const char *conffile = NULL;
isc_mem_t *mctx = NULL;
isc_result_t result = ISC_R_SUCCESS;
- bool cleanup_dst = false;
bool load_zones = false;
bool list_zones = false;
bool print = false;
CHECK(setup_logging(mctx, stdout, &logc));
- CHECK(dst_lib_init(mctx));
- cleanup_dst = true;
-
CHECK(cfg_parser_create(mctx, logc, &parser));
if (nodeprecate) {
cfg_parser_destroy(&parser);
}
- if (cleanup_dst) {
- dst_lib_destroy();
- }
-
if (logc != NULL) {
isc_log_destroy(&logc);
}
fatal("unsupported algorithm %d\n", alg);
}
- DO("initialize dst library", dst_lib_init(mctx));
-
DO("generate key",
dst_key_generate(dns_rootname, alg, keysize, 0, 0, DNS_KEYPROTO_ANY,
dns_rdataclass_in, NULL, mctx, &key, NULL));
isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
- DO("bsse64 encode secret",
+ DO("base64 encode secret",
isc_base64_totext(&key_rawregion, -1, "", key_txtbuffer));
if (key != NULL) {
dst_key_free(&key);
}
-
- dst_lib_destroy();
}
/*%
isc_managers_create(&mctx, 1, &loopmgr, &netmgr);
loop = isc_loop_main(loopmgr);
- result = dst_lib_init(mctx);
- if (result != ISC_R_SUCCESS) {
- fatal("dst_lib_init failed: %d", result);
- }
-
parse_args(argc, argv);
CHECK(setup_style());
}
isc_log_destroy(&lctx);
- dst_lib_destroy();
isc_managers_destroy(&mctx, &loopmgr, &netmgr);
bool check_ra = false, have_ipv4 = false, have_ipv6 = false,
specified_source = false, free_now = false, usesearch = false,
- showsearch = false, is_dst_up = false, keep_open = false, verbose = false,
- yaml = false;
+ showsearch = false, keep_open = false, verbose = false, yaml = false;
in_port_t port = 53;
bool port_set = false;
unsigned int timeout = 0;
isc_mem_setname(mctx, "dig");
mainloop = isc_loop_main(loopmgr);
-
- result = dst_lib_init(mctx);
- check_result(result, "dst_lib_init");
- is_dst_up = true;
}
typedef struct dig_ednsoptname {
debug("freeing SIG(0) key %p", sig0key);
dst_key_free(&sig0key);
}
-
- if (is_dst_up) {
- debug("destroy DST lib");
- dst_lib_destroy();
- is_dst_up = false;
- }
}
/*%
static dns_db_t *update_db = NULL;
static dns_dbnode_t *update_node = NULL;
static dns_dbversion_t *update_version = NULL;
-static bool cleanup_dst = false;
static bool print_mem_stats = false;
static void
if (lctx != NULL) {
cleanup_logging(&lctx);
}
- if (cleanup_dst) {
- dst_lib_destroy();
- }
if (mctx != NULL) {
if (print_mem_stats && verbose > 10) {
isc_mem_stats(mctx, stdout);
const char *child_path = NULL;
const char *ds_path = NULL;
const char *inplace = NULL;
- isc_result_t result;
bool prefer_cdnskey = false;
bool nsupdate = false;
uint32_t ttl = 0;
setup_logging(mctx, &lctx);
- result = dst_lib_init(mctx);
- if (result != ISC_R_SUCCESS) {
- fatal("could not initialize dst: %s",
- isc_result_totext(result));
- }
- cleanup_dst = true;
-
if (ds_path == NULL) {
fatal("missing -d DS pathname");
}
fatal("extraneous arguments");
}
- result = dst_lib_init(mctx);
- if (result != ISC_R_SUCCESS) {
- fatal("could not initialize dst: %s",
- isc_result_totext(result));
- }
-
setup_logging(mctx, &log);
dns_rdataset_init(&rdataset);
dns_rdataset_disassociate(&rdataset);
}
cleanup_logging(&log);
- dst_lib_destroy();
if (verbose > 10) {
isc_mem_stats(mctx, stdout);
}
fatal("extraneous arguments");
}
- result = dst_lib_init(mctx);
- if (result != ISC_R_SUCCESS) {
- fatal("could not initialize dst: %s",
- isc_result_totext(result));
- }
-
setup_logging(mctx, &log);
dns_rdataset_init(&rdataset);
dns_rdataset_disassociate(&rdataset);
}
cleanup_logging(&log);
- dst_lib_destroy();
if (verbose > 10) {
isc_mem_stats(mctx, stdout);
}
}
}
- ret = dst_lib_init(mctx);
- if (ret != ISC_R_SUCCESS) {
- fatal("could not initialize dst: %s", isc_result_totext(ret));
- }
-
setup_logging(mctx, &log);
if (predecessor == NULL) {
}
cleanup_logging(&log);
- dst_lib_destroy();
if (verbose > 10) {
isc_mem_stats(mctx, stdout);
}
}
}
- ret = dst_lib_init(mctx);
- if (ret != ISC_R_SUCCESS) {
- fatal("could not initialize dst: %s", isc_result_totext(ret));
- }
-
/*
- * After dst_lib_init which will set FIPS mode if requested
- * at build time. The minumums are both raised to 2048.
+ * The DST subsystem will set FIPS mode if requested at build time.
+ * The minimum sizes are both raised to 2048.
*/
if (isc_fips_mode()) {
min_rsa = min_dh = 2048;
}
cleanup_logging(&lctx);
- dst_lib_destroy();
if (verbose > 10) {
isc_mem_stats(mctx, stdout);
}
fatal("must provide a command and zone name");
}
- ret = dst_lib_init(mctx);
- if (ret != ISC_R_SUCCESS) {
- fatal("could not initialize dst: %s", isc_result_totext(ret));
- }
-
/*
- * After dst_lib_init which will set FIPS mode if requested
- * at build time. The minumums are both raised to 2048.
+ * The DST subsystem will set FIPS mode if requested at build time.
+ * The minimum sizes are both raised to 2048.
*/
if (isc_fips_mode()) {
min_rsa = min_dh = 2048;
}
}
- result = dst_lib_init(mctx);
- if (result != ISC_R_SUCCESS) {
- fatal("Could not initialize dst: %s",
- isc_result_totext(result));
- }
-
result = dst_key_fromnamedfile(
filename, dir, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, mctx, &key);
if (result != ISC_R_SUCCESS) {
cleanup:
dst_key_free(&key);
- dst_lib_destroy();
if (verbose > 10) {
isc_mem_stats(mctx, stdout);
}
fatal("Options -g, -d, -k, -r and -z require -s to be set");
}
- result = dst_lib_init(mctx);
- if (result != ISC_R_SUCCESS) {
- fatal("Could not initialize dst: %s",
- isc_result_totext(result));
- }
-
if (predecessor != NULL) {
int major, minor;
dst_key_free(&prevkey);
}
dst_key_free(&key);
- dst_lib_destroy();
if (verbose > 10) {
isc_mem_stats(mctx, stdout);
}
}
}
- result = dst_lib_init(mctx);
- if (result != ISC_R_SUCCESS) {
- fatal("could not initialize dst: %s",
- isc_result_totext(result));
- }
-
setup_logging(mctx, &log);
argc -= isc_commandline_index;
dns_master_styledestroy(&dsstyle, mctx);
cleanup_logging(&log);
- dst_lib_destroy();
if (verbose > 10) {
isc_mem_stats(mctx, stdout);
}
}
}
- result = dst_lib_init(mctx);
- if (result != ISC_R_SUCCESS) {
- fatal("could not initialize dst: %s",
- isc_result_totext(result));
- }
-
now = isc_stdtime_now();
rdclass = strtoclass(classname);
dns_db_detach(&gdb);
cleanup_logging(&log);
- dst_lib_destroy();
if (verbose > 10) {
isc_mem_stats(mctx, stdout);
}
static void
printversion(bool verbose) {
char rndcconf[PATH_MAX], *dot = NULL;
- isc_mem_t *mctx = NULL;
- isc_result_t result;
isc_buffer_t b;
char buf[512];
#if defined(HAVE_GEOIP2)
#endif /* if defined(HAVE_DNSTAP) */
printf("threads support is enabled\n");
- isc_mem_create(&mctx);
- result = dst_lib_init(mctx);
- if (result == ISC_R_SUCCESS) {
- isc_buffer_init(&b, buf, sizeof(buf));
- format_supported_algorithms(printit);
- printf("\n");
- dst_lib_destroy();
- } else {
- printf("DST initialization failure: %s\n",
- isc_result_totext(result));
- }
+ isc_buffer_init(&b, buf, sizeof(buf));
+ format_supported_algorithms(printit);
+ printf("\n");
/*
* The default rndc.conf and rndc.key paths are in the same
printf(" named PID file: %s\n", named_g_defaultpidfile);
#if defined(HAVE_GEOIP2)
#define RTC(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
+ isc_mem_t *mctx = NULL;
+ isc_mem_create(&mctx);
RTC(cfg_parser_create(mctx, named_g_lctx, &parser));
RTC(named_config_parsedefaults(parser, &config));
RTC(cfg_map_get(config, "options", &defaults));
}
cfg_obj_destroy(parser, &config);
cfg_parser_destroy(&parser);
-#endif /* HAVE_GEOIP2 */
isc_mem_detach(&mctx);
+#endif /* HAVE_GEOIP2 */
}
static void
ENSURE(named_g_server != NULL);
sctx = named_g_server->sctx;
- /*
- * Report supported algorithms now that dst_lib_init() has
- * been called via named_server_create().
- */
format_supported_algorithms(logit);
/*
ISC_LIST_INIT(server->keystorelist);
ISC_LIST_INIT(server->viewlist);
- /* Must be first. */
- CHECKFATAL(dst_lib_init(named_g_mctx), "initializing DST");
-
CHECKFATAL(dns_rootns_create(mctx, dns_rdataclass_in, NULL,
&server->in_roothints),
"setting up root hints");
dns_zonemgr_detach(&server->zonemgr);
}
- dst_lib_destroy();
-
INSIST(ISC_LIST_EMPTY(server->kasplist));
INSIST(ISC_LIST_EMPTY(server->keystorelist));
INSIST(ISC_LIST_EMPTY(server->viewlist));
static bool memdebugging = false;
static bool have_ipv4 = false;
static bool have_ipv6 = false;
-static bool is_dst_up = false;
static bool use_tls = false;
static bool usevc = false;
static bool usegsstsig = false;
result = dns_dispatchmgr_create(gmctx, loopmgr, netmgr, &dispatchmgr);
check_result(result, "dns_dispatchmgr_create");
- result = dst_lib_init(gmctx);
- check_result(result, "dst_lib_init");
- is_dst_up = true;
-
set_source_ports(dispatchmgr);
if (have_ipv6) {
isc_mutex_destroy(&answer_lock);
- if (is_dst_up) {
- ddebug("Destroy DST lib");
- dst_lib_destroy();
- is_dst_up = false;
- }
-
ddebug("Shutting down managers");
isc_managers_destroy(&gmctx, &loopmgr, &netmgr);
}
named.pid
named.run
/feature-test
+/legacy.run.sh
/makejournal
/random.data
/*.log
}
if (strcmp(argv[1], "--md5") == 0) {
- isc_mem_t *mctx = NULL;
- int answer;
-
- isc_mem_create(&mctx);
- dst_lib_init(mctx);
- answer = dst_algorithm_supported(DST_ALG_HMACMD5) ? 0 : 1;
- dst_lib_destroy();
- isc_mem_detach(&mctx);
- return (answer);
+ if (!dst_algorithm_supported(DST_ALG_HMACMD5)) {
+ return (1);
+ }
+ return (0);
}
if (strcmp(argv[1], "--ipv6only=no") == 0) {
}
if (strcasecmp(argv[1], "--rsasha1") == 0) {
- int answer;
- isc_mem_t *mctx = NULL;
- isc_mem_create(&mctx);
- dst_lib_init(mctx);
- answer = dst_algorithm_supported(DST_ALG_RSASHA1) ? 0 : 1;
- dst_lib_destroy();
- isc_mem_detach(&mctx);
- return (answer);
+ if (!dst_algorithm_supported(DST_ALG_RSASHA1)) {
+ return (1);
+ }
+
+ return (0);
}
if (strcmp(argv[1], "--with-dlz-filesystem") == 0) {
isc_mem_t *mctx = NULL;
isc_log_t *lctx = NULL;
-static bool dst_active = false;
-
/*
* Logging categories: this needs to match the list in bin/named/log.c.
*/
isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
isc_mem_create(&mctx);
- CHECK(dst_lib_init(mctx));
- dst_active = true;
-
isc_log_create(mctx, &lctx, &logconfig);
isc_log_registercategories(lctx, categories);
isc_log_setcontext(lctx);
if (lctx != NULL) {
isc_log_destroy(&lctx);
}
- if (dst_active) {
- dst_lib_destroy();
- dst_active = false;
- }
if (mctx != NULL) {
isc_mem_destroy(&mctx);
}
isc_log_create(mctx, &lctx, &lcfg);
- RUNCHECK(dst_lib_init(mctx));
-
RUNCHECK(dns_dispatchmgr_create(mctx, loopmgr, netmgr, &dispatchmgr));
RUNCHECK(dns_dispatch_createudp(
isc_loopmgr_run(loopmgr);
- dst_lib_destroy();
-
isc_log_destroy(&lctx);
isc_managers_destroy(&mctx, &loopmgr, &netmgr);
}
isc_mem_create(&mctx);
- CHECK(dst_lib_init(mctx), "dst_lib_init()");
isc_log_create(mctx, &log_, &logconfig);
isc_log_setcontext(log_);
dns_log_init(log_);
isc_log_destroy(&log_);
isc_log_setcontext(NULL);
dns_log_setcontext(NULL);
- dst_lib_destroy();
isc_mem_destroy(&mctx);
return (0);
}
isc_managers_create(&mctx, 1, &loopmgr, &netmgr);
isc_log_create(mctx, &lctx, &lcfg);
- RUNCHECK(dst_lib_init(mctx));
isc_nonce_buf(cookie_secret, sizeof(cookie_secret));
ISC_LIST_INIT(queries);
isc_loopmgr_run(loopmgr);
- dst_lib_destroy();
-
isc_log_destroy(&lctx);
query = ISC_LIST_HEAD(queries);
sig0key. 0 IN NS .\n\
sig0key. 0 IN KEY 512 3 8 AwEAAa22lgHi1vAbQvu5ETdTrm2H8rwga9tvyMa6LFiSDyevLvSv0Uo5 uvfrXnxaLdtBMts6e1Ly2piSH9JRbOGMNibOK4EXWhWAn8MII4SWgQAs bFwtiz4HyPn2wScrUQdo8DocKiQJBanesr7vDO8fdA6Rg1e0yAtSeNti e8avx46/HJa6CFs3CoE0sf6oOFSxM954AgCBTXOGNBt1Nt3Bhfqt2qyA TLFii5K1jLDTZDVkoiyDXL1M7wcTwKf9METgj1eQmH3GGlRM/OJ/j8xk ZiFGbL3cipWdiH48031jiV2hlc92mKn8Ya0d9AN6c44piza/JSFydZXw sY32nxzjDbs=\n";
-static bool destroy_dst = false;
-
int
LLVMFuzzerInitialize(int *argc ISC_ATTR_UNUSED, char ***argv ISC_ATTR_UNUSED) {
isc_result_t result;
isc_mem_create(&mctx);
- result = dst_lib_init(mctx);
- if (result != ISC_R_SUCCESS) {
- fprintf(stderr, "dst_lib_init failed: %s\n",
- isc_result_totext(result));
- return (1);
- }
- destroy_dst = true;
-
isc_loopmgr_create(mctx, 1, &loopmgr);
result = dns_view_create(mctx, NULL, dns_rdataclass_in, "view", &view);
#define MAX_NTAGS \
(DST_MAX_NUMERIC + DST_MAX_BOOLEAN + DST_MAX_TIMES + DST_MAX_KEYSTATES)
-static dst_func_t *dst_t_func[DST_MAX_ALGS];
-
-static bool dst_initialized = false;
+static dst_func_t *dst_t_func[DST_MAX_ALGS] = { 0 };
void
gss_log(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3);
return ((_r)); \
} while (0);
-isc_result_t
-dst_lib_init(isc_mem_t *mctx) {
- isc_result_t result;
+static isc_mem_t *dst__mctx = NULL;
+
+void ISC_CONSTRUCTOR
+dst__lib_init(void);
+void ISC_DESTRUCTOR
+dst__lib_destroy(void);
+
+void
+dst__lib_init(void) {
+ isc_mem_create(&dst__mctx);
+
+ dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]);
+ dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]);
+ dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]);
+ dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]);
+ dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]);
+ dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]);
- REQUIRE(mctx != NULL);
- REQUIRE(!dst_initialized);
-
- memset(dst_t_func, 0, sizeof(dst_t_func));
- dst__openssl_init(); /* Sets FIPS mode. */
- RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
- RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
- RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]));
- RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
- RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
- RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
/* RSASHA1 (NSEC3RSASHA1) is verify only in FIPS mode. */
- RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1],
- DST_ALG_RSASHA1));
- RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1],
- DST_ALG_NSEC3RSASHA1));
- RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256],
- DST_ALG_RSASHA256));
- RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512],
- DST_ALG_RSASHA512));
- RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
- RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
- RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519],
- DST_ALG_ED25519));
+ dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1], DST_ALG_RSASHA1);
+ dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1],
+ DST_ALG_NSEC3RSASHA1);
+ dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256], DST_ALG_RSASHA256);
+ dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512], DST_ALG_RSASHA512);
+ dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]);
+ dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]);
+ dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519], DST_ALG_ED25519);
#ifdef HAVE_OPENSSL_ED448
- RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448],
- DST_ALG_ED448));
-#endif /* HAVE_OPENSSL_ED448 */
+ dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448], DST_ALG_ED448);
+#endif /* ifdef HAVE_OPENSSL_ED448 */
#if HAVE_GSSAPI
- RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
+ dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]);
#endif /* HAVE_GSSAPI */
-
- dst_initialized = true;
- return (ISC_R_SUCCESS);
-
-out:
- /* avoid immediate crash! */
- dst_initialized = true;
- dst_lib_destroy();
- return (result);
}
void
-dst_lib_destroy(void) {
- int i;
- RUNTIME_CHECK(dst_initialized);
- dst_initialized = false;
-
- for (i = 0; i < DST_MAX_ALGS; i++) {
+dst__lib_destroy(void) {
+ for (size_t i = 0; i < DST_MAX_ALGS; i++) {
if (dst_t_func[i] != NULL && dst_t_func[i]->cleanup != NULL) {
dst_t_func[i]->cleanup();
}
}
- dst__openssl_destroy();
+
+ isc_mem_destroy(&dst__mctx);
}
bool
dst_algorithm_supported(unsigned int alg) {
- REQUIRE(dst_initialized);
-
if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL) {
return (false);
}
dst_context_t *dctx;
isc_result_t result;
- REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key));
REQUIRE(mctx != NULL);
REQUIRE(dctxp != NULL && *dctxp == NULL);
isc_result_t
dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
isc_buffer_t *secret) {
- REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(pub) && VALID_KEY(priv));
REQUIRE(secret != NULL);
dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
isc_result_t ret = ISC_R_SUCCESS;
- REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key));
REQUIRE((type &
(DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE)) != 0);
isc_buffer_t *buf) {
isc_result_t result;
- REQUIRE(dst_initialized);
REQUIRE(dns_name_isabsolute(name));
REQUIRE((type &
(DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE)) != 0);
isc_buffer_t buf;
dst_key_t *key;
- REQUIRE(dst_initialized);
REQUIRE(dns_name_isabsolute(name));
REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
REQUIRE(mctx != NULL);
int newfilenamelen = 0, statefilenamelen = 0;
isc_lex_t *lex = NULL;
- REQUIRE(dst_initialized);
REQUIRE(filename != NULL);
REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
REQUIRE(mctx != NULL);
isc_result_t
dst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
- REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key));
REQUIRE(target != NULL);
isc_region_t r;
isc_result_t result;
- REQUIRE(dst_initialized);
-
isc_buffer_remainingregion(source, &r);
if (isc_buffer_remaininglength(source) < 4) {
dst_key_t *key = NULL;
isc_result_t result;
- REQUIRE(dst_initialized);
-
result = frombuffer(name, alg, flags, protocol, rdclass, source, mctx,
false, &key);
if (result != ISC_R_SUCCESS) {
isc_result_t
dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
- REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key));
REQUIRE(target != NULL);
isc_lex_t *lex = NULL;
isc_result_t result = ISC_R_SUCCESS;
- REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key));
REQUIRE(!dst_key_isprivate(key));
REQUIRE(buffer != NULL);
dst_key_t *key;
isc_result_t result;
- REQUIRE(dst_initialized);
REQUIRE(dns_name_isabsolute(name));
REQUIRE(mctx != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
dst_key_t *key;
isc_result_t result;
- REQUIRE(dst_initialized);
REQUIRE(dns_name_isabsolute(name));
REQUIRE(mctx != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
dst_key_t *key;
isc_result_t ret;
- REQUIRE(dst_initialized);
REQUIRE(dns_name_isabsolute(name));
REQUIRE(mctx != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
comparekeys(const dst_key_t *key1, const dst_key_t *key2,
bool match_revoked_key,
bool (*compare)(const dst_key_t *key1, const dst_key_t *key2)) {
- REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key1));
REQUIRE(VALID_KEY(key2));
bool
dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
- REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key1));
REQUIRE(VALID_KEY(key2));
void
dst_key_attach(dst_key_t *source, dst_key_t **target) {
- REQUIRE(dst_initialized);
REQUIRE(target != NULL && *target == NULL);
REQUIRE(VALID_KEY(source));
void
dst_key_free(dst_key_t **keyp) {
- REQUIRE(dst_initialized);
REQUIRE(keyp != NULL && VALID_KEY(*keyp));
dst_key_t *key = *keyp;
*keyp = NULL;
isc_result_t
dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
- REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key));
REQUIRE(n != NULL);
isc_result_t result;
dst_key_t *key;
- REQUIRE(dst_initialized);
REQUIRE(keyp != NULL && *keyp == NULL);
if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL) {
static bool
issymmetric(const dst_key_t *key) {
- REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key));
switch (key->key_alg) {
static isc_result_t
algorithm_status(unsigned int alg) {
- REQUIRE(dst_initialized);
-
if (dst_algorithm_supported(alg)) {
return (ISC_R_SUCCESS);
}
* Initializers
*/
void
-dst__openssl_init(void);
-
-isc_result_t
dst__hmacmd5_init(struct dst_func **funcp);
-isc_result_t
+void
dst__hmacsha1_init(struct dst_func **funcp);
-isc_result_t
+void
dst__hmacsha224_init(struct dst_func **funcp);
-isc_result_t
+void
dst__hmacsha256_init(struct dst_func **funcp);
-isc_result_t
+void
dst__hmacsha384_init(struct dst_func **funcp);
-isc_result_t
+void
dst__hmacsha512_init(struct dst_func **funcp);
-isc_result_t
+void
dst__opensslrsa_init(struct dst_func **funcp, unsigned char algorithm);
-isc_result_t
+void
dst__opensslecdsa_init(struct dst_func **funcp);
-isc_result_t
+void
dst__openssleddsa_init(struct dst_func **funcp, unsigned char algorithm);
#if HAVE_GSSAPI
-isc_result_t
+void
dst__gssapi_init(struct dst_func **funcp);
#endif /* HAVE_GSSAPI*/
-/*%
- * Destructors
- */
-void
-dst__openssl_destroy(void);
-
-/*%
- * Memory allocators using the DST memory pool.
- */
-void *
-dst__mem_alloc(size_t size);
-void
-dst__mem_free(void *ptr);
-void *
-dst__mem_realloc(void *ptr, size_t size);
-
/*%
* Secure private file handling
*/
gssapi_restore,
};
-isc_result_t
+void
dst__gssapi_init(dst_func_t **funcp) {
REQUIRE(funcp != NULL);
+
if (*funcp == NULL) {
*funcp = &gssapi_functions;
}
- return (ISC_R_SUCCESS);
}
NULL, /*%< dump */ \
NULL, /*%< restore */ \
}; \
- isc_result_t dst__hmac##alg##_init(dst_func_t **funcp) { \
+ void dst__hmac##alg##_init(dst_func_t **funcp) { \
REQUIRE(funcp != NULL); \
if (*funcp == NULL) { \
isc_hmac_t *ctx = isc_hmac_new(); \
} \
isc_hmac_free(ctx); \
} \
- return (ISC_R_SUCCESS); \
}
static isc_result_t
/***
*** Functions
***/
-isc_result_t
-dst_lib_init(isc_mem_t *mctx);
-/*%<
- * Initializes the DST subsystem.
- *
- * Requires:
- * \li "mctx" is a valid memory context
- *
- * Returns:
- * \li ISC_R_SUCCESS
- * \li ISC_R_NOMEMORY
- *
- * Ensures:
- * \li DST is properly initialized.
- */
-
-void
-dst_lib_destroy(void);
-/*%<
- * Releases all resources allocated by DST.
- */
bool
dst_algorithm_supported(unsigned int alg);
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#include <isc/fips.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/mutexblock.h>
goto err; \
}
-static void
-enable_fips_mode(void) {
-#if defined(ENABLE_FIPS_MODE)
- if (isc_fips_mode()) {
- /*
- * FIPS mode is already enabled.
- */
- return;
- }
-
- if (isc_fips_set_mode(1) != ISC_R_SUCCESS) {
- dst__openssl_toresult2("FIPS_mode_set", DST_R_OPENSSLFAILURE);
- exit(EXIT_FAILURE);
- }
-#endif
-}
-
-void
-dst__openssl_init(void) {
- enable_fips_mode();
-}
-
-void
-dst__openssl_destroy(void) {
- /* No-op */
-}
-
static isc_result_t
toresult(isc_result_t fallback) {
isc_result_t result = fallback;
NULL, /*%< restore */
};
-isc_result_t
+void
dst__opensslecdsa_init(dst_func_t **funcp) {
REQUIRE(funcp != NULL);
+
if (*funcp == NULL) {
*funcp = &opensslecdsa_functions;
}
- return (ISC_R_SUCCESS);
}
return (ret);
}
-isc_result_t
+void
dst__openssleddsa_init(dst_func_t **funcp, unsigned char algorithm) {
REQUIRE(funcp != NULL);
*funcp = &openssleddsa_functions;
}
}
- return (ISC_R_SUCCESS);
}
isc_result_t ret = ISC_R_SUCCESS;
size_t len;
- if (evp_md_ctx == NULL) {
- DST_RET(ISC_R_NOMEMORY);
- }
-
switch (algorithm) {
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
DST_RET(ISC_R_NOTIMPLEMENTED);
}
- if (type == NULL) {
- DST_RET(ISC_R_NOTIMPLEMENTED);
- }
-
/*
* Construct pkey.
*/
c.e = BN_bin2bn(e_bytes, sizeof(e_bytes) - 1, NULL);
c.n = BN_bin2bn(n_bytes, sizeof(n_bytes) - 1, NULL);
- if (c.e == NULL || c.n == NULL) {
- DST_RET(ISC_R_NOMEMORY);
- }
ret = opensslrsa_build_pkey(false, &c, &pkey);
- if (ret != ISC_R_SUCCESS) {
- goto err;
- }
+ INSIST(ret == ISC_R_SUCCESS);
/*
* Check that we can verify the signature.
return (ret);
}
-isc_result_t
+void
dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) {
- isc_result_t result;
-
REQUIRE(funcp != NULL);
- result = check_algorithm(algorithm);
-
- if (result == ISC_R_SUCCESS) {
- if (*funcp == NULL) {
+ if (*funcp == NULL) {
+ if (check_algorithm(algorithm) == ISC_R_SUCCESS) {
*funcp = &opensslrsa_functions;
}
- } else if (result == ISC_R_NOTIMPLEMENTED) {
- result = ISC_R_SUCCESS;
}
-
- return (result);
}
#include <openssl/x509v3.h>
#include <isc/atomic.h>
+#include <isc/fips.h>
#include <isc/ht.h>
#include <isc/log.h>
#include <isc/magic.h>
#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
+static void
+enable_fips_mode(void) {
+#if defined(ENABLE_FIPS_MODE)
+ if (isc_fips_mode()) {
+ /*
+ * FIPS mode is already enabled.
+ */
+ return;
+ }
+
+ if (isc_fips_set_mode(1) != ISC_R_SUCCESS) {
+ dst__openssl_toresult2("FIPS_mode_set", DST_R_OPENSSLFAILURE);
+ exit(EXIT_FAILURE);
+ }
+#endif
+}
+
void
isc__tls_initialize(void) {
isc_mem_create(&isc__tls_mctx);
"cannot be initialized (see the `PRNG not "
"seeded' message in the OpenSSL FAQ)");
}
+
+ enable_fips_mode();
}
void
#include <tests/dns.h>
-static int
-setup_test(void **state) {
- UNUSED(state);
-
- dst_lib_init(mctx);
-
- return (0);
-}
-
-static int
-teardown_test(void **state) {
- UNUSED(state);
-
- dst_lib_destroy();
-
- return (0);
-}
-
/* Read sig in file at path to buf. Check signature ineffability */
static isc_result_t
sig_fromfile(const char *path, isc_buffer_t *buf) {
}
ISC_TEST_LIST_START
-ISC_TEST_ENTRY_CUSTOM(sig_test, setup_test, teardown_test)
-ISC_TEST_ENTRY_CUSTOM(cmp_test, setup_test, teardown_test)
+ISC_TEST_ENTRY(sig_test)
+ISC_TEST_ENTRY(cmp_test)
ISC_TEST_LIST_END
ISC_TEST_MAIN
static dns_rdatatype_t privatetype = 65534;
-static int
-setup_test(void **state) {
- isc_result_t result;
-
- UNUSED(state);
-
- result = dst_lib_init(mctx);
-
- if (result != ISC_R_SUCCESS) {
- return (1);
- }
-
- return (0);
-}
-
-static int
-teardown_test(void **state) {
- UNUSED(state);
-
- dst_lib_destroy();
-
- return (0);
-}
-
typedef struct {
unsigned char alg;
dns_keytag_t keyid;
}
ISC_TEST_LIST_START
-ISC_TEST_ENTRY_CUSTOM(private_signing_totext, setup_test, teardown_test)
-ISC_TEST_ENTRY_CUSTOM(private_nsec3_totext, setup_test, teardown_test)
+ISC_TEST_ENTRY(private_signing_totext)
+ISC_TEST_ENTRY(private_nsec3_totext)
ISC_TEST_LIST_END
ISC_TEST_MAIN
#include <tests/dns.h>
-static int
-setup_test(void **state) {
- isc_result_t result;
-
- UNUSED(state);
-
- result = dst_lib_init(mctx);
-
- if (result != ISC_R_SUCCESS) {
- return (1);
- }
-
- return (0);
-}
-
-static int
-teardown_test(void **state) {
- UNUSED(state);
-
- dst_lib_destroy();
-
- return (0);
-}
-
static unsigned char d[10] = { 0xa, 0x10, 0xbb, 0, 0xfe,
0x15, 0x1, 0x88, 0xcc, 0x7d };
}
ISC_TEST_LIST_START
-ISC_TEST_ENTRY_CUSTOM(isc_rsa_verify, setup_test, teardown_test)
+ISC_TEST_ENTRY(isc_rsa_verify)
ISC_TEST_LIST_END
ISC_TEST_MAIN
* */
} updatesigs_test_params_t;
-static int
-setup_test(void **state) {
- isc_result_t result;
-
- UNUSED(state);
-
- result = dst_lib_init(mctx);
-
- if (result != ISC_R_SUCCESS) {
- return (1);
- }
-
- return (0);
-}
-
-static int
-teardown_test(void **state) {
- UNUSED(state);
-
- dst_lib_destroy();
-
- return (0);
-}
-
/*%
* Check whether the 'found' tuple matches the 'expected' tuple. 'found' is
* the 'index'th tuple output by dns__zone_updatesigs() in test 'test'.
}
ISC_TEST_LIST_START
-ISC_TEST_ENTRY_CUSTOM(updatesigs_next, setup_test, teardown_test)
+ISC_TEST_ENTRY(updatesigs_next)
ISC_TEST_LIST_END
ISC_TEST_MAIN
static int debug = 0;
-static int
-setup_test(void **state) {
- isc_result_t result;
-
- UNUSED(state);
-
- result = dst_lib_init(mctx);
-
- if (result != ISC_R_SUCCESS) {
- return (1);
- }
-
- return (0);
-}
-
-static int
-teardown_test(void **state) {
- UNUSED(state);
-
- dst_lib_destroy();
-
- return (0);
-}
-
static isc_result_t
add_mac(dst_context_t *tsigctx, isc_buffer_t *buf) {
dns_rdata_any_tsig_t tsig;
}
ISC_TEST_LIST_START
-ISC_TEST_ENTRY_CUSTOM(tsig_tcp, setup_test, teardown_test)
-ISC_TEST_ENTRY_CUSTOM(tsig_badtime, setup_test, teardown_test)
+ISC_TEST_ENTRY(tsig_tcp)
+ISC_TEST_ENTRY(tsig_badtime)
ISC_TEST_ENTRY(algvalid)
ISC_TEST_LIST_END
projects / thirdparty / bind9.git / commitdiff
