_uint16(rd + 2, 0);
*rd_len = 4;
return GLDNS_WIREPARSE_ERR_OK;
}
}
/* value is non-empty */
switch (svcparamkey) {
case SVCB_KEY_PORT:
return gldns_str2wire_svcparam_port(val, rd, rd_len);
case SVCB_KEY_IPV4HINT:
return gldns_str2wire_svcbparam_ipv4hint(val, rd, rd_len);
case SVCB_KEY_IPV6HINT:
return gldns_str2wire_svcbparam_ipv6hint(val, rd, rd_len);
case SVCB_KEY_MANDATORY:
return gldns_str2wire_svcbparam_mandatory(val, rd, rd_len);
#ifdef SVCB_SEMANTIC_ERRORS
case SVCB_KEY_NO_DEFAULT_ALPN:
return GLDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE;
#endif
case SVCB_KEY_ECH:
return gldns_str2wire_svcbparam_ech_value(val, rd, rd_len);
case SVCB_KEY_ALPN:
return gldns_str2wire_svcbparam_alpn_value(val, rd, rd_len);
default:
str_len = strlen(val);
if (*rd_len < 4 + str_len)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
gldns_write_uint16(rd, svcparamkey);
gldns_write_uint16(rd + 2, str_len);
memcpy(rd + 4, val, str_len);
*rd_len = 4 + str_len;
return GLDNS_WIREPARSE_ERR_OK;
}
return GLDNS_WIREPARSE_ERR_GENERAL;
}
static int gldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len)
{
const char* eq_pos;
char unescaped_val[GLDNS_MAX_RDFLEN];
char* val_out = unescaped_val;
const char* val_in;
eq_pos = strchr(str, '=');
/* case: key=value */
if (eq_pos != NULL && eq_pos[1]) {
val_in = eq_pos + 1;
/* unescape characters and "" blocks */
if (*val_in == '"') {
val_in++;
while (*val_in != '"'
&& (size_t)(val_out - unescaped_val + 1) < sizeof(unescaped_val)
&& gldns_parse_char( (uint8_t*) val_out, &val_in)) {
val_out++;
}
} else {
while ((size_t)(val_out - unescaped_val + 1) < sizeof(unescaped_val)
&& gldns_parse_char( (uint8_t*) val_out, &val_in)) {
val_out++;
}
}
*val_out = 0;
return gldns_str2wire_svcparam_value(str, eq_pos - str,
unescaped_val[0] ? unescaped_val : NULL, rd, rd_len);
}
/* case: key= */
else if (eq_pos != NULL && !(eq_pos[1])) {
return gldns_str2wire_svcparam_value(str, eq_pos - str, NULL, rd, rd_len);
}
/* case: key */
else {
return gldns_str2wire_svcparam_value(str, strlen(str), NULL, rd, rd_len);
}
}
int gldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
gldns_rdf_type rdftype)
{
@ -1696,10 +997,6 @@ int gldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
return gldns_str2wire_hip_buf(str, rd, len);
case GLDNS_RDF_TYPE_INT16_DATA:
return gldns_str2wire_int16_data_buf(str, rd, len);
case GLDNS_RDF_TYPE_AMTRELAY:
return gldns_str2wire_amtrelay_buf(str, rd, len);
case GLDNS_RDF_TYPE_SVCPARAM:
return gldns_str2wire_svcparam_buf(str, rd, len);
case GLDNS_RDF_TYPE_UNKNOWN:
case GLDNS_RDF_TYPE_SERVICE:
return GLDNS_WIREPARSE_ERR_NOT_IMPL;
@ -1797,7 +1094,7 @@ int gldns_str2wire_str_buf(const char* str, uint8_t* rd, size_t* len)
while(gldns_parse_char(&ch, &s)) {
if(sl >= 255)
return RET_ERR(GLDNS_WIREPARSE_ERR_INVALID_STR, s-str);
if(*len < sl+2)
if(*len < sl+1)
return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL,
s-str);
rd[++sl] = ch;
@ -1928,17 +1225,6 @@ int gldns_str2wire_b32_ext_buf(const char* str, uint8_t* rd, size_t* len)
return GLDNS_WIREPARSE_ERR_OK;
}
/** see if the string ends, or ends in whitespace */
static int
gldns_is_last_of_string(const char* str)
{
if(*str == 0) return 1;
while(isspace((unsigned char)*str))
str++;
if(*str == 0) return 1;
return 0;
}
int gldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len)
{
const char* s = str;
@ -1948,7 +1234,7 @@ int gldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len)
s++;
continue;
}
if(dlen == 0 && *s == '0' && gldns_is_last_of_string(s+1)) {
if(dlen == 0 && *s == '0' && *(s+1) == 0) {
*len = 0;
return GLDNS_WIREPARSE_ERR_OK;
}
@ -2170,13 +1456,9 @@ int gldns_str2wire_tsigtime_buf(const char* str, uint8_t* rd, size_t* len)
int gldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len)
{
const char* end;
int overflow;
uint32_t p = gldns_str2period(str, &end, &overflow);
uint32_t p = gldns_str2period(str, &end);
if(*end != 0)
return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_PERIOD, end-str);
if(overflow)
return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW,
end-str);
if(*len < 4)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
gldns_write_uint32(rd, p);
@ -2189,17 +1471,13 @@ static int
loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e)
{
uint32_t meters = 0, cm = 0, val;
char* cm_endstr;
while (isblank((unsigned char)*my_str)) {
my_str++;
}
meters = (uint32_t)strtol(my_str, &my_str, 10);
if (*my_str == '.') {
my_str++;
cm = (uint32_t)strtol(my_str, &cm_endstr, 10);
if(cm_endstr == my_str + 1)
cm *= 10;
my_str = cm_endstr;
cm = (uint32_t)strtol(my_str, &my_str, 10);
}
if (meters >= 1) {
*e = 2;
@ -2806,8 +2084,6 @@ int gldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len)
char* s;
int n;
n = strtol(str, &s, 10);
if(n < 0) /* negative number not allowed */
return GLDNS_WIREPARSE_ERR_SYNTAX;
if(*len < ((size_t)n)+2)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
if(n > 65535)
@ -2831,77 +2107,3 @@ int gldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len)
*len = ((size_t)n)+2;
return GLDNS_WIREPARSE_ERR_OK;
}
int gldns_str2wire_amtrelay_buf(const char* str, uint8_t* rd, size_t* len)
{
size_t relay_len = 0;
int s;
uint8_t relay_type;
char token[512];
gldns_buffer strbuf;
gldns_buffer_init_frm_data(&strbuf, (uint8_t*)str, strlen(str));
if(*len < 2)
return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
/* precedence */
if(gldns_bget_token(&strbuf, token, "\t\n ", sizeof(token)) <= 0)
return RET_ERR(GLDNS_WIREPARSE_ERR_INVALID_STR,
gldns_buffer_position(&strbuf));
rd[0] = (uint8_t)atoi(token);
/* discovery_optional */
if(gldns_bget_token(&strbuf, token, "\t\n ", sizeof(token)) <= 0)
return RET_ERR(GLDNS_WIREPARSE_ERR_INVALID_STR,
gldns_buffer_position(&strbuf));
if ((token[0] != '0' && token[0] != '1') || token[1] != 0)
return RET_ERR(GLDNS_WIREPARSE_ERR_INVALID_STR,
gldns_buffer_position(&strbuf));
rd[1] = *token == '1' ? 0x80 : 0x00;
/* relay_type */
if(gldns_bget_token(&strbuf, token, "\t\n ", sizeof(token)) <= 0)
return RET_ERR(GLDNS_WIREPARSE_ERR_INVALID_STR,
gldns_buffer_position(&strbuf));
relay_type = (uint8_t)atoi(token);
if (relay_type > 0x7F)
return RET_ERR(GLDNS_WIREPARSE_ERR_INVALID_STR,
gldns_buffer_position(&strbuf));
rd[1] |= relay_type;
if (relay_type == 0) {
*len = 2;
return GLDNS_WIREPARSE_ERR_OK;
}
/* relay */
if(gldns_bget_token(&strbuf, token, "\t\n ", sizeof(token)) <= 0)
return RET_ERR(GLDNS_WIREPARSE_ERR_INVALID_STR,
gldns_buffer_position(&strbuf));
if(relay_type == 1) {
/* IP4 */
relay_len = *len - 2;
s = gldns_str2wire_a_buf(token, rd+2, &relay_len);
if(s) return RET_ERR_SHIFT(s, gldns_buffer_position(&strbuf));
} else if(relay_type == 2) {
/* IP6 */
relay_len = *len - 2;
s = gldns_str2wire_aaaa_buf(token, rd+2, &relay_len);
if(s) return RET_ERR_SHIFT(s, gldns_buffer_position(&strbuf));
} else if(relay_type == 3) {
/* DNAME */
relay_len = *len - 2;
s = gldns_str2wire_dname_buf(token, rd+2, &relay_len);
if(s) return RET_ERR_SHIFT(s, gldns_buffer_position(&strbuf));
} else {
/* unknown gateway type */
return RET_ERR(GLDNS_WIREPARSE_ERR_INVALID_STR,
gldns_buffer_position(&strbuf));
}
/* double check for size */
if(*len < 2 + relay_len)
return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL,
gldns_buffer_position(&strbuf));
*len = 2 + relay_len;
return GLDNS_WIREPARSE_ERR_OK;
}

42
src/gldns/str2wire.h
View File

@ -23,27 +23,10 @@ extern "C" {
#endif
struct gldns_struct_lookup_table;
#define GLDNS_IP4ADDRLEN (32/8)
#define GLDNS_IP6ADDRLEN (128/8)
/** buffer to read an RR, cannot be larger than 64K because of packet size */
#define GLDNS_RR_BUF_SIZE 65535 /* bytes */
#define GLDNS_DEFAULT_TTL 3600
/* SVCB keys currently defined in draft-ietf-dnsop-svcb-https */
#define SVCB_KEY_MANDATORY 0
#define SVCB_KEY_ALPN 1
#define SVCB_KEY_NO_DEFAULT_ALPN 2
#define SVCB_KEY_PORT 3
#define SVCB_KEY_IPV4HINT 4
#define SVCB_KEY_ECH 5
#define SVCB_KEY_IPV6HINT 6
#define SVCPARAMKEY_COUNT 7
#define MAX_NUMBER_OF_SVCPARAMS 64
#define SVCB_MAX_COMMA_SEPARATED_VALUES 1000
/*
* To convert class and type to string see
* gldns_get_rr_class_by_name(str)
@ -187,7 +170,7 @@ uint8_t* gldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len);
#define GLDNS_WIREPARSE_MASK 0x0fff
#define GLDNS_WIREPARSE_SHIFT 12
#define GLDNS_WIREPARSE_ERROR(e) ((e)&GLDNS_WIREPARSE_MASK)
#define GLDNS_WIREPARSE_OFFSET(e) ((((unsigned)(e))&~GLDNS_WIREPARSE_MASK)>>GLDNS_WIREPARSE_SHIFT)
#define GLDNS_WIREPARSE_OFFSET(e) (((e)&~GLDNS_WIREPARSE_MASK)>>GLDNS_WIREPARSE_SHIFT)
/* use lookuptable to get error string, gldns_wireparse_errors */
#define GLDNS_WIREPARSE_ERR_OK 0
#define GLDNS_WIREPARSE_ERR_GENERAL 342
@ -221,20 +204,6 @@ uint8_t* gldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len);
#define GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW 370
#define GLDNS_WIREPARSE_ERR_INCLUDE 371
#define GLDNS_WIREPARSE_ERR_PARENTHESIS 372
#define GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY 373
#define GLDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM 374
#define GLDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS 375
#define GLDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 376
#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS 377
#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM 378
#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 379
#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 380
#define GLDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX 381
#define GLDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES 382
#define GLDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES 383
#define GLDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE 384
#define GLDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE 385
#define GLDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA 386
/**
* Get reference to a constant string for the (parse) error.
@ -585,15 +554,6 @@ int gldns_str2wire_hip_buf(const char* str, uint8_t* rd, size_t* len);
*/
int gldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len);
/**
* Convert rdf of type GLDNS_RDF_TYPE_AMTRELAY from string to wireformat.
* @param str: the text to convert for this rdata element.
* @param rd: rdata buffer for the wireformat.
* @param len: length of rd buffer on input, used length on output.
* @return 0 on success, error on failure.
*/
int gldns_str2wire_amtrelay_buf(const char* str, uint8_t* rd, size_t* len);
/**
* Strip whitespace from the start and the end of line.
* @param line: modified with 0 to shorten it.

443
src/gldns/wire2str.c
View File

@ -14,7 +14,6 @@
* Contains functions to translate the wireformat to text
* representation, as well as functions to print them.
*/
#include <stdlib.h>
#include "config.h"
#include "gldns/wire2str.h"
#include "gldns/str2wire.h"
@ -26,9 +25,7 @@
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
#include <stdarg.h>
#include <ctype.h>
#ifdef HAVE_NETDB_H
@ -151,30 +148,6 @@ static gldns_lookup_table gldns_wireparse_errors_data[] = {
{ GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer overflow" },
{ GLDNS_WIREPARSE_ERR_INCLUDE, "$INCLUDE directive was seen in the zone" },
{ GLDNS_WIREPARSE_ERR_PARENTHESIS, "Parse error, parenthesis mismatch" },
{ GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY, "Unknown SvcParamKey"},
{ GLDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM, "SvcParam is missing a SvcParamValue"},
{ GLDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"},
{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS, "Too many keys in mandatory" },
{ GLDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS,
"Too many SvcParams. Unbound only allows 63 entries" },
{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM,
"Mandatory SvcParamKey is missing"},
{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY,
"Keys in SvcParam mandatory MUST be unique" },
{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY,
"mandatory MUST not be included as mandatory parameter" },
{ GLDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX,
"Could not parse port SvcParamValue" },
{ GLDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES,
"Too many IPv4 addresses in ipv4hint" },
{ GLDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES,
"Too many IPv6 addresses in ipv6hint" },
{ GLDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE,
"Alpn strings need to be smaller than 255 chars"},
{ GLDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE,
"No-default-alpn should not have a value" },
{ GLDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA,
"General SVCParam error" },
{ 0, NULL }
};
gldns_lookup_table* gldns_wireparse_errors = gldns_wireparse_errors_data;
@ -196,7 +169,6 @@ static gldns_lookup_table gldns_edns_options_data[] = {
{ 8, "edns-client-subnet" },
{ 11, "edns-tcp-keepalive"},
{ 12, "Padding" },
{ 15, "EDE"},
{ 0, NULL}
};
gldns_lookup_table* gldns_edns_options = gldns_edns_options_data;
@ -223,12 +195,6 @@ static gldns_lookup_table gldns_tsig_errors_data[] = {
};
gldns_lookup_table* gldns_tsig_errors = gldns_tsig_errors_data;
/* draft-ietf-dnsop-svcb-https-06: 6. Initial SvcParamKeys */
const char *svcparamkey_strs[] = {
"mandatory", "alpn", "no-default-alpn", "port",
"ipv4hint", "ech", "ipv6hint"
};
char* gldns_wire2str_pkt(uint8_t* data, size_t len)
{
size_t slen = (size_t)gldns_wire2str_pkt_buf(data, len, NULL, 0);
@ -286,13 +252,13 @@ int gldns_wire2str_pkt_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
int gldns_wire2str_rr_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
{
/* use arguments as temporary variables */
return gldns_wire2str_rr_scan(&d, &dlen, &s, &slen, NULL, 0, NULL);
return gldns_wire2str_rr_scan(&d, &dlen, &s, &slen, NULL, 0);
}
int gldns_wire2str_rrquestion_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
{
/* use arguments as temporary variables */
return gldns_wire2str_rrquestion_scan(&d, &dlen, &s, &slen, NULL, 0, NULL);
return gldns_wire2str_rrquestion_scan(&d, &dlen, &s, &slen, NULL, 0);
}
int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str,
@ -300,13 +266,13 @@ int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str,
{
/* use arguments as temporary variables */
return gldns_wire2str_rdata_scan(&rdata, &rdata_len, &str, &str_len,
rrtype, NULL, 0, NULL);
rrtype, NULL, 0);
}
int gldns_wire2str_rr_unknown_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
{
/* use arguments as temporary variables */
return gldns_wire2str_rr_unknown_scan(&d, &dlen, &s, &slen, NULL, 0, NULL);
return gldns_wire2str_rr_unknown_scan(&d, &dlen, &s, &slen, NULL, 0);
}
int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rrlen, size_t dname_len,
@ -344,7 +310,7 @@ int gldns_wire2str_opcode_buf(int opcode, char* s, size_t slen)
int gldns_wire2str_dname_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
{
/* use arguments as temporary variables */
return gldns_wire2str_dname_scan(&d, &dlen, &s, &slen, NULL, 0, NULL);
return gldns_wire2str_dname_scan(&d, &dlen, &s, &slen, NULL, 0);
}
int gldns_str_vprint(char** str, size_t* slen, const char* format, va_list args)
@ -399,7 +365,7 @@ static int print_remainder_hex(const char* pref, uint8_t** d, size_t* dlen,
int gldns_wire2str_pkt_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
{
int w = 0, comprloop = 0;
int w = 0;
unsigned qdcount, ancount, nscount, arcount, i;
uint8_t* pkt = *d;
size_t pktlen = *dlen;
@ -416,25 +382,25 @@ int gldns_wire2str_pkt_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
w += gldns_str_print(s, slen, ";; QUESTION SECTION:\n");
for(i=0; i<qdcount; i++) {
w += gldns_wire2str_rrquestion_scan(d, dlen, s, slen,
pkt, pktlen, &comprloop);
pkt, pktlen);
if(!*dlen) break;
}
w += gldns_str_print(s, slen, "\n");
w += gldns_str_print(s, slen, ";; ANSWER SECTION:\n");
for(i=0; i<ancount; i++) {
w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen, &comprloop);
w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen);
if(!*dlen) break;
}
w += gldns_str_print(s, slen, "\n");
w += gldns_str_print(s, slen, ";; AUTHORITY SECTION:\n");
for(i=0; i<nscount; i++) {
w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen, &comprloop);
w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen);
if(!*dlen) break;
}
w += gldns_str_print(s, slen, "\n");
w += gldns_str_print(s, slen, ";; ADDITIONAL SECTION:\n");
for(i=0; i<arcount; i++) {
w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen, &comprloop);
w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen);
if(!*dlen) break;
}
/* other fields: WHEN(time), SERVER(IP) not available here. */
@ -483,7 +449,7 @@ static int gldns_rr_tcttl_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
}
int gldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
uint8_t* pkt, size_t pktlen, int* comprloop)
uint8_t* pkt, size_t pktlen)
{
int w = 0;
uint8_t* rr = *d;
@ -498,7 +464,7 @@ int gldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
/* try to scan the rdata with pretty-printing, but if that fails, then
* scan the rdata as an unknown RR type */
w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen, comprloop);
w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen);
w += gldns_str_print(s, slen, "\t");
dname_off = rrlen-(*dlen);
if(*dlen == 4) {
@ -542,8 +508,7 @@ int gldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
w += print_remainder_hex(";Error partial rdata 0x", d, dlen, s, slen);
return w + gldns_str_print(s, slen, "\n");
}
w += gldns_wire2str_rdata_scan(d, &rdlen, s, slen, rrtype, pkt, pktlen,
comprloop);
w += gldns_wire2str_rdata_scan(d, &rdlen, s, slen, rrtype, pkt, pktlen);
(*dlen) -= (ordlen-rdlen);
/* default comment */
@ -554,11 +519,11 @@ int gldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
}
int gldns_wire2str_rrquestion_scan(uint8_t** d, size_t* dlen, char** s,
size_t* slen, uint8_t* pkt, size_t pktlen, int* comprloop)
size_t* slen, uint8_t* pkt, size_t pktlen)
{
int w = 0;
uint16_t t, c;
w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen, comprloop);
w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen);
w += gldns_str_print(s, slen, "\t");
if(*dlen < 4) {
if(*dlen == 0)
@ -578,11 +543,11 @@ int gldns_wire2str_rrquestion_scan(uint8_t** d, size_t* dlen, char** s,
}
int gldns_wire2str_rr_unknown_scan(uint8_t** d, size_t* dlen, char** s,
size_t* slen, uint8_t* pkt, size_t pktlen, int* comprloop)
size_t* slen, uint8_t* pkt, size_t pktlen)
{
size_t rdlen, ordlen;
int w = 0;
w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen, comprloop);
w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen);
w += gldns_str_print(s, slen, "\t");
w += gldns_rr_tcttl_scan(d, dlen, s, slen);
w += gldns_str_print(s, slen, "\t");
@ -620,7 +585,6 @@ static int rr_comment_dnskey(char** s, size_t* slen, uint8_t* rr,
if(rrlen < dname_off + 10) return 0;
rdlen = gldns_read_uint16(rr+dname_off+8);
if(rrlen < dname_off + 10 + rdlen) return 0;
if(rdlen < 2) return 0;
rdata = rr + dname_off + 10;
flags = (int)gldns_read_uint16(rdata);
w += gldns_str_print(s, slen, " ;{");
@ -734,8 +698,7 @@ int gldns_wire2str_header_scan(uint8_t** d, size_t* dlen, char** s,
}
int gldns_wire2str_rdata_scan(uint8_t** d, size_t* dlen, char** s,
size_t* slen, uint16_t rrtype, uint8_t* pkt, size_t pktlen,
int* comprloop)
size_t* slen, uint16_t rrtype, uint8_t* pkt, size_t pktlen)
{
/* try to prettyprint, but if that fails, use unknown format */
uint8_t* origd = *d;
@ -761,7 +724,7 @@ int gldns_wire2str_rdata_scan(uint8_t** d, size_t* dlen, char** s,
if(r_cnt != 0)
w += gldns_str_print(s, slen, " ");
n = gldns_wire2str_rdf_scan(d, dlen, s, slen, rdftype,
pkt, pktlen, comprloop);
pkt, pktlen);
if(n == -1) {
failed:
/* failed, use unknown format */
@ -812,28 +775,21 @@ static int dname_char_print(char** s, size_t* slen, uint8_t c)
}
int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
uint8_t* pkt, size_t pktlen, int* comprloop)
uint8_t* pkt, size_t pktlen)
{
int w = 0;
/* spool labels onto the string, use compression if its there */
uint8_t* pos = *d;
unsigned i, counter=0;
unsigned maxcompr = 1000; /* loop detection, max compr ptrs */
const unsigned maxcompr = 1000; /* loop detection, max compr ptrs */
int in_buf = 1;
size_t dname_len = 0;
if(comprloop) {
if(*comprloop != 0)
maxcompr = 30; /* for like ipv6 reverse name, per label */
if(*comprloop > 4)
maxcompr = 4; /* just don't want to spend time, any more */
}
if(*dlen == 0) return gldns_str_print(s, slen, "ErrorMissingDname");
if(*pos == 0) {
(*d)++;
(*dlen)--;
return gldns_str_print(s, slen, ".");
}
while((!pkt || pos < pkt+pktlen) && *pos) {
while(*pos) {
/* read label length */
uint8_t labellen = *pos++;
if(in_buf) { (*d)++; (*dlen)--; }
@ -854,12 +810,9 @@ int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
if(!pkt || target >= pktlen)
return w + gldns_str_print(s, slen,
"ErrorComprPtrOutOfBounds");
if(counter++ > maxcompr) {
if(comprloop && *comprloop < 10)
(*comprloop)++;
if(counter++ > maxcompr)
return w + gldns_str_print(s, slen,
"ErrorComprPtrLooped");
}
in_buf = 0;
pos = pkt+target;
continue;
@ -876,16 +829,6 @@ int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
labellen = (uint8_t)*dlen;
else if(!in_buf && pos+(size_t)labellen > pkt+pktlen)
labellen = (uint8_t)(pkt + pktlen - pos);
dname_len += ((size_t)labellen)+1;
if(dname_len > GLDNS_MAX_DOMAINLEN) {
/* dname_len counts the uncompressed length we have
* seen so far, and the domain name has become too
* long, prevent the loop from printing overly long
* content. */
w += gldns_str_print(s, slen,
"ErrorDomainNameTooLong");
return w;
}
for(i=0; i<(unsigned)labellen; i++) {
w += dname_char_print(s, slen, *pos++);
}
@ -984,262 +927,15 @@ int gldns_wire2str_ttl_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
return gldns_str_print(s, slen, "%u", (unsigned)ttl);
}
static int
gldns_print_svcparamkey(char** s, size_t* slen, uint16_t svcparamkey)
{
if (svcparamkey < SVCPARAMKEY_COUNT) {
return gldns_str_print(s, slen, "%s", svcparamkey_strs[svcparamkey]);
}
else {
return gldns_str_print(s, slen, "key%d", (int)svcparamkey);
}
}
static int gldns_wire2str_svcparam_port2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
int w = 0;
if (data_len != 2)
return -1; /* wireformat error, a short is 2 bytes */
w = gldns_str_print(s, slen, "=%d", (int)gldns_read_uint16(data));
return w;
}
static int gldns_wire2str_svcparam_ipv4hint2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
char ip_str[INET_ADDRSTRLEN + 1];
int w = 0;
assert(data_len > 0);
if ((data_len % GLDNS_IP4ADDRLEN) == 0) {
if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL)
return -1; /* wireformat error, incorrect size or inet family */
w += gldns_str_print(s, slen, "=%s", ip_str);
data += GLDNS_IP4ADDRLEN;
while ((data_len -= GLDNS_IP4ADDRLEN) > 0) {
if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL)
return -1; /* wireformat error, incorrect size or inet family */
w += gldns_str_print(s, slen, ",%s", ip_str);
data += GLDNS_IP4ADDRLEN;
}
} else
return -1;
return w;
}
static int gldns_wire2str_svcparam_ipv6hint2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
char ip_str[INET6_ADDRSTRLEN + 1];
int w = 0;
assert(data_len > 0);
if ((data_len % GLDNS_IP6ADDRLEN) == 0) {
if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL)
return -1; /* wireformat error, incorrect size or inet family */
w += gldns_str_print(s, slen, "=%s", ip_str);
data += GLDNS_IP6ADDRLEN;
while ((data_len -= GLDNS_IP6ADDRLEN) > 0) {
if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL)
return -1; /* wireformat error, incorrect size or inet family */
w += gldns_str_print(s, slen, ",%s", ip_str);
data += GLDNS_IP6ADDRLEN;
}
} else
return -1;
return w;
}
static int gldns_wire2str_svcparam_mandatory2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
int w = 0;
assert(data_len > 0);
if (data_len % sizeof(uint16_t))
return -1; /* wireformat error, data_len must be multiple of shorts */
w += gldns_str_print(s, slen, "=");
w += gldns_print_svcparamkey(s, slen, gldns_read_uint16(data));
data += 2;
while ((data_len -= sizeof(uint16_t))) {
w += gldns_str_print(s, slen, ",");
w += gldns_print_svcparamkey(s, slen, gldns_read_uint16(data));
data += 2;
}
return w;
}
static int gldns_wire2str_svcparam_alpn2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
uint8_t *dp = (void *)data;
int w = 0;
assert(data_len > 0); /* Guaranteed by gldns_wire2str_svcparam_scan */
w += gldns_str_print(s, slen, "=\"");
while (data_len) {
/* alpn is list of length byte (str_len) followed by a string of that size */
uint8_t i, str_len = *dp++;
if (str_len > --data_len)
return -1;
for (i = 0; i < str_len; i++) {
if (dp[i] == '"' || dp[i] == '\\')
w += gldns_str_print(s, slen, "\\\\\\%c", dp[i]);
else if (dp[i] == ',')
w += gldns_str_print(s, slen, "\\\\%c", dp[i]);
else if (!isprint(dp[i]))
w += gldns_str_print(s, slen, "\\%03u", (unsigned) dp[i]);
else
w += gldns_str_print(s, slen, "%c", dp[i]);
}
dp += str_len;
if ((data_len -= str_len))
w += gldns_str_print(s, slen, "%s", ",");
}
w += gldns_str_print(s, slen, "\"");
return w;
}
static int gldns_wire2str_svcparam_ech2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
int size;
int w = 0;
assert(data_len > 0); /* Guaranteed by gldns_wire2str_svcparam_scan */
w += gldns_str_print(s, slen, "=\"");
if ((size = gldns_b64_ntop(data, data_len, *s, *slen)) < 0)
return -1;
(*s) += size;
(*slen) -= size;
w += gldns_str_print(s, slen, "\"");
return w + size;
}
int gldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
{
uint8_t ch;
uint16_t svcparamkey, data_len;
int written_chars = 0;
int r, i;
/* verify that we have enough data to read svcparamkey and data_len */
if(*dlen < 4)
return -1;
svcparamkey = gldns_read_uint16(*d);
data_len = gldns_read_uint16(*d+2);
*d += 4;
*dlen -= 4;
/* verify that we have data_len data */
if (data_len > *dlen)
return -1;
written_chars += gldns_print_svcparamkey(s, slen, svcparamkey);
if (!data_len) {
/* Some SvcParams MUST have values */
switch (svcparamkey) {
case SVCB_KEY_ALPN:
case SVCB_KEY_PORT:
case SVCB_KEY_IPV4HINT:
case SVCB_KEY_IPV6HINT:
case SVCB_KEY_MANDATORY:
return -1;
default:
return written_chars;
}
}
switch (svcparamkey) {
case SVCB_KEY_PORT:
r = gldns_wire2str_svcparam_port2str(s, slen, data_len, *d);
break;
case SVCB_KEY_IPV4HINT:
r = gldns_wire2str_svcparam_ipv4hint2str(s, slen, data_len, *d);
break;
case SVCB_KEY_IPV6HINT:
r = gldns_wire2str_svcparam_ipv6hint2str(s, slen, data_len, *d);
break;
case SVCB_KEY_MANDATORY:
r = gldns_wire2str_svcparam_mandatory2str(s, slen, data_len, *d);
break;
case SVCB_KEY_NO_DEFAULT_ALPN:
return -1; /* wireformat error, should not have a value */
case SVCB_KEY_ALPN:
r = gldns_wire2str_svcparam_alpn2str(s, slen, data_len, *d);
break;
case SVCB_KEY_ECH:
r = gldns_wire2str_svcparam_ech2str(s, slen, data_len, *d);
break;
default:
r = gldns_str_print(s, slen, "=\"");
for (i = 0; i < data_len; i++) {
ch = (*d)[i];
if (ch == '"' || ch == '\\')
r += gldns_str_print(s, slen, "\\%c", ch);
else if (!isprint(ch))
r += gldns_str_print(s, slen, "\\%03u", (unsigned) ch);
else
r += gldns_str_print(s, slen, "%c", ch);
}
r += gldns_str_print(s, slen, "\"");
break;
}
if (r <= 0)
return -1; /* wireformat error */
written_chars += r;
*d += data_len;
*dlen -= data_len;
return written_chars;
}
int gldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
int rdftype, uint8_t* pkt, size_t pktlen, int* comprloop)
int rdftype, uint8_t* pkt, size_t pktlen)
{
if(*dlen == 0) return 0;
switch(rdftype) {
case GLDNS_RDF_TYPE_NONE:
return 0;
case GLDNS_RDF_TYPE_DNAME:
return gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen, comprloop);
return gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen);
case GLDNS_RDF_TYPE_INT8:
return gldns_wire2str_int8_scan(d, dlen, s, slen);
case GLDNS_RDF_TYPE_INT16:
@ -1291,7 +987,7 @@ int gldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
return gldns_wire2str_atma_scan(d, dlen, s, slen);
case GLDNS_RDF_TYPE_IPSECKEY:
return gldns_wire2str_ipseckey_scan(d, dlen, s, slen, pkt,
pktlen, comprloop);
pktlen);
case GLDNS_RDF_TYPE_HIP:
return gldns_wire2str_hip_scan(d, dlen, s, slen);
case GLDNS_RDF_TYPE_INT16_DATA:
@ -1308,11 +1004,6 @@ int gldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
return gldns_wire2str_tag_scan(d, dlen, s, slen);
case GLDNS_RDF_TYPE_LONG_STR:
return gldns_wire2str_long_str_scan(d, dlen, s, slen);
case GLDNS_RDF_TYPE_AMTRELAY:
return gldns_wire2str_amtrelay_scan(d, dlen, s, slen, pkt,
pktlen, comprloop);
case GLDNS_RDF_TYPE_SVCPARAM:
return gldns_wire2str_svcparam_scan(d, dlen, s, slen);
case GLDNS_RDF_TYPE_TSIGERROR:
return gldns_wire2str_tsigerror_scan(d, dlen, s, slen);
}
@ -1374,11 +1065,7 @@ int gldns_wire2str_tsigtime_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
d4 = (*d)[4];
d5 = (*d)[5];
tsigtime = (d0<<40) | (d1<<32) | (d2<<24) | (d3<<16) | (d4<<8) | d5;
#ifndef USE_WINSOCK
w = gldns_str_print(s, sl, "%llu", (long long)tsigtime);
#else
w = gldns_str_print(s, sl, "%I64u", (long long)tsigtime);
#endif
w = gldns_str_print(s, sl, "%"PRIu64, (uint64_t)tsigtime);
(*d)+=6;
(*dl)-=6;
return w;
@ -1838,7 +1525,7 @@ int gldns_wire2str_atma_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
/* internal scan routine that can modify arguments on failure */
static int gldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl,
char** s, size_t* sl, uint8_t* pkt, size_t pktlen, int* comprloop)
char** s, size_t* sl, uint8_t* pkt, size_t pktlen)
{
/* http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt*/
uint8_t precedence, gateway_type, algorithm;
@ -1866,7 +1553,7 @@ static int gldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl,
w += gldns_wire2str_aaaa_scan(d, dl, s, sl);
break;
case 3: /* dname */
w += gldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen, comprloop);
w += gldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen);
break;
default: /* unknown */
return -1;
@ -1880,12 +1567,12 @@ static int gldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl,
}
int gldns_wire2str_ipseckey_scan(uint8_t** d, size_t* dl, char** s, size_t* sl,
uint8_t* pkt, size_t pktlen, int* comprloop)
uint8_t* pkt, size_t pktlen)
{
uint8_t* od = *d;
char* os = *s;
size_t odl = *dl, osl = *sl;
int w=gldns_wire2str_ipseckey_scan_internal(d, dl, s, sl, pkt, pktlen, comprloop);
int w=gldns_wire2str_ipseckey_scan_internal(d, dl, s, sl, pkt, pktlen);
if(w == -1) {
*d = od;
*s = os;
@ -2016,61 +1703,6 @@ int gldns_wire2str_long_str_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
return w;
}
/* internal scan routine that can modify arguments on failure */
static int gldns_wire2str_amtrelay_scan_internal(uint8_t** d, size_t* dl,
char** s, size_t* sl, uint8_t* pkt, size_t pktlen, int* comprloop)
{
/* https://www.ietf.org/id/draft-ietf-mboned-driad-amt-discovery-01.txt */
uint8_t precedence, discovery_optional, relay_type;
int w = 0;
if(*dl < 2) return -1;
precedence = (*d)[0];
discovery_optional= (*d)[1] >> 7;
relay_type = (*d)[1] % 0x7F;
if(relay_type > 3)
return -1; /* unknown */
(*d)+=2;
(*dl)-=2;
w += gldns_str_print(s, sl, "%d %d %d ",
(int)precedence, (int)discovery_optional, (int)relay_type);
switch(relay_type) {
case 0: /* no relay */
break;
case 1: /* ip4 */
w += gldns_wire2str_a_scan(d, dl, s, sl);
break;
case 2: /* ip6 */
w += gldns_wire2str_aaaa_scan(d, dl, s, sl);
break;
case 3: /* dname */
w += gldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen, comprloop);
break;
default: /* unknown */
return -1;
}
return w;
}
int gldns_wire2str_amtrelay_scan(uint8_t** d, size_t* dl, char** s, size_t* sl,
uint8_t* pkt, size_t pktlen, int* comprloop)
{
uint8_t* od = *d;
char* os = *s;
size_t odl = *dl, osl = *sl;
int w=gldns_wire2str_amtrelay_scan_internal(d, dl, s, sl, pkt, pktlen, comprloop);
if(w == -1) {
*d = od;
*s = os;
*dl = odl;
*sl = osl;
return -1;
}
return w;
}
int gldns_wire2str_tsigerror_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
{
gldns_lookup_table *lt;
@ -2120,13 +1752,8 @@ int gldns_wire2str_edns_llq_print(char** s, size_t* sl, uint8_t* data,
if(error_code < llq_errors_num)
w += gldns_str_print(s, sl, " %s", llq_errors[error_code]);
else w += gldns_str_print(s, sl, " error %d", (int)error_code);
#ifndef USE_WINSOCK
w += gldns_str_print(s, sl, " id %llx lease-life %lu",
(unsigned long long)llq_id, (unsigned long)lease_life);
#else
w += gldns_str_print(s, sl, " id %I64x lease-life %lu",
(unsigned long long)llq_id, (unsigned long)lease_life);
#endif
w += gldns_str_print(s, sl, " id %"PRIx64" lease-life %lu",
(uint64_t)llq_id, (unsigned long)lease_life);
return w;
}
@ -2272,8 +1899,8 @@ int gldns_wire2str_edns_subnet_print(char** s, size_t* sl, uint8_t* data,
return w;
}
static int gldns_wire2str_edns_keepalive_print(char** s, size_t* sl,
uint8_t* data, size_t len)
int gldns_wire2str_edns_keepalive_print(char** s, size_t* sl, uint8_t* data,
size_t len)
{
int w = 0;
uint16_t timeout;

59
src/gldns/wire2str.h
View File

@ -59,7 +59,7 @@ char* gldns_wire2str_pkt(uint8_t* data, size_t len);
char* gldns_wire2str_rr(uint8_t* rr, size_t len);
/**
* Convert wire dname to a string.
* Conver wire dname to a string.
* @param dname: the dname in uncompressed wireformat.
* @param dname_len: length of the dname.
* @return string or NULL on failure.
@ -156,11 +156,10 @@ int gldns_wire2str_pkt_scan(uint8_t** data, size_t* data_len, char** str,
* @param str_len: length of string buffer.
* @param pkt: packet for decompression, if NULL no decompression.
* @param pktlen: length of packet buffer.
* @param comprloop: if pkt, bool detects compression loops.
* @return number of characters (except null) needed to print.
*/
int gldns_wire2str_rr_scan(uint8_t** data, size_t* data_len, char** str,
size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
size_t* str_len, uint8_t* pkt, size_t pktlen);
/**
* Scan wireformat question rr to string, with user buffers.
@ -171,11 +170,10 @@ int gldns_wire2str_rr_scan(uint8_t** data, size_t* data_len, char** str,
* @param str_len: length of string buffer.
* @param pkt: packet for decompression, if NULL no decompression.
* @param pktlen: length of packet buffer.
* @param comprloop: if pkt, bool detects compression loops.
* @return number of characters (except null) needed to print.
*/
int gldns_wire2str_rrquestion_scan(uint8_t** data, size_t* data_len, char** str,
size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
size_t* str_len, uint8_t* pkt, size_t pktlen);
/**
* Scan wireformat RR to string in unknown RR format, with user buffers.
@ -186,11 +184,10 @@ int gldns_wire2str_rrquestion_scan(uint8_t** data, size_t* data_len, char** str,
* @param str_len: length of string buffer.
* @param pkt: packet for decompression, if NULL no decompression.
* @param pktlen: length of packet buffer.
* @param comprloop: if pkt, bool detects compression loops.
* @return number of characters (except null) needed to print.
*/
int gldns_wire2str_rr_unknown_scan(uint8_t** data, size_t* data_len, char** str,
size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
size_t* str_len, uint8_t* pkt, size_t pktlen);
/**
* Print to string the RR-information comment in default format,
@ -231,12 +228,10 @@ int gldns_wire2str_header_scan(uint8_t** data, size_t* data_len, char** str,
* @param rrtype: RR type of Rdata, host format.
* @param pkt: packet for decompression, if NULL no decompression.
* @param pktlen: length of packet buffer.
* @param comprloop: if pkt, bool detects compression loops.
* @return number of characters (except null) needed to print.
*/
int gldns_wire2str_rdata_scan(uint8_t** data, size_t* data_len, char** str,
size_t* str_len, uint16_t rrtype, uint8_t* pkt, size_t pktlen,
int* comprloop);
size_t* str_len, uint16_t rrtype, uint8_t* pkt, size_t pktlen);
/**
* Scan wireformat rdata to string in unknown format, with user buffers.
@ -259,17 +254,10 @@ int gldns_wire2str_rdata_unknown_scan(uint8_t** data, size_t* data_len,
* @param str_len: length of string buffer.
* @param pkt: packet for decompression, if NULL no decompression.
* @param pktlen: length of packet buffer.
* @param comprloop: inout bool, that is set true if compression loop failure
* happens. Pass in 0, if passsed in as true, a lower bound is set
* on compression loops to stop arbitrary long packet parse times.
* This is meant so you can set it to 0 at the start of a list of dnames,
* and then scan all of them in sequence, if a loop happens, it becomes
* true and then it becomes more strict for the next dnames in the list.
* You can leave it at NULL if there is no pkt (pkt is NULL too).
* @return number of characters (except null) needed to print.
*/
int gldns_wire2str_dname_scan(uint8_t** data, size_t* data_len, char** str,
size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
size_t* str_len, uint8_t* pkt, size_t pktlen);
/**
* Scan wireformat rr type to string, with user buffers.
@ -494,18 +482,6 @@ int gldns_wire2str_opcode_buf(int opcode, char* str, size_t len);
int gldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str,
size_t len);
/**
* Convert wire SVCB to a string with user buffer.
* @param d: the SVCB data in uncompressed wireformat.
* @param dlen: length of the SVCB data.
* @param s: the string to write to.
* @param slen: length of string.
* @return the number of characters for this element, excluding zerobyte.
* Is larger or equal than str_len if output was truncated.
*/
int gldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s,
size_t* slen);
/**
* Scan wireformat rdf field to string, with user buffers.
* It shifts the arguments to move along (see gldns_wire2str_pkt_scan).
@ -516,13 +492,11 @@ int gldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s,
* @param rdftype: the type of the rdata field, enum gldns_rdf_type.
* @param pkt: packet for decompression, if NULL no decompression.
* @param pktlen: length of packet buffer.
* @param comprloop: if pkt, bool detects compression loops.
* @return number of characters (except null) needed to print.
* Can return -1 on failure.
*/
int gldns_wire2str_rdf_scan(uint8_t** data, size_t* data_len, char** str,
size_t* str_len, int rdftype, uint8_t* pkt, size_t pktlen,
int* comprloop);
size_t* str_len, int rdftype, uint8_t* pkt, size_t pktlen);
/**
* Scan wireformat int8 field to string, with user buffers.
@ -819,12 +793,11 @@ int gldns_wire2str_atma_scan(uint8_t** data, size_t* data_len, char** str,
* @param str_len: length of string buffer.
* @param pkt: packet for decompression, if NULL no decompression.
* @param pktlen: length of packet buffer.
* @param comprloop: if pkt, bool detects compression loops.
* @return number of characters (except null) needed to print.
* Can return -1 on failure.
*/
int gldns_wire2str_ipseckey_scan(uint8_t** data, size_t* data_len, char** str,
size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
size_t* str_len, uint8_t* pkt, size_t pktlen);
/**
* Scan wireformat HIP (algo, HIT, pubkey) field to string, with user buffers.
@ -943,22 +916,6 @@ int gldns_wire2str_tag_scan(uint8_t** data, size_t* data_len, char** str,
int gldns_wire2str_long_str_scan(uint8_t** data, size_t* data_len, char** str,
size_t* str_len);
/**
* Scan wireformat AMTRELAY field to string, with user buffers.
* It shifts the arguments to move along (see gldns_wire2str_pkt_scan).
* @param data: wireformat data.
* @param data_len: length of data buffer.
* @param str: string buffer.
* @param str_len: length of string buffer.
* @param pkt: packet for decompression, if NULL no decompression.
* @param pktlen: length of packet buffer.
* @param comprloop: if pkt, bool detects compression loops.
* @return number of characters (except null) needed to print.
* Can return -1 on failure.
*/
int gldns_wire2str_amtrelay_scan(uint8_t** data, size_t* data_len, char** str,
size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
/**
* Print EDNS LLQ option data to string. User buffers, moves string pointers.
* @param str: string buffer.

15
src/gnutls/keyraw-internal.c
View File

@ -1,15 +0,0 @@
/*
* keyraw.c - raw key operations and conversions - OpenSSL version
*
* (c) NLnet Labs, 2004-2008
*
* See the file LICENSE for the license
*/
/**
* \file
* Implementation of raw DNSKEY functions (work on wire rdata).
*/
#include "config.h"
#include "gldns/keyraw.h"
#include "gldns/rrdef.h"

31
src/gnutls/keyraw-internal.h
View File

@ -1,31 +0,0 @@
/*
* keyraw.h -- raw key and signature access and conversion - OpenSSL
*
* Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
*
* See LICENSE for the license.
*
*/
/**
* \file
*
* raw key and signature access and conversion
*
* Since those functions heavily rely op cryptographic operations,
* this module is dependent on openssl.
*
*/
#ifndef GLDNS_KEYRAW_INTERNAL_H
#define GLDNS_KEYRAW_INTERNAL_H
#ifdef __cplusplus
extern "C" {
#endif
#ifdef __cplusplus
}
#endif
#endif /* GLDNS_KEYRAW_INTERNAL_H */

59
src/gnutls/pubkey-pinning-internal.c
View File

@ -1,59 +0,0 @@
/**
*
* /brief functions for dealing with pubkey pinsets
*
*/
/*
* Copyright (c) 2015 ACLU
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of the copyright holders nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "context.h"
#include <nettle/base64.h>
#include "types-internal.h"
#include "pubkey-pinning.h"
/**
** Interfaces from pubkey-pinning.h
**/
getdns_return_t _getdns_decode_base64(const char* str, uint8_t* res, size_t res_size)
{
struct base64_decode_ctx ctx;
uint8_t* lim = res + res_size;
base64_decode_init(&ctx);
for(; *str != '\0' && res < lim; ++str) {
int r = base64_decode_single(&ctx, res, *str);
if (r == -1 )
return GETDNS_RETURN_GENERIC_ERROR;
res += r;
}
return (res == lim) ? GETDNS_RETURN_GOOD : GETDNS_RETURN_GENERIC_ERROR;
}

97
src/gnutls/tls-internal.h
View File

@ -1,97 +0,0 @@
/**
*
* \file tls-internal.h
* @brief getdns TLS implementation-specific items
*/
/*
* Copyright (c) 2018-2019, NLnet Labs
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of the copyright holders nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _GETDNS_TLS_INTERNAL_H
#define _GETDNS_TLS_INTERNAL_H
#include <stdbool.h>
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
#include <gnutls/dane.h>
#include "getdns/getdns.h"
#define SHA_DIGEST_LENGTH 20
#define SHA224_DIGEST_LENGTH 28
#define SHA256_DIGEST_LENGTH 32
#define SHA384_DIGEST_LENGTH 48
#define SHA512_DIGEST_LENGTH 64
#define GETDNS_TLS_MAX_DIGEST_LENGTH (SHA512_DIGEST_LENGTH)
#define HAVE_TLS_CTX_CURVES_LIST 0
#define HAVE_TLS_CONN_CURVES_LIST 0
/* Forward declare type. */
struct getdns_log_config;
typedef struct _getdns_tls_context {
struct mem_funcs* mfs;
char* cipher_list;
char* cipher_suites;
char* curve_list;
gnutls_protocol_t min_tls;
gnutls_protocol_t max_tls;
char* ca_trust_file;
char* ca_trust_path;
const struct getdns_log_config* log;
} _getdns_tls_context;
typedef struct _getdns_tls_connection {
gnutls_session_t tls;
gnutls_certificate_credentials_t cred;
int shutdown;
_getdns_tls_context* ctx;
struct mem_funcs* mfs;
char* cipher_list;
char* cipher_suites;
char* curve_list;
gnutls_protocol_t min_tls;
gnutls_protocol_t max_tls;
dane_query_t dane_query;
dane_state_t dane_state;
char* tlsa;
const struct getdns_log_config* log;
} _getdns_tls_connection;
typedef struct _getdns_tls_session {
gnutls_datum_t tls;
} _getdns_tls_session;
typedef struct _getdns_tls_x509
{
gnutls_datum_t tls;
} _getdns_tls_x509;
#endif /* _GETDNS_TLS_INTERNAL_H */

894
src/gnutls/tls.c
View File

@ -1,894 +0,0 @@
/**
*
* \file tls.c
* @brief getdns TLS functions
*/
/*
* Copyright (c) 2018-2020, NLnet Labs
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of the copyright holders nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <gnutls/x509.h>
#include "config.h"
#include "debug.h"
#include "context.h"
#include "tls.h"
/*
* Cipher suites recommended in RFC7525.
*
* The following strings generate a list with the same ciphers that are
* generated by the equivalent string in the OpenSSL version of this file.
*/
static char const * const _getdns_tls_context_default_cipher_list =
"+ECDHE-RSA:+ECDHE-ECDSA:+AEAD";
static char const * const _getdns_tls_context_default_cipher_suites =
"+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305";
static char const * const _getdns_tls_connection_opportunistic_cipher_list =
"NORMAL";
static char const * const _getdns_tls_priorities[] = {
NULL, /* No protocol */
NULL, /* SSL3 - no available keyword. */
"+VERS-TLS1.0", /* TLS1.0 */
"+VERS-TLS1.1", /* TLS1.1 */
"+VERS-TLS1.2", /* TLS1.2 */
"+VERS-TLS1.3", /* TLS1.3 */
};
static char* getdns_strdup(struct mem_funcs* mfs, const char* s)
{
char* res;
if (!s)
return NULL;
res = GETDNS_XMALLOC(*mfs, char, strlen(s) + 1);
if (!res)
return NULL;
strcpy(res, s);
return res;
}
static char* getdns_priappend(struct mem_funcs* mfs, char* s1, const char* s2)
{
char* res;
if (!s1)
return getdns_strdup(mfs, s2);
if (!s2)
return s1;
res = GETDNS_XMALLOC(*mfs, char, strlen(s1) + strlen(s2) + 2);
if (!res)
return NULL;
strcpy(res, s1);
strcat(res, ":");
strcat(res, s2);
GETDNS_FREE(*mfs, s1);
return res;
}
static int set_connection_ciphers(_getdns_tls_connection* conn)
{
char* pri = NULL;
int res;
pri = getdns_priappend(conn->mfs, pri, "NONE:+COMP-ALL:+SIGN-ALL"
/* Remove all the weak ones */
":-SIGN-RSA-MD5"
":-SIGN-RSA-SHA1:-SIGN-RSA-SHA224:-SIGN-RSA-SHA256"
":-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256"
#if GNUTLS_VERSION_NUMBER >= 0x030505
":-SIGN-ECDSA-SHA1:-SIGN-ECDSA-SHA224:-SIGN-ECDSA-SHA256"
#endif
#if GNUTLS_VERSION_NUMBER >= 0x030601
":-SIGN-RSA-PSS-SHA256"
#endif
);
if (conn->cipher_suites)
pri = getdns_priappend(conn->mfs, pri, conn->cipher_suites);
else if (conn->ctx->cipher_suites)
pri = getdns_priappend(conn->mfs, pri, conn->ctx->cipher_suites);
if (conn->cipher_list)
pri = getdns_priappend(conn->mfs, pri, conn->cipher_list);
else if (conn->ctx->cipher_list)
pri = getdns_priappend(conn->mfs, pri, conn->ctx->cipher_list);
if (conn->curve_list)
pri = getdns_priappend(conn->mfs, pri, conn->curve_list);
else if (conn->ctx->curve_list)
pri = getdns_priappend(conn->mfs, pri, conn->ctx->curve_list);
else
#if GNUTLS_VERSION_NUMBER >= 0x030605
pri = getdns_priappend(conn->mfs, pri, "+GROUP-EC-ALL");
#else
pri = getdns_priappend(conn->mfs, pri, "+CURVE-ALL");
#endif
gnutls_protocol_t min = conn->min_tls;
gnutls_protocol_t max = conn->max_tls;
if (!min) min = conn->ctx->min_tls;
if (!max) max = conn->ctx->max_tls;
if (!min && !max) {
pri = getdns_priappend(conn->mfs, pri, "+VERS-TLS-ALL");
} else {
if (!max) max = GNUTLS_TLS_VERSION_MAX;
for (gnutls_protocol_t i = min; i <= max; ++i)
pri = getdns_priappend(conn->mfs, pri, _getdns_tls_priorities[i]);
}
if (pri) {
res = gnutls_priority_set_direct(conn->tls, pri, NULL);
_getdns_log(conn->log
, GETDNS_LOG_UPSTREAM_STATS
, (res == GNUTLS_E_SUCCESS ? GETDNS_LOG_DEBUG : GETDNS_LOG_ERR)
, "%s: %s %s (%s)\n"
, STUB_DEBUG_SETUP_TLS
, "Configuring TLS connection with "
, pri
, gnutls_strerror(res));
}
else
res = gnutls_set_default_priority(conn->tls);
GETDNS_FREE(*conn->mfs, pri);
return res;
}
static getdns_return_t error_may_want_read_write(_getdns_tls_connection* conn, int err)
{
switch (err) {
case GNUTLS_E_INTERRUPTED:
case GNUTLS_E_AGAIN:
case GNUTLS_E_WARNING_ALERT_RECEIVED:
case GNUTLS_E_GOT_APPLICATION_DATA:
if (gnutls_record_get_direction(conn->tls) == 0)
return GETDNS_RETURN_TLS_WANT_READ;
else
return GETDNS_RETURN_TLS_WANT_WRITE;
case GNUTLS_E_FATAL_ALERT_RECEIVED:
_getdns_log( conn->log
, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR
, "%s %s %d (%s)\n"
, STUB_DEBUG_SETUP_TLS
, "Error in TLS handshake"
, (int)gnutls_alert_get(conn->tls)
, gnutls_alert_get_name(gnutls_alert_get(conn->tls))
);
/* fallthrough */
default:
return GETDNS_RETURN_GENERIC_ERROR;
}
}
static getdns_return_t get_gnu_mac_algorithm(int algorithm, gnutls_mac_algorithm_t* gnualg)
{
switch (algorithm) {
case GETDNS_HMAC_MD5 : *gnualg = GNUTLS_MAC_MD5 ; break;
case GETDNS_HMAC_SHA1 : *gnualg = GNUTLS_MAC_SHA1 ; break;
case GETDNS_HMAC_SHA224: *gnualg = GNUTLS_MAC_SHA224; break;
case GETDNS_HMAC_SHA256: *gnualg = GNUTLS_MAC_SHA256; break;
case GETDNS_HMAC_SHA384: *gnualg = GNUTLS_MAC_SHA384; break;
case GETDNS_HMAC_SHA512: *gnualg = GNUTLS_MAC_SHA512; break;
default : return GETDNS_RETURN_GENERIC_ERROR;
}
return GETDNS_RETURN_GOOD;
}
static gnutls_protocol_t _getdns_tls_version2gnutls_version(getdns_tls_version_t v)
{
switch (v) {
case GETDNS_SSL3 : return GNUTLS_SSL3;
case GETDNS_TLS1 : return GNUTLS_TLS1;
case GETDNS_TLS1_1: return GNUTLS_TLS1_1;
case GETDNS_TLS1_2: return GNUTLS_TLS1_2;
#if GNUTLS_VERSION_NUMBER >= 0x030605
case GETDNS_TLS1_3: return GNUTLS_TLS1_3;
#endif
default : return GNUTLS_TLS_VERSION_MAX;
}
}
static _getdns_tls_x509* _getdns_tls_x509_new(struct mem_funcs* mfs, gnutls_datum_t cert)
{
_getdns_tls_x509* res;
res = GETDNS_MALLOC(*mfs, _getdns_tls_x509);
if (res)
res->tls = cert;
return res;
}
void _getdns_tls_init()
{
gnutls_global_init();
}
_getdns_tls_context* _getdns_tls_context_new(struct mem_funcs* mfs, const getdns_log_config* log)
{
_getdns_tls_context* res;
if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_context)))
return NULL;
res->mfs = mfs;
res->cipher_list = res->cipher_suites = res->curve_list = NULL;
res->min_tls = res->max_tls = 0;
res->ca_trust_file = NULL;
res->ca_trust_path = NULL;
res->log = log;
return res;
}
getdns_return_t _getdns_tls_context_free(struct mem_funcs* mfs, _getdns_tls_context* ctx)
{
if (!ctx)
return GETDNS_RETURN_INVALID_PARAMETER;
GETDNS_FREE(*mfs, ctx->ca_trust_path);
GETDNS_FREE(*mfs, ctx->ca_trust_file);
GETDNS_FREE(*mfs, ctx->curve_list);
GETDNS_FREE(*mfs, ctx->cipher_suites);
GETDNS_FREE(*mfs, ctx->cipher_list);
GETDNS_FREE(*mfs, ctx);
return GETDNS_RETURN_GOOD;
}
void _getdns_tls_context_pinset_init(_getdns_tls_context* ctx)
{
(void) ctx; /* unused parameter */
}
getdns_return_t _getdns_tls_context_set_min_max_tls_version(_getdns_tls_context* ctx, getdns_tls_version_t min, getdns_tls_version_t max)
{
if (!ctx)
return GETDNS_RETURN_INVALID_PARAMETER;
ctx->min_tls = _getdns_tls_version2gnutls_version(min);
ctx->max_tls = _getdns_tls_version2gnutls_version(max);
return GETDNS_RETURN_GOOD;
}
const char* _getdns_tls_context_get_default_cipher_list()
{
return _getdns_tls_context_default_cipher_list;
}
getdns_return_t _getdns_tls_context_set_cipher_list(_getdns_tls_context* ctx, const char* list)
{
if (!ctx)
return GETDNS_RETURN_INVALID_PARAMETER;
if (!list)
list = _getdns_tls_context_default_cipher_list;
GETDNS_FREE(*ctx->mfs, ctx->cipher_list);
ctx->cipher_list = getdns_strdup(ctx->mfs, list);
return GETDNS_RETURN_GOOD;
}
const char* _getdns_tls_context_get_default_cipher_suites()
{
return _getdns_tls_context_default_cipher_suites;
}
getdns_return_t _getdns_tls_context_set_cipher_suites(_getdns_tls_context* ctx, const char* list)
{
if (!ctx)
return GETDNS_RETURN_INVALID_PARAMETER;
if (!list)
list = _getdns_tls_context_default_cipher_suites;
GETDNS_FREE(*ctx->mfs, ctx->cipher_suites);
ctx->cipher_suites = getdns_strdup(ctx->mfs, list);
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_context_set_curves_list(_getdns_tls_context* ctx, const char* list)
{
if (!ctx)
return GETDNS_RETURN_INVALID_PARAMETER;
GETDNS_FREE(*ctx->mfs, ctx->curve_list);
ctx->curve_list = getdns_strdup(ctx->mfs, list);
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_context_set_ca(_getdns_tls_context* ctx, const char* file, const char* path)
{
if (!ctx)
return GETDNS_RETURN_INVALID_PARAMETER;
GETDNS_FREE(*ctx->mfs, ctx->ca_trust_file);
ctx->ca_trust_file = getdns_strdup(ctx->mfs, file);
GETDNS_FREE(*ctx->mfs, ctx->ca_trust_path);
ctx->ca_trust_path = getdns_strdup(ctx->mfs, path);
return GETDNS_RETURN_GOOD;
}
void _getdns_gnutls_stub_log(int level, const char *msg)
{
DEBUG_STUB("GnuTLS log (%.2d): %s", level, msg);
}
_getdns_tls_connection* _getdns_tls_connection_new(struct mem_funcs* mfs, _getdns_tls_context* ctx, int fd, const getdns_log_config* log)
{
_getdns_tls_connection* res;
if (!ctx)
return NULL;
if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_connection)))
return NULL;
res->shutdown = 0;
res->ctx = ctx;
res->mfs = mfs;
res->cred = NULL;
res->tls = NULL;
res->cipher_list = res->cipher_suites = res->curve_list = NULL;
res->min_tls = res->max_tls = 0;
res->dane_state = NULL;
res->dane_query = NULL;
res->tlsa = NULL;
res->log = log;
if (gnutls_certificate_allocate_credentials(&res->cred) != GNUTLS_E_SUCCESS)
goto failed;
if (!ctx->ca_trust_file && !ctx->ca_trust_path)
gnutls_certificate_set_x509_system_trust(res->cred);
else {
if (ctx->ca_trust_file)
gnutls_certificate_set_x509_trust_file(res->cred, ctx->ca_trust_file, GNUTLS_X509_FMT_PEM);
if (ctx->ca_trust_path)
gnutls_certificate_set_x509_trust_dir(res->cred, ctx->ca_trust_path, GNUTLS_X509_FMT_PEM);
}
gnutls_global_set_log_level(99);
gnutls_global_set_log_function(_getdns_gnutls_stub_log);
if (gnutls_init(&res->tls, GNUTLS_CLIENT | GNUTLS_NONBLOCK | GNUTLS_NO_SIGNAL) != GNUTLS_E_SUCCESS)
goto failed;
if (set_connection_ciphers(res) != GNUTLS_E_SUCCESS) {
goto failed;
}
if (gnutls_credentials_set(res->tls, GNUTLS_CRD_CERTIFICATE, res->cred) != GNUTLS_E_SUCCESS)
goto failed;
if (dane_state_init(&res->dane_state, DANE_F_IGNORE_DNSSEC) != DANE_E_SUCCESS)
goto failed;
gnutls_datum_t proto;
proto.data = (unsigned char *)"dot";
proto.size = 3;
if (gnutls_alpn_set_protocols(res->tls, &proto, 1, 0) != GNUTLS_E_SUCCESS)
goto failed;
gnutls_transport_set_int(res->tls, fd);
return res;
failed:
_getdns_tls_connection_free(mfs, res);
return NULL;
}
getdns_return_t _getdns_tls_connection_free(struct mem_funcs* mfs, _getdns_tls_connection* conn)
{
if (!conn || !conn->tls)
return GETDNS_RETURN_INVALID_PARAMETER;
if (conn->dane_query)
dane_query_deinit(conn->dane_query);
if (conn->dane_state)
dane_state_deinit(conn->dane_state);
if (conn->tls)
gnutls_deinit(conn->tls);
if (conn->cred)
gnutls_certificate_free_credentials(conn->cred);
GETDNS_FREE(*mfs, conn->tlsa);
GETDNS_FREE(*mfs, conn->curve_list);
GETDNS_FREE(*mfs, conn->cipher_suites);
GETDNS_FREE(*mfs, conn->cipher_list);
GETDNS_FREE(*mfs, conn);
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_connection_shutdown(_getdns_tls_connection* conn)
{
if (!conn || !conn->tls)
return GETDNS_RETURN_INVALID_PARAMETER;
if (conn->shutdown == 0) {
gnutls_bye(conn->tls, GNUTLS_SHUT_WR);
conn->shutdown++;
} else {
gnutls_bye(conn->tls, GNUTLS_SHUT_RDWR);
conn->shutdown++;
}
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_connection_set_min_max_tls_version(_getdns_tls_connection* conn, getdns_tls_version_t min, getdns_tls_version_t max)
{
if (!conn)
return GETDNS_RETURN_INVALID_PARAMETER;
conn->min_tls = _getdns_tls_version2gnutls_version(min);
conn->max_tls = _getdns_tls_version2gnutls_version(max);
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_connection_set_cipher_list(_getdns_tls_connection* conn, const char* list)
{
if (!conn || !conn->tls)
return GETDNS_RETURN_INVALID_PARAMETER;
if (!list)
list = _getdns_tls_connection_opportunistic_cipher_list;
GETDNS_FREE(*conn->mfs, conn->cipher_list);
conn->cipher_list = getdns_strdup(conn->mfs, list);
if (set_connection_ciphers(conn) == GNUTLS_E_SUCCESS)
return GETDNS_RETURN_GOOD;
else
return GETDNS_RETURN_GENERIC_ERROR;
}
getdns_return_t _getdns_tls_connection_set_cipher_suites(_getdns_tls_connection* conn, const char* list)
{
if (!conn || !conn->tls)
return GETDNS_RETURN_INVALID_PARAMETER;
GETDNS_FREE(*conn->mfs, conn->cipher_list);
conn->cipher_suites = getdns_strdup(conn->mfs, list);
if (set_connection_ciphers(conn) == GNUTLS_E_SUCCESS)
return GETDNS_RETURN_GOOD;
else
return GETDNS_RETURN_GENERIC_ERROR;
}
getdns_return_t _getdns_tls_connection_set_curves_list(_getdns_tls_connection* conn, const char* list)
{
if (!conn || !conn->tls)
return GETDNS_RETURN_INVALID_PARAMETER;
GETDNS_FREE(*conn->mfs, conn->curve_list);
conn->curve_list = getdns_strdup(conn->mfs, list);
if (set_connection_ciphers(conn) == GNUTLS_E_SUCCESS)
return GETDNS_RETURN_GOOD;
else
return GETDNS_RETURN_GENERIC_ERROR;
}
getdns_return_t _getdns_tls_connection_set_session(_getdns_tls_connection* conn, _getdns_tls_session* s)
{
int r;
if (!conn || !conn->tls || !s)
return GETDNS_RETURN_INVALID_PARAMETER;
r = gnutls_session_set_data(conn->tls, s->tls.data, s->tls.size);
if (r != GNUTLS_E_SUCCESS)
return GETDNS_RETURN_GENERIC_ERROR;
return GETDNS_RETURN_GOOD;
}
_getdns_tls_session* _getdns_tls_connection_get_session(struct mem_funcs* mfs, _getdns_tls_connection* conn)
{
_getdns_tls_session* res;
int r;
if (!conn || !conn->tls)
return NULL;
if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_session)))
return NULL;
r = gnutls_session_get_data2(conn->tls, &res->tls);
if (r != GNUTLS_E_SUCCESS) {
GETDNS_FREE(*mfs, res);
return NULL;
}
return res;
}
const char* _getdns_tls_connection_get_version(_getdns_tls_connection* conn)
{
if (!conn || !conn->tls)
return NULL;
return gnutls_protocol_get_name(gnutls_protocol_get_version(conn->tls));
}
getdns_return_t _getdns_tls_connection_do_handshake(_getdns_tls_connection* conn)
{
int r;
if (!conn || !conn->tls)
return GETDNS_RETURN_INVALID_PARAMETER;
r = gnutls_handshake(conn->tls);
if (r == GNUTLS_E_SUCCESS) {
return GETDNS_RETURN_GOOD;
}
else
return error_may_want_read_write(conn, r);
}
_getdns_tls_x509* _getdns_tls_connection_get_peer_certificate(struct mem_funcs* mfs, _getdns_tls_connection* conn)
{
const gnutls_datum_t *cert_list;
unsigned int cert_list_size;
if (!conn || !conn->tls)
return NULL;
cert_list = gnutls_certificate_get_peers(conn->tls, &cert_list_size);
if (cert_list == NULL)
return NULL;
return _getdns_tls_x509_new(mfs, *cert_list);
}
getdns_return_t _getdns_tls_connection_is_session_reused(_getdns_tls_connection* conn)
{
if (!conn || !conn->tls)
return GETDNS_RETURN_INVALID_PARAMETER;
if (gnutls_session_is_resumed(conn->tls) != 0)
return GETDNS_RETURN_GOOD;
else
return GETDNS_RETURN_TLS_CONNECTION_FRESH;
}
getdns_return_t _getdns_tls_connection_setup_hostname_auth(_getdns_tls_connection* conn, const char* auth_name)
{
int r;
if (!conn || !conn->tls || !auth_name)
return GETDNS_RETURN_INVALID_PARAMETER;
r = gnutls_server_name_set(conn->tls, GNUTLS_NAME_DNS, auth_name, strlen(auth_name));
if (r != GNUTLS_E_SUCCESS)
return GETDNS_RETURN_GENERIC_ERROR;
gnutls_session_set_verify_cert(conn->tls, auth_name, 0);
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_connection_set_host_pinset(_getdns_tls_connection* conn, const char* auth_name, const sha256_pin_t* pinset)
{
int r;
if (!conn || !conn->tls || !auth_name)
return GETDNS_RETURN_INVALID_PARAMETER;
size_t npins = 0;
for (const sha256_pin_t* pin = pinset; pin; pin = pin->next)
npins++;
GETDNS_FREE(*conn->mfs, conn->tlsa);
conn->tlsa = GETDNS_XMALLOC(*conn->mfs, char, npins * (SHA256_DIGEST_LENGTH + 3) * 2);
if (!conn->tlsa)
return GETDNS_RETURN_GENERIC_ERROR;
char** dane_data = GETDNS_XMALLOC(*conn->mfs, char*, npins * 2 + 1);
if (!dane_data)
return GETDNS_RETURN_GENERIC_ERROR;
int* dane_data_len = GETDNS_XMALLOC(*conn->mfs, int, npins * 2 + 1);
if (!dane_data_len) {
GETDNS_FREE(*conn->mfs, dane_data);
return GETDNS_RETURN_GENERIC_ERROR;
}
char** dane_p = dane_data;
int* dane_len_p = dane_data_len;
char* p = conn->tlsa;
for (const sha256_pin_t* pin = pinset; pin; pin = pin->next) {
*dane_p++ = p;
*dane_len_p++ = SHA256_DIGEST_LENGTH + 3;
p[0] = DANE_CERT_USAGE_LOCAL_CA;
p[1] = DANE_CERT_PK;
p[2] = DANE_MATCH_SHA2_256;
memcpy(&p[3], pin->pin, SHA256_DIGEST_LENGTH);
p += SHA256_DIGEST_LENGTH + 3;
*dane_p++ = p;
*dane_len_p++ = SHA256_DIGEST_LENGTH + 3;
p[0] = DANE_CERT_USAGE_LOCAL_EE;
p[1] = DANE_CERT_PK;
p[2] = DANE_MATCH_SHA2_256;
memcpy(&p[3], pin->pin, SHA256_DIGEST_LENGTH);
p += SHA256_DIGEST_LENGTH + 3;
}
*dane_p = NULL;
if (conn->dane_query)
dane_query_deinit(conn->dane_query);
r = dane_raw_tlsa(conn->dane_state, &conn->dane_query, dane_data, dane_data_len, 0, 0);
GETDNS_FREE(*conn->mfs, dane_data_len);
GETDNS_FREE(*conn->mfs, dane_data);
return (r == DANE_E_SUCCESS) ? GETDNS_RETURN_GOOD : GETDNS_RETURN_GENERIC_ERROR;
}
getdns_return_t _getdns_tls_connection_certificate_verify(_getdns_tls_connection* conn, long* errnum, const char** errmsg)
{
if (!conn || !conn->tls)
return GETDNS_RETURN_INVALID_PARAMETER;
/* If no pinset, no DANE info to check. */
if (!conn->dane_query)
return GETDNS_RETURN_GOOD;
/* Most of the internals of dane_verify_session_crt() */
const gnutls_datum_t* cert_list;
unsigned int cert_list_size = 0;
unsigned int type;
int ret;
const gnutls_datum_t* cl;
gnutls_datum_t* new_cert_list = NULL;
int clsize;
unsigned int verify;
cert_list = gnutls_certificate_get_peers(conn->tls, &cert_list_size);
if (cert_list_size == 0) {
*errnum = 1;
*errmsg = "No peer certificate";
return GETDNS_RETURN_GENERIC_ERROR;
}
cl = cert_list;
type = gnutls_certificate_type_get(conn->tls);
/* this list may be incomplete, try to get the self-signed CA if any */
if (cert_list_size > 0) {
gnutls_x509_crt_t crt, ca;
gnutls_certificate_credentials_t sc;
ret = gnutls_x509_crt_init(&crt);
if (ret < 0)
goto failsafe;
ret = gnutls_x509_crt_import(crt, &cert_list[cert_list_size-1], GNUTLS_X509_FMT_DER);
if (ret < 0) {
gnutls_x509_crt_deinit(crt);
goto failsafe;
}
/* if it is already self signed continue normally */
ret = gnutls_x509_crt_check_issuer(crt, crt);
if (ret != 0) {
gnutls_x509_crt_deinit(crt);
goto failsafe;
}
/* chain does not finish in a self signed cert, try to obtain the issuer */
ret = gnutls_credentials_get(conn->tls, GNUTLS_CRD_CERTIFICATE, (void**)&sc);
if (ret < 0) {
gnutls_x509_crt_deinit(crt);
goto failsafe;
}
ret = gnutls_certificate_get_issuer(sc, crt, &ca, 0);
if (ret < 0) {
gnutls_x509_crt_deinit(crt);
goto failsafe;
}
/* make the new list */
new_cert_list = GETDNS_XMALLOC(*conn->mfs, gnutls_datum_t, cert_list_size + 1);
if (new_cert_list == NULL) {
gnutls_x509_crt_deinit(crt);
goto failsafe;
}
memcpy(new_cert_list, cert_list, cert_list_size*sizeof(gnutls_datum_t));
cl = new_cert_list;
ret = gnutls_x509_crt_export2(ca, GNUTLS_X509_FMT_DER, &new_cert_list[cert_list_size]);
if (ret < 0) {
GETDNS_FREE(*conn->mfs, new_cert_list);
gnutls_x509_crt_deinit(crt);
goto failsafe;
}
}
failsafe:
clsize = cert_list_size;
if (cl == new_cert_list)
clsize += 1;
ret = dane_verify_crt_raw(conn->dane_state, cl, clsize, type, conn->dane_query, 0, 0, &verify);
if (new_cert_list) {
gnutls_free(new_cert_list[cert_list_size].data);
GETDNS_FREE(*conn->mfs, new_cert_list);
}
if (ret != DANE_E_SUCCESS) {
*errnum = ret;
*errmsg = dane_strerror(ret);
return GETDNS_RETURN_GENERIC_ERROR;
}
if (verify != 0) {
if (verify & DANE_VERIFY_CERT_DIFFERS) {
*errnum = 3;
*errmsg = "Pinset validation: Certificate differs";
} else if (verify & DANE_VERIFY_CA_CONSTRAINTS_VIOLATED) {
*errnum = 2;
*errmsg = "Pinset validation: CA constraints violated";
} else {
*errnum = 4;
*errmsg = "Pinset validation: Unknown DANE info";
}
return GETDNS_RETURN_GENERIC_ERROR;
}
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_connection_read(_getdns_tls_connection* conn, uint8_t* buf, size_t to_read, size_t* read)
{
ssize_t sread;
if (!conn || !conn->tls || !read)
return GETDNS_RETURN_INVALID_PARAMETER;
sread = gnutls_record_recv(conn->tls, buf, to_read);
if (sread < 0)
return error_may_want_read_write(conn, sread);
*read = sread;
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_connection_write(_getdns_tls_connection* conn, uint8_t* buf, size_t to_write, size_t* written)
{
int swritten;
if (!conn || !conn->tls || !written)
return GETDNS_RETURN_INVALID_PARAMETER;
swritten = gnutls_record_send(conn->tls, buf, to_write);
if (swritten < 0)
return error_may_want_read_write(conn, swritten);
*written = swritten;
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_session_free(struct mem_funcs* mfs, _getdns_tls_session* s)
{
if (!s)
return GETDNS_RETURN_INVALID_PARAMETER;
if (s->tls.data)
gnutls_free(s->tls.data);
GETDNS_FREE(*mfs, s);
return GETDNS_RETURN_GOOD;
}
getdns_return_t _getdns_tls_get_api_information(getdns_dict* dict)
{
if (! getdns_dict_set_int(
dict, "gnutls_version_number", GNUTLS_VERSION_NUMBER)
&& ! getdns_dict_util_set_string(
dict, "gnutls_version_string", GNUTLS_VERSION)
)
return GETDNS_RETURN_GOOD;
return GETDNS_RETURN_GENERIC_ERROR;
}
void _getdns_tls_x509_free(struct mem_funcs* mfs, _getdns_tls_x509* cert)
{
if (cert)
GETDNS_FREE(*mfs, cert);
}
int _getdns_tls_x509_to_der(struct mem_funcs* mfs, _getdns_tls_x509* cert, getdns_bindata* bindata)
{
gnutls_x509_crt_t crt;
size_t s;
if (!cert || gnutls_x509_crt_init(&crt) != GNUTLS_E_SUCCESS)
return 0;
gnutls_x509_crt_import(crt, &cert->tls, GNUTLS_X509_FMT_DER);
gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, NULL, &s);
if (!bindata) {
gnutls_x509_crt_deinit(crt);
return s;
}
bindata->data = GETDNS_XMALLOC(*mfs, uint8_t, s);
if (!bindata->data) {
gnutls_x509_crt_deinit(crt);
return 0;
}
gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, bindata->data, &s);
bindata->size = s;
gnutls_x509_crt_deinit(crt);
return s;
}
unsigned char* _getdns_tls_hmac_hash(struct mem_funcs* mfs, int algorithm, const void* key, size_t key_size, const void* data, size_t data_size, size_t* output_size)
{
gnutls_mac_algorithm_t alg;
unsigned int md_len;
unsigned char* res;
if (get_gnu_mac_algorithm(algorithm, &alg) != GETDNS_RETURN_GOOD)
return NULL;
md_len = gnutls_hmac_get_len(alg);
res = (unsigned char*) GETDNS_XMALLOC(*mfs, unsigned char, md_len);
if (!res)
return NULL;
(void) gnutls_hmac_fast(alg, key, key_size, data, data_size, res);
if (output_size)
*output_size = md_len;
return res;
}
void _getdns_tls_sha1(const void* data, size_t data_size, unsigned char* buf)
{
gnutls_hash_fast(GNUTLS_DIG_SHA1, data, data_size, buf);
}
void _getdns_tls_cookie_sha256(uint32_t secret, void* addr, size_t addrlen, unsigned char* buf, size_t* buflen)
{
gnutls_hash_hd_t digest;
gnutls_hash_init(&digest, GNUTLS_DIG_SHA256);
gnutls_hash(digest, &secret, sizeof(secret));
gnutls_hash(digest, addr, addrlen);
gnutls_hash_deinit(digest, buf);
*buflen = gnutls_hash_get_len(GNUTLS_DIG_SHA256);
}
/* tls.c */

527
src/install-sh Executable file
View File

@ -0,0 +1,527 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2011-11-20.07; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
# following copyright and license.
#
# Copyright (C) 1994 X Consortium
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Except as contained in this notice, the name of the X Consortium shall not
# be used in advertising or otherwise to promote the sale, use or other deal-
# ings in this Software without prior written authorization from the X Consor-
# tium.
#
#
# FSF changes to this file are in the public domain.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# 'make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch.
nl='
'
IFS=" "" $nl"
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
chgrpprog=${CHGRPPROG-chgrp}
chmodprog=${CHMODPROG-chmod}
chownprog=${CHOWNPROG-chown}
cmpprog=${CMPPROG-cmp}
cpprog=${CPPROG-cp}
mkdirprog=${MKDIRPROG-mkdir}
mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir=
# Desired mode of installed file.
mode=0755
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
mvcmd=$mvprog
rmcmd="$rmprog -f"
stripcmd=
src=
dst=
dir_arg=
dst_arg=
copy_on_change=false
no_target_directory=
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
or: $0 [OPTION]... SRCFILES... DIRECTORY
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
or: $0 [OPTION]... -d DIRECTORIES...
In the 1st form, copy SRCFILE to DSTFILE.
In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
In the 4th, create DIRECTORIES.
Options:
--help display this help and exit.
--version display version info and exit.
-c (ignored)
-C install only if different (preserve the last data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-s $stripprog installed files.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
"
while test $# -ne 0; do
case $1 in
-c) ;;
-C) copy_on_change=true;;
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-T) no_target_directory=true;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
# Otherwise, the last argument is the destination. Remove it from $@.
for arg
do
if test -n "$dst_arg"; then
# $@ is not empty: it contains at least $arg.
set fnord "$@" "$dst_arg"
shift # fnord
fi
shift # arg
dst_arg=$arg
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
done
fi
if test $# -eq 0; then
if test -z "$dir_arg"; then
echo "$0: no input file specified." >&2
exit 1
fi
# It's OK to call 'install-sh -d' without argument.
# This can happen when creating conditional directories.
exit 0
fi
if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
trap "ret=130; $do_exit" 2
trap "ret=141; $do_exit" 13
trap "ret=143; $do_exit" 15
# Set umask so as not to create temps with too-generous modes.
# However, 'strip' requires both read and write access to temps.
case $mode in
# Optimize common cases.
*644) cp_umask=133;;
*755) cp_umask=22;;
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
fi
for src
do
# Protect names problematic for 'test' and other utilities.
case $src in
-* | [=\(\)!]) src=./$src;;
esac
if test -n "$dir_arg"; then
dst=$src
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if test ! -f "$src" && test ! -d "$src"; then
echo "$0: $src does not exist." >&2
exit 1
fi
if test -z "$dst_arg"; then
echo "$0: no destination specified." >&2
exit 1
fi
dst=$dst_arg
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test -n "$no_target_directory"; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
test -d "$dstdir"
dstdir_status=$?
fi
fi
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
eval "$initialize_posix_glob"
oIFS=$IFS
IFS=/
$posix_glob set -f
set fnord $dstdir
shift
$posix_glob set +f
IFS=$oIFS
prefixes=
for d
do
test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
if test -n "$dir_arg"; then
{ test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
{ test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $cpprog $src $dsttmp" command.
#
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
{ test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
{ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
$posix_glob set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
rm -f "$dsttmp"
else
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
# The rename failed, perhaps because mv can't rename something else
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1
trap '' 0
fi
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

2
src/jsmn

@ -1 +1 @@
Subproject commit 686a240cc8186a9a799ebafb0b32e67991b5abfc
Subproject commit c831c3869f56a571a79a3cbf58e0a366e588e256

11
src/libgetdns.symbols
View File

@ -30,20 +30,15 @@ getdns_context_get_resolution_type
getdns_context_get_resolvconf
getdns_context_get_round_robin_upstreams
getdns_context_get_suffix
getdns_context_get_tcp_send_timeout
getdns_context_get_timeout
getdns_context_get_tls_authentication
getdns_context_get_tls_backoff_time
getdns_context_get_tls_ca_file
getdns_context_get_tls_ca_path
getdns_context_get_tls_cipher_list
getdns_context_get_tls_ciphersuites
getdns_context_get_tls_connection_retries
getdns_context_get_tls_curves_list
getdns_context_get_tls_max_version
getdns_context_get_tls_min_version
getdns_context_get_tls_query_padding_blocksize
getdns_context_get_trust_anchors_backoff_time
getdns_context_get_trust_anchors_url
getdns_context_get_trust_anchors_verify_CA
getdns_context_get_trust_anchors_verify_email
@ -79,20 +74,15 @@ getdns_context_set_resolvconf
getdns_context_set_return_dnssec_status
getdns_context_set_round_robin_upstreams
getdns_context_set_suffix
getdns_context_set_tcp_send_timeout
getdns_context_set_timeout
getdns_context_set_tls_authentication
getdns_context_set_tls_backoff_time
getdns_context_set_tls_ca_file
getdns_context_set_tls_ca_path
getdns_context_set_tls_cipher_list
getdns_context_set_tls_ciphersuites
getdns_context_set_tls_connection_retries
getdns_context_set_tls_curves_list
getdns_context_set_tls_max_version
getdns_context_set_tls_min_version
getdns_context_set_tls_query_padding_blocksize
getdns_context_set_trust_anchors_backoff_time
getdns_context_set_trust_anchors_url
getdns_context_set_trust_anchors_verify_CA
getdns_context_set_trust_anchors_verify_email
@ -100,7 +90,6 @@ getdns_context_set_update_callback
getdns_context_set_upstream_recursive_servers
getdns_context_set_use_threads
getdns_context_unset_edns_maximum_udp_payload_size
getdns_context_unset_tcp_send_timeout
getdns_convert_alabel_to_ulabel
getdns_convert_dns_name_to_fqdn
getdns_convert_fqdn_to_dns_name

2
src/list.c
View File

@ -418,7 +418,7 @@ getdns_list_create_with_memory_functions(void *(*malloc)(size_t),
/*-------------------------- getdns_list_create_with_context */
struct getdns_list *
getdns_list_create_with_context(const getdns_context *context)
getdns_list_create_with_context(struct getdns_context *context)
{
if (context)
return getdns_list_create_with_extended_memory_functions(

4
src/mk-const-info.c.sh
View File

@ -14,7 +14,7 @@ cat > const-info.c << END_OF_HEAD
static struct const_info consts_info[] = {
{ -1, NULL, "/* <unknown getdns value> */" },
END_OF_HEAD
gawk --non-decimal-data '/^[ ]+GETDNS_[A-Z0-9_]+[ ]+=[ ]+[0-9]+/{ key = sprintf("%7d", $3); consts[key] = $1; }/^#define GETDNS_[A-Z0-9_]+[ ]+(0[xX][0-9a-fA-F]+|[0-9]+)/ && !/^#define GETDNS_RRTYPE/ && !/^#define GETDNS_RRCLASS/ && !/^#define GETDNS_OPCODE/ && !/^#define GETDNS_RCODE/ && !/_TEXT/{ key = sprintf("%7d", $3); consts[key] = $2; }/^#define GETDNS_[A-Z0-9_]+[ ]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%7d", $4); consts[key] = $2; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ "val", \""name"\", "name"_TEXT },"}}' getdns/getdns_extra.h.in getdns/getdns.h.in const-info.h| sed 's/,,/,/g' >> const-info.c
gawk '/^[ ]+GETDNS_[A-Z_]+[ ]+=[ ]+[0-9]+/{ key = sprintf("%7d", $3); consts[key] = $1; }/^#define GETDNS_[A-Z_]+[ ]+[0-9]+/ && !/^#define GETDNS_RRTYPE/ && !/^#define GETDNS_RRCLASS/ && !/^#define GETDNS_OPCODE/ && !/^#define GETDNS_RCODE/ && !/_TEXT/{ key = sprintf("%7d", $3); consts[key] = $2; }/^#define GETDNS_[A-Z_]+[ ]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%7d", $4); consts[key] = $2; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ "val", \""name"\", "name"_TEXT },"}}' getdns/getdns_extra.h.in getdns/getdns.h.in const-info.h| sed 's/,,/,/g' >> const-info.c
cat >> const-info.c << END_OF_TAIL
};
@ -49,7 +49,7 @@ getdns_get_errorstr_by_id(uint16_t err)
static struct const_name_info consts_name_info[] = {
END_OF_TAIL
gawk --non-decimal-data '/^[ ]+GETDNS_[A-Z0-9_]+[ ]+=[ ]+[0-9]+/{ key = sprintf("%d", $3); consts[$1] = key; }/^#define GETDNS_[A-Z0-9_]+[ ]+(0[xX][0-9a-fA-F]+|[0-9]+)/ && !/_TEXT/{ key = sprintf("%d", $3); consts[$2] = key; }/^#define GETDNS_[A-Z0-9_]+[ ]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%d", $4); consts[$2] = key; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ \""val"\", "name" },"}}' getdns/getdns.h.in getdns/getdns_extra.h.in const-info.h| sed 's/,,/,/g' >> const-info.c
gawk '/^[ ]+GETDNS_[A-Z_]+[ ]+=[ ]+[0-9]+/{ key = sprintf("%d", $3); consts[$1] = key; }/^#define GETDNS_[A-Z_]+[ ]+[0-9]+/ && !/_TEXT/{ key = sprintf("%d", $3); consts[$2] = key; }/^#define GETDNS_[A-Z_]+[ ]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%d", $4); consts[$2] = key; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ \""val"\", "name" },"}}' getdns/getdns.h.in getdns/getdns_extra.h.in const-info.h| sed 's/,,/,/g' >> const-info.c
cat >> const-info.c << END_OF_TAIL
};

2
src/mk-symfiles.sh
View File

@ -3,7 +3,7 @@
write_symbols() {
OUTPUT=$1
shift
grep -h 'getdns_[0-9a-zA-Z_]*(' $* | grep -v '^#' | grep -v 'INLINE' | grep -v '^ \* if' \
grep 'getdns_[0-9a-zA-Z_]*(' $* | grep -v '^#' | grep -v 'INLINE' | grep -v 'getdns_extra\.h\.in: \* if' \
| sed -e 's/(.*$//g' -e 's/^.*getdns_/getdns_/g' | LC_ALL=C sort | uniq > $OUTPUT
}

645
src/openssl/keyraw-internal.c
View File

@ -1,645 +0,0 @@
/*
* keyraw.c - raw key operations and conversions - OpenSSL version
*
* (c) NLnet Labs, 2004-2008
*
* See the file LICENSE for the license
*/
/**
* \file
* Implementation of raw DNSKEY functions (work on wire rdata).
*/
#include "config.h"
#include "gldns/keyraw.h"
#include "gldns/rrdef.h"
#ifdef HAVE_SSL
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/md5.h>
#ifdef HAVE_OPENSSL_CONF_H
#include <openssl/conf.h>
#endif
#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
#endif
#ifdef HAVE_OPENSSL_BN_H
#include <openssl/bn.h>
#endif
#ifdef HAVE_OPENSSL_PARAM_BUILD_H
# include <openssl/param_build.h>
#else
# ifdef HAVE_OPENSSL_RSA_H
# include <openssl/rsa.h>
# endif
# ifdef HAVE_OPENSSL_DSA_H
# include <openssl/dsa.h>
# endif
#endif
#ifdef HAVE_OPENSSL_DSA_H
#include <openssl/dsa.h>
#endif
#ifdef HAVE_OPENSSL_RSA_H
#include <openssl/rsa.h>
#endif
#endif /* HAVE_SSL */
#ifdef HAVE_SSL
#ifdef USE_GOST
/** store GOST engine reference loaded into OpenSSL library */
#if defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER > 0x30000000
int
gldns_key_EVP_load_gost_id(void)
{
return 0;
}
void gldns_key_EVP_unload_gost(void)
{
}
#else
ENGINE* gldns_gost_engine = NULL;
int
gldns_key_EVP_load_gost_id(void)
{
static int gost_id = 0;
const EVP_PKEY_ASN1_METHOD* meth;
ENGINE* e;
if(gost_id) return gost_id;
/* see if configuration loaded gost implementation from other engine*/
meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1);
if(meth) {
EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
return gost_id;
}
/* see if engine can be loaded already */
e = ENGINE_by_id("gost");
if(!e) {
/* load it ourself, in case statically linked */
ENGINE_load_builtin_engines();
ENGINE_load_dynamic();
e = ENGINE_by_id("gost");
}
if(!e) {
/* no gost engine in openssl */
return 0;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
ENGINE_finish(e);
ENGINE_free(e);
return 0;
}
meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1);
if(!meth) {
/* algo not found */
ENGINE_finish(e);
ENGINE_free(e);
return 0;
}
/* Note: do not ENGINE_finish and ENGINE_free the acquired engine
* on some platforms this frees up the meth and unloads gost stuff */
gldns_gost_engine = e;
EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
return gost_id;
}
void gldns_key_EVP_unload_gost(void)
{
if(gldns_gost_engine) {
ENGINE_finish(gldns_gost_engine);
ENGINE_free(gldns_gost_engine);
gldns_gost_engine = NULL;
}
}
#endif /* ifndef OPENSSL_NO_ENGINE */
#endif /* USE_GOST */
/* Retrieve params as BIGNUM from raw buffer */
static int
gldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p,
BIGNUM** q, BIGNUM** g, BIGNUM** y)
{
uint8_t T;
uint16_t length;
uint16_t offset;
if(len == 0)
return 0;
T = (uint8_t)key[0];
length = (64 + T * 8);
offset = 1;
if (T > 8) {
return 0;
}
if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length)
return 0;
*q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
offset += SHA_DIGEST_LENGTH;
*p = BN_bin2bn(key+offset, (int)length, NULL);
offset += length;
*g = BN_bin2bn(key+offset, (int)length, NULL);
offset += length;
*y = BN_bin2bn(key+offset, (int)length, NULL);
if(!*q || !*p || !*g || !*y) {
BN_free(*q);
BN_free(*p);
BN_free(*g);
BN_free(*y);
return 0;
}
return 1;
}
#ifndef HAVE_OSSL_PARAM_BLD_NEW
DSA *
gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
{
DSA *dsa;
BIGNUM *Q=NULL, *P=NULL, *G=NULL, *Y=NULL;
if(!gldns_key_dsa_buf_bignum(key, len, &P, &Q, &G, &Y)) {
return NULL;
}
/* create the key and set its properties */
if(!(dsa = DSA_new())) {
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || \
(defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x02070000f)
#ifndef S_SPLINT_S
dsa->p = P;
dsa->q = Q;
dsa->g = G;
dsa->pub_key = Y;
#endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!DSA_set0_pqg(dsa, P, Q, G)) {
/* QPG not yet attached, need to free */
BN_free(Q);
BN_free(P);
BN_free(G);
DSA_free(dsa);
BN_free(Y);
return NULL;
}
if (!DSA_set0_key(dsa, Y, NULL)) {
/* QPG attached, cleaned up by DSA_fre() */
DSA_free(dsa);
BN_free(Y);
return NULL;
}
#endif
return dsa;
}
#endif /* HAVE_OSSL_PARAM_BLD_NEW */
EVP_PKEY *gldns_key_dsa2pkey_raw(unsigned char* key, size_t len)
{
#ifdef HAVE_OSSL_PARAM_BLD_NEW
EVP_PKEY* evp_key = NULL;
EVP_PKEY_CTX* ctx;
BIGNUM *p=NULL, *q=NULL, *g=NULL, *y=NULL;
OSSL_PARAM_BLD* param_bld;
OSSL_PARAM* params = NULL;
if(!gldns_key_dsa_buf_bignum(key, len, &p, &q, &g, &y)) {
return NULL;
}
param_bld = OSSL_PARAM_BLD_new();
if(!param_bld) {
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return NULL;
}
if(!OSSL_PARAM_BLD_push_BN(param_bld, "p", p) ||
!OSSL_PARAM_BLD_push_BN(param_bld, "g", g) ||
!OSSL_PARAM_BLD_push_BN(param_bld, "q", q) ||
!OSSL_PARAM_BLD_push_BN(param_bld, "pub", y)) {
OSSL_PARAM_BLD_free(param_bld);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return NULL;
}
params = OSSL_PARAM_BLD_to_param(param_bld);
OSSL_PARAM_BLD_free(param_bld);
ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
if(!ctx) {
OSSL_PARAM_free(params);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return NULL;
}
if(EVP_PKEY_fromdata_init(ctx) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return NULL;
}
if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return NULL;
}
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return evp_key;
#else
DSA* dsa;
EVP_PKEY* evp_key = EVP_PKEY_new();
if(!evp_key) {
return NULL;
}
dsa = gldns_key_buf2dsa_raw(key, len);
if(!dsa) {
EVP_PKEY_free(evp_key);
return NULL;
}
if(EVP_PKEY_assign_DSA(evp_key, dsa) == 0) {
DSA_free(dsa);
EVP_PKEY_free(evp_key);
return NULL;
}
return evp_key;
#endif
}
/* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */
static int
gldns_key_rsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** n,
BIGNUM** e)
{
uint16_t offset;
uint16_t exp;
uint16_t int16;
if (len == 0)
return 0;
if (key[0] == 0) {
if(len < 3)
return 0;
memmove(&int16, key+1, 2);
exp = ntohs(int16);
offset = 3;
} else {
exp = key[0];
offset = 1;
}
/* key length at least one */
if(len < (size_t)offset + exp + 1)
return 0;
/* Exponent */
*e = BN_new();
if(!*e) return 0;
(void) BN_bin2bn(key+offset, (int)exp, *e);
offset += exp;
/* Modulus */
*n = BN_new();
if(!*n) {
BN_free(*e);
return 0;
}
/* length of the buffer must match the key length! */
(void) BN_bin2bn(key+offset, (int)(len - offset), *n);
return 1;
}
#ifndef HAVE_OSSL_PARAM_BLD_NEW
RSA *
gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
{
BIGNUM* modulus = NULL;
BIGNUM* exponent = NULL;
RSA *rsa;
if(!gldns_key_rsa_buf_bignum(key, len, &modulus, &exponent))
return NULL;
rsa = RSA_new();
if(!rsa) {
BN_free(exponent);
BN_free(modulus);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || \
(defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x02070000f)
#ifndef S_SPLINT_S
rsa->n = modulus;
rsa->e = exponent;
#endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
BN_free(exponent);
BN_free(modulus);
RSA_free(rsa);
return NULL;
}
#endif
return rsa;
}
#endif /* HAVE_OSSL_PARAM_BLD_NEW */
EVP_PKEY* gldns_key_rsa2pkey_raw(unsigned char* key, size_t len)
{
#ifdef HAVE_OSSL_PARAM_BLD_NEW
EVP_PKEY* evp_key = NULL;
EVP_PKEY_CTX* ctx;
BIGNUM *n=NULL, *e=NULL;
OSSL_PARAM_BLD* param_bld;
OSSL_PARAM* params = NULL;
if(!gldns_key_rsa_buf_bignum(key, len, &n, &e)) {
return NULL;
}
param_bld = OSSL_PARAM_BLD_new();
if(!param_bld) {
BN_free(n);
BN_free(e);
return NULL;
}
if(!OSSL_PARAM_BLD_push_BN(param_bld, "n", n)) {
OSSL_PARAM_BLD_free(param_bld);
BN_free(n);
BN_free(e);
return NULL;
}
if(!OSSL_PARAM_BLD_push_BN(param_bld, "e", e)) {
OSSL_PARAM_BLD_free(param_bld);
BN_free(n);
BN_free(e);
return NULL;
}
params = OSSL_PARAM_BLD_to_param(param_bld);
OSSL_PARAM_BLD_free(param_bld);
ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
if(!ctx) {
OSSL_PARAM_free(params);
BN_free(n);
BN_free(e);
return NULL;
}
if(EVP_PKEY_fromdata_init(ctx) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(n);
BN_free(e);
return NULL;
}
if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(n);
BN_free(e);
return NULL;
}
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(n);
BN_free(e);
return evp_key;
#else
RSA* rsa;
EVP_PKEY *evp_key = EVP_PKEY_new();
if(!evp_key) {
return NULL;
}
rsa = gldns_key_buf2rsa_raw(key, len);
if(!rsa) {
EVP_PKEY_free(evp_key);
return NULL;
}
if(EVP_PKEY_assign_RSA(evp_key, rsa) == 0) {
RSA_free(rsa);
EVP_PKEY_free(evp_key);
return NULL;
}
return evp_key;
#endif
}
#ifdef USE_GOST
EVP_PKEY*
gldns_gost2pkey_raw(unsigned char* key, size_t keylen)
{
/* prefix header for X509 encoding */
uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85,
0x03, 0x02, 0x02, 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85,
0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07, 0x2a, 0x85, 0x03,
0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40};
unsigned char encoded[37+64];
const unsigned char* pp;
if(keylen != 64) {
/* key wrong size */
return NULL;
}
/* create evp_key */
memmove(encoded, asn, 37);
memmove(encoded+37, key, 64);
pp = (unsigned char*)&encoded[0];
return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded));
}
#endif /* USE_GOST */
#ifdef USE_ECDSA
EVP_PKEY*
gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
{
#ifdef HAVE_OSSL_PARAM_BLD_NEW
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
EVP_PKEY *evp_key = NULL;
EVP_PKEY_CTX* ctx;
OSSL_PARAM_BLD* param_bld;
OSSL_PARAM* params = NULL;
char* group = NULL;
/* check length, which uncompressed must be 2 bignums */
if(algo == GLDNS_ECDSAP256SHA256) {
if(keylen != 2*256/8) return NULL;
group = "prime256v1";
} else if(algo == GLDNS_ECDSAP384SHA384) {
if(keylen != 2*384/8) return NULL;
group = "P-384";
} else {
return NULL;
}
if(keylen+1 > sizeof(buf)) { /* sanity check */
return NULL;
}
/* prepend the 0x04 for uncompressed format */
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
memmove(buf+1, key, keylen);
param_bld = OSSL_PARAM_BLD_new();
if(!param_bld) {
return NULL;
}
if(!OSSL_PARAM_BLD_push_utf8_string(param_bld, "group", group, 0) ||
!OSSL_PARAM_BLD_push_octet_string(param_bld, "pub", buf, keylen+1)) {
OSSL_PARAM_BLD_free(param_bld);
return NULL;
}
params = OSSL_PARAM_BLD_to_param(param_bld);
OSSL_PARAM_BLD_free(param_bld);
ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
if(!ctx) {
OSSL_PARAM_free(params);
return NULL;
}
if(EVP_PKEY_fromdata_init(ctx) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
return NULL;
}
if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
return NULL;
}
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
return evp_key;
#else
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
const unsigned char* pp = buf;
EVP_PKEY *evp_key;
EC_KEY *ec;
/* check length, which uncompressed must be 2 bignums */
if(algo == GLDNS_ECDSAP256SHA256) {
if(keylen != 2*256/8) return NULL;
ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
} else if(algo == GLDNS_ECDSAP384SHA384) {
if(keylen != 2*384/8) return NULL;
ec = EC_KEY_new_by_curve_name(NID_secp384r1);
} else ec = NULL;
if(!ec) return NULL;
if(keylen+1 > sizeof(buf)) { /* sanity check */
EC_KEY_free(ec);
return NULL;
}
/* prepend the 0x02 (from docs) (or actually 0x04 from implementation
* of openssl) for uncompressed data */
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
memmove(buf+1, key, keylen);
if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) {
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
return evp_key;
#endif /* HAVE_OSSL_PARAM_BLD_NEW */
}
#endif /* USE_ECDSA */
#ifdef USE_ED25519
EVP_PKEY*
gldns_ed255192pkey_raw(const unsigned char* key, size_t keylen)
{
/* ASN1 for ED25519 is 302a300506032b6570032100 <32byteskey> */
uint8_t pre[] = {0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x70, 0x03, 0x21, 0x00};
int pre_len = 12;
uint8_t buf[256];
EVP_PKEY *evp_key;
/* pp gets modified by d2i() */
const unsigned char* pp = (unsigned char*)buf;
if(keylen != 32 || keylen + pre_len > sizeof(buf))
return NULL; /* wrong length */
memmove(buf, pre, pre_len);
memmove(buf+pre_len, key, keylen);
evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
return evp_key;
}
#endif /* USE_ED25519 */
#ifdef USE_ED448
EVP_PKEY*
gldns_ed4482pkey_raw(const unsigned char* key, size_t keylen)
{
/* ASN1 for ED448 is 3043300506032b6571033a00 <57byteskey> */
uint8_t pre[] = {0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x71, 0x03, 0x3a, 0x00};
int pre_len = 12;
uint8_t buf[256];
EVP_PKEY *evp_key;
/* pp gets modified by d2i() */
const unsigned char* pp = (unsigned char*)buf;
if(keylen != 57 || keylen + pre_len > sizeof(buf))
return NULL; /* wrong length */
memmove(buf, pre, pre_len);
memmove(buf+pre_len, key, keylen);
evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
return evp_key;
}
#endif /* USE_ED448 */
int
gldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
const EVP_MD* md)
{
EVP_MD_CTX* ctx;
ctx = EVP_MD_CTX_create();
if(!ctx)
return 0;
if(!EVP_DigestInit_ex(ctx, md, NULL) ||
!EVP_DigestUpdate(ctx, data, len) ||
!EVP_DigestFinal_ex(ctx, dest, NULL)) {
EVP_MD_CTX_destroy(ctx);
return 0;
}
EVP_MD_CTX_destroy(ctx);
return 1;
}
#endif /* HAVE_SSL */

130
src/openssl/keyraw-internal.h
View File

@ -1,130 +0,0 @@
/*
* keyraw.h -- raw key and signature access and conversion - OpenSSL
*
* Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
*
* See LICENSE for the license.
*
*/
/**
* \file
*
* raw key and signature access and conversion
*
* Since those functions heavily rely op cryptographic operations,
* this module is dependent on openssl.
*
*/
#ifndef GLDNS_KEYRAW_INTERNAL_H
#define GLDNS_KEYRAW_INTERNAL_H
#ifdef __cplusplus
extern "C" {
#endif
#if GLDNS_BUILD_CONFIG_HAVE_SSL
# include <openssl/ssl.h>
# include <openssl/evp.h>
/**
* Get the PKEY id for GOST, loads GOST into openssl as a side effect.
* Only available if GOST is compiled into the library and openssl.
* \return the gost id for EVP_CTX creation.
*/
int gldns_key_EVP_load_gost_id(void);
/** Release the engine reference held for the GOST engine. */
void gldns_key_EVP_unload_gost(void);
#ifndef HAVE_OSSL_PARAM_BLD_NEW
/**
* Like gldns_key_buf2dsa, but uses raw buffer.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return a DSA * structure with the key material
*/
DSA *gldns_key_buf2dsa_raw(unsigned char* key, size_t len);
#endif
/**
* Converts a holding buffer with DSA key material to EVP PKEY in openssl.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return the key or NULL on error.
*/
EVP_PKEY *gldns_key_dsa2pkey_raw(unsigned char* key, size_t len);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
* Only available if ldns was compiled with GOST.
* \param[in] key data to convert
* \param[in] keylen length of the key data
* \return the key or NULL on error.
*/
EVP_PKEY* gldns_gost2pkey_raw(unsigned char* key, size_t keylen);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
* Only available if ldns was compiled with ECDSA.
* \param[in] key data to convert
* \param[in] keylen length of the key data
* \param[in] algo precise algorithm to initialize ECC group values.
* \return the key or NULL on error.
*/
EVP_PKEY* gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
#ifndef HAVE_OSSL_PARAM_BLD_NEW
/**
* Like gldns_key_buf2rsa, but uses raw buffer.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return a RSA * structure with the key material
*/
RSA *gldns_key_buf2rsa_raw(unsigned char* key, size_t len);
#endif
/**
* Converts a holding buffer with RSA key material to EVP PKEY in openssl.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return the key or NULL on error.
*/
EVP_PKEY* gldns_key_rsa2pkey_raw(unsigned char* key, size_t len);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
* Only available if ldns was compiled with ED25519.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return the key or NULL on error.
*/
EVP_PKEY* gldns_ed255192pkey_raw(const unsigned char* key, size_t len);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
* Only available if ldns was compiled with ED448.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return the key or NULL on error.
*/
EVP_PKEY* gldns_ed4482pkey_raw(const unsigned char* key, size_t len);
/**
* Utility function to calculate hash using generic EVP_MD pointer.
* \param[in] data the data to hash.
* \param[in] len length of data.
* \param[out] dest the destination of the hash, must be large enough.
* \param[in] md the message digest to use.
* \return true if worked, false on failure.
*/
int gldns_digest_evp(unsigned char* data, unsigned int len,
unsigned char* dest, const EVP_MD* md);
#endif /* GLDNS_BUILD_CONFIG_HAVE_SSL */
#ifdef __cplusplus
}
#endif
#endif /* GLDNS_KEYRAW_INTERNAL_H */

90
src/openssl/pubkey-pinning-internal.c
View File

@ -1,90 +0,0 @@
/**
*
* /brief functions for Public Key Pinning
*
*/
/*
* Copyright (c) 2015, Daniel Kahn Gillmor
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of the copyright holders nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* getdns Public Key Pinning
*
* a public key pinset is a list of dicts. each dict should have a
* "digest" and a "value".
*
* "digest": a string indicating the type of digest. at the moment, we
* only support a "digest" of "sha256".
*
* "value": a binary representation of the digest provided.
*
* given a such a pinset, we should be able to validate a chain
* properly according to section 2.6 of RFC 7469.
*/
#include "config.h"
#include "debug.h"
#include <getdns/getdns.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/sha.h>
#include <openssl/x509.h>
#include <string.h>
#include "context.h"
#include "util-internal.h"
#include "pubkey-pinning-internal.h"
/* we only support sha256 at the moment. adding support for another
digest is more complex than just adding another entry here. in
particular, you'll probably need a match for a particular cert
against all supported algorithms. better to wait on doing that
until it is a better-understood problem (i.e. wait until hpkp is
updated and follow the guidance in rfc7469bis)
*/
/* b64 turns every 3 octets (or fraction thereof) into 4 octets */
#define B64_ENCODED_SHA256_LENGTH (((SHA256_DIGEST_LENGTH + 2)/3) * 4)
getdns_return_t _getdns_decode_base64(const char* str, uint8_t* res, size_t res_size)
{
BIO *bio = NULL;
char inbuf[B64_ENCODED_SHA256_LENGTH + 1];
getdns_return_t ret = GETDNS_RETURN_GOOD;
/* openssl needs a trailing newline to base64 decode */
memcpy(inbuf, str, B64_ENCODED_SHA256_LENGTH);
inbuf[B64_ENCODED_SHA256_LENGTH] = '\n';
bio = BIO_push(BIO_new(BIO_f_base64()),
BIO_new_mem_buf(inbuf, sizeof(inbuf)));
if (BIO_read(bio, res, res_size) != (int) res_size)
ret = GETDNS_RETURN_GENERIC_ERROR;
BIO_free_all(bio);
return ret;
}
/* pubkey-pinning.c */

84
src/openssl/tls-internal.h
View File

@ -1,84 +0,0 @@
/**
*
* \file tls-internal.h
* @brief getdns TLS implementation-specific items
*/
/*
* Copyright (c) 2018-2019, NLnet Labs
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of the copyright holders nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _GETDNS_TLS_INTERNAL_H
#define _GETDNS_TLS_INTERNAL_H
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include "getdns/getdns.h"
#ifndef HAVE_DECL_SSL_CTX_SET1_CURVES_LIST
#define HAVE_TLS_CTX_CURVES_LIST 0
#else
#define HAVE_TLS_CTX_CURVES_LIST (HAVE_DECL_SSL_CTX_SET1_CURVES_LIST)
#endif
#ifndef HAVE_DECL_SSL_SET1_CURVES_LIST
#define HAVE_TLS_CONN_CURVES_LIST 0
#else
#define HAVE_TLS_CONN_CURVES_LIST (HAVE_DECL_SSL_SET1_CURVES_LIST)
#endif
#define GETDNS_TLS_MAX_DIGEST_LENGTH (EVP_MAX_MD_SIZE)
/* Forward declare type. */
struct sha256_pin;
struct getdns_log_config;
typedef struct _getdns_tls_context {
SSL_CTX* ssl;
const struct getdns_log_config* log;
} _getdns_tls_context;
typedef struct _getdns_tls_connection {
SSL* ssl;
const struct getdns_log_config* log;
#if defined(USE_DANESSL)
const char* auth_name;
const struct sha256_pin* pinset;
#endif
} _getdns_tls_connection;
typedef struct _getdns_tls_session {
SSL_SESSION* ssl;
} _getdns_tls_session;
typedef struct _getdns_tls_x509
{
X509* ssl;
} _getdns_tls_x509;
#endif /* _GETDNS_TLS_INTERNAL_H */

1222
src/openssl/tls.c
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More