mirror of
https://github.com/monero-project/monero.git
synced 2025-05-22 04:01:15 -04:00
Upgrade unbound library
These files were pulled from the 1.6.3 release tarball. This new version builds against OpenSSL version 1.1 which will be the default in the new Debian Stable which is due to be released RealSoonNow (tm).
This commit is contained in:
Erik de Castro Lopo
parent
e3da0ca828
commit
a85b5759f3
241 changed files with 33336 additions and 12049 deletions
64
external/unbound/validator/val_utils.c
vendored
64
external/unbound/validator/val_utils.c
vendored
|
|
@ -54,6 +54,8 @@
|
|||
#include "util/net_help.h"
|
||||
#include "util/module.h"
|
||||
#include "util/regional.h"
|
||||
#include "sldns/wire2str.h"
|
||||
#include "sldns/parseutil.h"
|
||||
|
||||
enum val_classification
|
||||
val_classify_response(uint16_t query_flags, struct query_info* origqinf,
|
||||
|
|
@ -217,7 +219,7 @@ val_find_signer(enum val_classification subtype, struct query_info* qinf,
|
|||
{
|
||||
size_t i;
|
||||
|
||||
if(subtype == VAL_CLASS_POSITIVE || subtype == VAL_CLASS_ANY) {
|
||||
if(subtype == VAL_CLASS_POSITIVE) {
|
||||
/* check for the answer rrset */
|
||||
for(i=skip; i<rep->an_numrrsets; i++) {
|
||||
if(query_dname_compare(qinf->qname,
|
||||
|
|
@ -269,6 +271,29 @@ val_find_signer(enum val_classification subtype, struct query_info* qinf,
|
|||
signer_name, signer_len, &matchcount);
|
||||
}
|
||||
}
|
||||
} else if(subtype == VAL_CLASS_ANY) {
|
||||
/* check for one of the answer rrset that has signatures,
|
||||
* or potentially a DNAME is in use with a different qname */
|
||||
for(i=skip; i<rep->an_numrrsets; i++) {
|
||||
if(query_dname_compare(qinf->qname,
|
||||
rep->rrsets[i]->rk.dname) == 0) {
|
||||
val_find_rrset_signer(rep->rrsets[i],
|
||||
signer_name, signer_len);
|
||||
if(*signer_name)
|
||||
return;
|
||||
}
|
||||
}
|
||||
/* no answer RRSIGs with qname, try a DNAME */
|
||||
if(skip < rep->an_numrrsets &&
|
||||
ntohs(rep->rrsets[skip]->rk.type) ==
|
||||
LDNS_RR_TYPE_DNAME) {
|
||||
val_find_rrset_signer(rep->rrsets[skip],
|
||||
signer_name, signer_len);
|
||||
if(*signer_name)
|
||||
return;
|
||||
}
|
||||
*signer_name = NULL;
|
||||
*signer_len = 0;
|
||||
} else if(subtype == VAL_CLASS_REFERRAL) {
|
||||
/* find keys for the item at skip */
|
||||
if(skip < rep->rrset_count) {
|
||||
|
|
@ -470,16 +495,21 @@ val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve,
|
|||
return sec_status_bogus;
|
||||
}
|
||||
|
||||
digest_algo = val_favorite_ds_algo(ds_rrset);
|
||||
if(sigalg)
|
||||
if(sigalg) {
|
||||
/* harden against algo downgrade is enabled */
|
||||
digest_algo = val_favorite_ds_algo(ds_rrset);
|
||||
algo_needs_init_ds(&needs, ds_rrset, digest_algo, sigalg);
|
||||
} else {
|
||||
/* accept any key algo, any digest algo */
|
||||
digest_algo = -1;
|
||||
}
|
||||
num = rrset_get_count(ds_rrset);
|
||||
for(i=0; i<num; i++) {
|
||||
/* Check to see if we can understand this DS.
|
||||
* And check it is the strongest digest */
|
||||
if(!ds_digest_algo_is_supported(ds_rrset, i) ||
|
||||
!ds_key_algo_is_supported(ds_rrset, i) ||
|
||||
ds_get_digest_algo(ds_rrset, i) != digest_algo) {
|
||||
(sigalg && (ds_get_digest_algo(ds_rrset, i) != digest_algo))) {
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
@ -691,6 +721,31 @@ val_dsset_isusable(struct ub_packed_rrset_key* ds_rrset)
|
|||
ds_key_algo_is_supported(ds_rrset, i))
|
||||
return 1;
|
||||
}
|
||||
if(verbosity < VERB_ALGO)
|
||||
return 0;
|
||||
if(rrset_get_count(ds_rrset) == 0)
|
||||
verbose(VERB_ALGO, "DS is not usable");
|
||||
else {
|
||||
/* report usability for the first DS RR */
|
||||
sldns_lookup_table *lt;
|
||||
char herr[64], aerr[64];
|
||||
lt = sldns_lookup_by_id(sldns_hashes,
|
||||
(int)ds_get_digest_algo(ds_rrset, i));
|
||||
if(lt) snprintf(herr, sizeof(herr), "%s", lt->name);
|
||||
else snprintf(herr, sizeof(herr), "%d",
|
||||
(int)ds_get_digest_algo(ds_rrset, i));
|
||||
lt = sldns_lookup_by_id(sldns_algorithms,
|
||||
(int)ds_get_key_algo(ds_rrset, i));
|
||||
if(lt) snprintf(aerr, sizeof(aerr), "%s", lt->name);
|
||||
else snprintf(aerr, sizeof(aerr), "%d",
|
||||
(int)ds_get_key_algo(ds_rrset, i));
|
||||
verbose(VERB_ALGO, "DS unsupported, hash %s %s, "
|
||||
"key algorithm %s %s", herr,
|
||||
(ds_digest_algo_is_supported(ds_rrset, 0)?
|
||||
"(supported)":"(unsupported)"), aerr,
|
||||
(ds_key_algo_is_supported(ds_rrset, 0)?
|
||||
"(supported)":"(unsupported)"));
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -1088,6 +1143,7 @@ val_find_DS(struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t c,
|
|||
qinfo.qname_len = nmlen;
|
||||
qinfo.qtype = LDNS_RR_TYPE_DS;
|
||||
qinfo.qclass = c;
|
||||
qinfo.local_alias = NULL;
|
||||
/* do not add SOA to reply message, it is going to be used internal */
|
||||
msg = val_neg_getmsg(env->neg_cache, &qinfo, region, env->rrset_cache,
|
||||
env->scratch_buffer, *env->now, 0, topname);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue