aboutsummaryrefslogtreecommitdiff
path: root/contrib/unbound/testcode
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/unbound/testcode')
-rw-r--r--contrib/unbound/testcode/doqclient.c71
-rw-r--r--contrib/unbound/testcode/fake_event.c46
-rw-r--r--contrib/unbound/testcode/testbound.c150
-rw-r--r--contrib/unbound/testcode/unitdname.c277
-rw-r--r--contrib/unbound/testcode/unitinfra.c1
-rw-r--r--contrib/unbound/testcode/unitmain.c24
-rw-r--r--contrib/unbound/testcode/unitverify.c133
-rw-r--r--contrib/unbound/testcode/unitzonemd.c1
8 files changed, 665 insertions, 38 deletions
diff --git a/contrib/unbound/testcode/doqclient.c b/contrib/unbound/testcode/doqclient.c
index e6f63a761f35..238a9380306d 100644
--- a/contrib/unbound/testcode/doqclient.c
+++ b/contrib/unbound/testcode/doqclient.c
@@ -48,10 +48,13 @@
#ifdef HAVE_NGTCP2
#include <ngtcp2/ngtcp2.h>
#include <ngtcp2/ngtcp2_crypto.h>
-#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H
+#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_OSSL_H
+#include <ngtcp2/ngtcp2_crypto_ossl.h>
+#elif defined(HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H)
#include <ngtcp2/ngtcp2_crypto_quictls.h>
-#else
+#elif defined(HAVE_NGTCP2_NGTCP2_CRYPTO_OPENSSL_H)
#include <ngtcp2/ngtcp2_crypto_openssl.h>
+#define MAKE_QUIC_METHOD 1
#endif
#include <openssl/ssl.h>
#include <openssl/rand.h>
@@ -107,10 +110,14 @@ struct doq_client_data {
SSL_CTX* ctx;
/** SSL object */
SSL* ssl;
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
/** the connection reference for ngtcp2_conn and userdata in ssl */
struct ngtcp2_crypto_conn_ref conn_ref;
#endif
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+ /** the per-connection state for ngtcp2_crypto_ossl */
+ struct ngtcp2_crypto_ossl_ctx* ossl_ctx;
+#endif
/** the quic version to use */
uint32_t quic_version;
/** the last error */
@@ -197,11 +204,12 @@ struct doq_client_stream {
int query_is_done;
};
-#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#ifdef MAKE_QUIC_METHOD
/** the quic method struct, must remain valid during the QUIC connection. */
static SSL_QUIC_METHOD quic_method;
#endif
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
/** Get the connection ngtcp2_conn from the ssl app data
* ngtcp2_crypto_conn_ref */
static ngtcp2_conn* conn_ref_get_conn(ngtcp2_crypto_conn_ref* conn_ref)
@@ -210,11 +218,12 @@ static ngtcp2_conn* conn_ref_get_conn(ngtcp2_crypto_conn_ref* conn_ref)
conn_ref->user_data;
return data->conn;
}
+#endif
static void
set_app_data(SSL* ssl, struct doq_client_data* data)
{
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
data->conn_ref.get_conn = &conn_ref_get_conn;
data->conn_ref.user_data = data;
SSL_set_app_data(ssl, &data->conn_ref);
@@ -227,7 +236,7 @@ static struct doq_client_data*
get_app_data(SSL* ssl)
{
struct doq_client_data* data;
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
data = (struct doq_client_data*)((struct ngtcp2_crypto_conn_ref*)
SSL_get_app_data(ssl))->user_data;
#else
@@ -893,7 +902,7 @@ handshake_completed(ngtcp2_conn* ATTR_UNUSED(conn), void* user_data)
verbose(1, "early data was accepted by the server");
}
}
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
if(data->transport_file) {
early_data_write_transport(data);
}
@@ -1207,7 +1216,7 @@ early_data_write_transport(struct doq_client_data* data)
#endif
}
-#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#ifdef MAKE_QUIC_METHOD
/** applicatation rx key callback, this is where the rx key is set,
* and streams can be opened, like http3 unidirectional streams, like
* the http3 control and http3 qpack encode and decoder streams. */
@@ -1317,7 +1326,7 @@ send_alert(SSL *ssl, enum ssl_encryption_level_t ATTR_UNUSED(level),
data->tls_alert = alert;
return 1;
}
-#endif /* HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT */
+#endif /* MAKE_QUIC_METHOD */
/** new session callback. We can write it to file for resumption later. */
static int
@@ -1357,7 +1366,7 @@ ctx_client_setup(void)
log_err("ngtcp2_crypto_quictls_configure_client_context failed");
exit(1);
}
-#else
+#elif defined(MAKE_QUIC_METHOD)
memset(&quic_method, 0, sizeof(quic_method));
quic_method.set_encryption_secrets = &set_encryption_secrets;
quic_method.add_handshake_data = &add_handshake_data;
@@ -1373,22 +1382,39 @@ ctx_client_setup(void)
static SSL*
ssl_client_setup(struct doq_client_data* data)
{
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+ int ret;
+#endif
SSL* ssl = SSL_new(data->ctx);
if(!ssl) {
log_crypto_err("Could not SSL_new");
exit(1);
}
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+ if((ret=ngtcp2_crypto_ossl_ctx_new(&data->ossl_ctx, NULL)) != 0) {
+ log_err("ngtcp2_crypto_ossl_ctx_new failed: %s",
+ ngtcp2_strerror(ret));
+ exit(1);
+ }
+ ngtcp2_crypto_ossl_ctx_set_ssl(data->ossl_ctx, ssl);
+ if(ngtcp2_crypto_ossl_configure_client_session(ssl) != 0) {
+ log_err("ngtcp2_crypto_ossl_configure_client_session failed");
+ exit(1);
+ }
+#endif
set_app_data(ssl, data);
SSL_set_connect_state(ssl);
if(!SSL_set_fd(ssl, data->fd)) {
log_crypto_err("Could not SSL_set_fd");
exit(1);
}
+#ifndef USE_NGTCP2_CRYPTO_OSSL
if((data->quic_version & 0xff000000) == 0xff000000) {
SSL_set_quic_use_legacy_codepoint(ssl, 1);
} else {
SSL_set_quic_use_legacy_codepoint(ssl, 0);
}
+#endif
SSL_set_alpn_protos(ssl, (const unsigned char *)"\x03""doq", 4);
/* send the SNI host name */
SSL_set_tlsext_host_name(ssl, "localhost");
@@ -2072,7 +2098,11 @@ early_data_setup_session(struct doq_client_data* data)
SSL_SESSION_free(session);
return 0;
}
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+ SSL_set_quic_tls_early_data_enabled(data->ssl, 1);
+#else
SSL_set_quic_early_data_enabled(data->ssl, 1);
+#endif
SSL_SESSION_free(session);
return 1;
}
@@ -2221,6 +2251,15 @@ create_doq_client_data(const char* svr, int port, struct ub_event_base* base,
data = calloc(1, sizeof(*data));
if(!data) fatal_exit("calloc failed: out of memory");
data->base = base;
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+ /* Initialize the ossl crypto, it is harmless to call twice,
+ * and this is before use of doq connections. */
+ if(ngtcp2_crypto_ossl_init() != 0)
+ fatal_exit("ngtcp2_crypto_oss_init failed");
+#elif defined(HAVE_NGTCP2_CRYPTO_QUICTLS_INIT)
+ if(ngtcp2_crypto_quictls_init() != 0)
+ fatal_exit("ngtcp2_crypto_quictls_init failed");
+#endif
data->rnd = ub_initstate(NULL);
if(!data->rnd) fatal_exit("ub_initstate failed: out of memory");
data->svr = svr;
@@ -2255,7 +2294,11 @@ create_doq_client_data(const char* svr, int port, struct ub_event_base* base,
SSL_CTX_sess_set_new_cb(data->ctx, new_session_cb);
}
data->ssl = ssl_client_setup(data);
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+ ngtcp2_conn_set_tls_native_handle(data->conn, data->ossl_ctx);
+#else
ngtcp2_conn_set_tls_native_handle(data->conn, data->ssl);
+#endif
if(data->early_data_enabled)
early_data_setup(data);
@@ -2301,8 +2344,14 @@ delete_doq_client_data(struct doq_client_data* data)
}
}
#endif
- ngtcp2_conn_del(data->conn);
+ /* Remove the app data from ngtcp2 before SSL_free of conn->ssl,
+ * because the ngtcp2 conn is deleted. */
+ SSL_set_app_data(data->ssl, NULL);
SSL_free(data->ssl);
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+ ngtcp2_crypto_ossl_ctx_del(data->ossl_ctx);
+#endif
+ ngtcp2_conn_del(data->conn);
sldns_buffer_free(data->pkt_buf);
sldns_buffer_free(data->blocked_pkt);
if(data->fd != -1)
diff --git a/contrib/unbound/testcode/fake_event.c b/contrib/unbound/testcode/fake_event.c
index f7f3210790eb..ce439edd1294 100644
--- a/contrib/unbound/testcode/fake_event.c
+++ b/contrib/unbound/testcode/fake_event.c
@@ -188,6 +188,22 @@ delete_replay_answer(struct replay_answer* a)
free(a);
}
+/** Log the packet for a reply_packet from testpkts. */
+static void
+log_testpkt_reply_pkt(const char* txt, struct reply_packet* reppkt)
+{
+ if(!reppkt) {
+ log_info("%s <null>", txt);
+ return;
+ }
+ if(reppkt->reply_from_hex) {
+ log_pkt(txt, sldns_buffer_begin(reppkt->reply_from_hex),
+ sldns_buffer_limit(reppkt->reply_from_hex));
+ return;
+ }
+ log_pkt(txt, reppkt->reply_pkt, reppkt->reply_len);
+}
+
/**
* return: true if pending query matches the now event.
*/
@@ -240,9 +256,8 @@ pending_find_match(struct replay_runtime* runtime, struct entry** entry,
p->start_step, p->end_step, (*entry)->lineno);
if(p->addrlen != 0)
log_addr(0, "matched ip", &p->addr, p->addrlen);
- log_pkt("matched pkt: ",
- (*entry)->reply_list->reply_pkt,
- (*entry)->reply_list->reply_len);
+ log_testpkt_reply_pkt("matched pkt: ",
+ (*entry)->reply_list);
return 1;
}
p = p->next_range;
@@ -330,7 +345,7 @@ fill_buffer_with_reply(sldns_buffer* buffer, struct entry* entry, uint8_t* q,
while(reppkt && i--)
reppkt = reppkt->next;
if(!reppkt) fatal_exit("extra packet read from TCP stream but none is available");
- log_pkt("extra_packet ", reppkt->reply_pkt, reppkt->reply_len);
+ log_testpkt_reply_pkt("extra packet ", reppkt);
}
if(reppkt->reply_from_hex) {
c = sldns_buffer_begin(reppkt->reply_from_hex);
@@ -462,8 +477,7 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo)
repinfo.c->type = comm_udp;
fill_buffer_with_reply(repinfo.c->buffer, todo->match, NULL, 0, 0);
log_info("testbound: incoming QUERY");
- log_pkt("query pkt", todo->match->reply_list->reply_pkt,
- todo->match->reply_list->reply_len);
+ log_testpkt_reply_pkt("query pkt ", todo->match->reply_list);
/* call the callback for incoming queries */
if((*runtime->callback_query)(repinfo.c, runtime->cb_arg,
NETEVENT_NOERROR, &repinfo)) {
@@ -900,8 +914,10 @@ run_scenario(struct replay_runtime* runtime)
runtime->now->evt_type == repevt_front_reply) {
answer_check_it(runtime);
advance_moment(runtime);
- } else if(pending_matches_range(runtime, &entry, &pending)) {
- answer_callback_from_entry(runtime, entry, pending);
+ } else if(runtime->now && pending_matches_range(runtime,
+ &entry, &pending)) {
+ if(entry)
+ answer_callback_from_entry(runtime, entry, pending);
} else {
do_moment_and_advance(runtime);
}
@@ -1254,7 +1270,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
struct query_info* qinfo, uint16_t flags, int dnssec,
int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps),
int ATTR_UNUSED(check_ratelimit),
- int ATTR_UNUSED(tcp_upstream), int ATTR_UNUSED(ssl_upstream),
+ int tcp_upstream, int ATTR_UNUSED(ssl_upstream),
char* ATTR_UNUSED(tls_auth_name), struct sockaddr_storage* addr,
socklen_t addrlen, uint8_t* zone, size_t zonelen,
struct module_qstate* qstate, comm_point_callback_type* callback,
@@ -1274,7 +1290,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
(flags&~(BIT_RD|BIT_CD))?" MORE":"", (dnssec)?" DO":"");
/* create packet with EDNS */
- pend->buffer = sldns_buffer_new(512);
+ pend->buffer = sldns_buffer_new(4096);
log_assert(pend->buffer);
sldns_buffer_write_u16(pend->buffer, 0); /* id */
sldns_buffer_write_u16(pend->buffer, flags);
@@ -1334,7 +1350,13 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
edns.opt_list_in = NULL;
edns.opt_list_out = per_upstream_opt_list;
edns.opt_list_inplace_cb_out = NULL;
- attach_edns_record(pend->buffer, &edns);
+ if(sldns_buffer_capacity(pend->buffer) >=
+ sldns_buffer_limit(pend->buffer)
+ +calc_edns_field_size(&edns)) {
+ attach_edns_record(pend->buffer, &edns);
+ } else {
+ verbose(VERB_ALGO, "edns field too large to fit");
+ }
}
memcpy(&pend->addr, addr, addrlen);
pend->addrlen = addrlen;
@@ -1345,7 +1367,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
pend->callback = callback;
pend->cb_arg = callback_arg;
pend->timeout = UDP_AUTH_QUERY_TIMEOUT/1000;
- pend->transport = transport_udp; /* pretend UDP */
+ pend->transport = tcp_upstream?transport_tcp:transport_udp;
pend->pkt = NULL;
pend->runtime = runtime;
pend->serviced = 1;
diff --git a/contrib/unbound/testcode/testbound.c b/contrib/unbound/testcode/testbound.c
index 6da4ceaf2ebf..063037df4e80 100644
--- a/contrib/unbound/testcode/testbound.c
+++ b/contrib/unbound/testcode/testbound.c
@@ -293,6 +293,16 @@ setup_config(FILE* in, int* lineno, int* pass_argc, char* pass_argv[])
fclose(cfg);
return;
}
+ if(strncmp(parse, "fake-sha1: yes", 14) == 0) {
+ /* Allow the use of SHA1 signatures for the test,
+ * in case that OpenSSL disallows use of RSASHA1
+ * with rh-allow-sha1-signatures disabled. */
+#ifndef UB_ON_WINDOWS
+ setenv("OPENSSL_ENABLE_SHA1_SIGNATURES", "1", 0);
+#else
+ _putenv("OPENSSL_ENABLE_SHA1_SIGNATURES=1");
+#endif
+ }
fputs(line, cfg);
}
fatal_exit("No CONFIG_END in input file");
@@ -333,6 +343,35 @@ static void remove_configfile(void)
cfgfiles = NULL;
}
+/** perform the playback on the playback_file with the args. */
+static int
+perform_playback(char* playback_file, int pass_argc, char** pass_argv)
+{
+ struct replay_scenario* scen = NULL;
+ int c, res;
+
+ /* setup test environment */
+ scen = setup_playback(playback_file, &pass_argc, pass_argv);
+ /* init fake event backend */
+ fake_event_init(scen);
+
+ pass_argv[pass_argc] = NULL;
+ echo_cmdline(pass_argc, pass_argv);
+
+ /* run the normal daemon */
+ res = daemon_main(pass_argc, pass_argv);
+
+ fake_event_cleanup();
+ for(c=1; c<pass_argc; c++)
+ free(pass_argv[c]);
+ return res;
+}
+
+/* For fuzzing the main routine is replaced with
+ * LLVMFuzzerTestOneInput. */
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#define main dummy_main
+#endif
/**
* Main fake event test program. Setup, teardown and report errors.
* @param argc: arg count.
@@ -348,7 +387,6 @@ main(int argc, char* argv[])
char* playback_file = NULL;
int init_optind = optind;
char* init_optarg = optarg;
- struct replay_scenario* scen = NULL;
/* we do not want the test to depend on the timezone */
(void)putenv("TZ=UTC");
@@ -456,24 +494,11 @@ main(int argc, char* argv[])
if(atexit(&remove_configfile) != 0)
fatal_exit("atexit() failed: %s", strerror(errno));
- /* setup test environment */
- scen = setup_playback(playback_file, &pass_argc, pass_argv);
- /* init fake event backend */
- fake_event_init(scen);
-
- pass_argv[pass_argc] = NULL;
- echo_cmdline(pass_argc, pass_argv);
-
/* reset getopt processing */
optind = init_optind;
optarg = init_optarg;
- /* run the normal daemon */
- res = daemon_main(pass_argc, pass_argv);
-
- fake_event_cleanup();
- for(c=1; c<pass_argc; c++)
- free(pass_argv[c]);
+ res = perform_playback(playback_file, pass_argc, pass_argv);
if(res == 0) {
log_info("Testbound Exit Success\n");
/* remove configfile from here, the atexit() is for when
@@ -493,6 +518,101 @@ main(int argc, char* argv[])
return res;
}
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+static int delete_file(const char *pathname) {
+ int ret = unlink(pathname);
+ free((void *)pathname);
+ return ret;
+}
+
+static char *buf_to_file(const uint8_t *buf, size_t size) {
+ int fd;
+ size_t pos;
+ char *pathname = strdup("/tmp/fuzz-XXXXXX");
+ if (pathname == NULL)
+ return NULL;
+
+ fd = mkstemp(pathname);
+ if (fd == -1) {
+ log_err("mkstemp of file %s failed: %s", pathname, strerror(errno));
+ free(pathname);
+ return NULL;
+ }
+ pos = 0;
+ while (pos < size) {
+ int nbytes = write(fd, &buf[pos], size - pos);
+ if (nbytes <= 0) {
+ if (nbytes == -1 && errno == EINTR)
+ continue;
+ log_err("write to file %s failed: %s", pathname, strerror(errno));
+ goto err;
+ }
+ pos += nbytes;
+ }
+
+ if (close(fd) == -1) {
+ log_err("close of file %s failed: %s", pathname, strerror(errno));
+ goto err;
+ }
+
+ return pathname;
+err:
+ delete_file(pathname);
+ return NULL;
+}
+
+/* based on main() above, but with: hard-coded passed args, file created from fuzz input */
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+ int c, res;
+ int pass_argc = 0;
+ char* pass_argv[MAXARG];
+ char* playback_file = NULL;
+
+ /* we do not want the test to depend on the timezone */
+ (void)putenv("TZ=UTC");
+ memset(pass_argv, 0, sizeof(pass_argv));
+#ifdef HAVE_SYSTEMD
+ /* we do not want the test to use systemd daemon startup notification*/
+ (void)unsetenv("NOTIFY_SOCKET");
+#endif /* HAVE_SYSTEMD */
+
+ checklock_start();
+ log_init(NULL, 0, NULL);
+ /* determine commandline options for the daemon */
+ pass_argc = 1;
+ pass_argv[0] = "unbound";
+ add_opts("-d", &pass_argc, pass_argv);
+
+ playback_file = buf_to_file(Data, Size);
+ if (playback_file) {
+ log_info("Start of %s testbound program.", PACKAGE_STRING);
+
+ res = perform_playback(playback_file, pass_argc, pass_argv);
+ if(res == 0) {
+ log_info("Testbound Exit Success\n");
+ /* remove configfile from here, the atexit() is for when
+ * there is a crash to remove the tmpdir file.
+ * This one removes the file while alloc and log locks are
+ * still valid, and can be logged (for memory calculation),
+ * it leaves the ptr NULL so the atexit does nothing. */
+ remove_configfile();
+#ifdef HAVE_PTHREAD
+ /* dlopen frees its thread state (dlopen of gost engine) */
+ pthread_exit(NULL);
+#endif
+ }
+
+ delete_file(playback_file);
+ }
+
+ if(log_get_lock()) {
+ lock_basic_destroy((lock_basic_type*)log_get_lock());
+ }
+ return res;
+}
+#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
+
/* fake remote control */
struct listen_port* daemon_remote_open_ports(struct config_file*
ATTR_UNUSED(cfg))
diff --git a/contrib/unbound/testcode/unitdname.c b/contrib/unbound/testcode/unitdname.c
index 08a2dbad774d..95c6e1fda705 100644
--- a/contrib/unbound/testcode/unitdname.c
+++ b/contrib/unbound/testcode/unitdname.c
@@ -45,6 +45,7 @@
#include "util/data/dname.h"
#include "sldns/sbuffer.h"
#include "sldns/str2wire.h"
+#include "sldns/wire2str.h"
/** put dname into buffer */
static sldns_buffer*
@@ -476,6 +477,23 @@ dname_test_removelabel(void)
unit_assert( l == 1 );
}
+/** test dname_remove_label_limit_len */
+static void
+dname_test_removelabellimitlen(void)
+{
+ uint8_t* orig = (uint8_t*)"\007example\003com\000";
+ uint8_t* n = orig;
+ size_t l = 13;
+ size_t lenlimit = 5; /* com.*/
+ unit_show_func("util/data/dname.c", "dname_remove_label_limit_len");
+ unit_assert(dname_remove_label_limit_len(&n, &l, lenlimit) == 1);
+ unit_assert( n == orig+8 );
+ unit_assert( l == 5 );
+ unit_assert(dname_remove_label_limit_len(&n, &l, lenlimit) == 0);
+ unit_assert( n == orig+8 );
+ unit_assert( l == 5 );
+}
+
/** test dname_signame_label_count */
static void
dname_test_sigcount(void)
@@ -859,6 +877,262 @@ dname_setup_bufs(sldns_buffer* loopbuf, sldns_buffer* boundbuf)
sldns_buffer_flip(boundbuf);
}
+/* Test strings for the test_long_names test. */
+/* Each label begins with the length of the label including the length octet. */
+
+char desc_1[] = "Domain is 1 octet too long.";
+
+uint8_t wire_dom_1[] = { /* Bad: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.0007ab. */
+ 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+ 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+ 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+ 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+ 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+ 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+ 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+ 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+ 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+ 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x06, 0x30, 0x30, 0x30, 0x37, 0x61, 0x62, 0x00
+};
+
+char desc_2[] = "Domain has the maximum allowed length (255).";
+
+uint8_t wire_dom_2[] = { /* Good: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.00076a. */
+ 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+ 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+ 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+ 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+ 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+ 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+ 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+ 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+ 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+ 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Good: */ 0x05, 0x30, 0x30, 0x30, 0x36, 0x61, 0x00
+};
+
+char desc_3[] = "Domain has a length one label in the 255th position for a total of 257.";
+
+uint8_t wire_dom_3[] = { /* Bad: Domain: (8x(0031abcdefghijklmnopqrstuvwxyz.0006ab.1. */
+ 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+ 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+ 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+ 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+ 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+ 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+ 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+ 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+ 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+ 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x05, 0x30, 0x30, 0x30, 0x36, 0x61, 0x01, 0x32, 0x00
+};
+
+char desc_4[] = "Domain has the maximum allowed length (255).";
+
+uint8_t wire_dom_4[] = { /* Good: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.03.03. */
+ 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+ 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+ 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+ 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+ 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+ 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+ 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+ 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+ 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+ 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Good: */ 0x02, 0x30, 0x33, 0x02, 0x30, 0x33, 0x00
+};
+
+char desc_5[] = "Domain has a maximum length label (63) in the 255th position.";
+
+uint8_t wire_dom_5[] = { /* Bad: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.03.03.65abc...zab...zab...ghi. */
+ 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+ 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+ 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+ 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+ 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+ 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+ 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+ 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+ 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+ 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x02, 0x30, 0x33, 0x02, 0x30, 0x33, 0x3f, 0x36,
+ 0x33, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65,
+ 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
+ 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x00
+};
+
+char desc_6[] = "Domain has a too long label (65) in the 255th position.";
+
+uint8_t wire_dom_6[] = { /* Bad: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.03.03.66abc...zab...zab...ijk. */
+ 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+ 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+ 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+ 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+ 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+ 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+ 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+ 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+ 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+ 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x02, 0x30, 0x33, 0x02, 0x30, 0x33, 0x41, 0x36,
+ 0x36, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65,
+ 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
+ 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x00
+};
+
+char desc_7[] = "Domain has a too long label (65) in the 187th position.";
+
+uint8_t wire_dom_7[] = { /* Bad: Domain: (6x)0031abcdefghijklmnopqrstuvwxyz.65abc..zab...zab...ijk. */
+ 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+ 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+ 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+ 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+ 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+ 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+ 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+ 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a,
+ /* Bad: */ 0x41, 0x36,
+ 0x36, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65,
+ 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
+ 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x00
+};
+
+char desc_8[] = "Domains has the maximum allowed length and ends with a maximum length label.";
+
+uint8_t wire_dom_8[] = { /* Good: Domain: (6x)0031abcdefghijklmnopqrstuvwxyz.0004.0064abc..zab...zabcdefg. */
+ 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+ 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+ 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+ 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+ 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+ 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+ 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+ 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x03, 0x30, 0x30, 0x34 ,/* Good: */ 0x3f, 0x30,
+ 0x30, 0x36, 0x34, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63,
+ 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73,
+ 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x00
+};
+
+char desc_9[] = "Domains has 254 octets, one less than the maximum allowed length.";
+
+uint8_t wire_dom_9[] = { /* Good: Domain: (6x)0031abcdefghijklmnopqrstuvwxyz.0004.0064abc..zab...zabcdef. */
+ 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+ 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+ 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+ 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+ 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+ 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+ 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+ 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x03, 0x30, 0x30, 0x34 ,/* Good: */ 0x3e, 0x30,
+ 0x30, 0x35, 0x34, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+ 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63,
+ 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73,
+ 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x00
+};
+
+ /** Test dname to string with long domain names. */
+static void
+test_long_names(void)
+{
+ /* Set to 1 for verbose output, 0 turns it off. */
+ int verbtest = 0;
+
+ uint8_t* wire_doms[] = {wire_dom_1, wire_dom_2, wire_dom_3,
+ wire_dom_4, wire_dom_5, wire_dom_6, wire_dom_7, wire_dom_8,
+ wire_dom_9, 0};
+ char* descs[] = {desc_1, desc_2, desc_3, desc_4, desc_5, desc_6,
+ desc_7, desc_8, desc_9, 0};
+
+ int n;
+ char string_domain[260];
+ uint8_t** wd = wire_doms;
+ int di = 0;
+ int skip = 5; /* 0..6 */
+
+ while (*wd) {
+
+ if(verbtest)
+ printf("Test: %s\n", descs[di++]);
+
+ memset(string_domain, 0xff, sizeof(string_domain));
+ dname_str(*wd, string_domain);
+ for (n = 0 ; n < (int)sizeof(string_domain); ++n) {
+ if ((uint8_t)string_domain[n] == 0xff)
+ break;
+ }
+ if(verbtest)
+ printf("dname_str: L=%d, S=Skipping %d labels...%s\n",
+ n, skip, string_domain + skip*31);
+ unit_assert(n <= 255);
+
+ memset(string_domain, 0xff, sizeof(string_domain));
+ sldns_wire2str_dname_buf(*wd,
+ strlen((char*)*wd)+1 /* strlen works with these test strings */,
+ string_domain,
+ 255 /* for comparable result to dname_str */ );
+ for (n = 0 ; n < (int)sizeof(string_domain); ++n) {
+ if ((uint8_t)string_domain[n] == 0xff)
+ break;
+ }
+ if(verbtest)
+ printf("sldns_wire2str_dname_buf: L=%d, S=Skipping %d labels...%s\n",
+ n, skip, string_domain + skip*31);
+ unit_assert(n <= 255);
+
+ ++wd;
+ }
+}
+
static void
dname_test_str(sldns_buffer* buff)
{
@@ -1002,6 +1276,8 @@ dname_test_str(sldns_buffer* buff)
unit_assert(0);
}
}
+
+ test_long_names();
}
void dname_test(void)
@@ -1024,6 +1300,7 @@ void dname_test(void)
dname_test_subdomain();
dname_test_isroot();
dname_test_removelabel();
+ dname_test_removelabellimitlen();
dname_test_sigcount();
dname_test_iswild();
dname_test_canoncmp();
diff --git a/contrib/unbound/testcode/unitinfra.c b/contrib/unbound/testcode/unitinfra.c
index 6834c51eeab8..91a88f6ae8a9 100644
--- a/contrib/unbound/testcode/unitinfra.c
+++ b/contrib/unbound/testcode/unitinfra.c
@@ -131,6 +131,7 @@ void infra_test(void)
unit_show_feature("infra cache");
unit_assert(ipstrtoaddr("127.0.0.1", 53, &one, &onelen));
+ config_auto_slab_values(cfg);
slab = infra_create(cfg);
/* insert new record */
unit_assert( infra_host(slab, &one, onelen, zone, zonelen, now,
diff --git a/contrib/unbound/testcode/unitmain.c b/contrib/unbound/testcode/unitmain.c
index 334c1af93033..07c016d7ba74 100644
--- a/contrib/unbound/testcode/unitmain.c
+++ b/contrib/unbound/testcode/unitmain.c
@@ -205,6 +205,8 @@ net_test(void)
unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\000", 16) == 0);
addr_mask((struct sockaddr_storage*)&a6, l6, 64);
unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000", 16) == 0);
+ /* Check that negative value in net is not problematic. */
+ addr_mask((struct sockaddr_storage*)&a6, l6, -100);
addr_mask((struct sockaddr_storage*)&a6, l6, 0);
unit_assert(memcmp(&a6.sin6_addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16) == 0);
}
@@ -266,6 +268,28 @@ net_test(void)
(struct sockaddr_storage*)&b6, i, l6) == i);
}
}
+ /* test netblockstrtoaddr */
+ unit_show_func("util/net_help.c", "netblockstrtoaddr");
+ if(1) {
+ struct sockaddr_storage a;
+ socklen_t alen = 0;
+ int net = 0, res;
+ char astr[128];
+ memset(&a, 0, sizeof(a));
+
+ res = netblockstrtoaddr("1.2.3.0/24", 53, &a, &alen, &net);
+ unit_assert(res!=0 && net == 24);
+ addr_to_str(&a, alen, astr, sizeof(astr));
+ unit_assert(strcmp(astr, "1.2.3.0") == 0);
+ unit_assert(ntohs(((struct sockaddr_in*)&a)->sin_port)==53);
+
+ res = netblockstrtoaddr("2001:DB8:33:44::/64", 53,
+ &a, &alen, &net);
+ unit_assert(res!=0 && net == 64);
+ addr_to_str(&a, alen, astr, sizeof(astr));
+ unit_assert(strcmp(astr, "2001:db8:33:44::") == 0);
+ unit_assert(ntohs(((struct sockaddr_in6*)&a)->sin6_port)==53);
+ }
/* test sockaddr_cmp_addr */
unit_show_func("util/net_help.c", "sockaddr_cmp_addr");
if(1) {
diff --git a/contrib/unbound/testcode/unitverify.c b/contrib/unbound/testcode/unitverify.c
index 81c8b13c6d65..12d5205b07da 100644
--- a/contrib/unbound/testcode/unitverify.c
+++ b/contrib/unbound/testcode/unitverify.c
@@ -61,6 +61,12 @@
#include "sldns/str2wire.h"
#include "sldns/wire2str.h"
+#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL_ERR_H
+#include <openssl/err.h>
+#endif
+#endif
+
/** verbose signature test */
static int vsig = 0;
@@ -509,10 +515,137 @@ nsec3_hash_test(const char* fname)
#define SRCDIRSTR xstr(SRCDIR)
+#if defined(HAVE_SSL) && defined(USE_SHA1)
+/* Detect if openssl is configured to disable RSASHA1 signatures,
+ * with the rh-allow-sha1-signatures disabled. */
+static int
+rh_allow_sha1_signatures_disabled(void)
+{
+ EVP_MD_CTX* ctx;
+ EVP_PKEY* evp_key;
+ /* This key is rdata from nlnetlabs.nl DNSKEY from 20250424005001,
+ * with id=50602 (ksk), size=2048b.
+ * A 2048 bit key is taken to avoid key too small errors. */
+ unsigned char key[] = {
+ 0x03, 0x01, 0x00, 0x01, 0xBC, 0x0B, 0xE8, 0xBB,
+ 0x97, 0x4C, 0xB5, 0xED, 0x6F, 0x6D, 0xC2, 0xB1,
+ 0x78, 0x69, 0x93, 0x1C, 0x72, 0x19, 0xB1, 0x05,
+ 0x51, 0x13, 0xA1, 0xFC, 0xBF, 0x01, 0x58, 0x0D,
+ 0x44, 0x10, 0x5F, 0x0B, 0x75, 0x0E, 0x11, 0x9A,
+ 0xC8, 0xF8, 0x0F, 0x90, 0xFC, 0xB8, 0x09, 0xD1,
+ 0x14, 0x39, 0x0D, 0x84, 0xCE, 0x97, 0x88, 0x82,
+ 0x3D, 0xC5, 0xCB, 0x1A, 0xBF, 0x00, 0x46, 0x37,
+ 0x01, 0xF1, 0xCD, 0x46, 0xA2, 0x8F, 0x83, 0x19,
+ 0x42, 0xED, 0x6F, 0xAF, 0x37, 0x1F, 0x18, 0x82,
+ 0x4B, 0x70, 0x2D, 0x50, 0xA5, 0xA6, 0x66, 0x48,
+ 0x7F, 0x56, 0xA8, 0x86, 0x05, 0x41, 0xC8, 0xBE,
+ 0x4F, 0x8B, 0x38, 0x51, 0xF0, 0xEB, 0xAD, 0x2F,
+ 0x7A, 0xC0, 0xEF, 0xC7, 0xD2, 0x72, 0x6F, 0x16,
+ 0x66, 0xAF, 0x59, 0x55, 0xFF, 0xEE, 0x9D, 0x50,
+ 0xE9, 0xDB, 0xF4, 0x02, 0xBC, 0x33, 0x5C, 0xC5,
+ 0xDA, 0x1C, 0x6A, 0xD1, 0x55, 0xD1, 0x20, 0x2B,
+ 0x63, 0x03, 0x4B, 0x77, 0x45, 0x46, 0x78, 0x31,
+ 0xE4, 0x90, 0xB9, 0x7F, 0x00, 0xFB, 0x62, 0x7C,
+ 0x07, 0xD3, 0xC1, 0x00, 0xA0, 0x54, 0x63, 0x74,
+ 0x0A, 0x17, 0x7B, 0xE7, 0xAD, 0x38, 0x07, 0x86,
+ 0x68, 0xE4, 0xFD, 0x20, 0x68, 0xD5, 0x33, 0x92,
+ 0xCA, 0x90, 0xDD, 0xA4, 0xE9, 0xF2, 0x11, 0xBD,
+ 0x9D, 0xA5, 0xF5, 0xEB, 0xB9, 0xFE, 0x8F, 0xA1,
+ 0xE4, 0xBF, 0xA4, 0xA4, 0x34, 0x5C, 0x6A, 0x95,
+ 0xB6, 0x42, 0x22, 0xF6, 0xD6, 0x10, 0x9C, 0x9B,
+ 0x0A, 0x56, 0xE7, 0x42, 0xE5, 0x7F, 0x1F, 0x4E,
+ 0xBE, 0x4F, 0x8C, 0xED, 0x30, 0x63, 0xA7, 0x88,
+ 0x93, 0xED, 0x37, 0x3C, 0x80, 0xBC, 0xD1, 0x66,
+ 0xBD, 0xB8, 0x2E, 0x65, 0xC4, 0xC8, 0x00, 0x5B,
+ 0xE7, 0x85, 0x96, 0xDD, 0xAA, 0x05, 0xE6, 0x4F,
+ 0x03, 0x64, 0xFA, 0x2D, 0xF6, 0x88, 0x14, 0x8F,
+ 0x15, 0x4D, 0xFD, 0xD3
+ };
+ size_t keylen = 260;
+
+#ifdef HAVE_EVP_MD_CTX_NEW
+ ctx = EVP_MD_CTX_new();
+#else
+ ctx = (EVP_MD_CTX*)malloc(sizeof(*ctx));
+ if(ctx) EVP_MD_CTX_init(ctx);
+#endif
+ if(!ctx) return 0;
+
+ evp_key = sldns_key_rsa2pkey_raw(key, keylen);
+ if(!evp_key) {
+#ifdef HAVE_EVP_MD_CTX_NEW
+ EVP_MD_CTX_destroy(ctx);
+#else
+ EVP_MD_CTX_cleanup(ctx);
+ free(ctx);
+#endif
+ return 0;
+ }
+
+#ifndef HAVE_EVP_DIGESTVERIFY
+ (void)evp_key; /* not used */
+ if(EVP_DigestInit(ctx, EVP_sha1()) == 0)
+#else
+ if(EVP_DigestVerifyInit(ctx, NULL, EVP_sha1(), NULL, evp_key) == 0)
+#endif
+ {
+ unsigned long e = ERR_get_error();
+#ifdef EVP_R_INVALID_DIGEST
+ if (ERR_GET_LIB(e) == ERR_LIB_EVP &&
+ ERR_GET_REASON(e) == EVP_R_INVALID_DIGEST) {
+ /* rh-allow-sha1-signatures makes use of sha1 invalid. */
+ if(vsig)
+ printf("Detected that rh-allow-sha1-signatures is off, and disables SHA1 signatures\n");
+#ifdef HAVE_EVP_MD_CTX_NEW
+ EVP_MD_CTX_destroy(ctx);
+#else
+ EVP_MD_CTX_cleanup(ctx);
+ free(ctx);
+#endif
+ EVP_PKEY_free(evp_key);
+ return 1;
+ }
+#endif /* EVP_R_INVALID_DIGEST */
+ /* The signature verify failed for another reason. */
+ log_crypto_err_code("EVP_DigestVerifyInit", e);
+#ifdef HAVE_EVP_MD_CTX_NEW
+ EVP_MD_CTX_destroy(ctx);
+#else
+ EVP_MD_CTX_cleanup(ctx);
+ free(ctx);
+#endif
+ EVP_PKEY_free(evp_key);
+ return 0;
+ }
+#ifdef HAVE_EVP_MD_CTX_NEW
+ EVP_MD_CTX_destroy(ctx);
+#else
+ EVP_MD_CTX_cleanup(ctx);
+ free(ctx);
+#endif
+ EVP_PKEY_free(evp_key);
+ return 0;
+}
+#endif /* HAVE_SSL && USE_SHA1 */
+
void
verify_test(void)
{
unit_show_feature("signature verify");
+
+#if defined(HAVE_SSL) && defined(USE_SHA1)
+ if(rh_allow_sha1_signatures_disabled()) {
+ /* Allow the use of SHA1 signatures for the test,
+ * in case that OpenSSL disallows use of RSASHA1
+ * with rh-allow-sha1-signatures disabled. */
+#ifndef UB_ON_WINDOWS
+ setenv("OPENSSL_ENABLE_SHA1_SIGNATURES", "1", 0);
+#else
+ _putenv("OPENSSL_ENABLE_SHA1_SIGNATURES=1");
+#endif
+ }
+#endif
+
#ifdef USE_SHA1
verifytest_file(SRCDIRSTR "/testdata/test_signatures.1", "20070818005004");
#endif
diff --git a/contrib/unbound/testcode/unitzonemd.c b/contrib/unbound/testcode/unitzonemd.c
index 63dc13edab33..0420b0361590 100644
--- a/contrib/unbound/testcode/unitzonemd.c
+++ b/contrib/unbound/testcode/unitzonemd.c
@@ -267,6 +267,7 @@ static void zonemd_verify_test(char* zname, char* zfile, char* tastr,
env.cfg = config_create();
if(!env.cfg)
fatal_exit("out of memory");
+ config_auto_slab_values(env.cfg);
env.now = &now;
env.cfg->val_date_override = cfg_convert_timeval(date_override);
if(!env.cfg->val_date_override)
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-08 19:32:09 +0000