(ie. just a list of rrs) can scale to zone file in order of
megabytes. Sorting such zone is still difficult.
* Reading multiline b64 encoded rdata works.
+ * OpenSSL was made optional, configure --without-ssl.
+ Ofcourse all dnssec/tsig related functions are disabled
Drill:
* -r was killed in favor of -o <header bit mnemonic> which
#include <strings.h>
#include <time.h>
+#ifdef HAVE_SSL
+/* this entire file is rather useless when you don't have
+ * crypto...
+ */
#include <openssl/ssl.h>
-#include <openssl/err.h>
#include <openssl/rand.h>
-#include <openssl/bn.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
+#include <openssl/err.h>
/* used only on the public key RR */
uint16_t
uint32_t ac;
ldns_buffer *keybuf;
size_t keysize;
-
if (!key) {
return 0;
}
ac = 0;
-
if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) {
return 0;
}
ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, ldns_rr_list *keys, ldns_rr_list *good_keys)
{
uint16_t i;
-/* ldns_rr_list *keys_verified;*/
bool valid;
ldns_status verify_result = LDNS_STATUS_ERR;
return verify_result;
}
-INLINE ldns_status
+ldns_status
ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf,
ldns_buffer *verify_buf,
ldns_buffer *key_buf,
LDNS_FREE(buf);
return LDNS_STATUS_OK;
}
+#endif /* HAVE_SSL */
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.57)
-AC_INIT(drill, 1.0.1, libdns@nlnetlabs.nl, drill)
+AC_INIT(drill, 1.1.0, libdns@nlnetlabs.nl, drill)
AC_CONFIG_SRCDIR([drill_util.h])
AC_AIX
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.57)
-AC_INIT(libdns, 1.0.1, libdns@nlnetlabs.nl,libdns)
+AC_INIT(libdns, 1.1.0, libdns@nlnetlabs.nl,libdns)
AC_CONFIG_SRCDIR([ldns-read-zone.c])
AC_AIX
if (ldns_rr_rd_count(rr) > 0) {
switch (ldns_rr_get_type(rr)) {
case LDNS_RR_TYPE_DNSKEY:
+#ifdef HAVE_SSL
if (ldns_rdf2native_int16(ldns_rr_rdf(rr, 0)) == 256) {
ldns_buffer_printf(output, " ;{id = %d (zsk), size = %db}",
ldns_calc_keytag(rr),
ldns_buffer_printf(output, " ;{id = %d, size = %db}",
ldns_calc_keytag(rr),
ldns_rr_dnskey_key_size(rr));
+#endif /* HAVE_SSL */
break;
case LDNS_RR_TYPE_RRSIG:
ldns_buffer_printf(output, " ;{id = %d}",
return status;
}
-#ifdef HAVE_SSL
ldns_status
ldns_key2buffer_str(ldns_buffer *output, ldns_key *k)
{
ldns_status status = LDNS_STATUS_OK;
unsigned char *bignum;
+#ifdef HAVE_SSL
+ /* not used when ssl is not defined */
ldns_rdf *b64_bignum;
uint16_t i;
+#endif /* HAVE_SSL */
if (!k) {
return LDNS_STATUS_ERR;
}
if (ldns_buffer_status_ok(output)) {
+#ifdef HAVE_SSL
switch(ldns_key_algorithm(k)) {
case LDNS_SIGN_RSASHA1:
case LDNS_SIGN_RSAMD5:
/* is the filefmt specified for TSIG.. don't know */
goto error;
}
+#endif /* HAVE_SSL */
} else {
LDNS_FREE(bignum);
return ldns_buffer_status(output);
LDNS_FREE(bignum);
return status;
+#ifdef HAVE_SSL
+ /* compiles warn the label isn't used */
error:
LDNS_FREE(bignum);
return LDNS_STATUS_ERR;
+#endif /* HAVE_SSL */
}
-#else
-ldns_status
-ldns_key2buffer_str(ldns_buffer *output, ldns_key *k)
-{
- return LDNS_STATUS_ERR;
-}
-#endif /* HAVE_SSL */
/*
* Zero terminate the buffer and fix it to the size of the string.
#include <ldns/dns.h>
+#ifdef HAVE_SSL
#include <openssl/ssl.h>
+#endif /* HAVE_SSL */
ldns_lookup_table ldns_signing_algorithms[] = {
{ LDNS_SIGN_RSAMD5, "RSAMD5" },
{ 0, NULL }
};
+#ifdef HAVE_SSL
ldns_key_list *
ldns_key_list_new()
{
LDNS_FREE(key_list->_keys);
LDNS_FREE(key_list);
}
+#endif /* HAVE_SSL */
#ifndef _LDNS_DNSSEC_H_
#define _LDNS_DNSSEC_H_
+#ifdef HAVE_SSL
#include <openssl/ssl.h>
+#endif /* HAVE_SSL */
#include <ldns/common.h>
#include <ldns/packet.h>
#include <ldns/keys.h>
#define LDNS_MAX_KEYLEN 2048
#define LDNS_DNSSEC_KEYPROTO 3
/* default time before sigs expire */
-#define LDNS_DEFAULT_EXP_TIME 1209600
+#define LDNS_DEFAULT_EXP_TIME 2419200 /* 4 weeks */
/**
* calculates a keytag of a key for use in DNSSEC.
* \param[in] key the key to convert
* \return a DSA * structure with the key material
*/
+#ifdef HAVE_SSL
DSA *ldns_key_buf2dsa(ldns_buffer *key);
+#endif /* HAVE_SSL */
/**
* converts a buffer holding key material to a RSA key in openssl.
* \param[in] key the key to convert
* \return a RSA * structure with the key material
*/
+#ifdef HAVE_SSL
RSA *ldns_key_buf2rsa(ldns_buffer *key);
+#endif /* HAVE_SSL */
/**
* returns a new DS rr that represents the given key rr.
/* sign functions - these are very much a work in progress */
ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys);
+#ifdef HAVE_SSL
ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key);
ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key);
ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
+#endif /* HAVE_SSL */
/**
* Create a NSEC record
#ifndef _LDNS_KEYS_H
#define _LDNS_KEYS_H
+#ifdef HAVE_SSL
#include <openssl/ssl.h>
+#endif /* HAVE_SSL */
#include <ldns/dnssec.h>
#include <ldns/util.h>
ldns_signing_algorithm _alg;
/** types of keys supported */
union {
+#ifdef HAVE_SSL
RSA *rsa;
DSA *dsa;
+#endif /* HAVE_SSL */
unsigned char *hmac;
} _key;
/** depending on the key we can have extra data */
* \param[in] fp the file to parse
* \return NULL on failure otherwise a RSA structure
*/
+#ifdef HAVE_SSL
RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
+#endif /* HAVE_SSL */
/**
* frm_fp helper function. This function parsed the
* \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
* \return NULL on failure otherwise a RSA structure
*/
+#ifdef HAVE_SSL
RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
+#endif /* HAVE_SSL */
/**
* frm_fp helper function. This function parsed the
* \param[in] fp the file to parse
* \return NULL on failure otherwise a RSA structure
*/
+#ifdef HAVE_SSL
DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
+#endif /* HAVE_SSL */
/**
* frm_fp helper function. This function parsed the
* \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
* \return NULL on failure otherwise a RSA structure
*/
+#ifdef HAVE_SSL
DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
+#endif /* HAVE_SSL */
/* acces write functions */
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l);
+#ifdef HAVE_SSL
void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
+#endif /* HAVE_SSL */
void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac);
void ldns_key_set_origttl(ldns_key *k, uint32_t t);
void ldns_key_set_inception(ldns_key *k, uint32_t i);
/**
* returns the (openssl) RSA struct contained in the key
*/
+#ifdef HAVE_SSL
RSA *ldns_key_rsa_key(ldns_key *k);
+#endif /* HAVE_SSL */
/**
* returns the (openssl) DSA struct contained in the key
*/
+#ifdef HAVE_SSL
DSA *ldns_key_dsa_key(ldns_key *k);
+#endif /* HAVE_SSL */
ldns_signing_algorithm ldns_key_algorithm(ldns_key *k);
unsigned char *ldns_key_hmac_key(ldns_key *k);
sleep((unsigned int) ldns_resolver_retrans(r));
}
+#ifdef HAVE_SSL
if (tsig_mac && reply_bytes) {
if (!ldns_pkt_tsig_verify(reply,
reply_bytes,
status = LDNS_STATUS_CRYPTO_TSIG_BOGUS;
}
}
+#endif /* HAVE_SSL */
LDNS_FREE(reply_bytes);
ldns_buffer_free(qb);
rr instead of seperate values in resolver (and packet)
Jelte
*/
+#ifdef HAVE_SSL
if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) {
status = ldns_pkt_tsig_sign(query_pkt,
ldns_resolver_tsig_keyname(r),
return LDNS_STATUS_CRYPTO_TSIG_ERR;
}
}
+#endif /* HAVE_SSL */
status = ldns_resolver_send_pkt(&answer_pkt, r, query_pkt);
ldns_pkt_free(query_pkt);
ldns_rr_compare_ds(const ldns_rr *orr1, const ldns_rr *orr2)
{
bool result;
+#ifdef HAVE_SSL
ldns_rr *ds_repr;
+#endif /* HAVE_SSL */
ldns_rr *rr1 = ldns_rr_clone(orr1);
ldns_rr *rr2 = ldns_rr_clone(orr2);
ldns_rr_set_ttl(rr1, 0);
ldns_rr_set_ttl(rr2, 0);
+#ifdef HAVE_SSL
if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DS &&
ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DNSKEY) {
ds_repr = ldns_key_rr2ds(rr2);
} else {
result = (ldns_rr_compare(rr1, rr2) == 0);
}
+#else
+ result = (ldns_rr_compare(rr1, rr2) == 0);
+#endif /* HAVE_SSL */
ldns_rr_free(rr1);
ldns_rr_free(rr2);
#include <strings.h>
+#ifdef HAVE_SSL
#include <openssl/hmac.h>
#include <openssl/md5.h>
+#endif /* HAVE_SSL */
char *
ldns_tsig_algorithm(ldns_tsig_credentials *tc)
return wire2;
}
+#ifdef HAVE_SSL
const EVP_MD *
ldns_get_digest_function(char *name)
{
else
return NULL;
}
+#endif
+#ifdef HAVE_SSL
ldns_status
ldns_create_tsig_mac(
ldns_rdf **tsig_mac,
return LDNS_STATUS_OK;
}
+#endif /* HAVE_SSL */
-/* THIS FUNC WILL REMOVE TSIG ITSELF */
+#ifdef HAVE_SSL
bool
ldns_pkt_tsig_verify(ldns_pkt *pkt,
uint8_t *wire,
return false;
}
}
+#endif /* HAVE_SSL */
+#ifdef HAVE_SSL
/* TODO: memory :p */
ldns_status
ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac)
ldns_rdf_free(other_data_rdf);
return status;
}
+#endif /* HAVE_SSL */
}
ldns_status
-ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r)
+ldns_update_pkt_tsig_add(ldns_pkt *ATTR_UNUSED(p), ldns_resolver *ATTR_UNUSED(r))
{
+#ifdef HAVE_SSL
uint16_t fudge = 300; /* Recommended fudge. [RFC2845 6.4] */
-
if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r))
return ldns_pkt_tsig_sign(p, ldns_resolver_tsig_keyname(r),
ldns_resolver_tsig_keydata(r), fudge,
ldns_resolver_tsig_algorithm(r), NULL);
+#endif /* HAVE_SSL */
/* No TSIG to do. */
return LDNS_STATUS_OK;
projects / thirdparty / ldns.git / commitdiff
