Cross Reference: /freebsd-11.0-release/contrib/unbound/validator/val

Deleted Added

sdiff udiff text old ( 287917 ) new ( 292206 )

full compact

val_nsec3.c (287917)	val_nsec3.c (292206)
1/*	1/*
2 * validator/val_nsec3.c - validator NSEC3 denial of existance functions.	2 * validator/val_nsec3.c - validator NSEC3 denial of existence functions.
3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 22 unchanged lines hidden (view full) --- 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 / 35 36/* 37 * \file 38 * 39 * This file contains helper functions for the validator module. 40 * The functions help with NSEC3 checking, the different NSEC3 proofs	3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 22 unchanged lines hidden (view full) --- 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 / 35 36/* 37 * \file 38 * 39 * This file contains helper functions for the validator module. 40 * The functions help with NSEC3 checking, the different NSEC3 proofs
41 * for denial of existance, and proofs for presence of types.	41 * for denial of existence, and proofs for presence of types.
42 */ 43#include "config.h" 44#include <ctype.h>	42 */ 43#include "config.h" 44#include <ctype.h>
45#ifdef HAVE_OPENSSL_SSL_H 46#include "openssl/ssl.h" 47#endif 48#ifdef HAVE_NSS 49/* nss3 */ 50#include "sechash.h" 51#endif
52#include "validator/val_nsec3.h"	45#include "validator/val_nsec3.h"
	46#include "validator/val_secalgo.h"
53#include "validator/validator.h" 54#include "validator/val_kentry.h" 55#include "services/cache/rrset.h" 56#include "util/regional.h" 57#include "util/rbtree.h" 58#include "util/module.h" 59#include "util/net_help.h" 60#include "util/data/packed_rrset.h" --- 304 unchanged lines hidden (view full) --- 365 } 366 } 367 return NULL; 368} 369 370/** 371 * Start iterating over NSEC3 records. 372 * @param filter: the filter structure, must have been filter_init-ed.	47#include "validator/validator.h" 48#include "validator/val_kentry.h" 49#include "services/cache/rrset.h" 50#include "util/regional.h" 51#include "util/rbtree.h" 52#include "util/module.h" 53#include "util/net_help.h" 54#include "util/data/packed_rrset.h" --- 304 unchanged lines hidden (view full) --- 359 } 360 } 361 return NULL; 362} 363 364/** 365 * Start iterating over NSEC3 records. 366 * @param filter: the filter structure, must have been filter_init-ed.
373 * @param rrsetnum: can be undefined on call, inited. 374 * @param rrnum: can be undefined on call, inited.	367 * @param rrsetnum: can be undefined on call, initialised. 368 * @param rrnum: can be undefined on call, initialised.
375 * @return first rrset of an NSEC3, together with rrnum this points to 376 * the first RR to examine. Is NULL on empty list. 377 / 378static struct ub_packed_rrset_key 379filter_first(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum) 380{ 381 rrsetnum = 0; 382* rrnum = -1; --- 157 unchanged lines hidden* (view full) --- 540{ 541 size_t i, hash_len; 542 /* prepare buffer for first iteration / 543* sldns_buffer_clear(buf); 544 sldns_buffer_write(buf, nm, nmlen); 545 query_dname_tolower(sldns_buffer_begin(buf)); 546 sldns_buffer_write(buf, salt, saltlen); 547 sldns_buffer_flip(buf);	369 * @return first rrset of an NSEC3, together with rrnum this points to 370 * the first RR to examine. Is NULL on empty list. 371 / 372static struct ub_packed_rrset_key 373filter_first(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum) 374{ 375 rrsetnum = 0; 376* rrnum = -1; --- 157 unchanged lines hidden* (view full) --- 534{ 535 size_t i, hash_len; 536 /* prepare buffer for first iteration / 537* sldns_buffer_clear(buf); 538 sldns_buffer_write(buf, nm, nmlen); 539 query_dname_tolower(sldns_buffer_begin(buf)); 540 sldns_buffer_write(buf, salt, saltlen); 541 sldns_buffer_flip(buf);
548 switch(algo) { 549#if defined(HAVE_EVP_SHA1) \|\| defined(HAVE_NSS) 550 case NSEC3_HASH_SHA1: 551#ifdef HAVE_SSL 552 hash_len = SHA_DIGEST_LENGTH; 553#else 554 hash_len = SHA1_LENGTH; 555#endif 556 if(hash_len > max) 557 return 0; 558# ifdef HAVE_SSL 559 (void)SHA1((unsigned char)sldns_buffer_begin(buf), 560* (unsigned long)sldns_buffer_limit(buf), 561 (unsigned char)res); 562# else 563* (void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char)res, 564* (unsigned char)sldns_buffer_begin(buf), 565* (unsigned long)sldns_buffer_limit(buf)); 566# endif 567 for(i=0; i<iter; i++) { 568 sldns_buffer_clear(buf); 569 sldns_buffer_write(buf, res, hash_len); 570 sldns_buffer_write(buf, salt, saltlen); 571 sldns_buffer_flip(buf); 572# ifdef HAVE_SSL 573 (void)SHA1( 574 (unsigned char)sldns_buffer_begin(buf), 575* (unsigned long)sldns_buffer_limit(buf), 576 (unsigned char)res); 577# else 578* (void)HASH_HashBuf(HASH_AlgSHA1, 579 (unsigned char)res, 580* (unsigned char)sldns_buffer_begin(buf), 581* (unsigned long)sldns_buffer_limit(buf)); 582# endif 583 } 584 break; 585#endif /* HAVE_EVP_SHA1 or NSS / 586* default: 587 log_err("nsec3 hash of unknown algo %d", algo);	542 hash_len = nsec3_hash_algo_size_supported(algo); 543 if(hash_len == 0) { 544 log_err("nsec3 hash of unknown algo %d", algo); 545 return 0; 546 } 547 if(hash_len > max) 548 return 0; 549 if(!secalgo_nsec3_hash(algo, (unsigned char)sldns_buffer_begin(buf), 550* sldns_buffer_limit(buf), (unsigned char)res)) 551* return 0; 552 for(i=0; i<iter; i++) { 553 sldns_buffer_clear(buf); 554 sldns_buffer_write(buf, res, hash_len); 555 sldns_buffer_write(buf, salt, saltlen); 556 sldns_buffer_flip(buf); 557 if(!secalgo_nsec3_hash(algo, 558 (unsigned char)sldns_buffer_begin(buf), 559* sldns_buffer_limit(buf), (unsigned char*)res))
588 return 0; 589 } 590 return hash_len; 591} 592 593/** perform hash of name / 594static int 595nsec3_calc_hash(struct regional region, sldns_buffer* buf, --- 6 unchanged lines hidden (view full) --- 602 if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen)) 603 return -1; 604 /* prepare buffer for first iteration / 605* sldns_buffer_clear(buf); 606 sldns_buffer_write(buf, c->dname, c->dname_len); 607 query_dname_tolower(sldns_buffer_begin(buf)); 608 sldns_buffer_write(buf, salt, saltlen); 609 sldns_buffer_flip(buf);	560 return 0; 561 } 562 return hash_len; 563} 564 565/** perform hash of name / 566static int 567nsec3_calc_hash(struct regional region, sldns_buffer* buf, --- 6 unchanged lines hidden (view full) --- 574 if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen)) 575 return -1; 576 /* prepare buffer for first iteration / 577* sldns_buffer_clear(buf); 578 sldns_buffer_write(buf, c->dname, c->dname_len); 579 query_dname_tolower(sldns_buffer_begin(buf)); 580 sldns_buffer_write(buf, salt, saltlen); 581 sldns_buffer_flip(buf);
610 switch(algo) { 611#if defined(HAVE_EVP_SHA1) \|\| defined(HAVE_NSS) 612 case NSEC3_HASH_SHA1: 613#ifdef HAVE_SSL 614 c->hash_len = SHA_DIGEST_LENGTH; 615#else 616 c->hash_len = SHA1_LENGTH; 617#endif 618 c->hash = (uint8_t)regional_alloc(region, 619* c->hash_len); 620 if(!c->hash) 621 return 0; 622# ifdef HAVE_SSL 623 (void)SHA1((unsigned char)sldns_buffer_begin(buf), 624* (unsigned long)sldns_buffer_limit(buf), 625 (unsigned char)c->hash); 626# else 627* (void)HASH_HashBuf(HASH_AlgSHA1, 628 (unsigned char)c->hash, 629* (unsigned char)sldns_buffer_begin(buf), 630* (unsigned long)sldns_buffer_limit(buf)); 631# endif 632 for(i=0; i<iter; i++) { 633 sldns_buffer_clear(buf); 634 sldns_buffer_write(buf, c->hash, c->hash_len); 635 sldns_buffer_write(buf, salt, saltlen); 636 sldns_buffer_flip(buf); 637# ifdef HAVE_SSL 638 (void)SHA1( 639 (unsigned char)sldns_buffer_begin(buf), 640* (unsigned long)sldns_buffer_limit(buf), 641 (unsigned char)c->hash); 642# else 643* (void)HASH_HashBuf(HASH_AlgSHA1, 644 (unsigned char)c->hash, 645* (unsigned char)sldns_buffer_begin(buf), 646* (unsigned long)sldns_buffer_limit(buf)); 647# endif 648 } 649 break; 650#endif /* HAVE_EVP_SHA1 or NSS / 651* default: 652 log_err("nsec3 hash of unknown algo %d", algo); 653 return -1;	582 c->hash_len = nsec3_hash_algo_size_supported(algo); 583 if(c->hash_len == 0) { 584 log_err("nsec3 hash of unknown algo %d", algo); 585 return -1;
654 }	586 }
	587 c->hash = (uint8_t)regional_alloc(region, c->hash_len); 588* if(!c->hash) 589 return 0; 590 (void)secalgo_nsec3_hash(algo, (unsigned char)sldns_buffer_begin(buf), 591* sldns_buffer_limit(buf), (unsigned char)c->hash); 592* for(i=0; i<iter; i++) { 593 sldns_buffer_clear(buf); 594 sldns_buffer_write(buf, c->hash, c->hash_len); 595 sldns_buffer_write(buf, salt, saltlen); 596 sldns_buffer_flip(buf); 597 (void)secalgo_nsec3_hash(algo, 598 (unsigned char)sldns_buffer_begin(buf), 599* sldns_buffer_limit(buf), (unsigned char)c->hash); 600* }
655 return 1; 656} 657 658/** perform b32 encoding of hash / 659static int 660nsec3_calc_b32(struct regional region, sldns_buffer* buf, 661 struct nsec3_cached_hash* c) 662{ --- 826 unchanged lines hidden ---	601 return 1; 602} 603 604/** perform b32 encoding of hash / 605static int 606nsec3_calc_b32(struct regional region, sldns_buffer* buf, 607 struct nsec3_cached_hash* c) 608{ --- 826 unchanged lines hidden ---