vendor/unbound/1.10.1

author: Cy Schubert <cy@FreeBSD.org> 2020-05-21 05:01:52 +0000
committer: Cy Schubert <cy@FreeBSD.org> 2020-05-21 05:01:52 +0000
commit: 6a53c00e64c4cf911eb00846733d9e6a47b2e7f4 (patch)
tree: 60a7720d2d4edfe62b094e2665743e8879ebb911 /validator
parent: e2fe726866d062155f6b1aae749375475ef19191 (diff)
2 files changed, 30 insertions, 7 deletions
diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
index 5e02f6bdbad2..8f17c53e86de 100644
--- a/validator/val_secalgo.c
+++ b/validator/val_secalgo.c
@@ -54,6 +54,11 @@
 #error "Need crypto library to do digital signature cryptography"
 #endif
 
+/** fake DSA support for unit tests */
+int fake_dsa = 0;
+/** fake SHA1 support for unit tests */
+int fake_sha1 = 0;
+
 /* OpenSSL implementation */
 #ifdef HAVE_SSL
 #ifdef HAVE_OPENSSL_ERR_H
@@ -72,11 +77,6 @@
 #include <openssl/engine.h>
 #endif
 
-/** fake DSA support for unit tests */
-int fake_dsa = 0;
-/** fake SHA1 support for unit tests */
-int fake_sha1 = 0;
-
 /**
  * Output a libcrypto openssl error to the logfile.
  * @param str: string to add to it.
@@ -1509,13 +1509,21 @@ dnskey_algo_id_is_supported(int id)
 {
 	/* uses libnettle */
 	switch(id) {
-#if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:
 	case LDNS_DSA_NSEC3:
+#if defined(USE_DSA) && defined(USE_SHA1)
+		return 1;
+#else
+		if(fake_dsa || fake_sha1) return 1;
+		return 0;
 #endif
-#ifdef USE_SHA1
 	case LDNS_RSASHA1:
 	case LDNS_RSASHA1_NSEC3:
+#ifdef USE_SHA1
+		return 1;
+#else
+		if(fake_sha1) return 1;
+		return 0;
 #endif
 #ifdef USE_SHA2
 	case LDNS_RSASHA256:
@@ -1820,6 +1828,15 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 		return sec_status_bogus;
 	}
 
+#ifndef USE_DSA
+	if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) &&(fake_dsa||fake_sha1))
+		return sec_status_secure;
+#endif
+#ifndef USE_SHA1
+	if(fake_sha1 && (algo == LDNS_DSA || algo == LDNS_DSA_NSEC3 || algo == LDNS_RSASHA1 || algo == LDNS_RSASHA1_NSEC3))
+		return sec_status_secure;
+#endif
+
 	switch(algo) {
 #if defined(USE_DSA) && defined(USE_SHA1)
 	case LDNS_DSA:
diff --git a/validator/validator.c b/validator/validator.c
index 4c560a8e1de1..c3ca0a27da83 100644
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -121,6 +121,8 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env,
 		log_err("out of memory");
 		return 0;
 	}
+	if (env->key_cache)
+		val_env->kcache = env->key_cache;
 	if(!val_env->kcache)
 		val_env->kcache = key_cache_create(cfg);
 	if(!val_env->kcache) {
@@ -146,6 +148,8 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env,
 		log_err("validator: cannot apply nsec3 key iterations");
 		return 0;
 	}
+	if (env->neg_cache)
+		val_env->neg_cache = env->neg_cache;
 	if(!val_env->neg_cache)
 		val_env->neg_cache = val_neg_create(cfg,
 			val_env->nsec3_maxiter[val_env->nsec3_keyiter_count-1]);
@@ -196,7 +200,9 @@ val_deinit(struct module_env* env, int id)
 	anchors_delete(env->anchors);
 	env->anchors = NULL;
 	key_cache_delete(val_env->kcache);
+	env->key_cache = NULL;
 	neg_cache_delete(val_env->neg_cache);
+	env->neg_cache = NULL;
 	free(val_env->nsec3_keysize);
 	free(val_env->nsec3_maxiter);
 	free(val_env);
author	Cy Schubert <cy@FreeBSD.org>	2020-05-21 05:01:52 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2020-05-21 05:01:52 +0000
commit	6a53c00e64c4cf911eb00846733d9e6a47b2e7f4 (patch)
tree	60a7720d2d4edfe62b094e2665743e8879ebb911 /validator
parent	e2fe726866d062155f6b1aae749375475ef19191 (diff)