summaryrefslogtreecommitdiff
path: root/validator
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2014-05-14 18:44:22 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2014-05-14 18:44:22 +0000
commit79dd93c19fd35899133800562b0db20f1a4c0f56 (patch)
tree86c1332d2843f4c80ae64365c16ba04306b6f542 /validator
parentf61d78fb42d2662643e7f0dbdcb97adbc2589dbc (diff)
downloadsrc-test-79dd93c19fd35899133800562b0db20f1a4c0f56.tar.gz
src-test-79dd93c19fd35899133800562b0db20f1a4c0f56.zip
Notes
Diffstat (limited to 'validator')
-rw-r--r--validator/autotrust.c826
-rw-r--r--validator/autotrust.h27
-rw-r--r--validator/val_anchor.c237
-rw-r--r--validator/val_anchor.h23
-rw-r--r--validator/val_kcache.c20
-rw-r--r--validator/val_kcache.h20
-rw-r--r--validator/val_kentry.c25
-rw-r--r--validator/val_kentry.h20
-rw-r--r--validator/val_neg.c28
-rw-r--r--validator/val_neg.h23
-rw-r--r--validator/val_nsec.c21
-rw-r--r--validator/val_nsec.h20
-rw-r--r--validator/val_nsec3.c121
-rw-r--r--validator/val_nsec3.h34
-rw-r--r--validator/val_secalgo.c64
-rw-r--r--validator/val_secalgo.h23
-rw-r--r--validator/val_sigcrypt.c151
-rw-r--r--validator/val_sigcrypt.h34
-rw-r--r--validator/val_utils.c20
-rw-r--r--validator/val_utils.h20
-rw-r--r--validator/validator.c63
-rw-r--r--validator/validator.h20
22 files changed, 1059 insertions, 781 deletions
diff --git a/validator/autotrust.c b/validator/autotrust.c
index 3d22637b8c2e1..a597633828f54 100644
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -41,7 +41,6 @@
* It was modified to fit into unbound. The state table process is the same.
*/
#include "config.h"
-#include <ldns/ldns.h>
#include "validator/autotrust.h"
#include "validator/val_anchor.h"
#include "validator/val_utils.h"
@@ -58,6 +57,13 @@
#include "services/mesh.h"
#include "services/cache/rrset.h"
#include "validator/val_kcache.h"
+#include "ldns/sbuffer.h"
+#include "ldns/wire2str.h"
+#include "ldns/str2wire.h"
+#include "ldns/keyraw.h"
+#include "ldns/rrdef.h"
+#include <stdarg.h>
+#include <ctype.h>
/** number of times a key must be seen before it can become valid */
#define MIN_PENDINGCOUNT 2
@@ -138,8 +144,11 @@ verbose_key(struct autr_ta* ta, enum verbosity_value level,
va_list args;
va_start(args, format);
if(verbosity >= level) {
- char* str = ldns_rdf2str(ldns_rr_owner(ta->rr));
- int keytag = (int)ldns_calc_keytag(ta->rr);
+ char* str = sldns_wire2str_dname(ta->rr, ta->dname_len);
+ int keytag = (int)sldns_calc_keytag_raw(sldns_wirerr_get_rdata(
+ ta->rr, ta->rr_len, ta->dname_len),
+ sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
+ ta->dname_len));
char msg[MAXSYSLOGMSGLEN];
vsnprintf(msg, sizeof(msg), format, args);
verbose(level, "%s key %d %s", str?str:"??", keytag, msg);
@@ -262,55 +271,76 @@ str_contains_data(char* str, char comment)
return 0;
}
-/** Get DNSKEY flags */
+/** Get DNSKEY flags
+ * rdata without rdatalen in front of it. */
static int
-dnskey_flags(ldns_rr* rr)
+dnskey_flags(uint16_t t, uint8_t* rdata, size_t len)
{
- if(ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY)
+ uint16_t f;
+ if(t != LDNS_RR_TYPE_DNSKEY)
return 0;
- return (int)ldns_read_uint16(ldns_rdf_data(ldns_rr_dnskey_flags(rr)));
+ if(len < 2)
+ return 0;
+ memmove(&f, rdata, 2);
+ f = ntohs(f);
+ return (int)f;
}
+/** Check if KSK DNSKEY.
+ * pass rdata without rdatalen in front of it */
+static int
+rr_is_dnskey_sep(uint16_t t, uint8_t* rdata, size_t len)
+{
+ return (dnskey_flags(t, rdata, len)&DNSKEY_BIT_SEP);
+}
-/** Check if KSK DNSKEY */
+/** Check if TA is KSK DNSKEY */
static int
-rr_is_dnskey_sep(ldns_rr* rr)
+ta_is_dnskey_sep(struct autr_ta* ta)
{
- return (dnskey_flags(rr)&DNSKEY_BIT_SEP);
+ return (dnskey_flags(
+ sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len),
+ sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len),
+ sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len)
+ ) & DNSKEY_BIT_SEP);
}
-/** Check if REVOKED DNSKEY */
+/** Check if REVOKED DNSKEY
+ * pass rdata without rdatalen in front of it */
static int
-rr_is_dnskey_revoked(ldns_rr* rr)
+rr_is_dnskey_revoked(uint16_t t, uint8_t* rdata, size_t len)
{
- return (dnskey_flags(rr)&LDNS_KEY_REVOKE_KEY);
+ return (dnskey_flags(t, rdata, len)&LDNS_KEY_REVOKE_KEY);
}
/** create ta */
static struct autr_ta*
-autr_ta_create(ldns_rr* rr)
+autr_ta_create(uint8_t* rr, size_t rr_len, size_t dname_len)
{
struct autr_ta* ta = (struct autr_ta*)calloc(1, sizeof(*ta));
if(!ta) {
- ldns_rr_free(rr);
+ free(rr);
return NULL;
}
ta->rr = rr;
+ ta->rr_len = rr_len;
+ ta->dname_len = dname_len;
return ta;
}
/** create tp */
static struct trust_anchor*
-autr_tp_create(struct val_anchors* anchors, ldns_rdf* own, uint16_t dc)
+autr_tp_create(struct val_anchors* anchors, uint8_t* own, size_t own_len,
+ uint16_t dc)
{
struct trust_anchor* tp = (struct trust_anchor*)calloc(1, sizeof(*tp));
if(!tp) return NULL;
- tp->name = memdup(ldns_rdf_data(own), ldns_rdf_size(own));
+ tp->name = memdup(own, own_len);
if(!tp->name) {
free(tp);
return NULL;
}
- tp->namelen = ldns_rdf_size(own);
+ tp->namelen = own_len;
tp->namelabs = dname_count_labels(tp->name);
tp->node.key = tp;
tp->dclass = dc;
@@ -371,7 +401,7 @@ void autr_point_delete(struct trust_anchor* tp)
struct autr_ta* p = tp->autr->keys, *np;
while(p) {
np = p->next;
- ldns_rr_free(p->rr);
+ free(p->rr);
free(p);
p = np;
}
@@ -384,13 +414,12 @@ void autr_point_delete(struct trust_anchor* tp)
/** find or add a new trust point for autotrust */
static struct trust_anchor*
-find_add_tp(struct val_anchors* anchors, ldns_rr* rr)
+find_add_tp(struct val_anchors* anchors, uint8_t* rr, size_t rr_len,
+ size_t dname_len)
{
struct trust_anchor* tp;
- ldns_rdf* own = ldns_rr_owner(rr);
- tp = anchor_find(anchors, ldns_rdf_data(own),
- dname_count_labels(ldns_rdf_data(own)),
- ldns_rdf_size(own), ldns_rr_get_class(rr));
+ tp = anchor_find(anchors, rr, dname_count_labels(rr), dname_len,
+ sldns_wirerr_get_class(rr, rr_len, dname_len));
if(tp) {
if(!tp->autr) {
log_err("anchor cannot be with and without autotrust");
@@ -399,22 +428,23 @@ find_add_tp(struct val_anchors* anchors, ldns_rr* rr)
}
return tp;
}
- tp = autr_tp_create(anchors, ldns_rr_owner(rr), ldns_rr_get_class(rr));
+ tp = autr_tp_create(anchors, rr, dname_len, sldns_wirerr_get_class(rr,
+ rr_len, dname_len));
lock_basic_lock(&tp->lock);
return tp;
}
/** Add trust anchor from RR */
static struct autr_ta*
-add_trustanchor_frm_rr(struct val_anchors* anchors, ldns_rr* rr,
- struct trust_anchor** tp)
+add_trustanchor_frm_rr(struct val_anchors* anchors, uint8_t* rr, size_t rr_len,
+ size_t dname_len, struct trust_anchor** tp)
{
- struct autr_ta* ta = autr_ta_create(rr);
+ struct autr_ta* ta = autr_ta_create(rr, rr_len, dname_len);
if(!ta)
return NULL;
- *tp = find_add_tp(anchors, rr);
+ *tp = find_add_tp(anchors, rr, rr_len, dname_len);
if(!*tp) {
- ldns_rr_free(ta->rr);
+ free(ta->rr);
free(ta);
return NULL;
}
@@ -431,34 +461,51 @@ add_trustanchor_frm_rr(struct val_anchors* anchors, ldns_rr* rr,
* @param str: string with anchor and comments, if any comments.
* @param tp: trust point returned.
* @param origin: what to use for @
+ * @param origin_len: length of origin
* @param prev: previous rr name
+ * @param prev_len: length of prev
* @param skip: if true, the result is NULL, but not an error, skip it.
* @return new key in trust point.
*/
static struct autr_ta*
add_trustanchor_frm_str(struct val_anchors* anchors, char* str,
- struct trust_anchor** tp, ldns_rdf* origin, ldns_rdf** prev, int* skip)
+ struct trust_anchor** tp, uint8_t* origin, size_t origin_len,
+ uint8_t** prev, size_t* prev_len, int* skip)
{
- ldns_rr* rr;
- ldns_status lstatus;
+ uint8_t rr[LDNS_RR_BUF_SIZE];
+ size_t rr_len = sizeof(rr), dname_len;
+ uint8_t* drr;
+ int lstatus;
if (!str_contains_data(str, ';')) {
*skip = 1;
return NULL; /* empty line */
}
- if (LDNS_STATUS_OK !=
- (lstatus = ldns_rr_new_frm_str(&rr, str, 0, origin, prev)))
- {
- log_err("ldns error while converting string to RR: %s",
- ldns_get_errorstr_by_id(lstatus));
- return NULL;
- }
- if(ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY &&
- ldns_rr_get_type(rr) != LDNS_RR_TYPE_DS) {
- ldns_rr_free(rr);
+ if(0 != (lstatus = sldns_str2wire_rr_buf(str, rr, &rr_len, &dname_len,
+ 0, origin, origin_len, *prev, *prev_len)))
+ {
+ log_err("ldns error while converting string to RR at%d: %s: %s",
+ LDNS_WIREPARSE_OFFSET(lstatus),
+ sldns_get_errorstr_parse(lstatus), str);
+ return NULL;
+ }
+ free(*prev);
+ *prev = memdup(rr, dname_len);
+ *prev_len = dname_len;
+ if(!*prev) {
+ log_err("malloc failure in add_trustanchor");
+ return NULL;
+ }
+ if(sldns_wirerr_get_type(rr, rr_len, dname_len)!=LDNS_RR_TYPE_DNSKEY &&
+ sldns_wirerr_get_type(rr, rr_len, dname_len)!=LDNS_RR_TYPE_DS) {
*skip = 1;
return NULL; /* only DS and DNSKEY allowed */
}
- return add_trustanchor_frm_rr(anchors, rr, tp);
+ drr = memdup(rr, rr_len);
+ if(!drr) {
+ log_err("malloc failure in add trustanchor");
+ return NULL;
+ }
+ return add_trustanchor_frm_rr(anchors, drr, rr_len, dname_len, tp);
}
/**
@@ -467,18 +514,22 @@ add_trustanchor_frm_str(struct val_anchors* anchors, char* str,
* @param str: comments line
* @param fname: filename
* @param origin: the $ORIGIN.
+ * @param origin_len: length of origin
* @param prev: passed to ldns.
+ * @param prev_len: length of prev
* @param skip: if true, the result is NULL, but not an error, skip it.
* @return false on failure, otherwise the tp read.
*/
static struct trust_anchor*
load_trustanchor(struct val_anchors* anchors, char* str, const char* fname,
- ldns_rdf* origin, ldns_rdf** prev, int* skip)
+ uint8_t* origin, size_t origin_len, uint8_t** prev, size_t* prev_len,
+ int* skip)
{
- struct autr_ta* ta = NULL;
- struct trust_anchor* tp = NULL;
+ struct autr_ta* ta = NULL;
+ struct trust_anchor* tp = NULL;
- ta = add_trustanchor_frm_str(anchors, str, &tp, origin, prev, skip);
+ ta = add_trustanchor_frm_str(anchors, str, &tp, origin, origin_len,
+ prev, prev_len, skip);
if(!ta)
return NULL;
lock_basic_lock(&tp->lock);
@@ -498,70 +549,228 @@ load_trustanchor(struct val_anchors* anchors, char* str, const char* fname,
return tp;
}
+/** iterator for DSes from keylist. return true if a next element exists */
+static int
+assemble_iterate_ds(struct autr_ta** list, uint8_t** rr, size_t* rr_len,
+ size_t* dname_len)
+{
+ while(*list) {
+ if(sldns_wirerr_get_type((*list)->rr, (*list)->rr_len,
+ (*list)->dname_len) == LDNS_RR_TYPE_DS) {
+ *rr = (*list)->rr;
+ *rr_len = (*list)->rr_len;
+ *dname_len = (*list)->dname_len;
+ *list = (*list)->next;
+ return 1;
+ }
+ *list = (*list)->next;
+ }
+ return 0;
+}
+
+/** iterator for DNSKEYs from keylist. return true if a next element exists */
+static int
+assemble_iterate_dnskey(struct autr_ta** list, uint8_t** rr, size_t* rr_len,
+ size_t* dname_len)
+{
+ while(*list) {
+ if(sldns_wirerr_get_type((*list)->rr, (*list)->rr_len,
+ (*list)->dname_len) != LDNS_RR_TYPE_DS &&
+ ((*list)->s == AUTR_STATE_VALID ||
+ (*list)->s == AUTR_STATE_MISSING)) {
+ *rr = (*list)->rr;
+ *rr_len = (*list)->rr_len;
+ *dname_len = (*list)->dname_len;
+ *list = (*list)->next;
+ return 1;
+ }
+ *list = (*list)->next;
+ }
+ return 0;
+}
+
+/** see if iterator-list has any elements in it, or it is empty */
+static int
+assemble_iterate_hasfirst(int iter(struct autr_ta**, uint8_t**, size_t*,
+ size_t*), struct autr_ta* list)
+{
+ uint8_t* rr = NULL;
+ size_t rr_len = 0, dname_len = 0;
+ return iter(&list, &rr, &rr_len, &dname_len);
+}
+
+/** number of elements in iterator list */
+static size_t
+assemble_iterate_count(int iter(struct autr_ta**, uint8_t**, size_t*,
+ size_t*), struct autr_ta* list)
+{
+ uint8_t* rr = NULL;
+ size_t i = 0, rr_len = 0, dname_len = 0;
+ while(iter(&list, &rr, &rr_len, &dname_len)) {
+ i++;
+ }
+ return i;
+}
+
+/**
+ * Create a ub_packed_rrset_key allocated on the heap.
+ * It therefore does not have the correct ID value, and cannot be used
+ * inside the cache. It can be used in storage outside of the cache.
+ * Keys for the cache have to be obtained from alloc.h .
+ * @param iter: iterator over the elements in the list. It filters elements.
+ * @param list: the list.
+ * @return key allocated or NULL on failure.
+ */
+static struct ub_packed_rrset_key*
+ub_packed_rrset_heap_key(int iter(struct autr_ta**, uint8_t**, size_t*,
+ size_t*), struct autr_ta* list)
+{
+ uint8_t* rr = NULL;
+ size_t rr_len = 0, dname_len = 0;
+ struct ub_packed_rrset_key* k;
+ if(!iter(&list, &rr, &rr_len, &dname_len))
+ return NULL;
+ k = (struct ub_packed_rrset_key*)calloc(1, sizeof(*k));
+ if(!k)
+ return NULL;
+ k->rk.type = htons(sldns_wirerr_get_type(rr, rr_len, dname_len));
+ k->rk.rrset_class = htons(sldns_wirerr_get_class(rr, rr_len, dname_len));
+ k->rk.dname_len = dname_len;
+ k->rk.dname = memdup(rr, dname_len);
+ if(!k->rk.dname) {
+ free(k);
+ return NULL;
+ }
+ return k;
+}
+
+/**
+ * Create packed_rrset data on the heap.
+ * @param iter: iterator over the elements in the list. It filters elements.
+ * @param list: the list.
+ * @return data allocated or NULL on failure.
+ */
+static struct packed_rrset_data*
+packed_rrset_heap_data(int iter(struct autr_ta**, uint8_t**, size_t*,
+ size_t*), struct autr_ta* list)
+{
+ uint8_t* rr = NULL;
+ size_t rr_len = 0, dname_len = 0;
+ struct packed_rrset_data* data;
+ size_t count=0, rrsig_count=0, len=0, i, total;
+ uint8_t* nextrdata;
+ struct autr_ta* list_i;
+ time_t ttl = 0;
+
+ list_i = list;
+ while(iter(&list_i, &rr, &rr_len, &dname_len)) {
+ if(sldns_wirerr_get_type(rr, rr_len, dname_len) ==
+ LDNS_RR_TYPE_RRSIG)
+ rrsig_count++;
+ else count++;
+ /* sizeof the rdlength + rdatalen */
+ len += 2 + sldns_wirerr_get_rdatalen(rr, rr_len, dname_len);
+ ttl = (time_t)sldns_wirerr_get_ttl(rr, rr_len, dname_len);
+ }
+ if(count == 0 && rrsig_count == 0)
+ return NULL;
+
+ /* allocate */
+ total = count + rrsig_count;
+ len += sizeof(*data) + total*(sizeof(size_t) + sizeof(time_t) +
+ sizeof(uint8_t*));
+ data = (struct packed_rrset_data*)calloc(1, len);
+ if(!data)
+ return NULL;
+
+ /* fill it */
+ data->ttl = ttl;
+ data->count = count;
+ data->rrsig_count = rrsig_count;
+ data->rr_len = (size_t*)((uint8_t*)data +
+ sizeof(struct packed_rrset_data));
+ data->rr_data = (uint8_t**)&(data->rr_len[total]);
+ data->rr_ttl = (time_t*)&(data->rr_data[total]);
+ nextrdata = (uint8_t*)&(data->rr_ttl[total]);
+
+ /* fill out len, ttl, fields */
+ list_i = list;
+ i = 0;
+ while(iter(&list_i, &rr, &rr_len, &dname_len)) {
+ data->rr_ttl[i] = (time_t)sldns_wirerr_get_ttl(rr, rr_len,
+ dname_len);
+ if(data->rr_ttl[i] < data->ttl)
+ data->ttl = data->rr_ttl[i];
+ data->rr_len[i] = 2 /* the rdlength */ +
+ sldns_wirerr_get_rdatalen(rr, rr_len, dname_len);
+ i++;
+ }
+
+ /* fixup rest of ptrs */
+ for(i=0; i<total; i++) {
+ data->rr_data[i] = nextrdata;
+ nextrdata += data->rr_len[i];
+ }
+
+ /* copy data in there */
+ list_i = list;
+ i = 0;
+ while(iter(&list_i, &rr, &rr_len, &dname_len)) {
+ memmove(data->rr_data[i],
+ sldns_wirerr_get_rdatawl(rr, rr_len, dname_len),
+ data->rr_len[i]);
+ i++;
+ }
+
+ if(data->rrsig_count && data->count == 0) {
+ data->count = data->rrsig_count; /* rrset type is RRSIG */
+ data->rrsig_count = 0;
+ }
+ return data;
+}
+
/**
* Assemble the trust anchors into DS and DNSKEY packed rrsets.
* Uses only VALID and MISSING DNSKEYs.
- * Read the ldns_rrs and builds packed rrsets
+ * Read the sldns_rrs and builds packed rrsets
* @param tp: the trust point. Must be locked.
* @return false on malloc failure.
*/
static int
autr_assemble(struct trust_anchor* tp)
{
- ldns_rr_list* ds, *dnskey;
- struct autr_ta* ta;
struct ub_packed_rrset_key* ubds=NULL, *ubdnskey=NULL;
- ds = ldns_rr_list_new();
- dnskey = ldns_rr_list_new();
- if(!ds || !dnskey) {
- ldns_rr_list_free(ds);
- ldns_rr_list_free(dnskey);
- return 0;
- }
- for(ta = tp->autr->keys; ta; ta = ta->next) {
- if(ldns_rr_get_type(ta->rr) == LDNS_RR_TYPE_DS) {
- if(!ldns_rr_list_push_rr(ds, ta->rr)) {
- ldns_rr_list_free(ds);
- ldns_rr_list_free(dnskey);
- return 0;
- }
- } else if(ta->s == AUTR_STATE_VALID ||
- ta->s == AUTR_STATE_MISSING) {
- if(!ldns_rr_list_push_rr(dnskey, ta->rr)) {
- ldns_rr_list_free(ds);
- ldns_rr_list_free(dnskey);
- return 0;
- }
- }
- }
-
/* make packed rrset keys - malloced with no ID number, they
* are not in the cache */
/* make packed rrset data (if there is a key) */
-
- if(ldns_rr_list_rr_count(ds) > 0) {
- ubds = ub_packed_rrset_heap_key(ds);
- if(!ubds)
+ if(assemble_iterate_hasfirst(assemble_iterate_ds, tp->autr->keys)) {
+ ubds = ub_packed_rrset_heap_key(
+ assemble_iterate_ds, tp->autr->keys);
+ if(!ubds)
goto error_cleanup;
- ubds->entry.data = packed_rrset_heap_data(ds);
+ ubds->entry.data = packed_rrset_heap_data(
+ assemble_iterate_ds, tp->autr->keys);
if(!ubds->entry.data)
goto error_cleanup;
}
- if(ldns_rr_list_rr_count(dnskey) > 0) {
- ubdnskey = ub_packed_rrset_heap_key(dnskey);
+
+ /* make packed DNSKEY data */
+ if(assemble_iterate_hasfirst(assemble_iterate_dnskey, tp->autr->keys)) {
+ ubdnskey = ub_packed_rrset_heap_key(
+ assemble_iterate_dnskey, tp->autr->keys);
if(!ubdnskey)
goto error_cleanup;
- ubdnskey->entry.data = packed_rrset_heap_data(dnskey);
+ ubdnskey->entry.data = packed_rrset_heap_data(
+ assemble_iterate_dnskey, tp->autr->keys);
if(!ubdnskey->entry.data) {
error_cleanup:
autr_rrset_delete(ubds);
autr_rrset_delete(ubdnskey);
- ldns_rr_list_free(ds);
- ldns_rr_list_free(dnskey);
return 0;
}
}
+
/* we have prepared the new keys so nothing can go wrong any more.
* And we are sure we cannot be left without trustanchor after
* any errors. Put in the new keys and remove old ones. */
@@ -573,11 +782,10 @@ autr_assemble(struct trust_anchor* tp)
/* assign the data to replace the old */
tp->ds_rrset = ubds;
tp->dnskey_rrset = ubdnskey;
- tp->numDS = ldns_rr_list_rr_count(ds);
- tp->numDNSKEY = ldns_rr_list_rr_count(dnskey);
-
- ldns_rr_list_free(ds);
- ldns_rr_list_free(dnskey);
+ tp->numDS = assemble_iterate_count(assemble_iterate_ds,
+ tp->autr->keys);
+ tp->numDNSKEY = assemble_iterate_count(assemble_iterate_dnskey,
+ tp->autr->keys);
return 1;
}
@@ -601,27 +809,28 @@ parse_id(struct val_anchors* anchors, char* line)
{
struct trust_anchor *tp;
int r;
- ldns_rdf* rdf;
uint16_t dclass;
+ uint8_t* dname;
+ size_t dname_len;
/* read the owner name */
char* next = strchr(line, ' ');
if(!next)
return NULL;
next[0] = 0;
- rdf = ldns_dname_new_frm_str(line);
- if(!rdf)
+ dname = sldns_str2wire_dname(line, &dname_len);
+ if(!dname)
return NULL;
/* read the class */
dclass = parse_int(next+1, &r);
if(r == -1) {
- ldns_rdf_deep_free(rdf);
+ free(dname);
return NULL;
}
/* find the trust point */
- tp = autr_tp_create(anchors, rdf, dclass);
- ldns_rdf_deep_free(rdf);
+ tp = autr_tp_create(anchors, dname, dname_len, dclass);
+ free(dname);
return tp;
}
@@ -690,17 +899,19 @@ parse_var_line(char* line, struct val_anchors* anchors,
/** handle origin lines */
static int
-handle_origin(char* line, ldns_rdf** origin)
+handle_origin(char* line, uint8_t** origin, size_t* origin_len)
{
+ size_t len = 0;
while(isspace((int)*line))
line++;
if(strncmp(line, "$ORIGIN", 7) != 0)
return 0;
- ldns_rdf_deep_free(*origin);
+ free(*origin);
line += 7;
while(isspace((int)*line))
line++;
- *origin = ldns_dname_new_frm_str(line);
+ *origin = sldns_str2wire_dname(line, &len);
+ *origin_len = len;
if(!*origin)
log_warn("malloc failure or parse error in $ORIGIN");
return 1;
@@ -781,7 +992,8 @@ int autr_read_file(struct val_anchors* anchors, const char* nm)
struct trust_anchor *tp = NULL, *tp2;
int r;
/* for $ORIGIN parsing */
- ldns_rdf *origin=NULL, *prev=NULL;
+ uint8_t *origin=NULL, *prev=NULL;
+ size_t origin_len=0, prev_len=0;
if (!(fd = fopen(nm, "r"))) {
log_err("unable to open %s for reading: %s",
@@ -794,25 +1006,25 @@ int autr_read_file(struct val_anchors* anchors, const char* nm)
log_err("could not parse auto-trust-anchor-file "
"%s line %d", nm, line_nr);
fclose(fd);
- ldns_rdf_deep_free(origin);
- ldns_rdf_deep_free(prev);
+ free(origin);
+ free(prev);
return 0;
} else if(r == 1) {
continue;
} else if(r == 2) {
log_warn("trust anchor %s has been revoked", nm);
fclose(fd);
- ldns_rdf_deep_free(origin);
- ldns_rdf_deep_free(prev);
+ free(origin);
+ free(prev);
return 1;
}
if (!str_contains_data(line, ';'))
continue; /* empty lines allowed */
- if(handle_origin(line, &origin))
+ if(handle_origin(line, &origin, &origin_len))
continue;
r = 0;
- if(!(tp2=load_trustanchor(anchors, line, nm, origin, &prev,
- &r))) {
+ if(!(tp2=load_trustanchor(anchors, line, nm, origin,
+ origin_len, &prev, &prev_len, &r))) {
if(!r) log_err("failed to load trust anchor from %s "
"at line %i, skipping", nm, line_nr);
/* try to do the rest */
@@ -823,15 +1035,15 @@ int autr_read_file(struct val_anchors* anchors, const char* nm)
"the file may only contain keys for one name, "
"remove keys for other domain names", nm);
fclose(fd);
- ldns_rdf_deep_free(origin);
- ldns_rdf_deep_free(prev);
+ free(origin);
+ free(prev);
return 0;
}
tp = tp2;
}
fclose(fd);
- ldns_rdf_deep_free(origin);
- ldns_rdf_deep_free(prev);
+ free(origin);
+ free(prev);
if(!tp) {
log_err("failed to read %s", nm);
return 0;
@@ -865,41 +1077,24 @@ trustanchor_state2str(autr_state_t s)
/** print ID to file */
static int
-print_id(FILE* out, char* fname, struct module_env* env,
- uint8_t* nm, size_t nmlen, uint16_t dclass)
+print_id(FILE* out, char* fname, uint8_t* nm, size_t nmlen, uint16_t dclass)
{
- ldns_rdf rdf;
-#ifdef UNBOUND_DEBUG
- ldns_status s;
-#endif
-
- memset(&rdf, 0, sizeof(rdf));
- ldns_rdf_set_data(&rdf, nm);
- ldns_rdf_set_size(&rdf, nmlen);
- ldns_rdf_set_type(&rdf, LDNS_RDF_TYPE_DNAME);
-
- ldns_buffer_clear(env->scratch_buffer);
-#ifdef UNBOUND_DEBUG
- s =
-#else
- (void)
-#endif
- ldns_rdf2buffer_str_dname(env->scratch_buffer, &rdf);
- log_assert(s == LDNS_STATUS_OK);
- ldns_buffer_write_u8(env->scratch_buffer, 0);
- ldns_buffer_flip(env->scratch_buffer);
- if(fprintf(out, ";;id: %s %d\n",
- (char*)ldns_buffer_begin(env->scratch_buffer),
- (int)dclass) < 0) {
+ char* s = sldns_wire2str_dname(nm, nmlen);
+ if(!s) {
+ log_err("malloc failure in write to %s", fname);
+ return 0;
+ }
+ if(fprintf(out, ";;id: %s %d\n", s, (int)dclass) < 0) {
log_err("could not write to %s: %s", fname, strerror(errno));
+ free(s);
return 0;
}
+ free(s);
return 1;
}
static int
-autr_write_contents(FILE* out, char* fn, struct module_env* env,
- struct trust_anchor* tp)
+autr_write_contents(FILE* out, char* fn, struct trust_anchor* tp)
{
char tmi[32];
struct autr_ta* ta;
@@ -921,7 +1116,7 @@ autr_write_contents(FILE* out, char* fn, struct module_env* env,
return 0;
}
}
- if(!print_id(out, fn, env, tp->name, tp->namelen, tp->dclass)) {
+ if(!print_id(out, fn, tp->name, tp->namelen, tp->dclass)) {
return 0;
}
if(fprintf(out, ";;last_queried: %u ;;%s",
@@ -949,9 +1144,10 @@ autr_write_contents(FILE* out, char* fn, struct module_env* env,
if(ta->s == AUTR_STATE_REMOVED)
continue;
/* only store keys */
- if(ldns_rr_get_type(ta->rr) != LDNS_RR_TYPE_DNSKEY)
+ if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len)
+ != LDNS_RR_TYPE_DNSKEY)
continue;
- str = ldns_rr2str(ta->rr);
+ str = sldns_wire2str_rr(ta->rr, ta->rr_len);
if(!str || !str[0]) {
free(str);
log_err("malloc failure writing %s", fn);
@@ -992,15 +1188,20 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
tempf, strerror(errno));
return;
}
- if(!autr_write_contents(out, tempf, env, tp)) {
+ if(!autr_write_contents(out, tempf, tp)) {
/* failed to write contents (completely) */
fclose(out);
unlink(tempf);
log_err("could not completely write: %s", fname);
return;
}
+ if(fclose(out) != 0) {
+ log_err("could not complete write: %s: %s",
+ fname, strerror(errno));
+ unlink(tempf);
+ return;
+ }
/* success; overwrite actual file */
- fclose(out);
verbose(VERB_ALGO, "autotrust: replaced %s", fname);
#ifdef UB_ON_WINDOWS
(void)unlink(fname); /* windows does not replace file with rename() */
@@ -1036,19 +1237,25 @@ verify_dnskey(struct module_env* env, struct val_env* ve,
return sec == sec_status_secure;
}
+static int32_t
+rrsig_get_expiry(uint8_t* d, size_t len)
+{
+ /* rrsig: 2(rdlen), 2(type) 1(alg) 1(v) 4(origttl), then 4(expi), (4)incep) */
+ if(len < 2+8+4)
+ return 0;
+ return sldns_read_uint32(d+2+8);
+}
+
/** Find minimum expiration interval from signatures */
static time_t
-min_expiry(struct module_env* env, ldns_rr_list* rrset)
+min_expiry(struct module_env* env, struct packed_rrset_data* dd)
{
size_t i;
int32_t t, r = 15 * 24 * 3600; /* 15 days max */
- for(i=0; i<ldns_rr_list_rr_count(rrset); i++) {
- ldns_rr* rr = ldns_rr_list_rr(rrset, i);
- if(ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG)
- continue;
- t = ldns_rdf2native_int32(ldns_rr_rrsig_expiration(rr));
+ for(i=dd->count; i<dd->count+dd->rrsig_count; i++) {
+ t = rrsig_get_expiry(dd->rr_data[i], dd->rr_len[i]);
if((int32_t)t - (int32_t)*env->now > 0) {
- t -= *env->now;
+ t -= (int32_t)*env->now;
if(t < r)
r = t;
}
@@ -1092,131 +1299,92 @@ seen_revoked_trustanchor(struct autr_ta* ta, uint8_t revoked)
static void
revoke_dnskey(struct autr_ta* ta, int off)
{
- ldns_rdf* rdf;
- uint16_t flags;
- log_assert(ta && ta->rr);
- if(ldns_rr_get_type(ta->rr) != LDNS_RR_TYPE_DNSKEY)
+ uint16_t flags;
+ uint8_t* data;
+ if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len) !=
+ LDNS_RR_TYPE_DNSKEY)
return;
- rdf = ldns_rr_dnskey_flags(ta->rr);
- flags = ldns_read_uint16(ldns_rdf_data(rdf));
-
+ if(sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len) < 2)
+ return;
+ data = sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len);
+ flags = sldns_read_uint16(data);
if (off && (flags&LDNS_KEY_REVOKE_KEY))
flags ^= LDNS_KEY_REVOKE_KEY; /* flip */
else
flags |= LDNS_KEY_REVOKE_KEY;
- ldns_write_uint16(ldns_rdf_data(rdf), flags);
+ sldns_write_uint16(data, flags);
}
-/** Compare two RR buffers skipping the REVOKED bit */
+/** Compare two RRs skipping the REVOKED bit. Pass rdata(no len) */
static int
-ldns_rr_compare_wire_skip_revbit(ldns_buffer* rr1_buf, ldns_buffer* rr2_buf)
-{
- size_t rr1_len, rr2_len, min_len, i, offset;
- rr1_len = ldns_buffer_capacity(rr1_buf);
- rr2_len = ldns_buffer_capacity(rr2_buf);
- /* jump past dname (checked in earlier part) and especially past TTL */
- offset = 0;
- while (offset < rr1_len && *ldns_buffer_at(rr1_buf, offset) != 0)
- offset += *ldns_buffer_at(rr1_buf, offset) + 1;
- /* jump to rdata section (PAST the rdata length field) */
- offset += 11; /* 0-dname-end + type + class + ttl + rdatalen */
- min_len = (rr1_len < rr2_len) ? rr1_len : rr2_len;
+dnskey_compare_skip_revbit(uint8_t* a, size_t a_len, uint8_t* b, size_t b_len)
+{
+ size_t i;
+ if(a_len != b_len)
+ return -1;
/* compare RRs RDATA byte for byte. */
- for(i = offset; i < min_len; i++)
+ for(i = 0; i < a_len; i++)
{
- uint8_t *rdf1, *rdf2;
- rdf1 = ldns_buffer_at(rr1_buf, i);
- rdf2 = ldns_buffer_at(rr2_buf, i);
- if (i==(offset+1))
- {
+ uint8_t rdf1, rdf2;
+ rdf1 = a[i];
+ rdf2 = b[i];
+ if(i==1) {
/* this is the second part of the flags field */
- *rdf1 = *rdf1 | LDNS_KEY_REVOKE_KEY;
- *rdf2 = *rdf2 | LDNS_KEY_REVOKE_KEY;
+ rdf1 |= LDNS_KEY_REVOKE_KEY;
+ rdf2 |= LDNS_KEY_REVOKE_KEY;
}
- if (*rdf1 < *rdf2) return -1;
- else if (*rdf1 > *rdf2) return 1;
+ if (rdf1 < rdf2) return -1;
+ else if (rdf1 > rdf2) return 1;
}
return 0;
}
-/** Compare two RRs skipping the REVOKED bit */
-static int
-ldns_rr_compare_skip_revbit(const ldns_rr* rr1, const ldns_rr* rr2, int* result)
-{
- size_t rr1_len, rr2_len;
- ldns_buffer* rr1_buf;
- ldns_buffer* rr2_buf;
- *result = ldns_rr_compare_no_rdata(rr1, rr2);
- if (*result == 0)
- {
- rr1_len = ldns_rr_uncompressed_size(rr1);
- rr2_len = ldns_rr_uncompressed_size(rr2);
- rr1_buf = ldns_buffer_new(rr1_len);
- rr2_buf = ldns_buffer_new(rr2_len);
- if(!rr1_buf || !rr2_buf) {
- ldns_buffer_free(rr1_buf);
- ldns_buffer_free(rr2_buf);
- return 0;
- }
- if (ldns_rr2buffer_wire_canonical(rr1_buf, rr1,
- LDNS_SECTION_ANY) != LDNS_STATUS_OK)
- {
- ldns_buffer_free(rr1_buf);
- ldns_buffer_free(rr2_buf);
- return 0;
- }
- if (ldns_rr2buffer_wire_canonical(rr2_buf, rr2,
- LDNS_SECTION_ANY) != LDNS_STATUS_OK) {
- ldns_buffer_free(rr1_buf);
- ldns_buffer_free(rr2_buf);
- return 0;
- }
- *result = ldns_rr_compare_wire_skip_revbit(rr1_buf, rr2_buf);
- ldns_buffer_free(rr1_buf);
- ldns_buffer_free(rr2_buf);
- }
- return 1;
-}
-
-
-/** compare two trust anchors */
+/** compare trust anchor with rdata, 0 if equal. Pass rdata(no len) */
static int
-ta_compare(ldns_rr* a, ldns_rr* b, int* result)
-{
- if (!a && !b) *result = 0;
- else if (!a) *result = -1;
- else if (!b) *result = 1;
- else if (ldns_rr_get_type(a) != ldns_rr_get_type(b))
- *result = (int)ldns_rr_get_type(a) - (int)ldns_rr_get_type(b);
- else if (ldns_rr_get_type(a) == LDNS_RR_TYPE_DNSKEY) {
- if(!ldns_rr_compare_skip_revbit(a, b, result))
- return 0;
+ta_compare(struct autr_ta* a, uint16_t t, uint8_t* b, size_t b_len)
+{
+ if(!a) return -1;
+ else if(!b) return -1;
+ else if(sldns_wirerr_get_type(a->rr, a->rr_len, a->dname_len) != t)
+ return (int)sldns_wirerr_get_type(a->rr, a->rr_len,
+ a->dname_len) - (int)t;
+ else if(t == LDNS_RR_TYPE_DNSKEY) {
+ return dnskey_compare_skip_revbit(
+ sldns_wirerr_get_rdata(a->rr, a->rr_len, a->dname_len),
+ sldns_wirerr_get_rdatalen(a->rr, a->rr_len,
+ a->dname_len), b, b_len);
+ }
+ else if(t == LDNS_RR_TYPE_DS) {
+ if(sldns_wirerr_get_rdatalen(a->rr, a->rr_len, a->dname_len) !=
+ b_len)
+ return -1;
+ return memcmp(sldns_wirerr_get_rdata(a->rr,
+ a->rr_len, a->dname_len), b, b_len);
}
- else if (ldns_rr_get_type(a) == LDNS_RR_TYPE_DS)
- *result = ldns_rr_compare(a, b);
- else *result = -1;
- return 1;
+ return -1;
}
/**
* Find key
* @param tp: to search in
- * @param rr: to look for
+ * @param t: rr type of the rdata.
+ * @param rdata: to look for (no rdatalen in it)
+ * @param rdata_len: length of rdata
* @param result: returns NULL or the ta key looked for.
* @return false on malloc failure during search. if true examine result.
*/
static int
-find_key(struct trust_anchor* tp, ldns_rr* rr, struct autr_ta** result)
+find_key(struct trust_anchor* tp, uint16_t t, uint8_t* rdata, size_t rdata_len,
+ struct autr_ta** result)
{
struct autr_ta* ta;
- int ret;
- if(!tp || !rr)
+ if(!tp || !rdata) {
+ *result = NULL;
return 0;
+ }
for(ta=tp->autr->keys; ta; ta=ta->next) {
- if(!ta_compare(ta->rr, rr, &ret))
- return 0;
- if(ret == 0) {
+ if(ta_compare(ta, t, rdata, rdata_len) == 0) {
*result = ta;
return 1;
}
@@ -1225,17 +1393,30 @@ find_key(struct trust_anchor* tp, ldns_rr* rr, struct autr_ta** result)
return 1;
}
-/** add key and clone RR and tp already locked */
+/** add key and clone RR and tp already locked. rdata without rdlen. */
static struct autr_ta*
-add_key(struct trust_anchor* tp, ldns_rr* rr)
+add_key(struct trust_anchor* tp, uint32_t ttl, uint8_t* rdata, size_t rdata_len)
{
- ldns_rr* c;
struct autr_ta* ta;
- c = ldns_rr_clone(rr);
- if(!c) return NULL;
- ta = autr_ta_create(c);
+ uint8_t* rr;
+ size_t rr_len, dname_len;
+ uint16_t rrtype = htons(LDNS_RR_TYPE_DNSKEY);
+ uint16_t rrclass = htons(LDNS_RR_CLASS_IN);
+ uint16_t rdlen = htons(rdata_len);
+ dname_len = tp->namelen;
+ ttl = htonl(ttl);
+ rr_len = dname_len + 10 /* type,class,ttl,rdatalen */ + rdata_len;
+ rr = (uint8_t*)malloc(rr_len);
+ if(!rr) return NULL;
+ memmove(rr, tp->name, tp->namelen);
+ memmove(rr+dname_len, &rrtype, 2);
+ memmove(rr+dname_len+2, &rrclass, 2);
+ memmove(rr+dname_len+4, &ttl, 4);
+ memmove(rr+dname_len+8, &rdlen, 2);
+ memmove(rr+dname_len+10, rdata, rdata_len);
+ ta = autr_ta_create(rr, rr_len, dname_len);
if(!ta) {
- ldns_rr_free(c);
+ /* rr freed in autr_ta_create */
return NULL;
}
/* link in, tp already locked */
@@ -1308,21 +1489,19 @@ check_contains_revoked(struct module_env* env, struct val_env* ve,
struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset,
int* changed)
{
- ldns_rr_list* r = packed_rrset_to_rr_list(dnskey_rrset,
- env->scratch_buffer);
+ struct packed_rrset_data* dd = (struct packed_rrset_data*)
+ dnskey_rrset->entry.data;
size_t i;
- if(!r) {
- log_err("malloc failure");
- return;
- }
- for(i=0; i<ldns_rr_list_rr_count(r); i++) {
- ldns_rr* rr = ldns_rr_list_rr(r, i);
+ log_assert(ntohs(dnskey_rrset->rk.type) == LDNS_RR_TYPE_DNSKEY);
+ for(i=0; i<dd->count; i++) {
struct autr_ta* ta = NULL;
- if(ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY)
- continue;
- if(!rr_is_dnskey_sep(rr) || !rr_is_dnskey_revoked(rr))
+ if(!rr_is_dnskey_sep(ntohs(dnskey_rrset->rk.type),
+ dd->rr_data[i]+2, dd->rr_len[i]-2) ||
+ !rr_is_dnskey_revoked(ntohs(dnskey_rrset->rk.type),
+ dd->rr_data[i]+2, dd->rr_len[i]-2))
continue; /* not a revoked KSK */
- if(!find_key(tp, rr, &ta)) {
+ if(!find_key(tp, ntohs(dnskey_rrset->rk.type),
+ dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) {
log_err("malloc failure");
continue; /* malloc fail in compare*/
}
@@ -1330,8 +1509,18 @@ check_contains_revoked(struct module_env* env, struct val_env* ve,
continue; /* key not found */
if(rr_is_selfsigned_revoked(env, ve, dnskey_rrset, i)) {
/* checked if there is an rrsig signed by this key. */
- log_assert(dnskey_calc_keytag(dnskey_rrset, i) ==
- ldns_calc_keytag(rr)); /* checks conversion*/
+ /* same keytag, but stored can be revoked already, so
+ * compare keytags, with +0 or +128(REVOKE flag) */
+ log_assert(dnskey_calc_keytag(dnskey_rrset, i)-128 ==
+ sldns_calc_keytag_raw(sldns_wirerr_get_rdata(
+ ta->rr, ta->rr_len, ta->dname_len),
+ sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
+ ta->dname_len)) ||
+ dnskey_calc_keytag(dnskey_rrset, i) ==
+ sldns_calc_keytag_raw(sldns_wirerr_get_rdata(
+ ta->rr, ta->rr_len, ta->dname_len),
+ sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
+ ta->dname_len))); /* checks conversion*/
verbose_key(ta, VERB_ALGO, "is self-signed revoked");
if(!ta->revoked)
*changed = 1;
@@ -1339,7 +1528,6 @@ check_contains_revoked(struct module_env* env, struct val_env* ve,
do_revoked(env, ta, changed);
}
}
- ldns_rr_list_deep_free(r);
}
/** See if a DNSKEY is verified by one of the DSes */
@@ -1386,20 +1574,18 @@ update_events(struct module_env* env, struct val_env* ve,
struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset,
int* changed)
{
- ldns_rr_list* r = packed_rrset_to_rr_list(dnskey_rrset,
- env->scratch_buffer);
+ struct packed_rrset_data* dd = (struct packed_rrset_data*)
+ dnskey_rrset->entry.data;
size_t i;
- if(!r)
- return 0;
+ log_assert(ntohs(dnskey_rrset->rk.type) == LDNS_RR_TYPE_DNSKEY);
init_events(tp);
- for(i=0; i<ldns_rr_list_rr_count(r); i++) {
- ldns_rr* rr = ldns_rr_list_rr(r, i);
+ for(i=0; i<dd->count; i++) {
struct autr_ta* ta = NULL;
- if(ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY)
- continue;
- if(!rr_is_dnskey_sep(rr))
+ if(!rr_is_dnskey_sep(ntohs(dnskey_rrset->rk.type),
+ dd->rr_data[i]+2, dd->rr_len[i]-2))
continue;
- if(rr_is_dnskey_revoked(rr)) {
+ if(rr_is_dnskey_revoked(ntohs(dnskey_rrset->rk.type),
+ dd->rr_data[i]+2, dd->rr_len[i]-2)) {
/* self-signed revoked keys already detected before,
* other revoked keys are not 'added' again */
continue;
@@ -1415,12 +1601,13 @@ update_events(struct module_env* env, struct val_env* ve,
}
/* is it new? if revocation bit set, find the unrevoked key */
- if(!find_key(tp, rr, &ta)) {
- ldns_rr_list_deep_free(r); /* malloc fail in compare*/
+ if(!find_key(tp, ntohs(dnskey_rrset->rk.type),
+ dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) {
return 0;
}
if(!ta) {
- ta = add_key(tp, rr);
+ ta = add_key(tp, (uint32_t)dd->rr_ttl[i],
+ dd->rr_data[i]+2, dd->rr_len[i]-2);
*changed = 1;
/* first time seen, do we have DSes? if match: VALID */
if(ta && tp->ds_rrset && key_matches_a_ds(env, ve,
@@ -1430,14 +1617,12 @@ update_events(struct module_env* env, struct val_env* ve,
}
}
if(!ta) {
- ldns_rr_list_deep_free(r);
return 0;
}
seen_trustanchor(ta, 1);
verbose_key(ta, VERB_ALGO, "in DNS response");
}
- set_tp_times(tp, min_expiry(env, r), key_ttl(dnskey_rrset), changed);
- ldns_rr_list_deep_free(r);
+ set_tp_times(tp, min_expiry(env, dd), key_ttl(dnskey_rrset), changed);
return 1;
}
@@ -1463,7 +1648,7 @@ check_holddown(struct module_env* env, struct autr_ta* ta,
if (elapsed > (time_t)holddown) {
return elapsed-(time_t)holddown;
}
- verbose_key(ta, VERB_ALGO, "holddown time %lld seconds to go",
+ verbose_key(ta, VERB_ALGO, "holddown time " ARG_LL "d seconds to go",
(long long) ((time_t)holddown-elapsed));
return 0;
}
@@ -1507,7 +1692,7 @@ do_addtime(struct module_env* env, struct autr_ta* anchor, int* c)
time_t exceeded = check_holddown(env, anchor, env->cfg->add_holddown);
if (exceeded && anchor->s == AUTR_STATE_ADDPEND) {
verbose_key(anchor, VERB_ALGO, "add-holddown time exceeded "
- "%lld seconds ago, and pending-count %d",
+ ARG_LL "d seconds ago, and pending-count %d",
(long long)exceeded, anchor->pending_count);
if(anchor->pending_count >= MIN_PENDINGCOUNT) {
set_trustanchor_state(env, anchor, c, AUTR_STATE_VALID);
@@ -1526,7 +1711,7 @@ do_remtime(struct module_env* env, struct autr_ta* anchor, int* c)
time_t exceeded = check_holddown(env, anchor, env->cfg->del_holddown);
if(exceeded && anchor->s == AUTR_STATE_REVOKED) {
verbose_key(anchor, VERB_ALGO, "del-holddown time exceeded "
- "%lld seconds ago", (long long)exceeded);
+ ARG_LL "d seconds ago", (long long)exceeded);
set_trustanchor_state(env, anchor, c, AUTR_STATE_REMOVED);
}
}
@@ -1628,16 +1813,17 @@ init_zsk_to_ksk(struct module_env* env, struct trust_anchor* tp, int* changed)
int validksk = 0;
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
/* last_change test makes sure it was manually configured */
- if (ldns_rr_get_type(anchor->rr) == LDNS_RR_TYPE_DNSKEY &&
+ if(sldns_wirerr_get_type(anchor->rr, anchor->rr_len,
+ anchor->dname_len) == LDNS_RR_TYPE_DNSKEY &&
anchor->last_change == 0 &&
- !rr_is_dnskey_sep(anchor->rr) &&
+ !ta_is_dnskey_sep(anchor) &&
anchor->s == AUTR_STATE_VALID)
validzsk++;
}
if(validzsk == 0)
return 0;
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
- if (rr_is_dnskey_sep(anchor->rr) &&
+ if (ta_is_dnskey_sep(anchor) &&
anchor->s == AUTR_STATE_ADDPEND) {
verbose_key(anchor, VERB_ALGO, "trust KSK from "
"ZSK(config)");
@@ -1660,7 +1846,7 @@ remove_missing_trustanchors(struct module_env* env, struct trust_anchor* tp,
/* see if we have anchors that are valid */
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
/* Only do KSKs */
- if (!rr_is_dnskey_sep(anchor->rr))
+ if (!ta_is_dnskey_sep(anchor))
continue;
if (anchor->s == AUTR_STATE_VALID)
valid++;
@@ -1683,7 +1869,7 @@ remove_missing_trustanchors(struct module_env* env, struct trust_anchor* tp,
if(anchor->s == AUTR_STATE_START)
continue;
/* remove ZSKs if a KSK is present */
- if (!rr_is_dnskey_sep(anchor->rr)) {
+ if (!ta_is_dnskey_sep(anchor)) {
if(valid > 0) {
verbose_key(anchor, VERB_ALGO, "remove ZSK "
"[%d key(s) VALID]", valid);
@@ -1703,7 +1889,7 @@ remove_missing_trustanchors(struct module_env* env, struct trust_anchor* tp,
* one valid KSK: remove missing trust anchor */
if (exceeded && valid > 0) {
verbose_key(anchor, VERB_ALGO, "keep-missing time "
- "exceeded %lld seconds ago, [%d key(s) VALID]",
+ "exceeded " ARG_LL "d seconds ago, [%d key(s) VALID]",
(long long)exceeded, valid);
set_trustanchor_state(env, anchor, changed,
AUTR_STATE_REMOVED);
@@ -1718,7 +1904,7 @@ do_statetable(struct module_env* env, struct trust_anchor* tp, int* changed)
struct autr_ta* anchor;
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
/* Only do KSKs */
- if(!rr_is_dnskey_sep(anchor->rr))
+ if(!ta_is_dnskey_sep(anchor))
continue;
anchor_state_update(env, anchor, changed);
}
@@ -1732,7 +1918,7 @@ autr_holddown_exceed(struct module_env* env, struct trust_anchor* tp, int* c)
{
struct autr_ta* anchor;
for(anchor = tp->autr->keys; anchor; anchor = anchor->next) {
- if(rr_is_dnskey_sep(anchor->rr) &&
+ if(ta_is_dnskey_sep(anchor) &&
anchor->s == AUTR_STATE_ADDPEND)
do_addtime(env, anchor, c);
}
@@ -1748,10 +1934,11 @@ autr_cleanup_keys(struct trust_anchor* tp)
while(p) {
/* do we want to remove this key? */
if(p->s == AUTR_STATE_START || p->s == AUTR_STATE_REMOVED ||
- ldns_rr_get_type(p->rr) != LDNS_RR_TYPE_DNSKEY) {
+ sldns_wirerr_get_type(p->rr, p->rr_len, p->dname_len)
+ != LDNS_RR_TYPE_DNSKEY) {
struct autr_ta* np = p->next;
/* remove */
- ldns_rr_free(p->rr);
+ free(p->rr);
free(p);
/* snip and go to next item */
*prevp = np;
@@ -1806,7 +1993,7 @@ reset_worker_timer(struct module_env* env)
#endif
tv.tv_usec = 0;
comm_timer_set(env->probe_timer, &tv);
- verbose(VERB_ALGO, "scheduled next probe in %lld sec", (long long)tv.tv_sec);
+ verbose(VERB_ALGO, "scheduled next probe in " ARG_LL "d sec", (long long)tv.tv_sec);
}
/** set next probe for trust anchor */
@@ -2023,7 +2210,7 @@ static void
autr_debug_print_ta(struct autr_ta* ta)
{
char buf[32];
- char* str = ldns_rr2str(ta->rr);
+ char* str = sldns_wire2str_rr(ta->rr, ta->rr_len);
if(!str) {
log_info("out of memory in debug_print_ta");
return;
@@ -2049,20 +2236,11 @@ autr_debug_print_tp(struct trust_anchor* tp)
log_info("trust point %s : %d", buf, (int)tp->dclass);
log_info("assembled %d DS and %d DNSKEYs",
(int)tp->numDS, (int)tp->numDNSKEY);
- if(0) { /* turned off because it prints to stderr */
- ldns_buffer* bf = ldns_buffer_new(70000);
- ldns_rr_list* list;
- if(tp->ds_rrset) {
- list = packed_rrset_to_rr_list(tp->ds_rrset, bf);
- ldns_rr_list_print(stderr, list);
- ldns_rr_list_deep_free(list);
- }
- if(tp->dnskey_rrset) {
- list = packed_rrset_to_rr_list(tp->dnskey_rrset, bf);
- ldns_rr_list_print(stderr, list);
- ldns_rr_list_deep_free(list);
- }
- ldns_buffer_free(bf);
+ if(tp->ds_rrset) {
+ log_packed_rrset(0, "DS:", tp->ds_rrset);
+ }
+ if(tp->dnskey_rrset) {
+ log_packed_rrset(0, "DNSKEY:", tp->dnskey_rrset);
}
log_info("file %s", tp->autr->file);
ctime_r(&tp->autr->last_queried, buf);
@@ -2098,7 +2276,7 @@ autr_debug_print(struct val_anchors* anchors)
}
void probe_answer_cb(void* arg, int ATTR_UNUSED(rcode),
- ldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(sec),
+ sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(sec),
char* ATTR_UNUSED(why_bogus))
{
/* retry was set before the query was done,
@@ -2123,7 +2301,7 @@ probe_anchor(struct module_env* env, struct trust_anchor* tp)
struct query_info qinfo;
uint16_t qflags = BIT_RD;
struct edns_data edns;
- ldns_buffer* buf = env->scratch_buffer;
+ sldns_buffer* buf = env->scratch_buffer;
qinfo.qname = regional_alloc_init(env->scratch, tp->name, tp->namelen);
if(!qinfo.qname) {
log_err("out of memory making 5011 probe");
@@ -2139,8 +2317,8 @@ probe_anchor(struct module_env* env, struct trust_anchor* tp)
edns.ext_rcode = 0;
edns.edns_version = 0;
edns.bits = EDNS_DO;
- if(ldns_buffer_capacity(buf) < 65535)
- edns.udp_size = (uint16_t)ldns_buffer_capacity(buf);
+ if(sldns_buffer_capacity(buf) < 65535)
+ edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
else edns.udp_size = 65535;
/* can't hold the lock while mesh_run is processing */
diff --git a/validator/autotrust.h b/validator/autotrust.h
index 193135cb66e68..ae61f8a872b4f 100644
--- a/validator/autotrust.h
+++ b/validator/autotrust.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -48,6 +48,7 @@ struct trust_anchor;
struct ub_packed_rrset_key;
struct module_env;
struct val_env;
+struct sldns_buffer;
/** Autotrust anchor states */
typedef enum {
@@ -66,7 +67,9 @@ struct autr_ta {
/** next key */
struct autr_ta* next;
/** the RR */
- ldns_rr* rr;
+ uint8_t* rr;
+ /** length of rr */
+ size_t rr_len, dname_len;
/** last update of key state (new pending count keeps date the same) */
time_t last_change;
/** 5011 state */
@@ -199,7 +202,7 @@ int autr_process_prime(struct module_env* env, struct val_env* ve,
void autr_debug_print(struct val_anchors* anchors);
/** callback for query answer to 5011 probe */
-void probe_answer_cb(void* arg, int rcode, ldns_buffer* buf,
+void probe_answer_cb(void* arg, int rcode, struct sldns_buffer* buf,
enum sec_status sec, char* errinf);
#endif /* VALIDATOR_AUTOTRUST_H */
diff --git a/validator/val_anchor.c b/validator/val_anchor.c
index e710f2f24083a..a4adfe2d9ddee 100644
--- a/validator/val_anchor.c
+++ b/validator/val_anchor.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -40,8 +40,6 @@
*/
#include "config.h"
#include <ctype.h>
-#include <ldns/dname.h>
-#include <ldns/host2wire.h>
#include "validator/val_anchor.h"
#include "validator/val_sigcrypt.h"
#include "validator/autotrust.h"
@@ -50,6 +48,9 @@
#include "util/log.h"
#include "util/net_help.h"
#include "util/config_file.h"
+#include "ldns/sbuffer.h"
+#include "ldns/rrdef.h"
+#include "ldns/str2wire.h"
#ifdef HAVE_GLOB_H
#include <glob.h>
#endif
@@ -346,36 +347,26 @@ anchor_store_new_key(struct val_anchors* anchors, uint8_t* name, uint16_t type,
/**
* Add new RR. It converts ldns RR to wire format.
* @param anchors: anchor storage.
- * @param buffer: parsing buffer.
- * @param rr: the rr (allocated by caller).
+ * @param rr: the wirerr.
+ * @param rl: length of rr.
+ * @param dl: length of dname.
* @return NULL on error, else the trust anchor.
*/
static struct trust_anchor*
-anchor_store_new_rr(struct val_anchors* anchors, ldns_buffer* buffer,
- ldns_rr* rr)
+anchor_store_new_rr(struct val_anchors* anchors, uint8_t* rr, size_t rl,
+ size_t dl)
{
struct trust_anchor* ta;
- ldns_rdf* owner = ldns_rr_owner(rr);
- ldns_status status;
- ldns_buffer_clear(buffer);
- ldns_buffer_skip(buffer, 2); /* skip rdatalen */
- status = ldns_rr_rdata2buffer_wire(buffer, rr);
- if(status != LDNS_STATUS_OK) {
- log_err("error converting trustanchor to wireformat: %s",
- ldns_get_errorstr_by_id(status));
- return NULL;
- }
- ldns_buffer_flip(buffer);
- ldns_buffer_write_u16_at(buffer, 0, ldns_buffer_limit(buffer) - 2);
-
- if(!(ta=anchor_store_new_key(anchors, ldns_rdf_data(owner),
- ldns_rr_get_type(rr), ldns_rr_get_class(rr),
- ldns_buffer_begin(buffer), ldns_buffer_limit(buffer)))) {
+ if(!(ta=anchor_store_new_key(anchors, rr,
+ sldns_wirerr_get_type(rr, rl, dl),
+ sldns_wirerr_get_class(rr, rl, dl),
+ sldns_wirerr_get_rdatawl(rr, rl, dl),
+ sldns_wirerr_get_rdatalen(rr, rl, dl)+2))) {
return NULL;
}
log_nametypeclass(VERB_QUERY, "adding trusted key",
- ldns_rdf_data(owner),
- ldns_rr_get_type(rr), ldns_rr_get_class(rr));
+ rr, sldns_wirerr_get_type(rr, rl, dl),
+ sldns_wirerr_get_class(rr, rl, dl));
return ta;
}
@@ -389,36 +380,37 @@ static struct trust_anchor*
anchor_insert_insecure(struct val_anchors* anchors, const char* str)
{
struct trust_anchor* ta;
- ldns_rdf* nm = ldns_dname_new_frm_str(str);
+ size_t dname_len = 0;
+ uint8_t* nm = sldns_str2wire_dname(str, &dname_len);
if(!nm) {
log_err("parse error in domain name '%s'", str);
return NULL;
}
- ta = anchor_store_new_key(anchors, ldns_rdf_data(nm), LDNS_RR_TYPE_DS,
+ ta = anchor_store_new_key(anchors, nm, LDNS_RR_TYPE_DS,
LDNS_RR_CLASS_IN, NULL, 0);
- ldns_rdf_deep_free(nm);
+ free(nm);
return ta;
}
struct trust_anchor*
-anchor_store_str(struct val_anchors* anchors, ldns_buffer* buffer,
+anchor_store_str(struct val_anchors* anchors, sldns_buffer* buffer,
const char* str)
{
struct trust_anchor* ta;
- ldns_rr* rr = NULL;
- ldns_status status = ldns_rr_new_frm_str(&rr, str, 0, NULL, NULL);
- if(status != LDNS_STATUS_OK) {
- log_err("error parsing trust anchor: %s",
- ldns_get_errorstr_by_id(status));
- ldns_rr_free(rr);
+ uint8_t* rr = sldns_buffer_begin(buffer);
+ size_t len = sldns_buffer_capacity(buffer), dname_len = 0;
+ int status = sldns_str2wire_rr_buf(str, rr, &len, &dname_len,
+ 0, NULL, 0, NULL, 0);
+ if(status != 0) {
+ log_err("error parsing trust anchor %s: at %d: %s",
+ str, LDNS_WIREPARSE_OFFSET(status),
+ sldns_get_errorstr_parse(status));
return NULL;
}
- if(!(ta=anchor_store_new_rr(anchors, buffer, rr))) {
+ if(!(ta=anchor_store_new_rr(anchors, rr, len, dname_len))) {
log_err("out of memory");
- ldns_rr_free(rr);
return NULL;
}
- ldns_rr_free(rr);
return ta;
}
@@ -431,44 +423,43 @@ anchor_store_str(struct val_anchors* anchors, ldns_buffer* buffer,
* @return NULL on error. Else last trust-anchor point.
*/
static struct trust_anchor*
-anchor_read_file(struct val_anchors* anchors, ldns_buffer* buffer,
+anchor_read_file(struct val_anchors* anchors, sldns_buffer* buffer,
const char* fname, int onlyone)
{
struct trust_anchor* ta = NULL, *tanew;
- uint32_t default_ttl = 3600;
- ldns_rdf* origin = NULL, *prev = NULL;
- int line_nr = 1;
- ldns_status status;
- ldns_rr* rr;
+ struct sldns_file_parse_state pst;
+ int status;
+ size_t len, dname_len;
+ uint8_t* rr = sldns_buffer_begin(buffer);
int ok = 1;
FILE* in = fopen(fname, "r");
if(!in) {
log_err("error opening file %s: %s", fname, strerror(errno));
return 0;
}
+ memset(&pst, 0, sizeof(pst));
+ pst.default_ttl = 3600;
+ pst.lineno = 1;
while(!feof(in)) {
- rr = NULL;
- status = ldns_rr_new_frm_fp_l(&rr, in, &default_ttl, &origin,
- &prev, &line_nr);
- if(status == LDNS_STATUS_SYNTAX_EMPTY /* empty line */
- || status == LDNS_STATUS_SYNTAX_TTL /* $TTL */
- || status == LDNS_STATUS_SYNTAX_ORIGIN /* $ORIGIN */)
+ len = sldns_buffer_capacity(buffer);
+ dname_len = 0;
+ status = sldns_fp2wire_rr_buf(in, rr, &len, &dname_len, &pst);
+ if(len == 0) /* empty, $TTL, $ORIGIN */
continue;
- if(status != LDNS_STATUS_OK) {
- log_err("parse error in %s:%d : %s", fname, line_nr,
- ldns_get_errorstr_by_id(status));
- ldns_rr_free(rr);
+ if(status != 0) {
+ log_err("parse error in %s:%d:%d : %s", fname,
+ pst.lineno, LDNS_WIREPARSE_OFFSET(status),
+ sldns_get_errorstr_parse(status));
ok = 0;
break;
}
- if(ldns_rr_get_type(rr) != LDNS_RR_TYPE_DS &&
- ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY) {
- ldns_rr_free(rr);
+ if(sldns_wirerr_get_type(rr, len, dname_len) !=
+ LDNS_RR_TYPE_DS && sldns_wirerr_get_type(rr, len,
+ dname_len) != LDNS_RR_TYPE_DNSKEY) {
continue;
}
- if(!(tanew=anchor_store_new_rr(anchors, buffer, rr))) {
- log_err("error at %s line %d", fname, line_nr);
- ldns_rr_free(rr);
+ if(!(tanew=anchor_store_new_rr(anchors, rr, len, dname_len))) {
+ log_err("mem error at %s line %d", fname, pst.lineno);
ok = 0;
break;
}
@@ -476,16 +467,12 @@ anchor_read_file(struct val_anchors* anchors, ldns_buffer* buffer,
log_err("error at %s line %d: no multiple anchor "
"domains allowed (you can have multiple "
"keys, but they must have the same name).",
- fname, line_nr);
- ldns_rr_free(rr);
+ fname, pst.lineno);
ok = 0;
break;
}
ta = tanew;
- ldns_rr_free(rr);
}
- ldns_rdf_deep_free(origin);
- ldns_rdf_deep_free(prev);
fclose(in);
if(!ok) return NULL;
/* empty file is OK when multiple anchors are allowed */
@@ -540,7 +527,7 @@ is_bind_special(int c)
* 0 on end of file.
*/
static int
-readkeyword_bindfile(FILE* in, ldns_buffer* buf, int* line, int comments)
+readkeyword_bindfile(FILE* in, sldns_buffer* buf, int* line, int comments)
{
int c;
int numdone = 0;
@@ -550,17 +537,17 @@ readkeyword_bindfile(FILE* in, ldns_buffer* buf, int* line, int comments)
(*line)++;
continue;
} else if(comments && c=='/' && numdone>0 && /* /_/ bla*/
- ldns_buffer_read_u8_at(buf,
- ldns_buffer_position(buf)-1) == '/') {
- ldns_buffer_skip(buf, -1);
+ sldns_buffer_read_u8_at(buf,
+ sldns_buffer_position(buf)-1) == '/') {
+ sldns_buffer_skip(buf, -1);
numdone--;
skip_to_eol(in);
(*line)++;
continue;
} else if(comments && c=='*' && numdone>0 && /* /_* bla *_/ */
- ldns_buffer_read_u8_at(buf,
- ldns_buffer_position(buf)-1) == '/') {
- ldns_buffer_skip(buf, -1);
+ sldns_buffer_read_u8_at(buf,
+ sldns_buffer_position(buf)-1) == '/') {
+ sldns_buffer_skip(buf, -1);
numdone--;
/* skip to end of comment */
while(c != EOF && (c=getc(in)) != EOF ) {
@@ -590,10 +577,10 @@ readkeyword_bindfile(FILE* in, ldns_buffer* buf, int* line, int comments)
(*line)++;
}
/* space for 1 char + 0 string terminator */
- if(ldns_buffer_remaining(buf) < 2) {
+ if(sldns_buffer_remaining(buf) < 2) {
fatal_exit("trusted-keys, %d, string too long", *line);
}
- ldns_buffer_write_u8(buf, (uint8_t)c);
+ sldns_buffer_write_u8(buf, (uint8_t)c);
numdone++;
if(isspace(c)) {
/* collate whitespace into ' ' */
@@ -615,17 +602,17 @@ readkeyword_bindfile(FILE* in, ldns_buffer* buf, int* line, int comments)
/** skip through file to { or ; */
static int
-skip_to_special(FILE* in, ldns_buffer* buf, int* line, int spec)
+skip_to_special(FILE* in, sldns_buffer* buf, int* line, int spec)
{
int rdlen;
- ldns_buffer_clear(buf);
+ sldns_buffer_clear(buf);
while((rdlen=readkeyword_bindfile(in, buf, line, 1))) {
- if(rdlen == 1 && isspace((int)*ldns_buffer_begin(buf))) {
- ldns_buffer_clear(buf);
+ if(rdlen == 1 && isspace((int)*sldns_buffer_begin(buf))) {
+ sldns_buffer_clear(buf);
continue;
}
- if(rdlen != 1 || *ldns_buffer_begin(buf) != (uint8_t)spec) {
- ldns_buffer_write_u8(buf, 0);
+ if(rdlen != 1 || *sldns_buffer_begin(buf) != (uint8_t)spec) {
+ sldns_buffer_write_u8(buf, 0);
log_err("trusted-keys, line %d, expected %c",
*line, spec);
return 0;
@@ -645,7 +632,7 @@ skip_to_special(FILE* in, ldns_buffer* buf, int* line, int spec)
* @return 0 on error.
*/
static int
-process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf,
+process_bind_contents(struct val_anchors* anchors, sldns_buffer* buf,
int* line, FILE* in)
{
/* loop over contents, collate strings before ; */
@@ -658,41 +645,41 @@ process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf,
int comments = 1;
int rdlen;
char* str = 0;
- ldns_buffer_clear(buf);
+ sldns_buffer_clear(buf);
while((rdlen=readkeyword_bindfile(in, buf, line, comments))) {
- if(rdlen == 1 && ldns_buffer_position(buf) == 1
- && isspace((int)*ldns_buffer_begin(buf))) {
+ if(rdlen == 1 && sldns_buffer_position(buf) == 1
+ && isspace((int)*sldns_buffer_begin(buf))) {
/* starting whitespace is removed */
- ldns_buffer_clear(buf);
+ sldns_buffer_clear(buf);
continue;
- } else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == '"') {
+ } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == '"') {
/* remove " from the string */
if(contnum == 0) {
quoted = 1;
comments = 0;
}
- ldns_buffer_skip(buf, -1);
+ sldns_buffer_skip(buf, -1);
if(contnum > 0 && quoted) {
- if(ldns_buffer_remaining(buf) < 8+1) {
+ if(sldns_buffer_remaining(buf) < 8+1) {
log_err("line %d, too long", *line);
return 0;
}
- ldns_buffer_write(buf, " DNSKEY ", 8);
+ sldns_buffer_write(buf, " DNSKEY ", 8);
quoted = 0;
comments = 1;
} else if(contnum > 0)
comments = !comments;
continue;
- } else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == ';') {
+ } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == ';') {
if(contnum < 5) {
- ldns_buffer_write_u8(buf, 0);
+ sldns_buffer_write_u8(buf, 0);
log_err("line %d, bad key", *line);
return 0;
}
- ldns_buffer_skip(buf, -1);
- ldns_buffer_write_u8(buf, 0);
- str = strdup((char*)ldns_buffer_begin(buf));
+ sldns_buffer_skip(buf, -1);
+ sldns_buffer_write_u8(buf, 0);
+ str = strdup((char*)sldns_buffer_begin(buf));
if(!str) {
log_err("line %d, allocation failure", *line);
return 0;
@@ -703,30 +690,30 @@ process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf,
return 0;
}
free(str);
- ldns_buffer_clear(buf);
+ sldns_buffer_clear(buf);
contnum = 0;
quoted = 0;
comments = 1;
continue;
- } else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == '}') {
+ } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == '}') {
if(contnum > 0) {
- ldns_buffer_write_u8(buf, 0);
+ sldns_buffer_write_u8(buf, 0);
log_err("line %d, bad key before }", *line);
return 0;
}
return 1;
} else if(rdlen == 1 &&
- isspace((int)ldns_buffer_current(buf)[-1])) {
+ isspace((int)sldns_buffer_current(buf)[-1])) {
/* leave whitespace here */
} else {
/* not space or whatnot, so actual content */
contnum ++;
if(contnum == 1 && !quoted) {
- if(ldns_buffer_remaining(buf) < 8+1) {
+ if(sldns_buffer_remaining(buf) < 8+1) {
log_err("line %d, too long", *line);
return 0;
}
- ldns_buffer_write(buf, " DNSKEY ", 8);
+ sldns_buffer_write(buf, " DNSKEY ", 8);
}
}
}
@@ -743,7 +730,7 @@ process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf,
* @return false on error.
*/
static int
-anchor_read_bind_file(struct val_anchors* anchors, ldns_buffer* buffer,
+anchor_read_bind_file(struct val_anchors* anchors, sldns_buffer* buffer,
const char* fname)
{
int line_nr = 1;
@@ -755,11 +742,11 @@ anchor_read_bind_file(struct val_anchors* anchors, ldns_buffer* buffer,
}
verbose(VERB_QUERY, "reading in bind-compat-mode: '%s'", fname);
/* scan for trusted-keys keyword, ignore everything else */
- ldns_buffer_clear(buffer);
+ sldns_buffer_clear(buffer);
while((rdlen=readkeyword_bindfile(in, buffer, &line_nr, 1)) != 0) {
- if(rdlen != 12 || strncmp((char*)ldns_buffer_begin(buffer),
+ if(rdlen != 12 || strncmp((char*)sldns_buffer_begin(buffer),
"trusted-keys", 12) != 0) {
- ldns_buffer_clear(buffer);
+ sldns_buffer_clear(buffer);
/* ignore everything but trusted-keys */
continue;
}
@@ -779,7 +766,7 @@ anchor_read_bind_file(struct val_anchors* anchors, ldns_buffer* buffer,
fclose(in);
return 0;
}
- ldns_buffer_clear(buffer);
+ sldns_buffer_clear(buffer);
}
fclose(in);
return 1;
@@ -794,7 +781,7 @@ anchor_read_bind_file(struct val_anchors* anchors, ldns_buffer* buffer,
* @return false on error.
*/
static int
-anchor_read_bind_file_wild(struct val_anchors* anchors, ldns_buffer* buffer,
+anchor_read_bind_file_wild(struct val_anchors* anchors, sldns_buffer* buffer,
const char* pat)
{
#ifdef HAVE_GLOB
@@ -1052,13 +1039,13 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
{
struct config_strlist* f;
char* nm;
- ldns_buffer* parsebuf = ldns_buffer_new(65535);
+ sldns_buffer* parsebuf = sldns_buffer_new(65535);
for(f = cfg->domain_insecure; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
if(!anchor_insert_insecure(anchors, f->str)) {
log_err("error in domain-insecure: %s", f->str);
- ldns_buffer_free(parsebuf);
+ sldns_buffer_free(parsebuf);
return 0;
}
}
@@ -1071,7 +1058,7 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
nm += strlen(cfg->chrootdir);
if(!anchor_read_file(anchors, parsebuf, nm, 0)) {
log_err("error reading trust-anchor-file: %s", f->str);
- ldns_buffer_free(parsebuf);
+ sldns_buffer_free(parsebuf);
return 0;
}
}
@@ -1084,7 +1071,7 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
nm += strlen(cfg->chrootdir);
if(!anchor_read_bind_file_wild(anchors, parsebuf, nm)) {
log_err("error reading trusted-keys-file: %s", f->str);
- ldns_buffer_free(parsebuf);
+ sldns_buffer_free(parsebuf);
return 0;
}
}
@@ -1093,7 +1080,7 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
continue;
if(!anchor_store_str(anchors, parsebuf, f->str)) {
log_err("error in trust-anchor: \"%s\"", f->str);
- ldns_buffer_free(parsebuf);
+ sldns_buffer_free(parsebuf);
return 0;
}
}
@@ -1107,7 +1094,7 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
nm, 1))) {
log_err("error reading dlv-anchor-file: %s",
cfg->dlv_anchor_file);
- ldns_buffer_free(parsebuf);
+ sldns_buffer_free(parsebuf);
return 0;
}
lock_basic_lock(&anchors->lock);
@@ -1121,7 +1108,7 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
if(!(dlva = anchor_store_str(
anchors, parsebuf, f->str))) {
log_err("error in dlv-anchor: \"%s\"", f->str);
- ldns_buffer_free(parsebuf);
+ sldns_buffer_free(parsebuf);
return 0;
}
lock_basic_lock(&anchors->lock);
@@ -1140,14 +1127,14 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
if(!autr_read_file(anchors, nm)) {
log_err("error reading auto-trust-anchor-file: %s",
f->str);
- ldns_buffer_free(parsebuf);
+ sldns_buffer_free(parsebuf);
return 0;
}
}
/* first assemble, since it may delete useless anchors */
anchors_assemble_rrsets(anchors);
init_parents(anchors);
- ldns_buffer_free(parsebuf);
+ sldns_buffer_free(parsebuf);
if(verbosity >= VERB_ALGO) autr_debug_print(anchors);
return 1;
}
@@ -1197,6 +1184,8 @@ anchors_get_mem(struct val_anchors* anchors)
{
struct trust_anchor *ta;
size_t s = sizeof(*anchors);
+ if(!anchors)
+ return 0;
RBTREE_FOR(ta, struct trust_anchor*, anchors->tree) {
s += sizeof(*ta) + ta->namelen;
/* keys and so on */
diff --git a/validator/val_anchor.h b/validator/val_anchor.h
index 5a3ad409a83e3..4951b9996cb02 100644
--- a/validator/val_anchor.h
+++ b/validator/val_anchor.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -48,6 +48,7 @@ struct config_file;
struct ub_packed_rrset_key;
struct autr_point_data;
struct autr_global_data;
+struct sldns_buffer;
/**
* Trust anchor store.
@@ -184,7 +185,7 @@ struct trust_anchor* anchor_find(struct val_anchors* anchors,
* @return NULL on error.
*/
struct trust_anchor* anchor_store_str(struct val_anchors* anchors,
- ldns_buffer* buffer, const char* str);
+ struct sldns_buffer* buffer, const char* str);
/**
* Get memory in use by the trust anchor storage
diff --git a/validator/val_kcache.c b/validator/val_kcache.c
index 6d4ad8f32a149..22070cc6a90ef 100644
--- a/validator/val_kcache.c
+++ b/validator/val_kcache.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
diff --git a/validator/val_kcache.h b/validator/val_kcache.h
index 8f562109621a4..76c9dd094d1a3 100644
--- a/validator/val_kcache.h
+++ b/validator/val_kcache.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
diff --git a/validator/val_kentry.c b/validator/val_kentry.c
index e9144838feb80..f99f18e894a11 100644
--- a/validator/val_kentry.c
+++ b/validator/val_kentry.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -39,13 +39,14 @@
* This file contains functions for dealing with validator key entries.
*/
#include "config.h"
-#include <ldns/ldns.h>
#include "validator/val_kentry.h"
#include "util/data/packed_rrset.h"
#include "util/data/dname.h"
#include "util/storage/lookup3.h"
#include "util/regional.h"
#include "util/net_help.h"
+#include "ldns/rrdef.h"
+#include "ldns/keyraw.h"
size_t
key_entry_sizefunc(void* key, void* data)
@@ -377,7 +378,7 @@ dnskey_get_keysize(struct packed_rrset_data* data, size_t idx)
algo = (int)data->rr_data[idx][2+3];
pk = (unsigned char*)data->rr_data[idx]+2+4;
pklen = (unsigned)data->rr_len[idx]-2-4;
- return ldns_rr_dnskey_key_size_raw(pk, pklen, algo);
+ return sldns_rr_dnskey_key_size_raw(pk, pklen, algo);
}
/** get dnskey flags from data */
diff --git a/validator/val_kentry.h b/validator/val_kentry.h
index 6a308f160f249..ade65571a57aa 100644
--- a/validator/val_kentry.h
+++ b/validator/val_kentry.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
diff --git a/validator/val_neg.c b/validator/val_neg.c
index e8d9d56ad6fae..1d7a5c56e85fe 100644
--- a/validator/val_neg.c
+++ b/validator/val_neg.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -59,6 +59,8 @@
#include "util/config_file.h"
#include "services/cache/rrset.h"
#include "services/cache/dns.h"
+#include "ldns/rrdef.h"
+#include "ldns/sbuffer.h"
int val_neg_data_compare(const void* a, const void* b)
{
@@ -1174,7 +1176,7 @@ grab_nsec(struct rrset_cache* rrset_cache, uint8_t* qname, size_t qname_len,
/** find nsec3 closest encloser in neg cache */
static struct val_neg_data*
neg_find_nsec3_ce(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
- int qlabs, ldns_buffer* buf, uint8_t* hashnc, size_t* nclen)
+ int qlabs, sldns_buffer* buf, uint8_t* hashnc, size_t* nclen)
{
struct val_neg_data* data;
uint8_t hashce[NSEC3_SHA_LEN];
@@ -1257,7 +1259,7 @@ neg_nsec3_getnc(struct val_neg_zone* zone, uint8_t* hashnc, size_t nclen,
/** neg cache nsec3 proof procedure*/
static struct dns_msg*
neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
- int qlabs, ldns_buffer* buf, struct rrset_cache* rrset_cache,
+ int qlabs, sldns_buffer* buf, struct rrset_cache* rrset_cache,
struct regional* region, time_t now, uint8_t* topname)
{
struct dns_msg* msg;
@@ -1388,7 +1390,7 @@ static int add_soa(struct rrset_cache* rrset_cache, time_t now,
struct dns_msg*
val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
struct regional* region, struct rrset_cache* rrset_cache,
- ldns_buffer* buf, time_t now, int addsoa, uint8_t* topname)
+ sldns_buffer* buf, time_t now, int addsoa, uint8_t* topname)
{
struct dns_msg* msg;
struct ub_packed_rrset_key* rrset;
diff --git a/validator/val_neg.h b/validator/val_neg.h
index ec4f42f6ab7da..967d1a70f9c41 100644
--- a/validator/val_neg.h
+++ b/validator/val_neg.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -46,6 +46,7 @@
#define VALIDATOR_VAL_NEG_H
#include "util/locks.h"
#include "util/rbtree.h"
+struct sldns_buffer;
struct val_neg_data;
struct config_file;
struct reply_info;
@@ -255,7 +256,7 @@ int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len,
*/
struct dns_msg* val_neg_getmsg(struct val_neg_cache* neg,
struct query_info* qinfo, struct regional* region,
- struct rrset_cache* rrset_cache, ldns_buffer* buf, time_t now,
+ struct rrset_cache* rrset_cache, struct sldns_buffer* buf, time_t now,
int addsoa, uint8_t* topname);
diff --git a/validator/val_nsec.c b/validator/val_nsec.c
index e377ca4b9401d..bdfe3c8fa18f3 100644
--- a/validator/val_nsec.c
+++ b/validator/val_nsec.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -41,7 +41,6 @@
* for denial of existance, and proofs for presence of types.
*/
#include "config.h"
-#include <ldns/packet.h>
#include "validator/val_nsec.h"
#include "validator/val_utils.h"
#include "util/data/msgreply.h"
diff --git a/validator/val_nsec.h b/validator/val_nsec.h
index 2e86fa978f746..f680d08c0ae42 100644
--- a/validator/val_nsec.h
+++ b/validator/val_nsec.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
diff --git a/validator/val_nsec3.c b/validator/val_nsec3.c
index 20580c0d755fc..fe5091c0a384c 100644
--- a/validator/val_nsec3.c
+++ b/validator/val_nsec3.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -62,18 +62,19 @@
#include "util/data/msgreply.h"
/* we include nsec.h for the bitmap_has_type function */
#include "validator/val_nsec.h"
+#include "ldns/sbuffer.h"
/**
* This function we get from ldns-compat or from base system
* it returns the number of data bytes stored at the target, or <0 on error.
*/
-int ldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
+int sldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
char *target, size_t targsize);
/**
* This function we get from ldns-compat or from base system
* it returns the number of data bytes stored at the target, or <0 on error.
*/
-int ldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len,
+int sldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len,
uint8_t *target, size_t targsize);
/**
@@ -259,7 +260,7 @@ size_t nsec3_hash_to_b32(uint8_t* hash, size_t hashlen, uint8_t* zone,
int ret;
if(max < hashlen*2+1) /* quick approx of b32, as if hexb16 */
return 0;
- ret = ldns_b32_ntop_extended_hex(hash, hashlen, (char*)buf+1, max-1);
+ ret = sldns_b32_ntop_extended_hex(hash, hashlen, (char*)buf+1, max-1);
if(ret < 1)
return 0;
buf[0] = (uint8_t)ret; /* length of b32 label */
@@ -534,16 +535,16 @@ nsec3_hash_cmp(const void* c1, const void* c2)
}
size_t
-nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
+nsec3_get_hashed(sldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max)
{
size_t i, hash_len;
/* prepare buffer for first iteration */
- ldns_buffer_clear(buf);
- ldns_buffer_write(buf, nm, nmlen);
- query_dname_tolower(ldns_buffer_begin(buf));
- ldns_buffer_write(buf, salt, saltlen);
- ldns_buffer_flip(buf);
+ sldns_buffer_clear(buf);
+ sldns_buffer_write(buf, nm, nmlen);
+ query_dname_tolower(sldns_buffer_begin(buf));
+ sldns_buffer_write(buf, salt, saltlen);
+ sldns_buffer_flip(buf);
switch(algo) {
#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
case NSEC3_HASH_SHA1:
@@ -555,29 +556,29 @@ nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
if(hash_len > max)
return 0;
# ifdef HAVE_SSL
- (void)SHA1((unsigned char*)ldns_buffer_begin(buf),
- (unsigned long)ldns_buffer_limit(buf),
+ (void)SHA1((unsigned char*)sldns_buffer_begin(buf),
+ (unsigned long)sldns_buffer_limit(buf),
(unsigned char*)res);
# else
(void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)res,
- (unsigned char*)ldns_buffer_begin(buf),
- (unsigned long)ldns_buffer_limit(buf));
+ (unsigned char*)sldns_buffer_begin(buf),
+ (unsigned long)sldns_buffer_limit(buf));
# endif
for(i=0; i<iter; i++) {
- ldns_buffer_clear(buf);
- ldns_buffer_write(buf, res, hash_len);
- ldns_buffer_write(buf, salt, saltlen);
- ldns_buffer_flip(buf);
+ sldns_buffer_clear(buf);
+ sldns_buffer_write(buf, res, hash_len);
+ sldns_buffer_write(buf, salt, saltlen);
+ sldns_buffer_flip(buf);
# ifdef HAVE_SSL
(void)SHA1(
- (unsigned char*)ldns_buffer_begin(buf),
- (unsigned long)ldns_buffer_limit(buf),
+ (unsigned char*)sldns_buffer_begin(buf),
+ (unsigned long)sldns_buffer_limit(buf),
(unsigned char*)res);
# else
(void)HASH_HashBuf(HASH_AlgSHA1,
(unsigned char*)res,
- (unsigned char*)ldns_buffer_begin(buf),
- (unsigned long)ldns_buffer_limit(buf));
+ (unsigned char*)sldns_buffer_begin(buf),
+ (unsigned long)sldns_buffer_limit(buf));
# endif
}
break;
@@ -591,7 +592,7 @@ nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
/** perform hash of name */
static int
-nsec3_calc_hash(struct regional* region, ldns_buffer* buf,
+nsec3_calc_hash(struct regional* region, sldns_buffer* buf,
struct nsec3_cached_hash* c)
{
int algo = nsec3_get_algo(c->nsec3, c->rr);
@@ -601,11 +602,11 @@ nsec3_calc_hash(struct regional* region, ldns_buffer* buf,
if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen))
return -1;
/* prepare buffer for first iteration */
- ldns_buffer_clear(buf);
- ldns_buffer_write(buf, c->dname, c->dname_len);
- query_dname_tolower(ldns_buffer_begin(buf));
- ldns_buffer_write(buf, salt, saltlen);
- ldns_buffer_flip(buf);
+ sldns_buffer_clear(buf);
+ sldns_buffer_write(buf, c->dname, c->dname_len);
+ query_dname_tolower(sldns_buffer_begin(buf));
+ sldns_buffer_write(buf, salt, saltlen);
+ sldns_buffer_flip(buf);
switch(algo) {
#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
case NSEC3_HASH_SHA1:
@@ -619,30 +620,30 @@ nsec3_calc_hash(struct regional* region, ldns_buffer* buf,
if(!c->hash)
return 0;
# ifdef HAVE_SSL
- (void)SHA1((unsigned char*)ldns_buffer_begin(buf),
- (unsigned long)ldns_buffer_limit(buf),
+ (void)SHA1((unsigned char*)sldns_buffer_begin(buf),
+ (unsigned long)sldns_buffer_limit(buf),
(unsigned char*)c->hash);
# else
(void)HASH_HashBuf(HASH_AlgSHA1,
(unsigned char*)c->hash,
- (unsigned char*)ldns_buffer_begin(buf),
- (unsigned long)ldns_buffer_limit(buf));
+ (unsigned char*)sldns_buffer_begin(buf),
+ (unsigned long)sldns_buffer_limit(buf));
# endif
for(i=0; i<iter; i++) {
- ldns_buffer_clear(buf);
- ldns_buffer_write(buf, c->hash, c->hash_len);
- ldns_buffer_write(buf, salt, saltlen);
- ldns_buffer_flip(buf);
+ sldns_buffer_clear(buf);
+ sldns_buffer_write(buf, c->hash, c->hash_len);
+ sldns_buffer_write(buf, salt, saltlen);
+ sldns_buffer_flip(buf);
# ifdef HAVE_SSL
(void)SHA1(
- (unsigned char*)ldns_buffer_begin(buf),
- (unsigned long)ldns_buffer_limit(buf),
+ (unsigned char*)sldns_buffer_begin(buf),
+ (unsigned long)sldns_buffer_limit(buf),
(unsigned char*)c->hash);
# else
(void)HASH_HashBuf(HASH_AlgSHA1,
(unsigned char*)c->hash,
- (unsigned char*)ldns_buffer_begin(buf),
- (unsigned long)ldns_buffer_limit(buf));
+ (unsigned char*)sldns_buffer_begin(buf),
+ (unsigned long)sldns_buffer_limit(buf));
# endif
}
break;
@@ -656,19 +657,19 @@ nsec3_calc_hash(struct regional* region, ldns_buffer* buf,
/** perform b32 encoding of hash */
static int
-nsec3_calc_b32(struct regional* region, ldns_buffer* buf,
+nsec3_calc_b32(struct regional* region, sldns_buffer* buf,
struct nsec3_cached_hash* c)
{
int r;
- ldns_buffer_clear(buf);
- r = ldns_b32_ntop_extended_hex(c->hash, c->hash_len,
- (char*)ldns_buffer_begin(buf), ldns_buffer_limit(buf));
+ sldns_buffer_clear(buf);
+ r = sldns_b32_ntop_extended_hex(c->hash, c->hash_len,
+ (char*)sldns_buffer_begin(buf), sldns_buffer_limit(buf));
if(r < 1) {
log_err("b32_ntop_extended_hex: error in encoding: %d", r);
return 0;
}
c->b32_len = (size_t)r;
- c->b32 = regional_alloc_init(region, ldns_buffer_begin(buf),
+ c->b32 = regional_alloc_init(region, sldns_buffer_begin(buf),
c->b32_len);
if(!c->b32)
return 0;
@@ -676,7 +677,7 @@ nsec3_calc_b32(struct regional* region, ldns_buffer* buf,
}
int
-nsec3_hash_name(rbtree_t* table, struct regional* region, ldns_buffer* buf,
+nsec3_hash_name(rbtree_t* table, struct regional* region, sldns_buffer* buf,
struct ub_packed_rrset_key* nsec3, int rr, uint8_t* dname,
size_t dname_len, struct nsec3_cached_hash** hash)
{
@@ -816,7 +817,7 @@ find_matching_nsec3(struct module_env* env, struct nsec3_filter* flt,
int
nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash,
- struct ub_packed_rrset_key* rrset, int rr, ldns_buffer* buf)
+ struct ub_packed_rrset_key* rrset, int rr, sldns_buffer* buf)
{
uint8_t* next, *owner;
size_t nextlen;
@@ -840,10 +841,10 @@ nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash,
return 1;
/* convert owner name from text to binary */
- ldns_buffer_clear(buf);
- owner = ldns_buffer_begin(buf);
- len = ldns_b32_pton_extended_hex((char*)rrset->rk.dname+1,
- hash->b32_len, owner, ldns_buffer_limit(buf));
+ sldns_buffer_clear(buf);
+ owner = sldns_buffer_begin(buf);
+ len = sldns_b32_pton_extended_hex((char*)rrset->rk.dname+1,
+ hash->b32_len, owner, sldns_buffer_limit(buf));
if(len<1)
return 0; /* bad owner name in some way */
if((size_t)len != hash->hash_len || (size_t)len != nextlen)
diff --git a/validator/val_nsec3.h b/validator/val_nsec3.h
index ae4326daffb62..d619d672d12c2 100644
--- a/validator/val_nsec3.h
+++ b/validator/val_nsec3.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -75,6 +75,7 @@ struct ub_packed_rrset_key;
struct reply_info;
struct query_info;
struct key_entry_key;
+struct sldns_buffer;
/**
* 0 1 2 3 4 5 6 7
@@ -270,9 +271,9 @@ int nsec3_hash_cmp(const void* c1, const void* c2);
* 0 on a malloc failure.
* -1 if the NSEC3 rr was badly formatted (i.e. formerr).
*/
-int nsec3_hash_name(rbtree_t* table, struct regional* region, ldns_buffer* buf,
- struct ub_packed_rrset_key* nsec3, int rr, uint8_t* dname,
- size_t dname_len, struct nsec3_cached_hash** hash);
+int nsec3_hash_name(rbtree_t* table, struct regional* region,
+ struct sldns_buffer* buf, struct ub_packed_rrset_key* nsec3, int rr,
+ uint8_t* dname, size_t dname_len, struct nsec3_cached_hash** hash);
/**
* Get next owner name, converted to base32 encoding and with the
@@ -328,8 +329,9 @@ int nsec3_get_params(struct ub_packed_rrset_key* rrset, int r,
* @param max: maximum space for result.
* @return 0 on failure, otherwise bytelength stored.
*/
-size_t nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
- size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max);
+size_t nsec3_get_hashed(struct sldns_buffer* buf, uint8_t* nm, size_t nmlen,
+ int algo, size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res,
+ size_t max);
/**
* see if NSEC3 RR contains given type
@@ -373,6 +375,6 @@ int nsec3_get_nextowner(struct ub_packed_rrset_key* rrset, int r,
* @return true if covers, false if not.
*/
int nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash,
- struct ub_packed_rrset_key* rrset, int rr, ldns_buffer* buf);
+ struct ub_packed_rrset_key* rrset, int rr, struct sldns_buffer* buf);
#endif /* VALIDATOR_VAL_NSEC3_H */
diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
index 92fd0cc4c8c20..d89675f835b09 100644
--- a/validator/val_secalgo.c
+++ b/validator/val_secalgo.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -41,10 +41,12 @@
* and do the library calls (for the crypto library in use).
*/
#include "config.h"
-#include <ldns/ldns.h>
#include "validator/val_secalgo.h"
#include "util/data/packed_rrset.h"
#include "util/log.h"
+#include "ldns/rrdef.h"
+#include "ldns/keyraw.h"
+#include "ldns/sbuffer.h"
#if !defined(HAVE_SSL) && !defined(HAVE_NSS)
#error "Need crypto library to do digital signature cryptography"
@@ -108,7 +110,7 @@ do_gost94(unsigned char* data, size_t len, unsigned char* dest)
const EVP_MD* md = EVP_get_digestbyname("md_gost94");
if(!md)
return 0;
- return ldns_digest_evp(data, (unsigned int)len, dest, md);
+ return sldns_digest_evp(data, (unsigned int)len, dest, md);
}
#endif
@@ -172,7 +174,7 @@ dnskey_algo_id_is_supported(int id)
#ifdef USE_GOST
case LDNS_ECC_GOST:
/* we support GOST if it can be loaded */
- return ldns_key_EVP_load_gost_id();
+ return sldns_key_EVP_load_gost_id();
#endif
default:
return 0;
@@ -304,10 +306,10 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
log_err("verify: malloc failure in crypto");
return 0;
}
- dsa = ldns_key_buf2dsa_raw(key, keylen);
+ dsa = sldns_key_buf2dsa_raw(key, keylen);
if(!dsa) {
verbose(VERB_QUERY, "verify: "
- "ldns_key_buf2dsa_raw failed");
+ "sldns_key_buf2dsa_raw failed");
return 0;
}
if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) {
@@ -331,10 +333,10 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
log_err("verify: malloc failure in crypto");
return 0;
}
- rsa = ldns_key_buf2rsa_raw(key, keylen);
+ rsa = sldns_key_buf2rsa_raw(key, keylen);
if(!rsa) {
verbose(VERB_QUERY, "verify: "
- "ldns_key_buf2rsa_raw SHA failed");
+ "sldns_key_buf2rsa_raw SHA failed");
return 0;
}
if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
@@ -363,10 +365,10 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
log_err("verify: malloc failure in crypto");
return 0;
}
- rsa = ldns_key_buf2rsa_raw(key, keylen);
+ rsa = sldns_key_buf2rsa_raw(key, keylen);
if(!rsa) {
verbose(VERB_QUERY, "verify: "
- "ldns_key_buf2rsa_raw MD5 failed");
+ "sldns_key_buf2rsa_raw MD5 failed");
return 0;
}
if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
@@ -379,10 +381,10 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
break;
#ifdef USE_GOST
case LDNS_ECC_GOST:
- *evp_key = ldns_gost2pkey_raw(key, keylen);
+ *evp_key = sldns_gost2pkey_raw(key, keylen);
if(!*evp_key) {
verbose(VERB_QUERY, "verify: "
- "ldns_gost2pkey_raw failed");
+ "sldns_gost2pkey_raw failed");
return 0;
}
*digest_type = EVP_get_digestbyname("md_gost94");
@@ -395,11 +397,11 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
#endif
#ifdef USE_ECDSA
case LDNS_ECDSAP256SHA256:
- *evp_key = ldns_ecdsa2pkey_raw(key, keylen,
+ *evp_key = sldns_ecdsa2pkey_raw(key, keylen,
LDNS_ECDSAP256SHA256);
if(!*evp_key) {
verbose(VERB_QUERY, "verify: "
- "ldns_ecdsa2pkey_raw failed");
+ "sldns_ecdsa2pkey_raw failed");
return 0;
}
#ifdef USE_ECDSA_EVP_WORKAROUND
@@ -422,11 +424,11 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
#endif
break;
case LDNS_ECDSAP384SHA384:
- *evp_key = ldns_ecdsa2pkey_raw(key, keylen,
+ *evp_key = sldns_ecdsa2pkey_raw(key, keylen,
LDNS_ECDSAP384SHA384);
if(!*evp_key) {
verbose(VERB_QUERY, "verify: "
- "ldns_ecdsa2pkey_raw failed");
+ "sldns_ecdsa2pkey_raw failed");
return 0;
}
#ifdef USE_ECDSA_EVP_WORKAROUND
@@ -471,7 +473,7 @@ setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
* unchecked on format errors and alloc failures.
*/
enum sec_status
-verify_canonrrset(ldns_buffer* buf, int algo, unsigned char* sigblock,
+verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
unsigned int sigblock_len, unsigned char* key, unsigned int keylen,
char** reason)
{
@@ -518,8 +520,8 @@ verify_canonrrset(ldns_buffer* buf, int algo, unsigned char* sigblock,
if(dofree) free(sigblock);
return sec_status_unchecked;
}
- if(EVP_VerifyUpdate(&ctx, (unsigned char*)ldns_buffer_begin(buf),
- (unsigned int)ldns_buffer_limit(buf)) == 0) {
+ if(EVP_VerifyUpdate(&ctx, (unsigned char*)sldns_buffer_begin(buf),
+ (unsigned int)sldns_buffer_limit(buf)) == 0) {
verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed");
EVP_PKEY_free(evp_key);
if(dofree) free(sigblock);
@@ -963,7 +965,7 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype,
* unchecked on format errors and alloc failures.
*/
enum sec_status
-verify_canonrrset(ldns_buffer* buf, int algo, unsigned char* sigblock,
+verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
unsigned int sigblock_len, unsigned char* key, unsigned int keylen,
char** reason)
{
@@ -1019,8 +1021,8 @@ verify_canonrrset(ldns_buffer* buf, int algo, unsigned char* sigblock,
SECKEY_DestroyPublicKey(pubkey);
return sec_status_unchecked;
}
- if(HASH_HashBuf(htype, hash, (unsigned char*)ldns_buffer_begin(buf),
- (unsigned int)ldns_buffer_limit(buf)) != SECSuccess) {
+ if(HASH_HashBuf(htype, hash, (unsigned char*)sldns_buffer_begin(buf),
+ (unsigned int)sldns_buffer_limit(buf)) != SECSuccess) {
verbose(VERB_QUERY, "verify: HASH_HashBuf failed");
SECKEY_DestroyPublicKey(pubkey);
return sec_status_unchecked;
diff --git a/validator/val_secalgo.h b/validator/val_secalgo.h
index a5832af871e81..085fbc5a44f8f 100644
--- a/validator/val_secalgo.h
+++ b/validator/val_secalgo.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -42,6 +42,7 @@
#ifndef VALIDATOR_VAL_SECALGO_H
#define VALIDATOR_VAL_SECALGO_H
+struct sldns_buffer;
/**
* Return size of DS digest according to its hash algorithm.
@@ -76,7 +77,7 @@ int dnskey_algo_id_is_supported(int id);
* @return secure if verification succeeded, bogus on crypto failure,
* unchecked on format errors and alloc failures.
*/
-enum sec_status verify_canonrrset(ldns_buffer* buf, int algo,
+enum sec_status verify_canonrrset(struct sldns_buffer* buf, int algo,
unsigned char* sigblock, unsigned int sigblock_len,
unsigned char* key, unsigned int keylen, char** reason);
diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c
index 37e1ce14e21ae..5a4d0f471a84f 100644
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -41,7 +41,6 @@
* bridging between RR wireformat data and crypto calls.
*/
#include "config.h"
-#include <ldns/ldns.h>
#include "validator/val_sigcrypt.h"
#include "validator/val_secalgo.h"
#include "validator/validator.h"
@@ -52,7 +51,12 @@
#include "util/module.h"
#include "util/net_help.h"
#include "util/regional.h"
+#include "ldns/keyraw.h"
+#include "ldns/sbuffer.h"
+#include "ldns/parseutil.h"
+#include "ldns/wire2str.h"
+#include <ctype.h>
#if !defined(HAVE_SSL) && !defined(HAVE_NSS)
#error "Need crypto library to do digital signature cryptography"
#endif
@@ -286,7 +290,7 @@ ds_create_dnskey_digest(struct module_env* env,
struct ub_packed_rrset_key* ds_rrset, size_t ds_idx,
uint8_t* digest)
{
- ldns_buffer* b = env->scratch_buffer;
+ sldns_buffer* b = env->scratch_buffer;
uint8_t* dnskey_rdata;
size_t dnskey_len;
rrset_get_rdata(dnskey_rrset, dnskey_idx, &dnskey_rdata, &dnskey_len);
@@ -294,15 +298,15 @@ ds_create_dnskey_digest(struct module_env* env,
/* create digest source material in buffer
* digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
* DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. */
- ldns_buffer_clear(b);
- ldns_buffer_write(b, dnskey_rrset->rk.dname,
+ sldns_buffer_clear(b);
+ sldns_buffer_write(b, dnskey_rrset->rk.dname,
dnskey_rrset->rk.dname_len);
- query_dname_tolower(ldns_buffer_begin(b));
- ldns_buffer_write(b, dnskey_rdata+2, dnskey_len-2); /* skip rdatalen*/
- ldns_buffer_flip(b);
+ query_dname_tolower(sldns_buffer_begin(b));
+ sldns_buffer_write(b, dnskey_rdata+2, dnskey_len-2); /* skip rdatalen*/
+ sldns_buffer_flip(b);
return secalgo_ds_digest(ds_get_digest_algo(ds_rrset, ds_idx),
- (unsigned char*)ldns_buffer_begin(b), ldns_buffer_limit(b),
+ (unsigned char*)sldns_buffer_begin(b), sldns_buffer_limit(b),
(unsigned char*)digest);
}
@@ -366,7 +370,7 @@ dnskey_calc_keytag(struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx)
size_t len;
rrset_get_rdata(dnskey_rrset, dnskey_idx, &data, &len);
/* do not pass rdatalen to ldns */
- return ldns_calc_keytag_raw(data+2, len-2);
+ return sldns_calc_keytag_raw(data+2, len-2);
}
int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset,
@@ -530,7 +534,7 @@ dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve,
void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s)
{
char buf[256];
- ldns_lookup_table *t = ldns_lookup_by_id(ldns_algorithms, alg);
+ sldns_lookup_table *t = sldns_lookup_by_id(sldns_algorithms, alg);
if(t&&t->name)
snprintf(buf, sizeof(buf), "%s with algorithm %s", s, t->name);
else snprintf(buf, sizeof(buf), "%s with algorithm ALG%u", s,
@@ -640,7 +644,7 @@ struct canon_rr {
*/
static int
canonical_compare_byfield(struct packed_rrset_data* d,
- const ldns_rr_descriptor* desc, size_t i, size_t j)
+ const sldns_rr_descriptor* desc, size_t i, size_t j)
{
/* sweep across rdata, keep track of some state:
* which rr field, and bytes left in field.
@@ -784,7 +788,7 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j)
{
struct packed_rrset_data* d = (struct packed_rrset_data*)
rrset->entry.data;
- const ldns_rr_descriptor* desc;
+ const sldns_rr_descriptor* desc;
uint16_t type = ntohs(rrset->rk.type);
size_t minlen;
int c;
@@ -836,7 +840,7 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j)
case LDNS_RR_TYPE_PX:
case LDNS_RR_TYPE_NAPTR:
case LDNS_RR_TYPE_SRV:
- desc = ldns_rr_descript(type);
+ desc = sldns_rr_descript(type);
log_assert(desc);
/* this holds for the types that need canonicalizing */
log_assert(desc->_minimum == desc->_maximum);
@@ -909,15 +913,15 @@ canonical_sort(struct ub_packed_rrset_key* rrset, struct packed_rrset_data* d,
* @param can_owner_len: length of canonical owner name.
*/
static void
-insert_can_owner(ldns_buffer* buf, struct ub_packed_rrset_key* k,
+insert_can_owner(sldns_buffer* buf, struct ub_packed_rrset_key* k,
uint8_t* sig, uint8_t** can_owner, size_t* can_owner_len)
{
int rrsig_labels = (int)sig[3];
int fqdn_labels = dname_signame_label_count(k->rk.dname);
- *can_owner = ldns_buffer_current(buf);
+ *can_owner = sldns_buffer_current(buf);
if(rrsig_labels == fqdn_labels) {
/* no change */
- ldns_buffer_write(buf, k->rk.dname, k->rk.dname_len);
+ sldns_buffer_write(buf, k->rk.dname, k->rk.dname_len);
query_dname_tolower(*can_owner);
*can_owner_len = k->rk.dname_len;
return;
@@ -933,8 +937,8 @@ insert_can_owner(ldns_buffer* buf, struct ub_packed_rrset_key* k,
dname_remove_label(&nm, &len);
}
*can_owner_len = len+2;
- ldns_buffer_write(buf, (uint8_t*)"\001*", 2);
- ldns_buffer_write(buf, nm, len);
+ sldns_buffer_write(buf, (uint8_t*)"\001*", 2);
+ sldns_buffer_write(buf, nm, len);
query_dname_tolower(*can_owner);
}
}
@@ -946,10 +950,10 @@ insert_can_owner(ldns_buffer* buf, struct ub_packed_rrset_key* k,
* @param len: length of the rdata (including rdatalen uint16).
*/
static void
-canonicalize_rdata(ldns_buffer* buf, struct ub_packed_rrset_key* rrset,
+canonicalize_rdata(sldns_buffer* buf, struct ub_packed_rrset_key* rrset,
size_t len)
{
- uint8_t* datstart = ldns_buffer_current(buf)-len+2;
+ uint8_t* datstart = sldns_buffer_current(buf)-len+2;
switch(ntohs(rrset->rk.type)) {
case LDNS_RR_TYPE_NXT:
case LDNS_RR_TYPE_NS:
@@ -1040,6 +1044,69 @@ canonicalize_rdata(ldns_buffer* buf, struct ub_packed_rrset_key* rrset,
}
}
+int rrset_canonical_equal(struct regional* region,
+ struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2)
+{
+ struct rbtree_t sortree1, sortree2;
+ struct canon_rr *rrs1, *rrs2, *p1, *p2;
+ struct packed_rrset_data* d1=(struct packed_rrset_data*)k1->entry.data;
+ struct packed_rrset_data* d2=(struct packed_rrset_data*)k2->entry.data;
+ struct ub_packed_rrset_key fk;
+ struct packed_rrset_data fd;
+ size_t flen[2];
+ uint8_t* fdata[2];
+
+ /* basic compare */
+ if(k1->rk.dname_len != k2->rk.dname_len ||
+ k1->rk.flags != k2->rk.flags ||
+ k1->rk.type != k2->rk.type ||
+ k1->rk.rrset_class != k2->rk.rrset_class ||
+ query_dname_compare(k1->rk.dname, k2->rk.dname) != 0)
+ return 0;
+ if(d1->ttl != d2->ttl ||
+ d1->count != d2->count ||
+ d1->rrsig_count != d2->rrsig_count ||
+ d1->trust != d2->trust ||
+ d1->security != d2->security)
+ return 0;
+
+ /* init */
+ memset(&fk, 0, sizeof(fk));
+ memset(&fd, 0, sizeof(fd));
+ fk.entry.data = &fd;
+ fd.count = 2;
+ fd.rr_len = flen;
+ fd.rr_data = fdata;
+ rbtree_init(&sortree1, &canonical_tree_compare);
+ rbtree_init(&sortree2, &canonical_tree_compare);
+ rrs1 = regional_alloc(region, sizeof(struct canon_rr)*d1->count);
+ rrs2 = regional_alloc(region, sizeof(struct canon_rr)*d2->count);
+ if(!rrs1 || !rrs2) return 1; /* alloc failure */
+
+ /* sort */
+ canonical_sort(k1, d1, &sortree1, rrs1);
+ canonical_sort(k2, d2, &sortree2, rrs2);
+
+ /* compare canonical-sorted RRs for canonical-equality */
+ if(sortree1.count != sortree2.count)
+ return 0;
+ p1 = (struct canon_rr*)rbtree_first(&sortree1);
+ p2 = (struct canon_rr*)rbtree_first(&sortree2);
+ while(p1 != (struct canon_rr*)RBTREE_NULL &&
+ p2 != (struct canon_rr*)RBTREE_NULL) {
+ flen[0] = d1->rr_len[p1->rr_idx];
+ flen[1] = d2->rr_len[p2->rr_idx];
+ fdata[0] = d1->rr_data[p1->rr_idx];
+ fdata[1] = d2->rr_data[p2->rr_idx];
+
+ if(canonical_compare(&fk, 0, 1) != 0)
+ return 0;
+ p1 = (struct canon_rr*)rbtree_next(&p1->node);
+ p2 = (struct canon_rr*)rbtree_next(&p2->node);
+ }
+ return 1;
+}
+
/**
* Create canonical form of rrset in the scratch buffer.
* @param region: temporary region.
@@ -1053,7 +1120,7 @@ canonicalize_rdata(ldns_buffer* buf, struct ub_packed_rrset_key* rrset,
* @return false on alloc error.
*/
static int
-rrset_canonical(struct regional* region, ldns_buffer* buf,
+rrset_canonical(struct regional* region, sldns_buffer* buf,
struct ub_packed_rrset_key* k, uint8_t* sig, size_t siglen,
struct rbtree_t** sortree)
{
@@ -1077,13 +1144,13 @@ rrset_canonical(struct regional* region, ldns_buffer* buf,
canonical_sort(k, d, *sortree, rrs);
}
- ldns_buffer_clear(buf);
- ldns_buffer_write(buf, sig, siglen);
+ sldns_buffer_clear(buf);
+ sldns_buffer_write(buf, sig, siglen);
/* canonicalize signer name */
- query_dname_tolower(ldns_buffer_begin(buf)+18);
+ query_dname_tolower(sldns_buffer_begin(buf)+18);
RBTREE_FOR(walk, struct canon_rr*, (*sortree)) {
/* see if there is enough space left in the buffer */
- if(ldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4
+ if(sldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4
+ d->rr_len[walk->rr_idx]) {
log_err("verify: failed to canonicalize, "
"rrset too big");
@@ -1091,17 +1158,17 @@ rrset_canonical(struct regional* region, ldns_buffer* buf,
}
/* determine canonical owner name */
if(can_owner)
- ldns_buffer_write(buf, can_owner, can_owner_len);
+ sldns_buffer_write(buf, can_owner, can_owner_len);
else insert_can_owner(buf, k, sig, &can_owner,
&can_owner_len);
- ldns_buffer_write(buf, &k->rk.type, 2);
- ldns_buffer_write(buf, &k->rk.rrset_class, 2);
- ldns_buffer_write(buf, sig+4, 4);
- ldns_buffer_write(buf, d->rr_data[walk->rr_idx],
+ sldns_buffer_write(buf, &k->rk.type, 2);
+ sldns_buffer_write(buf, &k->rk.rrset_class, 2);
+ sldns_buffer_write(buf, sig+4, 4);
+ sldns_buffer_write(buf, d->rr_data[walk->rr_idx],
d->rr_len[walk->rr_idx]);
canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]);
}
- ldns_buffer_flip(buf);
+ sldns_buffer_flip(buf);
return 1;
}
@@ -1233,7 +1300,7 @@ adjust_ttl(struct val_env* ve, uint32_t unow,
}
enum sec_status
-dnskey_verify_rrset_sig(struct regional* region, ldns_buffer* buf,
+dnskey_verify_rrset_sig(struct regional* region, sldns_buffer* buf,
struct val_env* ve, time_t now,
struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
size_t dnskey_idx, size_t sig_idx,
diff --git a/validator/val_sigcrypt.h b/validator/val_sigcrypt.h
index 9859d3c39087b..68aa9a445ae8f 100644
--- a/validator/val_sigcrypt.h
+++ b/validator/val_sigcrypt.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -49,6 +49,7 @@ struct module_env;
struct ub_packed_rrset_key;
struct rbtree_t;
struct regional;
+struct sldns_buffer;
/** number of entries in algorithm needs array */
#define ALGO_NEEDS_MAX 256
@@ -298,7 +299,7 @@ enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env,
* bogus if it did not validate.
*/
enum sec_status dnskey_verify_rrset_sig(struct regional* region,
- ldns_buffer* buf, struct val_env* ve, time_t now,
+ struct sldns_buffer* buf, struct val_env* ve, time_t now,
struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
size_t dnskey_idx, size_t sig_idx,
struct rbtree_t** sortree, int* buf_canon, char** reason);
@@ -308,4 +309,15 @@ enum sec_status dnskey_verify_rrset_sig(struct regional* region,
*/
int canonical_tree_compare(const void* k1, const void* k2);
+/**
+ * Compare two rrsets and see if they are the same, canonicalised.
+ * The rrsets are not altered.
+ * @param region: temporary region.
+ * @param k1: rrset1
+ * @param k2: rrset2
+ * @return true if equal.
+ */
+int rrset_canonical_equal(struct regional* region,
+ struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2);
+
#endif /* VALIDATOR_VAL_SIGCRYPT_H */
diff --git a/validator/val_utils.c b/validator/val_utils.c
index 73e7dbd9020f8..ecf2dfaf05c89 100644
--- a/validator/val_utils.c
+++ b/validator/val_utils.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
diff --git a/validator/val_utils.h b/validator/val_utils.h
index f0afc3756e9f1..b0344eff7de9f 100644
--- a/validator/val_utils.h
+++ b/validator/val_utils.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
diff --git a/validator/validator.c b/validator/validator.c
index ad472cc6a9534..aefa26a279486 100644
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
@@ -40,7 +40,6 @@
* According to RFC 4034.
*/
#include "config.h"
-#include <ldns/ldns.h>
#include "validator/validator.h"
#include "validator/val_anchor.h"
#include "validator/val_kcache.h"
@@ -59,6 +58,8 @@
#include "util/regional.h"
#include "util/config_file.h"
#include "util/fptr_wlist.h"
+#include "ldns/rrdef.h"
+#include "ldns/wire2str.h"
/* forward decl for cache response and normal super inform calls of a DS */
static void process_ds_response(struct module_qstate* qstate,
@@ -294,9 +295,12 @@ needs_validation(struct module_qstate* qstate, int ret_rc,
else rcode = (int)FLAGS_GET_RCODE(ret_msg->rep->flags);
if(rcode != LDNS_RCODE_NOERROR && rcode != LDNS_RCODE_NXDOMAIN) {
- verbose(VERB_ALGO, "cannot validate non-answer, rcode %s",
- ldns_lookup_by_id(ldns_rcodes, rcode)?
- ldns_lookup_by_id(ldns_rcodes, rcode)->name:"??");
+ if(verbosity >= VERB_ALGO) {
+ char rc[16];
+ rc[0]=0;
+ (void)sldns_wire2str_rcode_buf(rcode, rc, sizeof(rc));
+ verbose(VERB_ALGO, "cannot validate non-answer, rcode %s", rc);
+ }
return 0;
}
@@ -758,11 +762,12 @@ validate_nodata_response(struct module_env* env, struct val_env* ve,
* @param chase_reply: answer to that query to validate.
* @param kkey: the key entry, which is trusted, and which matches
* the signer of the answer. The key entry isgood().
+ * @param rcode: adjusted RCODE, in case of RCODE/proof mismatch leniency.
*/
static void
validate_nameerror_response(struct module_env* env, struct val_env* ve,
struct query_info* qchase, struct reply_info* chase_reply,
- struct key_entry_key* kkey)
+ struct key_entry_key* kkey, int* rcode)
{
int has_valid_nsec = 0;
int has_valid_wnsec = 0;
@@ -809,6 +814,10 @@ validate_nameerror_response(struct module_env* env, struct val_env* ve,
verbose(VERB_QUERY, "NameError response has failed to prove: "
"qname does not exist");
chase_reply->security = sec_status_bogus;
+ /* Be lenient with RCODE in NSEC NameError responses */
+ validate_nodata_response(env, ve, qchase, chase_reply, kkey);
+ if (chase_reply->security == sec_status_secure)
+ *rcode = LDNS_RCODE_NOERROR;
return;
}
@@ -816,6 +825,10 @@ validate_nameerror_response(struct module_env* env, struct val_env* ve,
verbose(VERB_QUERY, "NameError response has failed to prove: "
"covering wildcard does not exist");
chase_reply->security = sec_status_bogus;
+ /* Be lenient with RCODE in NSEC NameError responses */
+ validate_nodata_response(env, ve, qchase, chase_reply, kkey);
+ if (chase_reply->security == sec_status_secure)
+ *rcode = LDNS_RCODE_NOERROR;
return;
}
@@ -1564,6 +1577,7 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq,
struct val_env* ve, int id)
{
enum val_classification subtype;
+ int rcode;
if(!vq->key_entry) {
verbose(VERB_ALGO, "validate: no key entry, failed");
@@ -1647,7 +1661,7 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq,
sec_status_to_string(
vq->chase_reply->security));
break;
-
+
case VAL_CLASS_NODATA:
verbose(VERB_ALGO, "Validating a nodata response");
validate_nodata_response(qstate->env, ve,
@@ -1658,12 +1672,15 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq,
break;
case VAL_CLASS_NAMEERROR:
+ rcode = (int)FLAGS_GET_RCODE(vq->orig_msg->rep->flags);
verbose(VERB_ALGO, "Validating a nxdomain response");
validate_nameerror_response(qstate->env, ve,
- &vq->qchase, vq->chase_reply, vq->key_entry);
+ &vq->qchase, vq->chase_reply, vq->key_entry, &rcode);
verbose(VERB_DETAIL, "validate(nxdomain): %s",
sec_status_to_string(
vq->chase_reply->security));
+ FLAGS_SET_RCODE(vq->orig_msg->rep->flags, rcode);
+ FLAGS_SET_RCODE(vq->chase_reply->flags, rcode);
break;
case VAL_CLASS_CNAME:
@@ -2344,12 +2361,13 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
char* reason = NULL;
enum val_classification subtype;
if(rcode != LDNS_RCODE_NOERROR) {
- char* rc = ldns_pkt_rcode2str(rcode);
+ char rc[16];
+ rc[0]=0;
+ (void)sldns_wire2str_rcode_buf(rcode, rc, sizeof(rc));
/* errors here pretty much break validation */
verbose(VERB_DETAIL, "DS response was error, thus bogus");
errinf(qstate, rc);
errinf(qstate, "no DS");
- free(rc);
goto return_bogus;
}
@@ -2521,10 +2539,11 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
"DS response, thus bogus.");
errinf(qstate, "no DS and");
if(FLAGS_GET_RCODE(msg->rep->flags) != LDNS_RCODE_NOERROR) {
- char* rc = ldns_pkt_rcode2str(
- FLAGS_GET_RCODE(msg->rep->flags));
+ char rc[16];
+ rc[0]=0;
+ (void)sldns_wire2str_rcode_buf((int)FLAGS_GET_RCODE(
+ msg->rep->flags), rc, sizeof(rc));
errinf(qstate, rc);
- free(rc);
} else errinf(qstate, val_classification_to_string(subtype));
errinf(qstate, "message fails to prove that");
goto return_bogus;
diff --git a/validator/validator.h b/validator/validator.h
index 1a29c161b9f25..20f806adab359 100644
--- a/validator/validator.h
+++ b/validator/validator.h
@@ -21,16 +21,16 @@
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**