.gitmodules

@@ -9,8 +9,8 @@
 [submodule "stubby"]
 	path = stubby
 	url = https://github.com/getdnsapi/stubby.git
-	branch = develop
+	branch = feature/cmake2
 [submodule "src/ssl_dane"]
 	path = src/ssl_dane
-	url = https://github.com/getdnsapi/ssl_dane
-	branch = getdns
+	url = https://github.com/banburybill/ssl_dane
+	branch = feature/windows-native-build

.travis.yml

@@ -19,9 +19,8 @@ addons:
     - clang
     - wget
     - openssh-client
-    - libgnutls28-dev
 script:
   - mkdir tests
   - cd tests
   - ../src/test/tpkg/run-all.sh
-# - ../src/test/tpkg/run-one.sh 290-transports.tpkg -V
+# - ../src/test/tpkg/run-one.sh 275-server-capabilities.tpkg -V

CMakeLists.txt

@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.20 FATAL_ERROR)
+cmake_minimum_required(VERSION 3.5 FATAL_ERROR)
 
 if (POLICY CMP0075)
   cmake_policy(SET CMP0075 NEW)
@@ -6,73 +6,34 @@ endif ()
 
 # The following must be set BEFORE doing project() or enable_language().
 if (NOT CMAKE_BUILD_TYPE)
-  message(STATUS "No build type defined; defaulting to 'RelWithDebInfo'")
-  set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING
+  message(STATUS "No build type defined; defaulting to 'Debug'")
+  set(CMAKE_BUILD_TYPE "Debug" CACHE STRING
     "The type of build. Possible values are: Debug, Release, RelWithDebInfo and MinSizeRel.")
 endif ()
 
 set(PACKAGE "getdns")
 set(PACKAGE_NAME "getdns")
-set(PACKAGE_VERSION "1.7.3")
+set(PACKAGE_VERSION "1.6.0")
 set(PACKAGE_BUGREPORT "team@getdnsapi.net")
 set(PACKAGE_URL "https://getdnsapi.net")
 
 # Dont forget to put a dash in front of the release candidate!!!
 # That is how it is done with semantic versioning!
-set(RELEASE_CANDIDATE "")
+set(RELEASE_CANDIDATE "-beta.1")
 
 set(PACKAGE_STRING "${PACKAGE_NAME} ${PACKAGE_VERSION}${RELEASE_CANDIDATE}")
 set(PACKAGE_TARNAME "${PACKAGE}-${PACKAGE_VERSION}${RELEASE_CANDIDATE}")
 
 set(GETDNS_VERSION "${PACKAGE_VERSION}${RELEASE_CANDIDATE}")
-set(GETDNS_NUMERIC_VERSION 0x01070200)
+set(GETDNS_NUMERIC_VERSION 0x0105ffc1)
 set(API_VERSION "December 2015")
 set(API_NUMERIC_VERSION 0x07df0c00)
 
 
-# Library version
-# ---------------
-# current:revision:age
-# (binary-api-number):(which-binary-api-version):(how-many-nrs-backwardscompat)
-# if source code changes increment revision
-# if any interfaces have been added/removed/changed since last update then
-#   increment current and set revision to 0
-# if any interfaces have been added since the last public release then increment age
-# if any interfaces have been removed or changed since the last public release then
-#   set age to 0
-#
-# getdns-0.1.4 had libversion 0:0:0
-# getdns-0.1.5 had libversion 1:0:0
-# getdns-0.1.6 had libversion 1:1:0
-# getdns-0.1.7 had libversion 1:2:1 (but should have had 2:0:1)
-# getdns-0.1.8 had libversion 1:3:0 (but should have had 2:1:1)
-# getdns-0.2.0 had libversion 2:2:1
-# getdns-0.3.0 had libversion 3:3:2
-# getdns-0.3.1 had libversion 3:4:2
-# getdns-0.3.2 had libversion 3:5:2
-# getdns-0.3.3 had libversion 3:6:2
-# getdns-0.5.0 had libversion 4:0:3
-# getdns-0.5.1 had libversion 4:1:3 (but should have been getdns-0.6.0)
-# getdns-0.9.0 had libversion 5:0:4
-# getdns-1.0.0 had libversion 5:1:4
-# getdns-1.1.0 had libversion 6:0:0
-# getdns-1.1.1 had libversion 6:1:0
-# getdns-1.1.2 had libversion 7:0:1
-# getdns-1.1.3 had libversion 7:1:1
-# getdns-1.2.0 had libversion 8:0:2
-# getdns-1.2.1 had libversion 8:1:2
-# getdns-1.3.0 had libversion 9:0:3
-# getdns-1.4.0 had libversion 10:0:0
-# getdns-1.4.1 had libversion 10:1:0
-# getdns-1.4.2 had libversion 10:2:0
-# getdns-1.5.0 had libversion 11:0:1
-# getdns-1.5.1 had libversion 11:1:1
-# getdns-1.5.2 had libversion 11:2:1
-# getdns-1.6.0 had libversion 11:3:1
-# getdns-1.7.0 has libversion 12:0:2
-set(GETDNS_VERSION_CURRENT 12)
-set(GETDNS_VERSION_REVISION 0)
-set(GETDNS_VERSION_AGE 2)
+# Version 11:2:1 in libtool-speak.
+set(GETDNS_VERSION_CURRENT 11)
+set(GETDNS_VERSION_REVISION 3)
+set(GETDNS_VERSION_AGE 1)
 
 project(getdns VERSION ${PACKAGE_VERSION} LANGUAGES C)
 
@@ -103,7 +64,7 @@ elseif (APPLE)
 elseif (UNIX)
   set(HOSTOS "unix")
 
-  if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD" AND NOT ${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD")
+  if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_POSIX_C_SOURCE=200112L -D_XOPEN_SOURCE=600")
   endif ()
   if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
@@ -160,15 +121,12 @@ option(BUILD_GETDNS_QUERY "Compile and install the getdns_query tool." ON)
 option(BUILD_GETDNS_SERVER_MON "Compile and install the getdns_server_mon tool." ON)
 option(BUILD_STUBBY "Compile and install stubby, the (stub) resolver daemon." OFF)
 
-option(BUILD_LIBEV "Build libev support library if available." ON)
-option(BUILD_LIBEVENT2 "Build libevent2 support library if available." ON)
-option(BUILD_LIBUV "Build libuv support library available." ON)
-
+option(USE_LIBEV "Use libev if available." OFF)
+option(USE_LIBEVENT2 "Use libevent2 if available." OFF)
+option(USE_LIBUV "Use libuv if available." OFF)
 option(USE_LIBIDN2 "Use libidn2 if available." ON)
 option(USE_GNUTLS "Use GnuTLS for TLS connections." OFF)
 
-option(FORCE_COMPAT_STRPTIME "Force use of internal strptime when cross-compiling." OFF)
-
 # Above names chosen for user consistency. Now define substituted names.
 set(REQ_DEBUG ${ENABLE_DEBUG_REQ})
 set(SCHED_DEBUG ${ENABLE_DEBUG_SCHED})
@@ -190,10 +148,6 @@ set(USE_ED448 ${ENABLE_ED448})
 set(HAVE_MDNS_SUPPORT ${ENABLE_DRAFT_MDNS_SUPPORT})
 set(STUB_NATIVE_DNSSEC ${ENABLE_NATIVE_STUB_DNSSEC})
 
-set(USE_LIBEV ${BUILD_LIBEV})
-set(USE_LIBEVENT2 ${BUILD_LIBEVENT2})
-set(USE_LIBUV ${BUILD_LIBUV})
-
 option(ENABLE_DEBUG_KEEP_CONNECTIONS_OPEN "Disable connection idle timeout. Do not enable.")
 mark_as_advanced(ENABLE_DEBUG_KEEP_CONNECTIONS_OPEN)
 set(KEEP_CONNECTIONS_OPEN_DEBUG ${ENABLE_DEBUG_KEEP_CONNECTIONS_OPEN})
@@ -262,7 +216,6 @@ check_include_file(inttypes.h HAVE_INTTYPES_H)
 check_include_file(limits.h HAVE_LIMITS_H)
 check_include_file(sys/limits.h HAVE_SYS_LIMITS_H)
 check_include_file(stdarg.h HAVE_STDARG_H)
-check_include_file(stddef.h HAVE_STDDEF_H)
 check_include_file(stdint.h HAVE_STDINT_H)
 check_include_file(stdio.h HAVE_STDIO_H)
 check_include_file(stdlib.h HAVE_STDLIB_H)
@@ -338,12 +291,8 @@ check_include_file(openssl/err.h HAVE_OPENSSL_ERR_H)
 check_include_file(openssl/rand.h HAVE_OPENSSL_RAND_H)
 check_include_file(openssl/conf.h HAVE_OPENSSL_CONF_H)
 check_include_file(openssl/engine.h HAVE_OPENSSL_ENGINE_H)
-check_include_file(openssl/bn.h HAVE_OPENSSL_BN_H)
-check_include_file(openssl/dsa.h HAVE_OPENSSL_DSA_H)
-check_include_file(openssl/rsa.h HAVE_OPENSSL_RSA_H)
-check_include_file(openssl/param_build.h HAVE_OPENSSL_PARAM_BUILD_H)
 
-set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES} ${getdns_system_libs})
+set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES})
 check_function_exists(DSA_SIG_set0 HAVE_DSA_SIG_SET0)
 check_function_exists(DSA_set0_pqg HAVE_DSA_SET0_PQG)
 check_function_exists(DSA_set0_key HAVE_DSA_SET0_KEY)
@@ -374,8 +323,6 @@ check_function_exists(SSL_set_ciphersuites HAVE_SSL_SET_CIPHERSUITES)
 
 check_function_exists(OPENSSL_init_crypto HAVE_OPENSSL_INIT_CRYPTO)
 
-check_function_exists(OSSL_PARAM_BLD_new HAVE_OSSL_PARAM_BLD_NEW)
-
 check_symbol_exists(SSL_dane_enable "openssl/ssl.h" HAVE_SSL_DANE_ENABLE)
 check_symbol_exists(SSL_CTX_set1_curves_list "openssl/ssl.h" HAVE_DECL_SSL_CTX_SET1_CURVES_LIST)
 check_symbol_exists(SSL_set1_curves_list "openssl/ssl.h" HAVE_DECL_SSL_SET1_CURVES_LIST)
@@ -413,19 +360,14 @@ endif()
 # handle digital signature algorithms. GnuTLS uses Nettle internally.
 if (USE_GNUTLS)
   find_package(GnuTLS "3.5.0" REQUIRED)
-  find_package(Nettle "3.2" REQUIRED)
+  find_package(Nettle REQUIRED)
 
   set(tlsdir "gnutls")
   set(HAVE_NETTLE 1)
 
   set(CMAKE_REQUIRED_INCLUDES ${NETTLE_INCLUDE_DIR})
-set(CMAKE_REQUIRED_LIBRARIES ${NETTLE_LIBRARIES})
   check_include_file(nettle/dsa-compat.h HAVE_NETTLE_DSA_COMPAT_H)
   check_include_file(nettle/eddsa.h HAVE_NETTLE_EDDSA_H)
-
-  # API change in Nettle 3.4.
-  check_symbol_exists(nettle_get_secp_256r1 "nettle/ecc-curve.h" HAVE_NETTLE_GET_SECP_256R1)
-  check_symbol_exists(nettle_get_secp_384r1 "nettle/ecc-curve.h" HAVE_NETTLE_GET_SECP_384R1)
 endif()
 
 # Sort out what signature algorithms can be used.
@@ -443,7 +385,7 @@ endif ()
 
 if (USE_ED448)
   if (USE_GNUTLS)
-    message(WARNING "ED448 enabled and Nettle support not implemented. Disabled.")
+    message(WARNING "ED448 enabled and Nettle does not support it. Disabled.")
     unset(USE_ED448)
   elseif (NOT HAVE_SSL_ED448)
     message(WARNING "ED448 enabled and OpenSSL does not support it. Disabled.")
@@ -499,19 +441,9 @@ if (NOT ENABLE_STUB_ONLY)
 
   set(CMAKE_REQUIRED_INCLUDES ${LIBUNBOUND_INCLUDE_DIR})
   set(CMAKE_REQUIRED_LIBRARIES ${LIBUNBOUND_LIBRARIES})
-
-  check_symbol_exists(ub_ctx_set_stub "unbound.h" HAVE_UB_CTX_SET_STUB)
-
-  if (ENABLE_UNBOUND_EVENT_API)
   check_include_file(unbound-event.h HAVE_UNBOUND_EVENT_H)
   check_symbol_exists(ub_ctx_create_ub_event "unbound-event.h" HAVE_UNBOUND_EVENT_API)
-  endif ()
-else ()
-  # Ensure we're not using libunbound items.
-  set(HAVE_LIBUNBOUND 0)
-  set(HAVE_UNBOUND_EVENT_H 0)
-  set(HAVE_UNBOUND_EVENT_API 0)
-  set(HAVE_UB_CTX_SET_STUB 0)
+  check_symbol_exists(ub_ctx_set_stub "unbound-event.h" HAVE_UB_CTX_SET_STUB)
 endif ()
 
 # Event loop extension
@@ -541,21 +473,9 @@ set(STRPTIME_TEST_SOURCE "\n
   if (!res) return 1; return 0; }")
 
 if (HAVE_STRPTIME)
-  if (CMAKE_CROSSCOMPILING)
-    if (NOT FORCE_COMPAT_STRPTIME)
-      message(WARNING "Assuming strptime() is POSIX compliant with %t matching any white space. Specify FORCE_COMPAT_STRPTIME on non-compliant platforms e.g. BSD derived.")
-      set(STRPTIME_WORKS 1)
-    endif ()
-  else ()
   check_c_source_runs("${STRPTIME_TEST_SOURCE}" STRPTIME_WORKS)
-  endif ()
 endif ()
 
-try_compile(HAVE___FUNC__
-  ${CMAKE_CURRENT_BINARY_DIR}
-  ${CMAKE_CURRENT_SOURCE_DIR}/cmake/tests/test___func__.c
-)
-
 # TCP Fast Open.
 if (NOT ENABLE_TCP_FAST_OPEN)
   message(WARNING "TCP Fast Open disabled.")
@@ -576,8 +496,6 @@ else ()
   endif ()
 endif ()
 
-check_symbol_exists(TCP_USER_TIMEOUT "sys/socket.h;netinet/tcp.h" HAVE_DECL_TCP_USER_TIMEOUT)
-
 # Main library
 add_library(getdns_objects OBJECT
   src/anchor.c
@@ -688,6 +606,9 @@ if (NOT HAVE_SSL_DANE_ENABLE)
   target_include_directories(getdns_objects PRIVATE src/ssl_dane)
   set(USE_DANESSL 1)
 endif ()
+if (Libidn_FOUND)
+  target_include_directories(getdns_objects PRIVATE ${LIBIDN_INCLUDE_DIR})
+endif ()
 if (Libidn2_FOUND)
   target_include_directories(getdns_objects PRIVATE ${LIBIDN2_INCLUDE_DIR})
 endif ()
@@ -721,6 +642,9 @@ if (ENABLE_STATIC)
   if (Libunbound_FOUND)
     target_link_libraries(getdns PUBLIC Libunbound::Libunbound)
   endif ()
+  if (Libidn_FOUND)
+    target_link_libraries(getdns PUBLIC Libidn::Libidn)
+  endif ()
   if (Libidn2_FOUND)
     target_link_libraries(getdns PUBLIC Libidn2::Libidn2)
   endif ()
@@ -750,6 +674,9 @@ if (ENABLE_SHARED)
   if (Libunbound_FOUND)
     target_link_libraries(getdns_shared PUBLIC Libunbound::Libunbound)
   endif ()
+  if (Libidn_FOUND)
+    target_link_libraries(getdns_shared PUBLIC Libidn::Libidn)
+  endif ()
   if (Libidn2_FOUND)
     target_link_libraries(getdns_shared PUBLIC Libidn2::Libidn2)
   endif ()
@@ -790,32 +717,31 @@ if (USE_LIBEV)
     set_property(TARGET ev_objects PROPERTY POSITION_INDEPENDENT_CODE 1)
     set_property(TARGET ev_objects PROPERTY C_STANDARD 11)
     if (ENABLE_STATIC)
-      add_library(getdns_ext_ev STATIC $<TARGET_OBJECTS:ev_objects>)
-      target_include_directories(getdns_ext_ev PRIVATE Libev::Libev)
-      target_link_libraries(getdns_ext_ev PUBLIC getdns Libev::Libev)
+      add_library(getdns_ex_ev STATIC $<TARGET_OBJECTS:ev_objects>)
+      target_include_directories(getdns_ex_ev PRIVATE Libev::Libev)
+      target_link_libraries(getdns_ex_ev PUBLIC getdns Libev::Libev)
       if (Libunbound_FOUND)
-        target_link_libraries(getdns_ext_ev PUBLIC Libunbound::Libunbound)
+        target_link_libraries(getdns_ex_ev PUBLIC Libunbound::Libunbound)
       endif ()
-      set_target_properties(getdns_ext_ev PROPERTIES OUTPUT_NAME getdns_ext_ev${static_lib_suffix})
+      set_target_properties(getdns_ex_ev PROPERTIES OUTPUT_NAME getdns_ex_ev${static_lib_suffix})
     endif ()
     if (ENABLE_SHARED)
-      add_library(getdns_ext_ev_shared SHARED $<TARGET_OBJECTS:ev_objects>)
-      target_include_directories(getdns_ext_ev_shared PRIVATE Libev::Libev)
-      target_link_libraries(getdns_ext_ev_shared PUBLIC getdns_shared Libev::Libev)
+      add_library(getdns_ex_ev_shared SHARED $<TARGET_OBJECTS:ev_objects>)
+      target_include_directories(getdns_ex_ev_shared PRIVATE Libev::Libev)
+      target_link_libraries(getdns_ex_ev_shared PUBLIC getdns_shared Libev::Libev)
       if (Libunbound_FOUND)
-        target_link_libraries(getdns_ext_ev_shared PUBLIC Libunbound::Libunbound)
+        target_link_libraries(getdns_ex_ev_shared PUBLIC Libunbound::Libunbound)
       endif ()
-      set_target_properties(getdns_ext_ev_shared PROPERTIES OUTPUT_NAME getdns_ext_ev)
-      target_shared_library_version(getdns_ext_ev_shared ${GETDNS_VERSION_CURRENT} ${GETDNS_VERSION_REVISION} ${GETDNS_VERSION_AGE})
+      set_target_properties(getdns_ex_ev_shared PROPERTIES OUTPUT_NAME getdns_ex_ev)
+      target_shared_library_version(getdns_ex_ev_shared ${GETDNS_VERSION_CURRENT} ${GETDNS_VERSION_REVISION} ${GETDNS_VERSION_AGE})
       file(STRINGS src/extension/libev.symbols symbols)
-      target_shared_library_exports(getdns_ext_ev_shared getdns_ext_ev "${symbols}")
+      target_shared_library_exports(getdns_ex_ev_shared getdns_ex_ev "${symbols}")
       if (NOT ENABLE_STATIC)
-        add_library(getdns_ext_ev ALIAS getdns_ext_ev_shared)
+        add_library(getdns_ex_ev ALIAS getdns_ex_ev_shared)
       endif ()
     endif ()
   else ()
-    message(WARNING "Libev support library build requested, but libev not found. Disabled.")
-    unset(USE_LIBEV)
+    message(FATAL_ERROR "Libev required but not found.")
   endif ()
 endif ()
 
@@ -841,32 +767,31 @@ if (USE_LIBEVENT2)
     set_property(TARGET event2_objects PROPERTY POSITION_INDEPENDENT_CODE 1)
     set_property(TARGET event2_objects PROPERTY C_STANDARD 11)
     if (ENABLE_STATIC)
-      add_library(getdns_ext_event STATIC $<TARGET_OBJECTS:event2_objects>)
-      target_include_directories(getdns_ext_event PRIVATE Libevent2::Libevent_code)
-      target_link_libraries(getdns_ext_event PUBLIC getdns Libevent2::Libevent_core)
+      add_library(getdns_ex_event STATIC $<TARGET_OBJECTS:event2_objects>)
+      target_include_directories(getdns_ex_event PRIVATE Libevent2::Libevent_code)
+      target_link_libraries(getdns_ex_event PUBLIC getdns Libevent2::Libevent_core)
       if (Libunbound_FOUND)
-        target_link_libraries(getdns_ext_event PUBLIC Libunbound::Libunbound)
+        target_link_libraries(getdns_ex_event PUBLIC Libunbound::Libunbound)
       endif ()
-      set_target_properties(getdns_ext_event PROPERTIES OUTPUT_NAME getdns_ext_event${static_lib_suffix})
+      set_target_properties(getdns_ex_event PROPERTIES OUTPUT_NAME getdns_ex_event${static_lib_suffix})
     endif ()
     if (ENABLE_SHARED)
-      add_library(getdns_ext_event_shared SHARED $<TARGET_OBJECTS:event2_objects>)
-      target_include_directories(getdns_ext_event_shared PRIVATE Libevent2::Libevent_code)
-      target_link_libraries(getdns_ext_event_shared PUBLIC getdns_shared Libevent2::Libevent_core)
+      add_library(getdns_ex_event_shared SHARED $<TARGET_OBJECTS:event2_objects>)
+      target_include_directories(getdns_ex_event_shared PRIVATE Libevent2::Libevent_code)
+      target_link_libraries(getdns_ex_event_shared PUBLIC getdns_shared Libevent2::Libevent_core)
       if (Libunbound_FOUND)
-        target_link_libraries(getdns_ext_event_shared PUBLIC Libunbound::Libunbound)
+        target_link_libraries(getdns_ex_event_shared PUBLIC Libunbound::Libunbound)
       endif ()
-      set_target_properties(getdns_ext_event_shared PROPERTIES OUTPUT_NAME getdns_ext_event)
-      target_shared_library_version(getdns_ext_event_shared ${GETDNS_VERSION_CURRENT} ${GETDNS_VERSION_REVISION} ${GETDNS_VERSION_AGE})
+      set_target_properties(getdns_ex_event_shared PROPERTIES OUTPUT_NAME getdns_ex_event)
+      target_shared_library_version(getdns_ex_event_shared ${GETDNS_VERSION_CURRENT} ${GETDNS_VERSION_REVISION} ${GETDNS_VERSION_AGE})
       file(STRINGS src/extension/libevent.symbols symbols)
-      target_shared_library_exports(getdns_ext_event_shared getdns_ext_event "${symbols}")
+      target_shared_library_exports(getdns_ex_event_shared getdns_ex_event "${symbols}")
       if (NOT ENABLE_STATIC)
-        add_library(getdns_ext_event ALIAS getdns_ext_event_shared)
+        add_library(getdns_ex_event ALIAS getdns_ex_event_shared)
       endif ()
     endif ()
   else ()
-    message(WARNING "Libevent2 support library build requested, but libevent2 not found. Disabled.")
-    unset(USE_LIBEVENT2)
+    message(FATAL_ERROR "Libevent2 required but not found.")
   endif ()
 endif ()
 
@@ -893,32 +818,31 @@ if (USE_LIBUV)
     set_property(TARGET uv_objects PROPERTY POSITION_INDEPENDENT_CODE 1)
     set_property(TARGET uv_objects PROPERTY C_STANDARD 11)
     if (ENABLE_STATIC)
-      add_library(getdns_ext_uv STATIC $<TARGET_OBJECTS:uv_objects>)
-      target_include_directories(getdns_ext_uv PRIVATE Libuv::Libuv)
-      target_link_libraries(getdns_ext_uv PUBLIC getdns Libuv::Libuv)
+      add_library(getdns_ex_uv STATIC $<TARGET_OBJECTS:uv_objects>)
+      target_include_directories(getdns_ex_uv PRIVATE Libuv::Libuv)
+      target_link_libraries(getdns_ex_uv PUBLIC getdns Libuv::Libuv)
       if (Libunbound_FOUND)
-        target_link_libraries(getdns_ext_uv PUBLIC Libunbound::Libunbound)
+        target_link_libraries(getdns_ex_uv PUBLIC Libunbound::Libunbound)
       endif ()
-      set_target_properties(getdns_ext_uv PROPERTIES OUTPUT_NAME getdns_ext_uv${static_lib_suffix})
+      set_target_properties(getdns_ex_uv PROPERTIES OUTPUT_NAME getdns_ex_uv${static_lib_suffix})
     endif ()
     if (ENABLE_SHARED)
-      add_library(getdns_ext_uv_shared SHARED $<TARGET_OBJECTS:uv_objects>)
-      target_include_directories(getdns_ext_uv_shared PRIVATE Libuv::Libuv)
-      target_link_libraries(getdns_ext_uv_shared PUBLIC getdns_shared Libuv::Libuv)
+      add_library(getdns_ex_uv_shared SHARED $<TARGET_OBJECTS:uv_objects>)
+      target_include_directories(getdns_ex_uv_shared PRIVATE Libuv::Libuv)
+      target_link_libraries(getdns_ex_uv_shared PUBLIC getdns_shared Libuv::Libuv)
       if (Libunbound_FOUND)
-        target_link_libraries(getdns_ext_uv_shared PUBLIC Libunbound::Libunbound)
+        target_link_libraries(getdns_ex_uv_shared PUBLIC Libunbound::Libunbound)
       endif ()
-      set_target_properties(getdns_ext_uv_shared PROPERTIES OUTPUT_NAME getdns_ext_uv)
-      target_shared_library_version(getdns_ext_uv_shared ${GETDNS_VERSION_CURRENT} ${GETDNS_VERSION_REVISION} ${GETDNS_VERSION_AGE})
+      set_target_properties(getdns_ex_uv_shared PROPERTIES OUTPUT_NAME getdns_ex_uv)
+      target_shared_library_version(getdns_ex_uv_shared ${GETDNS_VERSION_CURRENT} ${GETDNS_VERSION_REVISION} ${GETDNS_VERSION_AGE})
       file(STRINGS src/extension/libuv.symbols symbols)
-      target_shared_library_exports(getdns_ext_uv_shared getdns_ext_uv "${symbols}")
+      target_shared_library_exports(getdns_ex_uv_shared getdns_ex_uv "${symbols}")
       if (NOT ENABLE_STATIC)
-        add_library(getdns_ext_uv ALIAS getdns_ext_uv_shared)
+        add_library(getdns_ex_uv ALIAS getdns_ex_uv_shared)
       endif ()
     endif ()
   else ()
-    message(WARNING "Libuv support library build requested, but libuv not found. Disabled.")
-    unset(USE_LIBUV)
+    message(FATAL_ERROR "Libuv required but not found.")
   endif ()
 endif ()
 
@@ -975,7 +899,7 @@ if (BUILD_TESTING)
 
     if (USE_LIBEVENT2)
       add_executable(check_getdns_event ${GETDNS_TEST_SOURCE_FILES})
-      target_link_libraries(check_getdns_event PRIVATE ${GETDNS_TEST_LINK_LIBS} getdns_ext_event)
+      target_link_libraries(check_getdns_event PRIVATE ${GETDNS_TEST_LINK_LIBS} getdns_ex_event)
       add_test(NAME test_libevent COMMAND check_getdns_event)
       set_property(TEST test_libevent PROPERTY
         ENVIRONMENT "GETDNS_TEST_PORT=44321;CK_TIMEOUT_MULTIPLIER=2;CK_LOG_FILE_NAME=check_getdns_event.log"
@@ -984,7 +908,7 @@ if (BUILD_TESTING)
 
     if (USE_LIBEV)
       add_executable(check_getdns_ev ${GETDNS_TEST_SOURCE_FILES})
-      target_link_libraries(check_getdns_ev PRIVATE ${GETDNS_TEST_LINK_LIBS} getdns_ext_ev)
+      target_link_libraries(check_getdns_ev PRIVATE ${GETDNS_TEST_LINK_LIBS} getdns_ex_ev)
       add_test(NAME test_libev COMMAND check_getdns_ev)
       set_property(TEST test_libev PROPERTY
         ENVIRONMENT "GETDNS_TEST_PORT=45321;CK_TIMEOUT_MULTIPLIER=2;CK_LOG_FILE_NAME=check_getdns_ev.log"
@@ -993,7 +917,7 @@ if (BUILD_TESTING)
 
     if (USE_LIBUV)
       add_executable(check_getdns_uv ${GETDNS_TEST_SOURCE_FILES})
-      target_link_libraries(check_getdns_uv PRIVATE ${GETDNS_TEST_LINK_LIBS} getdns_ext_uv)
+      target_link_libraries(check_getdns_uv PRIVATE ${GETDNS_TEST_LINK_LIBS} getdns_ex_uv)
       add_test(NAME test_libuv COMMAND check_getdns_uv)
       set_property(TEST test_libuv PROPERTY
         ENVIRONMENT "GETDNS_TEST_PORT=46321;CK_TIMEOUT_MULTIPLIER=2;CK_LOG_FILE_NAME=check_getdns_uv.log"
@@ -1027,8 +951,6 @@ if (BUILD_TESTING)
 endif ()
 
 # Substitutions in files.
-string(TOUPPER "${CMAKE_BUILD_TYPE}" GETDNS_BUILD_RELTYPE)
-string(REPLACE "\"" "\\\"" GETDNS_BUILD_CFLAGS "${CMAKE_C_FLAGS} ${CMAKE_C_FLAGS_${GETDNS_BUILD_RELTYPE}}")
 configure_file(cmake/include/cmakeconfig.h.in config.h)
 configure_file(src/getdns/getdns.h.in getdns/getdns.h)
 configure_file(src/getdns/getdns_extra.h.in getdns/getdns_extra.h)
@@ -1061,48 +983,47 @@ foreach (man ${mans})
 endforeach()
 
 set(prefix ${CMAKE_INSTALL_PREFIX})
-cmake_path(APPEND libdir_for_pc_file "\${prefix}" "${CMAKE_INSTALL_LIBDIR}")
-cmake_path(APPEND includedir_for_pc_file "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}")
 configure_file(getdns.pc.in getdns.pc @ONLY)
 
 # Installing.
 if (ENABLE_STATIC)
-  install(TARGETS getdns LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+  install(TARGETS getdns LIBRARY DESTINATION lib ARCHIVE DESTINATION lib)
   if (USE_LIBEV)
-    install(TARGETS getdns_ext_ev LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+    install(TARGETS getdns_ex_ev LIBRARY DESTINATION lib ARCHIVE DESTINATION lib)
   endif ()
   if (USE_LIBEVENT2)
-    install(TARGETS getdns_ext_event LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+    install(TARGETS getdns_ex_event LIBRARY DESTINATION lib ARCHIVE DESTINATION lib)
   endif ()
   if (USE_LIBUV)
-    install(TARGETS getdns_ext_uv LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+    install(TARGETS getdns_ex_uv LIBRARY DESTINATION lib ARCHIVE DESTINATION lib)
   endif ()
 endif ()
 if (ENABLE_SHARED)
-  install(TARGETS getdns_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+  install(TARGETS getdns_shared LIBRARY DESTINATION lib ARCHIVE DESTINATION lib)
   if (USE_LIBEV)
-    install(TARGETS getdns_ext_ev_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+    install(TARGETS getdns_ex_ev_shared LIBRARY DESTINATION lib ARCHIVE DESTINATION lib)
   endif ()
   if (USE_LIBEVENT2)
-    install(TARGETS getdns_ext_event_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+    install(TARGETS getdns_ex_event_shared LIBRARY DESTINATION lib ARCHIVE DESTINATION lib)
   endif ()
   if (USE_LIBUV)
-    install(TARGETS getdns_ext_uv_shared LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+    install(TARGETS getdns_ex_uv_shared LIBRARY DESTINATION lib ARCHIVE DESTINATION lib)
   endif ()
 endif ()
 if (BUILD_GETDNS_QUERY)
-  install(TARGETS getdns_query RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+  install(TARGETS getdns_query RUNTIME DESTINATION bin)
 endif ()
 if (BUILD_GETDNS_SERVER_MON)
-  install(TARGETS getdns_server_mon RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+  install(TARGETS getdns_server_mon RUNTIME DESTINATION bin)
 endif ()
 
-install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/getdns DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
-install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/man3 DESTINATION ${CMAKE_INSTALL_MANDIR})
+install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/getdns DESTINATION include)
+install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/man3 DESTINATION share/man)
 
-install(FILES AUTHORS ChangeLog COPYING LICENSE NEWS README.md DESTINATION ${CMAKE_INSTALL_DOCDIR})
-install(FILES spec/index.html DESTINATION ${CMAKE_INSTALL_DOCDIR}/spec)
-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/getdns.pc DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+set(docdir share/doc/getdns)
+install(FILES AUTHORS ChangeLog COPYING LICENSE NEWS README.md DESTINATION ${docdir})
+install(FILES spec/index.html DESTINATION ${docdir}/spec)
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/getdns.pc DESTINATION lib/pkgconfig)
 
 install(CODE "message(\"\
 ***\n\
@@ -1146,17 +1067,17 @@ if (BUILD_EXAMPLES)
   if (USE_LIBEVENT2)
     add_executable(example-simple-answers spec/example/example-simple-answers.c)
     target_include_directories(example-simple-answers PRIVATE spec/example)
-    target_link_libraries(example-simple-answers PRIVATE getdns getdns_ext_event)
+    target_link_libraries(example-simple-answers PRIVATE getdns getdns_ex_event)
     set_property(TARGET example-simple-answers PROPERTY C_STANDARD 11)
 
     add_executable(example-tree spec/example/example-tree.c)
     target_include_directories(example-tree PRIVATE spec/example)
-    target_link_libraries(example-tree PRIVATE getdns getdns_ext_event)
+    target_link_libraries(example-tree PRIVATE getdns getdns_ex_event)
     set_property(TARGET example-tree PROPERTY C_STANDARD 11)
 
     add_executable(example-reverse spec/example/example-reverse.c)
     target_include_directories(example-reverse PRIVATE spec/example)
-    target_link_libraries(example-reverse PRIVATE getdns getdns_ext_event)
+    target_link_libraries(example-reverse PRIVATE getdns getdns_ex_event)
     set_property(TARGET example-reverse PROPERTY C_STANDARD 11)
   else ()
     message(WARNING "\

ChangeLog

@@ -1,71 +1,3 @@
-* 2023-??-??: Version 1.7.4
-  * Issue #536: Broken trust anchor files are silently ignored
-    Thanks Stéphane Bortzmeyer
-
-* 2022-12-22: Version 1.7.3
-  * PR #532: Increase CMake required version 3.5 -> 3.20, because we
-    need cmake_path for Absolute paths in pkg-config (See Issue #517)
-    Thanks Gabriel Ganne
-  * Updated to Stubby 0.4.3 quickfix release
-
-* 2022-08-19: Version 1.7.2
-  * Updated to Stubby 0.4.2 quickfix release
-
-* 2022-08-19: Version 1.7.1
-  * Always send the `dot` ALPN when using DoT
-  * Strengthen version determination for Libidn2 during cmake processing
-    (thanks jpbion).
-  * Fix for issue in UDP stream selection in case of timeouts.
-    Thanks Shikha Sharma
-  * Fix using asterisk in ipstr for any address. Thanks uzlonewolf.
-  * Issue stubby#295: rdata not correctly written for validation for
-    certain RR type. Also, set default built type to RelWithDebInfo and
-    expose CFLAGS via GETDNS_BUILD_CFLAGS define and via
-    getdns_context_get_api_information()
-  * Issue #524: Bug fixes from submodules' upstream?
-    Thanks Johnnyslee
-  * Issue #517: Allow Absolute path CMAKE_INSTALL_{INCLUDE,LIB}DIR in
-    pkg-config files. Thanks Alex Shpilkin
-  * Issue #512: Update README.md to show correct PGP key location.
-    Thanks Katze Prior.
-
-* 2021-06-04: Version 1.7.0
-  * Make TLS Handshake timeout max 4/5th of timeout for the query,
-    just like connection setup timeout was, so fallback transport
-    have a chance too when TCP connection setup is less well
-    detectable (as with TCP_FASTOPEN on MacOS).
-  * Issue #466: Memory leak with retrying queries (for examples
-    with search paths). Thanks doublez13.
-  * Issue #480: Handling of strptime when Cross compiling with CMake.
-    A new option to FORCE_COMPAT_STRPTIME (default disabled) will
-    (when disabled) make cmake assume the target platform has a POSIX
-    compatible strptime when cross-compiling.
-  * Setting of the number of milliseconds send data may remain
-    unacknowledged by the peer in a TCP connection (when supported 
-    by the OS) with getdns_context_set_tcp_send_timeout()
-    Thanks maciejsszmigiero.
-  * Issue #497: Fix typo in CMAKE included files, so Stubby can use
-    TLS v1.3 with chipersuites options ON. Thanks har-riz.
-  * Basic name compression on server replied messages. Thanks amialkow!
-    This alleviates (but might not completely resolve) issues #495 and
-    #320 .
-  * Eventloop extensions back to the old names libgetdns_ext_event,
-    libgetdns_ext_ev and libgetdns_ext_uv.
-  * Compilation warning fixes. Thanks Andreas!
-
-* 2020-02-28: Version 1.6.0
-  * Issues #457, #458, #461: New symbols with libnettle >= 3.4.
-    Thanks hanvinke & kometchtech for testing & reporting.
-  * Issue #432: answer_ipv4_address and answer_ipv6_address in reply
-    and response dicts.
-  * Issue #430: Record and guard UDP max payload size with servers.
-  * Issue #407: Run only offline-tests option with:
-    src/test/tpkg/run-offline-only.sh (only with git checkouts).
-  * Issue #175: Include the packet the stub resolver sent to  the
-    upstream the call_reporting dict. Thanks Tom Pusateri
-  * Issue #169: Build eventloop support libraries if event libraries
-    are available. Thanks Tom Pusateri
-
 * 2019-12-20: Version 1.6.0-beta.1
   * Migration of build system to cmake. Build now works on Ubuntu,
     Windows 10 and macOS.

README.md

@@ -48,7 +48,7 @@ Once it is built you should take a look at `spec/example` to see how the library
 Download the sources from our [github repo](https://github.com/getdnsapi/getdns) 
 or from [getdnsapi.net](https://getdnsapi.net) and verify the download using
 the checksums (SHA1 or MD5) or using gpg to verify the signature.  Our keys are
-available from the [openpgp keyserver](https://keys.openpgp.org/)
+available from the [pgp keyservers](https://keyserver.pgp.com)
 
 * `willem@nlnetlabs.nl`, key id E5F8F8212F77A498
 

cmake/include/cmakeconfig.h.in

@@ -15,7 +15,6 @@
 #cmakedefine HAVE_LIMITS_H      1
 #cmakedefine HAVE_SYS_LIMITS_H  1
 #cmakedefine HAVE_STDARG_H      1
-#cmakedefine HAVE_STDDEF_H      1
 #cmakedefine HAVE_STDINT_H      1
 #cmakedefine HAVE_STDIO_H       1
 #cmakedefine HAVE_STDLIB_H      1
@@ -59,10 +58,6 @@
 #cmakedefine HAVE_OPENSSL_RAND_H        1
 #cmakedefine HAVE_OPENSSL_CONF_H        1
 #cmakedefine HAVE_OPENSSL_ENGINE_H      1
-#cmakedefine HAVE_OPENSSL_BN_H          1
-#cmakedefine HAVE_OPENSSL_DSA_H         1
-#cmakedefine HAVE_OPENSSL_RSA_H         1
-#cmakedefine HAVE_OPENSSL_PARAM_BUILD_H 1
 
 #cmakedefine HAVE_DSA_SIG_SET0		1
 #cmakedefine HAVE_DSA_SET0_PQG		1
@@ -84,22 +79,17 @@
 
 #cmakedefine HAVE_HMAC_CTX_NEW		1
 
-#cmakedefine HAVE_NETTLE_GET_SECP_256R1	1
-#cmakedefine HAVE_NETTLE_GET_SECP_384R1	1
-
 #cmakedefine HAVE_TLS_CLIENT_METHOD	1
 
 #cmakedefine HAVE_OPENSSL_VERSION_NUM	1
 #cmakedefine HAVE_OPENSSL_VERSION	1
 
 #cmakedefine HAVE_SSL_CTX_DANE_ENABLE	1
-#cmakedefine HAVE_SSL_CTX_SET_CIPHERSUITES	1
-#cmakedefine HAVE_SSL_SET_CIPHERSUITES	1
+#cmakedefine HAVE_SSL_CTX_SET_CIPHERSUITS	1
+#cmakedefine HAVE_SSL_SET_CIPHERSUITS	1
 
 #cmakedefine HAVE_OPENSSL_INIT_CRYPTO	1
 
-#cmakedefine HAVE_OSSL_PARAM_BLD_NEW	1
-
 #cmakedefine HAVE_SSL_DANE_ENABLE			1
 #cmakedefine HAVE_DECL_SSL_CTX_SET1_CURVES_LIST		1
 #cmakedefine HAVE_DECL_SSL_SET1_CURVES_LIST		1
@@ -218,15 +208,11 @@
 
 #cmakedefine USE_OSX_TCP_FASTOPEN	1
 
-#cmakedefine HAVE_DECL_TCP_USER_TIMEOUT	1
-
 #cmakedefine HAVE_NEW_UV_TIMER_CB	1
 
 #cmakedefine HAVE_TARGET_ENDIANNESS
 #cmakedefine TARGET_IS_BIG_ENDIAN
 
-#cmakedefine HAVE___FUNC__		1
-
 #ifdef HAVE___FUNC__
 #define __FUNC__ __func__
 #else
@@ -242,10 +228,6 @@
 #  define FD_SETSIZE 1024
 # endif
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 /* the version of the windows API enabled */
 # ifndef WINVER
 #  define WINVER 0x0600 // 0x0502
@@ -312,11 +294,12 @@ extern "C" {
 #include <string.h>
 #endif
 
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
+#ifdef __cplusplus
+extern "C" {
 #endif
 
-#ifdef HAVE_STDDEF_H
+#if STDC_HEADERS
+#include <stdlib.h>
 #include <stddef.h>
 #endif
 
@@ -459,7 +442,7 @@ static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *fo
 #  define ATTR_UNUSED(x)  x
 #elif defined(__cplusplus)
 #  define ATTR_UNUSED(x)
-#elif defined(__GNUC__)
+#elif defined(HAVE_ATTR_UNUSED)
 #  define ATTR_UNUSED(x)  x __attribute__((unused))
 #else /* !HAVE_ATTR_UNUSED */
 #  define ATTR_UNUSED(x)  x

cmake/modules/FindCheck.cmake

@@ -28,62 +28,48 @@ This module will set the following variables in your project:
 
 #]=======================================================================]
 
-find_package(PkgConfig QUIET)
-if (PKG_CONFIG_FOUND)
-    pkg_check_modules(PkgCheck IMPORTED_TARGET GLOBAL check)
-endif ()
-
-if (PkgCheck_FOUND)
-  set(CHECK_INCLUDE_DIR ${PkgCheck_INCLUDE_DIRS} CACHE FILEPATH "check include path")
-  set(CHECK_LIBRARIES ${PkgCheck_LIBRARIES} CACHE STRING "check libraries")
-  set(CHECK_VERSION ${PkgCheck_VERSION})
-  add_library(Check::Check ALIAS PkgConfig::PkgCheck)
-  set(Check_FOUND ON)
-else ()
-  find_path(CHECK_INCLUDE_DIR check.h
+find_path(CHECK_INCLUDE_DIR check.h
   HINTS
   "${CHECK_DIR}"
   "${CHECK_DIR}/include"
   )
 
-  # Check for PIC and non-PIC libraries. If PIC present, use that
-  # in preference (as per Debian check.pc).
-  find_library(CHECK_LIBRARY NAMES check_pic libcheck_pic
+# Check for PIC and non-PIC libraries. If PIC present, use that
+# in preference (as per Debian check.pc).
+find_library(CHECK_LIBRARY NAMES check_pic libcheck_pic
   HINTS
   "${CHECK_DIR}"
   "${CHECK_DIR}/lib"
   )
 
-  if (NOT CHECK_LIBRARY)
+if (NOT CHECK_LIBRARY)
   find_library(CHECK_LIBRARY NAMES check libcheck
     HINTS
     "${CHECK_DIR}"
     "${CHECK_DIR}/lib"
     )
-  endif ()
+endif ()
 
-  set(_CHECK_LIBARIES "")
+set(CHECK_LIBRARIES "")
 
-  # Check may need the math, subunit and rt libraries on Unix
-  if (UNIX)
+# Check may need the math, subunit and rt libraries on Unix
+if (UNIX)
   find_library(CHECK_MATH_LIBRARY m)
   find_library(CHECK_RT_LIBRARY rt)
   find_library(CHECK_SUBUNIT_LIBRARY subunit)
 
   if (CHECK_MATH_LIBRARY)
-      list(APPEND _CHECK_LIBARIES "${CHECK_MATH_LIBRARY}")
+    list(APPEND CHECK_LIBRARIES "${CHECK_MATH_LIBRARY}")
   endif ()
   if (CHECK_RT_LIBRARY)
-      list(APPEND _CHECK_LIBARIES "${CHECK_RT_LIBRARY}")
+    list(APPEND CHECK_LIBRARIES "${CHECK_RT_LIBRARY}")
   endif ()
   if (CHECK_SUBUNIT_LIBRARY)
-      list(APPEND _CHECK_LIBARIES "${CHECK_SUBUNIT_LIBRARY}")
+    list(APPEND CHECK_LIBRARIES "${CHECK_SUBUNIT_LIBRARY}")
   endif ()
-  endif()
+endif()
 
-  set(CHECK_LIBRARIES ${_CHECK_LIBARIES} ${CHECK_LIBRARY} CACHE STRING "check libraries")
-
-  if (CHECK_INCLUDE_DIR AND CHECK_LIBRARY)
+if (CHECK_INCLUDE_DIR AND CHECK_LIBRARY)
   if (NOT TARGET Check::Check)
     add_library(Check::Check UNKNOWN IMPORTED)
     set_target_properties(Check::Check PROPERTIES
@@ -98,17 +84,15 @@ else ()
     file(STRINGS "${CHECK_INCLUDE_DIR}/check.h" CHECK_H REGEX "^#define CHECK_M[A-Z]+_VERSION")
     string(REGEX REPLACE "^.*\(([0-9]+)\).*\(([0-9]+)\).*\(([0-9]+)\).*$" "\\1.\\2.\\3" CHECK_VERSION "${CHECK_H}")
   endif ()
-  endif()
+endif()
 
-  list(APPEND CHECK_LIBRARIES "${CHECK_LIBRARY}")
+list(APPEND CHECK_LIBRARIES "${CHECK_LIBRARY}")
 
-  include(FindPackageHandleStandardArgs)
-  find_package_handle_standard_args(Check
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Check
   REQUIRED_VARS CHECK_LIBRARIES CHECK_INCLUDE_DIR
   VERSION_VAR CHECK_VERSION
   )
 
-endif()
-
 mark_as_advanced(CHECK_INCLUDE_DIR CHECK_LIBRARIES CHECK_LIBRARY
   CHECK_MATH_LIBRARY CHECK_RT_LIBRARY CHECK_SUBUNIT_LIBRARY)

cmake/modules/FindGnuTLS.cmake

@@ -30,41 +30,27 @@ This module will set the following variables in your project:
 
 #]=======================================================================]
 
-find_package(PkgConfig QUIET)
-if (PKG_CONFIG_FOUND)
-  pkg_check_modules(PkgGnuTLS IMPORTED_TARGET GLOBAL QUIET gnutls)
-  pkg_check_modules(PkgGnuTLSDane IMPORTED_TARGET GLOBAL QUIET gnutls-dane)
-endif ()
-
-if (PkgGnuTLS_FOUND AND PkgGnuTLSDane_FOUND)
-  set(GNUTLS_INCLUDE_DIR ${PkgGnuTLS_INCLUDE_DIRS} $PkgGnuTLSDane_INCLUDE_DIRS} CACHE FILEPATH "GnuTLS include path")
-  set(NETTLE_LIBRARIES ${PkgGnuTLS_LIBRARIES} ${PkgGnuTLSDane_LIBRARIES} CACHE STRING "GnuTLS libraries")
-  set(NETTLE_VERSION ${PkgGnuTLS_VERSION})
-  add_library(GnuTLS::GnuTLS ALIAS PkgConfig::PkgGnuTLS)
-  add_library(GnuTLS::Dane ALIAS PkgConfig::PkgGnuTLSDane)
-  set(GnuTLS_FOUND ON)
-else ()
-  find_path(GNUTLS_INCLUDE_DIR gnutls/gnutls.h
+find_path(GNUTLS_INCLUDE_DIR gnutls/gnutls.h
   HINTS
   "${GNUTLS_DIR}"
   "${GNUTLS_DIR}/include"
-  )
+)
 
-  find_library(GNUTLS_LIBRARY NAMES gnutls libgnutls
+find_library(GNUTLS_LIBRARY NAMES gnutls libgnutls
   HINTS
   "${GNUTLS_DIR}"
   "${GNUTLS_DIR}/lib"
-  )
+)
 
-  find_library(GNUTLS_DANE_LIBRARY NAMES gnutls-dane libgnutls-dane
+find_library(GNUTLS_DANE_LIBRARY NAMES gnutls-dane libgnutls-dane
   HINTS
   "${GNUTLS_DIR}"
   "${GNUTLS_DIR}/lib"
-  )
+)
 
-  set(_GNUTLS_LIBRARIES "")
+set(GNUTLS_LIBRARIES "")
 
-  if (GNUTLS_INCLUDE_DIR AND GNUTLS_LIBRARY AND GNUTLS_DANE_LIBRARY)
+if (GNUTLS_INCLUDE_DIR AND GNUTLS_LIBRARY AND GNUTLS_DANE_LIBRARY)
   if (NOT TARGET GnuTLS::GnuTLS)
     add_library(GnuTLS::GnuTLS UNKNOWN IMPORTED)
     set_target_properties(GnuTLS::GnuTLS PROPERTIES
@@ -86,16 +72,14 @@ else ()
     file(STRINGS "${GNUTLS_INCLUDE_DIR}/gnutls/gnutls.h" GNUTLS_VER_H REGEX "^#define GNUTLS_VERSION_(MAJOR|MINOR|PATCH) ")
     string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*_PATCH ([0-9]+).*$" "\\1.\\2.\\3c" GNUTLS_VERSION "${GNUTLS_VER_H}")
   endif ()
-  endif ()
+endif()
 
-  list(APPEND _GNUTLS_LIBRARIES "${GNUTLS_LIBRARY}" "${GNUTLS_DANE_LIBRARY}")
-  set(GNUTLS_LIBRARIES ${_GNUTLS_LIBRARIES} CACHE STRING "GnuTLS libraries")
+list(APPEND GNUTLS_LIBRARIES "${GNUTLS_LIBRARY}" "${GNUTLS_DANE_LIBRARY}")
 
-  include(FindPackageHandleStandardArgs)
-  find_package_handle_standard_args(GnuTLS
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(GnuTLS
   REQUIRED_VARS GNUTLS_LIBRARIES GNUTLS_INCLUDE_DIR
   VERSION_VAR GNUTLS_VERSION
   )
-endif ()
 
 mark_as_advanced(GNUTLS_INCLUDE_DIR GNUTLS_LIBRARIES GNUTLS_LIBRARY GNUTLS_DANE_LIBRARY)

cmake/modules/FindLibevent2.cmake

@@ -28,37 +28,27 @@ This module will set the following variables in your project:
 
 #]=======================================================================]
 
-find_package(PkgConfig QUIET)
-if (PKG_CONFIG_FOUND)
-    pkg_check_modules(PkgLibevent IMPORTED_TARGET GLOBAL QUIET libevent>=2)
-endif ()
-
-if (PkgLibevent_FOUND)
-  set(LIBEVENT2_INCLUDE_DIR ${PkgLibevent_INCLUDE_DIRS} CACHE FILEPATH "libevent2 include path")
-  set(LIBEVENT2_LIBRARIES ${PkgLibevent_LIBRARIES} CACHE STRING "libevent2 libraries")
-  set(LIBEVENT2_VERSION ${PkgLibevent_VERSION})
-  add_library(Libevent2::Libevent_core ALIAS PkgConfig::PkgLibevent)
-  set(Libevent2_FOUND ON)
-else ()
-  find_path(LIBEVENT2_INCLUDE_DIR event2/event.h
+find_path(LIBEVENT2_INCLUDE_DIR event2/event.h
   HINTS
   "${LIBEVENT2_DIR}"
   "${LIBEVENT2_DIR}/include"
-  )
+)
 
-  find_library(LIBEVENT2_LIBRARIES NAMES event_core libevent_core
+find_library(LIBEVENT2_LIBRARY NAMES event_core libevent_core
   HINTS
   "${LIBEVENT2_DIR}"
   "${LIBEVENT2_DIR}/lib"
-  )
+)
 
-  if (LIBEVENT2_INCLUDE_DIR AND LIBEVENT2_LIBRARIES)
+set(LIBEVENT2_LIBRARIES "")
+
+if (LIBEVENT2_INCLUDE_DIR AND LIBEVENT2_LIBRARY)
   if (NOT TARGET Libevent2::Libevent_core)
     add_library(Libevent2::Libevent_core UNKNOWN IMPORTED)
     set_target_properties(Libevent2::Libevent_core PROPERTIES
       INTERFACE_INCLUDE_DIRECTORIES "${LIBEVENT2_INCLUDE_DIR}"
       IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-        IMPORTED_LOCATION "${LIBEVENT2_LIBRARIES}"
+      IMPORTED_LOCATION "${LIBEVENT2_LIBRARY}"
       )
   endif ()
 
@@ -66,13 +56,14 @@ else ()
     file(STRINGS "${LIBEVENT2_INCLUDE_DIR}/event2/event-config.h" LIBEVENT2_H REGEX "^#define _?EVENT_+VERSION ")
     string(REGEX REPLACE "^.*EVENT_+VERSION \"([^\"]+)\".*$" "\\1" LIBEVENT2_VERSION "${LIBEVENT2_H}")
   endif ()
-  endif ()
+endif()
 
-  include(FindPackageHandleStandardArgs)
-  find_package_handle_standard_args(Libevent2
+list(APPEND LIBEVENT2_LIBRARIES "${LIBEVENT2_LIBRARY}")
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Libevent2
   REQUIRED_VARS LIBEVENT2_LIBRARIES LIBEVENT2_INCLUDE_DIR
   VERSION_VAR LIBEVENT2_VERSION
   )
-endif ()
 
-mark_as_advanced(LIBEVENT2_INCLUDE_DIR LIBEVENT2_LIBRARIES)
+mark_as_advanced(LIBEVENT2_INCLUDE_DIR LIBEVENT2_LIBRARIES LIBEVENT2_LIBRARY)

cmake/modules/FindLibidn2.cmake

@@ -28,50 +28,42 @@ This module will set the following variables in your project:
 
 #]=======================================================================]
 
-find_package(PkgConfig QUIET)
-if (PKG_CONFIG_FOUND)
-    pkg_check_modules(PkgLibIdn2 IMPORTED_TARGET GLOBAL libidn2)
-endif ()
-
-if (PkgLibIdn2_FOUND)
-  set(LIBIDN2_INCLUDE_DIR ${PkgLibIdn2_INCLUDE_DIRS} CACHE FILEPATH "libidn2 include path")
-  set(LIBIDN2_LIBRARIES ${PkgLibIdn2_LIBRARIES} CACHE STRING "libidn2 libraries")
-  set(LIBIDN2_VERSION ${PkgLibIdn2_VERSION})
-  add_library(Libidn2::Libidn2 ALIAS PkgConfig::PkgLibIdn2)
-  set(Libidn2_FOUND ON)
-else ()
-  find_path(LIBIDN2_INCLUDE_DIR idn2.h
+find_path(LIBIDN2_INCLUDE_DIR idn2.h
   HINTS
   "${LIBIDN2_DIR}"
   "${LIBIDN2_DIR}/include"
-  )
+)
 
-  find_library(LIBIDN2_LIBRARIES NAMES idn2 libidn2
+find_library(LIBIDN2_LIBRARY NAMES idn2 libidn2
   HINTS
   "${LIBIDN2_DIR}"
   "${LIBIDN2_DIR}/lib"
-  )
+)
 
-  if (LIBIDN2_INCLUDE_DIR AND LIBIDN2_LIBRARIES)
+set(LIBIDN2_LIBRARIES "")
+
+if (LIBIDN2_INCLUDE_DIR AND LIBIDN2_LIBRARY)
   if (NOT TARGET Libidn2::Libidn2)
     add_library(Libidn2::Libidn2 UNKNOWN IMPORTED)
     set_target_properties(Libidn2::Libidn2 PROPERTIES
       INTERFACE_INCLUDE_DIRECTORIES "${LIBIDN2_INCLUDE_DIR}"
       IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-        IMPORTED_LOCATION "${LIBIDN2_LIBRARIES}"
+      IMPORTED_LOCATION "${LIBIDN2_LIBRARY}"
       )
   endif ()
 
-    if (NOT LIBIDN2_VERSION AND LIBIDN2_INCLUDE_DIR AND EXISTS "${LIBIDN2_INCLUDE_DIR}/idn2.h")
-      file(STRINGS "${LIBIDN2_INCLUDE_DIR}/idn2.h" LIBIDN2_H REGEX "^[ \t]*#[ \t]*define[ \t]+IDN2_VERSION[ \t]")
-      string(REGEX REPLACE "^.*IDN2_VERSION[ \t]+\"([0-9.]+)\".*$" "\\1" LIBIDN2_VERSION "${LIBIDN2_H}")
+  if (NOT LIBIDN2_VERSION AND LIBIDN2_INCLUDE_DIR AND EXISTS "${LIBIDN2_INCLUDE_DIR}/unbound.h")
+    file(STRINGS "${LIBIDN2_INCLUDE_DIR}/idn2.h" LIBIDN2_H REGEX "^#define IDN2_VERSION ")
+    string(REGEX REPLACE "^.*IDN2_VERSION \"([0-9.]+)\".*$" "\\1" LIBIDN2_VERSION "${LIBIDN2_H}")
   endif ()
-  endif ()
-  include(FindPackageHandleStandardArgs)
-  find_package_handle_standard_args(Libidn2
+endif()
+
+list(APPEND LIBIDN2_LIBRARIES "${LIBIDN2_LIBRARY}")
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Libidn2
   REQUIRED_VARS LIBIDN2_LIBRARIES LIBIDN2_INCLUDE_DIR
   VERSION_VAR LIBIDN2_VERSION
   )
-endif ()
 
-mark_as_advanced(LIBIDN2_INCLUDE_DIR LIBIDN2_LIBRARIES)
+mark_as_advanced(LIBIDN2_INCLUDE_DIR LIBIDN2_LIBRARIES LIBIDN2_LIBRARY)

cmake/modules/FindLibunbound.cmake

@@ -28,41 +28,29 @@ This module will set the following variables in your project:
 
 #]=======================================================================]
 
-find_package(PkgConfig QUIET)
-if (PKG_CONFIG_FOUND)
-  pkg_check_modules(PkgLibunbound IMPORTED_TARGET GLOBAL QUIET libunbound)
-endif ()
-
-if (PkgLibunbound_FOUND)
-  set(LIBUNBOUND_INCLUDE_DIR ${PkgLibunbound_INCLUDE_DIRS} CACHE FILEPATH "libunbound include path")
-  set(LIBUNBOUND_LIBRARIES ${PkgLibunbound_LIBRARIES} CACHE STRING "libunbound libraries")
-  set(LIBUNBOUND_VERSION ${PkgLibunbound_VERSION})
-  add_library(Libunbound::Libunbound ALIAS PkgConfig::PkgLibunbound)
-  set(Libunbound_FOUND ON)
-else ()
-  find_path(LIBUNBOUND_INCLUDE_DIR unbound.h
+find_path(LIBUNBOUND_INCLUDE_DIR unbound.h
   HINTS
   "${LIBUNBOUND_DIR}"
   "${LIBUNBOUND_DIR}/include"
-  )
+)
 
-  find_library(LIBUNBOUND_LIBRARY NAMES unbound
+find_library(LIBUNBOUND_LIBRARY NAMES unbound
   HINTS
   "${LIBUNBOUND_DIR}"
   "${LIBUNBOUND_DIR}/lib"
-  )
+)
 
-  set(_LIBUNBOUND_LIBRARIES "")
+set(LIBUNBOUND_LIBRARIES "")
 
-  if (UNIX)
+if (UNIX)
   find_package(Threads REQUIRED)
   find_package(OpenSSL REQUIRED)
 
-    list(APPEND _LIBUNBOUND_LIBRARIES "${CMAKE_THREAD_LIBS_INIT}")
-    list(APPEND _LIBUNBOUND_LIBRARIES "${OPENSSL_LIBRARIES}")
-  endif()
+  list(APPEND LIBUNBOUND_LIBRARIES "${CMAKE_THREAD_LIBS_INIT}")
+  list(APPEND LIBUNBOUND_LIBRARIES "${OPENSSL_LIBRARIES}")
+endif()
 
-  if (LIBUNBOUND_INCLUDE_DIR AND LIBUNBOUND_LIBRARY)
+if (LIBUNBOUND_INCLUDE_DIR AND LIBUNBOUND_LIBRARY)
   if (NOT TARGET Libunbound::Libunbound)
     add_library(Libunbound::Libunbound UNKNOWN IMPORTED)
     set_target_properties(Libunbound::Libunbound PROPERTIES
@@ -89,16 +77,14 @@ else ()
     file(STRINGS "${LIBUNBOUND_INCLUDE_DIR}/unbound.h" LIBUNBOUND_H REGEX "^#define UNBOUND_VERSION_M[A-Z]+")
     string(REGEX REPLACE "^.*MAJOR ([0-9]+).*MINOR ([0-9]+).*MICRO ([0-9]+).*$" "\\1.\\2.\\3" LIBUNBOUND_VERSION "${LIBUNBOUND_H}")
   endif ()
-  endif ()
+endif()
 
-  list(APPEND _LIBUNBOUND_LIBRARIES "${LIBUNBOUND_LIBRARY}")
-  set(LIBUNBOUND_LIBRARIES ${_LIBUNBOUND_LIBRARIES} CACHE STRING "libunbound libraries")
+list(APPEND LIBUNBOUND_LIBRARIES "${LIBUNBOUND_LIBRARY}")
 
-  include(FindPackageHandleStandardArgs)
-  find_package_handle_standard_args(Libunbound
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Libunbound
   REQUIRED_VARS LIBUNBOUND_LIBRARIES LIBUNBOUND_INCLUDE_DIR
   VERSION_VAR LIBUNBOUND_VERSION
   )
-endif ()
 
 mark_as_advanced(LIBUNBOUND_INCLUDE_DIR LIBUNBOUND_LIBRARIES LIBUNBOUND_LIBRARY)

cmake/modules/FindLibuv.cmake

@@ -28,37 +28,27 @@ This module will set the following variables in your project:
 
 #]=======================================================================]
 
-find_package(PkgConfig QUIET)
-if (PKG_CONFIG_FOUND)
-  pkg_check_modules(PkgLibuv IMPORTED_TARGET GLOBAL libuv)
-endif ()
-
-if (PkgLibuv_FOUND)
-  set(LIBUV_INCLUDE_DIR ${PkgLibuv_INCLUDE_DIRS} CACHE FILEPATH "libuv include path")
-  set(LIBUV_LIBRARIES ${PkgLibuv_LIBRARIES} CACHE STRING "libuv libraries")
-  set(LIBUV_VERSION ${PkgLibuv_VERSION})
-  add_library(Libuv::Libuv ALIAS PkgConfig::PkgLibuv)
-  set(Libuv_FOUND ON)
-else ()
-  find_path(LIBUV_INCLUDE_DIR uv.h
+find_path(LIBUV_INCLUDE_DIR uv.h
   HINTS
   "${LIBUV_DIR}"
   "${LIBUV_DIR}/include"
-  )
+)
 
-  find_library(LIBUV_LIBRARIES NAMES uv libuv
+find_library(LIBUV_LIBRARY NAMES uv libuv
   HINTS
   "${LIBUV_DIR}"
   "${LIBUV_DIR}/lib"
-  )
+)
 
-  if (LIBUV_INCLUDE_DIR AND LIBUV_LIBRARIES)
+set(LIBUV_LIBRARIES "")
+
+if (LIBUV_INCLUDE_DIR AND LIBUV_LIBRARY)
   if (NOT TARGET Libuv::Libuv)
     add_library(Libuv::Libuv UNKNOWN IMPORTED)
     set_target_properties(Libuv::Libuv PROPERTIES
       INTERFACE_INCLUDE_DIRECTORIES "${LIBUV_INCLUDE_DIR}"
       IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-        IMPORTED_LOCATION "${LIBUV_LIBRARIES}"
+      IMPORTED_LOCATION "${LIBUV_LIBRARY}"
       )
   endif ()
 
@@ -70,13 +60,14 @@ else ()
     endif ()
     string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*_PATCH ([0-9]+).*$" "\\1.\\2.\\3" LIBUV_VERSION "${LIBUV_VER_H}")
   endif ()
-  endif ()
+endif()
 
-  include(FindPackageHandleStandardArgs)
-  find_package_handle_standard_args(Libuv
+list(APPEND LIBUV_LIBRARIES "${LIBUV_LIBRARY}")
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Libuv
   REQUIRED_VARS LIBUV_LIBRARIES LIBUV_INCLUDE_DIR
   VERSION_VAR LIBUV_VERSION
   )
-endif ()
 
-mark_as_advanced(LIBUV_INCLUDE_DIR LIBUV_LIBRARIES)
+mark_as_advanced(LIBUV_INCLUDE_DIR LIBUV_LIBRARIES LIBUV_LIBRARY)

cmake/modules/FindNettle.cmake

@@ -30,51 +30,36 @@ This module will set the following variables in your project:
 
 #]=======================================================================]
 
-find_package(PkgConfig QUIET)
-if(PKG_CONFIG_FOUND)
-  pkg_check_modules(PkgNettle IMPORTED_TARGET GLOBAL nettle)
-  pkg_check_modules(PkgHogweed IMPORTED_TARGET GLOBAL QUIET hogweed)
-endif()
-
-if(PkgNettle_FOUND AND PkHogweed_FOUND)
-  set(NETTLE_INCLUDE_DIR ${PkgNettle_INCLUDE_DIRS} ${PkgHogweed_INCLUDE_DIRS} CACHE FILEPATH "Nettle include path")
-  set(NETTLE_LIBRARIES ${PkgNettle_LIBRARIES} ${PkgHogweed_LIBRARIES} CACHE STRING "Nettle libraries")
-  set(NETTLE_VERSION ${PkgNettle_VERSION})
-  add_library(Nettle::Nettle ALIAS PkgConfig::PkgNettle)
-  add_library(Nettle::Hogweed ALIAS PkgConfig::PkgHogweed)
-  set(Nettle_FOUND ON)
-else()
-  find_path(NETTLE_INCLUDE_DIR nettle/version.h
+find_path(NETTLE_INCLUDE_DIR nettle/version.h
   HINTS
   "${NETTLE_DIR}"
   "${NETTLE_DIR}/include"
-  )
+)
 
-  find_library(NETTLE_LIBRARY NAMES nettle libnettle
+find_library(NETTLE_LIBRARY NAMES nettle libnettle
   HINTS
   "${NETTLE_DIR}"
   "${NETTLE_DIR}/lib"
-  )
+)
 
-  find_library(HOGWEED_LIBRARY NAMES hogweed libhogweed
+find_library(HOGWEED_LIBRARY NAMES hogweed libhogweed
   HINTS
   "${NETTLE_DIR}"
   "${NETTLE_DIR}/lib"
-  )
+)
 
-  set(_NETTLE_LIBRARIES ${NETTLE_LIBRARY} ${HOGWEED_LIBRARY})
+set(NETTLE_LIBRARIES "")
 
-  # May need gmp library on Unix.
-  if (UNIX)
+# May need gmp library on Unix.
+if (UNIX)
   find_library(NETTLE_GMP_LIBRARY gmp)
-  endif ()
+
   if (NETTLE_GMP_LIBRARY)
-    list(APPEND _NETTLE_LIBRARIES "${NETTLE_GMP_LIBRARY}")
+    list(APPEND NETTLE_LIBRARIES "${NETTLE_GMP_LIBRARY}")
   endif ()
-  set(NETTLE_LIBRARIES ${_NETTLE_LIBRARIES} CACHE STRING "nettle libraries")
+endif ()
 
-  
-  if (NETTLE_INCLUDE_DIR AND NETTLE_LIBRARY AND HOGWEED_LIBRARY)
+if (NETTLE_INCLUDE_DIR AND NETTLE_LIBRARY AND HOGWEED_LIBRARY)
   if (NOT TARGET Nettle::Nettle)
     add_library(Nettle::Nettle UNKNOWN IMPORTED)
     set_target_properties(Nettle::Nettle PROPERTIES
@@ -97,15 +82,14 @@ else()
     file(STRINGS "${NETTLE_INCLUDE_DIR}/nettle/version.h" NETTLE_VER_H REGEX "^#define NETTLE_VERSION_(MAJOR|MINOR) ")
     string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*$" "\\1.\\2" NETTLE_VERSION "${NETTLE_VER_H}")
   endif ()
-  endif()
+endif()
 
-  list(APPEND NETTLE_LIBRARIES "${NETTLE_LIBRARY}" "${HOGWEED_LIBRARY}")
+list(APPEND NETTLE_LIBRARIES "${NETTLE_LIBRARY}" "${HOGWEED_LIBRARY}")
 
-  include(FindPackageHandleStandardArgs)
-  find_package_handle_standard_args(Nettle
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Nettle
   REQUIRED_VARS NETTLE_LIBRARIES NETTLE_INCLUDE_DIR
   VERSION_VAR NETTLE_VERSION
   )
-endif()
 
-mark_as_advanced(NETTLE_INCLUDE_DIR NETTLE_LIBRARIES NETTLE_LIBRARY HOGWEED_LIBRARY NETTLE_GMP_LIBRARY)
+mark_as_advanced(NETTLE_INCLUDE_DIR NETTLE_LIBRARIES NETTLE_LIBRARY HOGWEED_LIBRARY)

cmake/modules/TargetSharedLibraryExports.cmake

@@ -20,7 +20,7 @@ function(target_shared_library_exports lib libname symbols)
       file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" "  ${symbol};\n")
     endforeach ()
     file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" "local:\n  *;\n};\n")
-    target_link_libraries(${lib} PRIVATE "-Wl,--version-script=${libname}.ver")
+    target_link_libraries(${lib} PRIVATE "-Wl,--version-script=getdns.ver")
   else ()
     message(WARNING "Unknown platform, ${lib} exports not set.")
   endif ()

cmake/tests/test___func__.c

@@ -1,4 +0,0 @@
-int main (int ac, char *av[])
-{
-	char *s = __func__;
-}

doc/getdns_general.3.in

@@ -76,7 +76,7 @@ getdns_dict **response)
 The getdns_general(3) and getdns_general_sync functions provide public entry
 points into the getdns API library to retrieve any valid responses to a query
 from the DNS (note that other namespaces in the context are not used).   Most
-typical use cases for applications are probably satisfied via calls to
+typical use cases for applications are probably satisifed via calls to
 getdns_address(3) which would replace getaddrinfo(3).
 
 .HP 3

getdns.pc.in

@@ -1,7 +1,7 @@
 prefix=@prefix@
 exec_prefix=${prefix}
-libdir=@libdir_for_pc_file@
-includedir=@includedir_for_pc_file@
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
 
 Name: getdns 
 Version: @GETDNS_VERSION@

getdns_ext_event.pc.in

@@ -1,7 +1,7 @@
 prefix=@prefix@
 exec_prefix=${prefix}
-libdir=${exec_prefix}/@CMAKE_INSTALL_LIBDIR@
-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
 
 Name: getdns_ext_event 
 Version: @GETDNS_VERSION@

project-doc/packages.txt

@@ -15,6 +15,3 @@ https://github.com/astlinux-project/astlinux/tree/master/package/getdns
 
 For Genode, created and maintained by Emery Hemingway (ehmry)
 https://github.com/genodelabs/genode/blob/master/repos/ports/ports/getdns.port
-
-For Gentoo, created and maintained by CaseOf (Quentin R.?)
-https://packages.gentoo.org/packages/net-dns/getdns

src/compat/mkstemp.c

@@ -39,5 +39,5 @@ int mkstemp(char *template)
 {
 		if (_mktemp_s(template, strlen(template) + 1) != 0)
 				return -1;
-		return open(template, _O_CREAT | _O_EXCL | _O_RDWR, _S_IWRITE | _S_IREAD);
+		return open(template, _O_CREAT | _O_EXCL, _S_IWRITE);
 }

src/const-info.c

@@ -248,7 +248,6 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_OPCODE_STATUS", 2 },
 	{ "GETDNS_OPCODE_UPDATE", 5 },
 	{ "GETDNS_RCODE_BADALG", 21 },
-	{ "GETDNS_RCODE_BADCOOKIE", 23 },
 	{ "GETDNS_RCODE_BADKEY", 17 },
 	{ "GETDNS_RCODE_BADMODE", 19 },
 	{ "GETDNS_RCODE_BADNAME", 20 },
@@ -256,6 +255,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RCODE_BADTIME", 18 },
 	{ "GETDNS_RCODE_BADTRUNC", 22 },
 	{ "GETDNS_RCODE_BADVERS", 16 },
+	{ "GETDNS_RCODE_COOKIE", 23 },
 	{ "GETDNS_RCODE_FORMERR", 1 },
 	{ "GETDNS_RCODE_NOERROR", 0 },
 	{ "GETDNS_RCODE_NOTAUTH", 9 },
@@ -328,7 +328,6 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_GPOS", 27 },
 	{ "GETDNS_RRTYPE_HINFO", 13 },
 	{ "GETDNS_RRTYPE_HIP", 55 },
-	{ "GETDNS_RRTYPE_HTTPS", 65 },
 	{ "GETDNS_RRTYPE_IPSECKEY", 45 },
 	{ "GETDNS_RRTYPE_ISDN", 20 },
 	{ "GETDNS_RRTYPE_IXFR", 251 },
@@ -374,7 +373,6 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_SPF", 99 },
 	{ "GETDNS_RRTYPE_SRV", 33 },
 	{ "GETDNS_RRTYPE_SSHFP", 44 },
-	{ "GETDNS_RRTYPE_SVCB", 64 },
 	{ "GETDNS_RRTYPE_TA", 32768 },
 	{ "GETDNS_RRTYPE_TALINK", 58 },
 	{ "GETDNS_RRTYPE_TKEY", 249 },

src/context.c

@@ -925,8 +925,6 @@ upstream_init(getdns_upstream *upstream,
 
 	/* For sharing a socket to this upstream with TCP  */
 	upstream->fd       = -1;
-	upstream->expires  = 0;
-	upstream->tls_fallback_ok = 0;
 	upstream->tls_obj  = NULL;
 	upstream->tls_session = NULL;
 	upstream->tls_cipher_list = NULL;
@@ -953,12 +951,9 @@ upstream_init(getdns_upstream *upstream,
 	(void) getdns_eventloop_event_init(
 	    &upstream->finished_event, upstream, NULL, NULL, NULL);
 
-	upstream->server_cookie_len = 0;
-	(void) memset(&upstream->server_cookie, 0,
-	        sizeof(upstream->server_cookie));
-	upstream->src_addr_checked = 0;
-	(void) memset(&upstream->src_addr, 0, sizeof(upstream->src_addr));
-	upstream->src_addr_len = 0;
+	upstream->has_client_cookie = 0;
+	upstream->has_prev_client_cookie = 0;
+	upstream->has_server_cookie = 0;
 
 	upstream->tsig_alg  = GETDNS_NO_TSIG;
 	upstream->tsig_dname_len = 0;
@@ -1293,7 +1288,7 @@ transaction_id_cmp(const void *id1, const void *id2)
 static void
 NULL_update_callback(
     getdns_context *context, getdns_context_code_t code, void *userarg)
-{ (void)context; (void)code; (void)userarg; /* unused parameters */ }
+{ (void)context; (void)code; (void)userarg; }
 
 static int
 netreq_expiry_cmp(const void *id1, const void *id2)
@@ -1390,7 +1385,6 @@ getdns_context_create_with_extended_memory_functions(
 #endif
 	result->processing = 0;
 	result->destroying = 0;
-	result->to_destroy = 0;
 	result->my_mf.mf_arg         = userarg;
 	result->my_mf.mf.ext.malloc  = malloc;
 	result->my_mf.mf.ext.realloc = realloc;
@@ -1436,7 +1430,6 @@ getdns_context_create_with_extended_memory_functions(
 
 	result->timeout = 5000;
 	result->idle_timeout = 0;
-	result->tcp_send_timeout = -1;
 	result->follow_redirects = GETDNS_REDIRECTS_FOLLOW;
 	result->dns_root_servers = NULL;
 #if defined(HAVE_LIBUNBOUND) && !defined(HAVE_UB_CTX_SET_STUB)
@@ -1643,11 +1636,8 @@ getdns_context_destroy(struct getdns_context *context)
 	if (context == NULL)
 		return;
 
+	/*  If being destroyed during getdns callback, fail via assert */
 	assert(context->processing == 0);
-	if (context->processing == 1) {
-		context->to_destroy = 1;
-		return;
-	}
 	if (context->destroying)
 		return;
 
@@ -2372,34 +2362,6 @@ getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout)
 	return GETDNS_RETURN_GOOD;
 }               /* getdns_context_set_timeout */
 
-/*
- * getdns_context_unset_tcp_send_timeout
- *
- */
-getdns_return_t
-getdns_context_unset_tcp_send_timeout(getdns_context *context)
-{
-	if (!context)
-		return GETDNS_RETURN_INVALID_PARAMETER;
-
-	context->tcp_send_timeout = -1;
-	return GETDNS_RETURN_GOOD;
-}
-
-/*
- * getdns_context_set_tcp_send_timeout
- *
- */
-getdns_return_t
-getdns_context_set_tcp_send_timeout(struct getdns_context *context,
-    uint32_t value)
-{
-	if (!context || value > INT_MAX)
-		return GETDNS_RETURN_INVALID_PARAMETER;
-
-	context->tcp_send_timeout = value;
-	return GETDNS_RETURN_GOOD;
-}
 
 /*
  * getdns_context_set_follow_redirects
@@ -3765,13 +3727,14 @@ uint32_t
 getdns_context_get_num_pending_requests(const getdns_context* context,
     struct timeval* next_timeout)
 {
-	(void)next_timeout; /* unused parameter */
+	(void)next_timeout;
 
 	if (!context)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
 	if (context->outbound_requests.count)
 		context->extension->vmt->run_once(context->extension, 0);
+
 	return context->outbound_requests.count;
 }
 
@@ -3869,9 +3832,6 @@ _get_context_settings(const getdns_context* context)
 	                           (context->timeout > 0xFFFFFFFFull) ? 0xFFFFFFFF: (uint32_t) context->timeout)
 	    || getdns_dict_set_int(result, "idle_timeout",
 	                           (context->idle_timeout > 0xFFFFFFFFull) ? 0xFFFFFFFF : (uint32_t) context->idle_timeout)
-	    || (  context->tcp_send_timeout != -1
-	       && getdns_dict_set_int(result, "tcp_send_timeout",
-	                              context->tcp_send_timeout))
 	    || getdns_dict_set_int(result, "limit_outstanding_queries",
 	                           context->limit_outstanding_queries)
             || getdns_dict_set_int(result, "dnssec_allowed_skew",
@@ -3934,14 +3894,6 @@ _get_context_settings(const getdns_context* context)
 		getdns_list_destroy(list);
 		goto error;
 	}
-	if (getdns_context_get_dns_root_servers(context, &list))
-		; /* pass */
-
-	else if (list && _getdns_dict_set_this_list(
-	    result, "dns_root_servers", list)) {
-		getdns_list_destroy(list);
-		goto error;
-	}
 	if (context->dns_transport_count > 0) {
 		/* create a namespace list */
 		if (!(list = getdns_list_create_with_context(context)))
@@ -4099,9 +4051,6 @@ getdns_context_get_api_information(const getdns_context* context)
 	    && ! getdns_dict_util_set_string(
 	    result, "compilation_comment", GETDNS_COMPILATION_COMMENT)
 
-	    && ! getdns_dict_util_set_string(
-	    result, "build_cflags", GETDNS_BUILD_CFLAGS)
-
 	    && ! getdns_dict_util_set_string(
 	    result, "default_trust_anchor_location", TRUST_ANCHOR_FILE)
 
@@ -4152,7 +4101,7 @@ getdns_context_set_use_threads(getdns_context* context, int use_threads) {
     else
         r = ub_ctx_async(context->unbound_ctx, 0);
 #else
-    (void)use_threads; /* unused parameter */
+    (void)use_threads;
 #endif
     return r == 0 ? GETDNS_RETURN_GOOD : GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
 }
@@ -4346,16 +4295,6 @@ CONTEXT_GETTER(timeout                    , uint64_t)
 CONTEXT_GETTER(idle_timeout               , uint64_t)
 CONTEXT_GETTER(follow_redirects           , getdns_redirects_t)
 
-getdns_return_t
-getdns_context_get_tcp_send_timeout(
-    const getdns_context *context, uint32_t* value)
-{
-	if (!context || !value) return GETDNS_RETURN_INVALID_PARAMETER;
-	*value = context->tcp_send_timeout == -1 ? 0
-	       : context->tcp_send_timeout;
-	return GETDNS_RETURN_GOOD;
-}
-
 getdns_return_t
 getdns_context_get_dns_root_servers(
     const getdns_context *context, getdns_list **value)
@@ -4695,7 +4634,6 @@ _getdns_context_config_setting(getdns_context *context,
 	CONTEXT_SETTING_INT(dns_transport)
 	CONTEXT_SETTING_ARRAY(dns_transport_list, transport_list)
 	CONTEXT_SETTING_INT(idle_timeout)
-	CONTEXT_SETTING_INT(tcp_send_timeout)
 	CONTEXT_SETTING_INT(limit_outstanding_queries)
 	CONTEXT_SETTING_INT(timeout)
 	CONTEXT_SETTING_INT(follow_redirects)
@@ -4938,7 +4876,7 @@ FILE *_getdns_context_get_priv_fp(
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
 		           , "Error opening \"%s\": %s\n"
-			   , path, _getdns_fileerrnostr());
+			   , path, _getdns_errnostr());
 	return f;
 }
 
@@ -5017,31 +4955,31 @@ int _getdns_context_write_priv_file(getdns_context *context,
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
 		           , "Could not create temporary file \"%s\": %s\n"
-			   , tmpfn, _getdns_fileerrnostr());
+			   , tmpfn, _getdns_errnostr());
 
 	else if (!(f = fdopen(fd, "w")))
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
 		           , "Error opening temporary file \"%s\": %s\n"
-			   , tmpfn, _getdns_fileerrnostr());
+			   , tmpfn, _getdns_errnostr());
 
 	else if (fwrite(content->data, 1, content->size, f) < content->size)
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
 		           , "Error writing to temporary file \"%s\": %s\n"
-			   , tmpfn, _getdns_fileerrnostr());
+			   , tmpfn, _getdns_errnostr());
 
-	else if (fclose(f))
+	else if (fclose(f) < 0)
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
-		           , "Error closing temporary file \"%s\": %s (%p)\n"
-			    , tmpfn, _getdns_fileerrnostr(), f);
+		           , "Error closing temporary file \"%s\": %s\n"
+			   , tmpfn, _getdns_errnostr());
 
 	else if (rename(tmpfn, path) < 0)
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
 		           , "Error renaming temporary file \"%s\" to \"%s\""
-			     ": %s\n", tmpfn, path, _getdns_fileerrnostr());
+			     ": %s\n", tmpfn, path, _getdns_errnostr());
 	else {
 		context->can_write_appdata = PROP_ABLE;
 		return 1;
@@ -5094,7 +5032,7 @@ int _getdns_context_can_write_appdata(getdns_context *context)
 		_getdns_log(&context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
 		           , "Error unlinking write test file: \"%s\": %s\n"
-			   , path, _getdns_fileerrnostr());
+			   , path, _getdns_errnostr());
 	return 1;
 }
 
@@ -5407,7 +5345,7 @@ getdns_context_set_tls_curves_list(
 	dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST);
 	return GETDNS_RETURN_GOOD;
 #else
-	(void)tls_curves_list; /* unused parameter */
+	(void)tls_curves_list;
 	return GETDNS_RETURN_NOT_IMPLEMENTED;
 #endif
 }

src/context.h

@@ -209,10 +209,7 @@ typedef struct getdns_upstream {
 	_getdns_tls_session*     tls_session;
 	getdns_tls_hs_state_t    tls_hs_state;
 	getdns_auth_state_t      tls_auth_state;
-	uint64_t                 expires; /* Expire time of waiting netreqs.
-	                                   * This is how long a handshake may
-	                                   * take.
-	                                   */
+
 	/* TLS settings */
 	char                    *tls_cipher_list;
 	char                    *tls_ciphersuites;
@@ -243,13 +240,15 @@ typedef struct getdns_upstream {
 	unsigned is_sync_loop : 1;
 
 	/* EDNS cookies */
-	uint8_t  server_cookie[40];
-	size_t   server_cookie_len;
+	uint32_t secret;
+	uint8_t  client_cookie[8];
+	uint8_t  prev_client_cookie[8];
+	uint8_t  server_cookie[32];
 
-	uint64_t                src_addr_checked;
-	struct sockaddr_storage src_addr;
-	socklen_t               src_addr_len;
-	char                    src_addr_str[INET6_ADDRSTRLEN];
+	unsigned has_client_cookie : 1;
+	unsigned has_prev_client_cookie : 1;
+	unsigned has_server_cookie : 1;
+	unsigned server_cookie_len : 5;
 
 	/* TSIG */
 	uint8_t          tsig_dname[256];
@@ -325,7 +324,6 @@ struct getdns_context {
 	size_t               namespace_count;
 	uint64_t             timeout;
 	uint64_t             idle_timeout;
-	int                  tcp_send_timeout; /* -1 is unset */
 	getdns_redirects_t   follow_redirects;
 	getdns_list          *dns_root_servers;
 
@@ -397,7 +395,6 @@ struct getdns_context {
 
 	int processing;
 	int destroying;
-	int to_destroy;
 
 	struct mem_funcs mf;
 	struct mem_funcs my_mf;

src/convert.c

@@ -122,7 +122,7 @@ getdns_convert_ulabel_to_alabel(const char *ulabel)
 	if (idn2_lookup_u8((uint8_t *)ulabel, &alabel, IDN2_TRANSITIONAL) == IDN2_OK)
 		return (char *)alabel;
 #else
-	(void)ulabel; /* unused parameter */
+	(void)ulabel;
 #endif
 	return NULL;
 }
@@ -149,7 +149,7 @@ getdns_convert_alabel_to_ulabel(const char *alabel)
 	if (idn2_to_unicode_8z8z(alabel, &ulabel, 0) == IDN2_OK)
 		return ulabel;
 #else
-	(void)alabel; /* unused parameter */
+	(void)alabel;
 #endif
 	return NULL;
 }
@@ -529,10 +529,8 @@ _getdns_fp2rr_list(struct mem_funcs *mf,
 	else while (r == GETDNS_RETURN_GOOD && !feof(in)) {
 		len = GLDNS_RR_BUF_SIZE;
 		dname_len = 0;
-		if (gldns_fp2wire_rr_buf(in, rr, &len, &dname_len, &pst)) {
-			r = GETDNS_RETURN_GENERIC_ERROR;
+		if (gldns_fp2wire_rr_buf(in, rr, &len, &dname_len, &pst))
 			break;
-		}
 		if (dname_len && dname_len < sizeof(pst.prev_rr)) {
 			memcpy(pst.prev_rr, rr, dname_len);
 			pst.prev_rr_len = dname_len;
@@ -746,75 +744,6 @@ getdns_wire2msg_dict_scan(
 		else   GLDNS_ ## Y ## _CLR(header); \
 	}
 
-static getdns_return_t
-_getdns_reply_dict2wire_hdr(
-    const getdns_dict *reply, gldns_buffer *gbuf, getdns_bindata *wf_reply)
-{
-	size_t          pkt_start = gldns_buffer_position(gbuf);
-	size_t          pkt_len = wf_reply->size;
-	uint8_t        *header = gldns_buffer_current(gbuf);
-	uint8_t        *pkt_end = header + pkt_len;
-	getdns_list    *sec;
-	size_t          sec_len;
-	uint32_t        n, i;
-	_getdns_rr_iter rr_iter_storage, *rr_iter;
-	getdns_list    *section;
-	size_t          rrs2skip;
-	getdns_dict    *rr_dict;
-
-	gldns_buffer_write(gbuf, wf_reply->data, wf_reply->size);
-
-	if (GLDNS_QDCOUNT(header) != 1
-	|| (GLDNS_ARCOUNT(header) != 0 && GLDNS_ARCOUNT(header) != 1))
-		return GETDNS_RETURN_GENERIC_ERROR;
-
-	sec_len = 0;
-	if (!getdns_dict_get_list(reply, "answer", &sec))
-		(void) getdns_list_get_length(sec, &sec_len);
-	if (sec_len != GLDNS_ANCOUNT(header))
-		return GETDNS_RETURN_GENERIC_ERROR;
-
-	sec_len = 0;
-	if (!getdns_dict_get_list(reply, "authority", &sec))
-		(void) getdns_list_get_length(sec, &sec_len);
-	if (sec_len != GLDNS_NSCOUNT(header))
-		return GETDNS_RETURN_GENERIC_ERROR;
-
-	rrs2skip = 1 + GLDNS_ANCOUNT(header) +  GLDNS_NSCOUNT(header);
-
-	SET_HEADER_INT(id, ID);
-	SET_HEADER_BIT(qr, QR);
-	SET_HEADER_BIT(aa, AA);
-	SET_HEADER_BIT(tc, TC);
-	SET_HEADER_BIT(rd, RD);
-	SET_HEADER_BIT(cd, CD);
-	SET_HEADER_BIT(ra, RA);
-	SET_HEADER_BIT(ad, AD);
-	SET_HEADER_INT(opcode, OPCODE);
-	SET_HEADER_INT(rcode, RCODE);
-	SET_HEADER_BIT(z, Z);
-
-	for ( rr_iter = _getdns_rr_iter_init(&rr_iter_storage, header, pkt_len)
-	    ; rr_iter
-	    ; rr_iter = _getdns_rr_iter_next(rr_iter)) {
-		if (rr_iter->nxt > pkt_end)
-			return GETDNS_RETURN_GENERIC_ERROR;
-		if (!--rrs2skip)
-			break;
-		/* TODO: Delete sigs when do bit was off */
-	}
-	gldns_buffer_set_position(gbuf, rr_iter->nxt - header);
-	if (!getdns_dict_get_list(reply, "additional", &section)) {
-		for ( n = 0, i = 0
-		    ; !getdns_list_get_dict(section, i, &rr_dict); i++) {
-			 if (!_getdns_rr_dict2wire(rr_dict, gbuf))
-				 n++;
-		}
-		gldns_buffer_write_u16_at(gbuf, pkt_start+GLDNS_ARCOUNT_OFF, n);
-	}
-	return GETDNS_RETURN_GOOD;
-}
-
 getdns_return_t
 _getdns_reply_dict2wire(
     const getdns_dict *reply, gldns_buffer *buf, int reuse_header)
@@ -825,7 +754,6 @@ _getdns_reply_dict2wire(
 	getdns_list *section;
 	getdns_dict *rr_dict;
 	getdns_bindata *qname;
-	name_cache_t name_cache = {0};
 	int remove_dnssec;
 
 	pkt_start = gldns_buffer_position(buf);
@@ -855,7 +783,7 @@ _getdns_reply_dict2wire(
 	if (!getdns_dict_get_bindata(reply, "/question/qname", &qname) &&
 	    !getdns_dict_get_int(reply, "/question/qtype", &qtype)) {
 		(void)getdns_dict_get_int(reply, "/question/qclass", &qclass);
-		_getdns_rr_buffer_write_cached_name(buf, qname, &name_cache);
+		gldns_buffer_write(buf, qname->data, qname->size);
 		gldns_buffer_write_u16(buf, (uint16_t)qtype);
 		gldns_buffer_write_u16(buf, (uint16_t)qclass);
 		gldns_buffer_write_u16_at(buf, pkt_start+GLDNS_QDCOUNT_OFF, 1);
@@ -878,7 +806,7 @@ _getdns_reply_dict2wire(
 			    !getdns_dict_get_int(rr_dict, "type", &rr_type) &&
 			    rr_type == GETDNS_RRTYPE_RRSIG)
 				continue;
-			if (!_getdns_rr_dict2wire_cache(rr_dict, buf, &name_cache))
+			if (!_getdns_rr_dict2wire(rr_dict, buf))
 				 n++;
 		}
 		gldns_buffer_write_u16_at(buf, pkt_start+GLDNS_ANCOUNT_OFF, n);
@@ -922,8 +850,6 @@ _getdns_msg_dict2wire_buf(const getdns_dict *msg_dict, gldns_buffer *gbuf)
 	getdns_return_t r;
 	getdns_list *replies;
 	getdns_dict *reply;
-	getdns_list    *wf_replies = NULL;
-	getdns_bindata *wf_reply;
 	size_t i;
 
 	if ((r = getdns_dict_get_list(msg_dict, "replies_tree", &replies))) {
@@ -931,23 +857,8 @@ _getdns_msg_dict2wire_buf(const getdns_dict *msg_dict, gldns_buffer *gbuf)
 			return r;
 		return _getdns_reply_dict2wire(msg_dict, gbuf, 0);
 	}
-	(void) getdns_dict_get_list(msg_dict, "replies_full", &wf_replies);
 	for (i = 0; r == GETDNS_RETURN_GOOD; i++) {
-		if ((r = getdns_list_get_dict(replies, i, &reply)))
-			;
-		else if (wf_replies
-		     && !getdns_list_get_bindata(wf_replies, i, &wf_reply)) {
-			size_t pkt_start = gldns_buffer_position(gbuf);
-
-			if (!gldns_buffer_reserve(gbuf, wf_reply->size))
-				return GETDNS_RETURN_NEED_MORE_SPACE;
-
-			if ((r = _getdns_reply_dict2wire_hdr( reply, gbuf
-			                                    , wf_reply))) {
-				gldns_buffer_set_position(gbuf, pkt_start);
-				r = _getdns_reply_dict2wire(reply, gbuf, 0);
-			}
-		} else
+		if (!(r = getdns_list_get_dict(replies, i, &reply)))
 			r = _getdns_reply_dict2wire(reply, gbuf, 0);
 	}
 	return r == GETDNS_RETURN_NO_SUCH_LIST_ITEM ? GETDNS_RETURN_GOOD : r;
@@ -1191,7 +1102,7 @@ _getdns_ipaddr_dict_mf(struct mem_funcs *mf, const char *ipstr)
 			tsig_name_str = "";
 		}
 	}
-	if (*ipstr == '*' && *(ipstr+1) == '\0') {
+	if (*ipstr == '*') {
 		getdns_dict_util_set_string(r, "address_type", "IPv6");
 		addr.size = 16;
 		(void) memset(buf, 0, 16);
@@ -1903,8 +1814,8 @@ getdns_yaml2list(const char *str, getdns_list **list)
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}	
 #else /* USE_YAML_CONFIG */
-	(void) str; /* unused parameter */
-	(void) list; /* unused parameter */
+	(void) str;
+	(void) list;
 	return GETDNS_RETURN_NOT_IMPLEMENTED;
 #endif /* USE_YAML_CONFIG */
 }
@@ -1927,8 +1838,8 @@ getdns_yaml2bindata(const char *str, getdns_bindata **bindata)
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}	
 #else /* USE_YAML_CONFIG */
-	(void) str; /* unused parameter */
-	(void) bindata; /* unused parameter */
+	(void) str;
+	(void) bindata;
 	return GETDNS_RETURN_NOT_IMPLEMENTED;
 #endif /* USE_YAML_CONFIG */
 }
@@ -1951,8 +1862,8 @@ getdns_yaml2int(const char *str, uint32_t *value)
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}	
 #else /* USE_YAML_CONFIG */
-	(void) str; /* unused parameter */
-	(void) value; /* unused parameter */
+	(void) str;
+	(void) value;
 	return GETDNS_RETURN_NOT_IMPLEMENTED;
 #endif /* USE_YAML_CONFIG */
 }

src/convert.h

@@ -38,10 +38,6 @@
 #include "types-internal.h"
 #include <stdio.h>
 
-getdns_return_t
-_getdns_wire2msg_dict_scan(struct mem_funcs *mf,
-    const uint8_t **wire, size_t *wire_len, getdns_dict **msg_dict);
-
 getdns_return_t _getdns_wire2rr_dict(struct mem_funcs *mf,
     const uint8_t *wire, size_t wire_len, getdns_dict **rr_dict);
 

src/dict.c

@@ -892,7 +892,6 @@ getdns_pp_list(gldns_buffer *buf, size_t indent, const getdns_list *list,
 	struct getdns_bindata *bindata_item;
 	uint32_t int_item;
 	const char *strval;
-	char abuf[80];
 
 	if (list == NULL)
 		return 0;
@@ -934,21 +933,7 @@ getdns_pp_list(gldns_buffer *buf, size_t indent, const getdns_list *list,
 			if (getdns_list_get_bindata(list, i, &bindata_item) !=
 			    GETDNS_RETURN_GOOD)
 				return -1;
-
-			if (for_literals && (bindata_item->size == 4  ||
-			                     bindata_item->size == 16 )) {
-
-				if (gldns_buffer_printf(buf, 
-				    (json ? "\"%s\"" : " <bindata for %s>"),
-				    inet_ntop(( bindata_item->size == 4
-				              ? AF_INET : AF_INET6)
-				              , bindata_item->data
-				              , abuf
-				              , sizeof(abuf) - 1
-				              )) < 0)
-					return -1;
-
-			} else if (getdns_pp_bindata(
+			if (getdns_pp_bindata(
 			    buf, bindata_item, 0, json) < 0)
 				return -1;
 			break;
@@ -1037,7 +1022,7 @@ _getdns_print_rcode(gldns_buffer *buf, uint32_t rcode)
 {
 	static const char *rcodes[] = {
 		" GETDNS_RCODE_NOERROR" , " GETDNS_RCODE_FORMERR" ,
-		" GETDNS_RCODE_SERVFAIL", " GETDNS_RCODE_NXDOMAIN" ,
+		" GETDNS_RCODE_SERVFAIL", " GETDNS_RCODE_NXDOMAIN",
 		" GETDNS_RCODE_NOTIMP"  , " GETDNS_RCODE_REFUSED" ,
 		" GETDNS_RCODE_YXDOMAIN", " GETDNS_RCODE_YXRRSET" ,
 		" GETDNS_RCODE_NXRRSET" , " GETDNS_RCODE_NOTAUTH" ,
@@ -1045,12 +1030,12 @@ _getdns_print_rcode(gldns_buffer *buf, uint32_t rcode)
 		" GETDNS_RCODE_BADSIG"  , " GETDNS_RCODE_BADKEY"  ,
 		" GETDNS_RCODE_BADTIME" , " GETDNS_RCODE_BADMODE" ,
 		" GETDNS_RCODE_BADNAME" , " GETDNS_RCODE_BADALG"  ,
-		" GETDNS_RCODE_BADTRUNC", " GETDNS_RCODE_BADCOOKIE"
+		" GETDNS_RCODE_BADTRUNC"
 	};
 	if (rcode <= 10)
 		(void) gldns_buffer_printf(buf, "%s", rcodes[rcode]);
-	else if (rcode >= 16 && rcode <= 23)
-		(void) gldns_buffer_printf(buf, "%s", rcodes[rcode-5]);
+	else if (rcode >= 16 && rcode <= 22)
+		(void) gldns_buffer_printf(buf, "%s", rcodes[rcode-6]);
 	else
 		return 0;
 	return 1;
@@ -1156,11 +1141,6 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 			if (!json && strcmp(item->node.key, "rcode") == 0 &&
 			    _getdns_print_rcode(buf, item->i.data.n))
 				break;
-			if (!json &&
-			    strcmp(item->node.key, "extended_rcode") == 0 &&
-			    item->i.data.n >= 16 &&
-			    _getdns_print_rcode(buf, item->i.data.n))
-				break;
 			if (gldns_buffer_printf(
 			    buf,(json < 2 ? " %d" : "%d"), item->i.data.n) < 0)
 				return -1;
@@ -1169,9 +1149,7 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 		case t_bindata:
 			if ((strcmp(item->node.key, "address_data") == 0 ||
 			     strcmp(item->node.key, "ipv4_address") == 0 ||
-			     strcmp(item->node.key, "ipv6_address") == 0 ||
-			     strcmp(item->node.key, "answer_ipv4_address") == 0 ||
-			     strcmp(item->node.key, "answer_ipv6_address") == 0) &&
+			     strcmp(item->node.key, "ipv6_address") == 0 ) &&
 			    (item->i.data.bindata->size == 4  ||
 			     item->i.data.bindata->size == 16 )) {
 
@@ -1219,9 +1197,8 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 			if (getdns_pp_list(buf, indent, item->i.data.list, 
 			    (strcmp(item->node.key, "namespaces") == 0 ||
 			     strcmp(item->node.key, "dns_transport_list") == 0
-			     || strcmp(item->node.key, "bad_dns") == 0 ||
-			     strcmp(item->node.key, "dns_root_servers") == 0
-			    ), json) < 0)
+			     || strcmp(item->node.key, "bad_dns") == 0),
+			    json) < 0)
 				return -1;
 			break;
 

src/dnssec.c

@@ -922,7 +922,7 @@ static getdns_dict *CD_extension(getdns_dns_req *dnsreq)
 	     ? dnssec_ok_checking_disabled_roadblock_avoidance
 	     : dnssec_ok_checking_disabled_avoid_roadblocks;
 #else
-	(void)dnsreq; /* unused parameter */
+	(void)dnsreq;
 	return dnssec_ok_checking_disabled;
 #endif
 }
@@ -1554,7 +1554,7 @@ static int _getdns_verify_rrsig(const struct mem_funcs *mf,
 		for ( rdf = _getdns_rdf_iter_init(&rdf_spc, &val_rrset[i])
 		    ; rdf
 		    ; rdf = _getdns_rdf_iter_next(rdf) ) {
-			if ((rdf->rdd_pos->type & GETDNS_RDF_N) != GETDNS_RDF_N) {
+			if (!(rdf->rdd_pos->type & GETDNS_RDF_N)) {
 				gldns_buffer_write(
 				    &valbuf, rdf->pos, rdf->nxt - rdf->pos);
 				continue;

src/extension/libev.c

@@ -97,7 +97,7 @@ static void
 getdns_libev_read_cb(struct ev_loop *l, struct ev_io *io, int revents)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)io->data;
-	(void)l; (void)revents; /* unused parameters */
+	(void)l; (void)revents;
         assert(el_ev->read_cb);
         el_ev->read_cb(el_ev->userarg);
 }
@@ -106,7 +106,7 @@ static void
 getdns_libev_write_cb(struct ev_loop *l, struct ev_io *io, int revents)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)io->data;
-	(void)l; (void)revents; /* unused parameters */
+	(void)l; (void)revents;
         assert(el_ev->write_cb);
         el_ev->write_cb(el_ev->userarg);
 }
@@ -115,7 +115,7 @@ static void
 getdns_libev_timeout_cb(struct ev_loop *l, struct ev_timer *timer, int revents)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)timer->data;
-	(void)l; (void)revents; /* unused parameters */
+	(void)l; (void)revents;
         assert(el_ev->timeout_cb);
         el_ev->timeout_cb(el_ev->userarg);
 }

src/extension/libevent.c

@@ -99,7 +99,7 @@ static getdns_return_t
 getdns_libevent_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 {
 	struct event *my_ev = (struct event *)el_ev->ev;
-	(void)loop; /* unused parameter */
+	(void)loop;
 
 	assert(my_ev);
 
@@ -115,7 +115,7 @@ static void
 getdns_libevent_callback(evutil_socket_t fd, short bits, void *arg)
 {
 	getdns_eventloop_event *el_ev = (getdns_eventloop_event *)arg;
-	(void)fd; /* unused parameter */
+	(void)fd;
 
 	if (bits & EV_READ) {
 		assert(el_ev->read_cb);

src/extension/libuv.c

@@ -73,7 +73,8 @@ getdns_libuv_cleanup(getdns_eventloop *loop)
 }
 
 typedef struct poll_timer {
-	uv_poll_t        poll;
+	uv_poll_t        read;
+	uv_poll_t        write;
 	uv_timer_t       timer;
 	int              to_close;
 	struct mem_funcs mf;
@@ -103,15 +104,22 @@ getdns_libuv_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 	poll_timer   *my_ev = (poll_timer *)el_ev->ev;
 	uv_poll_t    *my_poll;
 	uv_timer_t   *my_timer;
-	(void)loop; /* unused parameter */
+	(void)loop;
 	
 	assert(my_ev);
 
 	DEBUG_UV("enter libuv_clear(el_ev = %p, my_ev = %p, to_close = %d)\n"
 	        , el_ev, my_ev, my_ev->to_close);
 
-	if (el_ev->read_cb || el_ev->write_cb) {
-		my_poll = &my_ev->poll;
+	if (el_ev->read_cb) {
+		my_poll = &my_ev->read;
+		uv_poll_stop(my_poll);
+		my_ev->to_close += 1;
+		my_poll->data = my_ev;
+		uv_close((uv_handle_t *)my_poll, getdns_libuv_close_cb);
+	}
+	if (el_ev->write_cb) {
+		my_poll = &my_ev->write;
 		uv_poll_stop(my_poll);
 		my_ev->to_close += 1;
 		my_poll->data = my_ev;
@@ -131,29 +139,29 @@ getdns_libuv_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 }
 
 static void
-getdns_libuv_cb(uv_poll_t *poll, int status, int events)
+getdns_libuv_read_cb(uv_poll_t *poll, int status, int events)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
-
-	if (status == 0) {
-		if (events & UV_READABLE) {
+	(void)status; (void)events;
         assert(el_ev->read_cb);
 	DEBUG_UV("enter libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
         el_ev->read_cb(el_ev->userarg);
 	DEBUG_UV("exit  libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
-		} else if (events & UV_WRITABLE) {
+}
+
+static void
+getdns_libuv_write_cb(uv_poll_t *poll, int status, int events)
+{
+        getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
+	(void)status; (void)events;
         assert(el_ev->write_cb);
 	DEBUG_UV("enter libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
         el_ev->write_cb(el_ev->userarg);
 	DEBUG_UV("exit  libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
-		} else {
-			assert(ASSERT_UNREACHABLE);
-		}
-	}
 }
 
 static void
@@ -165,7 +173,7 @@ getdns_libuv_timeout_cb(uv_timer_t *timer, int status)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)timer->data;
 #ifndef HAVE_NEW_UV_TIMER_CB
-	(void)status; /* unused parameter */
+	(void)status;
 #endif
         assert(el_ev->timeout_cb);
 	DEBUG_UV("enter libuv_timeout_cb(el_ev = %p, el_ev->ev = %p)\n"
@@ -198,14 +206,17 @@ getdns_libuv_schedule(getdns_eventloop *loop,
 	my_ev->mf = ext->mf;
 	el_ev->ev = my_ev;
 	
-	if (el_ev->read_cb || el_ev->write_cb) {
-		my_poll = &my_ev->poll;
+	if (el_ev->read_cb) {
+		my_poll = &my_ev->read;
 		my_poll->data = el_ev;
 		uv_poll_init(ext->loop, my_poll, fd);
-		int events =
-			(el_ev->read_cb ? UV_READABLE : 0) |
-			(el_ev->write_cb ? UV_WRITABLE : 0);
-		uv_poll_start(my_poll, events, getdns_libuv_cb);
+		uv_poll_start(my_poll, UV_READABLE, getdns_libuv_read_cb);
+	}
+	if (el_ev->write_cb) {
+		my_poll = &my_ev->write;
+		my_poll->data = el_ev;
+		uv_poll_init(ext->loop, my_poll, fd);
+		uv_poll_start(my_poll, UV_WRITABLE, getdns_libuv_write_cb);
 	}
 	if (el_ev->timeout_cb) {
 		my_timer = &my_ev->timer;

src/extension/poll_eventloop.c

@@ -288,7 +288,7 @@ static void
 poll_read_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd; /* unused parameter */
+	(void)fd;
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	if (event && event->read_cb)
@@ -299,7 +299,7 @@ static void
 poll_write_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd; /* unused parameter */
+	(void)fd;
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	if (event && event->write_cb)

src/extension/select_eventloop.c

@@ -154,14 +154,14 @@ select_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 static void
 select_eventloop_cleanup(getdns_eventloop *loop)
 {
-	(void)loop; /* unused parameter */
+	(void)loop;
 }
 
 static void
 select_read_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd; /* unused parameter */
+	(void)fd;
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	event->read_cb(event->userarg);
@@ -171,7 +171,7 @@ static void
 select_write_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd; /* unused parameter */
+	(void)fd;
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	event->write_cb(event->userarg);
@@ -181,7 +181,7 @@ static void
 select_timeout_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd; /* unused parameter */
+	(void)fd;
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	event->timeout_cb(event->userarg);
@@ -244,7 +244,7 @@ select_eventloop_run_once(getdns_eventloop *loop, int blocking)
 	} else {
 #endif
 	if (select(max_fd + 1, &readfds, &writefds, NULL,
-		   ((blocking && timeout == TIMEOUT_FOREVER) ? NULL : &tv)) < 0) {
+	    (timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) {
 		if (_getdns_socketerror_wants_retry())
 			return;
 
@@ -309,7 +309,7 @@ _getdns_select_eventloop_init(struct mem_funcs *mf, _getdns_select_eventloop *lo
 		select_eventloop_run,
 		select_eventloop_run_once
 	};
-	(void) mf; /* unused parameter */
+	(void) mf;
 	(void) memset(loop, 0, sizeof(_getdns_select_eventloop));
 	loop->loop.vmt = &select_eventloop_vmt;
 }

src/general.c

@@ -256,7 +256,7 @@ static void
 ub_resolve_event_callback(void* arg, int rcode, void *pkt, int pkt_len,
     int sec, char* why_bogus, int was_ratelimited)
 {
-	(void) was_ratelimited; /* unused parameter */
+	(void) was_ratelimited;
 #else
 static void
 ub_resolve_event_callback(void* arg, int rcode, void *pkt, int pkt_len,

src/getdns/getdns.h.in

@@ -417,8 +417,6 @@ typedef enum getdns_callback_type_t {
 #define GETDNS_RRTYPE_OPENPGPKEY 61
 #define GETDNS_RRTYPE_CSYNC     62
 #define GETDNS_RRTYPE_ZONEMD    63
-#define GETDNS_RRTYPE_SVCB      64
-#define GETDNS_RRTYPE_HTTPS     65
 #define GETDNS_RRTYPE_SPF       99
 #define GETDNS_RRTYPE_UINFO     100
 #define GETDNS_RRTYPE_UID       101
@@ -494,7 +492,7 @@ typedef enum getdns_callback_type_t {
 #define GETDNS_RCODE_BADNAME  20
 #define GETDNS_RCODE_BADALG   21
 #define GETDNS_RCODE_BADTRUNC 22
-#define GETDNS_RCODE_BADCOOKIE 23
+#define GETDNS_RCODE_COOKIE   23
 /** @}
  */
 
@@ -1516,24 +1514,6 @@ getdns_context_set_dns_transport_list(getdns_context *context,
 getdns_return_t
 getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout);
 
-/**
- * Set the number of milliseconds send data may remain unacknowledged by
- * the peer in a TCP connection, if supported by the operation system.
- * When not set (the default), the system default is left alone.
- *
- * @see getdns_context_get_tcp_send_timeout
- * @see getdns_context_unset_tcp_send_timeout
- * @param context The context to configure
- * @param value The number of milliseconds the send data may remain
- *              unacknowledged by the peer in a TCP connection.
- * @return GETDNS_RETURN_GOOD when successful.
- * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL or the
- *         value was too high.
- */
-getdns_return_t
-getdns_context_set_tcp_send_timeout(getdns_context *context,
-    uint32_t value);
-
 /**
  * Limit the number of outstanding DNS queries. When more than limit requests
  * are scheduled, they are kept on an internal queue, to be rescheduled when
@@ -1599,7 +1579,7 @@ getdns_context_set_follow_redirects(getdns_context *context,
  *                  contains at least two names: address_type (whose value is
  *                  a bindata; it is currently either "IPv4" or "IPv6") and
  *                  address_data (whose value is a bindata).
- *                  This implementation also accepts a list of address
+ *                  This implementation also accepts a list of addressxi
  *                  bindatas. Or a list of rr_dicts for address records (i.e.
  *                  the additional section of a NS query for ".", or a with
  *                  getdns_fp2rr_list() converted root.hints file).

src/getdns/getdns_extra.h.in

@@ -128,7 +128,6 @@ extern "C" {
 #define GETDNS_NUMERIC_VERSION @GETDNS_NUMERIC_VERSION@
 #define GETDNS_API_VERSION "@API_VERSION@"
 #define GETDNS_API_NUMERIC_VERSION @API_NUMERIC_VERSION@
-#define GETDNS_BUILD_CFLAGS "@GETDNS_BUILD_CFLAGS@"
 /** @}
   */
 
@@ -541,18 +540,6 @@ getdns_context_set_tls_query_padding_blocksize(getdns_context *context, uint16_t
 getdns_return_t
 getdns_context_unset_edns_maximum_udp_payload_size(getdns_context *context);
 
-/**
- * Configure context to use the system default setting for the time
- * send data may remain unacknowledged by the peer in a TCP connection.
- * @see getdns_context_set_tcp_send_timeout
- * @see getdns_context_get_tcp_send_timeout
- * @param context The context to configure
- * @return GETDNS_RETURN_GOOD on success
- * @return GETDNS_RETURN_INVALID_PARAMETER if context is null.
- */
-getdns_return_t
-getdns_context_unset_tcp_send_timeout(getdns_context *context);
-
 
 typedef enum getdns_loglevel_type {
 	GETDNS_LOG_EMERG   = 0,
@@ -1005,22 +992,6 @@ getdns_return_t
 getdns_context_get_idle_timeout(
     const getdns_context *context, uint64_t *timeout);
 
-/**
- * Get the number of milliseconds send data may remain unacknowledged by
- * the peer in a TCP connection setting from context.
- * @see getdns_context_set_tcp_send_timeout
- * @see getdns_context_unset_tcp_send_timeout
- * @param[in]  context The context from which to get the setting
- * @param[out] value   The number of milliseconds the send data may remain
- *                     unacknowledged by the peer in a TCP connection.
- *                     When the value is unset, 0 is returned.
- * @return GETDNS_RETURN_GOOD when successful
- * @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
- */
-getdns_return_t
-getdns_context_get_tcp_send_timeout(const getdns_context *context,
-    uint32_t *value);
-
 /**
  * Get the setting that says whether or not DNS queries follow redirects.
  * @see getdns_context_set_follow_redirects

src/gldns/gbuffer.h

@@ -232,6 +232,7 @@ INLINE void gldns_buffer_clear(gldns_buffer *buffer)
  * the position is set to 0.
  *
  * \param[in] buffer the buffer to flip
+ * \return void
  */
 INLINE void gldns_buffer_flip(gldns_buffer *buffer)
 {
@@ -781,6 +782,7 @@ int gldns_buffer_printf(gldns_buffer *buffer, const char *format, ...)
 /**
  * frees the buffer.
  * \param[in] *buffer the buffer to be freed
+ * \return void
  */
 void gldns_buffer_free(gldns_buffer *buffer);
 
@@ -788,6 +790,7 @@ void gldns_buffer_free(gldns_buffer *buffer);
  * Makes the buffer fixed and returns a pointer to the data.  The
  * caller is responsible for free'ing the result.
  * \param[in] *buffer the buffer to be exported
+ * \return void
  */
 void *gldns_buffer_export(gldns_buffer *buffer);
 

src/gldns/parse.c

@@ -13,7 +13,10 @@
 #include "gldns/gbuffer.h"
 
 #include <limits.h>
+#include <stdlib.h>
+#ifdef HAVE_STRINGS_H
 #include <strings.h>
+#endif
 
 gldns_lookup_table gldns_directive_types[] = {
         { GLDNS_DIR_TTL, "$TTL" },
@@ -34,7 +37,7 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 {
 	int c, prev_c;
 	int p; /* 0 -> no parentheses seen, >0 nr of ( seen */
-	int com, quoted, only_blank;
+	int com, quoted;
 	char *t;
 	size_t i;
 	const char *d;
@@ -53,7 +56,6 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 	com = 0;
 	quoted = 0;
 	prev_c = 0;
-	only_blank = 1;	/* Assume we got only <blank> until now */
 	t = token;
 	if (del[0] == '"') {
 		quoted = 1;
@@ -102,22 +104,6 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 			if (line_nr) {
 				*line_nr = *line_nr + 1;
 			}
-			if (only_blank && i > 0) {
-				/* Got only <blank> so far. Reset and try
-				 * again with the next line.
-				 */
-				i = 0;
-				t = token;
-			}
-			if (p == 0) {
-				/* If p != 0 then the next line is a continuation. So
-				 * we assume that the next line starts with a blank only
-				 * if it is actually a new line.
-				 */
-				only_blank = 1;	/* Assume next line starts with
-						 * <blank>.
-						 */
-			}
 			if (p == 0 && i > 0) {
 				goto tokenread;
 			} else {
@@ -137,7 +123,7 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 			if (line_nr) {
 				*line_nr = *line_nr + 1;
 			}
-			if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
+			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
 				*t = '\0';
 				return -1;
 			}
@@ -148,49 +134,23 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 
 		/* check if we hit the delim */
 		for (d = del; *d; d++) {
-			if (c == *d)
-				break;
-		}
-
 			if (c == *d && i > 0 && prev_c != '\\' && p == 0) {
 				if (c == '\n' && line_nr) {
 					*line_nr = *line_nr + 1;
 				}
-			if (only_blank) {
-				/* Got only <blank> so far. Reset and
-				 * try again with the next line.
-				 */
-				i = 0;
-				t = token;
-				only_blank = 1;
-				prev_c = c;
-				continue;
-			}
 				goto tokenread;
 			}
-		if (c != ' ' && c != '\t') {
-			/* Found something that is not <blank> */
-			only_blank= 0;
 		}
 		if (c != '\0' && c != '\n') {
 			i++;
 		}
-		/* is there space for the character and the zero after it */
-		if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
+		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
 			*t = '\0';
 			return -1;
 		}
 		if (c != '\0' && c != '\n') {
 			*t++ = c;
 		}
-		if (c == '\n') {
-			if (line_nr) {
-				*line_nr = *line_nr + 1;
-			}
-			only_blank = 1;	/* Assume next line starts with
-					 * <blank>.
-					 */
-		}
 		if (c == '\\' && prev_c == '\\')
 			prev_c = 0;
 		else	prev_c = c;
@@ -369,8 +329,8 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
 			/* in parentheses */
 			/* do not write ' ' if we want to skip spaces */
 			if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) {
-				/* check for space for the space character and a zero delimiter after that. */
-				if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
+				/* check for space for the space character */
+				if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
 					*t = '\0';
 					return -1;
 				}
@@ -397,7 +357,7 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
 		}
 
 		i++;
-		if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
+		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
 			*t = '\0';
 			return -1;
 		}

src/gldns/parse.h

@@ -153,6 +153,7 @@ int gldns_bgetc(struct gldns_buffer *buffer);
  * the position to the first character that is not in *s.
  * \param[in] *buffer buffer to use
  * \param[in] *s characters to skip
+ * \return void
  */
 void gldns_bskipcs(struct gldns_buffer *buffer, const char *s);
 
@@ -161,6 +162,7 @@ void gldns_bskipcs(struct gldns_buffer *buffer, const char *s);
  * the position to the first character that is not in *s.
  * \param[in] *fp file to use
  * \param[in] *s characters to skip
+ * \return void
  */
 void gldns_fskipcs(FILE *fp, const char *s);
 
@@ -171,6 +173,7 @@ void gldns_fskipcs(FILE *fp, const char *s);
  * \param[in] *fp file to use
  * \param[in] *s characters to skip
  * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+ * \return void
  */
 void gldns_fskipcs_l(FILE *fp, const char *s, int *line_nr);
 

src/gldns/parseutil.c

@@ -14,8 +14,12 @@
 
 #include "config.h"
 #include "gldns/parseutil.h"
+#ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
+#endif
+#ifdef HAVE_TIME_H
 #include <time.h>
+#endif
 #include <ctype.h>
 
 gldns_lookup_table *
@@ -167,7 +171,7 @@ gldns_gmtime64_r(int64_t clock, struct tm *result)
 static int64_t
 gldns_serial_arithmetics_time(int32_t time, time_t now)
 {
-	int32_t offset = (int32_t)((uint32_t) time - (uint32_t) now);
+	int32_t offset = time - (int32_t) now;
 	return (int64_t) now + offset;
 }
 
@@ -209,13 +213,11 @@ gldns_hexdigit_to_int(char ch)
 }
 
 uint32_t
-gldns_str2period(const char *nptr, const char **endptr, int* overflow)
+gldns_str2period(const char *nptr, const char **endptr)
 {
 	int sign = 0;
 	uint32_t i = 0;
 	uint32_t seconds = 0;
-	const uint32_t maxint = 0xffffffff;
-	*overflow = 0;
 
 	for(*endptr = nptr; **endptr; (*endptr)++) {
 		switch (**endptr) {
@@ -238,46 +240,26 @@ gldns_str2period(const char *nptr, const char **endptr, int* overflow)
 				break;
 			case 's':
 			case 'S':
-				if(seconds > maxint-i) {
-					*overflow = 1;
-					return 0;
-				}
 				seconds += i;
 				i = 0;
 				break;
 			case 'm':
 			case 'M':
-				if(i > maxint/60 || seconds > maxint-(i*60)) {
-					*overflow = 1;
-					return 0;
-				}
 				seconds += i * 60;
 				i = 0;
 				break;
 			case 'h':
 			case 'H':
-				if(i > maxint/(60*60) || seconds > maxint-(i*60*60)) {
-					*overflow = 1;
-					return 0;
-				}
 				seconds += i * 60 * 60;
 				i = 0;
 				break;
 			case 'd':
 			case 'D':
-				if(i > maxint/(60*60*24) || seconds > maxint-(i*60*60*24)) {
-					*overflow = 1;
-					return 0;
-				}
 				seconds += i * 60 * 60 * 24;
 				i = 0;
 				break;
 			case 'w':
 			case 'W':
-				if(i > maxint/(60*60*24*7) || seconds > maxint-(i*60*60*24*7)) {
-					*overflow = 1;
-					return 0;
-				}
 				seconds += i * 60 * 60 * 24 * 7;
 				i = 0;
 				break;
@@ -291,27 +273,15 @@ gldns_str2period(const char *nptr, const char **endptr, int* overflow)
 			case '7':
 			case '8':
 			case '9':
-				if(i > maxint/10 || i*10 > maxint - (**endptr - '0')) {
-					*overflow = 1;
-					return 0;
-				}
 				i *= 10;
 				i += (**endptr - '0');
 				break;
 			default:
-				if(seconds > maxint-i) {
-					*overflow = 1;
-					return 0;
-				}
 				seconds += i;
 				/* disregard signedness */
 				return seconds;
 		}
 	}
-	if(seconds > maxint-i) {
-		*overflow = 1;
-		return 0;
-	}
 	seconds += i;
 	/* disregard signedness */
 	return seconds;
@@ -653,18 +623,13 @@ size_t gldns_b64_ntop_calculate_size(size_t srcsize)
  *
  * This routine does not insert spaces or linebreaks after 76 characters.
  */
-static int gldns_b64_ntop_base(uint8_t const *src, size_t srclength,
-	char *target, size_t targsize, int base64url, int padding)
+int gldns_b64_ntop(uint8_t const *src, size_t srclength,
+	char *target, size_t targsize)
 {
-	char* b64;
+	const char* b64 =
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 	const char pad64 = '=';
 	size_t i = 0, o = 0;
-	if(base64url)
-		b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123"
-			"456789-_";
-	else
-		b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123"
-			"456789+/";
 	if(targsize < gldns_b64_ntop_calculate_size(srclength))
 		return -1;
 	/* whole chunks: xxxxxxyy yyyyzzzz zzwwwwww */
@@ -684,26 +649,18 @@ static int gldns_b64_ntop_base(uint8_t const *src, size_t srclength,
 		target[o] = b64[src[i] >> 2];
 		target[o+1] = b64[ ((src[i]&0x03)<<4) | (src[i+1]>>4) ];
 		target[o+2] = b64[ ((src[i+1]&0x0f)<<2) ];
-		if(padding) {
 		target[o+3] = pad64;
 		/* i += 2; */
 		o += 4;
-		} else {
-			o += 3;
-		}
 		break;
 	case 1:
 		/* one at end, converted into A B = = */
 		target[o] = b64[src[i] >> 2];
 		target[o+1] = b64[ ((src[i]&0x03)<<4) ];
-		if(padding) {
 		target[o+2] = pad64;
 		target[o+3] = pad64;
 		/* i += 1; */
 		o += 4;
-		} else {
-			o += 2;
-		}
 		break;
 	case 0:
 	default:
@@ -716,36 +673,19 @@ static int gldns_b64_ntop_base(uint8_t const *src, size_t srclength,
 	return (int)o;
 }
 
-int gldns_b64_ntop(uint8_t const *src, size_t srclength, char *target,
-	size_t targsize)
-{
-	return gldns_b64_ntop_base(src, srclength, target, targsize,
-		0 /* no base64url */, 1 /* padding */);
-}
-
-int gldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target,
-	size_t targsize)
-{
-	return gldns_b64_ntop_base(src, srclength, target, targsize,
-		1 /* base64url */, 0 /* no padding */);
-}
-
 size_t gldns_b64_pton_calculate_size(size_t srcsize)
 {
 	return (((((srcsize + 3) / 4) * 3)) + 1);
 }
 
-/* padding not required if srcsize is set */
-static int gldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target,
-	size_t targsize, int base64url)
+int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
 {
 	const uint8_t pad64 = 64; /* is 64th in the b64 array */
 	const char* s = src;
 	uint8_t in[4];
 	size_t o = 0, incount = 0;
-	int check_padding = (srcsize) ? 0 : 1;
 
-	while(*s && (check_padding || srcsize)) {
+	while(*s) {
 		/* skip any character that is not base64 */
 		/* conceptually we do:
 		const char* b64 =      pad'=' is appended to array
@@ -754,43 +694,30 @@ static int gldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target,
 		and use d-b64;
 		*/
 		char d = *s++;
-		srcsize--;
 		if(d <= 'Z' && d >= 'A')
 			d -= 'A';
 		else if(d <= 'z' && d >= 'a')
 			d = d - 'a' + 26;
 		else if(d <= '9' && d >= '0')
 			d = d - '0' + 52;
-		else if(!base64url && d == '+')
+		else if(d == '+')
 			d = 62;
-		else if(base64url && d == '-')
-			d = 62;
-		else if(!base64url && d == '/')
+		else if(d == '/')
 			d = 63;
-		else if(base64url && d == '_')
-			d = 63;
-		else if(d == '=') {
-			if(!check_padding)
-				continue;
+		else if(d == '=')
 			d = 64;
-		} else	continue;
-
+		else	continue;
 		in[incount++] = (uint8_t)d;
-		/* work on block of 4, unless padding is not used and there are
-		 * less than 4 chars left */
-		if(incount != 4 && (check_padding || srcsize))
+		if(incount != 4)
 			continue;
-		assert(!check_padding || incount==4);
 		/* process whole block of 4 characters into 3 output bytes */
-		if((incount == 2 ||
-			(incount == 4 && in[3] == pad64 && in[2] == pad64))) { /* A B = = */
+		if(in[3] == pad64 && in[2] == pad64) { /* A B = = */
 			if(o+1 > targsize)
 				return -1;
 			target[o] = (in[0]<<2) | ((in[1]&0x30)>>4);
 			o += 1;
 			break; /* we are done */
-		} else if(incount == 3 ||
-			(incount == 4 && in[3] == pad64)) { /* A B C = */
+		} else if(in[3] == pad64) { /* A B C = */
 			if(o+2 > targsize)
 				return -1;
 			target[o] = (in[0]<<2) | ((in[1]&0x30)>>4);
@@ -798,7 +725,7 @@ static int gldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target,
 			o += 2;
 			break; /* we are done */
 		} else {
-			if(incount != 4 || o+3 > targsize)
+			if(o+3 > targsize)
 				return -1;
 			/* write xxxxxxyy yyyyzzzz zzwwwwww */
 			target[o] = (in[0]<<2) | ((in[1]&0x30)>>4);
@@ -810,32 +737,3 @@ static int gldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target,
 	}
 	return (int)o;
 }
-
-int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
-{
-	return gldns_b64_pton_base(src, 0, target, targsize, 0);
-}
-
-int gldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
-	size_t targsize)
-{
-	if(!srcsize) {
-		return 0;
-	}
-	return gldns_b64_pton_base(src, srcsize, target, targsize, 1);
-}
-
-int gldns_b64_contains_nonurl(char const *src, size_t srcsize)
-{
-	const char* s = src;
-	while(*s && srcsize) {
-		char d = *s++;
-		srcsize--;
-		/* the '+' and the '/' and padding '=' is not allowed in b64
-		 * url encoding */
-		if(d == '+' || d == '/' || d == '=') {
-			return 1;
-		}
-	}
-	return 0;
-}

src/gldns/parseutil.h

@@ -58,7 +58,7 @@ time_t gldns_mktime_from_utc(const struct tm *tm);
  * The function interprets time as the number of seconds since epoch
  * with respect to now using serial arithmetics (rfc1982).
  * That number of seconds is then converted to broken-out time information.
- * This is especially useful when converting the inception and expiration
+ * This is especially usefull when converting the inception and expiration
  * fields of RRSIG records.
  *
  * \param[in] time number of seconds since epoch (midnight, January 1st, 1970)
@@ -74,11 +74,9 @@ struct tm * gldns_serial_arithmetics_gmtime_r(int32_t time, time_t now, struct t
  * converts a ttl value (like 5d2h) to a long.
  * \param[in] nptr the start of the string
  * \param[out] endptr points to the last char in case of error
- * \param[out] overflow returns if the string causes integer overflow error,
- * 	       the number is too big, string of digits too long.
  * \return the convert duration value
  */
-uint32_t gldns_str2period(const char *nptr, const char **endptr, int* overflow);
+uint32_t gldns_str2period(const char *nptr, const char **endptr);
 
 /**
  * Returns the int value of the given (hex) digit
@@ -94,17 +92,13 @@ size_t gldns_b64_ntop_calculate_size(size_t srcsize);
 
 int gldns_b64_ntop(uint8_t const *src, size_t srclength,
 	char *target, size_t targsize);
-int gldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target,
-	size_t targsize);
 
 /**
  * calculates the size needed to store the result of gldns_b64_pton
  */
 size_t gldns_b64_pton_calculate_size(size_t srcsize);
+
 int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
-int gldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
-	size_t targsize);
-int gldns_b64_contains_nonurl(char const *src, size_t srcsize);
 
 /**
  * calculates the size needed to store the result of b32_ntop

src/gldns/pkthdr.h

@@ -97,22 +97,18 @@ extern "C" {
 #define	QDCOUNT(wirebuf)		(ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF)))
 */
 #define	GLDNS_QDCOUNT(wirebuf)		(gldns_read_uint16(wirebuf+GLDNS_QDCOUNT_OFF))
-#define GLDNS_QDCOUNT_SET(wirebuf, i)    (gldns_write_uint16(wirebuf+GLDNS_QDCOUNT_OFF, i))
 
 /* Counter of the answer section */
 #define GLDNS_ANCOUNT_OFF		6
 #define	GLDNS_ANCOUNT(wirebuf)		(gldns_read_uint16(wirebuf+GLDNS_ANCOUNT_OFF))
-#define GLDNS_ANCOUNT_SET(wirebuf, i)    (gldns_write_uint16(wirebuf+GLDNS_ANCOUNT_OFF, i))
 
 /* Counter of the authority section */
 #define GLDNS_NSCOUNT_OFF		8
 #define	GLDNS_NSCOUNT(wirebuf)		(gldns_read_uint16(wirebuf+GLDNS_NSCOUNT_OFF))
-#define GLDNS_NSCOUNT_SET(wirebuf, i)    (gldns_write_uint16(wirebuf+GLDNS_NSCOUNT_OFF, i))
 
 /* Counter of the additional section */
 #define GLDNS_ARCOUNT_OFF		10
 #define	GLDNS_ARCOUNT(wirebuf)		(gldns_read_uint16(wirebuf+GLDNS_ARCOUNT_OFF))
-#define GLDNS_ARCOUNT_SET(wirebuf, i)    (gldns_write_uint16(wirebuf+GLDNS_ARCOUNT_OFF, i))
 
 /**
  * The sections of a packet

src/gldns/rrdef.c

@@ -155,9 +155,6 @@ static const gldns_rdf_type type_csync_wireformat[] = {
 static const gldns_rdf_type type_zonemd_wireformat[] = {
 	GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT8, GLDNS_RDF_TYPE_INT8, GLDNS_RDF_TYPE_HEX
 };
-static const gldns_rdf_type type_svcb_wireformat[] = {
-	GLDNS_RDF_TYPE_INT16, GLDNS_RDF_TYPE_DNAME
-};
 /* nsec3 is some vars, followed by same type of data of nsec */
 static const gldns_rdf_type type_nsec3_wireformat[] = {
 /*	GLDNS_RDF_TYPE_NSEC3_VARS, GLDNS_RDF_TYPE_NSEC3_NEXT_OWNER, GLDNS_RDF_TYPE_NSEC*/
@@ -391,10 +388,8 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
 	{GLDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 	/* 63 */
 	{GLDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-	/* 64 */
-	{GLDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, GLDNS_RDF_TYPE_SVCPARAM, GLDNS_RR_NO_COMPRESS, 1 },
-	/* 65 */
-	{GLDNS_RR_TYPE_HTTPS, "HTTPS", 2, 2, type_svcb_wireformat, GLDNS_RDF_TYPE_SVCPARAM, GLDNS_RR_NO_COMPRESS, 1 },
+{(enum gldns_enum_rr_type)0, "TYPE64", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE65", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 {(enum gldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 {(enum gldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 {(enum gldns_enum_rr_type)0, "TYPE68", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },

src/gldns/rrdef.h

@@ -195,9 +195,7 @@ enum gldns_enum_rr_type
 	GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
 	GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
 	GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
-	GLDNS_RR_TYPE_ZONEMD = 63, /* RFC8976 */
-	GLDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
-	GLDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
+	GLDNS_RR_TYPE_ZONEMD = 63, /* draft-wessels-dns-zone-digest */
 
 	GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
 
@@ -360,13 +358,8 @@ enum gldns_enum_rdf_type
 	/** TSIG extended 16bit error value */
 	GLDNS_RDF_TYPE_TSIGERROR,
 
-	/* draft-ietf-dnsop-svcb-https-05:
-	 * each SvcParam consisting of a SvcParamKey=SvcParamValue pair or
-	 * a standalone SvcParamKey */
-	GLDNS_RDF_TYPE_SVCPARAM,
-
         /* Aliases */
-        GLDNS_RDF_TYPE_BITMAP = GLDNS_RDF_TYPE_NSEC,
+        GLDNS_RDF_TYPE_BITMAP = GLDNS_RDF_TYPE_NSEC
 };
 typedef enum gldns_enum_rdf_type gldns_rdf_type;
 
@@ -439,43 +432,10 @@ enum gldns_enum_edns_option
 	GLDNS_EDNS_N3U = 7, /* RFC6975 */
 	GLDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */
 	GLDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/
-	GLDNS_EDNS_PADDING = 12, /* RFC7830 */
-	GLDNS_EDNS_EDE = 15, /* RFC8914 */
-	GLDNS_EDNS_CLIENT_TAG = 16 /* draft-bellis-dnsop-edns-tags-01 */
+	GLDNS_EDNS_PADDING = 12 /* RFC7830 */
 };
 typedef enum gldns_enum_edns_option gldns_edns_option;
 
-enum gldns_enum_ede_code
-{
-	GLDNS_EDE_NONE = -1, /* EDE undefined for internal use */
-	GLDNS_EDE_OTHER = 0,
-	GLDNS_EDE_UNSUPPORTED_DNSKEY_ALG = 1,
-	GLDNS_EDE_UNSUPPORTED_DS_DIGEST = 2,
-	GLDNS_EDE_STALE_ANSWER = 3,
-	GLDNS_EDE_FORGED_ANSWER = 4,
-	GLDNS_EDE_DNSSEC_INDETERMINATE = 5,
-	GLDNS_EDE_DNSSEC_BOGUS = 6,
-	GLDNS_EDE_SIGNATURE_EXPIRED = 7,
-	GLDNS_EDE_SIGNATURE_NOT_YET_VALID = 8,
-	GLDNS_EDE_DNSKEY_MISSING = 9,
-	GLDNS_EDE_RRSIGS_MISSING = 10,
-	GLDNS_EDE_NO_ZONE_KEY_BIT_SET = 11,
-	GLDNS_EDE_NSEC_MISSING = 12,
-	GLDNS_EDE_CACHED_ERROR = 13,
-	GLDNS_EDE_NOT_READY = 14,
-	GLDNS_EDE_BLOCKED = 15,
-	GLDNS_EDE_CENSORED = 16,
-	GLDNS_EDE_FILTERED = 17,
-	GLDNS_EDE_PROHIBITED = 18,
-	GLDNS_EDE_STALE_NXDOMAIN_ANSWER = 19,
-	GLDNS_EDE_NOT_AUTHORITATIVE = 20,
-	GLDNS_EDE_NOT_SUPPORTED = 21,
-	GLDNS_EDE_NO_REACHABLE_AUTHORITY = 22,
-	GLDNS_EDE_NETWORK_ERROR = 23,
-	GLDNS_EDE_INVALID_DATA = 24,
-};
-typedef enum gldns_enum_ede_code gldns_ede_code;
-
 #define GLDNS_EDNS_MASK_DO_BIT 0x8000
 
 /** TSIG and TKEY extended rcodes (16bit), 0-15 are the normal rcodes. */

src/gldns/str2wire.c

@@ -26,12 +26,11 @@
 #endif
 #include <stdlib.h>
 
-/** bits for the offset */
-#define RET_OFFSET_MASK (((unsigned)(~GLDNS_WIREPARSE_MASK))>>GLDNS_WIREPARSE_SHIFT)
 /** return an error */
-#define RET_ERR(e, off) ((int)(((e)&GLDNS_WIREPARSE_MASK)|(((off)&RET_OFFSET_MASK)<<GLDNS_WIREPARSE_SHIFT)))
+#define RET_ERR(e, off) ((int)((e)|((off)<<GLDNS_WIREPARSE_SHIFT)))
 /** Move parse error but keep its ID */
 #define RET_ERR_SHIFT(e, move) RET_ERR(GLDNS_WIREPARSE_ERROR(e), GLDNS_WIREPARSE_OFFSET(e)+(move));
+#define GLDNS_IP6ADDRLEN      (128/8)
 
 /*
  * No special care is taken, all dots are translated into
@@ -82,7 +81,7 @@ static int gldns_str2wire_dname_buf_rel(const char* str, uint8_t* buf,
 	for (s = str; *s; s++, q++) {
 		if (q >= buf + *olen)
 			return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, q-buf);
-		if (q >= buf + GLDNS_MAX_DOMAINLEN)
+		if (q > buf + GLDNS_MAX_DOMAINLEN)
 			return RET_ERR(GLDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, q-buf);
 		switch (*s) {
 		case '.':
@@ -119,7 +118,7 @@ static int gldns_str2wire_dname_buf_rel(const char* str, uint8_t* buf,
 		if(rel) *rel = 1;
 		if (q >= buf + *olen)
 			return RET_ERR(GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, q-buf);
-		if (q >= buf + GLDNS_MAX_DOMAINLEN) {
+		if (q > buf + GLDNS_MAX_DOMAINLEN) {
 			return RET_ERR(GLDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, q-buf);
 		}
                 if (label_len > GLDNS_MAX_LABELLEN) {
@@ -250,16 +249,11 @@ rrinternal_get_ttl(gldns_buffer* strbuf, char* token, size_t token_len,
 	int* not_there, uint32_t* ttl, uint32_t default_ttl)
 {
 	const char* endptr;
-	int overflow;
 	if(gldns_bget_token(strbuf, token, "\t\n ", token_len) == -1) {
 		return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_TTL,
 			gldns_buffer_position(strbuf));
 	}
-	*ttl = (uint32_t) gldns_str2period(token, &endptr, &overflow);
-	if(overflow) {
-		return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW,
-			gldns_buffer_position(strbuf));
-	}
+	*ttl = (uint32_t) gldns_str2period(token, &endptr);
 
 	if (strlen(token) > 0 && !isdigit((unsigned char)token[0])) {
 		*not_there = 1;
@@ -379,8 +373,7 @@ rrinternal_get_quoted(gldns_buffer* strbuf, const char** delimiters,
 
 		/* skip spaces */
 		while(gldns_buffer_remaining(strbuf) > 0 &&
-			(*(gldns_buffer_current(strbuf)) == ' ' ||
-			*(gldns_buffer_current(strbuf)) == '\t')) {
+			*(gldns_buffer_current(strbuf)) == ' ') {
 			gldns_buffer_skip(strbuf, 1);
 		}
 
@@ -552,10 +545,9 @@ gldns_parse_rdf_token(gldns_buffer* strbuf, char* token, size_t token_len,
 {
 	size_t slen;
 
-	/* skip spaces and tabs */
+	/* skip spaces */
 	while(gldns_buffer_remaining(strbuf) > 0 && !*quoted &&
-		(*(gldns_buffer_current(strbuf)) == ' ' ||
-		*(gldns_buffer_current(strbuf)) == '\t')) {
+		*(gldns_buffer_current(strbuf)) == ' ') {
 		gldns_buffer_skip(strbuf, 1);
 	}
 
@@ -611,10 +603,7 @@ gldns_affix_token(gldns_buffer* strbuf, char* token, size_t* token_len,
 	size_t addstrlen = 0;
 
 	/* add space */
-	/* when addlen < 2, the token buffer is full considering the NULL byte
-	 * from strlen and will lead to buffer overflow with the second
-	 * assignment below. */
-	if(addlen < 2) return 0;
+	if(addlen < 1) return 0;
 	token[*token_strlen] = ' ';
 	token[++(*token_strlen)] = 0;
 
@@ -627,122 +616,6 @@ gldns_affix_token(gldns_buffer* strbuf, char* token, size_t* token_len,
 	return 1;
 }
 
-static int gldns_str2wire_svcparam_key_cmp(const void *a, const void *b)
-{
-	return gldns_read_uint16(*(uint8_t**) a)
-	     - gldns_read_uint16(*(uint8_t**) b);
-}
-
-/**
- * Add constraints to the SVCB RRs which involve the whole set
- */
-static int gldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len)
-{
-	size_t   nparams = 0, i;
-	uint8_t  new_rdata[GLDNS_MAX_RDFLEN];
-	uint8_t* new_rdata_ptr = new_rdata;
-	uint8_t* svcparams[MAX_NUMBER_OF_SVCPARAMS];
-	uint8_t* rdata_ptr = rdata;
-	uint16_t rdata_remaining = rdata_len;
-
-	/* find the SvcParams */
-	while (rdata_remaining) {
-		uint16_t svcbparam_len;
-
-		svcparams[nparams] = rdata_ptr;
-		if (rdata_remaining < 4)
-			return GLDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA;
-		svcbparam_len = gldns_read_uint16(rdata_ptr + 2);
-		rdata_remaining -= 4;
-		rdata_ptr += 4;
-
-		if (rdata_remaining < svcbparam_len)
-			return GLDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA;
-		rdata_remaining -= svcbparam_len;
-		rdata_ptr += svcbparam_len;
-
-		nparams += 1;
-		if (nparams >= MAX_NUMBER_OF_SVCPARAMS)
-			return GLDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS;
-	}
-
-	/* In draft-ietf-dnsop-svcb-https-06 Section 7:
-	 *
-	 *     In wire format, the keys are represented by their numeric
-	 *     values in network byte order, concatenated in ascending order.
-	 */
-	qsort((void *)svcparams
-	     ,nparams
-	     ,sizeof(uint8_t*)
-	     ,gldns_str2wire_svcparam_key_cmp);
-
-
-	/* The code below revolves around semantic errors in the SVCParam set.
-	 * So long as we do not distinguish between running Unbound as a primary
-	 * or as a secondary, we default to secondary behavior and we ignore the
-	 * semantic errors. */
-
-#ifdef SVCB_SEMANTIC_ERRORS
-	{
-		uint8_t* mandatory = NULL;
-		/* In draft-ietf-dnsop-svcb-https-06 Section 7:
-		 *
-		 *     Keys (...) MUST NOT appear more than once.
-		 *
-		 * If they key has already been seen, we have a duplicate
-		 */
-		for(i=0; i < nparams; i++) {
-			uint16_t key = gldns_read_uint16(svcparams[i]);
-			if(i + 1 < nparams && key == gldns_read_uint16(svcparams[i+1]))
-				return GLDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS;
-			if(key == SVCB_KEY_MANDATORY)
-				mandatory = svcparams[i];
-		}
-
-		/* 4. verify that all the SvcParamKeys in mandatory are present */
-		if(mandatory) {
-			/* Divide by sizeof(uint16_t)*/
-			uint16_t mandatory_nkeys = gldns_read_uint16(mandatory + 2) / sizeof(uint16_t);
-
-			/* Guaranteed by gldns_str2wire_svcparam_key_value */
-			assert(mandatory_nkeys > 0);
-
-			for(i=0; i < mandatory_nkeys; i++) {
-				uint16_t mandatory_key = gldns_read_uint16(
-					mandatory
-					+ 2 * sizeof(uint16_t)
-					+ i * sizeof(uint16_t));
-				uint8_t found = 0;
-				size_t j;
-
-				for(j=0; j < nparams; j++) {
-					if(mandatory_key == gldns_read_uint16(svcparams[j])) {
-						found = 1;
-						break;
-					}
-				}
-
-				if(!found)
-					return GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM;
-			}
-		}
-	}
-#endif
-	/* Write rdata in correct order */
-	for (i = 0; i < nparams; i++) {
-		uint16_t svcparam_len = gldns_read_uint16(svcparams[i] + 2)
-		                      + 2 * sizeof(uint16_t);
-
-		if ((unsigned)(new_rdata_ptr - new_rdata) + svcparam_len > sizeof(new_rdata))
-			return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-
-		memcpy(new_rdata_ptr, svcparams[i], svcparam_len);
-		new_rdata_ptr += svcparam_len;
-	}
-	memcpy(rdata, new_rdata, rdata_len);
-	return GLDNS_WIREPARSE_ERR_OK;
-}
-
 /** parse rdata from string into rr buffer(-remainder after dname). */
 static int
 rrinternal_parse_rdata(gldns_buffer* strbuf, char* token, size_t token_len,
@@ -782,8 +655,7 @@ rrinternal_parse_rdata(gldns_buffer* strbuf, char* token, size_t token_len,
 
 		/* unknown RR data */
 		if(token_strlen>=2 && strncmp(token, "\\#", 2) == 0 &&
-			!quoted && (token_strlen == 2 || token[2]==' ' ||
-			token[2]=='\t')) {
+			!quoted && (token_strlen == 2 || token[2]==' ')) {
 			was_unknown_rr_format = 1;
 			if((status=rrinternal_parse_unknown(strbuf, token,
 				token_len, rr, rr_len, &rr_cur_len, 
@@ -841,42 +713,6 @@ rrinternal_parse_rdata(gldns_buffer* strbuf, char* token, size_t token_len,
 	/* write rdata length */
 	gldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10));
 	*rr_len = rr_cur_len;
-	/* SVCB/HTTPS handling  */
-	if (rr_type == GLDNS_RR_TYPE_SVCB || rr_type == GLDNS_RR_TYPE_HTTPS) {
-		size_t rdata_len = rr_cur_len - dname_len - 10;
-		uint8_t *rdata = rr+dname_len + 10;
-		
-		/* skip 1st rdata field SvcPriority (uint16_t) */
-		if (rdata_len < sizeof(uint16_t))
-			return GLDNS_WIREPARSE_ERR_OK;
-
-		rdata_len -= sizeof(uint16_t);
-		rdata += sizeof(uint16_t);
-
-		/* skip 2nd rdata field dname */
-		while (rdata_len && *rdata != 0) {
-			uint8_t label_len;
-
-			if (*rdata & 0xC0)
-				return GLDNS_WIREPARSE_ERR_OK;
-
-			label_len = *rdata + 1;
-			if (rdata_len < label_len)
-				return GLDNS_WIREPARSE_ERR_OK;
-
-			rdata_len -= label_len;
-			rdata += label_len;
-		}
-		/* The root label is one more character, so smaller
-		 * than 1 + 1 means no Svcparam Keys */
-		if (rdata_len < 2 || *rdata != 0)
-			return GLDNS_WIREPARSE_ERR_OK;
-
-		rdata_len -= 1;
-		rdata += 1;
-		return gldns_str2wire_check_svcbparams(rdata, rdata_len);
-
-	}
 	return GLDNS_WIREPARSE_ERR_OK;
 }
 
@@ -901,7 +737,7 @@ gldns_str2wire_rr_buf_internal(const char* str, uint8_t* rr, size_t* len,
 {
 	int status;
 	int not_there = 0;
-	char token[GLDNS_MAX_RDFLEN+1];
+	char token[GLDNS_MAX_RDFLEN+1] = "";
 	uint32_t ttl = 0;
 	uint16_t tp = 0, cl = 0;
 	size_t ddlen = 0;
@@ -1063,15 +899,12 @@ int gldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
 		return s;
 	} else if(strncmp(line, "$TTL", 4) == 0 && isspace((unsigned char)line[4])) {
 		const char* end = NULL;
-		int overflow = 0;
 		strlcpy((char*)rr, line, *len);
 		*len = 0;
 		*dname_len = 0;
 		if(!parse_state) return GLDNS_WIREPARSE_ERR_OK;
 		parse_state->default_ttl = gldns_str2period(
-			gldns_strip_ws(line+5), &end, &overflow);
-		if(overflow)
-			return GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW;
+			gldns_strip_ws(line+5), &end);
 	} else if (strncmp(line, "$INCLUDE", 8) == 0) {
 		strlcpy((char*)rr, line, *len);
 		*len = 0;
@@ -1097,533 +930,11 @@ int gldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
 			memmove(parse_state->prev_rr, rr, *dname_len);
 			parse_state->prev_rr_len = (*dname_len);
 		}
-		if(r == GLDNS_WIREPARSE_ERR_OK && parse_state) {
-			parse_state->default_ttl = gldns_wirerr_get_ttl(
-				rr, *len, *dname_len);
-		}
 		return r;
 	}
 	return GLDNS_WIREPARSE_ERR_OK;
 }
 
-static int
-gldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len)
-{
-	char buf[64];
-	char *endptr;
-	unsigned long int key_value;
-
-	if (key_len >= 4  && key_len <= 8 && !strncmp(key, "key", 3)) {
-		memcpy(buf, key + 3, key_len - 3);
-		buf[key_len - 3] = 0;
-		key_value = strtoul(buf, &endptr, 10);
-
-		if (endptr > buf	/* digits seen */
-		&& *endptr == 0		/* no non-digit chars after digits */
-		&&  key_value <= 65535)	/* no overflow */
-			return key_value;
-
-	} else switch (key_len) {
-	case sizeof("mandatory")-1:
-		if (!strncmp(key, "mandatory", sizeof("mandatory")-1))
-			return SVCB_KEY_MANDATORY;
-		if (!strncmp(key, "echconfig", sizeof("echconfig")-1))
-			return SVCB_KEY_ECH; /* allow "echconfig" as well as "ech" */
-		break;
-
-	case sizeof("alpn")-1:
-		if (!strncmp(key, "alpn", sizeof("alpn")-1))
-			return SVCB_KEY_ALPN;
-		if (!strncmp(key, "port", sizeof("port")-1))
-			return SVCB_KEY_PORT;
-		break;
-
-	case sizeof("no-default-alpn")-1:
-		if (!strncmp( key  , "no-default-alpn"
-		            , sizeof("no-default-alpn")-1))
-			return SVCB_KEY_NO_DEFAULT_ALPN;
-		break;
-
-	case sizeof("ipv4hint")-1:
-		if (!strncmp(key, "ipv4hint", sizeof("ipv4hint")-1))
-			return SVCB_KEY_IPV4HINT;
-		if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1))
-			return SVCB_KEY_IPV6HINT;
-		break;
-
-	case sizeof("ech")-1:
-		if (!strncmp(key, "ech", sizeof("ech")-1))
-			return SVCB_KEY_ECH;
-		break;
-
-	default:
-		break;
-	}
-
-	/* Although the returned value might be used by the caller,
-	 * the parser has erred, so the zone will not be loaded.
-	 */
-	return -1;
-}
-
-static int
-gldns_str2wire_svcparam_port(const char* val, uint8_t* rd, size_t* rd_len)
-{
-	unsigned long int port;
-	char *endptr;
-
-	if (*rd_len < 6)
-		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-
-	port = strtoul(val, &endptr, 10);
-
-	if (endptr > val	/* digits seen */
-	&& *endptr == 0		/* no non-digit chars after digits */
-	&&  port <= 65535) {	/* no overflow */
-
-		gldns_write_uint16(rd, SVCB_KEY_PORT);
-		gldns_write_uint16(rd + 2, sizeof(uint16_t));
-		gldns_write_uint16(rd + 4, port);
-		*rd_len = 6;
-
-		return GLDNS_WIREPARSE_ERR_OK;
-	}
-
-	return GLDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX;
-}
-
-static int
-gldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len)
-{
-	size_t count;
-	char ip_str[INET_ADDRSTRLEN+1];
-	char *next_ip_str;
-	size_t i;
-
-	for (i = 0, count = 1; val[i]; i++) {
-		if (val[i] == ',')
-			count += 1;
-		if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
-			return GLDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES;
-		}
-	}
-
-	if (*rd_len < (GLDNS_IP4ADDRLEN * count) + 4)
-		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-
-	/* count is number of comma's in val + 1; so the actual number of IPv4
-	 * addresses in val
-	 */
-	gldns_write_uint16(rd, SVCB_KEY_IPV4HINT);
-	gldns_write_uint16(rd + 2, GLDNS_IP4ADDRLEN * count);
-	*rd_len = 4;
-
-	while (count) {
-		if (!(next_ip_str = strchr(val, ','))) {
-			if (inet_pton(AF_INET, val, rd + *rd_len) != 1)
-				break;
-			*rd_len += GLDNS_IP4ADDRLEN;
-
-			assert(count == 1);
-
-		} else if (next_ip_str - val >= (int)sizeof(ip_str))
-			break;
-
-		else {
-			memcpy(ip_str, val, next_ip_str - val);
-			ip_str[next_ip_str - val] = 0;
-			if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) {
-				break;
-			}
-			*rd_len += GLDNS_IP4ADDRLEN;
-
-			val = next_ip_str + 1;
-		}
-		count--;
-	}
-	if (count) /* verify that we parsed all values */
-		return GLDNS_WIREPARSE_ERR_SYNTAX_IP4;
-
-	return GLDNS_WIREPARSE_ERR_OK;
-}
-
-static int
-gldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len)
-{
-	size_t count;
-	char ip_str[INET6_ADDRSTRLEN+1];
-	char *next_ip_str;
-	size_t i;
-
-	for (i = 0, count = 1; val[i]; i++) {
-		if (val[i] == ',')
-			count += 1;
-		if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
-			return GLDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES;
-		}
-	}
-
-	if (*rd_len < (GLDNS_IP6ADDRLEN * count) + 4)
-		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-
-	/* count is number of comma's in val + 1; so the actual number of IPv6
-	 * addresses in val
-	 */
-	gldns_write_uint16(rd, SVCB_KEY_IPV6HINT);
-	gldns_write_uint16(rd + 2, GLDNS_IP6ADDRLEN * count);
-	*rd_len = 4;
-
-	while (count) {
-		if (!(next_ip_str = strchr(val, ','))) {
-			if (inet_pton(AF_INET6, val, rd + *rd_len) != 1)
-				break;
-			*rd_len += GLDNS_IP6ADDRLEN;
-
-			assert(count == 1);
-
-		} else if (next_ip_str - val >= (int)sizeof(ip_str))
-			break;
-
-		else {
-			memcpy(ip_str, val, next_ip_str - val);
-			ip_str[next_ip_str - val] = 0;
-			if (inet_pton(AF_INET6, ip_str, rd + *rd_len) != 1) {
-				break;
-			}
-			*rd_len += GLDNS_IP6ADDRLEN;
-
-			val = next_ip_str + 1;
-		}
-		count--;
-	}
-	if (count) /* verify that we parsed all values */
-		return GLDNS_WIREPARSE_ERR_SYNTAX_IP6;
-
-	return GLDNS_WIREPARSE_ERR_OK;
-}
-
-/* compare function used for sorting uint16_t's */
-static int
-gldns_network_uint16_cmp(const void *a, const void *b)
-{
-	return ((int)gldns_read_uint16(a)) - ((int)gldns_read_uint16(b));
-}
-
-static int
-gldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len)
-{
-	size_t i, count, val_len;
-	char* next_key;
-
-	val_len = strlen(val);
-
-	for (i = 0, count = 1; val[i]; i++) {
-		if (val[i] == ',')
-			count += 1;
-		if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
-			return GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS;
-		}
-	}
-	if (sizeof(uint16_t) * (count + 2) > *rd_len)
-		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-
-	gldns_write_uint16(rd, SVCB_KEY_MANDATORY);
-	gldns_write_uint16(rd + 2, sizeof(uint16_t) * count);
-	*rd_len = 4;
-
-	while (1) {
-		int svcparamkey;
-
-		if (!(next_key = strchr(val, ','))) {
-			svcparamkey = gldns_str2wire_svcparam_key_lookup(val, val_len);
-
-			if (svcparamkey < 0) {
-				return GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
-			}
-
-			gldns_write_uint16(rd + *rd_len, svcparamkey);
-			*rd_len += 2;
-			break;
-		} else {
-			svcparamkey = gldns_str2wire_svcparam_key_lookup(val, next_key - val);
-
-			if (svcparamkey < 0) {
-				return GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
-			}
-
-			gldns_write_uint16(rd + *rd_len,
-				svcparamkey);
-			*rd_len += 2;
-		}
-
-		val_len -= next_key - val + 1;
-		val = next_key + 1; /* skip the comma */
-	}
-
-	/* In draft-ietf-dnsop-svcb-https-06 Section 7:
-	 *
-	 *    "In wire format, the keys are represented by their numeric
-	 *     values in network byte order, concatenated in ascending order."
-	 */
-	qsort((void *)(rd + 4), count, sizeof(uint16_t), gldns_network_uint16_cmp);
-
-	/* The code below revolves around semantic errors in the SVCParam set.
-	 * So long as we do not distinguish between running Unbound as a primary
-	 * or as a secondary, we default to secondary behavior and we ignore the
-	 * semantic errors. */
-#ifdef SVCB_SEMANTIC_ERRORS
-	/* In draft-ietf-dnsop-svcb-https-06 Section 8
-	 * automatically mandatory MUST NOT appear in its own value-list
-	 */
-	if (gldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY)
-		return GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY;
-
-	/* Guarantee key uniqueness. After the sort we only need to
-	 * compare neighbouring keys */
-	if (count > 1) {
-		for (i = 0; i < count - 1; i++) {
-			uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i));
-			uint16_t key = gldns_read_uint16(current_pos);
-
-			if (key == gldns_read_uint16(current_pos + 2)) {
-				return GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY;
-			}
-		}
-	}
-#endif
-	return GLDNS_WIREPARSE_ERR_OK;
-}
-
-static int
-gldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len)
-{
-	uint8_t buffer[GLDNS_MAX_RDFLEN];
-	int wire_len;
-
-	/* single 0 represents empty buffer */
-	if(strcmp(val, "0") == 0) {
-		if (*rd_len < 4)
-			return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-		gldns_write_uint16(rd, SVCB_KEY_ECH);
-		gldns_write_uint16(rd + 2, 0);
-
-		return GLDNS_WIREPARSE_ERR_OK;
-	}
-
-	wire_len = gldns_b64_pton(val, buffer, GLDNS_MAX_RDFLEN);
-
-	if (wire_len <= 0) {
-		return GLDNS_WIREPARSE_ERR_SYNTAX_B64;
-	} else if ((unsigned)wire_len + 4 > *rd_len) {
-		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-	} else {
-		gldns_write_uint16(rd, SVCB_KEY_ECH);
-		gldns_write_uint16(rd + 2, wire_len);
-		memcpy(rd + 4, buffer, wire_len);
-		*rd_len = 4 + wire_len;
-
-		return GLDNS_WIREPARSE_ERR_OK;
-	}
-}
-
-static const char*
-gldns_str2wire_svcbparam_parse_next_unescaped_comma(const char *val)
-{
-	while (*val) {
-		/* Only return when the comma is not escaped*/
-		if (*val == '\\'){
-			++val;
-			if (!*val)
-				break;
-		} else if (*val == ',')
-				return val;
-
-		val++;
-	}
-	return NULL;
-}
-
-/* The source is already properly unescaped, this double unescaping is purely to allow for
- * comma's in comma separated alpn lists.
- * 
- * In draft-ietf-dnsop-svcb-https-06 Section 7:
- * To enable simpler parsing, this SvcParamValue MUST NOT contain escape sequences.
- */
-static size_t
-gldns_str2wire_svcbparam_parse_copy_unescaped(uint8_t *dst,
-	const char *src, size_t len)
-{
-	uint8_t *orig_dst = dst;
-
-	while (len) {
-		if (*src == '\\') {
-			src++;
-			len--;
-			if (!len)
-				break;
-		}
-		*dst++ = *src++;
-		len--;
-	}
-	return (size_t)(dst - orig_dst);
-}
-
-static int
-gldns_str2wire_svcbparam_alpn_value(const char* val,
-	uint8_t* rd, size_t* rd_len)
-{
-	uint8_t     unescaped_dst[GLDNS_MAX_RDFLEN];
-	uint8_t    *dst = unescaped_dst;
-	const char *next_str;
-	size_t      str_len;
-	size_t      dst_len;
-	size_t      val_len;
-	
-	val_len = strlen(val);
-
-	if (val_len > sizeof(unescaped_dst)) {
-		return GLDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE;
-	}
-	while (val_len) {
-		size_t key_len;
-
-		str_len = (next_str = gldns_str2wire_svcbparam_parse_next_unescaped_comma(val))
-		        ? (size_t)(next_str - val) : val_len;
-
-		if (str_len > 255) {
-			return GLDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE;
-		}
-
-		key_len = gldns_str2wire_svcbparam_parse_copy_unescaped(dst + 1, val, str_len);
-		*dst++ = key_len;
-		 dst  += key_len;
-
-		if (!next_str)
-			break;
-
-		/* skip the comma in the next iteration */
-		val_len -= next_str - val + 1;
-		val = next_str + 1;
-	}
-	dst_len = dst - unescaped_dst;
-	if (*rd_len < 4 + dst_len)
-		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-	gldns_write_uint16(rd, SVCB_KEY_ALPN);
-	gldns_write_uint16(rd + 2, dst_len);
-	memcpy(rd + 4, unescaped_dst, dst_len);
-	*rd_len = 4 + dst_len;
-	
-	return GLDNS_WIREPARSE_ERR_OK;
-}
-
-static int
-gldns_str2wire_svcparam_value(const char *key, size_t key_len,
-	const char *val, uint8_t* rd, size_t* rd_len)
-{
-	size_t str_len;
-	int svcparamkey = gldns_str2wire_svcparam_key_lookup(key, key_len);
-
-	if (svcparamkey < 0) {
-		return GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
-	}
-
-	/* key without value */
-	if (val == NULL) {
-		switch (svcparamkey) {
-#ifdef SVCB_SEMANTIC_ERRORS
-		case SVCB_KEY_MANDATORY:
-		case SVCB_KEY_ALPN:
-		case SVCB_KEY_PORT:
-		case SVCB_KEY_IPV4HINT:
-		case SVCB_KEY_IPV6HINT:
-			return GLDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM;
-#endif
-		default:
-			if (*rd_len < 4)
-				return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-			gldns_write_uint16(rd, svcparamkey);
-			gldns_write_uint16(rd + 2, 0);
-			*rd_len = 4;
-
-			return GLDNS_WIREPARSE_ERR_OK;
-		}
-	}
-
-	/* value is non-empty */
-	switch (svcparamkey) {
-	case SVCB_KEY_PORT:
-		return gldns_str2wire_svcparam_port(val, rd, rd_len);
-	case SVCB_KEY_IPV4HINT:
-		return gldns_str2wire_svcbparam_ipv4hint(val, rd, rd_len);
-	case SVCB_KEY_IPV6HINT:
-		return gldns_str2wire_svcbparam_ipv6hint(val, rd, rd_len);
-	case SVCB_KEY_MANDATORY:
-		return gldns_str2wire_svcbparam_mandatory(val, rd, rd_len);
-#ifdef SVCB_SEMANTIC_ERRORS
-	case SVCB_KEY_NO_DEFAULT_ALPN:
-		return GLDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE;
-#endif
-	case SVCB_KEY_ECH:
-		return gldns_str2wire_svcbparam_ech_value(val, rd, rd_len);
-	case SVCB_KEY_ALPN:
-		return gldns_str2wire_svcbparam_alpn_value(val, rd, rd_len);
-	default:
-		str_len = strlen(val);
-		if (*rd_len < 4 + str_len)
-			return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
-		gldns_write_uint16(rd, svcparamkey);
-		gldns_write_uint16(rd + 2, str_len);
-		memcpy(rd + 4, val, str_len);
-		*rd_len = 4 + str_len;
-
-		return GLDNS_WIREPARSE_ERR_OK;
-	}
-
-	return GLDNS_WIREPARSE_ERR_GENERAL;
-}
-
-static int gldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len)
-{
-	const char* eq_pos;
-	char unescaped_val[GLDNS_MAX_RDFLEN];
-	char* val_out = unescaped_val;
-	const char* val_in;
-
-	eq_pos = strchr(str, '=');
-
-	/* case: key=value */
-	if (eq_pos != NULL && eq_pos[1]) {
-		val_in = eq_pos + 1;
-		
-		/* unescape characters and "" blocks */
-		if (*val_in == '"') {
-			val_in++;
-			while (*val_in != '"'
-			&& (size_t)(val_out - unescaped_val + 1) < sizeof(unescaped_val)
-			&& gldns_parse_char( (uint8_t*) val_out, &val_in)) {
-				val_out++;
-			}
-		} else {
-			while ((size_t)(val_out - unescaped_val + 1) < sizeof(unescaped_val)
-			&& gldns_parse_char( (uint8_t*) val_out, &val_in)) {
-				val_out++;
-			}
-		}
-		*val_out = 0;
-
-		return gldns_str2wire_svcparam_value(str, eq_pos - str, 
-		                                         unescaped_val[0] ? unescaped_val : NULL, rd, rd_len);
-	}
-	/* case: key= */
-	else if (eq_pos != NULL && !(eq_pos[1])) { 
-		return gldns_str2wire_svcparam_value(str, eq_pos - str, NULL, rd, rd_len);
-	}
-	/* case: key */
-	else {
-		return gldns_str2wire_svcparam_value(str, strlen(str), NULL, rd, rd_len);
-	}
-}
-
 int gldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
 	gldns_rdf_type rdftype)
 {
@@ -1698,8 +1009,6 @@ int gldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
 		return gldns_str2wire_int16_data_buf(str, rd, len);
 	case GLDNS_RDF_TYPE_AMTRELAY:
 		return gldns_str2wire_amtrelay_buf(str, rd, len);
-	case GLDNS_RDF_TYPE_SVCPARAM:
-		return gldns_str2wire_svcparam_buf(str, rd, len);
 	case GLDNS_RDF_TYPE_UNKNOWN:
 	case GLDNS_RDF_TYPE_SERVICE:
 		return GLDNS_WIREPARSE_ERR_NOT_IMPL;
@@ -2170,13 +1479,9 @@ int gldns_str2wire_tsigtime_buf(const char* str, uint8_t* rd, size_t* len)
 int gldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len)
 {
 	const char* end;
-	int overflow;
-	uint32_t p = gldns_str2period(str, &end, &overflow);
+	uint32_t p = gldns_str2period(str, &end);
 	if(*end != 0)
 		return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_PERIOD, end-str);
-	if(overflow)
-		return RET_ERR(GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW,
-			end-str);
 	if(*len < 4)
 		return GLDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
 	gldns_write_uint32(rd, p);
@@ -2189,17 +1494,13 @@ static int
 loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e)
 {
 	uint32_t meters = 0, cm = 0, val;
-	char* cm_endstr;
 	while (isblank((unsigned char)*my_str)) {
 		my_str++;
 	}
 	meters = (uint32_t)strtol(my_str, &my_str, 10);
 	if (*my_str == '.') {
 		my_str++;
-		cm = (uint32_t)strtol(my_str, &cm_endstr, 10);
-		if(cm_endstr == my_str + 1)
-			cm *= 10;
-		my_str = cm_endstr;
+		cm = (uint32_t)strtol(my_str, &my_str, 10);
 	}
 	if (meters >= 1) {
 		*e = 2;

src/gldns/str2wire.h

@@ -23,27 +23,10 @@ extern "C" {
 #endif
 struct gldns_struct_lookup_table;
 
-#define GLDNS_IP4ADDRLEN      (32/8)
-#define GLDNS_IP6ADDRLEN      (128/8)
-
 /** buffer to read an RR, cannot be larger than 64K because of packet size */
 #define GLDNS_RR_BUF_SIZE 65535 /* bytes */
 #define GLDNS_DEFAULT_TTL	3600
 
-/* SVCB keys currently defined in draft-ietf-dnsop-svcb-https */
-#define SVCB_KEY_MANDATORY		0
-#define SVCB_KEY_ALPN			1
-#define SVCB_KEY_NO_DEFAULT_ALPN	2
-#define SVCB_KEY_PORT			3
-#define SVCB_KEY_IPV4HINT		4
-#define SVCB_KEY_ECH			5
-#define SVCB_KEY_IPV6HINT		6
-#define SVCPARAMKEY_COUNT		7
-
-#define MAX_NUMBER_OF_SVCPARAMS	64
-
-#define SVCB_MAX_COMMA_SEPARATED_VALUES	1000
-
 /*
  * To convert class and type to string see
  * gldns_get_rr_class_by_name(str)
@@ -187,7 +170,7 @@ uint8_t* gldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len);
 #define GLDNS_WIREPARSE_MASK 0x0fff
 #define GLDNS_WIREPARSE_SHIFT 12
 #define GLDNS_WIREPARSE_ERROR(e) ((e)&GLDNS_WIREPARSE_MASK)
-#define GLDNS_WIREPARSE_OFFSET(e) ((((unsigned)(e))&~GLDNS_WIREPARSE_MASK)>>GLDNS_WIREPARSE_SHIFT)
+#define GLDNS_WIREPARSE_OFFSET(e) (((e)&~GLDNS_WIREPARSE_MASK)>>GLDNS_WIREPARSE_SHIFT)
 /* use lookuptable to get error string, gldns_wireparse_errors */
 #define GLDNS_WIREPARSE_ERR_OK 0
 #define GLDNS_WIREPARSE_ERR_GENERAL 342
@@ -221,20 +204,6 @@ uint8_t* gldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len);
 #define GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW 370
 #define GLDNS_WIREPARSE_ERR_INCLUDE 371
 #define GLDNS_WIREPARSE_ERR_PARENTHESIS 372
-#define GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY 373
-#define GLDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM 374
-#define GLDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS 375
-#define GLDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 376
-#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS 377
-#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM 378
-#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 379
-#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 380
-#define GLDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX 381
-#define GLDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES 382
-#define GLDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES 383
-#define GLDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE 384
-#define GLDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE 385
-#define GLDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA 386
 
 /**
  * Get reference to a constant string for the (parse) error.

src/gldns/wire2str.c

@@ -14,7 +14,6 @@
  * Contains functions to translate the wireformat to text
  * representation, as well as functions to print them.
  */
-#include <stdlib.h>
 #include "config.h"
 #include "gldns/wire2str.h"
 #include "gldns/str2wire.h"
@@ -151,30 +150,6 @@ static gldns_lookup_table gldns_wireparse_errors_data[] = {
 	{ GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer overflow" },
 	{ GLDNS_WIREPARSE_ERR_INCLUDE, "$INCLUDE directive was seen in the zone" },
 	{ GLDNS_WIREPARSE_ERR_PARENTHESIS, "Parse error, parenthesis mismatch" },
-	{ GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY, "Unknown SvcParamKey"},
-	{ GLDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM, "SvcParam is missing a SvcParamValue"},
-	{ GLDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"},
-	{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS, "Too many keys in mandatory" },
-	{ GLDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS,
-		"Too many SvcParams. Unbound only allows 63 entries" },
-	{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM,
-		"Mandatory SvcParamKey is missing"},
-	{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY,
-		"Keys in SvcParam mandatory MUST be unique" },
-	{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY, 
-		"mandatory MUST not be included as mandatory parameter" },
-	{ GLDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX,
-		"Could not parse port SvcParamValue" },
-	{ GLDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES,
-		"Too many IPv4 addresses in ipv4hint" },
-	{ GLDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES,
-		"Too many IPv6 addresses in ipv6hint" },
-	{ GLDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE,
-		"Alpn strings need to be smaller than 255 chars"},
-	{ GLDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE,
-		"No-default-alpn should not have a value" },
-	{ GLDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA,
-		"General SVCParam error" },
 	{ 0, NULL }
 };
 gldns_lookup_table* gldns_wireparse_errors = gldns_wireparse_errors_data;
@@ -196,7 +171,6 @@ static gldns_lookup_table gldns_edns_options_data[] = {
 	{ 8, "edns-client-subnet" },
 	{ 11, "edns-tcp-keepalive"},
 	{ 12, "Padding" },
-	{ 15, "EDE"},
 	{ 0, NULL}
 };
 gldns_lookup_table* gldns_edns_options = gldns_edns_options_data;
@@ -223,12 +197,6 @@ static gldns_lookup_table gldns_tsig_errors_data[] = {
 };
 gldns_lookup_table* gldns_tsig_errors = gldns_tsig_errors_data;
 
-/* draft-ietf-dnsop-svcb-https-06: 6. Initial SvcParamKeys */
-const char *svcparamkey_strs[] = {
-	"mandatory", "alpn", "no-default-alpn", "port",
-	"ipv4hint", "ech", "ipv6hint"
-};
-
 char* gldns_wire2str_pkt(uint8_t* data, size_t len)
 {
 	size_t slen = (size_t)gldns_wire2str_pkt_buf(data, len, NULL, 0);
@@ -820,7 +788,6 @@ int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 	unsigned i, counter=0;
 	unsigned maxcompr = 1000; /* loop detection, max compr ptrs */
 	int in_buf = 1;
-	size_t dname_len = 0;
 	if(comprloop) {
 		if(*comprloop != 0)
 			maxcompr = 30; /* for like ipv6 reverse name, per label */
@@ -854,12 +821,9 @@ int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 			if(!pkt || target >= pktlen)
 				return w + gldns_str_print(s, slen,
 					"ErrorComprPtrOutOfBounds");
-			if(counter++ > maxcompr) {
-				if(comprloop && *comprloop < 10)
-					(*comprloop)++;
+			if(counter++ > maxcompr)
 				return w + gldns_str_print(s, slen,
 					"ErrorComprPtrLooped");
-			}
 			in_buf = 0;
 			pos = pkt+target;
 			continue;
@@ -876,16 +840,6 @@ int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 			labellen = (uint8_t)*dlen;
 		else if(!in_buf && pos+(size_t)labellen > pkt+pktlen)
 			labellen = (uint8_t)(pkt + pktlen - pos);
-		dname_len += ((size_t)labellen)+1;
-		if(dname_len > GLDNS_MAX_DOMAINLEN) {
-			/* dname_len counts the uncompressed length we have
-			 * seen so far, and the domain name has become too
-			 * long, prevent the loop from printing overly long
-			 * content. */
-			w += gldns_str_print(s, slen,
-				"ErrorDomainNameTooLong");
-			return w;
-		}
 		for(i=0; i<(unsigned)labellen; i++) {
 			w += dname_char_print(s, slen, *pos++);
 		}
@@ -984,253 +938,6 @@ int gldns_wire2str_ttl_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
 	return gldns_str_print(s, slen, "%u", (unsigned)ttl);
 }
 
-static int
-gldns_print_svcparamkey(char** s, size_t* slen, uint16_t svcparamkey)
-{
-	if (svcparamkey < SVCPARAMKEY_COUNT) {
-		return gldns_str_print(s, slen, "%s", svcparamkey_strs[svcparamkey]);
-	}
-	else {
-		return gldns_str_print(s, slen, "key%d", (int)svcparamkey);
-	}
-}
-
-static int gldns_wire2str_svcparam_port2str(char** s,
-	size_t* slen, uint16_t data_len, uint8_t* data)
-{
-	int w = 0;
-
-	if (data_len != 2)
-		return -1; /* wireformat error, a short is 2 bytes */
-	w = gldns_str_print(s, slen, "=%d", (int)gldns_read_uint16(data));
-
-	return w;
-}
-
-static int gldns_wire2str_svcparam_ipv4hint2str(char** s,
-	size_t* slen, uint16_t data_len, uint8_t* data)
-{
-	char ip_str[INET_ADDRSTRLEN + 1];
-
-	int w = 0;
-
-	assert(data_len > 0);
-
-	if ((data_len % GLDNS_IP4ADDRLEN) == 0) {
-		if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL)
-			return -1; /* wireformat error, incorrect size or inet family */
-
-		w += gldns_str_print(s, slen, "=%s", ip_str);
-		data += GLDNS_IP4ADDRLEN;
-
-		while ((data_len -= GLDNS_IP4ADDRLEN) > 0) {
-			if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL)
-				return -1; /* wireformat error, incorrect size or inet family */
-
-			w += gldns_str_print(s, slen, ",%s", ip_str);
-			data += GLDNS_IP4ADDRLEN;
-		}
-	} else
-		return -1;
-
-	return w;
-}
-
-static int gldns_wire2str_svcparam_ipv6hint2str(char** s,
-	size_t* slen, uint16_t data_len, uint8_t* data)
-{
-	char ip_str[INET6_ADDRSTRLEN + 1];
-
-	int w = 0;
-
-	assert(data_len > 0);
-
-	if ((data_len % GLDNS_IP6ADDRLEN) == 0) {
-		if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL)
-			return -1; /* wireformat error, incorrect size or inet family */
-
-		w += gldns_str_print(s, slen, "=%s", ip_str);
-		data += GLDNS_IP6ADDRLEN;
-
-		while ((data_len -= GLDNS_IP6ADDRLEN) > 0) {
-			if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL)
-				return -1; /* wireformat error, incorrect size or inet family */
-
-			w += gldns_str_print(s, slen, ",%s", ip_str);
-			data += GLDNS_IP6ADDRLEN;
-		}
-	} else
-		return -1;
-
-	return w;
-}
-
-static int gldns_wire2str_svcparam_mandatory2str(char** s,
-	size_t* slen, uint16_t data_len, uint8_t* data)
-{
-	int w = 0;
-
-	assert(data_len > 0);
-
-	if (data_len % sizeof(uint16_t))
-		return -1; /* wireformat error, data_len must be multiple of shorts */
-	w += gldns_str_print(s, slen, "=");
-	w += gldns_print_svcparamkey(s, slen, gldns_read_uint16(data));
-	data += 2;
-
-	while ((data_len -= sizeof(uint16_t))) {
-		w += gldns_str_print(s, slen, ",");
-		w += gldns_print_svcparamkey(s, slen, gldns_read_uint16(data));
-		data += 2;
-	}
-
-	return w;
-}
-
-static int gldns_wire2str_svcparam_alpn2str(char** s,
-	size_t* slen, uint16_t data_len, uint8_t* data)
-{
-	uint8_t *dp = (void *)data;
-	int w = 0;
-
-	assert(data_len > 0); /* Guaranteed by gldns_wire2str_svcparam_scan */
-
-	w += gldns_str_print(s, slen, "=\"");
-	while (data_len) {
-		/* alpn is list of length byte (str_len) followed by a string of that size */
-		uint8_t i, str_len = *dp++;
-
-		if (str_len > --data_len)
-			return -1;
-
-		for (i = 0; i < str_len; i++) {
-			if (dp[i] == '"' || dp[i] == '\\')
-				w += gldns_str_print(s, slen, "\\\\\\%c", dp[i]);
-
-			else if (dp[i] == ',')
-				w += gldns_str_print(s, slen, "\\\\%c", dp[i]);
-
-			else if (!isprint(dp[i]))
-				w += gldns_str_print(s, slen, "\\%03u", (unsigned) dp[i]);
-
-			else
-				w += gldns_str_print(s, slen, "%c", dp[i]);
-		}
-		dp += str_len;
-		if ((data_len -= str_len))
-			w += gldns_str_print(s, slen, "%s", ",");
-	}
-	w += gldns_str_print(s, slen, "\"");
-	
-	return w;
-}
-
-static int gldns_wire2str_svcparam_ech2str(char** s,
-	size_t* slen, uint16_t data_len, uint8_t* data)
-{
-	int size;
-	int w = 0;
-
-	assert(data_len > 0); /* Guaranteed by gldns_wire2str_svcparam_scan */
-
-	w += gldns_str_print(s, slen, "=\"");
-
-	if ((size = gldns_b64_ntop(data, data_len, *s, *slen)) < 0)
-		return -1;
-
-	(*s) += size;
-	(*slen) -= size;
-
-	w += gldns_str_print(s, slen, "\"");	
-
-	return w + size;
-}
-
-int gldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
-{
-	uint8_t ch;
-	uint16_t svcparamkey, data_len;
-	int written_chars = 0;
-	int r, i;
-
-	/* verify that we have enough data to read svcparamkey and data_len */
-	if(*dlen < 4)
-		return -1;
-
-	svcparamkey = gldns_read_uint16(*d);
-	data_len = gldns_read_uint16(*d+2);
-	*d    += 4;
-	*dlen -= 4;
-
-	/* verify that we have data_len data */
-	if (data_len > *dlen)
-		return -1; 
-
-	written_chars += gldns_print_svcparamkey(s, slen, svcparamkey);
-	if (!data_len) {
-
-	 	/* Some SvcParams MUST have values */
-	 	switch (svcparamkey) {
-	 	case SVCB_KEY_ALPN:
-	 	case SVCB_KEY_PORT:
-	 	case SVCB_KEY_IPV4HINT:
-	 	case SVCB_KEY_IPV6HINT:
-	 	case SVCB_KEY_MANDATORY:
-	 		return -1;
-	 	default:
-	 		return written_chars;
-	 	}
-	}
-
-	switch (svcparamkey) {
-	case SVCB_KEY_PORT:
-		r = gldns_wire2str_svcparam_port2str(s, slen, data_len, *d);
-		break;
-	case SVCB_KEY_IPV4HINT:
-		r = gldns_wire2str_svcparam_ipv4hint2str(s, slen, data_len, *d);
-		break;
-	case SVCB_KEY_IPV6HINT:
-		r = gldns_wire2str_svcparam_ipv6hint2str(s, slen, data_len, *d);
-		break;
-	case SVCB_KEY_MANDATORY:
-		r = gldns_wire2str_svcparam_mandatory2str(s, slen, data_len, *d);
-		break;
-	case SVCB_KEY_NO_DEFAULT_ALPN:
-		return -1;  /* wireformat error, should not have a value */
-	case SVCB_KEY_ALPN:
-		r = gldns_wire2str_svcparam_alpn2str(s, slen, data_len, *d);
-		break;
-	case SVCB_KEY_ECH:
-		r = gldns_wire2str_svcparam_ech2str(s, slen, data_len, *d);
-		break;
-	default:
-		r = gldns_str_print(s, slen, "=\"");
-
-		for (i = 0; i < data_len; i++) {
-			ch = (*d)[i];
-
-			if (ch == '"' || ch == '\\')
-				r += gldns_str_print(s, slen, "\\%c", ch);
-
-			else if (!isprint(ch))
-				r += gldns_str_print(s, slen, "\\%03u", (unsigned) ch);
-
-			else
-				r += gldns_str_print(s, slen, "%c", ch);
-
-		}
-		r += gldns_str_print(s, slen, "\"");
-		break;
-	}
-	if (r <= 0)
-		return -1; /* wireformat error */
-	
-	written_chars += r;
-	*d    += data_len;
-	*dlen -= data_len;
-	return written_chars;
-}
-
 int gldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 	int rdftype, uint8_t* pkt, size_t pktlen, int* comprloop)
 {
@@ -1311,8 +1018,6 @@ int gldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 	case GLDNS_RDF_TYPE_AMTRELAY:
 		return gldns_wire2str_amtrelay_scan(d, dlen, s, slen, pkt,
 			pktlen, comprloop);
-	case GLDNS_RDF_TYPE_SVCPARAM:
-		return gldns_wire2str_svcparam_scan(d, dlen, s, slen);
 	case GLDNS_RDF_TYPE_TSIGERROR:
 		return gldns_wire2str_tsigerror_scan(d, dlen, s, slen);
 	}

src/gldns/wire2str.h

@@ -59,7 +59,7 @@ char* gldns_wire2str_pkt(uint8_t* data, size_t len);
 char* gldns_wire2str_rr(uint8_t* rr, size_t len);
 
 /**
- * Convert wire dname to a string.
+ * Conver wire dname to a string.
  * @param dname: the dname in uncompressed wireformat.
  * @param dname_len: length of the dname.
  * @return string or NULL on failure.
@@ -494,18 +494,6 @@ int gldns_wire2str_opcode_buf(int opcode, char* str, size_t len);
 int gldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str,
 	size_t len);
 
-/**
- * Convert wire SVCB to a string with user buffer.
- * @param d: the SVCB data in uncompressed wireformat.
- * @param dlen: length of the SVCB data.
- * @param s: the string to write to.
- * @param slen: length of string.
- * @return the number of characters for this element, excluding zerobyte.
- * 	Is larger or equal than str_len if output was truncated.
- */
-int gldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s,
-	size_t* slen);
-
 /**
  * Scan wireformat rdf field to string, with user buffers.
  * It shifts the arguments to move along (see gldns_wire2str_pkt_scan).

src/gnutls/tls-internal.h

@@ -94,4 +94,10 @@ typedef struct _getdns_tls_x509
 	gnutls_datum_t tls;
 } _getdns_tls_x509;
 
+typedef struct _getdns_tls_hmac
+{
+	gnutls_hmac_hd_t tls;
+	unsigned int md_len;
+} _getdns_tls_hmac;
+
 #endif /* _GETDNS_TLS_INTERNAL_H */

src/gnutls/tls.c

@@ -5,7 +5,7 @@
  */
 
 /*
- * Copyright (c) 2018-2020, NLnet Labs
+ * Copyright (c) 2018-2019, NLnet Labs
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -102,18 +102,7 @@ static int set_connection_ciphers(_getdns_tls_connection* conn)
 	char* pri = NULL;
 	int res;
 
-	pri = getdns_priappend(conn->mfs, pri, "NONE:+COMP-ALL:+SIGN-ALL"
-	    /* Remove all the weak ones */
-	    ":-SIGN-RSA-MD5"
-	    ":-SIGN-RSA-SHA1:-SIGN-RSA-SHA224:-SIGN-RSA-SHA256"
-	    ":-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256"
-#if GNUTLS_VERSION_NUMBER >= 0x030505
-	    ":-SIGN-ECDSA-SHA1:-SIGN-ECDSA-SHA224:-SIGN-ECDSA-SHA256"
-#endif
-#if GNUTLS_VERSION_NUMBER >= 0x030601
-	    ":-SIGN-RSA-PSS-SHA256"
-#endif
-	);
+	pri = getdns_priappend(conn->mfs, pri, "NONE:+COMP-ALL:+SIGN-RSA-SHA384");
 
 	if (conn->cipher_suites)
 		pri = getdns_priappend(conn->mfs, pri, conn->cipher_suites);
@@ -130,11 +119,7 @@ static int set_connection_ciphers(_getdns_tls_connection* conn)
 	else if (conn->ctx->curve_list)
 		pri = getdns_priappend(conn->mfs, pri, conn->ctx->curve_list);
 	else
-#if GNUTLS_VERSION_NUMBER >= 0x030605
-		pri = getdns_priappend(conn->mfs, pri, "+GROUP-EC-ALL");
-#else
 		pri = getdns_priappend(conn->mfs, pri, "+CURVE-ALL");
-#endif
 
 	gnutls_protocol_t min = conn->min_tls;
 	gnutls_protocol_t max = conn->max_tls;
@@ -149,17 +134,19 @@ static int set_connection_ciphers(_getdns_tls_connection* conn)
 		for (gnutls_protocol_t i = min; i <= max; ++i)
 			pri = getdns_priappend(conn->mfs, pri, _getdns_tls_priorities[i]);
 	}
+
 	if (pri) {
 		res = gnutls_priority_set_direct(conn->tls, pri, NULL);
+		if (res != GNUTLS_E_SUCCESS) {
 			_getdns_log(conn->log
-			    , GETDNS_LOG_UPSTREAM_STATS
-			    , (res == GNUTLS_E_SUCCESS ? GETDNS_LOG_DEBUG : GETDNS_LOG_ERR)
+				    , GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR
 				    , "%s: %s %s (%s)\n"
 				    , STUB_DEBUG_SETUP_TLS
-			    , "Configuring TLS connection with "
+				    , "Error configuring TLS connection with "
 				    , pri
 				    , gnutls_strerror(res));
 		}
+	}
 	else
 		res = gnutls_set_default_priority(conn->tls);
 	GETDNS_FREE(*conn->mfs, pri);
@@ -178,16 +165,7 @@ static getdns_return_t error_may_want_read_write(_getdns_tls_connection* conn, i
 			return GETDNS_RETURN_TLS_WANT_READ;
 		else
 			return GETDNS_RETURN_TLS_WANT_WRITE;
-	case GNUTLS_E_FATAL_ALERT_RECEIVED:
-		_getdns_log( conn->log
-		           , GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR
-		           , "%s %s %d (%s)\n"
-		           , STUB_DEBUG_SETUP_TLS
-		           , "Error in TLS handshake"
-		           , (int)gnutls_alert_get(conn->tls)
-			   , gnutls_alert_get_name(gnutls_alert_get(conn->tls))
-			   );
-		/* fallthrough */
+
 	default:
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}
@@ -271,7 +249,7 @@ getdns_return_t _getdns_tls_context_free(struct mem_funcs* mfs, _getdns_tls_cont
 
 void _getdns_tls_context_pinset_init(_getdns_tls_context* ctx)
 {
-	(void) ctx; /* unused parameter */
+	(void) ctx;
 }
 
 getdns_return_t _getdns_tls_context_set_min_max_tls_version(_getdns_tls_context* ctx, getdns_tls_version_t min, getdns_tls_version_t max)
@@ -341,11 +319,6 @@ getdns_return_t _getdns_tls_context_set_ca(_getdns_tls_context* ctx, const char*
 	return GETDNS_RETURN_GOOD;
 }
 
-void _getdns_gnutls_stub_log(int level, const char *msg)
-{
-	DEBUG_STUB("GnuTLS log (%.2d): %s", level, msg);
-}
-
 _getdns_tls_connection* _getdns_tls_connection_new(struct mem_funcs* mfs, _getdns_tls_context* ctx, int fd, const getdns_log_config* log)
 {
 	_getdns_tls_connection* res;
@@ -380,9 +353,7 @@ _getdns_tls_connection* _getdns_tls_connection_new(struct mem_funcs* mfs, _getdn
 			gnutls_certificate_set_x509_trust_dir(res->cred, ctx->ca_trust_path, GNUTLS_X509_FMT_PEM);
 	}
 
-	gnutls_global_set_log_level(99);
-	gnutls_global_set_log_function(_getdns_gnutls_stub_log);
-	if (gnutls_init(&res->tls, GNUTLS_CLIENT | GNUTLS_NONBLOCK | GNUTLS_NO_SIGNAL) != GNUTLS_E_SUCCESS)
+	if (gnutls_init(&res->tls, GNUTLS_CLIENT | GNUTLS_NONBLOCK) != GNUTLS_E_SUCCESS)
 		goto failed;
 	if (set_connection_ciphers(res) != GNUTLS_E_SUCCESS) {
 
@@ -393,12 +364,6 @@ _getdns_tls_connection* _getdns_tls_connection_new(struct mem_funcs* mfs, _getdn
 	if (dane_state_init(&res->dane_state, DANE_F_IGNORE_DNSSEC) != DANE_E_SUCCESS)
 		goto failed;
 
-	gnutls_datum_t proto;
-	proto.data = (unsigned char *)"dot";
-	proto.size = 3;
-	if (gnutls_alpn_set_protocols(res->tls, &proto, 1, 0) != GNUTLS_E_SUCCESS)
-		goto failed;
-
 	gnutls_transport_set_int(res->tls, fd);
 	return res;
 
@@ -744,11 +709,8 @@ failsafe:
 		GETDNS_FREE(*conn->mfs, new_cert_list);
 	}
 
-	if (ret != DANE_E_SUCCESS) {
-		*errnum = ret;
-		*errmsg = dane_strerror(ret);
+	if (ret != DANE_E_SUCCESS)
 		return GETDNS_RETURN_GENERIC_ERROR;
-	}
 
 	if (verify != 0) {
 		if (verify & DANE_VERIFY_CERT_DIFFERS) {
@@ -802,8 +764,6 @@ getdns_return_t _getdns_tls_session_free(struct mem_funcs* mfs, _getdns_tls_sess
 {
 	if (!s)
 		return GETDNS_RETURN_INVALID_PARAMETER;
-	if (s->tls.data)
-		gnutls_free(s->tls.data);
 	GETDNS_FREE(*mfs, s);
 	return GETDNS_RETURN_GOOD;
 }
@@ -875,6 +835,55 @@ unsigned char* _getdns_tls_hmac_hash(struct mem_funcs* mfs, int algorithm, const
 	return res;
 }
 
+_getdns_tls_hmac* _getdns_tls_hmac_new(struct mem_funcs* mfs, int algorithm, const void* key, size_t key_size)
+{
+	gnutls_mac_algorithm_t alg;
+	_getdns_tls_hmac* res;
+
+	if (get_gnu_mac_algorithm(algorithm, &alg) != GETDNS_RETURN_GOOD)
+		return NULL;
+
+	if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_hmac)))
+		return NULL;
+
+	if (gnutls_hmac_init(&res->tls, alg, key, key_size) < 0) {
+		GETDNS_FREE(*mfs, res);
+		return NULL;
+	}
+	res->md_len = gnutls_hmac_get_len(alg);
+	return res;
+}
+
+getdns_return_t _getdns_tls_hmac_add(_getdns_tls_hmac* h, const void* data, size_t data_size)
+{
+	if (!h || !h->tls || !data)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (gnutls_hmac(h->tls, data, data_size) < 0)
+		return GETDNS_RETURN_GENERIC_ERROR;
+	else
+		return GETDNS_RETURN_GOOD;
+}
+
+unsigned char* _getdns_tls_hmac_end(struct mem_funcs* mfs, _getdns_tls_hmac* h, size_t* output_size)
+{
+	unsigned char* res;
+
+	if (!h || !h->tls)
+		return NULL;
+
+	res = (unsigned char*) GETDNS_XMALLOC(*mfs, unsigned char, h->md_len);
+	if (!res)
+		return NULL;
+
+	gnutls_hmac_deinit(h->tls, res);
+	if (output_size)
+		*output_size = h->md_len;
+
+	GETDNS_FREE(*mfs, h);
+	return res;
+}
+
 void _getdns_tls_sha1(const void* data, size_t data_size, unsigned char* buf)
 {
 	gnutls_hash_fast(GNUTLS_DIG_SHA1, data, data_size, buf);

src/libgetdns.symbols

@@ -30,7 +30,6 @@ getdns_context_get_resolution_type
 getdns_context_get_resolvconf
 getdns_context_get_round_robin_upstreams
 getdns_context_get_suffix
-getdns_context_get_tcp_send_timeout
 getdns_context_get_timeout
 getdns_context_get_tls_authentication
 getdns_context_get_tls_backoff_time
@@ -79,7 +78,6 @@ getdns_context_set_resolvconf
 getdns_context_set_return_dnssec_status
 getdns_context_set_round_robin_upstreams
 getdns_context_set_suffix
-getdns_context_set_tcp_send_timeout
 getdns_context_set_timeout
 getdns_context_set_tls_authentication
 getdns_context_set_tls_backoff_time
@@ -100,7 +98,6 @@ getdns_context_set_update_callback
 getdns_context_set_upstream_recursive_servers
 getdns_context_set_use_threads
 getdns_context_unset_edns_maximum_udp_payload_size
-getdns_context_unset_tcp_send_timeout
 getdns_convert_alabel_to_ulabel
 getdns_convert_dns_name_to_fqdn
 getdns_convert_fqdn_to_dns_name

src/openssl/keyraw-internal.c

@@ -21,37 +21,27 @@
 #include <openssl/err.h>
 #include <openssl/md5.h>
 #ifdef HAVE_OPENSSL_CONF_H
-#include <openssl/conf.h>
+# include <openssl/conf.h>
 #endif
 #ifdef HAVE_OPENSSL_ENGINE_H
-#include <openssl/engine.h>
+#  include <openssl/engine.h>
 #endif
 #ifdef HAVE_OPENSSL_BN_H
 #include <openssl/bn.h>
 #endif
-#ifdef HAVE_OPENSSL_PARAM_BUILD_H
-#  include <openssl/param_build.h>
-#else
-#  ifdef HAVE_OPENSSL_RSA_H
-#  include <openssl/rsa.h>
-#  endif
-#  ifdef HAVE_OPENSSL_DSA_H
-#  include <openssl/dsa.h>
-#  endif
+#ifdef HAVE_OPENSSL_RSA_H
+#include <openssl/rsa.h>
 #endif
 #ifdef HAVE_OPENSSL_DSA_H
 #include <openssl/dsa.h>
 #endif
-#ifdef HAVE_OPENSSL_RSA_H
-#include <openssl/rsa.h>
-#endif
 #endif /* HAVE_SSL */
 
 #ifdef HAVE_SSL
 #ifdef USE_GOST
 
 /** store GOST engine reference loaded into OpenSSL library */
-#if defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER > 0x30000000
+#ifdef OPENSSL_NO_ENGINE
 int
 gldns_key_EVP_load_gost_id(void)
 {
@@ -123,71 +113,49 @@ void gldns_key_EVP_unload_gost(void)
 #endif /* ifndef OPENSSL_NO_ENGINE */
 #endif /* USE_GOST */
 
-/* Retrieve params as BIGNUM from raw buffer */
-static int
-gldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p,
-	BIGNUM** q, BIGNUM** g, BIGNUM** y)
+DSA *
+gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
 {
 	uint8_t T;
 	uint16_t length;
 	uint16_t offset;
+	DSA *dsa;
+	BIGNUM *Q; BIGNUM *P;
+	BIGNUM *G; BIGNUM *Y;
 
 	if(len == 0)
-		return 0;
+		return NULL;
 	T = (uint8_t)key[0];
 	length = (64 + T * 8);
 	offset = 1;
 
 	if (T > 8) {
-		return 0;
+		return NULL;
 	}
 	if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length)
-		return 0;
+		return NULL;
 
-	*q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
+	Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
 	offset += SHA_DIGEST_LENGTH;
 
-	*p = BN_bin2bn(key+offset, (int)length, NULL);
+	P = BN_bin2bn(key+offset, (int)length, NULL);
 	offset += length;
 
-	*g = BN_bin2bn(key+offset, (int)length, NULL);
+	G = BN_bin2bn(key+offset, (int)length, NULL);
 	offset += length;
 
-	*y = BN_bin2bn(key+offset, (int)length, NULL);
+	Y = BN_bin2bn(key+offset, (int)length, NULL);
 
-	if(!*q || !*p || !*g || !*y) {
-		BN_free(*q);
-		BN_free(*p);
-		BN_free(*g);
-		BN_free(*y);
-		return 0;
-	}
-	return 1;
-}
-
-#ifndef HAVE_OSSL_PARAM_BLD_NEW
-DSA *
-gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
-{
-	DSA *dsa;
-	BIGNUM *Q=NULL, *P=NULL, *G=NULL, *Y=NULL;
-	if(!gldns_key_dsa_buf_bignum(key, len, &P, &Q, &G, &Y)) {
-		return NULL;
-	}
 	/* create the key and set its properties */
-	if(!(dsa = DSA_new())) {
+	if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
+		BN_free(Q);
+		BN_free(P);
+		BN_free(G);
+		BN_free(Y);
 		return NULL;
 	}
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || \
-        (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x02070000f)
-#ifndef S_SPLINT_S
-	dsa->p = P;
-	dsa->q = Q;
-	dsa->g = G;
-	dsa->pub_key = Y;
-#endif /* splint */
 
-#else /* OPENSSL_VERSION_NUMBER */
+#if defined(HAVE_DSA_SET0_PQG) && defined(HAVE_DSA_SET0_KEY)
 	if (!DSA_set0_pqg(dsa, P, Q, G)) {
 		/* QPG not yet attached, need to free */
 		BN_free(Q);
@@ -204,115 +172,33 @@ gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
 		BN_free(Y);
 		return NULL;
 	}
+#else
+#  ifndef S_SPLINT_S
+	dsa->p = P;
+	dsa->q = Q;
+	dsa->g = G;
+	dsa->pub_key = Y;
+#  endif /* splint */
 #endif
 
 	return dsa;
 }
-#endif /* HAVE_OSSL_PARAM_BLD_NEW */
 
-EVP_PKEY *gldns_key_dsa2pkey_raw(unsigned char* key, size_t len)
-{
-#ifdef HAVE_OSSL_PARAM_BLD_NEW
-	EVP_PKEY* evp_key = NULL;
-	EVP_PKEY_CTX* ctx;
-	BIGNUM *p=NULL, *q=NULL, *g=NULL, *y=NULL;
-	OSSL_PARAM_BLD* param_bld;
-	OSSL_PARAM* params = NULL;
-	if(!gldns_key_dsa_buf_bignum(key, len, &p, &q, &g, &y)) {
-		return NULL;
-	}
-
-	param_bld = OSSL_PARAM_BLD_new();
-	if(!param_bld) {
-		BN_free(p);
-		BN_free(q);
-		BN_free(g);
-		BN_free(y);
-		return NULL;
-	}
-	if(!OSSL_PARAM_BLD_push_BN(param_bld, "p", p) ||
-	   !OSSL_PARAM_BLD_push_BN(param_bld, "g", g) ||
-	   !OSSL_PARAM_BLD_push_BN(param_bld, "q", q) ||
-	   !OSSL_PARAM_BLD_push_BN(param_bld, "pub", y)) {
-		OSSL_PARAM_BLD_free(param_bld);
-		BN_free(p);
-		BN_free(q);
-		BN_free(g);
-		BN_free(y);
-		return NULL;
-	}
-	params = OSSL_PARAM_BLD_to_param(param_bld);
-	OSSL_PARAM_BLD_free(param_bld);
-
-	ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
-	if(!ctx) {
-		OSSL_PARAM_free(params);
-		BN_free(p);
-		BN_free(q);
-		BN_free(g);
-		BN_free(y);
-		return NULL;
-	}
-	if(EVP_PKEY_fromdata_init(ctx) <= 0) {
-		EVP_PKEY_CTX_free(ctx);
-		OSSL_PARAM_free(params);
-		BN_free(p);
-		BN_free(q);
-		BN_free(g);
-		BN_free(y);
-		return NULL;
-	}
-	if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
-		EVP_PKEY_CTX_free(ctx);
-		OSSL_PARAM_free(params);
-		BN_free(p);
-		BN_free(q);
-		BN_free(g);
-		BN_free(y);
-		return NULL;
-	}
-
-	EVP_PKEY_CTX_free(ctx);
-	OSSL_PARAM_free(params);
-	BN_free(p);
-	BN_free(q);
-	BN_free(g);
-	BN_free(y);
-	return evp_key;
-#else
-	DSA* dsa;
-	EVP_PKEY* evp_key = EVP_PKEY_new();
-	if(!evp_key) {
-		return NULL;
-	}
-	dsa = gldns_key_buf2dsa_raw(key, len);
-	if(!dsa) {
-		EVP_PKEY_free(evp_key);
-		return NULL;
-	}
-	if(EVP_PKEY_assign_DSA(evp_key, dsa) == 0) {
-		DSA_free(dsa);
-		EVP_PKEY_free(evp_key);
-		return NULL;
-	}
-	return evp_key;
-#endif
-}
-
-/* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */
-static int
-gldns_key_rsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** n,
-	BIGNUM** e)
+RSA *
+gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
 {
 	uint16_t offset;
 	uint16_t exp;
 	uint16_t int16;
+	RSA *rsa;
+	BIGNUM *modulus;
+	BIGNUM *exponent;
 
 	if (len == 0)
-		return 0;
+		return NULL;
 	if (key[0] == 0) {
 		if(len < 3)
-			return 0;
+			return NULL;
 		memmove(&int16, key+1, 2);
 		exp = ntohs(int16);
 		offset = 3;
@@ -323,140 +209,46 @@ gldns_key_rsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** n,
 
 	/* key length at least one */
 	if(len < (size_t)offset + exp + 1)
-		return 0;
+		return NULL;
 
 	/* Exponent */
-	*e = BN_new();
-	if(!*e) return 0;
-	(void) BN_bin2bn(key+offset, (int)exp, *e);
+	exponent = BN_new();
+	if(!exponent) return NULL;
+	(void) BN_bin2bn(key+offset, (int)exp, exponent);
 	offset += exp;
 
 	/* Modulus */
-	*n = BN_new();
-	if(!*n) {
-		BN_free(*e);
-		return 0;
+	modulus = BN_new();
+	if(!modulus) {
+		BN_free(exponent);
+		return NULL;
 	}
 	/* length of the buffer must match the key length! */
-	(void) BN_bin2bn(key+offset, (int)(len - offset), *n);
-	return 1;
-}
+	(void) BN_bin2bn(key+offset, (int)(len - offset), modulus);
 
-#ifndef HAVE_OSSL_PARAM_BLD_NEW
-RSA *
-gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
-{
-	BIGNUM* modulus = NULL;
-	BIGNUM* exponent = NULL;
-	RSA *rsa;
-	if(!gldns_key_rsa_buf_bignum(key, len, &modulus, &exponent))
-		return NULL;
 	rsa = RSA_new();
 	if(!rsa) {
 		BN_free(exponent);
 		BN_free(modulus);
 		return NULL;
 	}
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || \
-        (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x02070000f)
-#ifndef S_SPLINT_S
-	rsa->n = modulus;
-	rsa->e = exponent;
-#endif /* splint */
 
-#else /* OPENSSL_VERSION_NUMBER */
+#if defined(HAVE_RSA_SET0_KEY)	
 	if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
 		BN_free(exponent);
 		BN_free(modulus);
 		RSA_free(rsa);
 		return NULL;
 	}
+#else	
+#  ifndef S_SPLINT_S
+	rsa->n = modulus;
+	rsa->e = exponent;
+#  endif /* splint */
 #endif
 
 	return rsa;
 }
-#endif /* HAVE_OSSL_PARAM_BLD_NEW */
-
-EVP_PKEY* gldns_key_rsa2pkey_raw(unsigned char* key, size_t len)
-{
-#ifdef HAVE_OSSL_PARAM_BLD_NEW
-	EVP_PKEY* evp_key = NULL;
-	EVP_PKEY_CTX* ctx;
-	BIGNUM *n=NULL, *e=NULL;
-	OSSL_PARAM_BLD* param_bld;
-	OSSL_PARAM* params = NULL;
-
-	if(!gldns_key_rsa_buf_bignum(key, len, &n, &e)) {
-		return NULL;
-	}
-
-	param_bld = OSSL_PARAM_BLD_new();
-	if(!param_bld) {
-		BN_free(n);
-		BN_free(e);
-		return NULL;
-	}
-	if(!OSSL_PARAM_BLD_push_BN(param_bld, "n", n)) {
-		OSSL_PARAM_BLD_free(param_bld);
-		BN_free(n);
-		BN_free(e);
-		return NULL;
-	}
-	if(!OSSL_PARAM_BLD_push_BN(param_bld, "e", e)) {
-		OSSL_PARAM_BLD_free(param_bld);
-		BN_free(n);
-		BN_free(e);
-		return NULL;
-	}
-	params = OSSL_PARAM_BLD_to_param(param_bld);
-	OSSL_PARAM_BLD_free(param_bld);
-
-	ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
-	if(!ctx) {
-		OSSL_PARAM_free(params);
-		BN_free(n);
-		BN_free(e);
-		return NULL;
-	}
-	if(EVP_PKEY_fromdata_init(ctx) <= 0) {
-		EVP_PKEY_CTX_free(ctx);
-		OSSL_PARAM_free(params);
-		BN_free(n);
-		BN_free(e);
-		return NULL;
-	}
-	if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
-		EVP_PKEY_CTX_free(ctx);
-		OSSL_PARAM_free(params);
-		BN_free(n);
-		BN_free(e);
-		return NULL;
-	}
-
-	EVP_PKEY_CTX_free(ctx);
-	OSSL_PARAM_free(params);
-	BN_free(n);
-	BN_free(e);
-	return evp_key;
-#else
-	RSA* rsa;
-	EVP_PKEY *evp_key = EVP_PKEY_new();
-	if(!evp_key) {
-		return NULL;
-	}
-	rsa = gldns_key_buf2rsa_raw(key, len);
-	if(!rsa) {
-		EVP_PKEY_free(evp_key);
-		return NULL;
-	}
-	if(EVP_PKEY_assign_RSA(evp_key, rsa) == 0) {
-		RSA_free(rsa);
-		EVP_PKEY_free(evp_key);
-		return NULL;
-	}
-	return evp_key;
-#endif
-}
 
 #ifdef USE_GOST
 EVP_PKEY*
@@ -487,62 +279,6 @@ gldns_gost2pkey_raw(unsigned char* key, size_t keylen)
 EVP_PKEY*
 gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
 {
-#ifdef HAVE_OSSL_PARAM_BLD_NEW
-	unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
-	EVP_PKEY *evp_key = NULL;
-	EVP_PKEY_CTX* ctx;
-	OSSL_PARAM_BLD* param_bld;
-	OSSL_PARAM* params = NULL;
-	char* group = NULL;
-
-	/* check length, which uncompressed must be 2 bignums */
-	if(algo == GLDNS_ECDSAP256SHA256) {
-		if(keylen != 2*256/8) return NULL;
-		group = "prime256v1";
-	} else if(algo == GLDNS_ECDSAP384SHA384) {
-		if(keylen != 2*384/8) return NULL;
-		group = "P-384";
-	} else {
-		return NULL;
-	}
-	if(keylen+1 > sizeof(buf)) { /* sanity check */
-		return NULL;
-	}
-	/* prepend the 0x04 for uncompressed format */
-	buf[0] = POINT_CONVERSION_UNCOMPRESSED;
-	memmove(buf+1, key, keylen);
-
-	param_bld = OSSL_PARAM_BLD_new();
-	if(!param_bld) {
-		return NULL;
-	}
-	if(!OSSL_PARAM_BLD_push_utf8_string(param_bld, "group", group, 0) ||
-	   !OSSL_PARAM_BLD_push_octet_string(param_bld, "pub", buf, keylen+1)) {
-		OSSL_PARAM_BLD_free(param_bld);
-		return NULL;
-	}
-	params = OSSL_PARAM_BLD_to_param(param_bld);
-	OSSL_PARAM_BLD_free(param_bld);
-
-	ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
-	if(!ctx) {
-		OSSL_PARAM_free(params);
-		return NULL;
-	}
-	if(EVP_PKEY_fromdata_init(ctx) <= 0) {
-		EVP_PKEY_CTX_free(ctx);
-		OSSL_PARAM_free(params);
-		return NULL;
-	}
-	if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
-		EVP_PKEY_CTX_free(ctx);
-		OSSL_PARAM_free(params);
-		return NULL;
-	}
-	EVP_PKEY_CTX_free(ctx);
-	OSSL_PARAM_free(params);
-	return evp_key;
-#else
 	unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
         const unsigned char* pp = buf;
         EVP_PKEY *evp_key;
@@ -579,7 +315,6 @@ gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
 		return NULL;
 	}
         return evp_key;
-#endif /* HAVE_OSSL_PARAM_BLD_NEW */
 }
 #endif /* USE_ECDSA */
 

src/openssl/keyraw-internal.h

@@ -37,7 +37,6 @@ int gldns_key_EVP_load_gost_id(void);
 /** Release the engine reference held for the GOST engine. */
 void gldns_key_EVP_unload_gost(void);
 
-#ifndef HAVE_OSSL_PARAM_BLD_NEW
 /**
  * Like gldns_key_buf2dsa, but uses raw buffer.
  * \param[in] key the uncompressed wireformat of the key.
@@ -45,15 +44,6 @@ void gldns_key_EVP_unload_gost(void);
  * \return a DSA * structure with the key material
  */
 DSA *gldns_key_buf2dsa_raw(unsigned char* key, size_t len);
-#endif
-
-/**
- * Converts a holding buffer with DSA key material to EVP PKEY in openssl.
- * \param[in] key the uncompressed wireformat of the key.
- * \param[in] len length of key data
- * \return the key or NULL on error.
- */
-EVP_PKEY *gldns_key_dsa2pkey_raw(unsigned char* key, size_t len);
 
 /**
  * Converts a holding buffer with key material to EVP PKEY in openssl.
@@ -74,7 +64,6 @@ EVP_PKEY* gldns_gost2pkey_raw(unsigned char* key, size_t keylen);
  */
 EVP_PKEY* gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
 
-#ifndef HAVE_OSSL_PARAM_BLD_NEW
 /**
  * Like gldns_key_buf2rsa, but uses raw buffer.
  * \param[in] key the uncompressed wireformat of the key.
@@ -82,15 +71,6 @@ EVP_PKEY* gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
  * \return a RSA * structure with the key material
  */
 RSA *gldns_key_buf2rsa_raw(unsigned char* key, size_t len);
-#endif
-
-/**
- * Converts a holding buffer with RSA key material to EVP PKEY in openssl.
- * \param[in] key the uncompressed wireformat of the key.
- * \param[in] len length of key data
- * \return the key or NULL on error.
- */
-EVP_PKEY* gldns_key_rsa2pkey_raw(unsigned char* key, size_t len);
 
 /**
  * Converts a holding buffer with key material to EVP PKEY in openssl.

src/openssl/tls-internal.h

@@ -81,4 +81,12 @@ typedef struct _getdns_tls_x509
 	X509* ssl;
 } _getdns_tls_x509;
 
+typedef struct _getdns_tls_hmac
+{
+	HMAC_CTX *ctx;
+#ifndef HAVE_HMAC_CTX_NEW
+	HMAC_CTX ctx_space;
+#endif
+} _getdns_tls_hmac;
+
 #endif /* _GETDNS_TLS_INTERNAL_H */

src/openssl/tls.c

@@ -48,21 +48,19 @@
 #include "context.h"
 #include "const-info.h"
 
-#if defined(USE_DANESSL) || defined(LIBRESSL_VERSION_NUMBER)
+#ifdef USE_DANESSL
 # include "ssl_dane/danessl.h"
 #endif
 
 #include "tls.h"
 
 /* Double check configure has worked as expected. */
-#ifndef LIBRESSL_VERSION_NUMBER
 #if defined(USE_DANESSL) && \
 	(defined(HAVE_SSL_DANE_ENABLE) || \
 	 defined(HAVE_OPENSSL_INIT_CRYPTO) || \
 	 defined(HAVE_SSL_CTX_DANE_ENABLE))
 #error Configure error USE_DANESSL defined with OpenSSL 1.1 functions!
 #endif
-#endif
 
 /* Cipher suites recommended in RFC7525. */
 static char const * const _getdns_tls_context_default_cipher_list =
@@ -97,8 +95,8 @@ static int _getdns_tls_verify_always_ok(int ok, X509_STORE_CTX *ctx)
 		strcpy(buf, "<unknown>");
 	DEBUG_STUB("DEBUG Cert verify: depth=%d verify=%d err=%d subject=%s errorstr=%s\n", depth, ok, err, buf, X509_verify_cert_error_string(err));
 # else /* defined(STUB_DEBUG) && STUB_DEBUG */
-	(void)ok; /* unused parameter */
-	(void)ctx; /* unused parameter */
+	(void)ok;
+	(void)ctx;
 # endif /* #else defined(STUB_DEBUG) && STUB_DEBUG */
 	return 1;
 }
@@ -320,10 +318,6 @@ void _getdns_tls_init()
 #endif
 }
 
-#define DOT_PROTO_ALPN_ID     "dot"
-#define DOT_PROTO_ALPN	   "\x3" DOT_PROTO_ALPN_ID
-#define DOT_PROTO_ALPN_LEN (sizeof(DOT_PROTO_ALPN) - 1)
-
 _getdns_tls_context* _getdns_tls_context_new(struct mem_funcs* mfs, const getdns_log_config* log)
 {
 	_getdns_tls_context* res;
@@ -352,8 +346,6 @@ _getdns_tls_context* _getdns_tls_context_new(struct mem_funcs* mfs, const getdns
 		GETDNS_FREE(*mfs, res);
 		return NULL;
 	}
-	SSL_CTX_set_alpn_protos(res->ssl, (const uint8_t *)DOT_PROTO_ALPN,
-				DOT_PROTO_ALPN_LEN);
 	return res;
 }
 
@@ -433,7 +425,7 @@ getdns_return_t _getdns_tls_context_set_min_max_tls_version(_getdns_tls_context*
 	 * We've used TLSv1_2_client_method() creating the context, so
 	 * error if they asked for anything other than TLS 1.2 or better.
 	 */
-	(void) ctx; /* unused parameter */
+	(void) ctx;
 	if ((!min || min == GETDNS_TLS1_2) && !max)
 		return GETDNS_RETURN_GOOD;
 
@@ -701,7 +693,7 @@ getdns_return_t _getdns_tls_connection_set_min_max_tls_version(_getdns_tls_conne
 	 * We've used TLSv1_2_client_method() creating the context, so
 	 * error if they asked for anything other than TLS 1.2 or better.
 	 */
-	(void) conn; /* unused parameter */
+	(void) conn;
 	if ((!min || min == GETDNS_TLS1_2) && !max)
 		return GETDNS_RETURN_GOOD;
 
@@ -920,7 +912,7 @@ getdns_return_t _getdns_tls_connection_set_host_pinset(_getdns_tls_connection* c
 
 #if defined(HAVE_SSL_DANE_ENABLE)
 	int osr = SSL_dane_enable(conn->ssl, *auth_name ? auth_name : NULL);
-	(void) osr; /* unused parameter */
+	(void) osr;
 	DEBUG_STUB("%s %-35s: DEBUG: SSL_dane_enable(\"%s\") -> %d\n"
 	          , STUB_DEBUG_SETUP_TLS, __FUNC__, auth_name, osr);
 	SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, _getdns_tls_verify_always_ok);
@@ -946,7 +938,7 @@ getdns_return_t _getdns_tls_connection_set_host_pinset(_getdns_tls_connection* c
 		int osr = DANESSL_init(conn->ssl,
 				       *auth_name ? auth_name : NULL,
 				       *auth_name ? auth_names : NULL);
-		(void) osr; /* unused parameter */
+		(void) osr;
 		DEBUG_STUB("%s %-35s: DEBUG: DANESSL_init(\"%s\") -> %d\n"
 			  , STUB_DEBUG_SETUP_TLS, __FUNC__, auth_name, osr);
 		SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, _getdns_tls_verify_always_ok);
@@ -1197,6 +1189,70 @@ unsigned char* _getdns_tls_hmac_hash(struct mem_funcs* mfs, int algorithm, const
 	return res;
 }
 
+_getdns_tls_hmac* _getdns_tls_hmac_new(struct mem_funcs* mfs, int algorithm, const void* key, size_t key_size)
+{
+	const EVP_MD *digester = get_digester(algorithm);
+	_getdns_tls_hmac* res;
+
+	if (!digester)
+		return NULL;
+
+	if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_hmac)))
+		return NULL;
+
+#ifdef HAVE_HMAC_CTX_NEW
+	res->ctx = HMAC_CTX_new();
+	if (!res->ctx) {
+		GETDNS_FREE(*mfs, res);
+		return NULL;
+	}
+#else
+	res->ctx = &res->ctx_space;
+	HMAC_CTX_init(res->ctx);
+#endif
+	if (!HMAC_Init_ex(res->ctx, key, key_size, digester, NULL)) {
+#ifdef HAVE_HMAC_CTX_NEW
+		HMAC_CTX_free(res->ctx);
+#endif
+		GETDNS_FREE(*mfs, res);
+		return NULL;
+	}
+
+	return res;
+}
+
+getdns_return_t _getdns_tls_hmac_add(_getdns_tls_hmac* h, const void* data, size_t data_size)
+{
+	if (!h || !h->ctx || !data)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (!HMAC_Update(h->ctx, data, data_size))
+		return GETDNS_RETURN_GENERIC_ERROR;
+	else
+		return GETDNS_RETURN_GOOD;
+}
+
+unsigned char* _getdns_tls_hmac_end(struct mem_funcs* mfs, _getdns_tls_hmac* h, size_t* output_size)
+{
+	unsigned char* res;
+	unsigned int md_len;
+
+	res = (unsigned char*) GETDNS_XMALLOC(*mfs, unsigned char, GETDNS_TLS_MAX_DIGEST_LENGTH);
+	if (!res)
+		return NULL;
+
+	(void) HMAC_Final(h->ctx, res, &md_len);
+
+#ifdef HAVE_HMAC_CTX_NEW
+	HMAC_CTX_free(h->ctx);
+#endif
+	GETDNS_FREE(*mfs, h);
+
+	if (output_size)
+		*output_size = md_len;
+	return res;
+}
+
 void _getdns_tls_sha1(const void* data, size_t data_size, unsigned char* buf)
 {
 	SHA1(data, data_size, buf);

src/platform.c

@@ -166,11 +166,6 @@ const char *_getdns_strerror(DWORD errnum)
 	}
 }
 
-const char *_getdns_filestrerror(int errnum)
-{
-	return strerror(errnum);
-}
-
 #else
 
 void _getdns_perror(const char *str)

src/platform.h

@@ -60,7 +60,6 @@ typedef u_short sa_family_t;
 #define _getdns_socketerror() (WSAGetLastError())
 
 const char *_getdns_strerror(DWORD errnum);
-const char *_getdns_filestrerror(int errnum);
 #else /* USE_WINSOCK */
 
 #ifndef HAVE_SYS_POLL_H
@@ -133,13 +132,10 @@ const char *_getdns_filestrerror(int errnum);
 #define _getdns_socketerror() (errno)
 
 const char *_getdns_strerror(int errnum);
-#define _getdns_filestrerror(errnum) (_getdns_strerror(errnum))
 #endif
 
 void _getdns_perror(const char *str);
 
-#define _getdns_fileerror() (errno)
-#define _getdns_fileerrnostr() (_getdns_filestrerror(_getdns_fileerror()))
 #define _getdns_errnostr() (_getdns_strerror(_getdns_socketerror()))
 #define _getdns_error_wants_retry(X) (  (X) != 0 \
                                      && (  (X) == _getdns_EINTR \

src/request-internal.c

@@ -147,7 +147,6 @@ netreq_reset(getdns_network_req *net_req)
 	net_req->dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
 	net_req->tsig_status = GETDNS_DNSSEC_INDETERMINATE;
 	net_req->response_len = 0;
-	net_req->response_opt = NULL;
 	/* Some fields to record info for return_call_reporting */
 	net_req->debug_start_time = 0;
 	net_req->debug_end_time = 0;
@@ -209,9 +208,6 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
 	net_req->transport_current = 0;
 	memset(&net_req->event, 0, sizeof(net_req->event));
 	net_req->keepalive_sent = 0;
-	net_req->badcookie_retry = 0;
-	net_req->cookie_sent = 0;
-	memset(&net_req->client_cookie, 0, sizeof(net_req->client_cookie));
 	net_req->write_queue_tail = NULL;
 	/* Some fields to record info for return_call_reporting */
 	net_req->debug_tls_auth_status = GETDNS_AUTH_NONE;
@@ -312,7 +308,6 @@ _getdns_network_req_clear_upstream_options(getdns_network_req * req)
 	  req->response = req->opt + 11 + req->base_query_option_sz;
 	  pktlen = req->response - req->query;
 	  gldns_write_uint16(req->query - 2, (uint16_t) pktlen);
-	  req->response_opt = NULL;
   }
 }
 
@@ -322,9 +317,6 @@ _getdns_netreq_reinit(getdns_network_req *netreq)
 	uint8_t *base_opt_backup;
 	size_t base_opt_rr_sz;
 
-	if (netreq->response && (netreq->response < netreq->wire_data ||
-	    netreq->response > netreq->wire_data+ netreq->wire_data_sz))
-		GETDNS_NULL_FREE(netreq->owner->my_mf, netreq->response);
 	if (!netreq->query) {
 		(void) netreq_reset(netreq);
 		return;
@@ -484,7 +476,7 @@ void
 _getdns_network_validate_tsig(getdns_network_req *req)
 {
 #if defined(HAVE_NSS) || defined(HAVE_NETTLE)
-	(void)req; /* unused parameter */
+	(void)req;
 #else
 	_getdns_rr_iter  rr_spc, *rr;
 	_getdns_rdf_iter rdf_spc, *rdf;
@@ -500,9 +492,7 @@ _getdns_network_validate_tsig(getdns_network_req *req)
 	unsigned char  *result_mac;
 	size_t result_mac_len;
 	uint16_t original_id;
-	size_t data_size;
-	uint8_t *data;
-
+	_getdns_tls_hmac *hmac;
 
 	DEBUG_STUB("%s %-35s: Validate TSIG\n", STUB_DEBUG_TSIG, __FUNC__);
 	for ( rr = _getdns_rr_iter_init(&rr_spc, req->query,
@@ -609,33 +599,19 @@ _getdns_network_validate_tsig(getdns_network_req *req)
 	    gldns_read_uint16(req->response + 10) - 1);
 	gldns_write_uint16(req->response, original_id);
 
-	data_size = request_mac_len + 2
-	          + (size_t)(rr->pos - req->response) 
-	          + gldns_buffer_position(&gbuf);
-	data = GETDNS_XMALLOC(req->owner->my_mf, uint8_t, data_size);
-	if (!data) {
-		DEBUG_STUB("%s %-35s: Error allocating %d bytes\n",
-			   STUB_DEBUG_TSIG, __FUNC__, (int)(data_size));
+	hmac = _getdns_tls_hmac_new(&req->owner->my_mf, req->upstream->tsig_alg, req->upstream->tsig_key, req->upstream->tsig_size);
+	if (!hmac)
 		return;
-	}
-	memcpy(data , request_mac - 2 , request_mac_len + 2);
-	memcpy(data + request_mac_len + 2, req->response, rr->pos - req->response);
-	memcpy(data + request_mac_len + 2 + (size_t)(rr->pos - req->response)
-	                                 , tsig_vars, gldns_buffer_position(&gbuf));
 
-	result_mac = _getdns_tls_hmac_hash(&req->owner->my_mf
-	                                  , req->upstream->tsig_alg
-					  , req->upstream->tsig_key
-					  , req->upstream->tsig_size
-					  , data, data_size , &result_mac_len);
-	GETDNS_FREE(req->owner->my_mf, data);
-	if (!result_mac) {
-		DEBUG_STUB("%s %-35s: Error calculating TSIG digest\n",
-			   STUB_DEBUG_TSIG, __FUNC__);
+	_getdns_tls_hmac_add(hmac, request_mac - 2, request_mac_len + 2);
+	_getdns_tls_hmac_add(hmac, req->response, rr->pos - req->response);
+	_getdns_tls_hmac_add(hmac, tsig_vars, gldns_buffer_position(&gbuf));
+	result_mac = _getdns_tls_hmac_end(&req->owner->my_mf, hmac, &result_mac_len);
+	if (!result_mac)
 		return;
-	}
-	DEBUG_STUB("%s %-35s: Result MAC length: %d for %d bytes of data\n",
-	           STUB_DEBUG_TSIG, __FUNC__, (int)(result_mac_len), (int)data_size);
+
+	DEBUG_STUB("%s %-35s: Result MAC length: %d\n",
+	           STUB_DEBUG_TSIG, __FUNC__, (int)(result_mac_len));
 	if (result_mac_len == response_mac_len &&
 	    memcmp(result_mac, response_mac, result_mac_len) == 0)
 		req->tsig_status = GETDNS_DNSSEC_SECURE;

src/rr-dict.c

@@ -47,7 +47,7 @@
 static const uint8_t *
 apl_n_rdf_end(const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
-	(void)pkt; /* unused parameter */
+	(void)pkt;
 	return rdf < pkt_end ? rdf + 1 : NULL;
 }
 static getdns_return_t
@@ -91,7 +91,7 @@ apl_afdpart_rdf_end(
     const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
 	const uint8_t *end = rdf + (rdf[-1] & 0x7F);
-	(void)pkt; /* unused parameter */
+	(void)(pkt);
 	return end <= pkt_end ? end : NULL;
 }
 static getdns_return_t
@@ -217,7 +217,6 @@ ipseckey_gateway_2wire(
 {
 	assert(rdf - 2 >= rdata && rdf[-2] > 0);
 
-	(void)rdata; /* unused parameter */
 	switch (rdf[-2]) {
 	case 1: if (!value || value->size != 4)
 			return GETDNS_RETURN_INVALID_PARAMETER;
@@ -281,7 +280,7 @@ static const uint8_t *
 hip_pk_algorithm_rdf_end(
     const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
-	(void)pkt; /* unused parameter */
+	(void)(pkt);
 	return rdf + 4 > pkt_end ? NULL
 	     : rdf + 4 + *rdf + gldns_read_uint16(rdf + 2) > pkt_end ? NULL
 	     : rdf + 1;
@@ -327,7 +326,7 @@ static _getdns_rdf_special hip_pk_algorithm = {
 static const uint8_t *
 hip_hit_rdf_end(const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
-	(void)pkt; /* unused parameter */
+	(void)(pkt);
 	return rdf + 3 > pkt_end ? NULL
 	     : rdf + 3 + rdf[-1] + gldns_read_uint16(rdf + 1) > pkt_end ? NULL
 	     : rdf + 1;
@@ -381,7 +380,7 @@ static const uint8_t *
 hip_public_key_rdf_end(
     const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
-	(void)pkt; /* unused parameter */
+	(void)(pkt);
 	return rdf + 2 > pkt_end ? NULL
 	     : rdf + 2 + rdf[-2] + gldns_read_uint16(rdf) > pkt_end ? NULL
 	     : rdf + 2 + rdf[-2] + gldns_read_uint16(rdf);
@@ -435,7 +434,7 @@ static _getdns_rdf_special hip_public_key = {
 static const uint8_t *
 amtrelay_D_rdf_end(const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
-	(void)pkt; /* unused parameter */
+	(void)pkt;
 	return rdf < pkt_end ? rdf + 1 : NULL;
 }
 static getdns_return_t
@@ -472,8 +471,7 @@ static const uint8_t *
 amtrelay_rtype_rdf_end(
     const uint8_t *pkt, const uint8_t *pkt_end, const uint8_t *rdf)
 {
-	(void)pkt; /* unused parameter */
-	(void)pkt_end; /* unused parameter */
+	(void)pkt; (void)pkt_end;
 	return rdf;
 }
 static getdns_return_t
@@ -583,7 +581,6 @@ amtrelay_relay_2wire(
 {
 	assert(rdf - 1 >= rdata && (rdf[-1] & 0x7F) > 0);
 
-	(void)rdata; /* unused parameter */
 	switch (rdf[-1] & 0x7F) {
 	case 1: if (!value || value->size != 4)
 			return GETDNS_RETURN_INVALID_PARAMETER;
@@ -1296,39 +1293,8 @@ write_rdata_field(gldns_buffer *buf, uint8_t *rdata_start,
 	return r != GETDNS_RETURN_NO_SUCH_LIST_ITEM ? r : GETDNS_RETURN_GOOD;
 }
 
-void
-_getdns_rr_buffer_write_cached_name(gldns_buffer *buf, getdns_bindata *name, name_cache_t *name_cache)
-{
-	size_t name_size = name->size;
-	uint8_t *name_data = name->data;
-	if((NULL != name_cache) && (name_size > 2)) {
-		unsigned count = name_cache->count;
-		name_cache_entry_t *entry_ptr = &name_cache->entry[(count < NAME_CACHE_ENTRIES)?count:NAME_CACHE_ENTRIES];
-		name_cache_entry_t *table_start = &name_cache->entry[0];
-		/* Search backward if name is already in cache */
-		while(entry_ptr-- > table_start) {
-			if((entry_ptr->name->size == name_size) &&
-			   !memcmp(entry_ptr->name->data, name_data, name_size)) {
-				gldns_buffer_write_u16(buf, (uint16_t)(0xc000 | entry_ptr->name_offset));
-				return;
-			}
-		}
-		unsigned name_offset = gldns_buffer_position(buf);
-		if (name_offset < 0x4000) {
-			/* Cache name */
-			entry_ptr = &name_cache->entry[count % NAME_CACHE_ENTRIES];
-			entry_ptr->name = name;
-			entry_ptr->name_offset = name_offset;
-			name_cache->count = count + 1;
-		}
-	}
-	gldns_buffer_write(buf, name_data, name_size);
-	return;
-}
-
 getdns_return_t
-_getdns_rr_dict2wire_cache(const getdns_dict *rr_dict, gldns_buffer *buf,
-		     name_cache_t *name_cache)
+_getdns_rr_dict2wire(const getdns_dict *rr_dict, gldns_buffer *buf)
 {
 	getdns_return_t r = GETDNS_RETURN_GOOD;
 	getdns_bindata root = { 1, (void *)"" };
@@ -1359,7 +1325,7 @@ _getdns_rr_dict2wire_cache(const getdns_dict *rr_dict, gldns_buffer *buf,
 		} else
 			return r;
 	}
-	_getdns_rr_buffer_write_cached_name(buf, name, name_cache);
+	gldns_buffer_write(buf, name->data, name->size);
 	gldns_buffer_write_u16(buf, (uint16_t)rr_type);
 
 	(void) getdns_dict_get_int(rr_dict, "class", &rr_class);
@@ -1412,14 +1378,6 @@ _getdns_rr_dict2wire_cache(const getdns_dict *rr_dict, gldns_buffer *buf,
 		gldns_buffer_skip(buf, 2);
 		rdata_start = gldns_buffer_current(buf);
 
-		/* Special case CNAME payload */
-		if((rr_type == GETDNS_RRTYPE_CNAME) && (n_rdata_fields == 1) &&
-		   (rd_def->type & GETDNS_RDF_BINDATA) && !(rd_def->type & GETDNS_RDF_REPEAT) &&
-		   (GETDNS_RETURN_GOOD == (r = getdns_dict_get_bindata(rdata, rd_def->name, &rdata_raw)))) {
-
-			_getdns_rr_buffer_write_cached_name(buf, rdata_raw, name_cache);
-		} else {
-
 		for ( rd_def = rr_def->rdata
 		    , n_rdata_fields = rr_def->n_rdata_fields
 		    ; n_rdata_fields ; n_rdata_fields-- , rd_def++ ) {
@@ -1457,7 +1415,6 @@ _getdns_rr_dict2wire_cache(const getdns_dict *rr_dict, gldns_buffer *buf,
 					break;
 			}
 		}
-		}
 		gldns_buffer_write_u16_at(buf, rdata_size_mark,
 		    (uint16_t)(gldns_buffer_position(buf)-rdata_size_mark-2));
 	}

src/rr-dict.h

@@ -143,25 +143,8 @@ typedef struct _getdns_rr_def {
 
 const _getdns_rr_def *_getdns_rr_def_lookup(uint16_t rr_type);
 
-#define NAME_CACHE_ENTRIES 4
-
-typedef struct __name_cache_entry {
-	getdns_bindata *name;
-	unsigned name_offset;
-} name_cache_entry_t;
-
-typedef struct __name_cache {
-	unsigned count;
-	name_cache_entry_t entry[NAME_CACHE_ENTRIES];
-} name_cache_t;
-
-void _getdns_rr_buffer_write_cached_name(
-    gldns_buffer *buf, getdns_bindata *name, name_cache_t *name_cache);
-
-getdns_return_t _getdns_rr_dict2wire_cache(
-    const getdns_dict *rr_dict, gldns_buffer *buf, name_cache_t *name_cache);
-
-#define _getdns_rr_dict2wire(d, b)  _getdns_rr_dict2wire_cache((d),(b), NULL)
+getdns_return_t _getdns_rr_dict2wire(
+    const getdns_dict *rr_dict, gldns_buffer *buf);
 
 const char *_getdns_rr_type_name(int rr_type);
 

src/server.c

@@ -102,8 +102,6 @@ struct connection {
 	struct sockaddr_storage remote_in;
 	socklen_t               addrlen;
 
-	size_t                  max_udp_size;
-
 	connection             *next;
 	connection            **prev_next;
 };
@@ -328,17 +326,6 @@ getdns_reply(getdns_context *context,
 	else if (conn->l->transport == GETDNS_TRANSPORT_UDP) {
 		listener *l = conn->l;
 
-		if (len > conn->max_udp_size) {
-			_getdns_rr_iter qi_spc, *qi;
-
-			(void)memset(buf + 6, 0, 6);
-			GLDNS_TC_SET(buf);
-			if ((qi = _getdns_rr_iter_init(&qi_spc, buf, len))) {
-				DEBUG_SERVER("Truncating reply to: %d\n",
-					(int)(qi->nxt - buf));
-				len = qi->nxt - buf;
-			}
-		}
 		if (conn->l->fd >= 0 && sendto(conn->l->fd, (void *)buf, len, 0,
 		    (struct sockaddr *)&conn->remote_in, conn->addrlen) == -1) {
 			/* TODO: handle _getdns_socketerror_wants_retry() */
@@ -558,7 +545,6 @@ static void tcp_accept_cb(void *userarg)
 		return;
 
 	(void) memset(conn, 0, sizeof(tcp_connection));
-	conn->super.max_udp_size = 65536;
 	conn->super.l = l;
 	conn->super.addrlen = sizeof(conn->super.remote_in);
 	if ((conn->fd = accept(l->fd, (struct sockaddr *)
@@ -643,7 +629,6 @@ static void udp_read_cb(void *userarg)
 
 	conn->l = l;
 	conn->addrlen = sizeof(conn->remote_in);
-	conn->max_udp_size = 512;
 	if ((len = recvfrom(l->fd, (void *)buf, sizeof(buf), 0,
 	    (struct sockaddr *)&conn->remote_in, &conn->addrlen)) == -1) {
 		if ( _getdns_socketerror_wants_retry() &&
@@ -728,8 +713,6 @@ static void udp_read_cb(void *userarg)
 		; /* FROMERR on input, ignore */
 
 	else {
-		uint32_t max_udp_size = 512;
-
 		/* Insert connection */
 		conn->super.key = conn;
 		if (!_getdns_rbtree_insert(
@@ -740,15 +723,6 @@ static void udp_read_cb(void *userarg)
 		}
 		DEBUG_SERVER("[connection add] count: %d\n",
 		    (int)l->set->connections_set.count);
-
-		if (!getdns_dict_get_int(request_dict,
-		    "/additional/0/udp_payload_size", &max_udp_size))
-			conn->max_udp_size = max_udp_size;
-
-		else if (!getdns_dict_get_int(request_dict,
-		    "/additional/1/udp_payload_size", &max_udp_size))
-			conn->max_udp_size = max_udp_size;
-
 		if ((conn->next = l->connections))
 			conn->next->prev_next = &conn->next;
 		conn->prev_next = &l->connections;

src/ssl_dane

@@ -1 +1 @@
-Subproject commit 89ff45974cafa7e03f0503ed013fe3e680698c20
+Subproject commit 187838104f3cfc9634148ae41a717e00c0d68e67

src/stub.c

@@ -33,10 +33,6 @@
 
 #include "config.h"
 
-#ifndef USE_WINSOCK
-#include <netdb.h>
-#endif
-
 /* Intercept and do not sent out COM DS queries with TLS
  * For debugging purposes only. Never commit with this turned on.
  */
@@ -57,7 +53,6 @@
 #include "general.h"
 #include "pubkey-pinning.h"
 
-
 /* WSA TODO: 
  * STUB_TCP_RETRY added to deal with edge triggered event loops (versus
  * level triggered).  See also lines containing WSA TODO below...
@@ -73,11 +68,14 @@
 #define STUB_TCP_ERROR -2
 
 /* Don't currently have access to the context whilst doing handshake */
-#define MIN_TLS_HS_TIMEOUT 2500
-#define MAX_TLS_HS_TIMEOUT 7500
+#define TIMEOUT_TLS 2500
 /* Arbritray number of message for EDNS keepalive resend*/
 #define EDNS_KEEPALIVE_RESEND 5
 
+static time_t secret_rollover_time = 0;
+static uint32_t secret = 0;
+static uint32_t prev_secret = 0;
+
 static void upstream_read_cb(void *userarg);
 static void upstream_write_cb(void *userarg);
 static void upstream_idle_timeout_cb(void *userarg);
@@ -98,6 +96,47 @@ uint64_t _getdns_get_time_as_uintt64();
 /* General utility functions */
 /*****************************/
 
+static void
+rollover_secret()
+{
+	time_t now = 0;
+
+	/* Create and roll server secrets */
+	if (time(&now) <= secret_rollover_time)
+		return;
+
+	/* Remember previous secret, in to keep answering on rollover
+	 * boundary with old cookie.
+	 */
+	prev_secret = secret;
+	secret = arc4random();
+
+	/* Next rollover over EDNS_COOKIE_ROLLOVER_TIME with 30% jitter,
+	 * I.e. some offset + or - 15% of the future point in time.
+	 */
+	secret_rollover_time = now + (EDNS_COOKIE_ROLLOVER_TIME / 20 * 17)
+		 + arc4random_uniform(EDNS_COOKIE_ROLLOVER_TIME / 10 * 3);
+}
+
+static void
+calc_new_cookie(getdns_upstream *upstream, uint8_t *cookie)
+{
+        unsigned char md_value[GETDNS_TLS_MAX_DIGEST_LENGTH];
+        size_t md_len;
+        size_t i;
+        sa_family_t af = upstream->addr.ss_family;
+        void *sa_addr = ((struct sockaddr*)&upstream->addr)->sa_data;
+	size_t addr_len = ( af == AF_INET6 ? sizeof(struct sockaddr_in6)
+	                  : af == AF_INET  ? sizeof(struct sockaddr_in)
+	                  : 0 ) - sizeof(sa_family_t);
+
+	_getdns_tls_cookie_sha256(secret, sa_addr, addr_len, md_value, &md_len);
+
+        (void) memset(cookie, 0, 8);
+        for (i = 0; i < md_len; i++)
+                cookie[i % 8] ^= md_value[i];
+}
+
 static getdns_return_t
 attach_edns_client_subnet_private(getdns_network_req *req)
 {
@@ -129,72 +168,57 @@ static getdns_return_t
 attach_edns_cookie(getdns_network_req *req)
 {
 	getdns_upstream *upstream = req->upstream;
+	uint16_t sz;
+	void* val;
+	uint8_t buf[8 + 32]; /* server cookies can be no larger than 32 bytes */
+	rollover_secret();
 
-	if (upstream->server_cookie_len) {
-		if (!req->badcookie_retry && bind(req->fd, (struct sockaddr *)
-		    &upstream->src_addr, upstream->src_addr_len)) {
+	if (!upstream->has_client_cookie) {
+		calc_new_cookie(upstream, upstream->client_cookie);
+		upstream->secret = secret;
+		upstream->has_client_cookie = 1;
 
-			_getdns_upstream_log(upstream,
-			    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_INFO,
-			    "%-40s : Upstream   : %s with source address: %s. "
-			    "Renewing Client Cookie.\n", upstream->addr_str,
-			    strerror(errno), upstream->src_addr_str);
+		sz = 8;
+		val = upstream->client_cookie;
+	} else if (upstream->secret != secret) {
+		memcpy( upstream->prev_client_cookie
+		      , upstream->client_cookie, 8);
+		upstream->has_prev_client_cookie = 1;
+		calc_new_cookie(upstream, upstream->client_cookie);
+		upstream->secret = secret;
 
-			upstream->server_cookie_len = 0;
-			upstream->src_addr_checked = 0;
-		} else
-			return _getdns_network_req_add_upstream_option(
-			    req, EDNS_COOKIE_OPCODE,
-			    upstream->server_cookie_len,
-			    upstream->server_cookie);
+		sz = 8;
+		val = upstream->client_cookie;
+	} else if (!upstream->has_server_cookie) {
+		sz = 8;
+		val = upstream->client_cookie;
+	} else {
+		sz = 8 + upstream->server_cookie_len;
+		memcpy(buf, upstream->client_cookie, 8);
+		memcpy(buf+8, upstream->server_cookie, upstream->server_cookie_len);
+		val = buf;
 	}
-	if (_getdns_get_now_ms() - upstream->src_addr_checked < 3600000) {
-		/* This upstream has been registered to *not* support cookies.
-		 * We will recheck one hour after this was registered.
-		 */
-		return 0;
-	}
-	/* Try to get a new server cookie for this upstream
-	 * Explicitly connect on UDP only.
-	 */
-	if (req->fd >= 0 && connect(req->fd,
-	    (struct sockaddr*)&upstream->addr, upstream->addr_len)) {
-		_getdns_upstream_log(upstream,
-		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
-		    "%-40s : Upstream   : Could not connect(): %s. "
-		    "Required for privacy aware Cookies. Cookies disabled.\n",
-		     upstream->addr_str, strerror(errno));
+	return _getdns_network_req_add_upstream_option(req, EDNS_COOKIE_OPCODE, sz, val);
 
-		/* Don't recheck for another hour */
-		upstream->src_addr_checked = _getdns_get_now_ms();
-		return 0;
-	}
-	/* Create new client cookie */
-	req->cookie_sent = 1;
-	gldns_write_uint32(req->client_cookie, arc4random());
-	gldns_write_uint32(req->client_cookie + 4, arc4random());
-	return _getdns_network_req_add_upstream_option(
-	    req, EDNS_COOKIE_OPCODE, 8, req->client_cookie);
 }
 
 /* Will find a matching OPT RR, but leaves the caller to validate it
+ *
+ * Returns 2 when found
+ *         0 when not found
+ *     and 1 on FORMERR
  */
-#define MATCH_OPT_FOUND     2
-#define MATCH_OPT_NOT_FOUND 0
-#define MATCH_OPT_ERROR     1 
 static int
-match_edns_opt_rr(uint16_t code, getdns_network_req *netreq,
+match_edns_opt_rr(uint16_t code, uint8_t *response, size_t response_len,
                   const uint8_t **position, uint16_t *option_len)
 {
-	const uint8_t *pos, *rdata_end;
+	_getdns_rr_iter rr_iter_storage, *rr_iter;
+	const uint8_t *pos;
 	uint16_t rdata_len, opt_code = 0, opt_len = 0;
-	static uint8_t *NO_OPT_RR = (uint8_t *)"\x00\x00";
 
 	/* Search for the OPT RR (if any) */
-	if (!netreq->response_opt) {
-		_getdns_rr_iter rr_iter_storage, *rr_iter;
 	for ( rr_iter = _getdns_rr_iter_init(&rr_iter_storage
-		              , netreq->response, netreq->response_len)
+	                                        , response, response_len)
 	    ; rr_iter
 	    ; rr_iter = _getdns_rr_iter_next(rr_iter)) {
 
@@ -203,195 +227,95 @@ match_edns_opt_rr(uint16_t code, getdns_network_req *netreq,
 
 		if (gldns_read_uint16(rr_iter->rr_type) != GETDNS_RRTYPE_OPT)
 			continue;
+
 		break;
 	}
-		if (! rr_iter) {
-			netreq->response_opt = NO_OPT_RR;
-			return MATCH_OPT_NOT_FOUND;
-		}
-		pos = netreq->response_opt = rr_iter->rr_type + 8;
+	if (! rr_iter)
+		return 0; /* No OPT, no cookie */
+
+	pos = rr_iter->rr_type + 8;
 
 #if defined(STUB_DEBUG) && STUB_DEBUG
 	char str_spc[8192], *str = str_spc;
 	size_t str_len = sizeof(str_spc);
 	uint8_t *data = (uint8_t *)rr_iter->pos;
 	size_t data_len = rr_iter->nxt - rr_iter->pos;
-		(void) gldns_wire2str_rr_scan(&data, &data_len, &str, &str_len,
-		    (uint8_t *)rr_iter->pkt, rr_iter->pkt_end - rr_iter->pkt,
-		    NULL);
+	(void) gldns_wire2str_rr_scan(
+	    &data, &data_len, &str, &str_len, (uint8_t *)rr_iter->pkt, rr_iter->pkt_end - rr_iter->pkt, NULL);
 	DEBUG_STUB("%s %-35s: OPT RR: %s",
 	           STUB_DEBUG_READ, __FUNC__, str_spc);
 #endif
-		/* Check limits only the first time*/
-		if (pos + 2 > rr_iter->nxt
-		||  pos + 2 + gldns_read_uint16(pos) > rr_iter->nxt) {
-			netreq->response_opt = NO_OPT_RR;
-			return MATCH_OPT_ERROR;
-		}
-	} else if (netreq->response_opt == NO_OPT_RR)
-		return MATCH_OPT_NOT_FOUND;
-	else
-		/* Reuse earlier found option */
-		pos = netreq->response_opt;;
 
-	rdata_len = gldns_read_uint16(pos);
-	pos += 2;
-	rdata_end = pos + rdata_len;
+	/* OPT found, now search for the specified option */
+	if (pos + 2 > rr_iter->nxt)
+		return 1; /* FORMERR */
 
-	while (pos < rdata_end) {
+	rdata_len = gldns_read_uint16(pos); pos += 2;
+	if (pos + rdata_len > rr_iter->nxt)
+		return 1; /* FORMERR */
+
+	while (pos < rr_iter->nxt) {
 		opt_code = gldns_read_uint16(pos); pos += 2;
 		opt_len  = gldns_read_uint16(pos); pos += 2;
-		if (pos + opt_len > rdata_end)
-			return MATCH_OPT_ERROR;
+		if (pos + opt_len > rr_iter->nxt)
+			return 1; /* FORMERR */
 		if (opt_code == code)
 			break;
 		pos += opt_len; /* Skip unknown options */
 	}
-	if (pos >= rdata_end || opt_code != code)
-		return MATCH_OPT_NOT_FOUND;
-
+	if (pos >= rr_iter->nxt || opt_code != code)
+		return 0; /* Everything OK, just no cookie found. */
 	*position = pos;
 	*option_len = opt_len;
-	return MATCH_OPT_FOUND;
+	return 2;
 }
 
 /* TODO: Test combinations of EDNS0 options*/
 static int
 match_and_process_server_cookie(
-    getdns_upstream *upstream, getdns_network_req *netreq) 
+    getdns_upstream *upstream, uint8_t *response, size_t response_len) 
 {
 	const uint8_t *position = NULL;
 	uint16_t option_len = 0;
-	int gai_r;
-	int found = match_edns_opt_rr(EDNS_COOKIE_OPCODE, netreq, 
-	                              &position, &option_len);
-	if (found == MATCH_OPT_ERROR) {
-		_getdns_upstream_log(upstream,
-		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
-		    "%-40s : Upstream   : Error getting Cookie option.\n",
-		    upstream->addr_str);
+	int found = match_edns_opt_rr(EDNS_COOKIE_OPCODE, response, 
+	                              response_len, &position, &option_len);
+	if (found != 2)
+		return found;
 
-		return 1; /* Discard and wait for better response */
-	}
-	else if (found == MATCH_OPT_NOT_FOUND) {
-		/* Option not found, server does not support cookies */
-		if (upstream->server_cookie_len > 8) {
-			_getdns_upstream_log(upstream,
-			    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR,
-			    "%-40s : Upstream   : Server did not return "
-			    " DNS Cookie. Response discarded.\n",
-			    upstream->addr_str);
+	if (option_len < 16 || option_len > 40)
+		return 1; /* FORMERR */
 
-			return 1; /* Discard response */
+	if (!upstream->has_client_cookie)
+		return 1; /* Cookie reply, but we didn't sent one */
 
-		} else if (netreq->cookie_sent) {
-			_getdns_upstream_log(upstream,
-			    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_INFO,
-			    "%-40s : Upstream   : Does not support DNS Cookies"
-			    ". Retrying in one hour.\n", upstream->addr_str);
+	if (memcmp(upstream->client_cookie, position, 8) != 0) {
+		if (!upstream->has_prev_client_cookie)
+			return 1; /* Cookie didn't match */
+		if (memcmp(upstream->prev_client_cookie, position, 8) != 0)
+			return 1; /* Previous cookie didn't match either */
 
-			upstream->src_addr_checked = _getdns_get_now_ms();
-		}
-		return 0; /* Use response */
-	}
-	assert(found == MATCH_OPT_FOUND);
-		
-	if (option_len < 16 || option_len > 40) {
-		_getdns_upstream_log(upstream,
-		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
-		    "%-40s : Upstream   : "
-		    "Unsupported Server Cookie size: %d.\n",
-		    upstream->addr_str, (int)option_len);
-
-		return 1; /* Discard and wait for better response */
-	}
-
-	if (upstream->server_cookie_len > 8) {
-		if (memcmp(upstream->server_cookie, position, 8)) {
-			_getdns_upstream_log(upstream,
-			    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
-			    "%-40s : Upstream   : DNS Cookie did not match.\n",
-			     upstream->addr_str);
-
-			return 1; /* Discard and wait for better response */
-		}
-		/* Update server cookie */
-		upstream->server_cookie_len = option_len;
-		(void) memcpy(upstream->server_cookie, position, option_len);
-		return 0; /* Use response */
-
-	} else if (!netreq->cookie_sent) {
-		_getdns_upstream_log(upstream,
-		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
-		    "%-40s : Upstream   : "
-		    "DNS Cookie received but none sent.\n",upstream->addr_str);
-
-		return 1; /* Discard and wait for better response */
-	}
-	if (memcmp(netreq->client_cookie, position, 8)) {
-		_getdns_upstream_log(upstream,
-		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
-		    "%-40s : Upstream   : DNS Cookie did not match.\n",
-		     upstream->addr_str);
-
-		return 1; /* Discard and wait for better response */
-	}
-	/* A new client cookie matched, store server cookie but only if we
-	 * can get the source IP address.
+		upstream->has_server_cookie = 0;
+		return 0; /* Don't store server cookie, because it
+		           * is for our previous client cookie
 			   */
-	upstream->src_addr_checked = _getdns_get_now_ms();
-
-	upstream->src_addr_len = sizeof(upstream->src_addr);
-	if (getsockname(netreq->fd,(struct sockaddr*)
-	    &upstream->src_addr, &upstream->src_addr_len)) {
-
-		_getdns_upstream_log(upstream,
-		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
-		    "%-40s : Upstream   : Could not get source address: %s. "
-		    "Privacy aware DNS Cookies not supported.\n",
-		    upstream->addr_str, strerror(errno));
-
-	} else if ((gai_r = getnameinfo((struct sockaddr *)
-	    &upstream->src_addr, upstream->src_addr_len,
-	    upstream->src_addr_str, sizeof(upstream->src_addr_str),
-	    NULL, 0, NI_NUMERICHOST))) {
-
-		_getdns_upstream_log(upstream,
-		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
-		    "%-40s : Upstream   : Could not print source address: %s. "
-		    "Privacy aware DNS Cookies not supported.\n",
-		    upstream->addr_str, gai_strerror(gai_r));
-	} else {
-		switch (upstream->src_addr.ss_family) {
-		case AF_INET:
-			((struct sockaddr_in *)&upstream->src_addr)->sin_port = 0;
-			break;
-		case AF_INET6:
-			((struct sockaddr_in6*)&upstream->src_addr)->sin6_port = 0;
-			break;
-		default:
-			return 0;
 	}
-		_getdns_upstream_log(upstream,
-		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
-		    "%-40s : Upstream   : "
-		    "Registering new Server Cookie for source address: %s.\n",
-		    upstream->addr_str, upstream->src_addr_str);
-
+	position += 8;
+	option_len -= 8;
+	upstream->has_server_cookie = 1;
 	upstream->server_cookie_len = option_len;
 	(void) memcpy(upstream->server_cookie, position, option_len);
 	return 0;
-	}
-	return 0;
 }
 
 static void
-process_keepalive( getdns_upstream *upstream, getdns_network_req *netreq)
+process_keepalive(
+    getdns_upstream *upstream, getdns_network_req *netreq, 
+    uint8_t *response, size_t response_len) 
 {
 	const uint8_t *position = NULL;
 	uint16_t option_len = 0;
-	int found = match_edns_opt_rr(GLDNS_EDNS_KEEPALIVE, netreq, 
-	                              &position, &option_len);
+	int found = match_edns_opt_rr(GLDNS_EDNS_KEEPALIVE, response, 
+	                              response_len, &position, &option_len);
 	if (found != 2 || option_len != 2) {
 		if (netreq->keepalive_sent == 1) {
 			/* For TCP if no keepalive sent back, then we must use 0 idle timeout
@@ -448,27 +372,8 @@ getdns_sock_nonblock(int sockfd)
 #endif
 }
 
-/** best effort to set TCP send timeout */
-static void
-getdns_sock_tcp_send_timeout(getdns_upstream *upstream, int sockfd,
-                             int send_timeout)
-{
-#if defined(HAVE_DECL_TCP_USER_TIMEOUT)
-	unsigned int val = send_timeout;
-	if (setsockopt(sockfd, IPPROTO_TCP, TCP_USER_TIMEOUT,
-	    &val, sizeof(val)) != 0) {
-		_getdns_upstream_log(upstream,
-		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
-		    "%-40s : Upstream   : "
-		    "Could not enable TCP send timeout\n",
-		     upstream->addr_str);
-	}
-#endif
-}
-
 static int
-tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
-            int send_timeout)
+tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport) 
 {
 #if defined(TCP_FASTOPEN) || defined(TCP_FASTOPEN_CONNECT)
 # ifdef USE_WINSOCK
@@ -487,8 +392,6 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		return -1;
 
 	getdns_sock_nonblock(fd);
-	if (send_timeout != -1)
-		getdns_sock_tcp_send_timeout(upstream, fd, send_timeout);
 #ifdef USE_OSX_TCP_FASTOPEN
 	sa_endpoints_t endpoints;
 	endpoints.sae_srcif = 0;
@@ -505,7 +408,7 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 	    _getdns_socketerror() == _getdns_EWOULDBLOCK)
 		return fd;
 
-	(void)transport; /* unused parameter */
+	(void)transport;
 #else	/* USE_OSX_TCP_FASTOPEN */
 	/* Note that error detection is different with TFO. Since the handshake
 	   doesn't start till the sendto() lack of connection is often delayed until
@@ -553,7 +456,7 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		    "%-40s : Upstream   : Could not setup TCP TFO\n",
 		     upstream->addr_str);
 #  else
-	(void)transport; /* unused parameter */
+	(void)transport;
 #  endif/* HAVE_DECL_TCP_FASTOPEN*/
 # endif	/* HAVE_DECL_TCP_FASTOPEN_CONNECT */
 #endif	/* USE_OSX_TCP_FASTOPEN */
@@ -709,8 +612,6 @@ static void
 stub_timeout_cb(void *userarg)
 {
 	getdns_network_req *netreq = (getdns_network_req *)userarg;
-        getdns_upstream    *upstream = netreq? netreq->upstream: NULL;
-        getdns_upstreams   *upstreams = upstream? upstream->upstreams: NULL;
 	DEBUG_STUB("%s %-35s: MSG:  %p\n",
 	           STUB_DEBUG_CLEANUP, __FUNC__, (void*)netreq);
 	stub_cleanup(netreq);
@@ -725,8 +626,6 @@ stub_timeout_cb(void *userarg)
 			    "%-40s : Upstream   : UDP - Resps=%6d, Timeouts  =%6d (logged every 100 responses)\n",
 			             netreq->upstream->addr_str,
 			             (int)netreq->upstream->udp_responses, (int)netreq->upstream->udp_timeouts);
-		 /* Only choose next stream if the timeout is on current UDP stream */
-		if (upstreams && (upstream == &upstreams->upstreams[upstreams->current_udp]))
 		stub_next_upstream(netreq);
 	} else {
 		netreq->upstream->responses_timeouts++;
@@ -1057,9 +956,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 		}
 	}
 
-	if (upstream->tls_pubkey_pinset)
-		_getdns_tls_connection_set_host_pinset(
-		    tls, upstream->tls_auth_name, upstream->tls_pubkey_pinset);
+	_getdns_tls_connection_set_host_pinset(tls, upstream->tls_auth_name, upstream->tls_pubkey_pinset);
 
 	/* Session resumption. There are trade-offs here. Want to do it when
 	   possible only if we have the right type of connection. Note a change
@@ -1084,23 +981,13 @@ tls_do_handshake(getdns_upstream *upstream)
 	int r;
 	while ((r = _getdns_tls_connection_do_handshake(upstream->tls_obj)) != GETDNS_RETURN_GOOD)
 	{
-		uint64_t timeout_tls = _getdns_ms_until_expiry(upstream->expires)/5*4;
-
-		if (timeout_tls < MIN_TLS_HS_TIMEOUT)
-			timeout_tls = MIN_TLS_HS_TIMEOUT;
-		else if (timeout_tls > MAX_TLS_HS_TIMEOUT)
-			timeout_tls = MAX_TLS_HS_TIMEOUT;
-
-		DEBUG_STUB("%s %-35s: FD:  %d, do_handshake -> %d (timeout: %d)\n",
-		    STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd, r, (int)timeout_tls);
-
 		switch (r) {
 			case GETDNS_RETURN_TLS_WANT_READ:
 				GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
 				upstream->event.read_cb = upstream_read_cb;
 				upstream->event.write_cb = NULL;
 				GETDNS_SCHEDULE_EVENT(upstream->loop,
-				    upstream->fd, timeout_tls, &upstream->event);
+				    upstream->fd, TIMEOUT_TLS, &upstream->event);
 				upstream->tls_hs_state = GETDNS_HS_READ;
 				return STUB_TCP_RETRY;
 			case GETDNS_RETURN_TLS_WANT_WRITE:
@@ -1108,7 +995,7 @@ tls_do_handshake(getdns_upstream *upstream)
 				upstream->event.read_cb = NULL;
 				upstream->event.write_cb = upstream_write_cb;
 				GETDNS_SCHEDULE_EVENT(upstream->loop,
-				    upstream->fd, timeout_tls, &upstream->event);
+				    upstream->fd, TIMEOUT_TLS, &upstream->event);
 				upstream->tls_hs_state = GETDNS_HS_WRITE;
 				return STUB_TCP_RETRY;
 			default:
@@ -1137,8 +1024,8 @@ tls_do_handshake(getdns_upstream *upstream)
 			    : "*Failure*" ));
 			upstream->tls_auth_state = GETDNS_AUTH_FAILED;
 		} else {
-			long verify_errno = 0;
-			const char* verify_errmsg = "Unknown verify error (fix reporting!)";
+			long verify_errno;
+			const char* verify_errmsg;
 
 			if (_getdns_tls_connection_certificate_verify(upstream->tls_obj, &verify_errno, &verify_errmsg)) {
 				upstream->tls_auth_state = GETDNS_AUTH_FAILED;
@@ -1312,12 +1199,7 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
 	_getdns_tls_connection* tls_obj = upstream->tls_obj;
 	uint16_t        padding_sz;
 
-	int q;
-       
-	if (netreq->owner->expires > upstream->expires)
-		upstream->expires = netreq->owner->expires;
-
-	q = tls_connected(upstream);
+	int q = tls_connected(upstream);
 	if (q != 0)
 		return q;
 	/* This is the case where the upstream is connected but it isn't an authenticated
@@ -1442,7 +1324,6 @@ _getdns_get_time_as_uintt64() {
 /**************************/
 
 
-static void stub_udp_write_cb(void *userarg);
 static void
 stub_udp_read_cb(void *userarg)
 {
@@ -1488,15 +1369,14 @@ stub_udp_read_cb(void *userarg)
 	if (GLDNS_ID_WIRE(netreq->response) != GLDNS_ID_WIRE(netreq->query))
 		return; /* Cache poisoning attempt ;) */
 
-	if (netreq->owner->edns_cookies) {
-		netreq->response_len = read;
-		if (match_and_process_server_cookie(upstream, netreq)) {
-			netreq->response_len = 0; /* 0 means error */
+	if (netreq->owner->edns_cookies && match_and_process_server_cookie(
+	    upstream, netreq->response, read))
 		return; /* Client cookie didn't match? */
-		}
-		netreq->response_len = 0; /* 0 means error */
-	}
+
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
+
+	_getdns_closesocket(netreq->fd);
+	netreq->fd = -1;
 	while (GLDNS_TC_WIRE(netreq->response)) {
 		DEBUG_STUB("%s %-35s: MSG: %p TC bit set in response \n", STUB_DEBUG_READ, 
 		             __FUNC__, (void*)netreq);
@@ -1507,9 +1387,6 @@ stub_udp_read_cb(void *userarg)
 		if (next_transport != GETDNS_TRANSPORT_TCP &&
 		    next_transport != GETDNS_TRANSPORT_TLS)
 			break;
-
-		_getdns_closesocket(netreq->fd);
-		netreq->fd = -1;
 		/* For now, special case where fallback should be on the same upstream*/
 		if ((netreq->fd = upstream_connect(upstream, next_transport,
 		                                   dnsreq)) == -1)
@@ -1519,27 +1396,10 @@ stub_udp_read_cb(void *userarg)
 		    _getdns_ms_until_expiry(dnsreq->expires),
 		    getdns_eventloop_event_init(&netreq->event,
 		    netreq, NULL, NULL, stub_timeout_cb));
+
 		return;
 	}
 	netreq->response_len = read;
-	if (netreq->owner->edns_cookies
-	&&  !netreq->badcookie_retry
-	&&  netreq->response_opt /* actually: assert(netreq->response_opt) */
-	&& (netreq->response_opt[-4] << 4 | GLDNS_RCODE_WIRE(netreq->response))
-	    == GETDNS_RCODE_BADCOOKIE
-	&&  netreq->fd >= 0) {
-
-		/* Retry over UDP with the newly learned Cookie */
-		netreq->badcookie_retry = 1;
-		GETDNS_SCHEDULE_EVENT(dnsreq->loop, netreq->fd,
-		    _getdns_ms_until_expiry(dnsreq->expires),
-		    getdns_eventloop_event_init(&netreq->event, netreq,
-		    NULL, stub_udp_write_cb, stub_timeout_cb));
-		return;
-	}
-	_getdns_closesocket(netreq->fd);
-	netreq->fd = -1;
-
 	if (!dnsreq->context->round_robin_upstreams)
 		dnsreq->upstreams->current_udp = 0;
 	else {
@@ -1706,12 +1566,16 @@ upstream_read_cb(void *userarg)
 		upstream->tcp.read_buf = NULL;
 		upstream->responses_received++;
 		
+		/* !THIS CODE NEEDS TESTING! */
 		if (netreq->owner->edns_cookies &&
-		    match_and_process_server_cookie(netreq->upstream, netreq))
+		    match_and_process_server_cookie(
+		    netreq->upstream, upstream->tcp.read_buf,
+		    upstream->tcp.read_pos - upstream->tcp.read_buf))
 			return; /* Client cookie didn't match (or FORMERR) */
 
 		if (netreq->owner->context->idle_timeout != 0)
-		     process_keepalive(netreq->upstream, netreq);
+		     process_keepalive(netreq->upstream, netreq, netreq->response,
+		                       netreq->response_len);
 
 		netreq->debug_end_time = _getdns_get_time_as_uintt64();
 		/* This also reschedules events for the upstream*/
@@ -2173,8 +2037,7 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		/* Use existing if available*/
 		if (upstream->fd != -1)
 			return upstream->fd;
-		fd = tcp_connect(upstream, transport,
-				 dnsreq->context->tcp_send_timeout);
+		fd = tcp_connect(upstream, transport);
 		if (fd == -1) {
 			upstream_failed(upstream, 1);
 			return -1;
@@ -2363,7 +2226,7 @@ upstream_schedule_netreq(getdns_upstream *upstream, getdns_network_req *netreq)
 			/* Set a timeout on the upstream so we can catch failed setup*/
 			upstream->event.timeout_cb = upstream_setup_timeout_cb;
 			GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd,
-			    _getdns_ms_until_expiry(netreq->owner->expires)/5*4,
+			    _getdns_ms_until_expiry(netreq->owner->expires)/2,
 			    &upstream->event);
 #if defined(HAVE_DECL_TCP_FASTOPEN) && HAVE_DECL_TCP_FASTOPEN \
  && !(defined(HAVE_DECL_TCP_FASTOPEN_CONNECT) && HAVE_DECL_TCP_FASTOPEN_CONNECT) \

src/sync.c

@@ -154,8 +154,7 @@ getdns_sync_cb(getdns_context *context, getdns_callback_type_t callback_type,
     getdns_dict *response, void *userarg, getdns_transaction_t transaction_id)
 {
 	getdns_sync_data *data = (getdns_sync_data *)userarg;
-	(void)context; (void)callback_type; /* unused parameters */
-	(void)transaction_id; /* unused parameter */
+	(void)context; (void)callback_type; (void)transaction_id;
 
 	assert(data);
 

src/test/check_getdns_address_sync.h

@@ -145,7 +145,7 @@
      START_TEST (getdns_address_sync_6)
      {
       /*
-       *  name = "d2a8n3.rootcanary.net"  need to replace this with domain from unbound zone
+       *  name = "willem.getdnsapi.net"  need to replace this with domain from unbound zone
        *  expect: NOERROR/NODATA response:
        *    status = GETDNS_RESPSTATUS_NO_DATA
        *    rcode = 0
@@ -156,7 +156,7 @@
      
        CONTEXT_CREATE(TRUE);
 
-       ASSERT_RC(getdns_address_sync(context, "d2a8n3.rootcanary.net", NULL, &response), 
+       ASSERT_RC(getdns_address_sync(context, "willem.getdnsapi.net", NULL, &response), 
          GETDNS_RETURN_GOOD, "Return code from getdns_address_sync()");
 
        EXTRACT_RESPONSE;

src/test/check_getdns_cancel_callback.h

@@ -457,7 +457,7 @@
          void *userarg,
          getdns_transaction_t transaction_id)
      {
-       (void)context; (void)response; (void)userarg; /* unused parameters */
+       (void)context; (void)response; (void)userarg;
 
        callback_called++;
 
@@ -466,23 +466,23 @@
          callback_canceled++;
          ck_assert_msg(transaction_id % 2,
            "Only callbacks with odd transaction_ids were canceled, this one is even: %d",
-           (int)transaction_id);
+           transaction_id);
        }
        else if(callback_type == GETDNS_CALLBACK_COMPLETE)
        {
          callback_completed++;
          ck_assert_msg((transaction_id % 2) == 0,
            "One callbacks with even transaction_ids should complete, this one is odd: %d",
-           (int)transaction_id);
+           transaction_id);
        }
        else
        {
          if(transaction_id % 2)
            ck_abort_msg("callback_type should == GETDNS_CALLBACK_CANCEL for odd transaction_id (%d), got: %d",
-             (int)transaction_id, (int)callback_type);
+             transaction_id, callback_type);
          else
            ck_abort_msg("callback_type should == GETDNS_CALLBACK_COMPLETE for even transaction_id (%d), got %d",
-             (int)transaction_id, (int)callback_type);
+             transaction_id, callback_type);
        }
      }
 
@@ -491,7 +491,7 @@
      */
      void verify_getdns_cancel_callback(struct extracted_response *ex_response)
      {
-       (void)ex_response; /* unused parameter */
+       (void)ex_response;
        /*
         *  increment callback_called global to prove callback was called.
         */

src/test/check_getdns_common.c

@@ -57,8 +57,6 @@ int event_loop_type = 0;
 void extract_response(struct getdns_dict *response, struct extracted_response *ex_response)
 {
   int have_answer_type = 0;
-  int get_reply = 0;
-  uint32_t rcode;
 
   ck_assert_msg(response != NULL, "Response should not be NULL");
   /* fprintf(stderr, "%s\n", getdns_pretty_print_dict(response)); */
@@ -105,18 +103,10 @@ void extract_response(struct getdns_dict *response, struct extracted_response *e
     ex_response->question = NULL;
     return;
   }
-  /* Work around dnsmasq issue in which NXDOMAIN AAAA responses
-   * are returned as NODATA. In such cases use the other A response
-   * which does have rcode NXDOMAIN.
-   */
-  if (ex_response->status == GETDNS_RESPSTATUS_NO_NAME
-  && !getdns_dict_get_int(response, "/replies_tree/1/header/rcode", &rcode)
-  && rcode == GETDNS_RCODE_NXDOMAIN)
-    get_reply = 1;
 
-  ASSERT_RC(getdns_list_get_dict(ex_response->replies_tree, get_reply, &ex_response->replies_tree_sub_dict),
-    GETDNS_RETURN_GOOD, "Failed to extract \"replies_tree[#]\"");
-  ck_assert_msg(ex_response->replies_tree_sub_dict != NULL, "replies_tree[#] dict should not be NULL");
+  ASSERT_RC(getdns_list_get_dict(ex_response->replies_tree, 0, &ex_response->replies_tree_sub_dict),
+    GETDNS_RETURN_GOOD, "Failed to extract \"replies_tree[0]\"");
+  ck_assert_msg(ex_response->replies_tree_sub_dict != NULL, "replies_tree[0] dict should not be NULL");
 
   ASSERT_RC(getdns_dict_get_list(ex_response->replies_tree_sub_dict, "additional", &ex_response->additional),
     GETDNS_RETURN_GOOD, "Failed to extract \"additional\"");
@@ -196,7 +186,7 @@ void assert_nodata(struct extracted_response *ex_response)
 
   ASSERT_RC(getdns_list_get_length(ex_response->answer, &length),
     GETDNS_RETURN_GOOD, "Failed to extract \"answer\" length");
-  ck_assert_msg(length == 0, "Expected \"answer\" length == 0, got %d", (int)length);
+  ck_assert_msg(length == 0, "Expected \"answer\" length == 0, got %d", length);
 
   ASSERT_RC(ex_response->status, GETDNS_RESPSTATUS_NO_NAME, "Unexpected value for \"status\"");
 }
@@ -222,7 +212,7 @@ void assert_address_in_answer(struct extracted_response *ex_response, int a, int
 
   ASSERT_RC(getdns_list_get_length(ex_response->answer, &length),
     GETDNS_RETURN_GOOD, "Failed to extract \"answer\" length");
-  ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", (int)ancount, (int)length);
+  ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", ancount, length);
 
   for(i = 0; i < length; i++)
   {
@@ -257,7 +247,7 @@ void assert_address_in_just_address_answers(struct extracted_response *ex_respon
     GETDNS_RETURN_GOOD, "Failed to extract \"just_address_answers\" length");
   
   if (length == 0) resp_str = getdns_pretty_print_dict(ex_response->response);
-  ck_assert_msg(length > 0, "Expected \"just_address_answers\" length > 0, got %d\n%s", (int)length, resp_str);
+  ck_assert_msg(length > 0, "Expected \"just_address_answers\" length > 0, got %d\n%s", length, resp_str);
   if (length == 0) free(resp_str);
 }
 
@@ -294,7 +284,7 @@ void assert_soa_in_authority(struct extracted_response *ex_response)
 
   ASSERT_RC(getdns_list_get_length(ex_response->authority, &length),
     GETDNS_RETURN_GOOD, "Failed to extract \"authority\" length");
-  ck_assert_msg(length == nscount, "Expected \"authority\" length == nscount: %d, got %d", (int)nscount, (int)length);
+  ck_assert_msg(length == nscount, "Expected \"authority\" length == nscount: %d, got %d", nscount, length);
 
   for(i = 0; i < length; i++)
   {
@@ -328,7 +318,7 @@ void assert_ptr_in_answer(struct extracted_response *ex_response)
 
   ASSERT_RC(getdns_list_get_length(ex_response->answer, &length),
     GETDNS_RETURN_GOOD, "Failed to extract \"answer\" length");
-  ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", (int)ancount, (int)length);
+  ck_assert_msg(length == ancount, "Expected \"answer\" length == ancount: %d, got %d", ancount, length);
 
   for(i = 0; i < length; i++)
   {
@@ -349,7 +339,7 @@ void destroy_callbackfn(struct getdns_context *context,
                         void *userarg,
                         getdns_transaction_t transaction_id) {
     int* flag = (int*)userarg;
-    (void)callback_type; (void)transaction_id; /* unused parameters */
+    (void)callback_type; (void)transaction_id;
     *flag = 1;
     getdns_dict_destroy(response);
     getdns_context_destroy(context);
@@ -369,7 +359,7 @@ void callbackfn(struct getdns_context *context,
 {
   typedef void (*fn_ptr)(struct extracted_response *ex_response);
   fn_ptr fn = ((fn_cont *)userarg)->fn;
-  (void)context; (void)transaction_id; /* unused parameters */
+  (void)context; (void)transaction_id;
 
   /*
    *  If userarg is NULL, either a negative test case
@@ -409,7 +399,7 @@ void callbackfn(struct getdns_context *context,
 void update_callbackfn(struct getdns_context *context,
                 getdns_context_code_t changed_item)
 {
-  (void)context; /* unused parameter */
+  (void)context;
   ck_assert_msg(changed_item == expected_changed_item,
     "Expected changed_item == %d, got %d",
     changed_item, expected_changed_item);

src/test/check_getdns_context_destroy.h

@@ -183,7 +183,6 @@
      }
      END_TEST
 
-#if 0
      START_TEST (getdns_context_destroy_7)
      {
       /*
@@ -206,6 +205,7 @@
        RUN_EVENT_LOOP;
 
        CONTEXT_DESTROY;
+
        ck_assert_msg(flag == 1, "flag should == 1, got %d", flag);
      }
      END_TEST
@@ -229,10 +229,10 @@
          &flag, &transaction_id, destroy_callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_address()");
        getdns_cancel_callback(context, transaction_id);
-
        RUN_EVENT_LOOP;
 
        CONTEXT_DESTROY;
+
        ck_assert_msg(flag == 1, "flag should == 1, got %d", flag);
      }
      END_TEST
@@ -264,14 +264,14 @@
        RUN_EVENT_LOOP;
 
        CONTEXT_DESTROY;
+
        ck_assert_msg(flag == 1, "flag should == 1, got %d", flag);
      }
      END_TEST
-#endif
 
      void verify_getdns_context_destroy(struct extracted_response *ex_response)
      {
-       (void)ex_response; /* unused parameter */
+       (void)ex_response;
        /*
         * Sleep for a second to make getdns_context_destroy() wait.
         */
@@ -301,11 +301,10 @@
        tcase_add_test(tc_pos, getdns_context_destroy_4);
        tcase_add_test(tc_pos, getdns_context_destroy_5);
        tcase_add_test(tc_pos, getdns_context_destroy_6);
-#if 0
+       // raise aborts via assertion failures
        tcase_add_test_raise_signal(tc_pos, getdns_context_destroy_7, SIGABRT);
        tcase_add_test_raise_signal(tc_pos, getdns_context_destroy_8, SIGABRT);
        tcase_add_test_raise_signal(tc_pos, getdns_context_destroy_9, SIGABRT);
-#endif
        suite_add_tcase(s, tc_pos);
 
        return s;

src/test/check_getdns_context_set_timeout.c

@@ -266,7 +266,7 @@ void timeout_3_cb(struct getdns_context *context,
                   getdns_callback_type_t callback_type,
                   struct getdns_dict * response,
                   void *userarg, getdns_transaction_t transaction_id) {
-    (void)response; (void)transaction_id; /* unused parameters */
+    (void)response; (void)transaction_id;
     timeout_thread_data *tdata = (timeout_thread_data*)userarg;
     tdata->num_callbacks++;
     if (callback_type == GETDNS_CALLBACK_TIMEOUT) {

src/test/check_getdns_convert_alabel_to_ulabel.h

@@ -44,8 +44,7 @@
       char *alabel = NULL;
 
       ck_assert_msg( getdns_convert_alabel_to_ulabel( alabel ) == 0,
-               "Was not expecting %p from getdns_convert_alabel_to_ulabel()",
-		(void *)getdns_convert_alabel_to_ulabel( alabel ) );
+               "Was not expecting %d from getdns_convert_alabel_to_ulabel()", getdns_convert_alabel_to_ulabel( alabel ) );
 
      }
      END_TEST

src/test/check_getdns_convert_ulabel_to_alabel.h

@@ -45,8 +45,7 @@
 
 
       ck_assert_msg(( getdns_convert_ulabel_to_alabel( ulabel ) == 0 ),
-               "Was not expecting %p from getdns_convert_ulabel_to_alabel()",
-		(void *)getdns_convert_ulabel_to_alabel( ulabel ) );
+               "Was not expecting %d from getdns_convert_ulabel_to_alabel()", getdns_convert_ulabel_to_alabel( ulabel ) );
      }
      END_TEST
 

src/test/check_getdns_dict_get_bindata.h

@@ -161,7 +161,7 @@
         GETDNS_RETURN_GOOD, "Return code from getdns_dict_get_bindata()");
 
       ck_assert_msg(answer->size == bindata.size, "Expected bindata size == %d, got: %d",
-        (int)bindata.size, (int)answer->size);
+        bindata.size, answer->size);
       ck_assert_msg(strcmp((char *)answer->data, (char *)bindata.data) == 0, 
         "Expected bindata data to be \"%s\", got: \"%s\"",
         (char *)bindata.data, (char *)answer->data);

src/test/check_getdns_dict_get_names.h

@@ -98,7 +98,7 @@
       ASSERT_RC(getdns_list_get_length(answer, &length),
         GETDNS_RETURN_GOOD, "Return code from getdns_list_get_length()");
  
-      ck_assert_msg(length == 3, "Expected length == 3, got %d", (int)length);
+      ck_assert_msg(length == 3, "Expected length == 3, got %d", length);
 
       for(i = 0; i < length; i++)
       {

src/test/check_getdns_dict_set_bindata.h

@@ -112,9 +112,9 @@
       ASSERT_RC(getdns_dict_get_bindata(this_dict, "bindata", &retrieved_bindata),
         GETDNS_RETURN_GOOD, "Return code from getdns_dict_get_bindata()");
 
-      ck_assert_msg(retrieved_bindata->size == second_bindata.size,
+      ck_assert_msg(retrieved_bindata->size, second_bindata.size,
         "Expected retrieved bindata size == %d, got: %d",
-        (int)second_bindata.size, (int)retrieved_bindata->size);
+        second_bindata.size, retrieved_bindata->size);
 
       ck_assert_msg(strcmp((char *)retrieved_bindata->data, (char *)second_bindata.data) == 0,
         "Expected retrieved bindata to be \"%s\", got: \"%s\"",
@@ -152,7 +152,7 @@
 
       ck_assert_msg(retrieved_bindata->size == bindata.size, 
         "Expected retrieved bindata size == %d, got: %d",
-        (int)bindata.size, (int)retrieved_bindata->size);
+        bindata.size, retrieved_bindata->size);
 
       ck_assert_msg(strcmp((char *)retrieved_bindata->data, (char *)bindata.data) == 0, 
         "Expected bindata data to be \"%s\", got: \"%s\"",

src/test/check_getdns_display_ip_address.h

@@ -47,7 +47,7 @@
 
       ptr = getdns_display_ip_address(NULL);
       ck_assert_msg(ptr == NULL, "Expected retrieved bindata == NULL, got: %p",
-        (void *)ptr);
+        ptr);
     }
     END_TEST
 
@@ -64,7 +64,7 @@
       ptr = getdns_display_ip_address(&bindata_of_ipv4_or_ipv6_address);
 
       ck_assert_msg(ptr == NULL, "Expected pointer == NULL, got: %p",
-        (void *)ptr);
+        ptr);  
   
     }
     END_TEST

src/test/check_getdns_general.h

@@ -179,7 +179,7 @@
      START_TEST (getdns_general_7)
      {
       /*
-       *  name = "nlnetlabs.nl"
+       *  name = "google.com"
        *  request_type = 65279 (maximum unassigned RRTYPE)
        *  expect: NOERROR/NODATA response:
        *    status = GETDNS_RESPSTATUS_NO_NAME
@@ -195,7 +195,7 @@
        CONTEXT_CREATE(TRUE);
        EVENT_BASE_CREATE;
 
-       ASSERT_RC(getdns_general(context, "nlnetlabs.nl", 65279, NULL,
+       ASSERT_RC(getdns_general(context, "google.com", 65279, NULL,
          &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 
@@ -322,7 +322,7 @@
      START_TEST (getdns_general_11)
      {
       /*
-       *  name = "d2a8n3.rootcanary.net"  and unbound zone
+       *  name = "willem.getdnsapi.net"  and unbound zone
        *  request_type = GETDNS_RRTYPE_MX
        *  expect: NOERROR/NODATA response:
        *    status = GETDNS_RESPSTATUS_NO_NAME
@@ -338,7 +338,7 @@
        CONTEXT_CREATE(TRUE);
        EVENT_BASE_CREATE;
 
-       ASSERT_RC(getdns_general(context, "d2a8n3.rootcanary.net", GETDNS_RRTYPE_MX, NULL,
+       ASSERT_RC(getdns_general(context, "willem.getdnsapi.net", GETDNS_RRTYPE_MX, NULL,
          &fn_ref, &transaction_id, callbackfn),
          GETDNS_RETURN_GOOD, "Return code from getdns_general()");
 

src/test/check_getdns_general_sync.h

@@ -152,7 +152,7 @@
      START_TEST (getdns_general_sync_7)
      {
       /*
-       *  name = "nlnetlabs.nl"
+       *  name = "google.com"
        *  request_type = 65279 (maximum unassigned RRTYPE)
        *  expect: NOERROR/NODATA response:
        *    status = GETDNS_RESPSTATUS_NO_NAME
@@ -164,7 +164,7 @@
      
        CONTEXT_CREATE(TRUE);
 
-       ASSERT_RC(getdns_general_sync(context, "nlnetlabs.nl", 65279, NULL, &response), 
+       ASSERT_RC(getdns_general_sync(context, "google.com", 65279, NULL, &response), 
          GETDNS_RETURN_GOOD, "Return code from getdns_general_sync()");
 
        EXTRACT_RESPONSE;
@@ -267,7 +267,7 @@
      START_TEST (getdns_general_sync_11)
      {
       /*
-       *  name = "d2a8n3.rootcanary.net" an unbound zone (as in no MX)
+       *  name = "willem.getdnsapi.net" an unbound zone (as in no MX)
        *  request_type = GETDNS_RRTYPE_MX
        *  expect: NOERROR/NODATA response:
        *    status = GETDNS_RESPSTATUS_NO_NAME
@@ -279,7 +279,7 @@
      
        CONTEXT_CREATE(TRUE);
 
-       ASSERT_RC(getdns_general_sync(context, "d2a8n3.rootcanary.net", GETDNS_RRTYPE_MX, NULL, &response), 
+       ASSERT_RC(getdns_general_sync(context, "willem.getdnsapi.net", GETDNS_RRTYPE_MX, NULL, &response), 
          GETDNS_RETURN_GOOD, "Return code from getdns_general_sync()");
 
        EXTRACT_RESPONSE;

src/test/check_getdns_libev.c

@@ -53,7 +53,7 @@
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
     struct ev_loop* loop = (struct ev_loop*) eventloop;
-    (void)context; /* unused parameter */
+    (void)context;
     ev_run(loop, 0);
 }
 

src/test/check_getdns_libevent.c

@@ -49,7 +49,7 @@
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
     struct event_base* base = (struct event_base*) eventloop;
-    (void)context; /* unused parameter */
+    (void)context;
     event_base_dispatch(base);
 }
 

src/test/check_getdns_libuv.c

@@ -49,7 +49,7 @@
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
     uv_loop_t* loop = (uv_loop_t*) eventloop;
-    (void)context; /* unused parameter */
+    (void)context;
     uv_run(loop, UV_RUN_DEFAULT);
 }
 

src/test/check_getdns_list_get_length.h

@@ -89,7 +89,7 @@
       ASSERT_RC(getdns_list_get_length(list, &length),
         GETDNS_RETURN_GOOD, "Return code from getdns_list_get_length()");
 
-      ck_assert_msg(length == 3, "Expected length == 3, got %d", (int)length);
+      ck_assert_msg(length == 3, "Expected length == 3, got %d", length);
 
       LIST_DESTROY(list);
     }
@@ -110,7 +110,7 @@
       ASSERT_RC(getdns_list_get_length(list, &length),
         GETDNS_RETURN_GOOD, "Return code from getdns_list_get_length()");
 
-      ck_assert_msg(length == 0, "Expected length == 3, got %d", (int)length);
+      ck_assert_msg(length == 0, "Expected length == 3, got %d", length);
 
       LIST_DESTROY(list);    
     }

src/test/check_getdns_selectloop.c

@@ -37,11 +37,11 @@
 #include "getdns/getdns_extra.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {
-	(void)eventloop; /* unused parameter */
+	(void)eventloop;
  	getdns_context_run(context);
 }
 
 void* create_eventloop_impl(struct getdns_context* context) {
-    (void)context; /* unused parameter */
+    (void)context;
     return NULL;
 }

src/test/check_getdns_transport.c

@@ -211,8 +211,8 @@ void transport_cb(struct getdns_context *context,
   struct getdns_dict * response,
   void *userarg, getdns_transaction_t transaction_id) {
   /* Don't really care about the answer*/
-  (void)context; (void)callback_type; (void)response; /* unused parameters */
-  (void)userarg; (void)transaction_id; /* unused parameters */
+  (void)context; (void)callback_type; (void)response;
+  (void)userarg; (void)transaction_id;
   return;
 }
 

src/test/tests_stub_async.c

@@ -57,7 +57,7 @@ this_callbackfn(struct getdns_context *this_context,
 	struct getdns_dict *this_response,
 	void *this_userarg, getdns_transaction_t this_transaction_id)
 {
-	(void)this_context; (void)this_userarg; /* unused parameters */
+	(void)this_context; (void)this_userarg;
 
 	if (this_callback_type == GETDNS_CALLBACK_COMPLETE) {	/* This is a callback with data */
 		char *res = getdns_pretty_print_dict(this_response);

src/test/tpkg/200-stub-only-compile-install.tpkg/200-stub-only-compile-install.pre

@@ -17,4 +17,4 @@ rm -fr "${BUILDDIR}/build-stub-only"
 mkdir  "${BUILDDIR}/build-stub-only"
 cd "${BUILDDIR}/build-stub-only"
 rm -f CMakeCache.txt
-cmake -E env CXXFLAGS="-g" cmake -DUSE_GNUTLS=OFF -DENABLE_STUB_ONLY=ON -DENABLE_DEBUG_SERVER=ON -DENABLE_DEBUG_ANCHOR=ON -DCMAKE_INSTALL_PREFIX=../install-stub-only $* ${SRCROOT}
+cmake -E env CXXFLAGS="-g" cmake -DENABLE_STUB_ONLY=ON -DENABLE_DEBUG_SERVER=ON -DENABLE_DEBUG_ANCHOR=ON -DCMAKE_INSTALL_PREFIX=../install-stub-only $* ${SRCROOT}

src/test/tpkg/225-stub-only-valgrind-checks.tpkg/225-stub-only-valgrind-checks.queries

@@ -5,5 +5,3 @@ qwerlkjhasdfpuiqwyerm.1234kjhrqwersv.com
 -H 8.8.8.8
 -H 2a04:b900:0:100::37
 -A _acme-challenge.getdnsapi.net
-@185.49.141.38 nlnetlabs.nl +edns_cookies
--L dnsprivacy.org

src/test/tpkg/225-stub-only-valgrind-checks.tpkg/225-stub-only-valgrind-checks.supp

@@ -100,19 +100,3 @@
    obj:/usr/local/lib/libunbound.so.8.1.5
    obj:/usr/local/lib/libunbound.so.8.1.5
 }
-{
-   <insert_a_suppression_name_here>
-   Memcheck:Cond
-   obj:/usr/lib/x86_64-linux-gnu/libgnutls.so.*
-   obj:/usr/lib/x86_64-linux-gnu/libgnutls.so.*
-   obj:/usr/lib/x86_64-linux-gnu/libgnutls.so.*
-   obj:/usr/lib/x86_64-linux-gnu/libgnutls.so.*
-   obj:/usr/lib/x86_64-linux-gnu/libgnutls.so.*
-   fun:gnutls_x509_ext_import_subject_alt_names
-   fun:gnutls_x509_crt_import
-   fun:gnutls_x509_crt_list_import
-   fun:gnutls_x509_crt_list_import2
-   fun:gnutls_x509_trust_list_add_trust_mem
-   fun:gnutls_x509_trust_list_add_trust_file
-   fun:gnutls_x509_trust_list_add_system_trust
-}

src/test/tpkg/265-supported-rrs.tpkg/265-supported-rrs.test

@@ -11,5 +11,5 @@ elif ! ( "./${TPKG_NAME}" "${TPKG_NAME}.net-dns.org" | tee out )
 then
 	exit 1
 else
-	diff out "${TPKG_NAME}.good" --ignore-matching-lines=";; MSG SIZE  rcvd: "
+	diff out "${TPKG_NAME}.good"
 fi

src/test/tpkg/270-header-extension.tpkg/270-header-extension.c

@@ -9,6 +9,10 @@ int main()
 	getdns_return_t r;
 	getdns_context *ctx = NULL;
 	getdns_dict *extensions = NULL;
+	getdns_bindata ipv4 = { 4, (uint8_t*)"IPv4" };
+	/* 185.49.141.37 */
+	getdns_bindata nsip = { 4, (uint8_t*)"\xb9\x31\x8c\x3c" };
+	getdns_dict *upstream = NULL;
 	getdns_list *upstreams = NULL;
 	getdns_dict *response = NULL;
 	uint32_t value;
@@ -17,20 +21,39 @@ int main()
 	if ((r = getdns_context_create(&ctx, 1)))
 		fprintf(stderr, "Could not create context");
 
+	else if (!(extensions = getdns_dict_create_with_context(ctx))) {
+		fprintf(stderr, "Could not create dictionary");
+		r = GETDNS_RETURN_MEMORY_ERROR;
+
+	} else if ((r = getdns_dict_set_int(extensions, "/header/rd", 0)))
+		fprintf(stderr, "Could not set RD bit");
+
+	else if ((r = getdns_dict_set_int(extensions, "/add_opt_parameters/do_bit", 1)))
+		fprintf(stderr, "Could not set qtype");
+
+	else if (!(upstream = getdns_dict_create_with_context(ctx))) {
+		fprintf(stderr, "Could not create upstream dictionary");
+		r = GETDNS_RETURN_MEMORY_ERROR;
+
+	} else if ((r = getdns_dict_set_bindata(upstream, "address_type", &ipv4)))
+		fprintf(stderr, "Could set \"address_type\"");
+
+	else if ((r = getdns_dict_set_bindata(upstream, "address_data", &nsip)))
+		fprintf(stderr, "Could set \"address_data\"");
+
+	else if (!(upstreams = getdns_list_create_with_context(ctx))) {
+		fprintf(stderr, "Could not create upstreams list");
+		r = GETDNS_RETURN_MEMORY_ERROR;
+
+	} else if ((r = getdns_list_set_dict(upstreams, 0, upstream)))
+		fprintf(stderr, "Could not append upstream to upstreams list");
+
 	else if ((r = getdns_context_set_resolution_type(ctx, GETDNS_RESOLUTION_STUB)))	
 		fprintf(stderr, "Could not set stub mode");
 
-	else if ((r = getdns_str2list("[ 185.49.140.60 ]", &upstreams)))
-		fprintf(stderr, "Could not make upstreams list");
-
 	else if ((r = getdns_context_set_upstream_recursive_servers(ctx, upstreams)))	
 		fprintf(stderr, "Could not set upstreams list");
 
-	else if ((r = getdns_str2dict("{ header: { rd: 0 }"
-	                              ", add_opt_parameters: { do_bit: 1 }"
-				      "}", &extensions)))
-		fprintf(stderr, "Could not create extensions");
-
 	else if ((r = getdns_general_sync(ctx, "bogus.nlnetlabs.nl.", GETDNS_RRTYPE_TXT, extensions, &response)))
 		fprintf(stderr, "Could not do lookup");
 
@@ -38,8 +61,7 @@ int main()
 		fprintf(stderr, "Could not get status from response");
 
 	else if (value != GETDNS_RESPSTATUS_GOOD) {
-		fprintf(stderr, "response['status'] != GETDNS_RESPSTATUS_GOOD: %s"
-		              , getdns_get_errorstr_by_id(value));
+		fprintf(stderr, "response['status'] != GETDNS_RESPSTATUS_GOOD");
 		r = GETDNS_RETURN_GENERIC_ERROR;
 
 	} else if ((r = getdns_dict_get_int(response, "/replies_tree/0/header/rd", &value)))
@@ -78,6 +100,8 @@ int main()
 		getdns_dict_destroy(response);
 	if (upstreams)
 		getdns_list_destroy(upstreams);
+	if (upstream)
+		getdns_dict_destroy(upstream);
 	if (extensions)
 		getdns_dict_destroy(extensions);
 	if (ctx)

src/test/tpkg/270-header-extension.tpkg/270-header-extension.good

@@ -1,5 +1,4 @@
 {
-  "answer_ipv4_address": <bindata for 185.49.140.60>,
   "answer_type": GETDNS_NAMETYPE_DNS,
   "canonical_name": <bindata for bogus.nlnetlabs.nl.>,
   "replies_tree":
@@ -7,7 +6,6 @@
     {
       "additional": [],
       "answer": [],
-      "answer_ipv4_address": <bindata for 185.49.140.60>,
       "answer_type": GETDNS_NAMETYPE_DNS,
       "authority": [],
       "header":

src/test/tpkg/290-transports.tpkg/290-transports.test

@@ -4,17 +4,17 @@
 # use .tpkg.var.test for in test variable passing
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
-#if grep -q '^#define HAVE_SSL_HN_AUTH 1' "${BUILDDIR}/build-stub-only/config.h"
-#then
+if grep -q '^#define HAVE_SSL_HN_AUTH 1' "${BUILDDIR}/build-stub-only/src/config.h"
+then
 	HAVE_SSL_HN_AUTH=1
-#else
-#	HAVE_SSL_HN_AUTH=0
-#fi
+else
+	HAVE_SSL_HN_AUTH=0
+fi
 SERVER_IP="64.6.64.6"
 SERVER_IPv6="2620:74:1b::1:1"
 
-SERVER_IP_TSIG="185.49.141.53^"
-SERVER_IPv6_TSIG="2a04:b900:0:100::53^"
+SERVER_IP_TSIG="185.49.141.37^"
+SERVER_IPv6_TSIG="2a04:b900:0:100::37^"
 TSIG_ALG="hmac-md5.sig-alg.reg.int"
 TSIG_NAME="hmac-md5.tsigs.getdnsapi.net"
 TSIG_SECRET="16G69OTeXW6xSQ=="
@@ -134,8 +134,9 @@ for (( ii = 0; ii < 1; ii++)); do
 
 	if [[ $HAVE_SSL_HN_AUTH = 1 ]]
 	then
-		NUM_GOOD_QUERIES=7
+		NUM_GOOD_QUERIES=8
 		GOOD_QUERIES=(
+		"-s -A  getdnsapi.net -l U        @${SERVER_IP} +edns_cookies"              "U" "-"
 		"-s -A  getdnsapi.net -l T        @${SERVER_IP}"              "T" "-"
 		"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
 		"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
@@ -143,30 +144,28 @@ for (( ii = 0; ii < 1; ii++)); do
 		"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP}"          "L" "S"
 		"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
 		"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S")
-		#"-s -A  getdnsapi.net -l U        @185.49.141.38 +edns_cookies"              "U" "-"
-		#"-s -G TXT large.getdnsapi.net -l U  @8.8.8.8 -b 512 -D" "U" "-"
+# "-s -G DNSKEY getdnsapi.net -l U  @${SERVER_IP} -b 512 -D" "U" "-")
 	else
 		NUM_GOOD_QUERIES=6
 		GOOD_QUERIES=(
+		"-s -A  getdnsapi.net -l U        @${SERVER_IP} +edns_cookies"              "U" "-"
 		"-s -A  getdnsapi.net -l T        @${SERVER_IP}"              "T" "-"
 		"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
 		"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
 		"-s -A  getdnsapi.net -l L        @${TLS_SERVER_IP_NO_NAME}"  "L" "N"
-		"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
-		"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_SS_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" "L" "S")
-
-		#"-s -A  getdnsapi.net -l U        @185.49.141.38 +edns_cookies"              "U" "-"
-		# "-s -G TXT large.getdnsapi.net -l U  @8.8.8.8 -b 512 -D" "U" "-"
+		"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S")
+# "-s -G DNSKEY getdnsapi.net -l U  @${SERVER_IP} -b 512 -D" "U" "-")
 	fi
+#"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_SS_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" "L" "S"
 
-	NUM_GOOD_FB_QUERIES=4
+	NUM_GOOD_FB_QUERIES=6
 	GOOD_FALLBACK_QUERIES=(
+	"-s -A getdnsapi.net -l LU     @${SERVER_IP}" "U" "-"
 	"-s -A getdnsapi.net -l LT     @${SERVER_IP}" "T" "-" 
 	"-s -A getdnsapi.net -l LT     @${TLS_SERVER_IP_NO_NAME}" "L" "N"
 	"-s -A getdnsapi.net -l LT -m  @${TLS_SERVER_IP_NO_NAME}" "L" "N"
-	"-s -A getdnsapi.net -l L      @${SERVER_IP} @${TLS_SERVER_IP_NO_NAME}" "L" "-")
-	#"-s -A getdnsapi.net -l LU     @${SERVER_IP}" "U" "-"
-	#"-s -G TXT large.getdnsapi.net -l UT  @$8.8.8.8 -b 512 -D" "T" "-"
+	"-s -A getdnsapi.net -l L      @${SERVER_IP} @${TLS_SERVER_IP_NO_NAME}" "L" "-"
+	"-s -G DNSKEY getdnsapi.net -l UT  @${SERVER_IP} -b 512 -D" "T" "-")
 
 	NOT_AVAILABLE_QUERIES=(
 	"-s -A getdnsapi.net -l L      @${SERVER_IP}"
@@ -177,8 +176,8 @@ for (( ii = 0; ii < 1; ii++)); do
 	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_NO_NAME}    -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
 	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP}            -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
 	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\""
-	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
-	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_SS_IP}         -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"")
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\"")
+#"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_SS_IP}         -K pin-sha256=\"${TLS_SERVER_SS_KEY}\""
 
 
 	echo "Starting transport test"
@@ -200,7 +199,7 @@ for (( ii = 0; ii < 1; ii++)); do
 		
 		echo "*Success fallback cases:"
 		for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
-		    check_good "`"${GETDNS_STUB_QUERY}" '{tcp_send_timeout:1000}' -y 7 -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
+		    check_good "`"${GETDNS_STUB_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
 		    echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]}  TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
 		    (( COUNT++ ))
 		done

src/test/tpkg/run-offline-only.sh

@@ -1,27 +0,0 @@
-#!/bin/sh
-
-export SRCDIR=`dirname $0`
-. `dirname $0`/setup-env.sh
-
-control_c()
-# run if user hits control-c
-{
-  echo -en "\n*** Exiting ***\n"
-  exit $?
-}
-
-for TEST_PKG in 080-iana-rr-types.tpkg 125-valgrind-checks.tpkg \
-	    130-run-unit-tests.tpkg 225-stub-only-valgrind-checks.tpkg \
-	    230-stub-only-run-unit-tests.tpkg 270-header-extension.tpkg \
-	    290-transports.tpkg 330-event-loops-unit-tests.tpkg \
-	    340-run-stubby.tpkg
-do
-	"${TPKG}" $* fake "${TEST_PKG}"
-done
-for TEST_PKG in ${SRCDIR}/*.tpkg
-do
-	"${TPKG}" $* exe "${TEST_PKG}"
-	# trap keyboard interrupt (control-c)
-	trap control_c 2
-done
-"${TPKG}" -n -1 r

src/tls.h

@@ -408,6 +408,39 @@ getdns_return_t _getdns_tls_get_api_information(getdns_dict* dict);
  */
 unsigned char* _getdns_tls_hmac_hash(struct mem_funcs* mfs, int algorithm, const void* key, size_t key_size, const void* data, size_t data_size, size_t* output_size);
 
+/**
+ * Return a new HMAC handle.
+ *
+ * @param mfs		pointer to getdns memory functions.
+ * @param algorithm	hash algorithm to use (<code>GETDNS_HMAC_?</code>).
+ * @param key		the key.
+ * @param key_size	the key size.
+ * @return HMAC handle or NULL on error.
+ */
+_getdns_tls_hmac* _getdns_tls_hmac_new(struct mem_funcs* mfs, int algorithm, const void* key, size_t key_size);
+
+/**
+ * Add data to a HMAC.
+ *
+ * @param h		the HMAC.
+ * @param data		the data to add.
+ * @param data_size	the size of data to add.
+ * @return GETDNS_RETURN_GOOD if added.
+ * @return GETDNS_RETURN_INVALID_PARAMETER if h is null or has no HMAC.
+ * @return GETDNS_RETURN_GENERIC_ERROR on error.
+ */
+getdns_return_t _getdns_tls_hmac_add(_getdns_tls_hmac* h, const void* data, size_t data_size);
+
+/**
+ * Return the HMAC digest and free the handle.
+ *
+ * @param mfs		pointer to getdns memory functions.
+ * @param h		the HMAC.
+ * @param output_size	the output size will be written here if not NULL.
+ * @return output	malloc'd buffer with output, NULL on error.
+ */
+unsigned char* _getdns_tls_hmac_end(struct mem_funcs* mfs, _getdns_tls_hmac* h, size_t* output_size);
+
 /**
  * Calculate a SHA1 hash.
  *

src/tls/val_secalgo.c

@@ -72,10 +72,6 @@
 #include <openssl/engine.h>
 #endif
 
-#if defined(HAVE_OPENSSL_DSA_H) && defined(USE_DSA)
-#include <openssl/dsa.h>
-#endif
-
 /** fake DSA support for unit tests */
 int fake_dsa = 0;
 /** fake SHA1 support for unit tests */
@@ -142,69 +138,6 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
 #endif
 }
 
-/** hash structure for keeping track of running hashes */
-struct secalgo_hash {
-	/** the openssl message digest context */
-	EVP_MD_CTX* ctx;
-};
-
-/** create secalgo hash with hash type */
-static struct secalgo_hash* secalgo_hash_create_md(const EVP_MD* md)
-{
-	struct secalgo_hash* h;
-	if(!md)
-		return NULL;
-	h = calloc(1, sizeof(*h));
-	if(!h)
-		return NULL;
-	h->ctx = EVP_MD_CTX_create();
-	if(!h->ctx) {
-		free(h);
-		return NULL;
-	}
-	if(!EVP_DigestInit_ex(h->ctx, md, NULL)) {
-		EVP_MD_CTX_destroy(h->ctx);
-		free(h);
-		return NULL;
-	}
-	return h;
-}
-
-struct secalgo_hash* secalgo_hash_create_sha384(void)
-{
-	return secalgo_hash_create_md(EVP_sha384());
-}
-
-struct secalgo_hash* secalgo_hash_create_sha512(void)
-{
-	return secalgo_hash_create_md(EVP_sha512());
-}
-
-int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len)
-{
-	return EVP_DigestUpdate(hash->ctx, (unsigned char*)data,
-		(unsigned int)len);
-}
-
-int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
-        size_t maxlen, size_t* resultlen)
-{
-	if(EVP_MD_CTX_size(hash->ctx) > (int)maxlen) {
-		*resultlen = 0;
-		log_err("secalgo_hash_final: hash buffer too small");
-		return 0;
-	}
-	*resultlen = EVP_MD_CTX_size(hash->ctx);
-	return EVP_DigestFinal_ex(hash->ctx, result, NULL);
-}
-
-void secalgo_hash_delete(struct secalgo_hash* hash)
-{
-	if(!hash) return;
-	EVP_MD_CTX_destroy(hash->ctx);
-	free(hash);
-}
-
 /**
  * Return size of DS digest according to its hash algorithm.
  * @param algo: DS digest algo.
@@ -394,10 +327,8 @@ setup_dsa_sig(unsigned char** sig, unsigned int* len)
 #ifdef HAVE_DSA_SIG_SET0
 	if(!DSA_SIG_set0(dsasig, R, S)) return 0;
 #else
-#  ifndef S_SPLINT_S
 	dsasig->r = R;
 	dsasig->s = S;
-#  endif /* S_SPLINT_S */
 #endif
 	*sig = NULL;
 	newlen = i2d_DSA_SIG(dsasig, sig);
@@ -514,13 +445,29 @@ static int
 setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, 
 	unsigned char* key, size_t keylen)
 {
+#if defined(USE_DSA) && defined(USE_SHA1)
+	DSA* dsa;
+#endif
+	RSA* rsa;
+
 	switch(algo) {
 #if defined(USE_DSA) && defined(USE_SHA1)
 		case LDNS_DSA:
 		case LDNS_DSA_NSEC3:
-			*evp_key = sldns_key_dsa2pkey_raw(key, keylen);
+			*evp_key = EVP_PKEY_new();
 			if(!*evp_key) {
-				verbose(VERB_QUERY, "verify: sldns_key_dsa2pkey failed");
+				log_err("verify: malloc failure in crypto");
+				return 0;
+			}
+			dsa = sldns_key_buf2dsa_raw(key, keylen);
+			if(!dsa) {
+				verbose(VERB_QUERY, "verify: "
+					"sldns_key_buf2dsa_raw failed");
+				return 0;
+			}
+			if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) {
+				verbose(VERB_QUERY, "verify: "
+					"EVP_PKEY_assign_DSA failed");
 				return 0;
 			}
 #ifdef HAVE_EVP_DSS1
@@ -543,9 +490,20 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
 		case LDNS_RSASHA512:
 #endif
-			*evp_key = sldns_key_rsa2pkey_raw(key, keylen);
+			*evp_key = EVP_PKEY_new();
 			if(!*evp_key) {
-				verbose(VERB_QUERY, "verify: sldns_key_rsa2pkey SHA failed");
+				log_err("verify: malloc failure in crypto");
+				return 0;
+			}
+			rsa = sldns_key_buf2rsa_raw(key, keylen);
+			if(!rsa) {
+				verbose(VERB_QUERY, "verify: "
+					"sldns_key_buf2rsa_raw SHA failed");
+				return 0;
+			}
+			if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
+				verbose(VERB_QUERY, "verify: "
+					"EVP_PKEY_assign_RSA SHA failed");
 				return 0;
 			}
 
@@ -569,9 +527,20 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
 #endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */
 
 		case LDNS_RSAMD5:
-			*evp_key = sldns_key_rsa2pkey_raw(key, keylen);
+			*evp_key = EVP_PKEY_new();
 			if(!*evp_key) {
-				verbose(VERB_QUERY, "verify: sldns_key_rsa2pkey MD5 failed");
+				log_err("verify: malloc failure in crypto");
+				return 0;
+			}
+			rsa = sldns_key_buf2rsa_raw(key, keylen);
+			if(!rsa) {
+				verbose(VERB_QUERY, "verify: "
+					"sldns_key_buf2rsa_raw MD5 failed");
+				return 0;
+			}
+			if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
+				verbose(VERB_QUERY, "verify: "
+					"EVP_PKEY_assign_RSA MD5 failed");
 				return 0;
 			}
 			*digest_type = EVP_md5();
@@ -849,64 +818,6 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
 	(void)HASH_HashBuf(HASH_AlgSHA256, res, buf, (unsigned long)len);
 }
 
-/** the secalgo hash structure */
-struct secalgo_hash {
-	/** hash context */
-	HASHContext* ctx;
-};
-
-/** create hash struct of type */
-static struct secalgo_hash* secalgo_hash_create_type(HASH_HashType tp)
-{
-	struct secalgo_hash* h = calloc(1, sizeof(*h));
-	if(!h)
-		return NULL;
-	h->ctx = HASH_Create(tp);
-	if(!h->ctx) {
-		free(h);
-		return NULL;
-	}
-	return h;
-}
-
-struct secalgo_hash* secalgo_hash_create_sha384(void)
-{
-	return secalgo_hash_create_type(HASH_AlgSHA384);
-}
-
-struct secalgo_hash* secalgo_hash_create_sha512(void)
-{
-	return secalgo_hash_create_type(HASH_AlgSHA512);
-}
-
-int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len)
-{
-	HASH_Update(hash->ctx, (unsigned char*)data, (unsigned int)len);
-	return 1;
-}
-
-int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
-        size_t maxlen, size_t* resultlen)
-{
-	unsigned int reslen = 0;
-	if(HASH_ResultLenContext(hash->ctx) > (unsigned int)maxlen) {
-		*resultlen = 0;
-		log_err("secalgo_hash_final: hash buffer too small");
-		return 0;
-	}
-	HASH_End(hash->ctx, (unsigned char*)result, &reslen,
-		(unsigned int)maxlen);
-	*resultlen = (size_t)reslen;
-	return 1;
-}
-
-void secalgo_hash_delete(struct secalgo_hash* hash)
-{
-	if(!hash) return;
-	HASH_Destroy(hash->ctx);
-	free(hash);
-}
-
 size_t
 ds_digest_size_supported(int algo)
 {
@@ -1074,7 +985,6 @@ static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo)
 	return pk;
 }
 
-#if defined(USE_DSA) && defined(USE_SHA1)
 static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len)
 {
 	SECKEYPublicKey* pk;
@@ -1135,7 +1045,6 @@ static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len)
 	}
 	return pk;
 }
-#endif /* USE_DSA && USE_SHA1 */
 
 static SECKEYPublicKey* nss_buf2rsa(unsigned char* key, size_t len)
 {
@@ -1535,82 +1444,6 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res)
 	_digest_nettle(SHA256_DIGEST_SIZE, (uint8_t*)buf, len, res);
 }
 
-/** secalgo hash structure */
-struct secalgo_hash {
-	/** if it is 384 or 512 */
-	int active;
-	/** context for sha384 */
-	struct sha384_ctx ctx384;
-	/** context for sha512 */
-	struct sha512_ctx ctx512;
-};
-
-struct secalgo_hash* secalgo_hash_create_sha384(void)
-{
-	struct secalgo_hash* h = calloc(1, sizeof(*h));
-	if(!h)
-		return NULL;
-	h->active = 384;
-	sha384_init(&h->ctx384);
-	return h;
-}
-
-struct secalgo_hash* secalgo_hash_create_sha512(void)
-{
-	struct secalgo_hash* h = calloc(1, sizeof(*h));
-	if(!h)
-		return NULL;
-	h->active = 512;
-	sha512_init(&h->ctx512);
-	return h;
-}
-
-int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len)
-{
-	if(hash->active == 384) {
-		sha384_update(&hash->ctx384, len, data);
-	} else if(hash->active == 512) {
-		sha512_update(&hash->ctx512, len, data);
-	} else {
-		return 0;
-	}
-	return 1;
-}
-
-int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result,
-        size_t maxlen, size_t* resultlen)
-{
-	if(hash->active == 384) {
-		if(SHA384_DIGEST_SIZE > maxlen) {
-			*resultlen = 0;
-			log_err("secalgo_hash_final: hash buffer too small");
-			return 0;
-		}
-		*resultlen = SHA384_DIGEST_SIZE;
-		sha384_digest(&hash->ctx384, SHA384_DIGEST_SIZE,
-			(unsigned char*)result);
-	} else if(hash->active == 512) {
-		if(SHA512_DIGEST_SIZE > maxlen) {
-			*resultlen = 0;
-			log_err("secalgo_hash_final: hash buffer too small");
-			return 0;
-		}
-		*resultlen = SHA512_DIGEST_SIZE;
-		sha512_digest(&hash->ctx512, SHA512_DIGEST_SIZE,
-			(unsigned char*)result);
-	} else {
-		*resultlen = 0;
-		return 0;
-	}
-	return 1;
-}
-
-void secalgo_hash_delete(struct secalgo_hash* hash)
-{
-	if(!hash) return;
-	free(hash);
-}
-
 /**
  * Return size of DS digest according to its hash algorithm.
  * @param algo: DS digest algo.
@@ -1675,21 +1508,13 @@ dnskey_algo_id_is_supported(int id)
 {
 	/* uses libnettle */
 	switch(id) {
+#if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:
 	case LDNS_DSA_NSEC3:
-#if defined(USE_DSA) && defined(USE_SHA1)
-		return 1;
-#else
-		if(fake_dsa || fake_sha1) return 1;
-		return 0;
 #endif
+#ifdef USE_SHA1
 	case LDNS_RSASHA1:
 	case LDNS_RSASHA1_NSEC3:
-#ifdef USE_SHA1
-		return 1;
-#else
-		if(fake_sha1) return 1;
-		return 0;
 #endif
 #ifdef USE_SHA2
 	case LDNS_RSASHA256:
@@ -1901,11 +1726,7 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char*
 		{
 			uint8_t digest[SHA256_DIGEST_SIZE];
 			mpz_t x, y;
-#ifdef HAVE_NETTLE_GET_SECP_256R1
-			nettle_ecc_point_init(&pubkey, nettle_get_secp_256r1());
-#else
 			nettle_ecc_point_init(&pubkey, &nettle_secp_256r1);
-#endif
 			nettle_mpz_init_set_str_256_u(x, SHA256_DIGEST_SIZE, key);
 			nettle_mpz_init_set_str_256_u(y, SHA256_DIGEST_SIZE, key+SHA256_DIGEST_SIZE);
 			nettle_mpz_set_str_256_u(signature.r, SHA256_DIGEST_SIZE, sigblock);
@@ -1916,18 +1737,13 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char*
 			res &= nettle_ecdsa_verify (&pubkey, SHA256_DIGEST_SIZE, digest, &signature);
 			mpz_clear(x);
 			mpz_clear(y);
-			nettle_ecc_point_clear(&pubkey);
 			break;
 		}
 		case SHA384_DIGEST_SIZE:
 		{
 			uint8_t digest[SHA384_DIGEST_SIZE];
 			mpz_t x, y;
-#ifdef HAVE_NETTLE_GET_SECP_384R1
-			nettle_ecc_point_init(&pubkey, nettle_get_secp_384r1());
-#else
 			nettle_ecc_point_init(&pubkey, &nettle_secp_384r1);
-#endif
 			nettle_mpz_init_set_str_256_u(x, SHA384_DIGEST_SIZE, key);
 			nettle_mpz_init_set_str_256_u(y, SHA384_DIGEST_SIZE, key+SHA384_DIGEST_SIZE);
 			nettle_mpz_set_str_256_u(signature.r, SHA384_DIGEST_SIZE, sigblock);
@@ -2003,15 +1819,6 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 		return sec_status_bogus;
 	}
 
-#ifndef USE_DSA
-	if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) &&(fake_dsa||fake_sha1))
-		return sec_status_secure;
-#endif
-#ifndef USE_SHA1
-	if(fake_sha1 && (algo == LDNS_DSA || algo == LDNS_DSA_NSEC3 || algo == LDNS_RSASHA1 || algo == LDNS_RSASHA1_NSEC3))
-		return sec_status_secure;
-#endif
-
 	switch(algo) {
 #if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:

src/tls/validator/val_secalgo.h

@@ -47,8 +47,6 @@
 #define sldns_ecdsa2pkey_raw            gldns_ecdsa2pkey_raw
 #define sldns_buffer_begin              gldns_buffer_begin
 #define sldns_buffer_limit              gldns_buffer_limit
-#define sldns_key_dsa2pkey_raw		gldns_key_dsa2pkey_raw
-#define sldns_key_rsa2pkey_raw		gldns_key_rsa2pkey_raw
 
 #include "util/val_secalgo.h"
 

src/tools/getdns_query.c

@@ -366,7 +366,7 @@ void callback(getdns_context *context, getdns_callback_type_t callback_type,
     getdns_dict *response, void *userarg, getdns_transaction_t trans_id)
 {
 	char *response_str;
-	(void)context; (void)userarg; /* unused parameters */
+	(void)context; (void)userarg;
 
 	/* This is a callback with data */;
 	if (response && !quiet && (response_str = json ?
@@ -1440,7 +1440,7 @@ static void request_cb(
 	dns_msg *msg = (dns_msg *)userarg;
 	uint32_t qid;
 	getdns_return_t r = GETDNS_RETURN_GOOD;
-	uint32_t n, rcode, dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
+	uint32_t n, rcode, dnssec_status;
 
 #if defined(SERVER_DEBUG) && SERVER_DEBUG
 	getdns_bindata *qname;
@@ -1457,7 +1457,7 @@ static void request_cb(
 	if (qname_str != unknown_qname)
 		free(qname_str);
 #else
-	(void)transaction_id; /* unused parameter */
+	(void)transaction_id;
 #endif
 	assert(msg);
 
@@ -1556,8 +1556,8 @@ static void incoming_request_handler(getdns_context *context,
 	getdns_dict *rr;
 	uint32_t rr_type;
 
-	(void)callback_type; /* unused parameter */
-	(void)userarg; /* unused parameter */
+	(void)callback_type;
+	(void)userarg;
 
 	if (!query_extensions_spc &&
 	    !(query_extensions_spc = getdns_dict_create()))
@@ -1757,7 +1757,7 @@ static void _getdns_query_log(void *userarg, uint64_t system,
 	gmtime_r(&tv.tv_sec, &tm);
 #endif
 	strftime(buf, 10, "%H:%M:%S", &tm);
-	(void)userarg; (void)system; (void)level; /* unused parameters */
+	(void)userarg; (void)system; (void)level;
 	(void) fprintf(stderr, "[%s.%.6d] UPSTREAM ", buf, (int)tv.tv_usec);
 	(void) vfprintf(stderr, fmt, ap);
 }

src/tools/getdns_server_mon.c

@@ -1569,10 +1569,10 @@ static void out_of_order_callback(getdns_context          *context,
                                   void                    *userarg,
                                   getdns_transaction_t    transaction_id)
 {
-        (void) context; /* unused parameter */
-        (void) callback_type; /* unused parameter */
-        (void) response; /* unused parameter */
-        (void) transaction_id; /* unused parameter */
+        (void) context;
+        (void) callback_type;
+        (void) response;
+        (void) transaction_id;
 
         struct async_query *query = (struct async_query *) userarg;
         static unsigned callback_no;
@@ -1717,7 +1717,7 @@ int main(int ac, char *av[])
         bool use_tcp = false;
         bool use_tls = false;
 
-        (void) ac; /* unused parameter */
+        (void) ac;
 
         test_info.errout = stderr;
         atexit(exit_tidy);

src/types-internal.h

@@ -233,6 +233,8 @@ typedef struct getdns_network_req
 	int                     edns_maximum_udp_payload_size;
 	uint16_t                max_udp_payload_size;
 
+	size_t                  keepalive_sent;
+
 	/* Network requests scheduled to write after me */
 	struct getdns_network_req *write_queue_tail;
 
@@ -242,13 +244,7 @@ typedef struct getdns_network_req
 	getdns_auth_state_t     debug_tls_auth_status;
 	getdns_bindata          debug_tls_peer_cert;
 	const char             *debug_tls_version;
-
-	/* Some booleans */
-	unsigned                debug_udp      : 1;
-	unsigned                keepalive_sent : 1;
-	unsigned                badcookie_retry: 1;
-	unsigned                cookie_sent    : 1;
-	uint8_t                 client_cookie[8];
+	size_t                  debug_udp;
 
 	/* When more space is needed for the wire_data response than is
 	 * available in wire_data[], it will be allocated separately.
@@ -271,7 +267,6 @@ typedef struct getdns_network_req
 	size_t   base_query_option_sz;
 	size_t   response_len;
 	uint8_t *response;
-	const uint8_t *response_opt; /* offset of OPT RR in response */
 	size_t   wire_data_sz;
 	uint8_t  wire_data[];
 	

src/ub_loop.c

@@ -122,13 +122,13 @@ typedef struct my_event {
 static void my_event_base_free(struct ub_event_base* base)
 {
 	/* We don't allocate our event base, so no need to free */
-	(void)base; /* unused parameter */
+	(void)base;
 	return;
 }
 
 static int my_event_base_dispatch(struct ub_event_base* base)
 {
-	(void)base; /* unused parameter */
+	(void)base;
 	/* We run the event loop extension for which this ub_event_base is an
 	 * interface ourselfs, so no need to let libunbound call dispatch.
 	 */
@@ -138,7 +138,7 @@ static int my_event_base_dispatch(struct ub_event_base* base)
 
 static int my_event_base_loopexit(struct ub_event_base* base, struct timeval* tv)
 {
-	(void)tv; /* unused parameter */
+	(void)tv;
 	/* Not sure when this will be called.  But it is of no influence as we
 	 * run the event loop ourself.
 	 */
@@ -353,7 +353,7 @@ static int my_timer_del(struct ub_event* ev)
 
 static int my_signal_add(struct ub_event* ub_ev, struct timeval* tv)
 {
-	(void)ub_ev; (void)tv; /* unused parameters */
+	(void)ub_ev; (void)tv;
 	/* Only unbound daaemon workers use signals */
 	DEBUG_SCHED("UB_LOOP ERROR: signal_add()\n");
 	return -1;
@@ -361,7 +361,7 @@ static int my_signal_add(struct ub_event* ub_ev, struct timeval* tv)
 
 static int my_signal_del(struct ub_event* ub_ev)
 {
-	(void)ub_ev; /* unused parameter */
+	(void)ub_ev;
 	/* Only unbound daaemon workers use signals */
 	DEBUG_SCHED("UB_LOOP ERROR: signal_del()\n");
 	return -1;
@@ -370,13 +370,13 @@ static int my_signal_del(struct ub_event* ub_ev)
 static void my_winsock_unregister_wsaevent(struct ub_event* ev)
 {
 	/* wsa events don't get registered with libunbound */
-	(void)ev; /* unused parameter */
+	(void)ev;
 }
 
 static void my_winsock_tcp_wouldblock(struct ub_event* ev, int bits)
 {
 #ifndef USE_WINSOCK
-	(void)ev; (void)bits; /* unused parameters */
+	(void)ev; (void)bits;
 #else
 	if (bits & UB_EV_READ)
 		AS_MY_EVENT(ev)->read_wouldblock = 1;
@@ -434,7 +434,7 @@ static struct ub_event* my_signal_new(struct ub_event_base* base, int fd,
     void (*cb)(int, short, void*), void* arg)
 {
 	/* Not applicable, because in unbound used in the daemon only */
-	(void)base; (void)fd; (void)cb; (void)arg; /* unused parameters */
+	(void)base; (void)fd; (void)cb; (void)arg;
 	return NULL;
 }
 
@@ -442,7 +442,7 @@ static struct ub_event* my_winsock_register_wsaevent(struct ub_event_base *b,
     void* wsaevent, void (*cb)(int, short, void*), void* arg)
 {
 	/* Not applicable, because in unbound used for tubes only */
-	(void)b; (void)wsaevent; (void)cb; (void)arg; /* unused parameters */
+	(void)b; (void)wsaevent; (void)cb; (void)arg;
 	return NULL;
 }
 

src/util-internal.c

@@ -51,7 +51,6 @@
 #include "gldns/gbuffer.h"
 #include "gldns/pkthdr.h"
 #include "dnssec.h"
-#include "convert.h"
 
 
 getdns_return_t
@@ -299,10 +298,9 @@ _getdns_rr_iter2rr_dict_canonical(
 			}
 		} else if (rdf->rdd_pos->type == GETDNS_RDF_SPECIAL)
 			val_type = wf_special;
-		else {
-			val_type = wf_int;
-			assert(0);
-		}
+		else
+			assert(((val_type = wf_int), 0));
+
 		if (! rdf->rdd_repeat) {
 			switch (val_type) {
 			case wf_int:
@@ -643,12 +641,6 @@ _getdns_create_reply_dict(getdns_context *context, getdns_network_req *req,
 		    rr_type == GETDNS_RRTYPE_RRSIG && rrsigs_in_answer)
 			*rrsigs_in_answer = 1;
 
-		if (section == SECTION_ADDITIONAL &&
-		    rr_type == GETDNS_RRTYPE_OPT &&
-		    getdns_dict_set_int( result, "/header/extended_rcode"
-		                       , (uint32_t)rr_iter->rr_type[4] << 4
-		                       | GLDNS_RCODE_WIRE(req->response)))
-			goto error;
 		if (section != SECTION_ANSWER) {
 			if (_getdns_list_append_this_dict(
 			    sections[section], rr_dict))
@@ -733,23 +725,6 @@ _getdns_create_reply_dict(getdns_context *context, getdns_network_req *req,
 	                                         , answer_spc.rrset.name))
 		goto error;
 
-	if (!req->upstream)
-		;
-	else if (req->upstream->addr.ss_family == AF_INET) {
-		struct sockaddr_in *addr = (struct sockaddr_in *) &req->upstream->addr;
-		if (_getdns_dict_set_const_bindata(result,
-		    "answer_ipv4_address", sizeof(addr->sin_addr)
-		                         , (uint8_t *) & (addr->sin_addr)))
-			goto error;
-	}
-	else if (req->upstream->addr.ss_family == AF_INET6) {
-		struct sockaddr_in6 *addr = (struct sockaddr_in6 *) &req->upstream->addr;
-		if (_getdns_dict_set_const_bindata(result,
-		    "answer_ipv6_address", sizeof(addr->sin6_addr)
-		                         , (uint8_t *) & (addr->sin6_addr)))
-			goto error;
-	}
-
 	if (!req->owner->add_warning_for_bad_dns)
 		goto success;
 
@@ -828,9 +803,6 @@ _getdns_create_call_reporting_dict(
 	getdns_bindata  qname;
 	getdns_dict    *netreq_debug;
 	getdns_dict    *address_debug = NULL;
-	getdns_dict    *query_dict = NULL;
-	const uint8_t  *wire;
-	size_t          wire_len;
 
 	assert(netreq);
 
@@ -867,23 +839,6 @@ _getdns_create_call_reporting_dict(
 		return NULL;
 	}
 	/* Stub resolver debug data */
-	wire = netreq->query;
-	wire_len = netreq->response - netreq->query;
-	if (!wire)
-	       ; /* pass */
-
-	else if(_getdns_wire2msg_dict_scan(
-	    &netreq_debug->mf, &wire, &wire_len, &query_dict)) {
-
-		getdns_dict_destroy(netreq_debug);
-		return NULL;
-
-	} else if (_getdns_dict_set_this_dict(
-	    netreq_debug, "query", query_dict)) {
-
-		getdns_dict_destroy(netreq_debug);
-		return NULL;
-	}
 	_getdns_sockaddr_to_dict(
 	    context, &netreq->upstream->addr, &address_debug);
 
@@ -1170,8 +1125,6 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
 	getdns_dict   *netreq_debug;
 	_srvs srvs = { 0, 0, NULL };
 	_getdns_rrset_spc answer_spc;
-	getdns_bindata *answer_ipv4_address = NULL;
-	getdns_bindata *answer_ipv6_address = NULL;
 
 	/* info (bools) about dns_req */
 	int dnssec_return_status;
@@ -1207,7 +1160,8 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
 			goto error_free_result;
 		}
 	}
-	if (getdns_dict_set_int(result, "answer_type", GETDNS_NAMETYPE_DNS))
+	if (getdns_dict_set_int(result, GETDNS_STR_KEY_ANSWER_TYPE,
+	    GETDNS_NAMETYPE_DNS))
 		goto error_free_result;
 	
 	if (!(replies_full = getdns_list_create_with_context(context)))
@@ -1222,8 +1176,6 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
 
 	for ( netreq_p = completed_request->netreqs
 	    ; (netreq = *netreq_p) ; netreq_p++) {
-		getdns_bindata *tmp_ipv4_address;
-		getdns_bindata *tmp_ipv6_address;
 
 		if (call_reporting && (  netreq->response_len
 		                      || netreq->state == NET_REQ_TIMED_OUT)) {
@@ -1281,27 +1233,6 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
 			    result, "canonical_name", canonical_name))
 				goto error;
 		}
-
-		if (!getdns_dict_get_bindata(
-		    reply, "answer_ipv4_address", &tmp_ipv4_address)) {
-			if (!answer_ipv4_address)
-				answer_ipv4_address = tmp_ipv4_address;
-			else if (tmp_ipv4_address->size != answer_ipv4_address->size
-			     || memcmp(    tmp_ipv4_address->data
-			              , answer_ipv4_address->data
-				      , answer_ipv4_address->size))
-				answer_ipv4_address = NULL;
-		}
-		if (!getdns_dict_get_bindata(
-		    reply, "answer_ipv6_address", &tmp_ipv6_address)) {
-			if (!answer_ipv6_address)
-				answer_ipv6_address = tmp_ipv6_address;
-			else if (tmp_ipv6_address->size != answer_ipv6_address->size
-			     || memcmp(    tmp_ipv6_address->data
-			              , answer_ipv6_address->data
-				      , answer_ipv6_address->size))
-				answer_ipv6_address = NULL;
-		}
 		/* TODO: Check instead if canonical_name for request_type
 		 *       is in the answer section.
 		 */
@@ -1338,14 +1269,6 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
 		    completed_request->name_len, completed_request->name))
 		goto error;
 
-	if (answer_ipv4_address &&
-	    getdns_dict_set_bindata(result, "answer_ipv4_address", answer_ipv4_address))
-		goto error;
-
-	if (answer_ipv6_address &&
-	    getdns_dict_set_bindata(result, "answer_ipv6_address", answer_ipv6_address))
-		goto error;
-
 	if (call_reporting) {
 		if (_getdns_dict_set_this_list(
 		   result, "call_reporting", call_reporting))
@@ -1409,7 +1332,7 @@ getdns_return_t
 getdns_apply_network_result(getdns_network_req* netreq,
     int rcode, void *pkt, int pkt_len, int sec, char* why_bogus)
 {
-	(void)why_bogus; /* unused parameter */
+	(void)why_bogus;
 
 	netreq->dnssec_status = sec == 0 ? GETDNS_DNSSEC_INSECURE
 	                      : sec == 2 ? GETDNS_DNSSEC_SECURE

src/util-internal.h

@@ -213,17 +213,6 @@ INLINE uint64_t _getdns_ms_until_expiry(uint64_t expires)
 	return now_ms >= expires ? 0 : expires - now_ms;
 }
 
-INLINE uint64_t _getdns_get_now_ms2(uint64_t *now_ms)
-{
-	struct timeval tv;
-
-	if (!now_ms)	return _getdns_get_now_ms();
-	if (*now_ms)	return *now_ms;
-
-	(void) gettimeofday(&tv, NULL);
-	return (*now_ms = (uint64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000);
-}
-
 INLINE uint64_t _getdns_ms_until_expiry2(uint64_t expires, uint64_t *now_ms)
 {
 	if (*now_ms == 0) *now_ms = _getdns_get_now_ms();