Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/external/mpl/bind/dist/bin/dnssec/dnssec-cds.c,v rcsdiff: /ftp/cvs/cvsroot/src/external/mpl/bind/dist/bin/dnssec/dnssec-cds.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.1.1.1 retrieving revision 1.1.1.2 diff -u -p -r1.1.1.1 -r1.1.1.2 --- src/external/mpl/bind/dist/bin/dnssec/dnssec-cds.c 2018/08/12 12:07:21 1.1.1.1 +++ src/external/mpl/bind/dist/bin/dnssec/dnssec-cds.c 2019/01/09 16:48:17 1.1.1.2 @@ -1,4 +1,4 @@ -/* $NetBSD: dnssec-cds.c,v 1.1.1.1 2018/08/12 12:07:21 christos Exp $ */ +/* $NetBSD: dnssec-cds.c,v 1.1.1.2 2019/01/09 16:48:17 christos Exp $ */ /* * Copyright (C) Internet Systems Consortium, Inc. ("ISC") @@ -21,11 +21,12 @@ #include #include +#include +#include #include #include #include -#include #include #include #include @@ -56,14 +57,14 @@ #include -#ifdef PKCS11CRYPTO +#if USE_PKCS11 #include #endif #include "dnssectool.h" #ifndef PATH_MAX -#define PATH_MAX 1024 /* AIX, WIN32, and others don't define this. */ +#define PATH_MAX 1024 /* WIN32, and others don't define this. */ #endif const char *program = "dnssec-cds"; @@ -74,7 +75,6 @@ int verbose; */ static isc_log_t *lctx = NULL; static isc_mem_t *mctx = NULL; -static isc_entropy_t *ectx = NULL; /* * The domain we are working on @@ -88,7 +88,7 @@ static dns_rdataclass_t rdclass = dns_rd * List of digest types used by ds_from_cdnskey(), filled in by add_dtype() * from -a arguments. The size of the array is an arbitrary limit. */ -static isc_uint8_t dtype[8]; +static uint8_t dtype[8]; static const char *startstr = NULL; /* from which we derive notbefore */ static isc_stdtime_t notbefore = 0; /* restrict sig inception times */ @@ -131,7 +131,7 @@ static int nkey; /* number of child zone typedef struct keyinfo { dns_rdata_t rdata; dst_key_t *dst; - isc_uint8_t algo; + uint8_t algo; dns_keytag_t tag; } keyinfo_t; @@ -165,8 +165,8 @@ verbose_time(int level, const char *msg, if (verbose < 3) { vbprintf(level, "%s %s\n", msg, timestr); } else { - vbprintf(level, "%s %s (%lld)\n", - msg, timestr, (long long)time); + vbprintf(level, "%s %s (%" PRIu32 ")\n", + msg, timestr, time); } } @@ -255,14 +255,14 @@ load_db(const char *filename, dns_db_t * rdclass, 0, NULL, dbp); check_result(result, "dns_db_create()"); - result = dns_db_load3(*dbp, filename, - dns_masterformat_text, DNS_MASTER_HINT); + result = dns_db_load(*dbp, filename, + dns_masterformat_text, DNS_MASTER_HINT); if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) { fatal("can't load %s: %s", filename, isc_result_totext(result)); } - result = dns_db_findnode(*dbp, name, ISC_FALSE, nodep); + result = dns_db_findnode(*dbp, name, false, nodep); if (result != ISC_R_SUCCESS) { fatal("can't find %s node in %s", namestr, filename); } @@ -316,7 +316,7 @@ get_dsset_name(char *filename, size_t si } isc_buffer_putstr(&buf, prefix); - result = dns_name_tofilenametext(name, ISC_FALSE, &buf); + result = dns_name_tofilenametext(name, false, &buf); check_result(result, "dns_name_tofilenametext()"); if (isc_buffer_availablelength(&buf) == 0) { fatal("%s: pathname too long", path); @@ -380,9 +380,9 @@ formatset(dns_rdataset_t *rdataset) { * which just separates fields with spaces. The huge tab stop width * eliminates any tab characters. */ - result = dns_master_stylecreate2(&style, styleflags, - 0, 0, 0, 0, 0, 1000000, 0, - mctx); + result = dns_master_stylecreate(&style, styleflags, + 0, 0, 0, 0, 0, 1000000, 0, + mctx); check_result(result, "dns_master_stylecreate2 failed"); result = isc_buffer_allocate(mctx, &buf, MAX_CDS_RDATA_TEXT_SIZE); @@ -404,7 +404,7 @@ formatset(dns_rdataset_t *rdataset) { static void write_parent_set(const char *path, const char *inplace, - isc_boolean_t nsupdate, dns_rdataset_t *rdataset) + bool nsupdate, dns_rdataset_t *rdataset) { isc_result_t result; isc_buffer_t *buf = NULL; @@ -471,7 +471,7 @@ typedef enum { LOOSE, TIGHT } strictness /* * Find out if any (C)DS record matches a particular (C)DNSKEY. */ -static isc_boolean_t +static bool match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness) { isc_result_t result; @@ -485,7 +485,7 @@ match_key_dsset(keyinfo_t *ki, dns_rdata dns_rdata_t dsrdata = DNS_RDATA_INIT; dns_rdata_t newdsrdata = DNS_RDATA_INIT; dns_rdatatype_t keytype; - isc_boolean_t c; + bool c; dns_rdataset_current(dsset, &dsrdata); result = dns_rdata_tostruct(&dsrdata, &ds, NULL); @@ -515,13 +515,13 @@ match_key_dsset(keyinfo_t *ki, dns_rdata vbprintf(1, "found matching %s %d %d %d\n", c ? "CDS" : "DS", ds.key_tag, ds.algorithm, ds.digest_type); - return (ISC_TRUE); + return (true); } else if (strictness == TIGHT) { vbprintf(0, "key does not match %s %d %d %d " "when it looks like it should\n", c ? "CDS" : "DS", ds.key_tag, ds.algorithm, ds.digest_type); - return (ISC_FALSE); + return (false); } } @@ -532,7 +532,7 @@ match_key_dsset(keyinfo_t *ki, dns_rdata ? "CDNSKEY" : "DNSKEY", ki->tag, ki->algo); - return (ISC_FALSE); + return (false); } /* @@ -621,12 +621,12 @@ free_keytable(keyinfo_t **keytable_p) { * otherwise the key algorithm. This is used by the signature coverage * check functions below. */ -static isc_uint8_t * +static uint8_t * matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset, dns_rdataset_t *sigset) { isc_result_t result; - isc_uint8_t *algo; + uint8_t *algo; int i; algo = isc_mem_get(mctx, nkey); @@ -672,8 +672,11 @@ matching_sigs(keyinfo_t *keytbl, dns_rda } result = dns_dnssec_verify(name, rdataset, ki->dst, - ISC_FALSE, mctx, &sigrdata); - if (result != ISC_R_SUCCESS) { + false, 0, mctx, + &sigrdata, NULL); + + if (result != ISC_R_SUCCESS && + result != DNS_R_FROMWILDCARD) { vbprintf(1, "skip RRSIG by key %d:" " verification failed: %s\n", sig.keyid, isc_result_totext(result)); @@ -705,13 +708,13 @@ matching_sigs(keyinfo_t *keytbl, dns_rda * Consume the result of matching_sigs(). When checking records * fetched from the child zone, any working signature is enough. */ -static isc_boolean_t -signed_loose(isc_uint8_t *algo) { - isc_boolean_t ok = ISC_FALSE; +static bool +signed_loose(uint8_t *algo) { + bool ok = false; int i; for (i = 0; i < nkey; i++) { if (algo[i] != 0) { - ok = ISC_TRUE; + ok = true; } } isc_mem_put(mctx, algo, nkey); @@ -724,10 +727,10 @@ signed_loose(isc_uint8_t *algo) { * key algorithm in the DS RRset must have a signature in the DNSKEY * RRset. */ -static isc_boolean_t -signed_strict(dns_rdataset_t *dsset, isc_uint8_t *algo) { +static bool +signed_strict(dns_rdataset_t *dsset, uint8_t *algo) { isc_result_t result; - isc_boolean_t all_ok = ISC_TRUE; + bool all_ok = true; for (result = dns_rdataset_first(dsset); result == ISC_R_SUCCESS; @@ -735,23 +738,23 @@ signed_strict(dns_rdataset_t *dsset, isc { dns_rdata_t dsrdata = DNS_RDATA_INIT; dns_rdata_ds_t ds; - isc_boolean_t ds_ok; + bool ds_ok; int i; dns_rdataset_current(dsset, &dsrdata); result = dns_rdata_tostruct(&dsrdata, &ds, NULL); check_result(result, "dns_rdata_tostruct(DS)"); - ds_ok = ISC_FALSE; + ds_ok = false; for (i = 0; i < nkey; i++) { if (algo[i] == ds.algorithm) { - ds_ok = ISC_TRUE; + ds_ok = true; } } if (!ds_ok) { vbprintf(0, "missing signature for algorithm %d " "(key %d)\n", ds.algorithm, ds.key_tag); - all_ok = ISC_FALSE; + all_ok = false; } } @@ -849,14 +852,14 @@ ds_from_cdnskey(dns_rdatalist_t *dslist, */ static int cmp_dtype(const void *ap, const void *bp) { - int a = *(const isc_uint8_t *)ap; - int b = *(const isc_uint8_t *)bp; + int a = *(const uint8_t *)ap; + int b = *(const uint8_t *)bp; return (a - b); } static void add_dtype(const char *dn) { - isc_uint8_t dt; + uint8_t dt; unsigned i, n; dt = strtodsdigest(dn); @@ -873,7 +876,7 @@ add_dtype(const char *dn) { static void make_new_ds_set(ds_maker_func_t *ds_from_rdata, - isc_uint32_t ttl, dns_rdataset_t *rdset) + uint32_t ttl, dns_rdataset_t *rdset) { unsigned int size = 16; for (;;) { @@ -935,14 +938,14 @@ rdata_cmp(const void *rdata1, const void * Ensure that every key identified by the DS RRset has the same set of * digest types. */ -static isc_boolean_t +static bool consistent_digests(dns_rdataset_t *dsset) { isc_result_t result; dns_rdata_t *arrdata; dns_rdata_ds_t *ds; dns_keytag_t key_tag; - isc_uint8_t algorithm; - isc_boolean_t match; + uint8_t algorithm; + bool match; int i, j, n, d; /* @@ -996,7 +999,7 @@ consistent_digests(dns_rdataset_t *dsset /* * Check subsequent keys match the first one */ - match = ISC_TRUE; + match = true; while (i < n) { key_tag = ds[i].key_tag; algorithm = ds[i].algorithm; @@ -1005,7 +1008,7 @@ consistent_digests(dns_rdataset_t *dsset ds[i+j].algorithm != algorithm || ds[i+j].digest_type != ds[j].digest_type) { - match = ISC_FALSE; + match = false; } } i += d; @@ -1040,7 +1043,7 @@ print_diff(const char *cmd, dns_rdataset } static void -update_diff(const char *cmd, isc_uint32_t ttl, +update_diff(const char *cmd, uint32_t ttl, dns_rdataset_t *addset, dns_rdataset_t *delset) { isc_result_t result; @@ -1048,7 +1051,7 @@ update_diff(const char *cmd, isc_uint32_ dns_dbnode_t *node; dns_dbversion_t *ver; dns_rdataset_t diffset; - isc_uint32_t save; + uint32_t save; db = NULL; result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, @@ -1060,7 +1063,7 @@ update_diff(const char *cmd, isc_uint32_ check_result(result, "dns_db_newversion()"); node = NULL; - result = dns_db_findnode(db, name, ISC_TRUE, &node); + result = dns_db_findnode(db, name, true, &node); check_result(result, "dns_db_findnode()"); dns_rdataset_init(&diffset); @@ -1084,12 +1087,12 @@ update_diff(const char *cmd, isc_uint32_ } dns_db_detachnode(db, &node); - dns_db_closeversion(db, &ver, ISC_FALSE); + dns_db_closeversion(db, &ver, false); dns_db_detach(&db); } static void -nsdiff(isc_uint32_t ttl, dns_rdataset_t *oldset, dns_rdataset_t *newset) { +nsdiff(uint32_t ttl, dns_rdataset_t *oldset, dns_rdataset_t *newset) { if (ttl == 0) { vbprintf(1, "warning: no TTL in nsupdate script\n"); } @@ -1116,7 +1119,7 @@ usage(void) { program); fprintf(stderr, "Version: %s\n", VERSION); fprintf(stderr, "Options:\n" -" -a digest algorithm (SHA-1 / SHA-256 / GOST / SHA-384)\n" +" -a digest algorithm (SHA-1 / SHA-256 / SHA-384)\n" " -c of domain (default IN)\n" " -D prefer CDNSKEY records instead of CDS\n" " -d where to find parent dsset- file\n" @@ -1137,9 +1140,9 @@ main(int argc, char *argv[]) { const char *ds_path = NULL; const char *inplace = NULL; isc_result_t result; - isc_boolean_t prefer_cdnskey = ISC_FALSE; - isc_boolean_t nsupdate = ISC_FALSE; - isc_uint32_t ttl = 0; + bool prefer_cdnskey = false; + bool nsupdate = false; + uint32_t ttl = 0; int ch; char *endp; @@ -1148,12 +1151,12 @@ main(int argc, char *argv[]) { fatal("out of memory"); } -#ifdef PKCS11CRYPTO +#if USE_PKCS11 pk11_result_register(); #endif dns_result_register(); - isc_commandline_errprint = ISC_FALSE; + isc_commandline_errprint = false; #define OPTIONS "a:c:Dd:f:i:ms:T:uv:V" while ((ch = isc_commandline_parse(argc, argv, OPTIONS)) != -1) { @@ -1165,7 +1168,7 @@ main(int argc, char *argv[]) { rdclass = strtoclass(isc_commandline_argument); break; case 'D': - prefer_cdnskey = ISC_TRUE; + prefer_cdnskey = true; break; case 'd': ds_path = isc_commandline_argument; @@ -1198,7 +1201,7 @@ main(int argc, char *argv[]) { ttl = strtottl(isc_commandline_argument); break; case 'u': - nsupdate = ISC_TRUE; + nsupdate = true; break; case 'V': /* Does not return. */ @@ -1232,20 +1235,11 @@ main(int argc, char *argv[]) { setup_logging(mctx, &lctx); - if (ectx == NULL) { - setup_entropy(mctx, NULL, &ectx); - } - result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); - if (result != ISC_R_SUCCESS) { - fatal("could not initialize hash"); - } - result = dst_lib_init(mctx, ectx, - ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY); + result = dst_lib_init(mctx, NULL); if (result != ISC_R_SUCCESS) { fatal("could not initialize dst: %s", isc_result_totext(result)); } - isc_entropy_stopcallbacksources(ectx); if (ds_path == NULL) { fatal("missing -d DS pathname"); @@ -1395,8 +1389,6 @@ main(int argc, char *argv[]) { free_all_sets(); cleanup_logging(&lctx); dst_lib_destroy(); - isc_hash_destroy(); - cleanup_entropy(&ectx); if (verbose > 10) { isc_mem_stats(mctx, stdout); }