From: Wouter Wijngaards Date: Tue, 7 Aug 2007 15:18:25 +0000 (+0000) Subject: sigcrypt. X-Git-Tag: release-0.5~143 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb5ab1f8e622e0d0e02182de24d5d9af908834fd;p=thirdparty%2Funbound.git sigcrypt. git-svn-id: file:///svn/unbound/trunk@498 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/daemon/worker.c b/daemon/worker.c index 0ff384487..fbedcf1e5 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -712,7 +712,8 @@ worker_init(struct worker* worker, struct config_file *cfg, worker->env.attach_sub = &mesh_attach_sub; worker->env.kill_sub = &mesh_state_delete; worker->env.detect_cycle = &mesh_detect_cycle; - if(!worker->env.mesh) { + worker->env.scratch_buffer = ldns_buffer_new(65536); + if(!worker->env.mesh || !worker->env.scratch_buffer) { worker_delete(worker); return 0; } @@ -735,6 +736,7 @@ worker_delete(struct worker* worker) server_stats_log(&worker->stats, worker->thread_num); worker_mem_report(worker); mesh_delete(worker->env.mesh); + ldns_buffer_free(worker->env.scratch_buffer); listen_delete(worker->front); outside_network_delete(worker->back); comm_signal_delete(worker->comsig); diff --git a/doc/Changelog b/doc/Changelog index c271cff04..3321382cd 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -4,6 +4,7 @@ - rrset id is updated to invalidate all the message cache entries that refer to NSEC, NSEC3, DNAME rrsets that have changed. - val_util work + - val_sigcrypt file for validator signature checks. 6 August 2007: Wouter - key cache for validator. diff --git a/util/module.h b/util/module.h index cf8c0e8b3..2d378ead1 100644 --- a/util/module.h +++ b/util/module.h @@ -181,6 +181,8 @@ struct module_env { /** region for temporary usage. May be cleared after operate() call. */ struct region* scratch; + /** buffer for temporary usage. May be cleared after operate() call. */ + ldns_buffer* scratch_buffer; /** internal data for daemon - worker thread. */ struct worker* worker; /** mesh area with query state dependencies */ diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c new file mode 100644 index 000000000..570b8d0ac --- /dev/null +++ b/validator/val_sigcrypt.c @@ -0,0 +1,44 @@ +/* + * validator/val_sigcrypt.c - validator signature crypto functions. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains helper functions for the validator module. + * The functions help with signature verification and checking, the + * bridging between RR wireformat data and crypto calls. + */ +#include "config.h" +#include "validator/val_sigcrypt.h" diff --git a/validator/val_sigcrypt.h b/validator/val_sigcrypt.h new file mode 100644 index 000000000..eecbb8f51 --- /dev/null +++ b/validator/val_sigcrypt.h @@ -0,0 +1,67 @@ +/* + * validator/val_sigcrypt.h - validator signature crypto functions. + * + * Copyright (c) 2007, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains helper functions for the validator module. + * The functions help with signature verification and checking, the + * bridging between RR wireformat data and crypto calls. + */ + +#ifndef VALIDATOR_VAL_SIGCRYPT_H +#define VALIDATOR_VAL_SIGCRYPT_H +struct val_env; +struct module_env; + +/** create DS digest for a dnskey */ + +/** check dnskey matches a DS digest */ + +/** get dnskey id, footprint value */ + +/** see if DNSKEY algorithm is supported */ + +/** see if DS algorithm is supported */ + +/** verify rrset against dnskey rrset. */ + +/** verify rrset against one specific dnskey (from rrset) */ + +/** verify rrset, with dnskey rrset, for a specific rrsig in rrset */ + +/** verify rrset, with specific dnskey(from set), for a specific rrsig */ + +#endif /* VALIDATOR_VAL_SIGCRYPT_H */ diff --git a/validator/val_utils.c b/validator/val_utils.c index 27f4d5064..5a88855c2 100644 --- a/validator/val_utils.c +++ b/validator/val_utils.c @@ -208,7 +208,7 @@ verify_dnskeys_with_ds_rr(struct module_env* env, struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, struct ub_packed_rrset_key* ds_rrset, size_t ds_idx) { - enum sec_status sec; + enum sec_status sec = sec_status_bogus; size_t i, num; num = rrset_get_count(dnskey_rrset); for(i=0; i