diff --git a/contrib/ldns/Changelog b/contrib/ldns/Changelog index c7f36767b36..74e2631af72 100644 --- a/contrib/ldns/Changelog +++ b/contrib/ldns/Changelog @@ -1,3 +1,49 @@ +1.9.0 2025-12-04 + * PR #246: Make ldns_calc_keytag() available for CDNSKEY RR + Thanks tgreenx and pnax + * PR #247: Make ldns_key_rr2ds() available for CDNSKEY RR + Thanks tgreenx + * PR #248: Make ldns_rr_compare_{ds,ds_dnskey}() available for + CDS and CDNSKEY RRs. Thanks tgreenx + * PR #245: Make drill trace use IPv6 when used with -6 + Thanks Paul Radford + * Fix #254: Unquoted "value" rdata for CAA records fail to validate. + Follows the long string unquoted syntax from RFC8659, section 4.1.1. + * Fix #266: ldns-read-zone -u fails if a type is the only type in a + window and the type modulo 256 is equal to zero. + * Fix #271: Intermittent build failure with multi-job + builds (make -j). + * Add ldns-verify-zone -s option. It checks all signature results, + instead of passing by when one RRSIG validates. That prints output + for spurious RRSIGs, the failures for them. + * Fix RR types NSAP-PTR, GPOS and RESINFO to print unquoted strings. + * Fix memory leak when trying to read zones that have equal RRs. + the ldns_dnssec_*_add_rr() functions now return LDNS_STATUS_EQUAL_RR + when an already existing RR is tried to be added. This is a API + change, hence this also bumps the version to 1.9.0 + * PR #282: ensure returning pkt with LDNS_STATUS_OK. Thanks grobian. + * PR #286: Fix RR Type AMTRELAY type nogateway, to print relay '.', + and memory leaks in parsing it. + * DSYNC is no longer a draft RR type and compiled by default + * RFC 9824 support: Compact Denial of Existence in DNSSEC + * The HHIT and BRID draft RR types + * PR #249: If RNG is already seeded, return early. + Thanks crrodriguez + * PR #221: Improve error messages. Thanks jschauma + * PR #256: Use SWIG_AppendOutput to support swig 4.3 + Thanks pemensik + * PR #188: Homogenize paths for source files during compilation + Thanks duthils + * Fix #283: ldns-walk fails after update from 1.8.3 to 1.8.4 + Thanks jschauma + * PR #200: Allow compiled tests to link to ldns statically via + environment variable. Thanks FGasper and pemensik + * PR #220: Optionally exclude ZONEMD RRs in ldns-compare-zone + Thanks gjherbiet + * Fix #285: A WALLET RR breaks TXT signing. Thanks bortzmeyer + * Fix #287: ldns-verify-zone hangs with missing NSEC3 RRs. + Thanks Roy Arends + 1.8.4 2024-07-19 * Fix building documentation in build directory. Thanks Michael Tokarev diff --git a/contrib/ldns/Makefile.in b/contrib/ldns/Makefile.in index 32b91576d0d..b5ca1d3c3ad 100644 --- a/contrib/ldns/Makefile.in +++ b/contrib/ldns/Makefile.in @@ -132,11 +132,11 @@ all: setup-builddir lib linktest manpages @P5_DNS_LDNS@ @PYLDNS@ @DRILL@ @EXAMPL .SUFFIXES: .c .o .a .lo .h .i .c.lo: - $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< -o $@ + $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$< -o $@ # Need libtool compile .c.o: - $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< -o $@ + $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$< -o $@ $(LDNS_LOBJS) $(LIBLOBJS) $(DRILL_LOBJS) $(EXAMPLE_LOBJS): $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@ @@ -571,9 +571,9 @@ depend: done; \ done for p in $(EXAMPLE_PROGS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS); do \ - echo "$$p: $$p.lo $$p.o \$$(LIB)" >> $(DEPEND_TMP) ; done + echo "$$p: $$p.lo \$$(LIB)" >> $(DEPEND_TMP) ; done echo "$(TESTNS): `for o in $(TESTNS_LOBJS) ; do \ - echo -n "$$o $${o%lo}o " ; done` \$$(LIB)" \ + echo -n "$$o " ; done`\$$(LIB)" \ >> $(DEPEND_TMP) cp $(DEPEND_TARGET) $(DEPEND_TMP2) head -`egrep -n "# Dependencies" $(DEPEND_TARGET) | tail -1 | sed -e 's/:.*$$//'` $(DEPEND_TMP2) > $(DEPEND_TARGET) @@ -1114,28 +1114,28 @@ drill/work.lo drill/work.o: $(srcdir)/drill/work.c $(srcdir)/drill/drill.h ldns/ $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h -examples/ldns-chaos: examples/ldns-chaos.lo examples/ldns-chaos.o $(LIB) -examples/ldns-compare-zones: examples/ldns-compare-zones.lo examples/ldns-compare-zones.o $(LIB) -examples/ldnsd: examples/ldnsd.lo examples/ldnsd.o $(LIB) -examples/ldns-gen-zone: examples/ldns-gen-zone.lo examples/ldns-gen-zone.o $(LIB) -examples/ldns-key2ds: examples/ldns-key2ds.lo examples/ldns-key2ds.o $(LIB) -examples/ldns-keyfetcher: examples/ldns-keyfetcher.lo examples/ldns-keyfetcher.o $(LIB) -examples/ldns-keygen: examples/ldns-keygen.lo examples/ldns-keygen.o $(LIB) -examples/ldns-mx: examples/ldns-mx.lo examples/ldns-mx.o $(LIB) -examples/ldns-notify: examples/ldns-notify.lo examples/ldns-notify.o $(LIB) -examples/ldns-read-zone: examples/ldns-read-zone.lo examples/ldns-read-zone.o $(LIB) -examples/ldns-resolver: examples/ldns-resolver.lo examples/ldns-resolver.o $(LIB) -examples/ldns-rrsig: examples/ldns-rrsig.lo examples/ldns-rrsig.o $(LIB) -examples/ldns-test-edns: examples/ldns-test-edns.lo examples/ldns-test-edns.o $(LIB) -examples/ldns-update: examples/ldns-update.lo examples/ldns-update.o $(LIB) -examples/ldns-version: examples/ldns-version.lo examples/ldns-version.o $(LIB) -examples/ldns-walk: examples/ldns-walk.lo examples/ldns-walk.o $(LIB) -examples/ldns-zcat: examples/ldns-zcat.lo examples/ldns-zcat.o $(LIB) -examples/ldns-zsplit: examples/ldns-zsplit.lo examples/ldns-zsplit.o $(LIB) -examples/ldns-dpa: examples/ldns-dpa.lo examples/ldns-dpa.o $(LIB) -examples/ldns-dane: examples/ldns-dane.lo examples/ldns-dane.o $(LIB) -examples/ldns-nsec3-hash: examples/ldns-nsec3-hash.lo examples/ldns-nsec3-hash.o $(LIB) -examples/ldns-revoke: examples/ldns-revoke.lo examples/ldns-revoke.o $(LIB) -examples/ldns-signzone: examples/ldns-signzone.lo examples/ldns-signzone.o $(LIB) -examples/ldns-verify-zone: examples/ldns-verify-zone.lo examples/ldns-verify-zone.o $(LIB) -examples/ldns-testns: examples/ldns-testns.lo examples/ldns-testns.o examples/ldns-testpkts.lo examples/ldns-testpkts.o $(LIB) +examples/ldns-chaos: examples/ldns-chaos.lo $(LIB) +examples/ldns-compare-zones: examples/ldns-compare-zones.lo $(LIB) +examples/ldnsd: examples/ldnsd.lo $(LIB) +examples/ldns-gen-zone: examples/ldns-gen-zone.lo $(LIB) +examples/ldns-key2ds: examples/ldns-key2ds.lo $(LIB) +examples/ldns-keyfetcher: examples/ldns-keyfetcher.lo $(LIB) +examples/ldns-keygen: examples/ldns-keygen.lo $(LIB) +examples/ldns-mx: examples/ldns-mx.lo $(LIB) +examples/ldns-notify: examples/ldns-notify.lo $(LIB) +examples/ldns-read-zone: examples/ldns-read-zone.lo $(LIB) +examples/ldns-resolver: examples/ldns-resolver.lo $(LIB) +examples/ldns-rrsig: examples/ldns-rrsig.lo $(LIB) +examples/ldns-test-edns: examples/ldns-test-edns.lo $(LIB) +examples/ldns-update: examples/ldns-update.lo $(LIB) +examples/ldns-version: examples/ldns-version.lo $(LIB) +examples/ldns-walk: examples/ldns-walk.lo $(LIB) +examples/ldns-zcat: examples/ldns-zcat.lo $(LIB) +examples/ldns-zsplit: examples/ldns-zsplit.lo $(LIB) +examples/ldns-dpa: examples/ldns-dpa.lo $(LIB) +examples/ldns-dane: examples/ldns-dane.lo $(LIB) +examples/ldns-nsec3-hash: examples/ldns-nsec3-hash.lo $(LIB) +examples/ldns-revoke: examples/ldns-revoke.lo $(LIB) +examples/ldns-signzone: examples/ldns-signzone.lo $(LIB) +examples/ldns-verify-zone: examples/ldns-verify-zone.lo $(LIB) +examples/ldns-testns: examples/ldns-testns.lo examples/ldns-testpkts.lo $(LIB) diff --git a/contrib/ldns/README b/contrib/ldns/README index e07fdc078aa..fb588f4da58 100644 --- a/contrib/ldns/README +++ b/contrib/ldns/README @@ -1,3 +1,21 @@ +DEVELOPMENT VISION + +Note: ldns has been in maintenance mode since 2020, with no plans for major +features. We welcome PRs from contributors who want to add new functionality. +We also actively fix bugs, so users can continue to rely on ldns if its +current features meet their needs. + +We will continue to make occasional use of ldns in an experimental +setting, such as during an IETF Hackathon to build a proof of concept for an +Internet Draft. + +The natural successor to the ldns library is the domain library for Rust: +https://github.com/NLnetLabs/domain + +We offer drop-in replacements for commonly used ldns example tools in dnst: +https://github.com/NLnetLabs/dnst + +--- Contents: REQUIREMENTS @@ -10,7 +28,6 @@ Contents: Solaris KNOWN ISSUES pyldns - Your Support Project page: http://www.nlnetlabs.nl/ldns/ diff --git a/contrib/ldns/config.guess b/contrib/ldns/config.guess index f6d217a49f8..a9d01fde461 100755 --- a/contrib/ldns/config.guess +++ b/contrib/ldns/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2024 Free Software Foundation, Inc. +# Copyright 1992-2025 Free Software Foundation, Inc. # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2024-01-01' +timestamp='2025-07-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -60,7 +60,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2024 Free Software Foundation, Inc. +Copyright 1992-2025 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -123,7 +123,7 @@ set_cc_for_build() { dummy=$tmp/dummy case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in ,,) echo "int x;" > "$dummy.c" - for driver in cc gcc c89 c99 ; do + for driver in cc gcc c17 c99 c89 ; do if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then CC_FOR_BUILD=$driver break @@ -634,7 +634,8 @@ EOF sed 's/^ //' << EOF > "$dummy.c" #include - main() + int + main () { if (!__power_pc()) exit(1); @@ -718,7 +719,8 @@ EOF #include #include - int main () + int + main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); @@ -1595,8 +1597,11 @@ EOF *:Unleashed:*:*) GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE ;; - *:Ironclad:*:*) - GUESS=$UNAME_MACHINE-unknown-ironclad + x86_64:[Ii]ronclad:*:*|i?86:[Ii]ronclad:*:*) + GUESS=$UNAME_MACHINE-pc-ironclad-mlibc + ;; + *:[Ii]ronclad:*:*) + GUESS=$UNAME_MACHINE-unknown-ironclad-mlibc ;; esac @@ -1621,6 +1626,7 @@ cat > "$dummy.c" <." version="\ GNU config.sub ($timestamp) -Copyright 1992-2024 Free Software Foundation, Inc. +Copyright 1992-2025 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -120,7 +120,6 @@ case $# in esac # Split fields of configuration type -# shellcheck disable=SC2162 saved_IFS=$IFS IFS="-" read field1 field2 field3 field4 <&2 exit 1 ;; - kfreebsd*-gnu*- | kopensolaris*-gnu*-) + kfreebsd*-gnu*- | knetbsd*-gnu*- | netbsd*-gnu*- | kopensolaris*-gnu*-) ;; vxworks-simlinux- | vxworks-simwindows- | vxworks-spe-) ;; @@ -1864,8 +2253,12 @@ case $kernel-$os-$obj in ;; os2-emx-) ;; + rtmk-nova-) + ;; *-eabi*- | *-gnueabi*-) ;; + ios*-simulator- | tvos*-simulator- | watchos*-simulator- ) + ;; none--*) # None (no kernel, i.e. freestanding / bare metal), # can be paired with an machine code file format @@ -1890,7 +2283,7 @@ case $vendor in *-riscix*) vendor=acorn ;; - *-sunos*) + *-sunos* | *-solaris*) vendor=sun ;; *-cnk* | *-aix*) @@ -1964,8 +2357,8 @@ echo "$cpu-$vendor${kernel:+-$kernel}${os:+-$os}${obj:+-$obj}" exit # Local variables: -# eval: (add-hook 'before-save-hook 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp nil t) # time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-format: "%Y-%02m-%02d" # time-stamp-end: "'" # End: diff --git a/contrib/ldns/configure b/contrib/ldns/configure index a73dc22ef34..b731de6c293 100755 --- a/contrib/ldns/configure +++ b/contrib/ldns/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for ldns 1.8.4. +# Generated by GNU Autoconf 2.71 for ldns 1.9.0. # # Report bugs to . # @@ -621,8 +621,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.8.4' -PACKAGE_STRING='ldns 1.8.4' +PACKAGE_VERSION='1.9.0' +PACKAGE_STRING='ldns 1.9.0' PACKAGE_BUGREPORT='dns-team@nlnetlabs.nl' PACKAGE_URL='' @@ -850,6 +850,7 @@ enable_dane_ta_usage enable_full_dane enable_no_dane_ta_usage enable_no_dane_verify +enable_draft_rrtypes enable_rrtype_ninfo enable_rrtype_rkey enable_rrtype_openpgpkey @@ -859,6 +860,9 @@ enable_rrtype_doa enable_rrtype_amtrelay enable_rrtype_svcb_https enable_rrtype_resinfo +enable_rrtype_dsync +enable_rrtypes_cla_ipn +enable_rrtypes_hhit_brid enable_rpath with_xcode_sdk with_trust_anchor @@ -1413,7 +1417,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.8.4 to adapt to many kinds of systems. +\`configure' configures ldns 1.9.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1478,7 +1482,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ldns 1.8.4:";; + short | recursive ) echo "Configuration of ldns 1.9.0:";; esac cat <<\_ACEOF @@ -1508,6 +1512,7 @@ Optional Features: --disable-dane-verify Disable DANE verify support --disable-dane-ta-usage Disable DANE-TA usage type support + --enable-draft-rrtypes Enable all draft RR types. --enable-rrtype-ninfo Enable draft RR type ninfo. --enable-rrtype-rkey Enable draft RR type rkey. --disable-rrtype-openpgpkey @@ -1519,7 +1524,13 @@ Optional Features: Disable RR type AMTRELAY. --disable-rrtype-svcb-https Disable RR types SVCB and HTTPS. - --enable-rrtype-resinfo Disable RR type RESINFO. + --disable-rrtype-resinfo + Disable RR type RESINFO. + --disable-rrtype-dsync Disable RR type DSYNC. + --enable-rrtypes-cla-ipn + Enable draft RR types CLA and IPN. + --enable-rrtypes-hhit-brid + Enable draft RR types HHIT and BRID. --disable-rpath disable hardcoded rpath (default=enabled) Optional Packages: @@ -1633,7 +1644,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.8.4 +ldns configure 1.9.0 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2252,7 +2263,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.8.4, which was +It was created by ldns $as_me 1.9.0, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3016,9 +3027,9 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # needed to build correct soname LDNS_VERSION_MAJOR=1 -LDNS_VERSION_MINOR=8 +LDNS_VERSION_MINOR=9 -LDNS_VERSION_MICRO=4 +LDNS_VERSION_MICRO=0 # Library version @@ -3040,6 +3051,7 @@ LDNS_VERSION_MICRO=4 # ldns-1.8.1 had libversion 6:0:3 # ldns-1.8.2 had libversion 7:0:4 # ldns-1.8.3 has libversion 8:0:5 +# ldns-1.9.0 will have libversion 9:0:6 (new behaviour for dnssec_rrs_add_rr) # VERSION_INFO=9:0:6 @@ -17548,12 +17560,19 @@ printf "%s\n" "#define USE_DANE_TA_USAGE 1" >>confdefs.h ;; esac +# Check whether --enable-draft-rrtypes was given. +if test ${enable_draft_rrtypes+y} +then : + enableval=$enable_draft_rrtypes; +fi + # Check whether --enable-rrtype-ninfo was given. if test ${enable_rrtype_ninfo+y} then : enableval=$enable_rrtype_ninfo; fi +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_ninfo="yes"; fi case "$enable_rrtype_ninfo" in yes) @@ -17569,6 +17588,7 @@ then : enableval=$enable_rrtype_rkey; fi +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_rkey="yes"; fi case "$enable_rrtype_rkey" in yes) @@ -17599,6 +17619,7 @@ then : enableval=$enable_rrtype_ta; fi +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_ta="yes"; fi case "$enable_rrtype_ta" in yes) @@ -17614,6 +17635,7 @@ then : enableval=$enable_rrtype_avc; fi +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_avc="yes"; fi case "$enable_rrtype_avc" in yes) @@ -17629,6 +17651,7 @@ then : enableval=$enable_rrtype_doa; fi +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_doa="yes"; fi case "$enable_rrtype_doa" in yes) @@ -17683,6 +17706,53 @@ printf "%s\n" "#define RRTYPE_RESINFO /**/" >>confdefs.h ;; esac +# Check whether --enable-rrtype-dsync was given. +if test ${enable_rrtype_dsync+y} +then : + enableval=$enable_rrtype_dsync; +fi + +case "$enable_rrtype_dsync" in + no) + ;; + yes|*) + +printf "%s\n" "#define RRTYPE_DSYNC /**/" >>confdefs.h + + ;; +esac +# Check whether --enable-rrtypes-cla-ipn was given. +if test ${enable_rrtypes_cla_ipn+y} +then : + enableval=$enable_rrtypes_cla_ipn; +fi + +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtypes_cla_ipn="yes"; fi +case "$enable_rrtypes_cla_ipn" in + yes) + +printf "%s\n" "#define RRTYPE_CLA_IPN /**/" >>confdefs.h + + ;; + no|*) + ;; +esac +# Check whether --enable-rrtypes-hhit-brid was given. +if test ${enable_rrtypes_hhit_brid+y} +then : + enableval=$enable_rrtypes_hhit_brid; +fi + +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtypes_hhit_brid="yes"; fi +case "$enable_rrtypes_hhit_brid" in + yes) + +printf "%s\n" "#define RRTYPE_HHIT_BRID /**/" >>confdefs.h + + ;; + no|*) + ;; +esac if echo "$tmp_LIBS" | grep "ws2_32" >/dev/null; then @@ -20455,7 +20525,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.8.4, which was +This file was extended by ldns $as_me 1.9.0, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20523,7 +20593,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -ldns config.status 1.8.4 +ldns config.status 1.9.0 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/contrib/ldns/configure.ac b/contrib/ldns/configure.ac index 9bf9823f73c..91938e4a343 100644 --- a/contrib/ldns/configure.ac +++ b/contrib/ldns/configure.ac @@ -5,8 +5,8 @@ sinclude(acx_nlnetlabs.m4) # must be numbers. ac_defun because of later processing. m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[8]) -m4_define([VERSION_MICRO],[4]) +m4_define([VERSION_MINOR],[9]) +m4_define([VERSION_MICRO],[0]) AC_INIT([ldns],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[dns-team@nlnetlabs.nl],[libdns]) AC_CONFIG_SRCDIR([packet.c]) # needed to build correct soname @@ -33,6 +33,7 @@ AC_SUBST(LDNS_VERSION_MICRO, [VERSION_MICRO]) # ldns-1.8.1 had libversion 6:0:3 # ldns-1.8.2 had libversion 7:0:4 # ldns-1.8.3 has libversion 8:0:5 +# ldns-1.9.0 will have libversion 9:0:6 (new behaviour for dnssec_rrs_add_rr) # AC_SUBST(VERSION_INFO, [9:0:6]) @@ -667,7 +668,9 @@ case "$enable_dane" in ;; esac +AC_ARG_ENABLE(draft-rrtypes, AS_HELP_STRING([--enable-draft-rrtypes],[Enable all draft RR types.])) AC_ARG_ENABLE(rrtype-ninfo, AS_HELP_STRING([--enable-rrtype-ninfo],[Enable draft RR type ninfo.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_ninfo="yes"; fi case "$enable_rrtype_ninfo" in yes) AC_DEFINE_UNQUOTED([RRTYPE_NINFO], [], [Define this to enable RR type NINFO.]) @@ -676,6 +679,7 @@ case "$enable_rrtype_ninfo" in ;; esac AC_ARG_ENABLE(rrtype-rkey, AS_HELP_STRING([--enable-rrtype-rkey],[Enable draft RR type rkey.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_rkey="yes"; fi case "$enable_rrtype_rkey" in yes) AC_DEFINE_UNQUOTED([RRTYPE_RKEY], [], [Define this to enable RR type RKEY.]) @@ -692,6 +696,7 @@ case "$enable_rrtype_openpgpkey" in ;; esac AC_ARG_ENABLE(rrtype-ta, AS_HELP_STRING([--enable-rrtype-ta],[Enable draft RR type ta.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_ta="yes"; fi case "$enable_rrtype_ta" in yes) AC_DEFINE_UNQUOTED([RRTYPE_TA], [], [Define this to enable RR type TA.]) @@ -700,6 +705,7 @@ case "$enable_rrtype_ta" in ;; esac AC_ARG_ENABLE(rrtype-avc, AS_HELP_STRING([--enable-rrtype-avc],[Enable draft RR type avc.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_avc="yes"; fi case "$enable_rrtype_avc" in yes) AC_DEFINE_UNQUOTED([RRTYPE_AVC], [], [Define this to enable RR type AVC.]) @@ -708,6 +714,7 @@ case "$enable_rrtype_avc" in ;; esac AC_ARG_ENABLE(rrtype-doa, AS_HELP_STRING([--enable-rrtype-doa],[Enable draft RR type DOA.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtype_doa="yes"; fi case "$enable_rrtype_doa" in yes) AC_DEFINE_UNQUOTED([RRTYPE_DOA], [], [Define this to enable RR type DOA.]) @@ -731,7 +738,7 @@ case "$enable_rrtype_svcb_https" in AC_DEFINE_UNQUOTED([RRTYPE_SVCB_HTTPS], [], [Define this to enable RR types SVCB and HTTPS.]) ;; esac -AC_ARG_ENABLE(rrtype-resinfo, AS_HELP_STRING([--enable-rrtype-resinfo],[Disable RR type RESINFO.])) +AC_ARG_ENABLE(rrtype-resinfo, AS_HELP_STRING([--disable-rrtype-resinfo],[Disable RR type RESINFO.])) case "$enable_rrtype_resinfo" in no) ;; @@ -739,6 +746,32 @@ case "$enable_rrtype_resinfo" in AC_DEFINE_UNQUOTED([RRTYPE_RESINFO], [], [Define this to enable RR type RESINFO.]) ;; esac +AC_ARG_ENABLE(rrtype-dsync, AS_HELP_STRING([--disable-rrtype-dsync],[Disable RR type DSYNC.])) +case "$enable_rrtype_dsync" in + no) + ;; + yes|*) + AC_DEFINE_UNQUOTED([RRTYPE_DSYNC], [], [Define this to enable RR type DSYNC.]) + ;; +esac +AC_ARG_ENABLE(rrtypes-cla-ipn, AS_HELP_STRING([--enable-rrtypes-cla-ipn],[Enable draft RR types CLA and IPN.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtypes_cla_ipn="yes"; fi +case "$enable_rrtypes_cla_ipn" in + yes) + AC_DEFINE_UNQUOTED([RRTYPE_CLA_IPN], [], [Define this to enable RR types CLA and IPN.]) + ;; + no|*) + ;; +esac +AC_ARG_ENABLE(rrtypes-hhit-brid, AS_HELP_STRING([--enable-rrtypes-hhit-brid],[Enable draft RR types HHIT and BRID.])) +if test "x$enable_draft_rrtypes" = "xyes"; then enable_rrtypes_hhit_brid="yes"; fi +case "$enable_rrtypes_hhit_brid" in + yes) + AC_DEFINE_UNQUOTED([RRTYPE_HHIT_BRID], [], [Define this to enable RR types HHIT and BRID.]) + ;; + no|*) + ;; +esac if echo "$tmp_LIBS" | grep "ws2_32" >/dev/null; then @@ -1193,7 +1226,7 @@ size_t strlcpy(char *dst, const char *src, size_t siz); #define close_socket(_s) do { if (_s != SOCK_INVALID) {closesocket(_s); _s = -1;} } while(0) #else #define SOCK_INVALID -1 -#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s); _s = -1;} } while(0) +#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s >= -1 ? _s : -1); _s = -1;} } while(0) #endif #ifdef __cplusplus diff --git a/contrib/ldns/dnssec.c b/contrib/ldns/dnssec.c index 0a7beb4ebfd..1339e73c3c7 100644 --- a/contrib/ldns/dnssec.c +++ b/contrib/ldns/dnssec.c @@ -285,6 +285,7 @@ ldns_calc_keytag(const ldns_rr *key) } if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(key) != LDNS_RR_TYPE_CDNSKEY && ldns_rr_get_type(key) != LDNS_RR_TYPE_KEY ) { return 0; @@ -517,7 +518,8 @@ ldns_key_rr2ds(const ldns_rr *key, ldns_hash h) const EVP_MD* md = NULL; #endif - if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) { + if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(key) != LDNS_RR_TYPE_CDNSKEY) { return NULL; } diff --git a/contrib/ldns/dnssec_zone.c b/contrib/ldns/dnssec_zone.c index c0a7a6a4933..d54920952a9 100644 --- a/contrib/ldns/dnssec_zone.c +++ b/contrib/ldns/dnssec_zone.c @@ -72,8 +72,9 @@ ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr) new_rrs->next = rrs->next; rrs->rr = rr; rrs->next = new_rrs; - } - /* Silently ignore equal rr's */ + } else + return LDNS_STATUS_EQUAL_RR; + return LDNS_STATUS_OK; } @@ -733,25 +734,37 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or */ ldns_rr_set_ttl(cur_rr, ldns_rr_ttl(prev_rr)); - prev_rr = cur_rr; #endif status = ldns_dnssec_zone_add_rr(newzone, cur_rr); - if (status == - LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { - + switch(status) { + case LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND: if (rr_is_rrsig_covering(cur_rr, LDNS_RR_TYPE_NSEC3)){ ldns_rr_list_push_rr(todo_nsec3_rrsigs, cur_rr); } else { ldns_rr_list_push_rr(todo_nsec3s, - cur_rr); + cur_rr); } status = LDNS_STATUS_OK; - - } else if (status != LDNS_STATUS_OK) + break; + case LDNS_STATUS_EQUAL_RR: + ldns_rr_free(cur_rr); +#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP + cur_rr = prev_rr; +#else + cur_rr = NULL; +#endif + status = LDNS_STATUS_OK; + break; + case LDNS_STATUS_OK: + break; + default: goto error; - + } +#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP + prev_rr = cur_rr; +#endif break; case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/ @@ -1511,11 +1524,18 @@ dnssec_zone_rr_iter_first(dnssec_zone_rr_iter *i, ldns_dnssec_zone *zone) : (ldns_dnssec_name *)i->node->data; if (zone->hashed_names) { - do { - i->nsec3_node = ldns_rbtree_first(zone->hashed_names); - i->nsec3_name = i->nsec3_node == LDNS_RBTREE_NULL ?NULL - : (ldns_dnssec_name*)i->nsec3_node->data; - } while (i->nsec3_name && !i->nsec3_name->nsec); + i->nsec3_node = ldns_rbtree_first(zone->hashed_names); + i->nsec3_name = i->nsec3_node == LDNS_RBTREE_NULL ? NULL + : (ldns_dnssec_name*)i->nsec3_node->data; + /* While there is no NSEC3 RR present at this hashed name, + * skip to the next hashed name. + */ + while (i->nsec3_name && !i->nsec3_name->nsec) { + /* next nsec3 */ + i->nsec3_node = ldns_rbtree_next(i->nsec3_node); + i->nsec3_name = i->nsec3_node == LDNS_RBTREE_NULL ? NULL + : (ldns_dnssec_name*)i->nsec3_node->data; + } } dnssec_zone_rr_iter_set_state_for_next_name(i); return dnssec_zone_rr_iter_next(i); diff --git a/contrib/ldns/drill/drill.c b/contrib/ldns/drill/drill.c index 44c1b7687ae..9db77cf1cc7 100644 --- a/contrib/ldns/drill/drill.c +++ b/contrib/ldns/drill/drill.c @@ -855,7 +855,7 @@ main(int argc, char *argv[]) status = ldns_send_buffer(&pkt, res, query_buffer, NULL); ldns_buffer_free(query_buffer); if (status != LDNS_STATUS_OK) { - printf("Error: %s\n", ldns_get_errorstr_by_id(status)); + fprintf(stderr, "Error: %s\n", ldns_get_errorstr_by_id(status)); exit(1); } } else { diff --git a/contrib/ldns/drill/securetrace.c b/contrib/ldns/drill/securetrace.c index 90014b4e300..dcd5c7739f4 100644 --- a/contrib/ldns/drill/securetrace.c +++ b/contrib/ldns/drill/securetrace.c @@ -291,7 +291,12 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, /* trust glue? */ new_ns_addr = NULL; if (ldns_dname_is_subdomain(pop, labels[i])) { - new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL); + if (ldns_resolver_ip6(res) == LDNS_RESOLV_INET6) { + new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL); + } else { + /* If IPv4 is specified, or no IP version is specified, default to A record and use IPv4 */ + new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL); + } } if (!new_ns_addr || ldns_rr_list_rr_count(new_ns_addr) == 0) { new_ns_addr = ldns_get_rr_list_addr_by_name(res, pop, c, 0); diff --git a/contrib/ldns/error.c b/contrib/ldns/error.c index 50cdc6300bd..5723aea9b4c 100644 --- a/contrib/ldns/error.c +++ b/contrib/ldns/error.c @@ -189,6 +189,8 @@ ldns_lookup_table ldns_error_str[] = { { LDNS_STATUS_EDE_OPTION_MALFORMED, "The extended error code option is malformed, expected " "at least 2 bytes of option data" }, + { LDNS_STATUS_EQUAL_RR, + "An identical RR already existed in the zone" }, { 0, NULL } }; diff --git a/contrib/ldns/host2str.c b/contrib/ldns/host2str.c index b753566a6c6..e08c67537a7 100644 --- a/contrib/ldns/host2str.c +++ b/contrib/ldns/host2str.c @@ -406,6 +406,14 @@ ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf) return ldns_buffer_status(output); } +ldns_status +ldns_rdf2buffer_str_int64(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint64_t data = ldns_read_uint64(ldns_rdf_data(rdf)); + ldns_buffer_printf(output, "%llu", (unsigned long long) data); + return ldns_buffer_status(output); +} + ldns_status ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf) { @@ -1221,6 +1229,34 @@ ldns_rdf2buffer_str_eui64(ldns_buffer *output, const ldns_rdf *rdf) return ldns_buffer_status(output); } +ldns_status +ldns_rdf2buffer_str_unquoted(ldns_buffer *output, const ldns_rdf *rdf) +{ + size_t amount, i; + uint8_t ch; + if(ldns_rdf_size(rdf) < 1) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + if((int)ldns_rdf_size(rdf) < (int)ldns_rdf_data(rdf)[0] + 1) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + amount = ldns_rdf_data(rdf)[0]; + for(i=0; i_key.hmac.size) { return k->_key.hmac.size; } else { return 0; } +#endif } void * diff --git a/contrib/ldns/ldns/config.h.in b/contrib/ldns/ldns/config.h.in index 5449bee6338..a8f061617a8 100644 --- a/contrib/ldns/ldns/config.h.in +++ b/contrib/ldns/ldns/config.h.in @@ -394,9 +394,18 @@ /* Define this to enable RR type AVC. */ #undef RRTYPE_AVC +/* Define this to enable RR types CLA and IPN. */ +#undef RRTYPE_CLA_IPN + /* Define this to enable RR type DOA. */ #undef RRTYPE_DOA +/* Define this to enable RR type DSYNC. */ +#undef RRTYPE_DSYNC + +/* Define this to enable RR types HHIT and BRID. */ +#undef RRTYPE_HHIT_BRID + /* Define this to enable RR type NINFO. */ #undef RRTYPE_NINFO @@ -772,7 +781,7 @@ size_t strlcpy(char *dst, const char *src, size_t siz); #define close_socket(_s) do { if (_s != SOCK_INVALID) {closesocket(_s); _s = -1;} } while(0) #else #define SOCK_INVALID -1 -#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s); _s = -1;} } while(0) +#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s >= -1 ? _s : -1); _s = -1;} } while(0) #endif #ifdef __cplusplus diff --git a/contrib/ldns/ldns/dnssec_zone.h b/contrib/ldns/ldns/dnssec_zone.h index 156e3910232..335f57a3c4a 100644 --- a/contrib/ldns/ldns/dnssec_zone.h +++ b/contrib/ldns/ldns/dnssec_zone.h @@ -131,7 +131,8 @@ void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs); * * \param[in] rrs the list to add to * \param[in] rr the RR to add - * \return LDNS_STATUS_OK on success + * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and + * RR with equal ownername, class, type and rdata already exists. */ ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr); @@ -199,7 +200,8 @@ ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, * * \param[in] rrsets the list of rrsets to add the RR to * \param[in] rr the rr to add to the list of rrsets - * \return LDNS_STATUS_OK on success + * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and + * RR with equal ownername, class, type and rdata already exists. */ ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr); @@ -313,7 +315,9 @@ int ldns_dnssec_name_cmp(const void *a, const void *b); * * \param[in] name The ldns_dnssec_name to add the RR to * \param[in] rr The RR to add - * \return LDNS_STATUS_OK on success, error code otherwise + * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and + * RR with equal ownername, class, type and rdata already exists, + * and an error code otherwise */ ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name, ldns_rr *rr); @@ -415,7 +419,9 @@ void ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone); * * \param[in] zone the zone to add the RR to * \param[in] rr The RR to add - * \return LDNS_STATUS_OK on success, an error code otherwise + * \return LDNS_STATUS_OK on success and LDNS_STATUS_EQUAL_ERR when and + * RR with equal ownername, class, type and rdata already exists, + * and an error code otherwise */ ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr); diff --git a/contrib/ldns/ldns/edns.h b/contrib/ldns/ldns/edns.h index a33ed055767..7e51ab322ce 100644 --- a/contrib/ldns/ldns/edns.h +++ b/contrib/ldns/ldns/edns.h @@ -76,7 +76,11 @@ enum ldns_edns_enum_ede_code LDNS_EDE_NETWORK_ERROR = 23, LDNS_EDE_INVALID_DATA = 24, LDNS_EDE_SIGNATURE_EXPIRED_BEFORE_VALID = 25, - LDNS_EDE_TOO_EARLY = 26 + LDNS_EDE_TOO_EARLY = 26, /* RFC 9250 */ + LDNS_EDE_UNSUPPORTED_NSEC3_ITERATIONS_VALUE = 27, /* RFC 9276 */ + LDNS_EDE_UNABLE_TO_CONFORM_TO_POLICY = 28, /* draft-homburg-dnsop-codcp-00 */ + LDNS_EDE_SYNTHESIZED = 29, /* https://github.com/PowerDNS/pdns/pull/12334 */ + LDNS_EDE_INVALID_QUERY_TYPE = 30 /* RFC 9824 */ }; typedef enum ldns_edns_enum_ede_code ldns_edns_ede_code; diff --git a/contrib/ldns/ldns/error.h b/contrib/ldns/ldns/error.h index 011df284725..a76eb2ecab5 100644 --- a/contrib/ldns/ldns/error.h +++ b/contrib/ldns/ldns/error.h @@ -143,7 +143,8 @@ enum ldns_enum_status { LDNS_STATUS_SVCPARAM_KEY_MORE_THAN_ONCE, LDNS_STATUS_INVALID_SVCPARAM_VALUE, LDNS_STATUS_NOT_EDE, - LDNS_STATUS_EDE_OPTION_MALFORMED + LDNS_STATUS_EDE_OPTION_MALFORMED, + LDNS_STATUS_EQUAL_RR }; typedef enum ldns_enum_status ldns_status; diff --git a/contrib/ldns/ldns/host2str.h b/contrib/ldns/ldns/host2str.h index 79f5561a945..2f67e278793 100644 --- a/contrib/ldns/ldns/host2str.h +++ b/contrib/ldns/ldns/host2str.h @@ -581,6 +581,14 @@ ldns_status ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf); */ ldns_status ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf); +/** + * Converts an LDNS_RDF_TYPE_INT64 rdata element to presentation format. + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_int64(ldns_buffer *output, const ldns_rdf *rdf); + /** * Converts an LDNS_RDF_TYPE_TIME rdata element to string format and adds it to the output buffer * \param[in] *rdf The rdata to convert @@ -619,6 +627,16 @@ ldns_status ldns_rdf2buffer_str_eui48(ldns_buffer *output, ldns_status ldns_rdf2buffer_str_eui64(ldns_buffer *output, const ldns_rdf *rdf); +/** + * Adds the LDNS_RDF_TYPE_UNQUOTED rdata to the output buffer, + * it escapes nonprinting and special characters. + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_unquoted(ldns_buffer *output, + const ldns_rdf *rdf); + /** * Adds the LDNS_RDF_TYPE_TAG rdata to the output buffer, * provided it contains only alphanumeric characters. diff --git a/contrib/ldns/ldns/packet.h b/contrib/ldns/ldns/packet.h index 2c60609fc07..974944149a2 100644 --- a/contrib/ldns/ldns/packet.h +++ b/contrib/ldns/ldns/packet.h @@ -709,6 +709,19 @@ bool ldns_pkt_edns_do(const ldns_pkt *packet); */ void ldns_pkt_set_edns_do(ldns_pkt *packet, bool value); +/** + * return the packet's edns co bit + * \param[in] packet the packet + * \return the bit's value + */ +bool ldns_pkt_edns_co(const ldns_pkt *packet); +/** + * Set the packet's edns co bit + * \param[in] packet the packet + * \param[in] value the bit's new value + */ +void ldns_pkt_set_edns_co(ldns_pkt *packet, bool value); + /** * return the packet's EDNS header bits that are unassigned. */ diff --git a/contrib/ldns/ldns/rdata.h b/contrib/ldns/ldns/rdata.h index 1e2fd397a38..7623bd17a73 100644 --- a/contrib/ldns/ldns/rdata.h +++ b/contrib/ldns/ldns/rdata.h @@ -54,6 +54,8 @@ enum ldns_enum_rdf_type LDNS_RDF_TYPE_INT16, /** 32 bits */ LDNS_RDF_TYPE_INT32, + /** 64 bits */ + LDNS_RDF_TYPE_INT64, /** A record */ LDNS_RDF_TYPE_A, /** AAAA record */ @@ -70,6 +72,7 @@ enum ldns_enum_rdf_type LDNS_RDF_TYPE_HEX, /** nsec type codes */ LDNS_RDF_TYPE_NSEC, + LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC, /** a RR type */ LDNS_RDF_TYPE_TYPE, /** a class */ @@ -120,6 +123,9 @@ enum ldns_enum_rdf_type /** 8 * 8 bit hex numbers separated by dashes. For EUI64. */ LDNS_RDF_TYPE_EUI64, + /** Character string without quotes. */ + LDNS_RDF_TYPE_UNQUOTED, + /** A non-zero sequence of US-ASCII letters and numbers in lower case. * For CAA. */ @@ -145,8 +151,8 @@ enum ldns_enum_rdf_type /** draft-ietf-dnsop-svcb-https **/ LDNS_RDF_TYPE_SVCPARAMS, - /* Aliases */ - LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC + /** draft-johnson-dns-ipn-cla-07 **/ + LDNS_RDF_TYPE_IPN }; typedef enum ldns_enum_rdf_type ldns_rdf_type; diff --git a/contrib/ldns/ldns/rr.h b/contrib/ldns/ldns/rr.h index 314f159707b..d2e4ee90aa9 100644 --- a/contrib/ldns/ldns/rr.h +++ b/contrib/ldns/ldns/rr.h @@ -194,6 +194,9 @@ enum ldns_enum_rr_type LDNS_RR_TYPE_ZONEMD = 63, /* RFC 8976 */ LDNS_RR_TYPE_SVCB = 64, /* RFC 9460 */ LDNS_RR_TYPE_HTTPS = 65, /* RFC 9460 */ + LDNS_RR_TYPE_DSYNC = 66, /* RFC 9859 */ + LDNS_RR_TYPE_HHIT = 67, /* draft-ietf-drip-registries-28 */ + LDNS_RR_TYPE_BRID = 68, /* draft-ietf-drip-registries-28 */ LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ @@ -210,7 +213,7 @@ enum ldns_enum_rr_type LDNS_RR_TYPE_EUI48 = 108, /* RFC 7043 */ LDNS_RR_TYPE_EUI64 = 109, /* RFC 7043 */ - LDNS_RR_TYPE_NXNAME = 128, /* draft-ietf-dnsop-compact-denial-of-existence */ + LDNS_RR_TYPE_NXNAME = 128, /* RFC 9824 */ LDNS_RR_TYPE_TKEY = 249, /* RFC 2930 */ LDNS_RR_TYPE_TSIG = 250, @@ -236,6 +239,12 @@ enum ldns_enum_rr_type /** https://iana.org/assignments/dns-parameters/WALLET/wallet-completed-template */ LDNS_RR_TYPE_WALLET = 262, + /** https://www.iana.org/assignments/dns-parameters/CLA/cla-completed-template */ + LDNS_RR_TYPE_CLA = 263, + + /** https://www.iana.org/assignments/dns-parameters/IPN/ipn-completed-template */ + LDNS_RR_TYPE_IPN = 264, + /** DNSSEC Trust Authorities */ LDNS_RR_TYPE_TA = 32768, /* RFC 4431, 5074, DNSSEC Lookaside Validation */ @@ -251,7 +260,7 @@ enum ldns_enum_rr_type typedef enum ldns_enum_rr_type ldns_rr_type; /* The first fields are contiguous and can be referenced instantly */ -#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON (LDNS_RR_TYPE_WALLET + 1) +#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON (LDNS_RR_TYPE_IPN + 1) /** * Resource Record @@ -724,6 +733,13 @@ bool ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, const ldns_rr *rr); */ bool ldns_is_rrset(const ldns_rr_list *rr_list); +/** + * checks if an rr_list is a rrset, including checking for TTL. + * \param[in] rr_list the rr_list to check + * \return true if it is an rrset otherwise false + */ +bool ldns_is_rrset_strict(const ldns_rr_list *rr_list); + /** * pushes an rr to an rrset (which really are rr_list's). * \param[in] *rr_list the rrset to push the rr to diff --git a/contrib/ldns/ldns/str2host.h b/contrib/ldns/ldns/str2host.h index 2892db0bfb1..18bd7f6d7e8 100644 --- a/contrib/ldns/ldns/str2host.h +++ b/contrib/ldns/ldns/str2host.h @@ -331,6 +331,16 @@ ldns_status ldns_str2rdf_amtrelay(ldns_rdf **rd, const char *str); */ ldns_status ldns_str2rdf_svcparams(ldns_rdf **rd, const char *str); +/** + * Convert either two unsigned 32 bit decimal numbers seperated by a '.', + * or a single unsigned 64 bit decimal number, as described in + * [draft-johnson-dns-ipn-cla-07]. + * \param[out] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_ipn(ldns_rdf **rd, const char *str); + #ifdef __cplusplus } diff --git a/contrib/ldns/ldns/util.h.in b/contrib/ldns/ldns/util.h.in index 7115a2b7f3b..6b243ac2b5a 100644 --- a/contrib/ldns/ldns/util.h.in +++ b/contrib/ldns/ldns/util.h.in @@ -72,8 +72,10 @@ ldns_read_uint16(const void *src) #ifdef ALLOW_UNALIGNED_ACCESSES return ntohs(*(const uint16_t *) src); #else +# ifndef __clang_analyzer__ const uint8_t *p = (const uint8_t *) src; return ((uint16_t) p[0] << 8) | (uint16_t) p[1]; +# endif #endif } @@ -91,6 +93,26 @@ ldns_read_uint32(const void *src) #endif } +INLINE uint64_t +ldns_read_uint64(const void *src) +{ +#ifdef ALLOW_UNALIGNED_ACCESSES + const uint32_t *p = (const uint32_t *) src; + return ( ((uint64_t) ntohl(src[0]) << 32) + | (uint64_t) ntohl(src[1])); +#else + const uint8_t *p = (const uint8_t *) src; + return ( ((uint64_t) p[0] << 56) + | ((uint64_t) p[1] << 48) + | ((uint64_t) p[2] << 40) + | ((uint64_t) p[3] << 32) + | ((uint64_t) p[4] << 24) + | ((uint64_t) p[5] << 16) + | ((uint64_t) p[6] << 8) + | (uint64_t) p[7]); +#endif +} + /* * Copy data allowing for unaligned accesses in network byte order * (big endian). diff --git a/contrib/ldns/net.c b/contrib/ldns/net.c index 8fc9c8c48d8..e944d018b35 100644 --- a/contrib/ldns/net.c +++ b/contrib/ldns/net.c @@ -754,6 +754,8 @@ ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout) uint16_t wire_size; ssize_t bytes = 0, rc = 0; + if(sockfd < 0) + return NULL; wire = LDNS_XMALLOC(uint8_t, 2); if (!wire) { *size = 0; diff --git a/contrib/ldns/packet.c b/contrib/ldns/packet.c index d21e2e3c3fb..f11eba571ec 100644 --- a/contrib/ldns/packet.c +++ b/contrib/ldns/packet.c @@ -27,7 +27,10 @@ */ #define LDNS_EDNS_MASK_DO_BIT 0x8000 -#define LDNS_EDNS_MASK_UNASSIGNED (0xFFFF & ~LDNS_EDNS_MASK_DO_BIT) +#define LDNS_EDNS_MASK_CO_BIT 0x4000 +#define LDNS_EDNS_MASK_UNASSIGNED (0xFFFF & ~( LDNS_EDNS_MASK_DO_BIT \ + | LDNS_EDNS_MASK_CO_BIT )) + /* TODO defines for 3600 */ /* convert to and from numerical flag values */ @@ -244,6 +247,22 @@ ldns_pkt_set_edns_do(ldns_pkt *packet, bool value) } } +bool +ldns_pkt_edns_co(const ldns_pkt *packet) +{ + return (packet->_edns_z & LDNS_EDNS_MASK_CO_BIT); +} + +void +ldns_pkt_set_edns_co(ldns_pkt *packet, bool value) +{ + if (value) { + packet->_edns_z = packet->_edns_z | LDNS_EDNS_MASK_CO_BIT; + } else { + packet->_edns_z = packet->_edns_z & ~LDNS_EDNS_MASK_CO_BIT; + } +} + uint16_t ldns_pkt_edns_unassigned(const ldns_pkt *packet) { @@ -754,6 +773,7 @@ ldns_pkt_edns(const ldns_pkt *pkt) ldns_pkt_edns_extended_rcode(pkt) > 0 || ldns_pkt_edns_data(pkt) || ldns_pkt_edns_do(pkt) || + ldns_pkt_edns_co(pkt) || pkt->_edns_list || pkt->_edns_present ); @@ -1255,6 +1275,7 @@ ldns_pkt_clone(const ldns_pkt *pkt) ldns_pkt_set_edns_data(new_pkt, ldns_rdf_clone(ldns_pkt_edns_data(pkt))); ldns_pkt_set_edns_do(new_pkt, ldns_pkt_edns_do(pkt)); + ldns_pkt_set_edns_co(new_pkt, ldns_pkt_edns_co(pkt)); if (pkt->_edns_list) ldns_pkt_set_edns_option_list(new_pkt, ldns_edns_option_list_clone(pkt->_edns_list)); diff --git a/contrib/ldns/rdata.c b/contrib/ldns/rdata.c index 3f899a217eb..5befc9e70f7 100644 --- a/contrib/ldns/rdata.c +++ b/contrib/ldns/rdata.c @@ -345,6 +345,9 @@ ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str) case LDNS_RDF_TYPE_EUI64: status = ldns_str2rdf_eui64(&rdf, str); break; + case LDNS_RDF_TYPE_UNQUOTED: + status = ldns_str2rdf_str(&rdf, str); + break; case LDNS_RDF_TYPE_TAG: status = ldns_str2rdf_tag(&rdf, str); break; @@ -366,6 +369,9 @@ ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str) case LDNS_RDF_TYPE_SVCPARAMS: status = ldns_str2rdf_svcparams(&rdf, str); break; + case LDNS_RDF_TYPE_IPN: + status = ldns_str2rdf_ipn(&rdf, str); + break; case LDNS_RDF_TYPE_NONE: default: /* default default ??? */ diff --git a/contrib/ldns/resolver.c b/contrib/ldns/resolver.c index a426b82c034..0f2fdb52e5d 100644 --- a/contrib/ldns/resolver.c +++ b/contrib/ldns/resolver.c @@ -1062,6 +1062,8 @@ ldns_resolver_search_status(ldns_pkt** pkt, /* query as-is */ return ldns_resolver_query_status(pkt, r, name, t, c, flags); } else if (ldns_resolver_dnsrch(r)) { + ldns_pkt *return_pkt = NULL; + search_list = ldns_resolver_searchlist(r); for (i = 0; i <= ldns_resolver_searchlist_count(r); i++) { if (i == ldns_resolver_searchlist_count(r)) { @@ -1072,21 +1074,25 @@ ldns_resolver_search_status(ldns_pkt** pkt, search_list[i]); } - s = ldns_resolver_query_status(pkt, r, + s = ldns_resolver_query_status(&return_pkt, r, new_name, t, c, flags); ldns_rdf_deep_free(new_name); - if (pkt && *pkt) { + if (return_pkt) { if (s == LDNS_STATUS_OK && - ldns_pkt_get_rcode(*pkt) == - LDNS_RCODE_NOERROR) { + ldns_pkt_get_rcode(return_pkt) + == LDNS_RCODE_NOERROR) { return LDNS_STATUS_OK; + } else if (i < ldns_resolver_searchlist_count(r)) { + ldns_pkt_free(return_pkt); + return_pkt = NULL; } - ldns_pkt_free(*pkt); - *pkt = NULL; } } + if (pkt && return_pkt) { + *pkt = return_pkt; + } } return s; } diff --git a/contrib/ldns/rr.c b/contrib/ldns/rr.c index 44e3369e32b..a7ad259affa 100644 --- a/contrib/ldns/rr.c +++ b/contrib/ldns/rr.c @@ -391,12 +391,6 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str, ldns_buffer_skip(rd_buf, 1); quoted = true; } - if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt) - == LDNS_RDF_TYPE_LONG_STR) { - - status = LDNS_STATUS_SYNTAX_RDATA_ERR; - goto error; - } } /* because number of fields can be variable, we can't rely on @@ -412,8 +406,8 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str, } pre_data_pos = ldns_buffer_position(rd_buf); - if (-1 == (c = ldns_bget_token( - rd_buf, rd, delimiters, LDNS_MAX_RDFLEN))) { + if (-1 == ldns_bget_token( + rd_buf, rd, delimiters, LDNS_MAX_RDFLEN)) { done = true; (void)done; /* we're breaking, so done not read anymore */ @@ -1288,7 +1282,47 @@ ldns_is_rrset(const ldns_rr_list *rr_list) if (c != ldns_rr_get_class(tmp)) { return false; } - if (ldns_rdf_compare(o, ldns_rr_owner(tmp)) != 0) { + if (ldns_dname_compare(o, ldns_rr_owner(tmp)) != 0) { + return false; + } + } + return true; +} + +bool +ldns_is_rrset_strict(const ldns_rr_list *rr_list) +{ + ldns_rr_type t; + ldns_rr_class c; + uint32_t l; + ldns_rdf *o; + ldns_rr *tmp; + size_t i; + + if (!rr_list || ldns_rr_list_rr_count(rr_list) == 0) { + return false; + } + + tmp = ldns_rr_list_rr(rr_list, 0); + + t = ldns_rr_get_type(tmp); + c = ldns_rr_get_class(tmp); + l = ldns_rr_ttl(tmp); + o = ldns_rr_owner(tmp); + + /* compare these with the rest of the rr_list, start with 1 */ + for (i = 1; i < ldns_rr_list_rr_count(rr_list); i++) { + tmp = ldns_rr_list_rr(rr_list, i); + if (t != ldns_rr_get_type(tmp)) { + return false; + } + if (c != ldns_rr_get_class(tmp)) { + return false; + } + if (l != ldns_rr_ttl(tmp)) { + return false; + } + if (ldns_dname_compare(o, ldns_rr_owner(tmp)) != 0) { return false; } } @@ -1682,8 +1716,8 @@ ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2) return result; } -/* convert dnskey to a ds with the given algorithm, - * then compare the result with the given ds */ +/* convert (c)dnskey to a (c)ds with the given algorithm, + * then compare the result with the given (c)ds */ static int ldns_rr_compare_ds_dnskey(ldns_rr *ds, ldns_rr *dnskey) @@ -1693,8 +1727,10 @@ ldns_rr_compare_ds_dnskey(ldns_rr *ds, ldns_hash algo; if (!dnskey || !ds || - ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS || - ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_DNSKEY) { + (ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS && + ldns_rr_get_type(ds) != LDNS_RR_TYPE_CDS) || + (ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_CDNSKEY)) { return false; } @@ -1728,6 +1764,12 @@ ldns_rr_compare_ds(const ldns_rr *orr1, const ldns_rr *orr2) } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DNSKEY && ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DS) { result = ldns_rr_compare_ds_dnskey(rr2, rr1); + } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_CDS && + ldns_rr_get_type(rr2) == LDNS_RR_TYPE_CDNSKEY) { + result = ldns_rr_compare_ds_dnskey(rr1, rr2); + } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_CDNSKEY && + ldns_rr_get_type(rr2) == LDNS_RR_TYPE_CDS) { + result = ldns_rr_compare_ds_dnskey(rr2, rr1); } else { result = (ldns_rr_compare(rr1, rr2) == 0); } @@ -1898,7 +1940,7 @@ static const ldns_rdf_type type_nsap_wireformat[] = { LDNS_RDF_TYPE_NSAP }; static const ldns_rdf_type type_nsap_ptr_wireformat[] = { - LDNS_RDF_TYPE_STR + LDNS_RDF_TYPE_UNQUOTED }; static const ldns_rdf_type type_sig_wireformat[] = { LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32, @@ -1912,7 +1954,7 @@ static const ldns_rdf_type type_px_wireformat[] = { LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME }; static const ldns_rdf_type type_gpos_wireformat[] = { - LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR + LDNS_RDF_TYPE_UNQUOTED, LDNS_RDF_TYPE_UNQUOTED, LDNS_RDF_TYPE_UNQUOTED }; static const ldns_rdf_type type_aaaa_wireformat[] = { LDNS_RDF_TYPE_AAAA }; static const ldns_rdf_type type_loc_wireformat[] = { LDNS_RDF_TYPE_LOC }; @@ -1989,6 +2031,23 @@ static const ldns_rdf_type type_svcb_wireformat[] = { LDNS_RDF_TYPE_SVCPARAMS }; #endif +#ifdef RRTYPE_DSYNC +static const ldns_rdf_type type_dsync_wireformat[] = { + LDNS_RDF_TYPE_TYPE, + LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_DNAME +}; +#endif +#ifdef RRTYPE_HHIT_BRID +static const ldns_rdf_type type_hhit_wireformat[] = { + LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_brid_wireformat[] = { + LDNS_RDF_TYPE_B64 +}; +#endif + /* nsec3 is some vars, followed by same type of data of nsec */ static const ldns_rdf_type type_nsec3_wireformat[] = { /* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/ @@ -2082,6 +2141,12 @@ static const ldns_rdf_type type_amtrelay_wireformat[] = { LDNS_RDF_TYPE_AMTRELAY }; #endif +#ifdef RRTYPE_CLA_IPN +static const ldns_rdf_type type_ipn_wireformat[] = { + LDNS_RDF_TYPE_IPN +}; +#endif + /** \endcond */ @@ -2249,9 +2314,21 @@ static ldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif +#ifdef RRTYPE_DSYNC + /* 66 */ + {LDNS_RR_TYPE_DSYNC, "DSYNC", 4, 4, type_dsync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, +#else {LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif +#ifdef RRTYPE_HHIT_BRID + /* 67 */ + {LDNS_RR_TYPE_HHIT, "HHIT", 1, 1, type_hhit_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 68 */ + {LDNS_RR_TYPE_BRID, "BRID", 1, 1, type_brid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#else {LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif {LDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, @@ -2495,13 +2572,21 @@ static ldns_rr_descriptor rdata_field_descriptors[] = { #endif #ifdef RRTYPE_RESINFO /* 261 */ - {LDNS_RR_TYPE_RESINFO, "RESINFO", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, + {LDNS_RR_TYPE_RESINFO, "RESINFO", 1, 0, NULL, LDNS_RDF_TYPE_UNQUOTED, LDNS_RR_NO_COMPRESS, 0 }, #else {LDNS_RR_TYPE_NULL, "TYPE261", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif /* 262 */ - {LDNS_RR_TYPE_WALLET, "TXT", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, - + {LDNS_RR_TYPE_WALLET, "WALLET", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, +#ifdef RRTYPE_CLA_IPN + /* 263 */ + {LDNS_RR_TYPE_CLA, "CLA", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, + /* 264 */ + {LDNS_RR_TYPE_IPN, "IPN", 1, 1, type_ipn_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#else +{LDNS_RR_TYPE_NULL, "TYPE263", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE264", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif /* split in array, no longer contiguous */ #ifdef RRTYPE_TA @@ -2587,6 +2672,14 @@ ldns_rdf_bitmap_known_rr_types_set(ldns_rdf** rdf, int value) for (d=rdata_field_descriptors; d < rdata_field_descriptors_end; d++) { window = d->_type >> 8; subtype = d->_type & 0xff; + + /* In the code below, windows[window] == 0 means that the + * window is not in use. So subtype == 0 is a problem. The + * easiest solution is to set subtype to 1, that marks the + * window as in use and doesn't have negative effects. + */ + if (subtype == 0) + subtype = 1; if (windows[window] < subtype) { windows[window] = subtype; } diff --git a/contrib/ldns/sha1.c b/contrib/ldns/sha1.c index 9b7e60ece09..470bdfec379 100644 --- a/contrib/ldns/sha1.c +++ b/contrib/ldns/sha1.c @@ -97,7 +97,7 @@ ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOC state[4] += e; /* Wipe variables */ a = b = c = d = e = 0; - (void)a; + (void)a; (void)b; (void)c; (void)d; (void)e; } diff --git a/contrib/ldns/sha2.c b/contrib/ldns/sha2.c index 8988ee06d04..59a6b9d30fc 100644 --- a/contrib/ldns/sha2.c +++ b/contrib/ldns/sha2.c @@ -494,7 +494,8 @@ static void ldns_sha256_Transform(ldns_sha256_CTX* context, /* Clean up */ a = b = c = d = e = f = g = h = T1 = T2 = 0; - (void)a; + (void)a; (void)b; (void)c; (void)d; (void)e; (void)f; (void)g; (void)h; + (void)T1; (void)T2; } #endif /* SHA2_UNROLL_TRANSFORM */ @@ -528,7 +529,7 @@ void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t context->bitcount += len << 3; /* Clean up: */ usedspace = freespace = 0; - (void)usedspace; + (void)usedspace; (void)freespace; return; } } @@ -546,7 +547,7 @@ void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t } /* Clean up: */ usedspace = freespace = 0; - (void)usedspace; + (void)usedspace; (void)freespace; } typedef union _ldns_sha2_buffer_union { @@ -737,6 +738,7 @@ static void ldns_sha512_Transform(ldns_sha512_CTX* context, sha2_word64 a, b, c, d, e, f, g, h, s0, s1; sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer; int j; + sha2_word64 aligned; /* initialize registers with the prev. intermediate value */ a = context->state[0]; @@ -752,7 +754,8 @@ static void ldns_sha512_Transform(ldns_sha512_CTX* context, do { #if BYTE_ORDER == LITTLE_ENDIAN /* Convert TO host byte order */ - REVERSE64(*data++, W512[j]); + memcpy(&aligned, data++, sizeof(aligned)); + REVERSE64(aligned, W512[j]); /* Apply the SHA-512 compression function to update a..h */ T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; #else /* BYTE_ORDER == LITTLE_ENDIAN */ @@ -807,7 +810,8 @@ static void ldns_sha512_Transform(ldns_sha512_CTX* context, /* Clean up */ a = b = c = d = e = f = g = h = T1 = T2 = 0; - (void)a; + (void)a; (void)b; (void)c; (void)d; (void)e; (void)f; (void)g; (void)h; + (void)T1; (void)T2; } #endif /* SHA2_UNROLL_TRANSFORM */ @@ -841,7 +845,7 @@ void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t ADDINC128(context->bitcount, len << 3); /* Clean up: */ usedspace = freespace = 0; - (void)usedspace; + (void)usedspace; (void)freespace; return; } } @@ -859,7 +863,7 @@ void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t } /* Clean up: */ usedspace = freespace = 0; - (void)usedspace; + (void)usedspace; (void)freespace; } static void ldns_sha512_Last(ldns_sha512_CTX* context) { diff --git a/contrib/ldns/str2host.c b/contrib/ldns/str2host.c index 02cbb19dad0..9959a982156 100644 --- a/contrib/ldns/str2host.c +++ b/contrib/ldns/str2host.c @@ -225,6 +225,69 @@ ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr) } } +#ifdef __BYTE_ORDER__ +# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +# define htonll(x) (x) +# define ntohll(x) (x) +# else +# define htonll(x) (((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32)) +# define ntohll(x) (((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32)) +# endif +#else +# define htonll(x) ((1==htonl(1)) ? (x) : ((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32)) +# define ntohll(x) ((1==ntohl(1)) ? (x) : ((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32)) +#endif + +ldns_status +ldns_str2rdf_ipn(ldns_rdf **rd, const char *ipnstr) +{ + char *end; + uint8_t r[sizeof(uint64_t)]; + char left[21], *right; + + if(strlen(ipnstr) > 21) + return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; + errno = 0; /* must set to zero before call, + note race condition on errno */ + if((right = strchr(ipnstr, '.'))) { + uint32_t u32 = strtoul(right + 1, &end, 10); + + if(*end != 0) + return LDNS_STATUS_ERR; + + if(errno == ERANGE) + return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; + + u32 = htonl(u32); + memcpy(r + sizeof(uint32_t), &u32, sizeof(uint32_t)); + memcpy(left, ipnstr, right - ipnstr); + left[right - ipnstr] = 0; + + u32 = strtoul(left, &end, 10); + if(*end != 0) + return LDNS_STATUS_ERR; + + if(errno == ERANGE) + return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; + + u32 = htonl(u32); + memcpy(r, &u32, sizeof(uint32_t)); + } else { + uint64_t u64 = strtoull(ipnstr, &end, 10); + + if(*end != 0) + return LDNS_STATUS_ERR; + + if(u64 == ULLONG_MAX && errno == ERANGE) + return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; + + u64 = htonll(u64); + memcpy(r, &u64, sizeof(uint64_t)); + } + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_IPN, sizeof(r), r); + return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; +} + ldns_status ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr) { @@ -1768,6 +1831,7 @@ ldns_str2rdf_amtrelay(ldns_rdf **rd, const char *str) LDNS_FREE(relay); LDNS_FREE(token); ldns_buffer_free(str_buf); + ldns_rdf_deep_free(relay_rdf); return LDNS_STATUS_INVALID_STR; } @@ -1783,7 +1847,7 @@ ldns_str2rdf_amtrelay(ldns_rdf **rd, const char *str) LDNS_FREE(relay); LDNS_FREE(token); ldns_buffer_free(str_buf); - if (relay_rdf) ldns_rdf_free(relay_rdf); + ldns_rdf_deep_free(relay_rdf); return LDNS_STATUS_MEM_ERR; } @@ -1802,7 +1866,7 @@ ldns_str2rdf_amtrelay(ldns_rdf **rd, const char *str) LDNS_FREE(relay); LDNS_FREE(token); ldns_buffer_free(str_buf); - ldns_rdf_free(relay_rdf); + ldns_rdf_deep_free(relay_rdf); LDNS_FREE(data); if(!*rd) return LDNS_STATUS_MEM_ERR; return LDNS_STATUS_OK; diff --git a/contrib/ldns/util.c b/contrib/ldns/util.c index ab51a991216..a634203e4e1 100644 --- a/contrib/ldns/util.c +++ b/contrib/ldns/util.c @@ -347,6 +347,11 @@ ldns_init_random(FILE *fd, unsigned int size) unsigned int seed_i; struct timeval tv; +#ifdef HAVE_SSL + if(RAND_status() == 1) + /* already seeded */ + return 0; +#endif /* we'll need at least sizeof(unsigned int) bytes for the standard prng seed */ if (size < (unsigned int) sizeof(seed_i)){ diff --git a/contrib/ldns/wire2host.c b/contrib/ldns/wire2host.c index 91d3f1364d7..9c05001493b 100644 --- a/contrib/ldns/wire2host.c +++ b/contrib/ldns/wire2host.c @@ -223,6 +223,8 @@ ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos) break; case LDNS_RDF_TYPE_ILNP64: case LDNS_RDF_TYPE_EUI64: + case LDNS_RDF_TYPE_IPN: + case LDNS_RDF_TYPE_INT64: cur_rdf_length = LDNS_RDF_SIZE_8BYTES; break; case LDNS_RDF_TYPE_AAAA: @@ -230,6 +232,7 @@ ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos) break; case LDNS_RDF_TYPE_STR: case LDNS_RDF_TYPE_NSEC3_SALT: + case LDNS_RDF_TYPE_UNQUOTED: case LDNS_RDF_TYPE_TAG: /* len is stored in first byte * it should be in the rdf too, so just diff --git a/contrib/ldns/zone.c b/contrib/ldns/zone.c index feda2466def..bf65738527c 100644 --- a/contrib/ldns/zone.c +++ b/contrib/ldns/zone.c @@ -347,7 +347,7 @@ ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, ldns_rdf_deep_free(my_prev); } if (newzone) { - ldns_zone_free(newzone); + ldns_zone_deep_free(newzone); } return ret; }