]> git.ipfire.org Git - thirdparty/bind9.git/log
thirdparty/bind9.git
3 years agoCleanup the last Windows / MSC ifdefs and comments
Ondřej Surý [Thu, 30 Mar 2023 15:35:00 +0000 (17:35 +0200)] 
Cleanup the last Windows / MSC ifdefs and comments

Cleanup the remnants of MS Compiler bits from <isc/refcount.h>, printing
the information in named/main.c, and cleanup some comments about Windows
that no longer apply.

The bits in picohttpparser.{h,c} were left out, because it's not our
code.

3 years agoMerge branch '3915-check-dig-output-for-errors' into 'main'
Tom Krizek [Mon, 3 Apr 2023 08:50:01 +0000 (08:50 +0000)] 
Merge branch '3915-check-dig-output-for-errors' into 'main'

Find errors in dig output in system tests

Closes #3915

See merge request isc-projects/bind9!7679

3 years agoFind errors in dig output in system tests
Tom Krizek [Mon, 13 Mar 2023 12:36:24 +0000 (13:36 +0100)] 
Find errors in dig output in system tests

Facilitate faster system test failure identification and debugging by
checking any dig outputs for errors, which are typically indicative of
CI runner network / load issues.

3 years agoMerge branch 'mnowak/fix-fips-in-tests' into 'main'
Mark Andrews [Mon, 3 Apr 2023 04:30:43 +0000 (04:30 +0000)] 
Merge branch 'mnowak/fix-fips-in-tests' into 'main'

FIPS fixes and enhancements

See merge request isc-projects/bind9!4281

3 years agoDisable leak detection in FIPS mode
Mark Andrews [Wed, 22 Mar 2023 01:43:49 +0000 (12:43 +1100)] 
Disable leak detection in FIPS mode

3 years agoHandle MD5 not being supported by lib crypto
Mark Andrews [Wed, 22 Mar 2023 00:14:11 +0000 (11:14 +1100)] 
Handle MD5 not being supported by lib crypto

When initialising the message digests in lib/isc/md.c no
longer assume that the initialisation cannot fail.

3 years agoforward: Check if TLS is working in FIPS mode
Mark Andrews [Wed, 22 Mar 2023 00:02:02 +0000 (11:02 +1100)] 
forward: Check if TLS is working in FIPS mode

Skip test that depend on TLS working in FIPS mode

3 years agoDon't check for OPENSSL_cleanup failures by default
Mark Andrews [Tue, 21 Mar 2023 03:29:46 +0000 (14:29 +1100)] 
Don't check for OPENSSL_cleanup failures by default

OPENSSL_cleanup is supposed to free all remaining memory in use
provided the application has cleaned up properly.  This is not the
case on some operating systems.  Silently ignore memory that is
freed after OPENSSL_cleanup has been called.

3 years agoTest whether the crypto library supports the HMAC algorithm
Mark Andrews [Fri, 24 Feb 2023 01:59:18 +0000 (12:59 +1100)] 
Test whether the crypto library supports the HMAC algorithm

When initialising HMAC support check that the crypto library
supports the algorithm rather than just assuming it is supported.

3 years agomake feature-test --md5 --with-fips aware
Mark Andrews [Fri, 24 Feb 2023 01:21:04 +0000 (12:21 +1100)] 
make feature-test --md5 --with-fips aware

3 years agoCleanup on error paths
Mark Andrews [Mon, 30 Jan 2023 01:55:59 +0000 (12:55 +1100)] 
Cleanup on error paths

Rather that call 'exit' cleanup on error paths as that allows OpenSSL
to cleanup properly in its exit handlers.

3 years agoHandle fatal and FIPS provider interactions
Mark Andrews [Fri, 27 Jan 2023 05:52:59 +0000 (16:52 +1100)] 
Handle fatal and FIPS provider interactions

When fatal is called we may be holding memory allocated by OpenSSL.
This may result in the reference count for the FIPS provider not
going to zero and the shared library not being unloaded during
OPENSSL_cleanup.  When the shared library is ultimately unloaded,
when all remaining dynamically loaded libraries are freed, we have
already destroyed the memory context we where using to track memory
leaks / late frees resulting in INSIST being called.

Disable triggering the INSIST when fatal has being called.

3 years agoget_algorithms.py: use FIPS compatible bit size
Mark Andrews [Thu, 12 Jan 2023 22:48:53 +0000 (09:48 +1100)] 
get_algorithms.py: use FIPS compatible bit size

The minimum RSA key size that can be used in FIPS mode is 2048 bits.

3 years agonsupdate: tls does not work in FIPS mode prior to OpenSSL 3.0.0
Mark Andrews [Tue, 27 Sep 2022 07:34:41 +0000 (17:34 +1000)] 
nsupdate: tls does not work in FIPS mode prior to OpenSSL 3.0.0

3 years agocheck that 'dnssec-signzone -F' fails for rsasha1
Mark Andrews [Sat, 3 Sep 2022 05:31:40 +0000 (15:31 +1000)] 
check that 'dnssec-signzone -F' fails for rsasha1

3 years agowildcard: Require hypothesis 4.41.2 or greater for FIPS compliance
Mark Andrews [Tue, 21 Dec 2021 22:01:54 +0000 (09:01 +1100)] 
wildcard: Require hypothesis 4.41.2 or greater for FIPS compliance

hypothesis prior to 4.41.2 uses hashlib.md5 which is not FIPS
compliant causing the wildcard system test to fail.  Check if
we are running if FIPS mode and if so make the minimum version
of hypothesis we will accept to be 4.41.2.

3 years agoupforwd: use FIPS compatible key size
Mark Andrews [Mon, 20 Dec 2021 07:50:21 +0000 (18:50 +1100)] 
upforwd: use FIPS compatible key size

Don't override the default key size.

3 years agotsiggss: regenerate kerberos credentials
Mark Andrews [Wed, 17 Aug 2022 01:13:41 +0000 (11:13 +1000)] 
tsiggss: regenerate kerberos credentials

The existing set of kerberos credential used deprecated algorithms
which are not supported by some implementations in FIPS mode.
Regenerate the saved credentials using more modern algorithms.

Added tsiggss/krb/setup.sh which sets up a test KDC with the required
principals for the system test to work.  The tsiggss system test
needs to be run once with this active and KRB5_CONFIG appropriately.
set.  See tsiggss/tests.sh for an example of how to do this.

3 years agotsiggss: skip test in FIPS mode when DH is broken
Mark Andrews [Thu, 23 Dec 2021 05:12:28 +0000 (16:12 +1100)] 
tsiggss: skip test in FIPS mode when DH is broken

'tsiggss' depends on a working DH implementation.  This is not
properly supported in all FIPS implementations.

3 years agotsig: only use FIPS compatible HMAC in FIPS mode
Mark Andrews [Mon, 20 Dec 2021 06:12:53 +0000 (17:12 +1100)] 
tsig: only use FIPS compatible HMAC in FIPS mode

HMACMD5 is not permitted in FIPS mode.  Only test HMACMD5 when not
in FIPS mode.

3 years agotkey: skip TKEY system test in FIPS mode
Mark Andrews [Tue, 21 Dec 2021 02:34:39 +0000 (13:34 +1100)] 
tkey: skip TKEY system test in FIPS mode

TKEY uses MD5 which is incompatible with FIPS.

3 years agorndc: don't test hmac-md5 in FIPS mode
Mark Andrews [Tue, 21 Dec 2021 00:04:04 +0000 (11:04 +1100)] 
rndc: don't test hmac-md5 in FIPS mode

HMACMD5 is not permitted in FIPS mode.  Only test HMACMD5 when not
in FIPS mode.

3 years agonsupdate: use FIPS compatible algorithms
Mark Andrews [Mon, 20 Dec 2021 08:28:36 +0000 (19:28 +1100)] 
nsupdate: use FIPS compatible algorithms

HMACMD5 is not permitted in FIPS mode, use HMACSHA256 instead.

3 years agonsec3: use fips configuration if rsasha1 is not supported
Mark Andrews [Thu, 25 Aug 2022 04:14:42 +0000 (14:14 +1000)] 
nsec3: use fips configuration if rsasha1 is not supported

3 years agonsec3: skip tests that depend on RSASHA1 in FIPS mode
Mark Andrews [Thu, 25 Aug 2022 01:05:40 +0000 (11:05 +1000)] 
nsec3: skip tests that depend on RSASHA1 in FIPS mode

3 years agodoth: skip 'doth' test if FIPS mode when DH is broken
Mark Andrews [Tue, 4 Jan 2022 02:12:49 +0000 (13:12 +1100)] 
doth: skip 'doth' test if FIPS mode when DH is broken

'doth' depends on a working DH implementation.

3 years agodnssec: check that dnssec-signzone -F work with allowed algorithm
Mark Andrews [Fri, 26 Aug 2022 09:39:51 +0000 (19:39 +1000)] 
dnssec: check that dnssec-signzone -F work with allowed algorithm

3 years agodnssec: test dnssec-keygen -F switches to FIPS mode
Mark Andrews [Fri, 26 Aug 2022 02:24:30 +0000 (12:24 +1000)] 
dnssec: test dnssec-keygen -F switches to FIPS mode

3 years agodnssec: check if RSASHA1 is supported by the OS
Mark Andrews [Wed, 20 Jul 2022 05:42:30 +0000 (15:42 +1000)] 
dnssec: check if RSASHA1 is supported by the OS

If not skip RSASHA1 based system tests which are supposed to succeed
even in FIPS mode.

3 years agodnssec: Check validation with short RSA key size FIPS mode
Mark Andrews [Tue, 11 Jan 2022 07:44:23 +0000 (18:44 +1100)] 
dnssec: Check validation with short RSA key size FIPS mode

use a pregenerated zone signed with RSASHA1 keys at 1024 bits.

3 years agodnssec: Check that RSASHA1 still validates in FIPS mode
Mark Andrews [Tue, 4 Jan 2022 07:28:38 +0000 (18:28 +1100)] 
dnssec: Check that RSASHA1 still validates in FIPS mode

Add a pregenerated RSASHA1 signed zone and verify that
answers still validate.

3 years agodnssec: use FIPS compatible algorithms and key sizes
Mark Andrews [Tue, 21 Dec 2021 07:33:02 +0000 (18:33 +1100)] 
dnssec: use FIPS compatible algorithms and key sizes

RSASHA1 is verify only in FIPS mode.  Use RSASHA256 instead with
key of at least 2048 bits (minimum RSA FIPS size).

3 years agoOnly pass OPENSSL_CONF in the environment if it set
Mark Andrews [Thu, 10 Feb 2022 22:11:08 +0000 (09:11 +1100)] 
Only pass OPENSSL_CONF in the environment if it set

OPENSSL_CONF="" is treated differently to no OPENSSL_CONF in
the environment by OpenSSL.  OPENSSL_CONF="" lead to crypto
failure being reported in FIPS mode.

3 years agoAllow named-checkconf to selectively check dnssec-policy algorithms
Mark Andrews [Thu, 25 Aug 2022 06:47:34 +0000 (16:47 +1000)] 
Allow named-checkconf to selectively check dnssec-policy algorithms

There are times where you want named-checkconf to check whether the
dnssec-policies should be constrained by the cryptographic algorithms
supported by the operation system or to just accept all possible
algorithms.  This provides a mechanism to make that selection.

3 years agodnssec-signzone can now enable FIPS mode from the commandline
Mark Andrews [Thu, 25 Aug 2022 08:44:41 +0000 (18:44 +1000)] 
dnssec-signzone can now enable FIPS mode from the commandline

'dnssec-signzone -F' will now enable FIPS mode if supported
by the crypto provider and not already enabled.

3 years agodnssec-keygen: enable FIPS from the command line
Mark Andrews [Thu, 25 Aug 2022 08:33:29 +0000 (18:33 +1000)] 
dnssec-keygen: enable FIPS from the command line

'dnssec-keygen -F' will now turn on FIPS mode if supported by
the crypto provider and is not already enabled.

3 years agonamed-checkconf needs to know if named will be running in FIPS mode
Mark Andrews [Mon, 11 Jul 2022 23:09:57 +0000 (09:09 +1000)] 
named-checkconf needs to know if named will be running in FIPS mode

Call dst_lib_init to set FIPS mode if it was turned on at configure
time.

Check that named-checkconf report that dnssec policies that wont
work in FIPS mode are reported if named would be running in FIPS
mode.

3 years agoAdd --fips-provider to feature-test
Mark Andrews [Fri, 26 Aug 2022 01:52:57 +0000 (11:52 +1000)] 
Add --fips-provider to feature-test

Check that an FIPS provider is available.  This only works with
OpenSSL 3

3 years agoAdd --rsasha1 to feature-test
Mark Andrews [Wed, 20 Jul 2022 05:42:30 +0000 (15:42 +1000)] 
Add --rsasha1 to feature-test

3 years agoAdd --have-fips-dh to feature-test
Mark Andrews [Thu, 23 Dec 2021 03:55:50 +0000 (14:55 +1100)] 
Add --have-fips-dh to feature-test

Diffie-Hellman key echange doesn't appear to work in FIPS mode for
OpenSSL 1.x.x.  Add feature test (--have-fips-dh) to identify builds
where DH key exchanges work (non FIPS builds and OpenSSL 3.0.0+) and
exclude test that would otherwise fail.

3 years agoAdd FIPS-detecting option to feature-test helper
Michal Nowak [Tue, 20 Oct 2020 10:12:00 +0000 (12:12 +0200)] 
Add FIPS-detecting option to feature-test helper

The '--have-fips' option of feature-test detects FIPS mode.

3 years agoProbe if ED448 and ED25519 are supported
Mark Andrews [Mon, 15 Aug 2022 05:36:03 +0000 (15:36 +1000)] 
Probe if ED448 and ED25519 are supported

ED448 and ED25519 may or may not be supported in FIPS mode depending
upon the implementation.

3 years agoReport file and line when converting OpenSSL errors
Mark Andrews [Sun, 7 Aug 2022 11:41:18 +0000 (21:41 +1000)] 
Report file and line when converting OpenSSL errors

This provides more detail about which instance of specific OpenSSL
calls that have failed by reporting the file name and line numbers
involved when dst__openssl_toresult2 and dst__openssl_toresult3 are
called.

3 years agoReport when loading of dhparam-file fails
Mark Andrews [Tue, 4 Jan 2022 01:28:08 +0000 (12:28 +1100)] 
Report when loading of dhparam-file fails

prior to this loading of the configuration could fail without
an informative error message being logged.

3 years agoReport when dnssec-policy has an unsupported algorithn
Mark Andrews [Thu, 25 Aug 2022 03:35:27 +0000 (13:35 +1000)] 
Report when dnssec-policy has an unsupported algorithn

3 years agomake cfg_kaspkey_fromconfig FIPS aware
Mark Andrews [Thu, 23 Dec 2021 03:09:36 +0000 (14:09 +1100)] 
make cfg_kaspkey_fromconfig FIPS aware

- RSASHA1 (5) and NSEC3RSASHA1 (7) are not accepted in FIPS mode
- minimum RSA key size is set to 2048 bit

adjust kasp and checkconf system tests to ensure non FIPS
compliant configurations are not used in FIPS mode

3 years agoDon't register FIPS incompatible algorithms in FIPS mode
Mark Andrews [Fri, 17 Dec 2021 06:55:51 +0000 (17:55 +1100)] 
Don't register FIPS incompatible algorithms in FIPS mode

HMACMD5 is not permitted in FIPS mode.

Note that RSASHA1 is only permitted for verification of signatures.

3 years agoMake dnssec-keygen FIPS mode aware
Mark Andrews [Fri, 17 Dec 2021 06:43:58 +0000 (17:43 +1100)] 
Make dnssec-keygen FIPS mode aware

- Reject SHA1 based key generation
- Increase the minimum RSA key size to 2048 bits

3 years agoUse isc_fips_mode() and isc_fips_set_mode() in
Mark Andrews [Thu, 16 Dec 2021 08:20:40 +0000 (19:20 +1100)] 
Use isc_fips_mode() and isc_fips_set_mode() in

bin/named/server.c and lib/dns/openssl_link.c

3 years agoDisable failing MD5 unit tests in FIPS mode
Michal Nowak [Tue, 20 Oct 2020 10:15:23 +0000 (12:15 +0200)] 
Disable failing MD5 unit tests in FIPS mode

With FIPS mode enabled 'isc_hmac_init_test' and 'isc_hmac_md5_test'
tests of hmac_test and 'isc_md_init_test' and 'isc_md_md5_test' test
of md_test fail.

This is due to leveraging MD5, which is disabled in FIPS mode.

3 years agoAllow FIPS mode to be enabled at run time in named
Mark Andrews [Wed, 29 Jun 2022 04:10:06 +0000 (14:10 +1000)] 
Allow FIPS mode to be enabled at run time in named

If FIPS mode is supported by the OS 'named -F' will turn on FIPS
mode.

3 years agoDefine isc_fips_mode() and isc_fips_set_mode()
Mark Andrews [Wed, 20 Jul 2022 01:26:06 +0000 (11:26 +1000)] 
Define isc_fips_mode() and isc_fips_set_mode()

isc_fips_mode() determines if the process is running in FIPS mode

isc_fips_set_mode() sets the process into FIPS mode

3 years agoDetect if FIPS mode is configured at the OS level
Mark Andrews [Wed, 29 Jun 2022 04:10:06 +0000 (14:10 +1000)] 
Detect if FIPS mode is configured at the OS level

Always look for FIPS_mode and EVP_default_properties_enable_fips
rather than just when requested by --enable-fips.

3 years agoProbe for EVP_default_properties_enable_fips
Mark Andrews [Thu, 16 Dec 2021 08:20:40 +0000 (19:20 +1100)] 
Probe for EVP_default_properties_enable_fips

FIPS_mode is not available in OpenSSL 3.0.0

3 years agoadd --enable-fips-mode to configure summary
Evan Hunt [Wed, 13 Oct 2021 23:50:14 +0000 (16:50 -0700)] 
add --enable-fips-mode to configure summary

Report when FIPS mode is enabled or disabled in the configure
summary output.

3 years agoEnable FIPS testing in Pairwise
Michal Nowak [Tue, 20 Oct 2020 10:14:11 +0000 (12:14 +0200)] 
Enable FIPS testing in Pairwise

It's useful to configure and build with FIPS mode in Pairwise testing
because it exposes some parts of the code otherwise hiden.

3 years agoAdd scheduled FIPS mode jobs
Michal Nowak [Wed, 9 Dec 2020 11:04:38 +0000 (12:04 +0100)] 
Add scheduled FIPS mode jobs

3 years agoMerge branch '3980-add-timeouts-to-unit-tests' into 'main'
Mark Andrews [Mon, 3 Apr 2023 00:42:27 +0000 (00:42 +0000)] 
Merge branch '3980-add-timeouts-to-unit-tests' into 'main'

Resolve "Add timeouts to unit tests."

Closes #3980

See merge request isc-projects/bind9!7762

3 years agoKill unit tests that run more than 1200 seconds
Mark Andrews [Tue, 24 Jan 2023 07:09:06 +0000 (18:09 +1100)] 
Kill unit tests that run more than 1200 seconds

The CI doesn't provide useful forensics when a system test locks
up.  Fork the process and kill it with ABRT if it is still running
after 20 minutes.  Pass the exit status to the caller.

3 years agoMerge branch 'fanf-trampoline-go-jump' into 'main'
Tony Finch [Fri, 31 Mar 2023 17:11:04 +0000 (17:11 +0000)] 
Merge branch 'fanf-trampoline-go-jump' into 'main'

Simplify thread spawning

See merge request isc-projects/bind9!7293

3 years agoSimplify thread spawning
Tony Finch [Mon, 2 Jan 2023 19:56:27 +0000 (19:56 +0000)] 
Simplify thread spawning

The `isc_trampoline` module had a lot of machinery to support stable
thread IDs for use by hazard pointers. But the hazard pointer code
is gone, and the `isc_loop` module now has its own per-loop thread
IDs.

The trampoline machinery seems over-complicated for its remaining
tasks, so move the per-thread initialization into `isc/thread.c`,
and delete the rest.

3 years agoMerge branch 'ondrej/simplify-isc_time_now' into 'main'
Ondřej Surý [Fri, 31 Mar 2023 15:51:15 +0000 (15:51 +0000)] 
Merge branch 'ondrej/simplify-isc_time_now' into 'main'

Refactor isc_time_now() to return time, and not result

See merge request isc-projects/bind9!7761

3 years agoRefactor isc_time_now() to return time, and not result
Ondřej Surý [Thu, 30 Mar 2023 22:12:33 +0000 (00:12 +0200)] 
Refactor isc_time_now() to return time, and not result

The isc_time_now() and isc_time_now_hires() were used inconsistently
through the code - either with status check, or without status check,
or via TIME_NOW() macro with RUNTIME_CHECK() on failure.

Refactor the isc_time_now() and isc_time_now_hires() to always fail when
getting current time has failed, and return the isc_time_t value as
return value instead of passing the pointer to result in the argument.

3 years agoMerge branch '3982-remove-isc_fsaccess-API' into 'main'
Ondřej Surý [Fri, 31 Mar 2023 12:53:22 +0000 (12:53 +0000)] 
Merge branch '3982-remove-isc_fsaccess-API' into 'main'

Replace isc_fsaccess API with more secure file creation

Closes #3982

See merge request isc-projects/bind9!7766

3 years agoAdd CHANGES note for [GL #3982]
Ondřej Surý [Thu, 30 Mar 2023 17:35:59 +0000 (19:35 +0200)] 
Add CHANGES note for [GL #3982]

3 years agoReplace isc_fsaccess API with more secure file creation
Ondřej Surý [Thu, 30 Mar 2023 16:00:17 +0000 (18:00 +0200)] 
Replace isc_fsaccess API with more secure file creation

The isc_fsaccess API was created to hide the implementation details
between POSIX and Windows APIs.  As we are not supporting the Windows
APIs anymore, it's better to drop this API used in the DST part.

Moreover, the isc_fsaccess was setting the permissions in an insecure
manner - it operated on the filename, and not on the file descriptor
which can lead to all kind of attacks if unpriviledged user has read (or
even worse write) access to key directory.

Replace the code that operates on the private keys with code that uses
mkstemp(), fchmod() and atomic rename() at the end, so at no time the
private key files have insecure permissions.

3 years agoAdd isc_os_umask() function to get current umask
Ondřej Surý [Fri, 31 Mar 2023 08:06:03 +0000 (10:06 +0200)] 
Add isc_os_umask() function to get current umask

As it's impossible to get the current umask without modifying it at the
same time, initialize the current umask at the program start and keep
the loaded value internally.  Add isc_os_umask() function to access the
starttime umask.

3 years agoMerge branch 'ondrej/squash-dns_name_fullhash-and-dns_name_hash' into 'main'
Ondřej Surý [Fri, 31 Mar 2023 12:43:50 +0000 (12:43 +0000)] 
Merge branch 'ondrej/squash-dns_name_fullhash-and-dns_name_hash' into 'main'

Squash dns_name_fullhash() and dns_name_hash()

See merge request isc-projects/bind9!7759

3 years agoSquash dns_name_fullhash() and dns_name_hash()
Ondřej Surý [Thu, 30 Mar 2023 19:37:12 +0000 (21:37 +0200)] 
Squash dns_name_fullhash() and dns_name_hash()

The only place where dns_name_hash() was being used is the old hash
table in the dns_badcache unit.  Squash the dns_name_fullhash() and
dns_name_hash() into single dns_name_hash() function that's always
case-insensitive as it doesn't make to do case-sensitive hashing of the
domain names and we were not using this anywhere.

3 years agoMerge branch 'ondrej/add-isc_stdtime_now' into 'main'
Ondřej Surý [Fri, 31 Mar 2023 11:58:13 +0000 (11:58 +0000)] 
Merge branch 'ondrej/add-isc_stdtime_now' into 'main'

Provide isc_stdtime_now(void) that returns value

See merge request isc-projects/bind9!7757

3 years agoAdd CHANGES note for [GL !7757]
Ondřej Surý [Thu, 30 Mar 2023 19:16:14 +0000 (21:16 +0200)] 
Add CHANGES note for [GL !7757]

3 years agoRemove isc_stdtime_get() macro
Ondřej Surý [Thu, 30 Mar 2023 19:15:06 +0000 (21:15 +0200)] 
Remove isc_stdtime_get() macro

Now that isc_stdtime_get() macro is unused, remove it from the header
file.

3 years agoApply the semantic patch to remove isc_stdtime_get()
Ondřej Surý [Thu, 30 Mar 2023 19:13:41 +0000 (21:13 +0200)] 
Apply the semantic patch to remove isc_stdtime_get()

This is a simple replacement using the semantic patch from the previous
commit and as added bonus, one removal of previously undetected unused
variable in named/server.c.

3 years agoAdd a semantic patch to change isc_stdtime_get() to isc_stdtime_now
Ondřej Surý [Thu, 30 Mar 2023 19:09:24 +0000 (21:09 +0200)] 
Add a semantic patch to change isc_stdtime_get() to isc_stdtime_now

Add a simple semantic patch to rewrite all uses of isc_stdtime_get(&t)
to simpler t = isc_stdtime_now().

3 years agoProvide isc_stdtime_now(void) that returns value
Ondřej Surý [Thu, 30 Mar 2023 19:04:43 +0000 (21:04 +0200)] 
Provide isc_stdtime_now(void) that returns value

As isc_stdtime_get() cannot fail, the API seems to be too complicated,
add new isc_stdtime_now() that returns the unixtime as a return value.

3 years agoMerge branch '3970-dighost-signal-crash' into 'main'
Tony Finch [Fri, 31 Mar 2023 09:54:05 +0000 (09:54 +0000)] 
Merge branch '3970-dighost-signal-crash' into 'main'

Fix a crash when dig or host receive a signal

Closes #3970

See merge request isc-projects/bind9!7756

3 years agoFix a crash when dig or host receive a signal
Tony Finch [Thu, 30 Mar 2023 16:56:08 +0000 (17:56 +0100)] 
Fix a crash when dig or host receive a signal

When the loopmanager is shutting down following a signal,
`dig` and `host` should stop cleanly. Before this commit
they were oblivious to ISC_R_SHUTTINGDOWN.

The `isc_signal` callbacks now report this kind of mistake
with a stack backtrace.

3 years agoMerge branch 'matthijs-checkconf-kasp-test-bug' into 'main'
Matthijs Mekking [Fri, 31 Mar 2023 08:33:24 +0000 (08:33 +0000)] 
Merge branch 'matthijs-checkconf-kasp-test-bug' into 'main'

Fix kasp system test bug

See merge request isc-projects/bind9!7750

3 years agoFix kasp system test bug
Matthijs Mekking [Thu, 30 Mar 2023 12:56:20 +0000 (14:56 +0200)] 
Fix kasp system test bug

This test was succeeding for the wrong reason (policy not found, rather
than bad key length).

3 years agoMerge branch 'ondrej/add-maybe_unused-attribute-macro' into 'main'
Ondřej Surý [Thu, 30 Mar 2023 22:16:49 +0000 (22:16 +0000)] 
Merge branch 'ondrej/add-maybe_unused-attribute-macro' into 'main'

Replace __attribute__((unused)) with ISC_ATTR_UNUSED attribute macro

See merge request isc-projects/bind9!7345

3 years agoReplace __attribute__((unused)) with ISC_ATTR_UNUSED attribute macro
Ondřej Surý [Tue, 10 Jan 2023 09:20:44 +0000 (10:20 +0100)] 
Replace __attribute__((unused)) with ISC_ATTR_UNUSED attribute macro

Instead of marking the unused entities with UNUSED(x) macro in the
function body, use a `ISC_ATTR_UNUSED` attribute macro that expans to
C23 [[maybe_unused]] or __attribute__((__unused__)) as fallback.

3 years agoUse C23 attributes if available, add ISC_ATTR_UNUSED
Ondřej Surý [Mon, 27 Feb 2023 13:09:26 +0000 (14:09 +0100)] 
Use C23 attributes if available, add ISC_ATTR_UNUSED

Use C23 attribute styles if available:

  * Add new ISC_ATTR_UNUSED attribute macro that either expands to C23's
    [[maybe_unused]] or __attribute__((__unused__));

  * Add default expansion of the `noreturn` to [[noreturn]] if available;

  * Move the FALLTHROUGH from <isc/util.h> to <isc/attributes.h>

3 years agoMerge branch 'mnowak/replace-enable_dnsprs_dl-with-enable_dnsrps_dl' into 'main'
Michal Nowak [Thu, 30 Mar 2023 17:51:42 +0000 (17:51 +0000)] 
Merge branch 'mnowak/replace-enable_dnsprs_dl-with-enable_dnsrps_dl' into 'main'

Replace enable_dnsprs_dl with enable_dnsrps_dl

See merge request isc-projects/bind9!7745

3 years agoReplace enable_dnsprs_dl with enable_dnsrps_dl
Michal Nowak [Wed, 29 Mar 2023 11:12:50 +0000 (13:12 +0200)] 
Replace enable_dnsprs_dl with enable_dnsrps_dl

"enable_dnsprs_dl" is a typo where "enable_dnsrps_dl" was intended.

3 years agoMerge branch 'artem-tlsstream-followup-to-2846888c573fcc610cdf71bcdd5bb6f92ffaf499...
Artem Boldariev [Thu, 30 Mar 2023 16:41:05 +0000 (16:41 +0000)] 
Merge branch 'artem-tlsstream-followup-to-2846888c573fcc610cdf71bcdd5bb6f92ffaf499' into 'main'

TLS Stream: remove incorrect/obsolete INSIST()s from tls_do_bio()

See merge request isc-projects/bind9!7751

3 years agoTLS Stream: remove incorrect/obsolete INSIST()s from tls_do_bio()
Artem Boldariev [Thu, 30 Mar 2023 15:17:11 +0000 (18:17 +0300)] 
TLS Stream: remove incorrect/obsolete INSIST()s from tls_do_bio()

With the changes to tls_try_handshake() made in
2846888c573fcc610cdf71bcdd5bb6f92ffaf499 there are some incorrect
INSISTS() related to handshake handling which better to be removed.

3 years agoMerge branch 'ondrej/reduce-atomic-use-in-netmgr' into 'main'
Ondřej Surý [Thu, 30 Mar 2023 14:26:38 +0000 (14:26 +0000)] 
Merge branch 'ondrej/reduce-atomic-use-in-netmgr' into 'main'

Refactor the use of atomics in netmgr

See merge request isc-projects/bind9!7724

3 years agoAttach the accept "client" socket to .listener member of the socket
Ondřej Surý [Fri, 24 Mar 2023 14:32:02 +0000 (15:32 +0100)] 
Attach the accept "client" socket to .listener member of the socket

When accepting a TCP connection in the higher layers (tlsstream,
streamdns, and http) attach to the socket the connection was accepted
on, and use this socket instead of the parent listening socket.

This has an advantage - accessing the sock->listener now doesn't break
the thread boundaries, so we can properly check whether the socket is
being closed without requiring .closing member to be atomic_bool.

3 years agoConvert sock->active to non-atomic variable, cleanup rchildren
Ondřej Surý [Tue, 28 Mar 2023 15:03:56 +0000 (17:03 +0200)] 
Convert sock->active to non-atomic variable, cleanup rchildren

The last atomic_bool variable sock->active was converted to non-atomic
bool by properly handling the listening socket case where we were
checking parent socket instead of children sockets.

This is no longer necessary as we properly set the .active to false on
the children sockets.

Additionally, cleanup the .rchildren - the atomic variable was used for
mutex+condition to block until all children were listening, but that's
now being handled by a barrier.

Finally, just remove dead .self and .active_child_connections members of
the netmgr socket.

3 years agoRefactor the use of atomics in netmgr
Ondřej Surý [Fri, 24 Mar 2023 12:37:19 +0000 (13:37 +0100)] 
Refactor the use of atomics in netmgr

Now that everything runs on their own loop and we don't cross the thread
boundaries (with few exceptions), most of the atomic_bool variables used
to track the socket state have been unatomicized because they are always
accessed from the matching thread.

The remaining few have been relaxed: a) the sock->active is now using
acquire/release memory ordering; b) the various global limits are now
using relaxed memory ordering - we don't really care about the
synchronization for those.

3 years agoMerge branch '3961-add-fast-isc_loop_run' into 'main'
Ondřej Surý [Thu, 30 Mar 2023 14:09:50 +0000 (14:09 +0000)] 
Merge branch '3961-add-fast-isc_loop_run' into 'main'

Refactor isc_job_run to not-make any allocations

Closes #3961

See merge request isc-projects/bind9!7722

3 years agoAdd CHANGES for [GL #3961]
Ondřej Surý [Fri, 24 Mar 2023 11:23:17 +0000 (12:23 +0100)] 
Add CHANGES for [GL #3961]

3 years agoAdd isc_async_current() macro to run job on current loop
Ondřej Surý [Wed, 29 Mar 2023 07:02:22 +0000 (09:02 +0200)] 
Add isc_async_current() macro to run job on current loop

Previously, isc_job_run() could have been used to run the job on the
current loop and the isc_job_run() would take care of allocating and
deallocating the job.  After the change in this MR, the isc_job_run()
is more complicated to use, so we introduce the isc_async_current()
macro to suplement isc_async_run() when we need to run the job on the
current loop.

3 years agoRefactor isc_job_run to not-make any allocations
Ondřej Surý [Mon, 27 Mar 2023 20:40:57 +0000 (22:40 +0200)] 
Refactor isc_job_run to not-make any allocations

Change the isc_job_run() to not-make any allocations.  The caller must
make sure that it allocates isc_job_t - usually as part of the argument
passed to the callback.

For simple jobs, using isc_async_run() is advised as it allocates its
own separate isc_job_t.

3 years agoRefactor the isc__nm_uvreq_t to have idle callback
Ondřej Surý [Fri, 24 Mar 2023 11:11:44 +0000 (12:11 +0100)] 
Refactor the isc__nm_uvreq_t to have idle callback

Change the isc__nm_uvreq_t to have the idle callback as a separate
member as we always need to use it to properly close the uvreq.

Slightly refactor uvreq_put and uvreq_get to remove the unneeded
arguments - in uvreq_get(), we always use sock->worker, and in
uvreq_put, we always use req->sock, so there's not reason to pass those
extra arguments.

3 years agoUse uv_idle API for calling asynchronous connect/read/send callback
Ondřej Surý [Fri, 24 Mar 2023 09:36:58 +0000 (10:36 +0100)] 
Use uv_idle API for calling asynchronous connect/read/send callback

Instead of using isc_job_run() that's quite heavy as it allocates memory
for every new job, add uv_idle_t to uvreq union, and use uv_idle API
directly to execute the connect/read/send callback without any
additional allocations.

3 years agoRe-add the comment to streamdns_readmore()
Ondřej Surý [Fri, 24 Mar 2023 11:20:07 +0000 (12:20 +0100)] 
Re-add the comment to streamdns_readmore()

Put the comment back, so it's more obvious that we are only restarting
timer when there's a last handle attached to the socket; there has to be
always at least one.

3 years agoMerge branch '3967-linkfix-dnssec-guide' into 'main'
Matthijs Mekking [Wed, 29 Mar 2023 13:28:57 +0000 (13:28 +0000)] 
Merge branch '3967-linkfix-dnssec-guide' into 'main'

Remove dead link to resolver test

Closes #3967

See merge request isc-projects/bind9!7737

3 years agoAdd CHANGES for #3967
Matthijs Mekking [Tue, 28 Mar 2023 11:57:57 +0000 (13:57 +0200)] 
Add CHANGES for #3967

3 years agoRemove dead link to resolver test
Matthijs Mekking [Tue, 28 Mar 2023 11:55:59 +0000 (13:55 +0200)] 
Remove dead link to resolver test

The doc file doc/dnssec-guide/validation.rst points to a resolver test
site that is now down. Remove the dead link.