diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f95866f7e1..404f4b3960 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,6 +4,7 @@ variables: DOCKER_DRIVER: overlay2 CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9 CCACHE_DIR: "/ccache" + SOFTHSM2_CONF: "/var/tmp/softhsm2/softhsm2.conf" stages: - precheck @@ -81,20 +82,6 @@ stages: - docker - i386 -.ubuntu-trusty-amd64: &ubuntu_trusty_amd64_image - image: "$CI_REGISTRY_IMAGE:ubuntu-trusty-amd64" - tags: - - linux - - docker - - amd64 - -.ubuntu-trusty-i386: &ubuntu_trusty_i386_image - image: "$CI_REGISTRY_IMAGE:ubuntu-trusty-i386" - tags: - - linux - - docker - - i386 - .ubuntu-xenial-amd64: &ubuntu_xenial_amd64_image image: "$CI_REGISTRY_IMAGE:ubuntu-xenial-amd64" tags: @@ -109,13 +96,27 @@ stages: - docker - i386 +.ubuntu-bionic-amd64: &ubuntu_bionic_amd64_image + image: "$CI_REGISTRY_IMAGE:ubuntu-bionic-amd64" + tags: + - linux + - docker + - amd64 + +.ubuntu-bionic-i386: &ubuntu_bionic_i386_image + image: "$CI_REGISTRY_IMAGE:ubuntu-bionic-i386" + tags: + - linux + - docker + - i386 + .build: &build_job stage: build before_script: - test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}" - - autoreconf -fi +# - ./autogen.sh script: - - ./configure --enable-developer --with-randomdev=/dev/urandom --with-libtool --disable-static --with-cmocka --with-libidn2 --prefix=$HOME/.local --without-make-clean ${EXTRA_CONFIGURE} || cat config.log + - ./configure --enable-developer --with-randomdev=/dev/urandom --with-libtool --disable-static --with-cmocka --prefix=$HOME/.local --without-make-clean ${EXTRA_CONFIGURE} || cat config.log - make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1 artifacts: paths: @@ -132,9 +133,11 @@ stages: .system_test: &system_test_job stage: test + retry: 2 before_script: - rm -rf .ccache - bash -x bin/tests/system/ifconfig.sh up + - bash -x util/prepare-softhsm2.sh script: - ( cd bin/tests && make -j${TEST_PARALLEL_JOBS:-1} -k test V=1 ) - test -s bin/tests/system/systests.output @@ -147,6 +150,7 @@ stages: stage: test before_script: - export KYUA_RESULT="$CI_PROJECT_DIR/kyua.results" + - bash -x util/prepare-softhsm2.sh script: - make unit after_script: @@ -159,7 +163,7 @@ stages: expire_in: '1 week' when: on_failure -precheck:debian:sid:amd64: +sid:amd64:precheck: <<: *debian_sid_amd64_image stage: precheck script: @@ -182,11 +186,16 @@ precheck:debian:sid:amd64: expire_in: '1 week' when: on_failure -docs:debian:sid:amd64: +🐞:sid:amd64:precheck: + <<: *debian_sid_amd64_image + stage: precheck + script: util/check-cocci + +docs:sid:amd64: <<: *debian_sid_amd64_image stage: test dependencies: - - build:debian:sid:amd64 + - sid:amd64:build script: - make -C doc/misc docbook - make -C doc/arm Bv9ARM.html @@ -195,7 +204,7 @@ docs:debian:sid:amd64: - doc/arm/ expire_in: '1 month' -push:docs: +docs:push: <<: *debian_sid_amd64_image stage: push dependencies: [] @@ -205,15 +214,15 @@ push:docs: - master@isc-projects/bind9 - /^v9_.*$/@isc-projects/bind9 -#build:debian:jessie:amd64: +#jessie:amd64:build: # <<: *debian_jessie_amd64_image # <<: *build_job # -#build:debian:jessie:i386: +#build:jessie:i386: # <<: *debian_jessie_i386_image # <<: *build_job # -#build:debian:stretch:amd64: +#build:stretch:amd64: # <<: *debian_stretch_amd64_image # <<: *build_job # @@ -221,117 +230,201 @@ push:docs: # <<: *debian_buster_i386_image # <<: *build_job # -#build:ubuntu:trusty:amd64: -# <<: *ubuntu_trusty_amd64_image +#build:ubuntu:bionic:amd64: +# <<: *ubuntu_bionic_amd64_image # <<: *build_job # #build:ubuntu:xenial:i386: # <<: *ubuntu_xenial_i386_image # <<: *build_job -build:centos:centos6:amd64: +centos6:amd64:build: variables: CC: gcc CFLAGS: "-Wall -Wextra -O2 -g" - EXTRA_CONFIGURE: "--disable-warn-error" + EXTRA_CONFIGURE: "--with-libidn2 --disable-warn-error" <<: *centos_centos6_amd64_image <<: *build_job -build:centos:centos7:amd64: +centos7:amd64:build: variables: CC: gcc - CFLAGS: "-Wall -Wextra -O2 -g -DDIG_SIGCHASE=1" + CFLAGS: "-Wall -Wextra -O2 -g" + EXTRA_CONFIGURE: "--with-libidn2" <<: *centos_centos7_amd64_image <<: *build_job -build:debian:sid:amd64: +clang:stretch:amd64:build: variables: - EXTRA_CONFIGURE: "--without-eddsa" + CC: clang + CFLAGS: "-Wall -Wextra -Wenum-conversion -O2 -g" + <<: *debian_stretch_amd64_image + <<: *build_job + +jessie:amd64:build: + variables: + CC: gcc + CFLAGS: "-Wall -Wextra -O2 -g" + EXTRA_CONFIGURE: --without-cmocka + <<: *debian_jessie_amd64_image + <<: *build_job + +stretch:amd64:build: + variables: + CC: gcc + CFLAGS: "-Wall -Wextra -O2 -g" + <<: *debian_stretch_amd64_image + <<: *build_job + +sid:amd64:build: + variables: + CC: gcc + CFLAGS: "-Wall -Wextra -O2 -g" + EXTRA_CONFIGURE: "--with-libidn2" <<: *debian_sid_amd64_image <<: *build_job -build:asan:debian:sid:amd64: +asan:sid:amd64:build: variables: CC: gcc CFLAGS: "-Wall -Wextra -O2 -g -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0" LDFLAGS: "-fsanitize=address,undefined" - EXTRA_CONFIGURE: "--with-libidn2 --with-dlopen=no" + EXTRA_CONFIGURE: "--with-libidn2" <<: *debian_sid_amd64_image <<: *build_job -build:debian:sid:i386: +clang:stretch:i386:build: variables: - EXTRA_CONFIGURE: "--without-eddsa" + CC: clang + CFLAGS: "-Wall -Wextra -Wenum-conversion -O2 -g" + <<: *debian_stretch_i386_image + <<: *build_job + +sid:i386:build: + variables: + CC: gcc + CFLAGS: "-Wall -Wextra -O2 -g" + EXTRA_CONFIGURE: "--with-libidn2" <<: *debian_sid_i386_image <<: *build_job -unittest:centos:centos6:amd64: +unit:centos6:amd64: <<: *centos_centos6_amd64_image <<: *unit_test_job dependencies: - - build:centos:centos6:amd64 + - centos6:amd64:build -unittest:centos:centos7:amd64: +unit:centos7:amd64: <<: *centos_centos7_amd64_image <<: *unit_test_job dependencies: - - build:centos:centos7:amd64 + - centos7:amd64:build -unittest:debian:sid:amd64: +unit:jessie:amd64: + <<: *debian_jessie_amd64_image + <<: *unit_test_job + dependencies: + - jessie:amd64:build + +unit:stretch:amd64: + <<: *debian_stretch_amd64_image + <<: *unit_test_job + dependencies: + - stretch:amd64:build + +unit:sid:amd64: <<: *debian_sid_amd64_image <<: *unit_test_job dependencies: - - build:debian:sid:amd64 + - sid:amd64:build -unittest:asan:debian:sid:amd64: +unit:asan:sid:amd64: <<: *debian_sid_amd64_image <<: *unit_test_job dependencies: - - build:asan:debian:sid:amd64 + - asan:sid:amd64:build -unittest:debian:sid:i386: +unit:clang:stretch:amd64: + <<: *debian_stretch_amd64_image + <<: *unit_test_job + dependencies: + - clang:stretch:amd64:build + +unit:sid:i386: <<: *debian_sid_i386_image <<: *unit_test_job dependencies: - - build:debian:sid:i386 + - sid:i386:build -systemtest:centos:centos6:amd64: +system:centos6:amd64: <<: *centos_centos6_amd64_image <<: *system_test_job dependencies: - - build:centos:centos6:amd64 + - centos6:amd64:build -systemtest:centos:centos7:amd64: +system:centos7:amd64: <<: *centos_centos7_amd64_image <<: *system_test_job dependencies: - - build:centos:centos7:amd64 + - centos7:amd64:build -systemtest:debian:sid:amd64: +system:jessie:amd64: + <<: *debian_jessie_amd64_image + <<: *system_test_job + dependencies: + - jessie:amd64:build + +system:stretch:amd64: + <<: *debian_stretch_amd64_image + <<: *system_test_job + dependencies: + - stretch:amd64:build + +system:sid:amd64: <<: *debian_sid_amd64_image <<: *system_test_job dependencies: - - build:debian:sid:amd64 + - sid:amd64:build -systemtest:asan:debian:sid:amd64: +system:asan:sid:amd64: <<: *debian_sid_amd64_image <<: *system_test_job dependencies: - - build:asan:debian:sid:amd64 + - asan:sid:amd64:build -systemtest:debian:sid:i386: +system:sid:i386: <<: *debian_sid_i386_image <<: *system_test_job dependencies: - - build:debian:sid:i386 + - sid:i386:build -install:debian:sid:amd64: +install:sid:amd64: <<: *debian_sid_amd64_image <<: *install_test_job dependencies: - - build:debian:sid:amd64 + - sid:amd64:build -noassert:build:debian:sid:amd64: +pkcs11:sid:amd64:build: + variables: + CC: gcc + CFLAGS: "-Wall -Wextra -O2 -g" + EXTRA_CONFIGURE: "--enable-native-pkcs11 --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so" + <<: *debian_sid_amd64_image + <<: *build_job + +pkcs11:unit:sid:amd64: + <<: *debian_sid_amd64_image + <<: *unit_test_job + dependencies: + - pkcs11:sid:amd64:build + +pkcs11:system:sid:amd64: + <<: *debian_sid_amd64_image + <<: *system_test_job + dependencies: + - pkcs11:sid:amd64:build + +noassert:sid:amd64:build: variables: CC: gcc CFLAGS: "-Wall -Wextra -O2 -g -DISC_CHECK_NONE=1" @@ -339,14 +432,53 @@ noassert:build:debian:sid:amd64: <<: *debian_sid_amd64_image <<: *build_job -noassert:unittest:debian:sid:amd64: +noassert:unit:sid:amd64: <<: *debian_sid_amd64_image <<: *unit_test_job dependencies: - - noassert:build:debian:sid:amd64 + - noassert:sid:amd64:build -noassert:systemtest:debian:sid:amd64: +noassert:system:sid:amd64: <<: *debian_sid_amd64_image <<: *system_test_job dependencies: - - noassert:build:debian:sid:amd64 + - noassert:sid:amd64:build + +xenial:amd64:build: + variables: + CC: gcc + CFLAGS: "-Wall -Wextra -O2 -g" + <<: *ubuntu_xenial_amd64_image + <<: *build_job + +unit:xenial:amd64: + <<: *ubuntu_xenial_amd64_image + <<: *unit_test_job + dependencies: + - xenial:amd64:build + +system:xenial:amd64: + <<: *ubuntu_xenial_amd64_image + <<: *system_test_job + dependencies: + - xenial:amd64:build + +bionic:amd64:build: + variables: + CC: gcc + CFLAGS: "-Wall -Wextra -O2 -g" + EXTRA_CONFIGURE: "--with-libidn2" + <<: *ubuntu_bionic_amd64_image + <<: *build_job + +unit:bionic:amd64: + <<: *ubuntu_bionic_amd64_image + <<: *unit_test_job + dependencies: + - bionic:amd64:build + +system:bionic:amd64: + <<: *ubuntu_bionic_amd64_image + <<: *system_test_job + dependencies: + - bionic:amd64:build diff --git a/bin/pkcs11/pkcs11-keygen.c b/bin/pkcs11/pkcs11-keygen.c index 560b4e99b9..9748df0f7b 100644 --- a/bin/pkcs11/pkcs11-keygen.c +++ b/bin/pkcs11/pkcs11-keygen.c @@ -43,7 +43,7 @@ * Create a key in the keystore of an HSM * * The calculation of key tag is left to the script - * that converts the key into a DNSKEY RR and inserts + * that converts the key into a DNSKEY RR and inserts * it into a zone file. * * usage: @@ -432,10 +432,10 @@ main(int argc, char *argv[]) { break; case key_ecx: -#ifndef CKM_EDDSA_KEY_PAIR_GEN +#if !defined(CKM_EDDSA_KEY_PAIR_GEN) fprintf(stderr, "CKM_EDDSA_KEY_PAIR_GEN is not defined\n"); usage(); -#endif +#else op_type = OP_EC; if (bits == 0) bits = 256; @@ -454,16 +454,27 @@ main(int argc, char *argv[]) { id_offset = ECC_ID; if (bits == 256) { +#if HAVE_PKCS11_ED25519 public_template[4].pValue = pk11_ecc_ed25519; public_template[4].ulValueLen = sizeof(pk11_ecc_ed25519); +#else + fprintf(stderr, "Ed25519 is not supported\n"); + usage(); +#endif } else { +#if HAVE_PKCS11_ED448 public_template[4].pValue = pk11_ecc_ed448; public_template[4].ulValueLen = sizeof(pk11_ecc_ed448); +#else + fprintf(stderr, "Ed449 is not supported\n"); + usage(); +#endif } break; +#endif /* !defined(CKM_EDDSA_KEY_PAIR_GEN) */ case key_dsa: op_type = OP_DSA; if (bits == 0) @@ -527,7 +538,7 @@ main(int argc, char *argv[]) { case key_unknown: usage(); } - + search_template[0].pValue = label; search_template[0].ulValueLen = strlen((char *)label); public_template[0].pValue = label; @@ -584,7 +595,7 @@ main(int argc, char *argv[]) { hSession = pctx.session; /* check if a key with the same id already exists */ - rv = pkcs_C_FindObjectsInit(hSession, search_template, 1); + rv = pkcs_C_FindObjectsInit(hSession, search_template, 1); if (rv != CKR_OK) { fprintf(stderr, "C_FindObjectsInit: Error = 0x%.8lX\n", rv); error = 1; @@ -714,13 +725,13 @@ main(int argc, char *argv[]) { public_template, public_attrcnt, private_template, private_attrcnt, &publickey, &privatekey); - + if (rv != CKR_OK) { fprintf(stderr, "C_GenerateKeyPair: Error = 0x%.8lX\n", rv); error = 1; } else if (!quiet) printf("Key pair generation complete.\n"); - + exit_params: /* Free parameter attributes */ if (keyclass == key_dsa || keyclass == key_dh) { diff --git a/cocci/.gitignore b/cocci/.gitignore new file mode 100644 index 0000000000..faacba5004 --- /dev/null +++ b/cocci/.gitignore @@ -0,0 +1 @@ +/*.patch diff --git a/cocci/unreachable.spatch b/cocci/unreachable.spatch new file mode 100644 index 0000000000..0cc368a516 --- /dev/null +++ b/cocci/unreachable.spatch @@ -0,0 +1,6 @@ +@@ +@@ + + INSIST(0); ++ ISC_UNREACHABLE(); + ... when != ISC_UNREACHABLE(); diff --git a/configure b/configure index 4a853ea3b9..e3143cdc7e 100755 --- a/configure +++ b/configure @@ -972,7 +972,6 @@ infodir docdir oldincludedir includedir -runstatedir localstatedir sharedstatedir sysconfdir @@ -1140,7 +1139,6 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' -runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1393,15 +1391,6 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; - -runstatedir | --runstatedir | --runstatedi | --runstated \ - | --runstate | --runstat | --runsta | --runst | --runs \ - | --run | --ru | --r) - ac_prev=runstatedir ;; - -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ - | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ - | --run=* | --ru=* | --r=*) - runstatedir=$ac_optarg ;; - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1539,7 +1528,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir runstatedir + libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1692,7 +1681,6 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -21049,7 +21037,11 @@ int main () { -atomic_int_fast32_t val = 0; atomic_fetch_add_explicit(&val, 1, memory_order_relaxed); + #if ATOMIC_INT_LOCK_FREE == 2 && ATOMIC_LONG_LOCK_FREE == 2 + atomic_int_fast32_t val = 0; atomic_fetch_add_explicit(&val, 1, memory_order_relaxed); + #else + #error stdatomic not lock free + #endif ; return 0; diff --git a/configure.ac b/configure.ac index 35c930b22e..cd5533314b 100644 --- a/configure.ac +++ b/configure.ac @@ -4022,7 +4022,11 @@ AC_TRY_COMPILE([ #include ], [ -atomic_int_fast32_t val = 0; atomic_fetch_add_explicit(&val, 1, memory_order_relaxed); + #if ATOMIC_INT_LOCK_FREE == 2 && ATOMIC_LONG_LOCK_FREE == 2 + atomic_int_fast32_t val = 0; atomic_fetch_add_explicit(&val, 1, memory_order_relaxed); + #else + #error stdatomic not lock free + #endif ], [AC_MSG_RESULT(yes) have_stdatomic=yes diff --git a/lib/isc/include/isc/refcount.h b/lib/isc/include/isc/refcount.h index c67399cf1c..f9d6ea0392 100644 --- a/lib/isc/include/isc/refcount.h +++ b/lib/isc/include/isc/refcount.h @@ -99,12 +99,17 @@ ISC_LANG_BEGINDECLS * Sample implementations */ #ifdef ISC_PLATFORM_USETHREADS -#if (defined(ISC_PLATFORM_HAVESTDATOMIC) && ATOMIC_INT_LOCK_FREE == 2) || \ - defined(ISC_PLATFORM_HAVEXADD) -#define ISC_REFCOUNT_HAVEATOMIC 1 -#if (defined(ISC_PLATFORM_HAVESTDATOMIC) && ATOMIC_INT_LOCK_FREE == 2) -#define ISC_REFCOUNT_HAVESTDATOMIC 1 -#endif + +#if defined(ISC_PLATFORM_HAVESTDATOMIC) +# define ISC_REFCOUNT_HAVEATOMIC 1 +# define ISC_REFCOUNT_HAVESTDATOMIC 1 +#else /* defined(ISC_PLATFORM_HAVESTDATOMIC) */ +# if defined(ISC_PLATFORM_HAVEXADD) +# define ISC_REFCOUNT_HAVEATOMIC 1 +# endif /* defined(ISC_PLATFORM_HAVEXADD */ +#endif /* !defined(ISC_REFCOUNT_HAVEATOMIC) */ + +#if defined(ISC_REFCOUNT_HAVEATOMIC) typedef struct isc_refcount { #if defined(ISC_REFCOUNT_HAVESTDATOMIC) @@ -153,7 +158,7 @@ typedef struct isc_refcount { *_tmp = prev - 1; \ } while (0) -#else /* ISC_REFCOUNT_HAVESTDATOMIC */ +#else /* defined(ISC_REFCOUNT_HAVESTDATOMIC) */ #define isc_refcount_current(rp) \ ((unsigned int)(isc_atomic_xadd(&(rp)->refs, 0))) @@ -188,9 +193,9 @@ typedef struct isc_refcount { *_tmp = prev - 1; \ } while (0) -#endif /* ISC_REFCOUNT_HAVESTDATOMIC */ +#endif /* defined(ISC_REFCOUNT_HAVESTDATOMIC) */ -#else /* ISC_PLATFORM_HAVEXADD */ +#else /* defined(ISC_REFCOUNT_HAVEATOMIC) */ typedef struct isc_refcount { int refs; @@ -257,7 +262,8 @@ typedef struct isc_refcount { ISC_ERROR_RUNTIMECHECK(_result == ISC_R_SUCCESS); \ } while (0) -#endif /* (defined(ISC_PLATFORM_HAVESTDATOMIC) && ATOMIC_INT_LOCK_FREE == 2) || defined(ISC_PLATFORM_HAVEXADD) */ +#endif /* defined(ISC_REFCOUNT_ATOMIC) */ + #else /* ISC_PLATFORM_USETHREADS */ typedef struct isc_refcount { diff --git a/lib/isc/include/isc/rwlock.h b/lib/isc/include/isc/rwlock.h index eb71018e2a..c7849cd682 100644 --- a/lib/isc/include/isc/rwlock.h +++ b/lib/isc/include/isc/rwlock.h @@ -39,13 +39,14 @@ typedef enum { } isc_rwlocktype_t; #ifdef ISC_PLATFORM_USETHREADS -#if (defined(ISC_PLATFORM_HAVESTDATOMIC) && ATOMIC_INT_LOCK_FREE == 2) || \ - (defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG)) -#define ISC_RWLOCK_USEATOMIC 1 -#if (defined(ISC_PLATFORM_HAVESTDATOMIC) && ATOMIC_INT_LOCK_FREE == 2) -#define ISC_RWLOCK_USESTDATOMIC 1 -#endif -#endif +# if defined(ISC_PLATFORM_HAVESTDATOMIC) +# define ISC_RWLOCK_USEATOMIC 1 +# define ISC_RWLOCK_USESTDATOMIC 1 +# else /* defined(ISC_PLATFORM_HAVESTDATOMIC) */ +# if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG) +# define ISC_RWLOCK_USEATOMIC 1 +# endif +# endif /* defined(ISC_PLATFORM_HAVESTDATOMIC) */ struct isc_rwlock { /* Unlocked. */ diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h index 7cb9687342..61ebb9190a 100644 --- a/lib/isc/include/isc/util.h +++ b/lib/isc/include/isc/util.h @@ -69,7 +69,7 @@ * Use this in translation units that would otherwise be empty, to * suppress compiler warnings. */ -#define EMPTY_TRANSLATION_UNIT static void isc__empty(void) { isc__empty(); } +#define EMPTY_TRANSLATION_UNIT extern int isc__empty; /*% * We use macros instead of calling the routines directly because diff --git a/lib/isc/include/pk11/constants.h b/lib/isc/include/pk11/constants.h index 0abbf7ee37..961ce8e606 100644 --- a/lib/isc/include/pk11/constants.h +++ b/lib/isc/include/pk11/constants.h @@ -19,19 +19,25 @@ * Static arrays of data used for key template initalization */ #ifdef WANT_ECC_CURVES +#if HAVE_PKCS11_ECDSA static CK_BYTE pk11_ecc_prime256v1[] = { 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }; static CK_BYTE pk11_ecc_secp384r1[] = { 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22 }; +#endif /* HAVE_PKCS11_ECDSA */ +#if HAVE_PKCS11_ED25519 static CK_BYTE pk11_ecc_ed25519[] = { 0x06, 0x03, 0x2b, 0x65, 0x70 }; +#endif /* HAVE_PKCS11_ED25519 */ +#if HAVE_PKCS11_ED448 static CK_BYTE pk11_ecc_ed448[] = { 0x06, 0x03, 0x2b, 0x65, 0x71 }; -#endif +#endif /* HAVE_PKCS11_ED448 */ +#endif /* WANT_ECC_CURVES */ #ifdef WANT_DH_PRIMES static CK_BYTE pk11_dh_bn2[] = { 2 }; diff --git a/lib/isc/stats.c b/lib/isc/stats.c index 51a83b6514..5b8c9580a1 100644 --- a/lib/isc/stats.c +++ b/lib/isc/stats.c @@ -39,18 +39,19 @@ #define ISC_STATS_VALID(x) ISC_MAGIC_VALID(x, ISC_STATS_MAGIC) /*% - * Local macro confirming prescence of 64-bit + * Local macro confirming presence of 64-bit * increment and store operations, just to make * the later macros simpler */ -#if (defined(ISC_PLATFORM_HAVESTDATOMIC) && ATOMIC_LONG_LOCK_FREE == 2) || \ - (defined(ISC_PLATFORM_HAVEXADDQ) && defined(ISC_PLATFORM_HAVEATOMICSTOREQ)) -#define ISC_STATS_HAVEATOMICQ 1 -#if (defined(ISC_PLATFORM_HAVESTDATOMIC) && ATOMIC_LONG_LOCK_FREE == 2) -#define ISC_STATS_HAVESTDATOMICQ 1 -#endif -#else -#define ISC_STATS_HAVEATOMICQ 0 +#if defined(ISC_PLATFORM_HAVESTDATOMIC) +# define ISC_STATS_HAVEATOMICQ 1 +# define ISC_STATS_HAVESTDATOMICQ 1 +#else /* defined(ISC_PLATFORM_HAVESTDATOMIC) */ +# if defined(ISC_PLATFORM_HAVEXADDQ) && defined(ISC_PLATFORM_HAVEATOMICSTOREQ) +# define ISC_STATS_HAVEATOMICQ 1 +# else +# define ISC_STATS_HAVEATOMICQ 0 +# endif #endif /*% @@ -76,16 +77,22 @@ * Otherwise, just rely on standard 64-bit data types * and operations */ -#if !ISC_STATS_HAVEATOMICQ && \ - ((defined(ISC_PLATFORM_HAVESTDATOMIC) && ATOMIC_INT_LOCK_FREE == 2) || \ - defined(ISC_PLATFORM_HAVEXADD)) -#define ISC_STATS_USEMULTIFIELDS 1 -#if (defined(ISC_PLATFORM_HAVESTDATOMIC) && ATOMIC_INT_LOCK_FREE == 2) -#define ISC_STATS_HAVESTDATOMIC 1 -#endif -#else +#if !ISC_STATS_HAVEATOMICQ + +# if defined(ISC_PLATFORM_HAVESTDATOMIC) +# define ISC_STATS_USEMULTIFIELDS 1 +# define ISC_STATS_HAVESTDATOMIC 1 +# else /* defined(ISC_PLATFORM_HAVESTDATOMIC) */ +# if ISC_PLATFORM_HAVEXADD +# define ISC_STATS_USEMULTIFIELDS 1 +# else +# define ISC_STATS_USEMULTIFIELDS 0 +# endif +# endif + +#else /* !ISC_STATS_HAVEATOMICQ */ #define ISC_STATS_USEMULTIFIELDS 0 -#endif +#endif /* !ISC_STATS_HAVEATOMICQ */ #if ISC_STATS_USEMULTIFIELDS typedef struct { diff --git a/lib/lwres/getipnode.c b/lib/lwres/getipnode.c index f0c0ae655f..1d7934f4b7 100644 --- a/lib/lwres/getipnode.c +++ b/lib/lwres/getipnode.c @@ -126,6 +126,7 @@ #include /* XXX #include */ #include "assert_p.h" +#include "unreachable_p.h" #ifndef INADDRSZ #define INADDRSZ 4 @@ -1023,6 +1024,7 @@ hostfromaddr(lwres_gnbaresponse_t *addr, int af, const void *src) { break; default: INSIST(0); + ISC_UNREACHABLE(); } /* @@ -1100,6 +1102,7 @@ hostfromname(lwres_gabnresponse_t *name, int af) { break; default: INSIST(0); + ISC_UNREACHABLE(); } /* diff --git a/lib/lwres/getnameinfo.c b/lib/lwres/getnameinfo.c index 9951f4cf7e..8a02a2a72a 100644 --- a/lib/lwres/getnameinfo.c +++ b/lib/lwres/getnameinfo.c @@ -117,6 +117,7 @@ #include "print_p.h" #include "assert_p.h" +#include "unreachable_p.h" #define SUCCESS 0 @@ -299,6 +300,7 @@ lwres_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, break; default: INSIST(0); + ISC_UNREACHABLE(); } n = lwres_context_create(&lwrctx, NULL, NULL, NULL, 0); diff --git a/lib/lwres/unreachable_p.h b/lib/lwres/unreachable_p.h new file mode 100644 index 0000000000..525fe6d3d7 --- /dev/null +++ b/lib/lwres/unreachable_p.h @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#pragma once + +#ifdef HAVE_BUILTIN_UNREACHABLE +#define ISC_UNREACHABLE() __builtin_unreachable(); +#else +#define ISC_UNREACHABLE() +#endif diff --git a/util/check-cocci b/util/check-cocci new file mode 100755 index 0000000000..61792bd12e --- /dev/null +++ b/util/check-cocci @@ -0,0 +1,15 @@ +#!/bin/sh + +ret=0 +for spatch in cocci/*.spatch; do + patch="$(dirname "$spatch")/$(basename "$spatch" .spatch).patch" + spatch --sp-file="$spatch" --use-gitgrep --dir . --very-quiet > "$patch"; + if [ "$(< "$patch" wc -l)" -gt "0" ]; then + cat "$patch" + ret=1 + else + rm "$patch" + fi +done + +exit $ret diff --git a/util/copyrights b/util/copyrights index cd13cc1fc4..5fe1cca045 100644 --- a/util/copyrights +++ b/util/copyrights @@ -2627,6 +2627,7 @@ ./bin/win32/BINDInstall/resource.h X 2001,2005,2009,2018 ./bind.keys X 2009,2010,2011,2017,2018 ./bind.keys.h X 2009,2010,2011,2012,2014,2017,2018 +./cocci/unreachable.spatch X 2018 ./config.guess X 1998,1999,2000,2001,2004,2009,2013,2018 ./config.h.in X 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018 ./config.h.win32 C 1999,2000,2001,2004,2006,2007,2008,2009,2011,2012,2013,2014,2015,2016,2017,2018 @@ -4319,6 +4320,7 @@ ./lib/lwres/unix/include/Makefile.in MAKE 2001,2004,2007,2012,2016,2018 ./lib/lwres/unix/include/lwres/Makefile.in MAKE 2001,2004,2007,2012,2016,2018 ./lib/lwres/unix/include/lwres/net.h C 2000,2001,2002,2004,2005,2007,2016,2018 +./lib/lwres/unreachable_p.h C 2018 ./lib/lwres/version.c C 2000,2001,2004,2005,2007,2016,2018 ./lib/lwres/win32/DLLMain.c C 2001,2004,2007,2016,2018 ./lib/lwres/win32/Makefile.in MAKE 2001,2004,2007,2012,2016,2018 @@ -4415,6 +4417,7 @@ ./util/branchsync.sh SH 2013,2016,2018 ./util/check-categories.sh SH 2015,2016,2017,2018 ./util/check-changes PERL 2002,2004,2007,2012,2016,2018 +./util/check-cocci X 2018 ./util/check-includes.pl PERL 2000,2001,2004,2007,2012,2016,2018 ./util/check-instincludes.sh SH 2000,2001,2004,2007,2012,2016,2018 ./util/check-pullups.pl PERL 2001,2002,2003,2004,2007,2012,2016,2018 @@ -4433,6 +4436,7 @@ ./util/nanny.pl PERL 2000,2001,2004,2007,2012,2016,2018 ./util/new-func PERL 2005,2007,2012,2016,2018 ./util/nt-kit SH 1999,2000,2001,2004,2007,2012,2016,2018 +./util/prepare-softhsm2.sh X 2018 ./util/spacewhack.pl PERL 2000,2001,2004,2007,2012,2016,2018 ./util/tabify-changes SH 2004,2007,2012,2016,2018 ./util/update-drafts.pl PERL 2000,2001,2004,2007,2012,2016,2018 diff --git a/util/prepare-softhsm2.sh b/util/prepare-softhsm2.sh new file mode 100644 index 0000000000..24c7f17c1a --- /dev/null +++ b/util/prepare-softhsm2.sh @@ -0,0 +1,10 @@ +#!/bin/sh +if [ -n "${SOFTHSM2_CONF}" ] && command -v softhsm2-util >/dev/null; then + SOFTHSM2_DIR=$(dirname "$SOFTHSM2_CONF") + mkdir -p "${SOFTHSM2_DIR}/tokens" + echo "directories.tokendir = ${SOFTHSM2_DIR}/tokens" > "${SOFTHSM2_CONF}" + echo "objectstore.backend = file" >> "${SOFTHSM2_CONF}" + echo "log.level = DEBUG" >> "${SOFTHSM2_CONF}" + softhsm2-util --init-token --free --pin 0000 --so-pin 0000 --label "softhsm2"; +fi +exit 0