upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

import ldns 1.8.3

Browse source
This commit is contained in:
Pierre Pronchery 2023-05-04 23:51:47 +02:00 committed by Ed Maste
parent c6342fe2e9
commit cf3e3d5bd0
668 changed files with 29931 additions and 30609 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

195
Changelog
View file

@ -1,3 +1,166 @@
1.8.3 2022-08-15
* bugfix #183: Assertion failure with OPT record without rdata.
This caused packet creation with only a DO bit (for DNSSEC OK)
to crash. Thanks Anand Buddhdev and others for reporting this
so quickly.
* Fix for syntax error in pyldns
1.8.2 2022-08-12
* bugfix #147: Allow for tabs in whitespace before quoted rdata
fields. Thanks Felipe Gasper
* bugfix #149: Add some missing [out] annotations to doxygen
parameters. Thanks aldot.
* Fix build error on Solaris 10 with inet_ntop redeclaration error.
* Fix -U flag with ldns-signzone. Thanks Ulrich and Jonathan
* Enable compile of SVCB and HTTPS support by default.
* bugfix #179: Free line memory even if zone file parsing fails
Thanks Claudius Zingerli
* bugfix #166: Grow buffer when writing chars and fixed size
strings when converting to presentation format, preventing
potential assersion errors.
* bugfix #46: Print network errors when secure tracing.
Thanks reedjc
* EDNS0 Option handling and conversion into presentation format.
* bugfix #145: ldns-verify-zone should not call occluded records
glue. Thanks Habbie
1.8.1 2021-12-03
* bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname
needs to larger. Thanks Leah Neukirchen & Felipe Gasper
* Undo PR#123 fix ldns.pc installation when building out-of-source
Thanks Axel Xu
1.8.0 2021-11-26
* bugfix #38: Print "line" before line number when printing
zone parse errors. Thanks Petr Špaček.
* bugfix: Revert unused variables in ldns-config removal patch.
* bugfix #50: heap Out-of-bound Read vulnerability in
rr_frm_str_internal reported by pokerfacett.
* bugfix #51: Heap Out-of-bound Read vulnerability in
ldns_nsec3_salt_data reported by pokerfacett.
* Fix memory leak in examples/ldns-testns handle_tcp routine.
* Detect fixed time memory compare for openssl 0.9.8.
* Fix compile warning by variable initialisation for older gcc.
* Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not
available on tvOS.
* Fix for #93: fix packaging/libldns.pc Makefile rule.
* ZONEMD support in ldns-signzone and ldns-verify-zone
* ldns-testns can answer several queries over one tcp connection,
if they arrive within 100msec of each other.
* Fix so that ldns-testns does not leak sockets if the read fails.
* SVCB and HTTPS draft rrtypes.
Enable with --enable-rrtype-svcb-https.
* bugfix #117: Assertion failure with DNSSEC validating of
non existence of RR types at the root. Thanks ZjYwMj
* Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA
record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl
* bugfix #119: Let example tools read longer RR's than
LDNS_MAX_LINELEN
* Add SVCPARAMS to python ldns_rdf_type2str function.
* PR #134 Miscellaneous spelling fixes. Thanks jsoref!
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return
the $INCLUDE not implemented error.
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line
number for an empty line after a comment.
* Fix #135: Fix compile with OpenSSL-3.0.0-beta2.
* PR #107: Added ldns_pkt2buffer_wire_compress() to make dname
compression optional when converting packets to wire format.
Thanks Eli Lindsey
* Option to ldns-keygen to create symlinks with known names
(i.e. without the key id) to the created files.
Thanks Andreas Schulze
* Fix #121: Correct handling of centimetres by LOC parser.
Thanks Felipe Gasper
* PR #126: Link with libldns.la in Makefile.in.
Thanks orbea
* PR #127: Added option -Q to drill to give short answer.
Thanks niknah
* PR #133: Update m4 files for python modules.
Thanks Petr Menšík
* Bufix CAA value fields may be empty: Thanks Robert Mortimer
* PR #108: Fix for ldns-compare-zones net detecting when first zone
has a RRset that shrinks from two to one RRs, or grows from one
to two RRs. Thanks Emilio Caballero
* Fix #131: Drill sig chasing breaks with gcc-11 and
strict-aliasing. Thanks Stanislav Levin
* Fix #130: Unless $TLL is defined, ttl defaults to the last
explicitly stated value. Thanks Benno
* Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc
* Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0
Thanks Daniel J. Luke
* Let ldns-signzone warn for high NSEC3 iteration counts.
Thanks Andreas Schulze
1.7.1 2019-07-26
* bugfix: Manage verification paths for OpenSSL >= 1.1.0
Thanks Marco Davids
* bugfix #4106: find the SDK on MacOS X <= 10.6
Thanks Bill Cole
* bugfix #4155: ldns-config contains never used variables
Thanks Petr Menšík
* bugfix #4221: drill -x crashes with malformed IPv4 address
Thanks Oleksandr Tymoshenko
* bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK
Thanks Tony Finch
* bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences
Thanks Bill Parker
* bugfix #1260: Anticipate strchr returning NULL on unfound char
Thanks Stephan Zeisberg
* bugfix #1257: Free after reallocing to 0 size (CVE-2017-1000232)
Thanks Stephan Zeisberg
* bugfix #1256: Check parse limit before t increment (CVE-2017-1000231)
Thanks Stephan Zeisberg
* bugfix #1245: Only one signature per RRset needs to be valid with
ldns-verify-zone. Thanks Emil Natan.
* ldns-notify can use all supported hash algorithms with -y.
* bugfix #1209: make install ldns.pc file
Thanks Oleksandr Natalenko
* bugfix #1218: Only chase DS if signer is parent of owner.
Thanks Emil Natan
* bugfix #617: Retry WKS service and protocol names lower case.
Thanks Siali Yan
* Spelling errors in binaries and man pages
Thanks Andreas Schulze
* removed duplicate condition in ldns_udp_send_query.
* ldns_wire2pkt: fix null pointer dereference if pkt allocation fails
and fix memory leak with more EDNS sections
Thanks Jan Vcelak
* bugfix #1399: ldns_pkt2wire() Python binding is broken.
Thanks James Raftery
* ED25519 and ED448 support. Default is to autodetect support in
OpenSSL. Disable with --disable-ed25519 and --disable-ed448.
* ldns-notify: can have IPv6 address as argument.
* Fix time sensitive TSIG compare vulnerability.
* Fix that ldns-testns ignores sigpipe.
* Fix that ldns-notify sets the query RR as question RR, this
removes the wrong TTL and 0 rdata from the packet printout.
* Allow -T flag to be used together with drill -x
* Python bindings compile with swig 4.0
Thanks Jitka Plesníková
* bugfix #4248: drill -DT fails for CNAME domain
Thanks Thom Wiggers
* bugfix #4214: Various fixes and leaks found by coverity.
Thanks Petr Menšík
* Feature #3394: An -I option to ldns-notify to specify a source
IP address to send to notify from. Thanks Geert Hendrickx
* Bugfix #279: New API functions ldns_udp_connect2,
ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2,
that return -1 on failure and allow socket number 0
to be returned too. Thanks Joerg Sonnenberger
* Bugfix #1447: More verbose reporting of chasing problems with
ldns-verify-zone. Thanks Stephane Guedon
* OpenSSL engine support with ldns-signzone.
See also https://penzin.net/ldns-signzone/
Many thanks Vadim Penzin.
* Various improvements found with shellcheck.
Thanks Jeffrey Walton
* PR #36 Update manpage of ldns-notify to mention algorithm
support with TSIG. Thanks Anand Buddhdev
* Compile warnings with signed char input to to_lower()
and is_digit() with NetBSD. Thanks Håvard Eidnes
* Missing Makefile.PL in DNS-LDNS perl module contribution.
Thanks Jaap Akkerhuis
1.7.0 2016-12-20
* Fix lookup of relative names in ldns_resolver_search.
* bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt
@ -98,7 +261,7 @@
Thanks William King
* Use OpenSSL DANE functions for verification (unless explicitly
disabled with --disable-dane-ta-usage).
* Bumb .so version
* Bump .so version
* Include OPENPGPKEY RR type by default
* rdata processing for SMIMEA RR type
* Fix crash in displaying TLSA RR's.
@ -168,7 +331,7 @@
* bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
* Adjust ldns_sha1() so that the input data is not modified (Thanks
Marc Buijsman)
* Messages to stderr are now off by default and can be reenabled with
* Messages to stderr are now off by default and can be re-enabled with
the --enable-stderr-msgs configure option.
1.6.16 2012-11-13
@ -197,7 +360,7 @@
in sync.
* Let ldns_pkt_push_rr now return false on (memory) errors.
* Make buffer_export comply to documentation and fix buffer2str
* Various improvements and fixes of pyldns from Katel Slany
* Various improvements and fixes of pyldns from Karel Slany
now documented in their own Changelog.
* bugfix: Make ldns_resolver_pop_nameserver clear the array when
there was only one.
@ -236,7 +399,7 @@
* bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
* bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free
* bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT
* bugfix #427: Explicitely link ssl with the programs that use it.
* bugfix #427: Explicitly link ssl with the programs that use it.
* Fix reading \DDD: Error on values that are outside range (>255).
* bugfix #429: fix doxyparse.pl fails on NetBSD because specified
path to perl.
@ -300,7 +463,7 @@
* Update of libdns.vim (thanks Miek Gieben)
* Added the ldnsx Python module to our contrib section, which adds even
more pythonisticism to the usage of ldns with Python. (Many thanks
to Christpher Olah and Paul Wouters)
to Christopher Olah and Paul Wouters)
The ldnsx module is automatically installed when --with-pyldns is
used with configuring, but may explicitly be excluded with the
--without-pyldnsx option to configure.
@ -328,7 +491,7 @@
* bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at
build time and when used.
* bugfix #383: Fix detection of empty nonterminals of multiple labels.
* Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded
* Fixed the omission of rrsets in nsec(3)s and rrsigs to all occluded
names (in stead of just the ones that contain glue only) and all
occluded records on the delegation points (in stead of just the glue).
* Clarify the operation of ldns_dnssec_mark_glue and the usage of
@ -511,7 +674,7 @@
* --enable-gost : use the GOST algorithm (experimental).
* Added some missing options to drill manpage
* Some fixes to --without-ssl option
* Fixed quote parsing withing strings
* Fixed quote parsing within strings
* Bitmask fix in EDNS handling
* Fixed non-fqdn domain name completion for rdata field domain
names of length 1
@ -618,7 +781,7 @@
from Shane Kerr, bug id 188)
* zone.c memory leaks on error and allocation checks fixed (patch
from Shane Kerr, bug id 189)
* ldns-zplit output and error messages fixed (patch from Shane Kerr,
* ldns-zsplit output and error messages fixed (patch from Shane Kerr,
bug id 190)
* Fixed potential buffer overflow in ldns_str2rdf_dname
* Signing code no longer signs delegation NS rrsets
@ -647,7 +810,7 @@
* DLV RR type added
* TCP fallback system has been improved
* HMAC-SHA256 TSIG support has been added.
* TTLS are now correcly set in NSEC(3) records when signing zones
* TTLS are now correctly set in NSEC(3) records when signing zones
EXAMPLE TOOLS:
* New example: ldns-revoke to revoke DNSKEYs according to RFC5011
@ -722,7 +885,7 @@
28 Nov 2007 1.2.2:
* Added support for HMAC-MD5 keys in generator
* Added a new example tool (written by Ondrej Sury): ldns-compare-zones
* ldns-keygen now checks key sizes for rfc conformancy
* ldns-keygen now checks key sizes for rfc conformance
* ldns-signzone outputs SSL error if present
* Fixed manpages (thanks to Ondrej Sury)
* Fixed Makefile for -j <x>
@ -800,7 +963,7 @@
* -r was killed in favor of -o <header bit mnemonic> which
allows for a header bits setting (and maybe more in the
future)
* DNSSEC is never automaticaly set, even when you query
* DNSSEC is never automatically set, even when you query
for DNSKEY/RRSIG or DS.
* Implement a crude RTT check, it now distinguishes between
reachable and unreachable.
@ -812,7 +975,7 @@
* ldns-dpa was added to the examples - this is the Dns Packet
Analyzer tool.
* ldnsd - as very, very simple nameserver impl.
* ldns-zsplit - split zones for parrallel signing
* ldns-zsplit - split zones for parallel signing
* ldns-zcat - cat split zones back together
* ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong,
non-DNSSEC) anti-spoofing techniques.
@ -831,7 +994,7 @@
API:
Changed:
* renamed ldns/dns.h to ldns/ldns.h
* ldns_rr_new_frm_str() is extented with an extra variable which
* ldns_rr_new_frm_str() is extended with an extra variable which
in common use may be NULL. This trickles through to:
o ldns_rr_new_frm_fp
o ldns_rr_new_frm_fp_l
@ -872,7 +1035,7 @@
* char *_when was removed from the ldns_pkt structure
18 Oct 2005: 1.0.0: ldns-team
* Commited a patch from Håkan Olsson
* Committed a patch from Håkan Olsson
* Added UPDATE support (Jakob Schlyter and Håkan Olsson)
* License change: ldns is now BSD licensed
* ldns now depends on SSL
@ -905,7 +1068,7 @@
13 Jun 2005: 0.65: ldns-team
* Repository is online at:
http://www.nlnetlabs.nl/ldns/svn/
* Apply reference copying throuhgout ldns, except in 2
* Apply reference copying throughout ldns, except in 2
places in the ldns_resolver structure (._domain and
._nameservers)
* Usual array of bugfixes
@ -914,7 +1077,7 @@
23 May 2005: 0.60: ldns-team
* Removed config.h from the header installed files
(you're not supposed to include that in a libary)
(you're not supposed to include that in a library)
* Further tweaking
- DNSSEC signing/verification works
- Assorted bug fixes and tweaks (memory management)

650
Makefile.in
View file

File diff suppressed because it is too large Load diff

5
README
View file

@ -51,11 +51,11 @@ ldns is developed by the ldns team at NLnet Labs. This team currently
consists of:
o Willem Toorop
o Wouter Wijngaards
o Matthijs Mekking
Former main developers:
o Jelte Jansen
o Miek Gieben
o Matthijs Mekking
* Credits
We have received patches from the following people, thanks!
@ -70,6 +70,7 @@ We have received patches from the following people, thanks!
o Havard Eidnes
o Leo Baltus
o Dag-Erling Smørgrav
o Felipe Gasper
INFORMATION FOR SPECIFIC OPERATING SYSTEMS
@ -96,7 +97,7 @@ contrib/build-solaris.sh
KNOWN ISSUES
A complete list of currently known open issues can be found here:
http://www.nlnetlabs.nl/projects/ldns/bugs
https://github.com/NLnetLabs/ldns/issues
* pyldns
Compiling pyldns produces many ``unused parameter'' warnings. Those are

274
README-Travis.md Normal file
View file

@ -0,0 +1,274 @@
# Travis Testing
LDNS 1.7.1 and above leverage Travis CI to increase coverage of compilers and platforms. Compilers include Clang and GCC; while platforms include Android, iOS, Linux, and OS X on AMD64, Aarch64, PowerPC and s390x hardware.
Android is tested on armv7a, aarch64, x86 and x86_64. The Android recipes build and install OpenSSL, and then builds LDNS. The testing is tailored for Android NDK-r19 and above, and includes NDK-r20 and NDK-r21. Mips and Mips64 are not tested because they are no longer supported under current NDKs.
iOS is tested for iPhoneOS, WatchOS, AppleTVOS, iPhoneSimulator, AppleTVSimulator and WatchSimulator. The testing uses Xcode 10 on OS X 10.13.
The LDNS Travis configuration file `.travis.yml` does not use top-level keys like `os:` and `compiler:` so there is no matrix expansion. Instead LDNS specifies the exact job to run under the `jobs:` and `include:` keys.
## Typical recipe
A typical recipe tests Clang and GCC on various hardware. The hardware includes AMD64, Aarch64, PowerPC and s390x. PowerPC is a little-endian platform, and s390x is a big-endian platform. There are pairs of recipes that are similar to the following.
```
- os: linux
name: GCC on Linux, Aarch64
compiler: gcc
arch: arm64
dist: bionic
- os: linux
name: Clang on Linux, Aarch64
compiler: clang
arch: arm64
dist: bionic
```
OS X provides a single recipe to test Clang. GCC is not tested because GCC is an alias for Clang.
## Sanitizer builds
Two sanitizer builds are tested using Clang and GCC, for a total of four builds. The first sanitizer is Undefined Behavior sanitizer (UBsan), and the second is Address sanitizer (Asan). The sanitizers are only run on AMD64 hardware. Note the environment includes `UBSAN=yes` or `ASAN=yes` for the sanitizer builds.
The recipes are similar to the following.
```
- os: linux
name: UBsan, GCC on Linux, Amd64
compiler: gcc
arch: amd64
dist: bionic
env: UBSAN=yes
- os: linux
name: UBsan, Clang on Linux, Amd64
compiler: clang
arch: amd64
dist: bionic
env: UBSAN=yes
```
When the Travis script encounters a sanitizer it uses different `CFLAGS` and configuration string.
```
if [ "$UBSAN" = "yes" ]; then
export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover"
bash test/test_ci.sh
elif [ "$ASAN" = "yes" ]; then
export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address"
bash test/test_ci.sh
...
```
## Android builds
Travis tests Android builds for the armv7a, aarch64, x86 and x86_64 architectures. The builds are trickier than other builds for several reasons. The testing requires installation of the Android NDK and SDK, it requires a cross-compile, and requires OpenSSL prerequisites. The Android cross-compiles also require care to set the Autotools triplet, the OpenSSL triplet, the toolchain path, the tool variables, and the sysroot. The discussion below detail the steps of the Android recipes.
### Android job
The first step sets environmental variables for the cross-compile using the Travis job. A typical job with variables is shown below.
```
- os: linux
name: Android armv7a, Linux, Amd64
compiler: clang
arch: amd64
dist: bionic
env:
- ANDROID=yes
- AUTOTOOLS_HOST=armv7a-linux-androideabi
- OPENSSL_HOST=android-arm
- ANDROID_CPU=armv7a
- ANDROID_API=23
- ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU"
- ANDROID_SDK_ROOT="$HOME/android-sdk"
- ANDROID_NDK_ROOT="$HOME/android-ndk"
```
### ANDROID_NDK_ROOT
The second step for Android is to set the environmental variables `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT`. This is an important step because the NDK and SDK use the variables internally to locate their own tools. Also see [Recommended NDK Directory?](https://groups.google.com/forum/#!topic/android-ndk/qZjhOaynHXc) on the android-ndk mailing list. (Many folks miss this step, or use incorrect variables like `ANDROID_NDK_HOME` or `ANDROID_SDK_HOME`).
If you are working from a developer machine you probably already have the necessary tools installed. You should ensure `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT` are set properly.
### Tool installation
The second step installs tools needed for OpenSSL, Expat and LDNS. This step is handled in by the script `contrib/android/install_tools.sh`. The tools include curl, tar, zip, unzip and java.
```
before_script:
- |
if [ "$ANDROID" = "yes" ]; then
./contrib/android/install_tools.sh
elif [ "$IOS" = "yes" ]; then
./contrib/ios/install_tools.sh
fi
```
### NDK installation
The third step installs the NDK and SDK. This step is handled in by the script `contrib/android/install_ndk.sh`. The script uses `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT` to place the NDK and SDK in the `$HOME` directory.
If you are working from a developer machine you probably already have a NDK and SDK installed.
### Android environment
The fourth step sets the Android cross-compile environment using the script `contrib/android/setenv_android.sh`. The script is `sourced` so the variables in the script are available to the calling shell. The script sets variables like `CC`, `CXX`, `AS` and `AR`; sets `CFLAGS` and `CXXFLAGS`; sets a `sysroot` so Android headers and libraries are found; and adds the path to the toolchain to `PATH`.
`contrib/android/setenv_android.sh` knows which toolchain and architecture to select by inspecting environmental variables set by Travis for the job. In particular, the variables `ANDROID_CPU` and `ANDROID_API` tell `contrib/android/setenv_android.sh` which tools and libraries to select.
The `contrib/android/setenv_android.sh` script specifies the tools in a `case` statement like the following. There is a case for each of the architectures armv7a, aarch64, x86 and x86_64.
```
armv8a|aarch64|arm64|arm64-v8a)
CC="aarch64-linux-android$ANDROID_API-clang"
CXX="aarch64-linux-android$ANDROID_API-clang++"
LD="aarch64-linux-android-ld"
AS="aarch64-linux-android-as"
AR="aarch64-linux-android-ar"
RANLIB="aarch64-linux-android-ranlib"
STRIP="aarch64-linux-android-strip"
CFLAGS="-funwind-tables -fexceptions"
CXXFLAGS="-funwind-tables -fexceptions -frtti"
```
### OpenSSL
The fifth step builds OpenSSL. OpenSSL is built for iOS using the scripts `contrib/android/install_openssl.sh`. The script downloads, configures and installs the latest release version of the OpenSSL libraries. OpenSSL is configured with `--prefix="$ANDROID_PREFIX"` so the headers are placed in `$ANDROID_PREFIX/include` directory, and the libraries are placed in the `$ANDROID_PREFIX/lib` directory.
`ANDROID_PREFIX` is the value `$HOME/android$ANDROID_API-$ANDROID_CPU`. The libraries will be installed in `$HOME/android23-armv7a`, `$HOME/android23-aarch64`, etc. For Autotools projects, the appropriate `PKG_CONFIG_PATH` is exported.
`PKG_CONFIG_PATH` is an important variable. It is the userland equivalent to sysroot, and allows Autotools to find non-system headers and libraries for an architecture. Typical `PKG_CONFIG_PATH` are `$HOME/android23-armv7a/lib/pkgconfig` and `$HOME/android23-aarch64/lib/pkgconfig`.
OpenSSL also uses a custom configuration file called `15-android.conf`. It is a copy of the OpenSSL's project file and located at `contrib/android/15-android.conf`. The LDNS version is copied to the OpenSSL source files after unpacking the OpenSSL distribution. The LDNS version has legacy NDK support removed and some other fixes, like `ANDROID_NDK_ROOT` awareness. The changes mean LDNS's `15-android.conf` will only work with LDNS, with NDK-r19 and above, and a properly set environment.
OpenSSL is configured with `no-engine`. If you want to include OpenSSL engines then edit `contrib/android/install_openssl.sh` and remove the config option.
### Android build
Finally, once OpenSSL are built, then the Travis script configures and builds LDNS. The recipe looks as follows.
```
elif [ "$ANDROID" = "yes" ]; then
export AUTOTOOLS_BUILD="$(./config.guess)"
export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig"
./contrib/android/install_ndk.sh
source ./contrib/android/setenv_android.sh
./contrib/android/install_openssl.sh
./contrib/android/bootstrap_ldns.sh
./configure \
--build="$AUTOTOOLS_BUILD" \
--host="$AUTOTOOLS_HOST" \
--prefix="$ANDROID_PREFIX" \
--with-ssl="$ANDROID_PREFIX" \
--disable-gost \
--with-drill --with-examples
make -j 2
make install
```
Travis only smoke tests an Android build using a compile, link and install. The self tests are not run. TODO: figure out how to fire up an emulator, push the tests to the device and run them.
### Android flags
`contrib/android/setenv_android.sh` uses specific flags for `CFLAGS` and `CXXFLAGS`. They are taken from `ndk-build`, so we consider them the official flag set. It is important to use the same flags across projects to avoid subtle problems due to mixing and matching different flags.
`CXXFLAGS` includes `-fexceptions` and `-frtti` because exceptions and runtime type info are disabled by default. `CFLAGS` include `-funwind-tables` and `-fexceptions` to ensure C++ exceptions pass through C code, if needed. Also see `docs/CPLUSPLUS-SUPPORT.html` in the NDK docs.
To inspect the flags used by `ndk-build` for a platform clone ASOP's [ndk-samples](https://github.com/android/ndk-samples/tree/master/hello-jni) and build the `hello-jni` project. Use the `V=1` flag to see the full compiler output from `ndk-build`.
## iOS builds
Travis tests iOS builds for the armv7a, armv7s and aarch64 architectures for iPhoneOS, AppleTVOS and WatchOS. iPhoneOS is tested using both 32-bit builds (iPhones) and 64-bit builds (iPads). Travis also tests compiles against the simulators. The builds are trickier than other builds for several reasons. The testing requires a cross-compile, and requires OpenSSL prerequisites. The iOS cross-compiles also require care to set the Autotools triplet, the OpenSSL triplet, the toolchain path, the tool variables, and the sysroot. The discussion below detail the steps of the iOS recipes.
### iOS job
The first step sets environmental variables for the cross-compile using the Travis job. A typical job with variables is shown below.
```
- os: osx
osx_image: xcode10
name: Apple iPhone on iOS, armv7
compiler: clang
env:
- IOS=yes
- AUTOTOOLS_HOST=armv7-apple-ios
- OPENSSL_HOST=ios-cross
- IOS_SDK=iPhoneOS
- IOS_CPU=armv7s
- IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
```
### Tool installation
The second step installs tools needed for OpenSSL, Expat and LDNS. This step is handled in by the script `contrib/ios/install_tools.sh`. The tools include autotools, curl and perl. The installation happens at the `before_script:` stage of Travis.
```
before_script:
- |
if [ "$ANDROID" = "yes" ]; then
./contrib/android/install_tools.sh
elif [ "$IOS" = "yes" ]; then
./contrib/ios/install_tools.sh
fi
```
### iOS environment
The third step sets the iOS cross-compile environment using the script `contrib/ios/setenv_ios.sh`. The script is `sourced` so the variables in the script are available to the calling shell. The script sets variables like `CC`, `CXX`, `AS` and `AR`; sets `CFLAGS` and `CXXFLAGS`; sets a `sysroot` so iOS headers and libraries are found; and adds the path to the toolchain to `PATH`.
`contrib/ios/setenv_ios.sh` knows which toolchain and architecture to select by inspecting environmental variables set by Travis for the job. In particular, the variables `IOS_SDK` and `IOS_CPU` tell `contrib/ios/setenv_ios.sh` which tools and libraries to select.
The `contrib/ios/setenv_ios.sh` script specifies the tools to use during the cross-compile. For Apple SDKs, the tool names are the same as a desktop. There are no special prefixes for the mobile tools.
```
CPP=cpp
CC=clang
CXX=clang++
LD=ld
AS=as
AR=ar
RANLIB=ranlib
STRIP=strip
```
If you are working from a developer machine you probably already have the necessary tools installed.
### OpenSSL
The fourth step builds OpenSSL. OpenSSL is built for iOS using the scripts `contrib/ios/install_openssl.sh`. The script downloads, configures and installs the latest release version of the OpenSSL libraries. OpenSSL is configured with `--prefix="$IOS_PREFIX"` so the headers are placed in `$IOS_PREFIX/include` directory, and the libraries are placed in the `$IOS_PREFIX/lib` directory.
`IOS_PREFIX` is the value `$HOME/$IOS_SDK-$IOS_CPU`. The scheme handles both iOS SDKs and cpu architectures so the pair receives a unique installation directory. The libraries will be installed in `$HOME/iPhoneOS-armv7s`, `$HOME/iPhoneOS-arm64`, `$HOME/iPhoneSimulator-i386`, etc. For Autotools projects, the appropriate `PKG_CONFIG_PATH` is exported.
`PKG_CONFIG_PATH` is an important variable. It is the userland equivalent to sysroot, and allows Autotools to find non-system headers and libraries for an architecture. Typical `PKG_CONFIG_PATH` are `$HOME/iPhoneOS-armv7s/lib/pkgconfig` and `$HOME/iPhoneOS-arm64/lib/pkgconfig`.
OpenSSL also uses a custom configuration file called `15-ios.conf`. It is a copy of the OpenSSL's project file and located at `contrib/ios/15-ios.conf`. The LDNS version is copied to the OpenSSL source files after unpacking the OpenSSL distribution. The changes mean LDNS's `15-ios.conf` will only work with LDNS and a properly set environment.
OpenSSL is configured with `no-engine`. Engines require dynamic loading so engines are disabled permanently in `15-ios.conf`.
### iOS build
Finally, once OpenSSL are built, then the Travis script configures and builds LDNS. The full recipe looks as follows.
```
elif [ "$IOS" = "yes" ]; then
export AUTOTOOLS_BUILD="$(./config.guess)"
export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig"
source ./contrib/ios/setenv_ios.sh
./contrib/ios/install_openssl.sh
./contrib/ios/bootstrap_ldns.sh
./configure \
--build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \
--prefix="$IOS_PREFIX" \
--with-ssl="$IOS_PREFIX" --disable-gost \
--with-drill --with-examples
make -j 2
make install
```
Travis only smoke tests an iOS build using a compile, link and install. The self tests are not run. TODO: figure out how to fire up an simulator, push the tests to the device and run them.
### iOS flags
`contrib/ios/setenv_ios.sh` uses specific flags for `CFLAGS` and `CXXFLAGS`. They are taken from Xcode, so we consider them the official flag set. It is important to use the same flags across projects to avoid subtle problems due to mixing and matching different flags.

4
aclocal.m4 vendored
View file

@ -1,6 +1,6 @@
# generated automatically by aclocal 1.15 -*- Autoconf -*-
# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

126
acx_nlnetlabs.m4
View file

@ -2,7 +2,15 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 34
# Version 41
# 2021-07-30 fix for openssl use of lib64 directory.
# 2021-06-14 fix nonblocking test to use host instead of target for mingw test.
# 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for
# 64bit compatibility.
# 2021-03-24 fix ACX_FUNC_DEPRECATED to use CPPFLAGS and CFLAGS.
# 2021-01-05 fix defun for aclocal
# 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE
# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0).
# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0.
# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0).
# 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20
@ -446,15 +454,12 @@ AC_DEFUN([ACX_CHECK_FORMAT_ATTRIBUTE],
AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute)
AC_CACHE_VAL(ac_cv_c_format_attribute,
[ac_cv_c_format_attribute=no
AC_TRY_COMPILE(
[#include <stdio.h>
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
void f (char *format, ...) __attribute__ ((format (printf, 1, 2)));
void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2)));
], [
]], [[
f ("%s", "str");
],
[ac_cv_c_format_attribute="yes"],
[ac_cv_c_format_attribute="no"])
]])],[ac_cv_c_format_attribute="yes"],[ac_cv_c_format_attribute="no"])
])
AC_MSG_RESULT($ac_cv_c_format_attribute)
@ -483,14 +488,11 @@ AC_DEFUN([ACX_CHECK_UNUSED_ATTRIBUTE],
AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute)
AC_CACHE_VAL(ac_cv_c_unused_attribute,
[ac_cv_c_unused_attribute=no
AC_TRY_COMPILE(
[#include <stdio.h>
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
void f (char *u __attribute__((unused)));
], [
]], [[
f ("x");
],
[ac_cv_c_unused_attribute="yes"],
[ac_cv_c_unused_attribute="no"])
]])],[ac_cv_c_unused_attribute="yes"],[ac_cv_c_unused_attribute="no"])
])
dnl Setup ATTR_UNUSED config.h parts.
@ -547,7 +549,7 @@ dnl as a requirement so that is gets called before LIBTOOL
dnl because libtools 'AC_REQUIRE' names are right after this one, before
dnl this function contents.
AC_REQUIRE([ACX_LIBTOOL_C_PRE])
AC_PROG_LIBTOOL
LT_INIT
])
dnl Detect if u_char type is defined, otherwise define it.
@ -668,35 +670,41 @@ AC_DEFUN([ACX_SSL_CHECKS], [
HAVE_SSL=yes
dnl assume /usr is already in the lib and dynlib paths.
if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
LDFLAGS="$LDFLAGS -L$ssldir/lib"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
ACX_RUNTIME_PATH_ADD([$ssldir/lib])
if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
LDFLAGS="$LDFLAGS -L$ssldir/lib64"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64"
ACX_RUNTIME_PATH_ADD([$ssldir/lib64])
else
LDFLAGS="$LDFLAGS -L$ssldir/lib"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
ACX_RUNTIME_PATH_ADD([$ssldir/lib])
fi
fi
AC_MSG_CHECKING([for HMAC_Update in -lcrypto])
AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
LIBS="$LIBS -lcrypto"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
AC_TRY_LINK(, [
int HMAC_Update(void);
(void)HMAC_Update();
], [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
], [
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
],[
AC_MSG_RESULT(no)
# check if -lwsock32 or -lgdi32 are needed.
BAKLIBS="$LIBS"
BAKSSLLIBS="$LIBSSL_LIBS"
LIBS="$LIBS -lgdi32"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
LIBS="$LIBS -lgdi32 -lws2_32"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@ -705,12 +713,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBS="$LIBS -ldl"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
AC_MSG_CHECKING([if -lcrypto needs -ldl])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@ -719,12 +727,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBS="$LIBS -ldl -pthread"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
int EVP_sha256(void);
(void)EVP_sha256();
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@ -749,8 +757,7 @@ dnl Checks main header files of SSL.
dnl
AC_DEFUN([ACX_WITH_SSL],
[
AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
[enable SSL (will check /usr/local/ssl
AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
/usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
@ -768,8 +775,7 @@ dnl Checks main header files of SSL.
dnl
AC_DEFUN([ACX_WITH_SSL_OPTIONAL],
[
AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
[enable SSL (will check /usr/local/ssl
AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
/usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
@ -839,7 +845,11 @@ dnl see if on windows
if test "$ac_cv_header_windows_h" = "yes"; then
AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
USE_WINSOCK="1"
LIBS="$LIBS -lws2_32"
if echo $LIBS | grep 'lws2_32' >/dev/null; then
:
else
LIBS="$LIBS -lws2_32"
fi
fi
],
dnl no quick getaddrinfo, try mingw32 and winsock2 library.
@ -889,7 +899,7 @@ AC_CACHE_VAL(cv_cc_deprecated_$cache,
[
echo '$3' >conftest.c
echo 'void f(){ $2 }' >>conftest.c
if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then
if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then
eval "cv_cc_deprecated_$cache=no"
else
eval "cv_cc_deprecated_$cache=yes"
@ -915,7 +925,7 @@ dnl a nonblocking socket do not work, a new call to select is necessary.
AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN],
[
AC_MSG_CHECKING([if nonblocking sockets work])
if echo $target | grep mingw32 >/dev/null; then
if echo $host | grep mingw >/dev/null; then
AC_MSG_RESULT([no (windows)])
AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).])
else
@ -1057,7 +1067,7 @@ dnl defines MKDIR_HAS_ONE_ARG
AC_DEFUN([ACX_MKDIR_ONE_ARG],
[
AC_MSG_CHECKING([whether mkdir has one arg])
AC_TRY_COMPILE([
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <stdio.h>
#include <unistd.h>
#ifdef HAVE_WINSOCK2_H
@ -1066,14 +1076,12 @@ AC_TRY_COMPILE([
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
], [
]], [[
(void)mkdir("directory");
],
AC_MSG_RESULT(yes)
]])],[AC_MSG_RESULT(yes)
AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.])
,
AC_MSG_RESULT(no)
)
],[AC_MSG_RESULT(no)
])
])dnl end of ACX_MKDIR_ONE_ARG
dnl Check for ioctlsocket function. works on mingw32 too.

14
ax_pkg_swig.m4
View file

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_pkg_swig.html
# https://www.gnu.org/software/autoconf-archive/ax_pkg_swig.html
# ===========================================================================
#
# SYNOPSIS
@ -32,9 +32,9 @@
# LICENSE
#
# Copyright (c) 2008 Sebastian Huber <sebastian-huber@web.de>
# Copyright (c) 2008 Alan W. Irwin <irwin@beluga.phys.uvic.ca>
# Copyright (c) 2008 Alan W. Irwin
# Copyright (c) 2008 Rafael Laboissiere <rafael@laboissiere.net>
# Copyright (c) 2008 Andrew Collier <colliera@ukzn.ac.za>
# Copyright (c) 2008 Andrew Collier
# Copyright (c) 2011 Murray Cumming <murrayc@openismus.com>
#
# This program is free software; you can redistribute it and/or modify it
@ -48,7 +48,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -63,11 +63,11 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 8
#serial 13
AC_DEFUN([AX_PKG_SWIG],[
# Ubuntu has swig 2.0 as /usr/bin/swig2.0
AC_PATH_PROGS([SWIG],[swig2.0 swig])
# Find path to the "swig" executable.
AC_PATH_PROGS([SWIG],[swig swig3.0 swig2.0])
if test -z "$SWIG" ; then
m4_ifval([$3],[$3],[:])
elif test -n "$1" ; then

39
ax_python_devel.m4
View file

@ -1,5 +1,5 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_python_devel.html
# https://www.gnu.org/software/autoconf-archive/ax_python_devel.html
# ===========================================================================
#
# SYNOPSIS
@ -12,8 +12,8 @@
# in your configure.ac.
#
# This macro checks for Python and tries to get the include path to
# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LDFLAGS)
# output variables. It also exports $(PYTHON_EXTRA_LIBS) and
# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LIBS) output
# variables. It also exports $(PYTHON_EXTRA_LIBS) and
# $(PYTHON_EXTRA_LDFLAGS) for embedding Python in your code.
#
# You can search for some particular version of Python by passing a
@ -52,7 +52,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@ -67,7 +67,7 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 16
#serial 21
AU_ALIAS([AC_PYTHON_DEVEL], [AX_PYTHON_DEVEL])
AC_DEFUN([AX_PYTHON_DEVEL],[
@ -99,7 +99,7 @@ AC_DEFUN([AX_PYTHON_DEVEL],[
This version of the AC@&t@_PYTHON_DEVEL macro
doesn't work properly with versions of Python before
2.1.0. You may need to re-run configure, setting the
variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
variables PYTHON_CPPFLAGS, PYTHON_LIBS, PYTHON_SITE_PKG,
PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
to something else than an empty string.
@ -137,7 +137,7 @@ variable to configure. See ``configure --help'' for reference.
#
AC_MSG_CHECKING([for the distutils Python package])
ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
if test -z "$ac_distutils_result"; then
if test $? -eq 0; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
@ -172,7 +172,7 @@ $ac_distutils_result])
# Check for Python library path
#
AC_MSG_CHECKING([for Python library path])
if test -z "$PYTHON_LDFLAGS"; then
if test -z "$PYTHON_LIBS"; then
# (makes two attempts to ensure we've got a version number
# from the interpreter)
ac_python_version=`cat<<EOD | $PYTHON -
@ -227,25 +227,25 @@ EOD`
then
# use the official shared library
ac_python_library=`echo "$ac_python_library" | sed "s/^lib//"`
PYTHON_LDFLAGS="-L$ac_python_libdir -l$ac_python_library"
PYTHON_LIBS="-L$ac_python_libdir -l$ac_python_library"
else
# old way: use libpython from python_configdir
ac_python_libdir=`$PYTHON -c \
"from distutils.sysconfig import get_python_lib as f; \
import os; \
print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"`
PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version"
PYTHON_LIBS="-L$ac_python_libdir -lpython$ac_python_version"
fi
if test -z "PYTHON_LDFLAGS"; then
if test -z "PYTHON_LIBS"; then
AC_MSG_ERROR([
Cannot determine location of your Python DSO. Please check it was installed with
dynamic libraries enabled, or try setting PYTHON_LDFLAGS by hand.
dynamic libraries enabled, or try setting PYTHON_LIBS by hand.
])
fi
fi
AC_MSG_RESULT([$PYTHON_LDFLAGS])
AC_SUBST([PYTHON_LDFLAGS])
AC_MSG_RESULT([$PYTHON_LIBS])
AC_SUBST([PYTHON_LIBS])
#
# Check for site packages
@ -265,7 +265,7 @@ EOD`
if test -z "$PYTHON_EXTRA_LIBS"; then
PYTHON_EXTRA_LIBS=`$PYTHON -c "import distutils.sysconfig; \
conf = distutils.sysconfig.get_config_var; \
print (conf('LIBS'))"`
print (conf('LIBS') + ' ' + conf('SYSLIBS'))"`
fi
AC_MSG_RESULT([$PYTHON_EXTRA_LIBS])
AC_SUBST(PYTHON_EXTRA_LIBS)
@ -288,8 +288,10 @@ EOD`
AC_MSG_CHECKING([consistency of all components of python development environment])
# save current global flags
ac_save_LIBS="$LIBS"
ac_save_LDFLAGS="$LDFLAGS"
ac_save_CPPFLAGS="$CPPFLAGS"
LIBS="$ac_save_LIBS $PYTHON_LDFLAGS $PYTHON_EXTRA_LDFLAGS $PYTHON_EXTRA_LIBS"
LIBS="$ac_save_LIBS $PYTHON_LIBS $PYTHON_EXTRA_LIBS $PYTHON_EXTRA_LIBS"
LDFLAGS="$ac_save_LDFLAGS $PYTHON_EXTRA_LDFLAGS"
CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
AC_LANG_PUSH([C])
AC_LINK_IFELSE([
@ -300,6 +302,7 @@ EOD`
# turn back to default flags
CPPFLAGS="$ac_save_CPPFLAGS"
LIBS="$ac_save_LIBS"
LDFLAGS="$ac_save_LDFLAGS"
AC_MSG_RESULT([$pythonexists])
@ -307,8 +310,8 @@ EOD`
AC_MSG_FAILURE([
Could not link test program to Python. Maybe the main Python library has been
installed in some non-standard library path. If so, pass it to configure,
via the LDFLAGS environment variable.
Example: ./configure LDFLAGS="-L/usr/non-standard-path/python/lib"
via the LIBS environment variable.
Example: ./configure LIBS="-L/usr/non-standard-path/python/lib"
============================================================================
ERROR!
You probably have to install the development version of the Python package

2
buffer.c
View file

@ -63,6 +63,7 @@ ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity)
ldns_buffer_invariant(buffer);
assert(buffer->_position <= capacity);
assert(!buffer->_fixed);
data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity);
if (!data) {
@ -79,7 +80,6 @@ bool
ldns_buffer_reserve(ldns_buffer *buffer, size_t amount)
{
ldns_buffer_invariant(buffer);
assert(!buffer->_fixed);
if (buffer->_capacity < buffer->_position + amount) {
size_t new_capacity = buffer->_capacity * 3 / 2;

1646
config.guess vendored
View file

File diff suppressed because it is too large Load diff

2973
config.sub vendored
View file

File diff suppressed because it is too large Load diff

9630
configure vendored
View file

File diff suppressed because it is too large Load diff

256
configure.ac
View file

@ -5,8 +5,8 @@ sinclude(acx_nlnetlabs.m4)
# must be numbers. ac_defun because of later processing.
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[7])
m4_define([VERSION_MICRO],[0])
m4_define([VERSION_MINOR],[8])
m4_define([VERSION_MICRO],[3])
AC_INIT(ldns, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), libdns@nlnetlabs.nl, libdns)
AC_CONFIG_SRCDIR([packet.c])
# needed to build correct soname
@ -26,9 +26,15 @@ AC_SUBST(LDNS_VERSION_MICRO, [VERSION_MICRO])
# set age to 0
#
# ldns-1.6.17 and before had a .so with version same as VERSION_INFO
# ldns-1.7.0 will have libversion 2:0:0
# ldns-1.7.0 had libversion 2:0:0
# ldns-1.7.1 had libversion 3:0:0 (though it should have had 3:0:1)
# ldns-1.8.0 had libversion 4:0:2 (though it should have had 4:0:1)
# ldns-1.8.1 had libversion 5:0:2
# ldns-1.8.1 had libversion 6:0:3
# ldns-1.8.2 had libversion 7:0:4
# ldns-1.8.3 has libversion 8:0:5
#
AC_SUBST(VERSION_INFO, [2:0:0])
AC_SUBST(VERSION_INFO, [8:0:5])
AC_AIX
if test "$ac_cv_header_minix_config_h" = "yes"; then
@ -49,7 +55,7 @@ AC_PROG_MAKE_SET
# Extra (sp)lint flags for NetBSD
AC_CANONICAL_HOST
case "$host_os" in
netbsd*) LINTFLAGS="'-D__RENAME(x)=' -D_NETINET_IN_H_ $LINTFLAGS"
netbsd*) LINTFLAGS="'-D__RENAME(x)=' -D_NETINET_IN_H_ $LINTFLAGS"
;;
*) LINTFLAGS="$LINTFLAGS"
;;
@ -95,6 +101,7 @@ ACX_CHECK_COMPILER_FLAG(Wstrict-prototypes, [CFLAGS="-Wstrict-prototypes $CFLAGS
#ACX_CHECK_COMPILER_FLAG(Wshadow, [CFLAGS="-Wshadow $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(Wunused-function, [CFLAGS="-Wunused-function $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(Wmissing-prototypes, [CFLAGS="-Wmissing-prototypes $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(fno-strict-aliasing, [CFLAGS="-fno-strict-aliasing $CFLAGS"])
AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT])
@ -102,6 +109,9 @@ AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([winsock2.h ws2tcpip.h],,, [AC_INCLUDES_DEFAULT])
# end mingw32 tests
# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH
AC_CHECK_HEADERS([TargetConditionals.h])
ACX_DETERMINE_EXT_FLAGS_UNBOUND
AC_C_INLINE
@ -118,12 +128,32 @@ AC_CHECK_TYPE(uint64_t, unsigned long long)
AC_CHECK_PROG(doxygen, doxygen, doxygen)
# check to see if libraries are needed for these functions.
AC_SEARCH_LIBS([socket], [socket])
AC_SEARCH_LIBS([inet_pton], [nsl])
AC_CHECK_FUNC([socket],
[],
[AC_SEARCH_LIBS([socket], [socket])
])
# modern Linux provides inet_ntop in -lsocket.
# modern OS X provides inet_ntop in -lc.
# modern Solaris provides inet_ntop in -lsocket -lnsl.
# older Solaris provides inet_ntop in -lresolv.
AC_CHECK_FUNC([inet_ntop],
[],
[AC_SEARCH_LIBS([inet_ntop], [socket c nsl resolv], [ac_cv_func_inet_ntop=yes])
])
# modern Linux provides inet_pton in -lsocket.
# modern OS X provides inet_pton in -lc.
# modern Solaris provides inet_pton in -lsocket -lnsl.
# older Solaris provides inet_pton in -lresolv.
AC_CHECK_FUNC([inet_pton],
[],
[AC_SEARCH_LIBS([inet_pton], [socket c nsl resolv], [ac_cv_func_inet_pton=yes])
])
AC_ARG_WITH(drill, AC_HELP_STRING([--with-drill],
[Also build drill.]),
AC_ARG_WITH(drill, AC_HELP_STRING([--with-drill],
[Also build drill.]),
[],[with_drill="no"])
if test x_$with_drill != x_no ; then
AC_SUBST(DRILL,[drill])
@ -135,7 +165,7 @@ if test x_$with_drill != x_no ; then
AC_MSG_ERROR([
A config.h was detected in the drill subdirectory.
This does not work with the --with-drill option.
Please remove the config.h from the drill subdirectory
Please remove the config.h from the drill subdirectory
or do not use the --with-drill option.])
fi
else
@ -147,8 +177,8 @@ else
fi
AC_ARG_WITH(examples, AC_HELP_STRING([--with-examples],
[Also build examples.]),
AC_ARG_WITH(examples, AC_HELP_STRING([--with-examples],
[Also build examples.]),
[],[with_examples="no"])
if test x_$with_examples != x_no ; then
AC_SUBST(EXAMPLES,[examples])
@ -160,7 +190,7 @@ if test x_$with_examples != x_no ; then
AC_MSG_ERROR([
A config.h was detected in the examples subdirectory.
This does not work with the --with-examples option.
Please remove the config.h from the examples subdirectory
Please remove the config.h from the examples subdirectory
or do not use the --with-examples option.])
fi
else
@ -191,7 +221,7 @@ AC_ARG_ENABLE(stderr-msgs, AC_HELP_STRING([--enable-stderr-msgs], [Enable printi
case "$enable_stderr_msgs" in
no) dnl default
;;
*)
*)
AC_DEFINE_UNQUOTED([STDERR_MSGS], [1], [Define this to enable messages to stderr.])
;;
esac
@ -207,8 +237,8 @@ AX_CONFIG_FEATURE(
PYTHON_X_CFLAGS=""
ldns_with_pyldns=no
ldns_with_pyldnsx=no
AC_ARG_WITH(pyldns, AC_HELP_STRING([--with-pyldns],
[generate python library, or --without-pyldns to disable Python support.]),
AC_ARG_WITH(pyldns, AC_HELP_STRING([--with-pyldns],
[generate python library, or --without-pyldns to disable Python support.]),
[],[ withval="no" ])
ldns_have_python=no
if test x_$withval != x_no; then
@ -263,8 +293,8 @@ fi
AC_SUBST(PYTHON_X_CFLAGS)
# Check for pyldnsx
AC_ARG_WITH(pyldnsx, AC_HELP_STRING([--without-pyldnsx],
[Do not install the ldnsx python module, or --with-pyldnsx to install it.]),
AC_ARG_WITH(pyldnsx, AC_HELP_STRING([--without-pyldnsx],
[Do not install the ldnsx python module, or --with-pyldnsx to install it.]),
[],[ withval="with_pyldns" ])
if test x_$withval != x_no; then
if test x_$ldns_with_pyldns != x_no; then
@ -294,8 +324,8 @@ fi
# check for perl
ldns_with_p5_dns_ldns=no
AC_ARG_WITH(p5-dns-ldns, AC_HELP_STRING([--with-p5-dns-ldns],
[generate DNS::LDNS perl bindings]),
AC_ARG_WITH(p5-dns-ldns, AC_HELP_STRING([--with-p5-dns-ldns],
[generate DNS::LDNS perl bindings]),
[],[ withval="no" ])
ldns_have_perl=no
if test x_$withval != x_no; then
@ -331,7 +361,29 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/
else
AC_MSG_RESULT([no])
fi
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key])
AC_CHECK_HEADERS([openssl/ssl.h openssl/evp.h openssl/engine.h openssl/conf.h])
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key EVP_cleanup ENGINE_cleanup ENGINE_free CRYPTO_cleanup_all_ex_data ERR_free_strings CONF_modules_unload OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings CRYPTO_memcmp EVP_PKEY_get_base_id])
AC_CHECK_DECLS([EVP_PKEY_base_id], [
AC_DEFINE_UNQUOTED([HAVE_EVP_PKEY_BASE_ID], [1], [Define to 1 if you have the EVP_PKEY_base_id function or macro.])
], [], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
AC_MSG_CHECKING([Checking for OpenSSL >= 3.0.0])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <openssl/ssl.h>
#if OPENSSL_VERSION_MAJOR >= 3
#define SOMETHING
#else
This fails compiling.
So either no OpenSSL at all (the include already failed), or the version < 3.0.0
#endif
], [
])], [
AC_MSG_RESULT(yes)
CFLAGS="-DOPENSSL_API_COMPAT=10100 $CFLAGS"
], [ AC_MSG_RESULT(no)
])
# for macosx, see if glibtool exists and use that
# BSD's need to know the version...
@ -354,21 +406,33 @@ case "$enable_sha2" in
;;
esac
# check wether gost also works
# check whether gost also works
AC_DEFUN([AC_CHECK_GOST_WORKS],
[AC_REQUIRE([AC_PROG_CC])
AC_MSG_CHECKING([if GOST works])
if test c${cross_compiling} = cno; then
BAKCFLAGS="$CFLAGS"
if test -n "$ssldir"; then
if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib64"
else
CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib"
fi
fi
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <string.h>
#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
#ifdef HAVE_OPENSSL_EVP_H
#include <openssl/evp.h>
#endif
#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
#endif
#ifdef HAVE_OPENSSL_CONF_H
#include <openssl/conf.h>
#endif
/* routine to load gost (from sldns) */
int load_gost_id(void)
{
@ -413,7 +477,7 @@ int load_gost_id(void)
EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
return gost_id;
}
int main(void) {
int main(void) {
EVP_MD_CTX* ctx;
const EVP_MD* md;
unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */
@ -463,7 +527,7 @@ case "$enable_gost" in
AC_CHECK_FUNC(EVP_PKEY_set_type_str, [],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support or rerun with --disable-gost])])
AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([No ECC functions found in OpenSSL: please upgrade OpenSSL or rerun with --disable-gost])])
AC_CHECK_GOST_WORKS
AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even whithout a GOST engine installed]))
AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even without a GOST engine installed]))
if test "$ac_cv_c_gost_works" != "no" -o "$enable_gost_anyway" = "yes"; then
if test "$ac_cv_c_gost_works" = "no"; then
AC_MSG_RESULT([no, but compiling with GOST support anyway])
@ -502,43 +566,50 @@ esac
AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support]))
case "$enable_dsa" in
no)
AC_SUBST(ldns_build_config_use_dsa, 0)
;;
*) dnl default
# detect if DSA is supported, and turn it off if not.
AC_CHECK_FUNC(DSA_SIG_new, [
AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
AC_SUBST(ldns_build_config_use_dsa, 1)
], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.])
fi ])
fi
AC_SUBST(ldns_build_config_use_dsa, 0)])
;;
esac
AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--enable-ed25519], [Enable ED25519 support (experimental)]))
AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable (experimental) ED25519 support. Default is detect]))
case "$enable_ed25519" in
yes)
if test "x$HAVE_SSL" != "xyes"; then
AC_MSG_ERROR([ED25519 enabled, but no SSL support])
fi
AC_CHECK_DECLS([NID_X25519], [], [AC_MSG_ERROR([OpenSSL does not support the EDDSA curve: please upgrade OpenSSL or rerun with --disable-ed25519])], [AC_INCLUDES_DEFAULT
no)
AC_SUBST(ldns_build_config_use_ed25519, 0)
;;
*) dnl default
AC_CHECK_DECLS([NID_ED25519], [
AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
AC_SUBST(ldns_build_config_use_ed25519, 1)
], [if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.])
fi
AC_SUBST(ldns_build_config_use_ed25519, 0)], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
;;
*|no) dnl default
;;
esac
AC_ARG_ENABLE(ed448, AC_HELP_STRING([--enable-ed448], [Enable ED448 support (experimental)]))
AC_ARG_ENABLE(ed448, AC_HELP_STRING([--disable-ed448], [Disable (experimental) ED448 support. Default is detect]))
case "$enable_ed448" in
yes)
if test "x$HAVE_SSL" != "xyes"; then
AC_MSG_ERROR([ED448 enabled, but no SSL support])
fi
AC_CHECK_DECLS([NID_X448], [], [AC_MSG_ERROR([OpenSSL does not support the EDDSA curve: please upgrade OpenSSL or rerun with --disable-ed448])], [AC_INCLUDES_DEFAULT
no)
AC_SUBST(ldns_build_config_use_ed448, 0)
;;
*) dnl default
AC_CHECK_DECLS([NID_ED448], [
AC_DEFINE_UNQUOTED([USE_ED448], [1], [Define this to enable ED448 support.])
AC_SUBST(ldns_build_config_use_ed448, 1)
], [if test "x$enable_ed448" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED448 and you used --enable-ed448.])
fi
AC_SUBST(ldns_build_config_use_ed448, 0)], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
AC_DEFINE_UNQUOTED([USE_ED448], [1], [Define this to enable ED448 support.])
;;
*|no) dnl default
;;
esac
@ -587,9 +658,11 @@ case "$enable_dane" in
AC_SUBST(ldns_build_config_use_dane_ta_usage, 0)
;;
*) dnl default
LIBS="-lssl $LIBS"
danetmpLIBS="$LIBS"
LIBS="-lssl -lcrypto $LIBS"
AC_CHECK_FUNC(SSL_get0_dane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage])])
LIBSSL_LIBS="$LIBSSL_LIBS -lssl"
LIBSSL_LIBS="-lssl $LIBSSL_LIBS"
LIBS="$danetmpLIBS"
AC_SUBST(ldns_build_config_use_dane_ta_usage, 1)
AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.])
;;
@ -638,12 +711,43 @@ case "$enable_rrtype_avc" in
no|*)
;;
esac
AC_ARG_ENABLE(rrtype-doa, AC_HELP_STRING([--enable-rrtype-doa], [Enable draft RR type DOA.]))
case "$enable_rrtype_doa" in
yes)
AC_DEFINE_UNQUOTED([RRTYPE_DOA], [], [Define this to enable RR type DOA.])
;;
no|*)
;;
esac
AC_ARG_ENABLE(rrtype-amtrelay, AC_HELP_STRING([--enable-rrtype-amtrelay], [Enable draft RR type AMTRELAY.]))
case "$enable_rrtype_amtrelay" in
yes)
AC_DEFINE_UNQUOTED([RRTYPE_AMTRELAY], [], [Define this to enable RR type AMTRELAY.])
;;
no|*)
;;
esac
AC_ARG_ENABLE(rrtype-svcb-https, AC_HELP_STRING([--disable-rrtype-svcb-https], [Disable RR types SVCB and HTTPS.]))
case "$enable_rrtype_svcb_https" in
no)
;;
yes|*)
AC_DEFINE_UNQUOTED([RRTYPE_SVCB_HTTPS], [], [Define this to enable RR types SVCB and HTTPS.])
;;
esac
AC_SUBST(LIBSSL_CPPFLAGS)
AC_SUBST(LIBSSL_LDFLAGS)
AC_SUBST(LIBSSL_LIBS)
if test "x$HAVE_SSL" = "xyes"; then
AC_SUBST(LIBSSL_SSL_LIBS, ["-lssl $LIBSSL_LIBS"])
if echo "$LIBSSL_LIBS" | grep -- "-lssl" >/dev/null 2>&1; then
LIBSSL_SSL_LIBS="$LIBSSL_LIBS"
else
LIBSSL_SSL_LIBS="-lssl $LIBSSL_LIBS"
fi
AC_SUBST(LIBSSL_SSL_LIBS, "$LIBSSL_SSL_LIBS")
fi
CPPFLAGS=$tmp_CPPFLAGS
LDFLAGS=$tmp_LDFLAGS
@ -755,7 +859,7 @@ AC_CHECK_LIB(pcap, pcap_open_offline, [
]
)
AC_CHECK_HEADERS([netinet/in_systm.h net/if.h netinet/ip.h netinet/udp.h netinet/igmp.h netinet/if_ether.h netinet/ip6.h net/ethernet.h netinet/ip_compat.h],,, [
AC_INCLUDES_DEFAULT
AC_INCLUDES_DEFAULT
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
@ -796,8 +900,9 @@ AC_CHECK_TYPE(in_port_t, [], [AC_DEFINE([in_port_t], [uint16_t], [in_port_t])],
#endif])
ACX_CHECK_SS_FAMILY
AC_FUNC_MALLOC
AC_FUNC_REALLOC
# AC_FUNC_MALLOC suffers false failures and causes Asan failures.
# AC_FUNC_MALLOC
# AC_FUNC_REALLOC
AC_REPLACE_FUNCS(b64_pton)
AC_REPLACE_FUNCS(b64_ntop)
@ -815,6 +920,16 @@ AC_REPLACE_FUNCS(snprintf)
AC_REPLACE_FUNCS(strlcpy)
AC_REPLACE_FUNCS(memmove)
AC_FUNC_FORK
AC_MSG_CHECKING([compile of fork])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <unistd.h>
], [
(void)fork();
])], [
AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_FORK_AVAILABLE], 1, [if fork is available for compile])
], [ AC_MSG_RESULT(no)
])
AC_CHECK_FUNCS([endprotoent endservent sleep random fcntl strtoul bzero memset b32_ntop b32_pton])
if test "x$HAVE_B32_NTOP" = "xyes"; then
AC_SUBST(ldns_build_config_have_b32_ntop, 1)
@ -841,16 +956,31 @@ ACX_FUNC_IOCTLSOCKET
ACX_CHECK_FORMAT_ATTRIBUTE
ACX_CHECK_UNUSED_ATTRIBUTE
# check OSX deployment target, if needed
if echo $build_os | grep darwin > /dev/null; then
sdk_p=`xcode-select -print-path`;
sdk_v="$( /usr/bin/xcrun --show-sdk-version )";
case $sdk_v in
10.9|10.8) sdk_c="10.7";;
10.11|10.10|*) sdk_c="10.10";;
esac
export MACOSX_DEPLOYMENT_TARGET="${sdk_c}";
export CFLAGS="$CFLAGS -mmacosx-version-min=${sdk_c} -isysroot ${sdk_p}/Platforms/MacOSX.platform/Developer/SDKs/MacOSX${sdk_v}.sdk";
AC_ARG_WITH(xcode-sdk, AC_HELP_STRING([--with-xcode-sdk],
[Set xcode SDK version. Default is autodetect]),
[],[with_xcode_sdk="yes"])
if test "x_$with_xcode_sdk" != "x_no" ; then
# check OSX deployment target, if needed
if echo $target_os | grep darwin > /dev/null; then
sdk_p=`xcode-select -print-path`;
if test "x_$with_xcode_sdk" = "x_yes" ; then
sdk_v="$( /usr/bin/xcrun --show-sdk-version 2>/dev/null )"
else
sdk_v="$with_xcode_sdk"
fi
# xcrun only got that option in 10.7
if test -z "$sdk_v" ; then
sdk_c="10.6"
sdk_v="10.6"
fi
SYSROOT="$( find ${sdk_p} -name MacOSX${sdk_v}.sdk )"
case $sdk_v in
10.9|10.8) sdk_c="10.7";;
10.11|10.10|*) sdk_c="10.10";;
esac
export MACOSX_DEPLOYMENT_TARGET="${sdk_c}";
export CFLAGS="$CFLAGS -mmacosx-version-min=${sdk_c} -isysroot ${SYSROOT}"
fi
fi
AC_DEFINE([SYSCONFDIR], [sysconfdir], [System configuration dir])
@ -1016,10 +1146,10 @@ size_t strlcpy(char *dst, const char *src, size_t siz);
#ifdef USE_WINSOCK
#define SOCK_INVALID INVALID_SOCKET
#define close_socket(_s) do { if (_s > SOCK_INVALID) {closesocket(_s); _s = SOCK_INVALID;} } while(0)
#define close_socket(_s) do { if (_s != SOCK_INVALID) {closesocket(_s); _s = -1;} } while(0)
#else
#define SOCK_INVALID -1
#define close_socket(_s) do { if (_s > SOCK_INVALID) {close(_s); _s = SOCK_INVALID;} } while(0)
#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s); _s = -1;} } while(0)
#endif
#ifdef __cplusplus
@ -1049,7 +1179,7 @@ else
AC_SUBST(ldns_build_config_have_attr_unused, 0)
fi
CONFIG_FILES="Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config"
CONFIG_FILES="Makefile libdns.doxygen ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config"
AC_SUBST(CONFIG_FILES)
AC_CONFIG_FILES([$CONFIG_FILES])
@ -1058,5 +1188,3 @@ AC_OUTPUT
COPY_HEADER_FILES(ldns/, ldns/)
dnl AC_CONFIG_SUBDIRS([drill])

8
contrib/DNS-LDNS/Changes
View file

@ -43,3 +43,11 @@ Revision history for Perl extension DNS::LDNS.
0.52 Tue May 5 09:13:00 2015
- Fixed typo in META.yml
0.60 Thu Dec 29 11:15:00 2016
- Compatibility with ldns 1.7
- Dist::zilla build management
0.61 Fri Dec 30 14:32:00 2016
- Bugfixes for ldns 1.7 compatibility
- Compatibility with perl 5.25

4
contrib/DNS-LDNS/LICENSE Normal file
View file

@ -0,0 +1,4 @@
This software is copyright (c) 2013 by UNINETT Norid AS. No
license is granted to other entities.
All rights reserved.

7
contrib/DNS-LDNS/MANIFEST
View file

@ -1,8 +1,6 @@
Changes
const-c.inc
const-xs.inc
fallback/const-c.inc
fallback/const-xs.inc
constants.PL
dist.ini
LDNS.xs
lib/DNS/LDNS.pm
lib/DNS/LDNS/DNSSecDataChain.pm
@ -22,7 +20,6 @@ lib/DNS/LDNS/Resolver.pm
lib/DNS/LDNS/RR.pm
lib/DNS/LDNS/RRList.pm
lib/DNS/LDNS/Zone.pm
Makefile.PL
MANIFEST
ppport.h
README

35
contrib/DNS-LDNS/META.yml
View file

@ -1,26 +1,29 @@
---
abstract: 'Perl extension for the ldns library'
author:
- 'Erik Pihl Ostlyngen <erik.ostlyngen@uninett.no>'
- 'Erik Ostlyngen <erik@uninett.no>'
build_requires:
FindBin: 0
Test::Exception: 0
Test::More: 0
FindBin: '0'
Test::Exception: '0'
Test::More: '0'
configure_requires:
Devel::CheckLib: 0
ExtUtils::MakeMaker: 0
distribution_type: module
Devel::CheckLib: '0.9'
ExtUtils::MakeMaker: '0'
dynamic_config: 0
generated_by: 'ExtUtils::MakeMaker version 6.57_05'
license: perl
generated_by: 'Dist::Zilla version 6.024, CPAN::Meta::Converter version 2.150010'
license: restrictive
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
version: 1.4
version: '1.4'
name: DNS-LDNS
no_index:
directory:
- t
- inc
requires:
XSLoader: 0
version: 0.52
AutoLoader: '0'
Carp: '0'
Exporter: '0'
XSLoader: '0'
perl: '5.014002'
strict: '0'
warnings: '0'
version: '0.61'
x_generated_by_perl: v5.34.0
x_serialization_backend: 'YAML::Tiny version 1.73'

660
contrib/DNS-LDNS/Makefile.PL Executable file → Normal file
View file

@ -1,327 +1,355 @@
# This Makefile.PL for DNS-LDNS was generated by
# Dist::Zilla::Plugin::MakeMaker::Awesome 0.49.
# Don't edit it but the dist.ini and plugins used to construct it.
use strict;
use warnings;
# inserted by Dist::Zilla::Plugin::CheckLib 0.007
use Devel::CheckLib;
check_lib_or_exit(
header => 'ldns/ldns.h',
lib => 'ldns',
);
use 5.014002;
use ExtUtils::MakeMaker;
use Devel::CheckLib;
check_lib_or_exit(
lib => 'ldns',
header => 'ldns/ldns.h',
function => 'if(atof(ldns_version()) >= 1.6) return 0; else return 1;'
my %WriteMakefileArgs = (
"ABSTRACT" => "Perl extension for the ldns library",
"AUTHOR" => "Erik Ostlyngen <erik\@uninett.no>",
"CONFIGURE_REQUIRES" => {
"Devel::CheckLib" => "0.9",
"ExtUtils::MakeMaker" => 0
},
"DISTNAME" => "DNS-LDNS",
"LICENSE" => "restrictive",
"MIN_PERL_VERSION" => "5.014002",
"NAME" => "DNS::LDNS",
"PREREQ_PM" => {
"AutoLoader" => 0,
"Carp" => 0,
"Exporter" => 0,
"XSLoader" => 0,
"strict" => 0,
"warnings" => 0
},
"TEST_REQUIRES" => {
"FindBin" => 0,
"Test::Exception" => 0,
"Test::More" => 0
},
"VERSION" => "0.61",
"test" => {
"TESTS" => "t/*.t"
}
);
# See lib/ExtUtils/MakeMaker.pm for details of how to influence
# the contents of the Makefile that is written.
WriteMakefile(
NAME => 'DNS::LDNS',
VERSION_FROM => 'lib/DNS/LDNS.pm', # finds $VERSION
CONFIGURE_REQUIRES => {
'Devel::CheckLib' => 0,
'ExtUtils::MakeMaker' => 0,
},
BUILD_REQUIRES => { # Actually required only by the tests
'FindBin' => 0,
'Test::More' => 0,
'Test::Exception' => 0,
},
PREREQ_PM => {
'XSLoader' => 0,
},
($] >= 5.005 ? ## Add these new keywords supported since 5.005
(ABSTRACT_FROM => 'lib/DNS/LDNS.pm', # retrieve abstract from module
AUTHOR => 'Erik Pihl Ostlyngen <erik.ostlyngen@uninett.no>',
LICENSE => 'perl') : ()),
LIBS => ['-lldns'],
DEFINE => '',
INC => '-I.',
# Un-comment this if you add C files to link with later:
# OBJECT => '$(O_FILES)', # link all the C files too
%WriteMakefileArgs = (
%WriteMakefileArgs,
LIBS => ['-lldns'],
);
if (eval {require ExtUtils::Constant; 1}) {
# If you edit these definitions to change the constants used by this module,
# you will need to use the generated const-c.inc and const-xs.inc
# files to replace their "fallback" counterparts before distributing your
# changes.
my @names = (qw(LDNS_AA LDNS_AD LDNS_CD LDNS_DEFAULT_EXP_TIME
my %FallbackPrereqs = (
"AutoLoader" => 0,
"Carp" => 0,
"Exporter" => 0,
"FindBin" => 0,
"Test::Exception" => 0,
"Test::More" => 0,
"XSLoader" => 0,
"strict" => 0,
"warnings" => 0
);
unless ( eval { ExtUtils::MakeMaker->VERSION('6.63_03') } ) {
delete $WriteMakefileArgs{TEST_REQUIRES};
delete $WriteMakefileArgs{BUILD_REQUIRES};
$WriteMakefileArgs{PREREQ_PM} = \%FallbackPrereqs;
}
delete $WriteMakefileArgs{CONFIGURE_REQUIRES}
unless eval { ExtUtils::MakeMaker->VERSION(6.52) };
WriteMakefile(%WriteMakefileArgs);
use ExtUtils::Constant;
# If you edit these definitions to change the constants used by this module,
# you will need to use the generated const-c.inc and const-xs.inc
# files to replace their "fallback" counterparts before distributing your
# changes.
my @names = (qw(LDNS_AA LDNS_AD LDNS_CD LDNS_DEFAULT_EXP_TIME
LDNS_DEFAULT_TTL LDNS_DNSSEC_KEYPROTO LDNS_IP4ADDRLEN
LDNS_IP6ADDRLEN LDNS_KEY_REVOKE_KEY LDNS_KEY_SEP_KEY
LDNS_KEY_ZONE_KEY LDNS_MAX_DOMAINLEN LDNS_MAX_KEYLEN
LDNS_IP6ADDRLEN LDNS_KEY_REVOKE_KEY LDNS_KEY_SEP_KEY
LDNS_KEY_ZONE_KEY LDNS_MAX_DOMAINLEN LDNS_MAX_KEYLEN
LDNS_MAX_LABELLEN LDNS_MAX_PACKETLEN LDNS_MAX_POINTERS
LDNS_MAX_RDFLEN LDNS_NSEC3_MAX_ITERATIONS
LDNS_NSEC3_VARS_OPTOUT_MASK LDNS_PORT LDNS_QR LDNS_RA LDNS_RD
LDNS_RDATA_FIELD_DESCRIPTORS_COMMON LDNS_RDF_SIZE_16BYTES
LDNS_RDF_SIZE_6BYTES LDNS_RDF_SIZE_BYTE
LDNS_RDF_SIZE_DOUBLEWORD LDNS_RDF_SIZE_WORD LDNS_RESOLV_ANCHOR
LDNS_RESOLV_DEFDOMAIN LDNS_RESOLV_INET LDNS_RESOLV_INET6
LDNS_RESOLV_INETANY LDNS_RESOLV_KEYWORD LDNS_RESOLV_KEYWORDS
LDNS_RESOLV_NAMESERVER LDNS_RESOLV_OPTIONS LDNS_RESOLV_RTT_INF
LDNS_RESOLV_RTT_MIN LDNS_RESOLV_SEARCH LDNS_RESOLV_SORTLIST
LDNS_RR_OVERHEAD LDNS_SIGNATURE_LEAVE_ADD_NEW
LDNS_NSEC3_VARS_OPTOUT_MASK LDNS_PORT LDNS_QR LDNS_RA LDNS_RD
LDNS_RDATA_FIELD_DESCRIPTORS_COMMON LDNS_RDF_SIZE_16BYTES
LDNS_RDF_SIZE_6BYTES LDNS_RDF_SIZE_BYTE
LDNS_RDF_SIZE_DOUBLEWORD LDNS_RDF_SIZE_WORD LDNS_RESOLV_ANCHOR
LDNS_RESOLV_DEFDOMAIN LDNS_RESOLV_INET LDNS_RESOLV_INET6
LDNS_RESOLV_INETANY LDNS_RESOLV_KEYWORD LDNS_RESOLV_KEYWORDS
LDNS_RESOLV_NAMESERVER LDNS_RESOLV_OPTIONS LDNS_RESOLV_RTT_INF
LDNS_RESOLV_RTT_MIN LDNS_RESOLV_SEARCH LDNS_RESOLV_SORTLIST
LDNS_RR_OVERHEAD LDNS_SIGNATURE_LEAVE_ADD_NEW
LDNS_SIGNATURE_LEAVE_NO_ADD LDNS_SIGNATURE_REMOVE_ADD_NEW
LDNS_SIGNATURE_REMOVE_NO_ADD LDNS_TC),
{name=>"LDNS_CERT_ACPKIX", macro=>"1"},
{name=>"LDNS_CERT_IACPKIX", macro=>"1"},
{name=>"LDNS_CERT_IPGP", macro=>"1"},
{name=>"LDNS_CERT_IPKIX", macro=>"1"},
{name=>"LDNS_CERT_ISPKI", macro=>"1"},
{name=>"LDNS_CERT_OID", macro=>"1"},
{name=>"LDNS_CERT_PGP", macro=>"1"},
{name=>"LDNS_CERT_PKIX", macro=>"1"},
{name=>"LDNS_CERT_SPKI", macro=>"1"},
{name=>"LDNS_CERT_URI", macro=>"1"},
{name=>"LDNS_DH", macro=>"1"},
{name=>"LDNS_DSA", macro=>"1"},
{name=>"LDNS_DSA_NSEC3", macro=>"1"},
{name=>"LDNS_ECC", macro=>"1"},
{name=>"LDNS_ECC_GOST", macro=>"1"},
{name=>"LDNS_HASH_GOST", macro=>"1"},
{name=>"LDNS_PACKET_ANSWER", macro=>"1"},
{name=>"LDNS_PACKET_IQUERY", macro=>"1"},
{name=>"LDNS_PACKET_NODATA", macro=>"1"},
{name=>"LDNS_PACKET_NOTIFY", macro=>"1"},
{name=>"LDNS_PACKET_NXDOMAIN", macro=>"1"},
{name=>"LDNS_PACKET_QUERY", macro=>"1"},
{name=>"LDNS_PACKET_QUESTION", macro=>"1"},
{name=>"LDNS_PACKET_REFERRAL", macro=>"1"},
{name=>"LDNS_PACKET_STATUS", macro=>"1"},
{name=>"LDNS_PACKET_UNKNOWN", macro=>"1"},
{name=>"LDNS_PACKET_UPDATE", macro=>"1"},
{name=>"LDNS_PRIVATEDNS", macro=>"1"},
{name=>"LDNS_PRIVATEOID", macro=>"1"},
{name=>"LDNS_RCODE_FORMERR", macro=>"1"},
{name=>"LDNS_RCODE_NOERROR", macro=>"1"},
{name=>"LDNS_RCODE_NOTAUTH", macro=>"1"},
{name=>"LDNS_RCODE_NOTIMPL", macro=>"1"},
{name=>"LDNS_RCODE_NOTZONE", macro=>"1"},
{name=>"LDNS_RCODE_NXDOMAIN", macro=>"1"},
{name=>"LDNS_RCODE_NXRRSET", macro=>"1"},
{name=>"LDNS_RCODE_REFUSED", macro=>"1"},
{name=>"LDNS_RCODE_SERVFAIL", macro=>"1"},
{name=>"LDNS_RCODE_YXDOMAIN", macro=>"1"},
{name=>"LDNS_RCODE_YXRRSET", macro=>"1"},
{name=>"LDNS_RDF_TYPE_A", macro=>"1"},
{name=>"LDNS_RDF_TYPE_AAAA", macro=>"1"},
{name=>"LDNS_RDF_TYPE_ALG", macro=>"1"},
{name=>"LDNS_RDF_TYPE_APL", macro=>"1"},
{name=>"LDNS_RDF_TYPE_ATMA", macro=>"1"},
{name=>"LDNS_RDF_TYPE_B32_EXT", macro=>"1"},
{name=>"LDNS_RDF_TYPE_B64", macro=>"1"},
{name=>"LDNS_RDF_TYPE_CERT_ALG", macro=>"1"},
{name=>"LDNS_RDF_TYPE_CLASS", macro=>"1"},
{name=>"LDNS_RDF_TYPE_DNAME", macro=>"1"},
{name=>"LDNS_RDF_TYPE_HEX", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT16", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT16_DATA", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT32", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT8", macro=>"1"},
{name=>"LDNS_RDF_TYPE_IPSECKEY", macro=>"1"},
{name=>"LDNS_RDF_TYPE_LOC", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NONE", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSAP", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSEC", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSEC3_NEXT_OWNER", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSEC3_SALT", macro=>"1"},
{name=>"LDNS_RDF_TYPE_PERIOD", macro=>"1"},
{name=>"LDNS_RDF_TYPE_SERVICE", macro=>"1"},
{name=>"LDNS_RDF_TYPE_STR", macro=>"1"},
{name=>"LDNS_RDF_TYPE_TIME", macro=>"1"},
{name=>"LDNS_RDF_TYPE_HIP", macro=>"1"},
{name=>"LDNS_RDF_TYPE_TSIGTIME", macro=>"1"},
{name=>"LDNS_RDF_TYPE_TYPE", macro=>"1"},
{name=>"LDNS_RDF_TYPE_UNKNOWN", macro=>"1"},
{name=>"LDNS_RDF_TYPE_WKS", macro=>"1"},
{name=>"LDNS_RR_CLASS_ANY", macro=>"1"},
{name=>"LDNS_RR_CLASS_CH", macro=>"1"},
{name=>"LDNS_RR_CLASS_COUNT", macro=>"1"},
{name=>"LDNS_RR_CLASS_FIRST", macro=>"1"},
{name=>"LDNS_RR_CLASS_HS", macro=>"1"},
{name=>"LDNS_RR_CLASS_IN", macro=>"1"},
{name=>"LDNS_RR_CLASS_LAST", macro=>"1"},
{name=>"LDNS_RR_CLASS_NONE", macro=>"1"},
{name=>"LDNS_RR_COMPRESS", macro=>"1"},
{name=>"LDNS_RR_NO_COMPRESS", macro=>"1"},
{name=>"LDNS_RR_TYPE_A", macro=>"1"},
{name=>"LDNS_RR_TYPE_A6", macro=>"1"},
{name=>"LDNS_RR_TYPE_AAAA", macro=>"1"},
{name=>"LDNS_RR_TYPE_AFSDB", macro=>"1"},
{name=>"LDNS_RR_TYPE_ANY", macro=>"1"},
{name=>"LDNS_RR_TYPE_APL", macro=>"1"},
{name=>"LDNS_RR_TYPE_ATMA", macro=>"1"},
{name=>"LDNS_RR_TYPE_AXFR", macro=>"1"},
{name=>"LDNS_RR_TYPE_CERT", macro=>"1"},
{name=>"LDNS_RR_TYPE_CNAME", macro=>"1"},
{name=>"LDNS_RR_TYPE_COUNT", macro=>"1"},
{name=>"LDNS_RR_TYPE_DHCID", macro=>"1"},
{name=>"LDNS_RR_TYPE_DLV", macro=>"1"},
{name=>"LDNS_RR_TYPE_DNAME", macro=>"1"},
{name=>"LDNS_RR_TYPE_DNSKEY", macro=>"1"},
{name=>"LDNS_RR_TYPE_DS", macro=>"1"},
{name=>"LDNS_RR_TYPE_EID", macro=>"1"},
{name=>"LDNS_RR_TYPE_FIRST", macro=>"1"},
{name=>"LDNS_RR_TYPE_GID", macro=>"1"},
{name=>"LDNS_RR_TYPE_GPOS", macro=>"1"},
{name=>"LDNS_RR_TYPE_HINFO", macro=>"1"},
{name=>"LDNS_RR_TYPE_IPSECKEY", macro=>"1"},
{name=>"LDNS_RR_TYPE_ISDN", macro=>"1"},
{name=>"LDNS_RR_TYPE_IXFR", macro=>"1"},
{name=>"LDNS_RR_TYPE_KEY", macro=>"1"},
{name=>"LDNS_RR_TYPE_KX", macro=>"1"},
{name=>"LDNS_RR_TYPE_LAST", macro=>"1"},
{name=>"LDNS_RR_TYPE_LOC", macro=>"1"},
{name=>"LDNS_RR_TYPE_MAILA", macro=>"1"},
{name=>"LDNS_RR_TYPE_MAILB", macro=>"1"},
{name=>"LDNS_RR_TYPE_MB", macro=>"1"},
{name=>"LDNS_RR_TYPE_MD", macro=>"1"},
{name=>"LDNS_RR_TYPE_MF", macro=>"1"},
{name=>"LDNS_RR_TYPE_MG", macro=>"1"},
{name=>"LDNS_RR_TYPE_MINFO", macro=>"1"},
{name=>"LDNS_RR_TYPE_MR", macro=>"1"},
{name=>"LDNS_RR_TYPE_MX", macro=>"1"},
{name=>"LDNS_RR_TYPE_NAPTR", macro=>"1"},
{name=>"LDNS_RR_TYPE_NIMLOC", macro=>"1"},
{name=>"LDNS_RR_TYPE_NS", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSAP", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSAP_PTR", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC3", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC3PARAM", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC3PARAMS", macro=>"1"},
{name=>"LDNS_RR_TYPE_NULL", macro=>"1"},
{name=>"LDNS_RR_TYPE_NXT", macro=>"1"},
{name=>"LDNS_RR_TYPE_OPT", macro=>"1"},
{name=>"LDNS_RR_TYPE_PTR", macro=>"1"},
{name=>"LDNS_RR_TYPE_PX", macro=>"1"},
{name=>"LDNS_RR_TYPE_RP", macro=>"1"},
{name=>"LDNS_RR_TYPE_RRSIG", macro=>"1"},
{name=>"LDNS_RR_TYPE_RT", macro=>"1"},
{name=>"LDNS_RR_TYPE_SIG", macro=>"1"},
{name=>"LDNS_RR_TYPE_SINK", macro=>"1"},
{name=>"LDNS_RR_TYPE_SOA", macro=>"1"},
{name=>"LDNS_RR_TYPE_SPF", macro=>"1"},
{name=>"LDNS_RR_TYPE_SRV", macro=>"1"},
{name=>"LDNS_RR_TYPE_SSHFP", macro=>"1"},
{name=>"LDNS_RR_TYPE_TALINK", macro=>"1"},
{name=>"LDNS_RR_TYPE_TSIG", macro=>"1"},
{name=>"LDNS_RR_TYPE_TXT", macro=>"1"},
{name=>"LDNS_RR_TYPE_UID", macro=>"1"},
{name=>"LDNS_RR_TYPE_UINFO", macro=>"1"},
{name=>"LDNS_RR_TYPE_UNSPEC", macro=>"1"},
{name=>"LDNS_RR_TYPE_WKS", macro=>"1"},
{name=>"LDNS_RR_TYPE_X25", macro=>"1"},
{name=>"LDNS_RSAMD5", macro=>"1"},
{name=>"LDNS_RSASHA1", macro=>"1"},
{name=>"LDNS_RSASHA1_NSEC3", macro=>"1"},
{name=>"LDNS_RSASHA256", macro=>"1"},
{name=>"LDNS_RSASHA512", macro=>"1"},
{name=>"LDNS_SECTION_ADDITIONAL", macro=>"1"},
{name=>"LDNS_SECTION_ANSWER", macro=>"1"},
{name=>"LDNS_SECTION_ANY", macro=>"1"},
{name=>"LDNS_SECTION_ANY_NOQUESTION", macro=>"1"},
{name=>"LDNS_SECTION_AUTHORITY", macro=>"1"},
{name=>"LDNS_SECTION_QUESTION", macro=>"1"},
{name=>"LDNS_SHA1", macro=>"1"},
{name=>"LDNS_SHA256", macro=>"1"},
{name=>"LDNS_SIGN_DSA", macro=>"1"},
{name=>"LDNS_SIGN_DSA_NSEC3", macro=>"1"},
{name=>"LDNS_SIGN_ECC_GOST", macro=>"1"},
{name=>"LDNS_SIGN_HMACSHA1", macro=>"1"},
{name=>"LDNS_SIGN_HMACSHA256", macro=>"1"},
{name=>"LDNS_SIGN_RSAMD5", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA1", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA1_NSEC3", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA256", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA512", macro=>"1"},
{name=>"LDNS_STATUS_ADDRESS_ERR", macro=>"1"},
{name=>"LDNS_STATUS_CERT_BAD_ALGORITHM", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_BOGUS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_DNSKEY", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_DS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_RRSIG", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_TRUSTED_DS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_SIG_EXPIRED", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_TSIG_BOGUS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_TSIG_ERR", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_UNKNOWN_ALGO", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_VALIDATED", macro=>"1"},
{name=>"LDNS_STATUS_DDD_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_EXISTENCE_DENIED", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED", macro=>"1"},
{name=>"LDNS_STATUS_DOMAINNAME_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_DOMAINNAME_UNDERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_EMPTY_LABEL", macro=>"1"},
{name=>"LDNS_STATUS_ENGINE_KEY_NOT_LOADED", macro=>"1"},
{name=>"LDNS_STATUS_ERR", macro=>"1"},
{name=>"LDNS_STATUS_FILE_ERR", macro=>"1"},
{name=>"LDNS_STATUS_INTERNAL_ERR", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_B32_EXT", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_B64", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_HEX", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_INT", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_IP4", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_IP6", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_POINTER", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_STR", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_TIME", macro=>"1"},
{name=>"LDNS_STATUS_LABEL_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_MEM_ERR", macro=>"1"},
{name=>"LDNS_STATUS_MISSING_RDATA_FIELDS_KEY", macro=>"1"},
{name=>"LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG", macro=>"1"},
{name=>"LDNS_STATUS_NETWORK_ERR", macro=>"1"},
{name=>"LDNS_STATUS_NOT_IMPL", macro=>"1"},
{name=>"LDNS_STATUS_NO_DATA", macro=>"1"},
{name=>"LDNS_STATUS_NSEC3_ERR", macro=>"1"},
{name=>"LDNS_STATUS_NULL", macro=>"1"},
{name=>"LDNS_STATUS_OK", macro=>"1"},
{name=>"LDNS_STATUS_PACKET_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_RES_NO_NS", macro=>"1"},
{name=>"LDNS_STATUS_RES_QUERY", macro=>"1"},
{name=>"LDNS_STATUS_SOCKET_ERROR", macro=>"1"},
{name=>"LDNS_STATUS_SSL_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ALG_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_BAD_ESCAPE", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_CLASS_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_DNAME_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_EMPTY", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_INCLUDE", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_KEYWORD_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ORIGIN", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_RDATA_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_TTL", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_TTL_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_TYPE_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_VERSION_ERR", macro=>"1"},
{name=>"LDNS_STATUS_UNKNOWN_INET", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_ANSWER", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_HEADER", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_QUESTION", macro=>"1"});
ExtUtils::Constant::WriteConstants(
NAME => 'LDNS',
NAMES => \@names,
DEFAULT_TYPE => 'IV',
C_FILE => 'const-c.inc',
XS_FILE => 'const-xs.inc',
);
}
else {
use File::Copy;
use File::Spec;
foreach my $file ('const-c.inc', 'const-xs.inc') {
my $fallback = File::Spec->catfile('fallback', $file);
copy ($fallback, $file) or die "Can't copy $fallback to $file: $!";
}
}
{name=>"LDNS_CERT_ACPKIX", macro=>"1"},
{name=>"LDNS_CERT_IACPKIX", macro=>"1"},
{name=>"LDNS_CERT_IPGP", macro=>"1"},
{name=>"LDNS_CERT_IPKIX", macro=>"1"},
{name=>"LDNS_CERT_ISPKI", macro=>"1"},
{name=>"LDNS_CERT_OID", macro=>"1"},
{name=>"LDNS_CERT_PGP", macro=>"1"},
{name=>"LDNS_CERT_PKIX", macro=>"1"},
{name=>"LDNS_CERT_SPKI", macro=>"1"},
{name=>"LDNS_CERT_URI", macro=>"1"},
{name=>"LDNS_DH", macro=>"1"},
{name=>"LDNS_DSA", macro=>"1"},
{name=>"LDNS_DSA_NSEC3", macro=>"1"},
{name=>"LDNS_ECC", macro=>"1"},
{name=>"LDNS_ECC_GOST", macro=>"1"},
{name=>"LDNS_HASH_GOST", macro=>"1"},
{name=>"LDNS_PACKET_ANSWER", macro=>"1"},
{name=>"LDNS_PACKET_IQUERY", macro=>"1"},
{name=>"LDNS_PACKET_NODATA", macro=>"1"},
{name=>"LDNS_PACKET_NOTIFY", macro=>"1"},
{name=>"LDNS_PACKET_NXDOMAIN", macro=>"1"},
{name=>"LDNS_PACKET_QUERY", macro=>"1"},
{name=>"LDNS_PACKET_QUESTION", macro=>"1"},
{name=>"LDNS_PACKET_REFERRAL", macro=>"1"},
{name=>"LDNS_PACKET_STATUS", macro=>"1"},
{name=>"LDNS_PACKET_UNKNOWN", macro=>"1"},
{name=>"LDNS_PACKET_UPDATE", macro=>"1"},
{name=>"LDNS_PRIVATEDNS", macro=>"1"},
{name=>"LDNS_PRIVATEOID", macro=>"1"},
{name=>"LDNS_RCODE_FORMERR", macro=>"1"},
{name=>"LDNS_RCODE_NOERROR", macro=>"1"},
{name=>"LDNS_RCODE_NOTAUTH", macro=>"1"},
{name=>"LDNS_RCODE_NOTIMPL", macro=>"1"},
{name=>"LDNS_RCODE_NOTZONE", macro=>"1"},
{name=>"LDNS_RCODE_NXDOMAIN", macro=>"1"},
{name=>"LDNS_RCODE_NXRRSET", macro=>"1"},
{name=>"LDNS_RCODE_REFUSED", macro=>"1"},
{name=>"LDNS_RCODE_SERVFAIL", macro=>"1"},
{name=>"LDNS_RCODE_YXDOMAIN", macro=>"1"},
{name=>"LDNS_RCODE_YXRRSET", macro=>"1"},
{name=>"LDNS_RDF_TYPE_A", macro=>"1"},
{name=>"LDNS_RDF_TYPE_AAAA", macro=>"1"},
{name=>"LDNS_RDF_TYPE_ALG", macro=>"1"},
{name=>"LDNS_RDF_TYPE_APL", macro=>"1"},
{name=>"LDNS_RDF_TYPE_ATMA", macro=>"1"},
{name=>"LDNS_RDF_TYPE_B32_EXT", macro=>"1"},
{name=>"LDNS_RDF_TYPE_B64", macro=>"1"},
{name=>"LDNS_RDF_TYPE_CERT_ALG", macro=>"1"},
{name=>"LDNS_RDF_TYPE_CLASS", macro=>"1"},
{name=>"LDNS_RDF_TYPE_DNAME", macro=>"1"},
{name=>"LDNS_RDF_TYPE_HEX", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT16", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT16_DATA", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT32", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT8", macro=>"1"},
{name=>"LDNS_RDF_TYPE_IPSECKEY", macro=>"1"},
{name=>"LDNS_RDF_TYPE_LOC", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NONE", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSAP", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSEC", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSEC3_NEXT_OWNER", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSEC3_SALT", macro=>"1"},
{name=>"LDNS_RDF_TYPE_PERIOD", macro=>"1"},
{name=>"LDNS_RDF_TYPE_SERVICE", macro=>"1"},
{name=>"LDNS_RDF_TYPE_STR", macro=>"1"},
{name=>"LDNS_RDF_TYPE_TIME", macro=>"1"},
{name=>"LDNS_RDF_TYPE_HIP", macro=>"1"},
{name=>"LDNS_RDF_TYPE_TSIGTIME", macro=>"1"},
{name=>"LDNS_RDF_TYPE_TYPE", macro=>"1"},
{name=>"LDNS_RDF_TYPE_UNKNOWN", macro=>"1"},
{name=>"LDNS_RDF_TYPE_WKS", macro=>"1"},
{name=>"LDNS_RR_CLASS_ANY", macro=>"1"},
{name=>"LDNS_RR_CLASS_CH", macro=>"1"},
{name=>"LDNS_RR_CLASS_COUNT", macro=>"1"},
{name=>"LDNS_RR_CLASS_FIRST", macro=>"1"},
{name=>"LDNS_RR_CLASS_HS", macro=>"1"},
{name=>"LDNS_RR_CLASS_IN", macro=>"1"},
{name=>"LDNS_RR_CLASS_LAST", macro=>"1"},
{name=>"LDNS_RR_CLASS_NONE", macro=>"1"},
{name=>"LDNS_RR_COMPRESS", macro=>"1"},
{name=>"LDNS_RR_NO_COMPRESS", macro=>"1"},
{name=>"LDNS_RR_TYPE_A", macro=>"1"},
{name=>"LDNS_RR_TYPE_A6", macro=>"1"},
{name=>"LDNS_RR_TYPE_AAAA", macro=>"1"},
{name=>"LDNS_RR_TYPE_AFSDB", macro=>"1"},
{name=>"LDNS_RR_TYPE_ANY", macro=>"1"},
{name=>"LDNS_RR_TYPE_APL", macro=>"1"},
{name=>"LDNS_RR_TYPE_ATMA", macro=>"1"},
{name=>"LDNS_RR_TYPE_AXFR", macro=>"1"},
{name=>"LDNS_RR_TYPE_CERT", macro=>"1"},
{name=>"LDNS_RR_TYPE_CNAME", macro=>"1"},
{name=>"LDNS_RR_TYPE_COUNT", macro=>"1"},
{name=>"LDNS_RR_TYPE_DHCID", macro=>"1"},
{name=>"LDNS_RR_TYPE_DLV", macro=>"1"},
{name=>"LDNS_RR_TYPE_DNAME", macro=>"1"},
{name=>"LDNS_RR_TYPE_DNSKEY", macro=>"1"},
{name=>"LDNS_RR_TYPE_DS", macro=>"1"},
{name=>"LDNS_RR_TYPE_EID", macro=>"1"},
{name=>"LDNS_RR_TYPE_FIRST", macro=>"1"},
{name=>"LDNS_RR_TYPE_GID", macro=>"1"},
{name=>"LDNS_RR_TYPE_GPOS", macro=>"1"},
{name=>"LDNS_RR_TYPE_HINFO", macro=>"1"},
{name=>"LDNS_RR_TYPE_IPSECKEY", macro=>"1"},
{name=>"LDNS_RR_TYPE_ISDN", macro=>"1"},
{name=>"LDNS_RR_TYPE_IXFR", macro=>"1"},
{name=>"LDNS_RR_TYPE_KEY", macro=>"1"},
{name=>"LDNS_RR_TYPE_KX", macro=>"1"},
{name=>"LDNS_RR_TYPE_LAST", macro=>"1"},
{name=>"LDNS_RR_TYPE_LOC", macro=>"1"},
{name=>"LDNS_RR_TYPE_MAILA", macro=>"1"},
{name=>"LDNS_RR_TYPE_MAILB", macro=>"1"},
{name=>"LDNS_RR_TYPE_MB", macro=>"1"},
{name=>"LDNS_RR_TYPE_MD", macro=>"1"},
{name=>"LDNS_RR_TYPE_MF", macro=>"1"},
{name=>"LDNS_RR_TYPE_MG", macro=>"1"},
{name=>"LDNS_RR_TYPE_MINFO", macro=>"1"},
{name=>"LDNS_RR_TYPE_MR", macro=>"1"},
{name=>"LDNS_RR_TYPE_MX", macro=>"1"},
{name=>"LDNS_RR_TYPE_NAPTR", macro=>"1"},
{name=>"LDNS_RR_TYPE_NIMLOC", macro=>"1"},
{name=>"LDNS_RR_TYPE_NS", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSAP", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSAP_PTR", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC3", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC3PARAM", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC3PARAMS", macro=>"1"},
{name=>"LDNS_RR_TYPE_NULL", macro=>"1"},
{name=>"LDNS_RR_TYPE_NXT", macro=>"1"},
{name=>"LDNS_RR_TYPE_OPT", macro=>"1"},
{name=>"LDNS_RR_TYPE_PTR", macro=>"1"},
{name=>"LDNS_RR_TYPE_PX", macro=>"1"},
{name=>"LDNS_RR_TYPE_RP", macro=>"1"},
{name=>"LDNS_RR_TYPE_RRSIG", macro=>"1"},
{name=>"LDNS_RR_TYPE_RT", macro=>"1"},
{name=>"LDNS_RR_TYPE_SIG", macro=>"1"},
{name=>"LDNS_RR_TYPE_SINK", macro=>"1"},
{name=>"LDNS_RR_TYPE_SOA", macro=>"1"},
{name=>"LDNS_RR_TYPE_SPF", macro=>"1"},
{name=>"LDNS_RR_TYPE_SRV", macro=>"1"},
{name=>"LDNS_RR_TYPE_SSHFP", macro=>"1"},
{name=>"LDNS_RR_TYPE_TALINK", macro=>"1"},
{name=>"LDNS_RR_TYPE_TSIG", macro=>"1"},
{name=>"LDNS_RR_TYPE_TXT", macro=>"1"},
{name=>"LDNS_RR_TYPE_UID", macro=>"1"},
{name=>"LDNS_RR_TYPE_UINFO", macro=>"1"},
{name=>"LDNS_RR_TYPE_UNSPEC", macro=>"1"},
{name=>"LDNS_RR_TYPE_WKS", macro=>"1"},
{name=>"LDNS_RR_TYPE_X25", macro=>"1"},
{name=>"LDNS_RSAMD5", macro=>"1"},
{name=>"LDNS_RSASHA1", macro=>"1"},
{name=>"LDNS_RSASHA1_NSEC3", macro=>"1"},
{name=>"LDNS_RSASHA256", macro=>"1"},
{name=>"LDNS_RSASHA512", macro=>"1"},
{name=>"LDNS_SECTION_ADDITIONAL", macro=>"1"},
{name=>"LDNS_SECTION_ANSWER", macro=>"1"},
{name=>"LDNS_SECTION_ANY", macro=>"1"},
{name=>"LDNS_SECTION_ANY_NOQUESTION", macro=>"1"},
{name=>"LDNS_SECTION_AUTHORITY", macro=>"1"},
{name=>"LDNS_SECTION_QUESTION", macro=>"1"},
{name=>"LDNS_SHA1", macro=>"1"},
{name=>"LDNS_SHA256", macro=>"1"},
{name=>"LDNS_SIGN_DSA", macro=>"1"},
{name=>"LDNS_SIGN_DSA_NSEC3", macro=>"1"},
{name=>"LDNS_SIGN_ECC_GOST", macro=>"1"},
{name=>"LDNS_SIGN_HMACSHA1", macro=>"1"},
{name=>"LDNS_SIGN_HMACSHA256", macro=>"1"},
{name=>"LDNS_SIGN_RSAMD5", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA1", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA1_NSEC3", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA256", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA512", macro=>"1"},
{name=>"LDNS_STATUS_ADDRESS_ERR", macro=>"1"},
{name=>"LDNS_STATUS_CERT_BAD_ALGORITHM", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_BOGUS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_DNSKEY", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_DS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_RRSIG", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_TRUSTED_DS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_SIG_EXPIRED", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_TSIG_BOGUS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_TSIG_ERR", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_UNKNOWN_ALGO", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_VALIDATED", macro=>"1"},
{name=>"LDNS_STATUS_DDD_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_EXISTENCE_DENIED", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED", macro=>"1"},
{name=>"LDNS_STATUS_DOMAINNAME_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_DOMAINNAME_UNDERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_EMPTY_LABEL", macro=>"1"},
{name=>"LDNS_STATUS_ENGINE_KEY_NOT_LOADED", macro=>"1"},
{name=>"LDNS_STATUS_ERR", macro=>"1"},
{name=>"LDNS_STATUS_FILE_ERR", macro=>"1"},
{name=>"LDNS_STATUS_INTERNAL_ERR", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_B32_EXT", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_B64", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_HEX", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_INT", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_IP4", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_IP6", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_POINTER", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_STR", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_TIME", macro=>"1"},
{name=>"LDNS_STATUS_LABEL_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_MEM_ERR", macro=>"1"},
{name=>"LDNS_STATUS_MISSING_RDATA_FIELDS_KEY", macro=>"1"},
{name=>"LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG", macro=>"1"},
{name=>"LDNS_STATUS_NETWORK_ERR", macro=>"1"},
{name=>"LDNS_STATUS_NOT_IMPL", macro=>"1"},
{name=>"LDNS_STATUS_NO_DATA", macro=>"1"},
{name=>"LDNS_STATUS_NSEC3_ERR", macro=>"1"},
{name=>"LDNS_STATUS_NULL", macro=>"1"},
{name=>"LDNS_STATUS_OK", macro=>"1"},
{name=>"LDNS_STATUS_PACKET_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_RES_NO_NS", macro=>"1"},
{name=>"LDNS_STATUS_RES_QUERY", macro=>"1"},
{name=>"LDNS_STATUS_SOCKET_ERROR", macro=>"1"},
{name=>"LDNS_STATUS_SSL_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ALG_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_BAD_ESCAPE", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_CLASS_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_DNAME_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_EMPTY", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_INCLUDE", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_KEYWORD_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ORIGIN", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_RDATA_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_TTL", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_TTL_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_TYPE_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_VERSION_ERR", macro=>"1"},
{name=>"LDNS_STATUS_UNKNOWN_INET", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_ANSWER", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_HEADER", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_QUESTION", macro=>"1"});
ExtUtils::Constant::WriteConstants(
NAME => 'LDNS',
NAMES => \@names,
DEFAULT_TYPE => 'IV',
C_FILE => 'const-c.inc',
XS_FILE => 'const-xs.inc',
);

2
contrib/DNS-LDNS/README
View file

@ -1,4 +1,4 @@
DNS::LDNS version 0.52
DNS::LDNS version 0.61
======================
DESCRIPTION

2852
contrib/DNS-LDNS/const-c.inc
View file

File diff suppressed because it is too large Load diff

90
contrib/DNS-LDNS/const-xs.inc
View file

@ -1,90 +0,0 @@
void
constant(sv)
PREINIT:
#ifdef dXSTARG
dXSTARG; /* Faster if we have it. */
#else
dTARGET;
#endif
STRLEN len;
int type;
IV iv;
/* NV nv; Uncomment this if you need to return NVs */
/* const char *pv; Uncomment this if you need to return PVs */
INPUT:
SV * sv;
const char * s = SvPV(sv, len);
PPCODE:
/* Change this to constant(aTHX_ s, len, &iv, &nv);
if you need to return both NVs and IVs */
type = constant(aTHX_ s, len, &iv);
/* Return 1 or 2 items. First is error message, or undef if no error.
Second, if present, is found value */
switch (type) {
case PERL_constant_NOTFOUND:
sv =
sv_2mortal(newSVpvf("%s is not a valid LDNS macro", s));
PUSHs(sv);
break;
case PERL_constant_NOTDEF:
sv = sv_2mortal(newSVpvf(
"Your vendor has not defined LDNS macro %s, used",
s));
PUSHs(sv);
break;
case PERL_constant_ISIV:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHi(iv);
break;
/* Uncomment this if you need to return NOs
case PERL_constant_ISNO:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHs(&PL_sv_no);
break; */
/* Uncomment this if you need to return NVs
case PERL_constant_ISNV:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHn(nv);
break; */
/* Uncomment this if you need to return PVs
case PERL_constant_ISPV:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHp(pv, strlen(pv));
break; */
/* Uncomment this if you need to return PVNs
case PERL_constant_ISPVN:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHp(pv, iv);
break; */
/* Uncomment this if you need to return SVs
case PERL_constant_ISSV:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHs(sv);
break; */
/* Uncomment this if you need to return UNDEFs
case PERL_constant_ISUNDEF:
break; */
/* Uncomment this if you need to return UVs
case PERL_constant_ISUV:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHu((UV)iv);
break; */
/* Uncomment this if you need to return YESs
case PERL_constant_ISYES:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHs(&PL_sv_yes);
break; */
default:
sv = sv_2mortal(newSVpvf(
"Unexpected return type %d while processing LDNS macro %s, used",
type, s));
PUSHs(sv);
}

280
contrib/DNS-LDNS/constants.PL Normal file
View file

@ -0,0 +1,280 @@
use ExtUtils::Constant;
# If you edit these definitions to change the constants used by this module,
# you will need to use the generated const-c.inc and const-xs.inc
# files to replace their "fallback" counterparts before distributing your
# changes.
my @names = (qw(LDNS_AA LDNS_AD LDNS_CD LDNS_DEFAULT_EXP_TIME
LDNS_DEFAULT_TTL LDNS_DNSSEC_KEYPROTO LDNS_IP4ADDRLEN
LDNS_IP6ADDRLEN LDNS_KEY_REVOKE_KEY LDNS_KEY_SEP_KEY
LDNS_KEY_ZONE_KEY LDNS_MAX_DOMAINLEN LDNS_MAX_KEYLEN
LDNS_MAX_LABELLEN LDNS_MAX_PACKETLEN LDNS_MAX_POINTERS
LDNS_MAX_RDFLEN LDNS_NSEC3_MAX_ITERATIONS
LDNS_NSEC3_VARS_OPTOUT_MASK LDNS_PORT LDNS_QR LDNS_RA LDNS_RD
LDNS_RDATA_FIELD_DESCRIPTORS_COMMON LDNS_RDF_SIZE_16BYTES
LDNS_RDF_SIZE_6BYTES LDNS_RDF_SIZE_BYTE
LDNS_RDF_SIZE_DOUBLEWORD LDNS_RDF_SIZE_WORD LDNS_RESOLV_ANCHOR
LDNS_RESOLV_DEFDOMAIN LDNS_RESOLV_INET LDNS_RESOLV_INET6
LDNS_RESOLV_INETANY LDNS_RESOLV_KEYWORD LDNS_RESOLV_KEYWORDS
LDNS_RESOLV_NAMESERVER LDNS_RESOLV_OPTIONS LDNS_RESOLV_RTT_INF
LDNS_RESOLV_RTT_MIN LDNS_RESOLV_SEARCH LDNS_RESOLV_SORTLIST
LDNS_RR_OVERHEAD LDNS_SIGNATURE_LEAVE_ADD_NEW
LDNS_SIGNATURE_LEAVE_NO_ADD LDNS_SIGNATURE_REMOVE_ADD_NEW
LDNS_SIGNATURE_REMOVE_NO_ADD LDNS_TC),
{name=>"LDNS_CERT_ACPKIX", macro=>"1"},
{name=>"LDNS_CERT_IACPKIX", macro=>"1"},
{name=>"LDNS_CERT_IPGP", macro=>"1"},
{name=>"LDNS_CERT_IPKIX", macro=>"1"},
{name=>"LDNS_CERT_ISPKI", macro=>"1"},
{name=>"LDNS_CERT_OID", macro=>"1"},
{name=>"LDNS_CERT_PGP", macro=>"1"},
{name=>"LDNS_CERT_PKIX", macro=>"1"},
{name=>"LDNS_CERT_SPKI", macro=>"1"},
{name=>"LDNS_CERT_URI", macro=>"1"},
{name=>"LDNS_DH", macro=>"1"},
{name=>"LDNS_DSA", macro=>"1"},
{name=>"LDNS_DSA_NSEC3", macro=>"1"},
{name=>"LDNS_ECC", macro=>"1"},
{name=>"LDNS_ECC_GOST", macro=>"1"},
{name=>"LDNS_HASH_GOST", macro=>"1"},
{name=>"LDNS_PACKET_ANSWER", macro=>"1"},
{name=>"LDNS_PACKET_IQUERY", macro=>"1"},
{name=>"LDNS_PACKET_NODATA", macro=>"1"},
{name=>"LDNS_PACKET_NOTIFY", macro=>"1"},
{name=>"LDNS_PACKET_NXDOMAIN", macro=>"1"},
{name=>"LDNS_PACKET_QUERY", macro=>"1"},
{name=>"LDNS_PACKET_QUESTION", macro=>"1"},
{name=>"LDNS_PACKET_REFERRAL", macro=>"1"},
{name=>"LDNS_PACKET_STATUS", macro=>"1"},
{name=>"LDNS_PACKET_UNKNOWN", macro=>"1"},
{name=>"LDNS_PACKET_UPDATE", macro=>"1"},
{name=>"LDNS_PRIVATEDNS", macro=>"1"},
{name=>"LDNS_PRIVATEOID", macro=>"1"},
{name=>"LDNS_RCODE_FORMERR", macro=>"1"},
{name=>"LDNS_RCODE_NOERROR", macro=>"1"},
{name=>"LDNS_RCODE_NOTAUTH", macro=>"1"},
{name=>"LDNS_RCODE_NOTIMPL", macro=>"1"},
{name=>"LDNS_RCODE_NOTZONE", macro=>"1"},
{name=>"LDNS_RCODE_NXDOMAIN", macro=>"1"},
{name=>"LDNS_RCODE_NXRRSET", macro=>"1"},
{name=>"LDNS_RCODE_REFUSED", macro=>"1"},
{name=>"LDNS_RCODE_SERVFAIL", macro=>"1"},
{name=>"LDNS_RCODE_YXDOMAIN", macro=>"1"},
{name=>"LDNS_RCODE_YXRRSET", macro=>"1"},
{name=>"LDNS_RDF_TYPE_A", macro=>"1"},
{name=>"LDNS_RDF_TYPE_AAAA", macro=>"1"},
{name=>"LDNS_RDF_TYPE_ALG", macro=>"1"},
{name=>"LDNS_RDF_TYPE_APL", macro=>"1"},
{name=>"LDNS_RDF_TYPE_ATMA", macro=>"1"},
{name=>"LDNS_RDF_TYPE_B32_EXT", macro=>"1"},
{name=>"LDNS_RDF_TYPE_B64", macro=>"1"},
{name=>"LDNS_RDF_TYPE_CERT_ALG", macro=>"1"},
{name=>"LDNS_RDF_TYPE_CLASS", macro=>"1"},
{name=>"LDNS_RDF_TYPE_DNAME", macro=>"1"},
{name=>"LDNS_RDF_TYPE_HEX", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT16", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT16_DATA", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT32", macro=>"1"},
{name=>"LDNS_RDF_TYPE_INT8", macro=>"1"},
{name=>"LDNS_RDF_TYPE_IPSECKEY", macro=>"1"},
{name=>"LDNS_RDF_TYPE_LOC", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NONE", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSAP", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSEC", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSEC3_NEXT_OWNER", macro=>"1"},
{name=>"LDNS_RDF_TYPE_NSEC3_SALT", macro=>"1"},
{name=>"LDNS_RDF_TYPE_PERIOD", macro=>"1"},
{name=>"LDNS_RDF_TYPE_SERVICE", macro=>"1"},
{name=>"LDNS_RDF_TYPE_STR", macro=>"1"},
{name=>"LDNS_RDF_TYPE_TIME", macro=>"1"},
{name=>"LDNS_RDF_TYPE_HIP", macro=>"1"},
{name=>"LDNS_RDF_TYPE_TSIGTIME", macro=>"1"},
{name=>"LDNS_RDF_TYPE_TYPE", macro=>"1"},
{name=>"LDNS_RDF_TYPE_UNKNOWN", macro=>"1"},
{name=>"LDNS_RDF_TYPE_WKS", macro=>"1"},
{name=>"LDNS_RR_CLASS_ANY", macro=>"1"},
{name=>"LDNS_RR_CLASS_CH", macro=>"1"},
{name=>"LDNS_RR_CLASS_COUNT", macro=>"1"},
{name=>"LDNS_RR_CLASS_FIRST", macro=>"1"},
{name=>"LDNS_RR_CLASS_HS", macro=>"1"},
{name=>"LDNS_RR_CLASS_IN", macro=>"1"},
{name=>"LDNS_RR_CLASS_LAST", macro=>"1"},
{name=>"LDNS_RR_CLASS_NONE", macro=>"1"},
{name=>"LDNS_RR_COMPRESS", macro=>"1"},
{name=>"LDNS_RR_NO_COMPRESS", macro=>"1"},
{name=>"LDNS_RR_TYPE_A", macro=>"1"},
{name=>"LDNS_RR_TYPE_A6", macro=>"1"},
{name=>"LDNS_RR_TYPE_AAAA", macro=>"1"},
{name=>"LDNS_RR_TYPE_AFSDB", macro=>"1"},
{name=>"LDNS_RR_TYPE_ANY", macro=>"1"},
{name=>"LDNS_RR_TYPE_APL", macro=>"1"},
{name=>"LDNS_RR_TYPE_ATMA", macro=>"1"},
{name=>"LDNS_RR_TYPE_AXFR", macro=>"1"},
{name=>"LDNS_RR_TYPE_CERT", macro=>"1"},
{name=>"LDNS_RR_TYPE_CNAME", macro=>"1"},
{name=>"LDNS_RR_TYPE_COUNT", macro=>"1"},
{name=>"LDNS_RR_TYPE_DHCID", macro=>"1"},
{name=>"LDNS_RR_TYPE_DLV", macro=>"1"},
{name=>"LDNS_RR_TYPE_DNAME", macro=>"1"},
{name=>"LDNS_RR_TYPE_DNSKEY", macro=>"1"},
{name=>"LDNS_RR_TYPE_DS", macro=>"1"},
{name=>"LDNS_RR_TYPE_EID", macro=>"1"},
{name=>"LDNS_RR_TYPE_FIRST", macro=>"1"},
{name=>"LDNS_RR_TYPE_GID", macro=>"1"},
{name=>"LDNS_RR_TYPE_GPOS", macro=>"1"},
{name=>"LDNS_RR_TYPE_HINFO", macro=>"1"},
{name=>"LDNS_RR_TYPE_IPSECKEY", macro=>"1"},
{name=>"LDNS_RR_TYPE_ISDN", macro=>"1"},
{name=>"LDNS_RR_TYPE_IXFR", macro=>"1"},
{name=>"LDNS_RR_TYPE_KEY", macro=>"1"},
{name=>"LDNS_RR_TYPE_KX", macro=>"1"},
{name=>"LDNS_RR_TYPE_LAST", macro=>"1"},
{name=>"LDNS_RR_TYPE_LOC", macro=>"1"},
{name=>"LDNS_RR_TYPE_MAILA", macro=>"1"},
{name=>"LDNS_RR_TYPE_MAILB", macro=>"1"},
{name=>"LDNS_RR_TYPE_MB", macro=>"1"},
{name=>"LDNS_RR_TYPE_MD", macro=>"1"},
{name=>"LDNS_RR_TYPE_MF", macro=>"1"},
{name=>"LDNS_RR_TYPE_MG", macro=>"1"},
{name=>"LDNS_RR_TYPE_MINFO", macro=>"1"},
{name=>"LDNS_RR_TYPE_MR", macro=>"1"},
{name=>"LDNS_RR_TYPE_MX", macro=>"1"},
{name=>"LDNS_RR_TYPE_NAPTR", macro=>"1"},
{name=>"LDNS_RR_TYPE_NIMLOC", macro=>"1"},
{name=>"LDNS_RR_TYPE_NS", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSAP", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSAP_PTR", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC3", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC3PARAM", macro=>"1"},
{name=>"LDNS_RR_TYPE_NSEC3PARAMS", macro=>"1"},
{name=>"LDNS_RR_TYPE_NULL", macro=>"1"},
{name=>"LDNS_RR_TYPE_NXT", macro=>"1"},
{name=>"LDNS_RR_TYPE_OPT", macro=>"1"},
{name=>"LDNS_RR_TYPE_PTR", macro=>"1"},
{name=>"LDNS_RR_TYPE_PX", macro=>"1"},
{name=>"LDNS_RR_TYPE_RP", macro=>"1"},
{name=>"LDNS_RR_TYPE_RRSIG", macro=>"1"},
{name=>"LDNS_RR_TYPE_RT", macro=>"1"},
{name=>"LDNS_RR_TYPE_SIG", macro=>"1"},
{name=>"LDNS_RR_TYPE_SINK", macro=>"1"},
{name=>"LDNS_RR_TYPE_SOA", macro=>"1"},
{name=>"LDNS_RR_TYPE_SPF", macro=>"1"},
{name=>"LDNS_RR_TYPE_SRV", macro=>"1"},
{name=>"LDNS_RR_TYPE_SSHFP", macro=>"1"},
{name=>"LDNS_RR_TYPE_TALINK", macro=>"1"},
{name=>"LDNS_RR_TYPE_TSIG", macro=>"1"},
{name=>"LDNS_RR_TYPE_TXT", macro=>"1"},
{name=>"LDNS_RR_TYPE_UID", macro=>"1"},
{name=>"LDNS_RR_TYPE_UINFO", macro=>"1"},
{name=>"LDNS_RR_TYPE_UNSPEC", macro=>"1"},
{name=>"LDNS_RR_TYPE_WKS", macro=>"1"},
{name=>"LDNS_RR_TYPE_X25", macro=>"1"},
{name=>"LDNS_RSAMD5", macro=>"1"},
{name=>"LDNS_RSASHA1", macro=>"1"},
{name=>"LDNS_RSASHA1_NSEC3", macro=>"1"},
{name=>"LDNS_RSASHA256", macro=>"1"},
{name=>"LDNS_RSASHA512", macro=>"1"},
{name=>"LDNS_SECTION_ADDITIONAL", macro=>"1"},
{name=>"LDNS_SECTION_ANSWER", macro=>"1"},
{name=>"LDNS_SECTION_ANY", macro=>"1"},
{name=>"LDNS_SECTION_ANY_NOQUESTION", macro=>"1"},
{name=>"LDNS_SECTION_AUTHORITY", macro=>"1"},
{name=>"LDNS_SECTION_QUESTION", macro=>"1"},
{name=>"LDNS_SHA1", macro=>"1"},
{name=>"LDNS_SHA256", macro=>"1"},
{name=>"LDNS_SIGN_DSA", macro=>"1"},
{name=>"LDNS_SIGN_DSA_NSEC3", macro=>"1"},
{name=>"LDNS_SIGN_ECC_GOST", macro=>"1"},
{name=>"LDNS_SIGN_HMACSHA1", macro=>"1"},
{name=>"LDNS_SIGN_HMACSHA256", macro=>"1"},
{name=>"LDNS_SIGN_RSAMD5", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA1", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA1_NSEC3", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA256", macro=>"1"},
{name=>"LDNS_SIGN_RSASHA512", macro=>"1"},
{name=>"LDNS_STATUS_ADDRESS_ERR", macro=>"1"},
{name=>"LDNS_STATUS_CERT_BAD_ALGORITHM", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_BOGUS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_DNSKEY", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_DS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_RRSIG", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_NO_TRUSTED_DS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_SIG_EXPIRED", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_TSIG_BOGUS", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_TSIG_ERR", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_UNKNOWN_ALGO", macro=>"1"},
{name=>"LDNS_STATUS_CRYPTO_VALIDATED", macro=>"1"},
{name=>"LDNS_STATUS_DDD_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_EXISTENCE_DENIED", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED", macro=>"1"},
{name=>"LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED", macro=>"1"},
{name=>"LDNS_STATUS_DOMAINNAME_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_DOMAINNAME_UNDERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_EMPTY_LABEL", macro=>"1"},
{name=>"LDNS_STATUS_ENGINE_KEY_NOT_LOADED", macro=>"1"},
{name=>"LDNS_STATUS_ERR", macro=>"1"},
{name=>"LDNS_STATUS_FILE_ERR", macro=>"1"},
{name=>"LDNS_STATUS_INTERNAL_ERR", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_B32_EXT", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_B64", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_HEX", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_INT", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_IP4", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_IP6", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_POINTER", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_STR", macro=>"1"},
{name=>"LDNS_STATUS_INVALID_TIME", macro=>"1"},
{name=>"LDNS_STATUS_LABEL_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_MEM_ERR", macro=>"1"},
{name=>"LDNS_STATUS_MISSING_RDATA_FIELDS_KEY", macro=>"1"},
{name=>"LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG", macro=>"1"},
{name=>"LDNS_STATUS_NETWORK_ERR", macro=>"1"},
{name=>"LDNS_STATUS_NOT_IMPL", macro=>"1"},
{name=>"LDNS_STATUS_NO_DATA", macro=>"1"},
{name=>"LDNS_STATUS_NSEC3_ERR", macro=>"1"},
{name=>"LDNS_STATUS_NULL", macro=>"1"},
{name=>"LDNS_STATUS_OK", macro=>"1"},
{name=>"LDNS_STATUS_PACKET_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_RES_NO_NS", macro=>"1"},
{name=>"LDNS_STATUS_RES_QUERY", macro=>"1"},
{name=>"LDNS_STATUS_SOCKET_ERROR", macro=>"1"},
{name=>"LDNS_STATUS_SSL_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ALG_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_BAD_ESCAPE", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_CLASS_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_DNAME_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_EMPTY", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_INCLUDE", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_KEYWORD_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_ORIGIN", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_RDATA_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_TTL", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_TTL_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_TYPE_ERR", macro=>"1"},
{name=>"LDNS_STATUS_SYNTAX_VERSION_ERR", macro=>"1"},
{name=>"LDNS_STATUS_UNKNOWN_INET", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_ANSWER", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_HEADER", macro=>"1"},
{name=>"LDNS_STATUS_WIRE_INCOMPLETE_QUESTION", macro=>"1"});
ExtUtils::Constant::WriteConstants(
NAME => 'LDNS',
NAMES => \@names,
DEFAULT_TYPE => 'IV',
C_FILE => 'const-c.inc',
XS_FILE => 'const-xs.inc',
);

18
contrib/DNS-LDNS/dist.ini Normal file
View file

@ -0,0 +1,18 @@
name = DNS-LDNS
author = Erik Ostlyngen <erik@uninett.no>
copyright_holder = UNINETT Norid AS
copyright_year = 2013
license = None
version = 0.61
[AutoPrereqs]
[GatherDir]
[MetaYAML]
[MakeMaker::Awesome]
WriteMakefile_arg = LIBS => ['-lldns']
footer_file = constants.PL
[CheckLib]
lib = ldns
header = ldns/ldns.h
[License]
[PruneCruft]

2798
contrib/DNS-LDNS/fallback/const-c.inc
View file

File diff suppressed because it is too large Load diff

90
contrib/DNS-LDNS/fallback/const-xs.inc
View file

@ -1,90 +0,0 @@
void
constant(sv)
PREINIT:
#ifdef dXSTARG
dXSTARG; /* Faster if we have it. */
#else
dTARGET;
#endif
STRLEN len;
int type;
IV iv;
/* NV nv; Uncomment this if you need to return NVs */
/* const char *pv; Uncomment this if you need to return PVs */
INPUT:
SV * sv;
const char * s = SvPV(sv, len);
PPCODE:
/* Change this to constant(aTHX_ s, len, &iv, &nv);
if you need to return both NVs and IVs */
type = constant(aTHX_ s, len, &iv);
/* Return 1 or 2 items. First is error message, or undef if no error.
Second, if present, is found value */
switch (type) {
case PERL_constant_NOTFOUND:
sv =
sv_2mortal(newSVpvf("%s is not a valid LDNS macro", s));
PUSHs(sv);
break;
case PERL_constant_NOTDEF:
sv = sv_2mortal(newSVpvf(
"Your vendor has not defined LDNS macro %s, used",
s));
PUSHs(sv);
break;
case PERL_constant_ISIV:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHi(iv);
break;
/* Uncomment this if you need to return NOs
case PERL_constant_ISNO:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHs(&PL_sv_no);
break; */
/* Uncomment this if you need to return NVs
case PERL_constant_ISNV:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHn(nv);
break; */
/* Uncomment this if you need to return PVs
case PERL_constant_ISPV:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHp(pv, strlen(pv));
break; */
/* Uncomment this if you need to return PVNs
case PERL_constant_ISPVN:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHp(pv, iv);
break; */
/* Uncomment this if you need to return SVs
case PERL_constant_ISSV:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHs(sv);
break; */
/* Uncomment this if you need to return UNDEFs
case PERL_constant_ISUNDEF:
break; */
/* Uncomment this if you need to return UVs
case PERL_constant_ISUV:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHu((UV)iv);
break; */
/* Uncomment this if you need to return YESs
case PERL_constant_ISYES:
EXTEND(SP, 1);
PUSHs(&PL_sv_undef);
PUSHs(&PL_sv_yes);
break; */
default:
sv = sv_2mortal(newSVpvf(
"Unexpected return type %d while processing LDNS macro %s, used",
type, s));
PUSHs(sv);
}

2
contrib/DNS-LDNS/lib/DNS/LDNS.pm
View file

@ -651,7 +651,7 @@ our @EXPORT = qw(
read_anchor_file
);
our $VERSION = '0.52';
our $VERSION = '0.61';
sub AUTOLOAD {
# This AUTOLOAD is used to 'autoload' constants from the constant()

2
contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecDataChain.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS;
our $VERSION = '0.52';
our $VERSION = '0.61';
sub rrset {
my $self = shift;

2
contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecName.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS ':all';
our $VERSION = '0.52';
our $VERSION = '0.61';
sub new {
my $class = shift;

2
contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecRRSets.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS;
our $VERSION = '0.52';
our $VERSION = '0.61';
# Note: Since this class does not have a constructor, we can let its child
# objects be owned by the parent. This reduces the recursion depth on

2
contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecRRs.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS;
our $VERSION = '0.52';
our $VERSION = '0.61';
# Note: This class does not have a constructor. Thus, it can not be created
# as an individual object. The data structure of the node is owned

2
contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecTrustTree.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS;
our $VERSION = '0.52';
our $VERSION = '0.61';
sub add_parent {
my ($self, $parent, $sig, $parent_status) = @_;

2
contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecZone.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS ':all';
our $VERSION = '0.52';
our $VERSION = '0.61';
sub new {
my ($class, %args) = @_;

2
contrib/DNS-LDNS/lib/DNS/LDNS/GC.pm
View file

@ -3,7 +3,7 @@ package DNS::LDNS::GC;
use strict;
use warnings;
our $VERSION = '0.52';
our $VERSION = '0.61';
my %ref_count;
my %owned_by;

2
contrib/DNS-LDNS/lib/DNS/LDNS/Key.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS ':all';
our $VERSION = '0.52';
our $VERSION = '0.61';
sub new {
my ($class, %args) = @_;

2
contrib/DNS-LDNS/lib/DNS/LDNS/KeyList.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS ':all';
our $VERSION = '0.52';
our $VERSION = '0.61';
sub new {
my $class = shift;

2
contrib/DNS-LDNS/lib/DNS/LDNS/Packet.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS;
our $VERSION = '0.52';
our $VERSION = '0.61';
sub new {
my ($class, %args) = @_;

2
contrib/DNS-LDNS/lib/DNS/LDNS/RBNode.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS;
our $VERSION = '0.52';
our $VERSION = '0.61';
# Note: This class does not have a constructor. Thus, it can not be created
# as an individual object. The data structure of the object will always be

2
contrib/DNS-LDNS/lib/DNS/LDNS/RBTree.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS;
our $VERSION = '0.52';
our $VERSION = '0.61';
# Note: Since this class does not have a constructor, we can let its child
# objects be owned by the parent. This reduces the recursion depth on

2
contrib/DNS-LDNS/lib/DNS/LDNS/RData.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS;
our $VERSION = '0.52';
our $VERSION = '0.61';
sub new {
my ($class, $type, $str) = @_;

11
contrib/DNS-LDNS/lib/DNS/LDNS/RR.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS ':all';
our $VERSION = '0.52';
our $VERSION = '0.61';
sub new {
my $class = shift;
@ -24,12 +24,15 @@ sub new {
}
else {
my %args = @_;
# Perl 5.25 does not allow us to pass read-only undef into a
# parameter changing function. So we must send it with a variable.
my $undef = undef;
if ($args{str}) {
$rr = _new_from_str($args{str},
$args{default_ttl} || 0,
$args{origin},
$args{prev} ? ${$args{prev}} : undef,
$args{prev} ? ${$args{prev}} : $undef,
$status);
}
elsif ($args{filename} or $args{file}) {
@ -47,8 +50,8 @@ sub new {
my $ttl = 0;
$rr = _new_from_file($file,
$args{default_ttl} ? ${$args{default_ttl}} : $ttl,
$args{origin} ? ${$args{origin}} : undef,
$args{prev} ? ${$args{prev}} : undef,
$args{origin} ? ${$args{origin}} : $undef,
$args{prev} ? ${$args{prev}} : $undef,
$status,
$line_nr);
if ($args{filename}) {

2
contrib/DNS-LDNS/lib/DNS/LDNS/RRList.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS;
our $VERSION = '0.52';
our $VERSION = '0.61';
sub new {
my ($class, %args) = @_;

2
contrib/DNS-LDNS/lib/DNS/LDNS/Resolver.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS ':all';
our $VERSION = '0.52';
our $VERSION = '0.61';
sub new {
my ($class, %args) = @_;

2
contrib/DNS-LDNS/lib/DNS/LDNS/Zone.pm
View file

@ -6,7 +6,7 @@ use warnings;
use DNS::LDNS ':all';
our $VERSION = '0.52';
our $VERSION = '0.61';
sub new {
my ($class, %args) = @_;

37
contrib/android/15-android.conf Normal file
View file

@ -0,0 +1,37 @@
#### Android...
#
# Heavily hacked 15-android.conf based on OpenSSL's config file of the same name.
# This 15-android.conf avoids compiler errors using NDK-r20. This 15-android.conf
# requires an environment set (sourced) using setenv-android.sh.
my %targets = (
"android" => {
inherit_from => [ "linux-generic32" ],
template => 1,
bin_cflags => add("-fPIE"),
bin_lflags => add("-pie"),
enable => [ ],
},
"android-arm" => {
inherit_from => [ "android", asm("armv4_asm") ],
bn_ops => [ "BN_LLONG", "RC4_CHAR" ],
},
"android-arm64" => {
inherit_from => [ "android", asm("aarch64_asm") ],
bn_ops => [ "SIXTY_FOUR_BIT_LONG", "RC4_CHAR" ],
perlasm_scheme => "linux64",
},
"android-x86" => {
inherit_from => [ "android", asm("x86_asm") ],
cflags => add(picker(release => "-fomit-frame-pointer")),
bn_ops => [ "BN_LLONG", "RC4_INT" ],
perlasm_scheme => "android",
},
"android-x86_64" => {
inherit_from => [ "android", asm("x86_64_asm") ],
bn_ops => [ "SIXTY_FOUR_BIT_LONG", "RC4_INT" ],
perlasm_scheme => "elf",
},
);

55
contrib/android/bootstrap_ldns.sh Executable file
View file

@ -0,0 +1,55 @@
#!/usr/bin/env bash
if ! git submodule update --init; then
echo "Failed to init submodule"
exit 1
fi
echo "AUTOTOOLS_BUILD: $AUTOTOOLS_BUILD"
echo "AUTOTOOLS_HOST: $AUTOTOOLS_HOST"
# libtool complains about our updated config.guess and config.sub.
# Remove them to get through bootstrap. Re-add them after libtoolize.
echo "Running libtoolize"
if [ -n "$(command -v glibtoolize)" ]; then
rm -f config.guess config.sub
if ! glibtoolize -ci ; then
echo "Failed to libtoolize (glibtoolize)"
exit 1
fi
elif [ -n "$(command -v libtoolize)" ]; then
rm -f config.guess config.sub
if ! libtoolize -ci ; then
echo "Failed to libtoolize (libtoolize)"
exit 1
fi
else
echo "Failed to find a libtool"
exit 1
fi
echo "Updating config.guess"
if ! wget -q -O config.guess 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD'; then
echo "Failed to download config.guess"
fi
echo "Updating config.sub"
if ! wget -q -O config.sub 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD'; then
echo "Failed to download config.sub"
fi
echo "Fixing config permissions"
chmod a+x config.guess config.sub
if [ -n "$(command -v xattr 2>/dev/null)" ]; then
xattr -d com.apple.quarantine config.guess 2>/dev/null
xattr -d com.apple.quarantine config.sub 2>/dev/null
fi
echo "Running autoreconf"
if ! autoreconf -fi ; then
echo "Failed to autoreconf"
exit 1
fi
exit 0

60
contrib/android/install_ndk.sh Executable file
View file

@ -0,0 +1,60 @@
#!/usr/bin/env bash
if [ -z "$ANDROID_SDK_ROOT" ]; then
echo "ERROR: ANDROID_SDK_ROOT is not set. Please set it."
echo "SDK root is $ANDROID_SDK_ROOT"
exit 1
fi
if [ -z "$ANDROID_NDK_ROOT" ]; then
echo "ERROR: ANDROID_NDK_ROOT is not set. Please set it."
echo "NDK root is $ANDROID_NDK_ROOT"
exit 1
fi
echo "Using ANDROID_SDK_ROOT: $ANDROID_SDK_ROOT"
echo "Using ANDROID_NDK_ROOT: $ANDROID_NDK_ROOT"
echo "Downloading SDK"
if ! curl -L -k -s -o "$HOME/android-sdk.zip" https://dl.google.com/android/repository/commandlinetools-linux-6200805_latest.zip;
then
echo "Failed to download SDK"
exit 1
fi
echo "Downloading NDK"
if ! curl -L -k -s -o "$HOME/android-ndk.zip" https://dl.google.com/android/repository/android-ndk-r20b-linux-x86_64.zip;
then
echo "Failed to download NDK"
exit 1
fi
echo "Unpacking SDK to $ANDROID_SDK_ROOT"
if ! unzip -qq "$HOME/android-sdk.zip" -d "$ANDROID_SDK_ROOT";
then
echo "Failed to unpack SDK"
exit 1
fi
echo "Unpacking NDK to $ANDROID_NDK_ROOT"
if ! unzip -qq "$HOME/android-ndk.zip" -d "$HOME";
then
echo "Failed to unpack NDK"
exit 1
fi
if ! mv "$HOME/android-ndk-r20b" "$ANDROID_NDK_ROOT";
then
echo "Failed to move $HOME/android-ndk-r20b to $ANDROID_NDK_ROOT"
exit 1
fi
rm -f "$HOME/android-sdk.zip"
rm -f "$HOME/android-ndk.zip"
# https://stackoverflow.com/a/47028911/608639
touch "$ANDROID_SDK_ROOT/repositories.cfg"
echo "Finished installing SDK and NDK"
exit 0

44
contrib/android/install_openssl.sh Executable file
View file

@ -0,0 +1,44 @@
#!/usr/bin/env bash
echo "Downloading OpenSSL"
if ! curl -L -k -s -o openssl-1.1.1d.tar.gz https://www.openssl.org/source/openssl-1.1.1d.tar.gz;
then
echo "Failed to download OpenSSL"
exit 1
fi
echo "Unpacking OpenSSL"
rm -rf ./openssl-1.1.1d
if ! tar -xf openssl-1.1.1d.tar.gz;
then
echo "Failed to unpack OpenSSL"
exit 1
fi
cd openssl-1.1.1d || exit 1
if ! cp ../contrib/android/15-android.conf Configurations/; then
echo "Failed to copy OpenSSL Android config"
exit 1
fi
echo "Configuring OpenSSL"
if ! ./Configure "$OPENSSL_HOST" no-comp no-asm no-hw no-engine shared \
--prefix="$ANDROID_PREFIX" --openssldir="$ANDROID_PREFIX"; then
echo "Failed to configure OpenSSL"
exit 1
fi
echo "Building OpenSSL"
if ! make; then
echo "Failed to build OpenSSL"
exit 1
fi
echo "Installing OpenSSL"
if ! make install_sw; then
echo "Failed to install OpenSSL"
exit 1
fi
exit 0

26
contrib/android/install_tools.sh Executable file
View file

@ -0,0 +1,26 @@
#!/usr/bin/env bash
# This step should install tools needed for all packages - OpenSSL and LDNS
echo "Updating tools"
sudo apt-get -qq update
sudo apt-get -qq install --no-install-recommends curl wget tar zip unzip patch perl openjdk-8-jdk autoconf automake libtool pkg-config
# Android builds run config.guess early to determine BUILD and HOST. We need to add config.guess
# and config.sub now. Later, bootstrap_ldns.sh will handle the complete bootstrap of LDNS.
echo "Adding config.guess"
if ! wget -q -O config.guess 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD'; then
echo "Failed to download config.guess"
fi
echo "Adding config.sub"
if ! wget -q -O config.sub 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD'; then
echo "Failed to download config.sub"
fi
echo "Fixing config permissions"
chmod a+x config.guess config.sub
if [ -n "$(command -v xattr 2>/dev/null)" ]; then
xattr -d com.apple.quarantine config.guess 2>/dev/null
xattr -d com.apple.quarantine config.sub 2>/dev/null
fi

203
contrib/android/setenv_android.sh Executable file
View file

@ -0,0 +1,203 @@
#!/usr/bin/env bash
# ====================================================================
# Sets the cross compile environment for Android
#
# Based upon OpenSSL's setenv-android.sh by TH, JW, and SM.
# Heavily modified by JWW for Crypto++.
# Updated by Skycoder42 for current recommendations for Android.
# Modified by JWW for LDNS.
# ====================================================================
#########################################
##### Some validation #####
#########################################
if [ -z "$ANDROID_API" ]; then
echo "ANDROID_API is not set. Please set it"
[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
fi
if [ -z "$ANDROID_CPU" ]; then
echo "ANDROID_CPU is not set. Please set it"
[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
fi
if [ ! -d "$ANDROID_NDK_ROOT" ]; then
echo "ERROR: ANDROID_NDK_ROOT is not a valid path. Please set it."
echo "NDK root is $ANDROID_NDK_ROOT"
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# cryptest-android.sh may run this script without sourcing.
if [ "$0" = "${BASH_SOURCE[0]}" ]; then
echo "setenv-android.sh is usually sourced, but not this time."
fi
#####################################################################
# Need to set THIS_HOST to darwin-x86_64, linux-x86_64,
# windows, or windows-x86_64
if [[ "$(uname -s | grep -i -c darwin)" -ne 0 ]]; then
THIS_HOST=darwin-x86_64
elif [[ "$(uname -s | grep -i -c linux)" -ne 0 ]]; then
THIS_HOST=linux-x86_64
else
echo "ERROR: Unknown host"
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
ANDROID_TOOLCHAIN="$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/$THIS_HOST/bin"
ANDROID_SYSROOT="$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/$THIS_HOST/sysroot"
# Error checking
if [ ! -d "$ANDROID_TOOLCHAIN" ]; then
echo "ERROR: ANDROID_TOOLCHAIN is not a valid path. Please set it."
echo "Path is $ANDROID_TOOLCHAIN"
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -d "$ANDROID_SYSROOT" ]; then
echo "ERROR: ANDROID_SYSROOT is not a valid path. Please set it."
echo "Path is $ANDROID_SYSROOT"
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
#####################################################################
THE_ARCH=$(tr '[:upper:]' '[:lower:]' <<< "$ANDROID_CPU")
# https://developer.android.com/ndk/guides/abis.html
case "$THE_ARCH" in
armv7*|armeabi*)
CC="armv7a-linux-androideabi$ANDROID_API-clang"
CXX="armv7a-linux-androideabi$ANDROID_API-clang++"
LD="arm-linux-androideabi-ld"
AS="arm-linux-androideabi-as"
AR="arm-linux-androideabi-ar"
RANLIB="arm-linux-androideabi-ranlib"
STRIP="arm-linux-androideabi-strip"
CFLAGS="-march=armv7-a -mthumb -mfloat-abi=softfp -funwind-tables -fexceptions"
CXXFLAGS="-march=armv7-a -mthumb -mfloat-abi=softfp -funwind-tables -fexceptions -frtti"
;;
armv8*|aarch64|arm64)
CC="aarch64-linux-android$ANDROID_API-clang"
CXX="aarch64-linux-android$ANDROID_API-clang++"
LD="aarch64-linux-android-ld"
AS="aarch64-linux-android-as"
AR="aarch64-linux-android-ar"
RANLIB="aarch64-linux-android-ranlib"
STRIP="aarch64-linux-android-strip"
CFLAGS="-funwind-tables -fexceptions"
CXXFLAGS="-funwind-tables -fexceptions -frtti"
;;
x86)
CC="i686-linux-android$ANDROID_API-clang"
CXX="i686-linux-android$ANDROID_API-clang++"
LD="i686-linux-android-ld"
AS="i686-linux-android-as"
AR="i686-linux-android-ar"
RANLIB="i686-linux-android-ranlib"
STRIP="i686-linux-android-strip"
CFLAGS="-mtune=intel -mssse3 -mfpmath=sse -funwind-tables -fexceptions"
CXXFLAGS="-mtune=intel -mssse3 -mfpmath=sse -funwind-tables -fexceptions -frtti"
;;
x86_64|x64)
CC="x86_64-linux-android$ANDROID_API-clang"
CXX="x86_64-linux-android$ANDROID_API-clang++"
LD="x86_64-linux-android-ld"
AS="x86_64-linux-android-as"
AR="x86_64-linux-android-ar"
RANLIB="x86_64-linux-android-ranlib"
STRIP="x86_64-linux-android-strip"
CFLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -funwind-tables -fexceptions"
CXXFLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -funwind-tables -fexceptions -frtti"
;;
*)
echo "ERROR: Unknown architecture $ANDROID_CPU"
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
;;
esac
#####################################################################
# Error checking
if [ ! -e "$ANDROID_TOOLCHAIN/$CC" ]; then
echo "ERROR: Failed to find Android clang. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -e "$ANDROID_TOOLCHAIN/$CXX" ]; then
echo "ERROR: Failed to find Android clang++. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -e "$ANDROID_TOOLCHAIN/$RANLIB" ]; then
echo "ERROR: Failed to find Android ranlib. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -e "$ANDROID_TOOLCHAIN/$AR" ]; then
echo "ERROR: Failed to find Android ar. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -e "$ANDROID_TOOLCHAIN/$AS" ]; then
echo "ERROR: Failed to find Android as. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -e "$ANDROID_TOOLCHAIN/$LD" ]; then
echo "ERROR: Failed to find Android ld. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
#####################################################################
LENGTH=${#ANDROID_TOOLCHAIN}
SUBSTR=${PATH:0:$LENGTH}
if [ "$SUBSTR" != "$ANDROID_TOOLCHAIN" ]; then
export PATH="$ANDROID_TOOLCHAIN:$PATH"
fi
#####################################################################
export CPP CC CXX LD AS AR RANLIB STRIP
export ANDROID_SYSROOT="$AOSP_SYSROOT"
export CPPFLAGS="-D__ANDROID_API__=$ANDROID_API"
export CFLAGS="$CFLAGS --sysroot=$AOSP_SYSROOT"
export CXXFLAGS="$CXXFLAGS -stdlib=libc++ --sysroot=$AOSP_SYSROOT"
#####################################################################
echo "ANDROID_TOOLCHAIN: $ANDROID_TOOLCHAIN"
echo "CPP: $(command -v "$CPP")"
echo "CC: $(command -v "$CC")"
echo "CXX: $(command -v "$CXX")"
echo "LD: $(command -v "$LD")"
echo "AS: $(command -v "$AS")"
echo "AR: $(command -v "$AR")"
echo "ANDROID_SYSROOT: $ANDROID_SYSROOT"
echo "CPPFLAGS: $CPPFLAGS"
echo "CFLAGS: $CFLAGS"
echo "CXXFLAGS: $CXXFLAGS"
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 0 || return 0

0
contrib/build-solaris.sh Executable file → Normal file
View file

41
contrib/ios/15-ios.conf Normal file
View file

@ -0,0 +1,41 @@
#### iPhoneOS/iOS
#
# It takes recent enough Xcode to use following two targets. It shouldn't
# be a problem by now, but if they don't work, original targets below
# that depend on manual definition of environment variables should still
# work...
#
my %targets = (
"ios-common" => {
template => 1,
inherit_from => [ "darwin-common" ],
sys_id => "iOS",
disable => [ "engine", "async" ],
},
"ios-xcrun" => {
inherit_from => [ "ios-common", asm("armv4_asm") ],
bn_ops => [ "BN_LLONG", "RC4_CHAR" ],
perlasm_scheme => "ios32",
},
"ios64-xcrun" => {
inherit_from => [ "ios-common", asm("aarch64_asm") ],
bn_ops => [ "SIXTY_FOUR_BIT_LONG", "RC4_CHAR" ],
perlasm_scheme => "ios64",
},
"iossimulator-xcrun" => {
inherit_from => [ "ios-common" ],
},
"iphoneos-cross" => {
inherit_from => [ "ios-common" ],
cflags => add("-Wall -fno-common"),
},
"ios-cross" => {
inherit_from => [ "ios-xcrun" ],
cflags => add("-Wall -fno-common"),
},
"ios64-cross" => {
inherit_from => [ "ios64-xcrun" ],
cflags => add("-Wall -fno-common"),
},
);

55
contrib/ios/bootstrap_ldns.sh Executable file
View file

@ -0,0 +1,55 @@
#!/usr/bin/env bash
if ! git submodule update --init; then
echo "Failed to init submodule"
exit 1
fi
echo "AUTOTOOLS_BUILD: $AUTOTOOLS_BUILD"
echo "AUTOTOOLS_HOST: $AUTOTOOLS_HOST"
# libtool complains about our updated config.guess and config.sub.
# Remove them to get through bootstrap. Re-add them after libtoolize.
echo "Running libtoolize"
if [ -n "$(command -v glibtoolize)" ]; then
rm -f config.guess config.sub
if ! glibtoolize -ci ; then
echo "Failed to libtoolize (glibtoolize)"
exit 1
fi
elif [ -n "$(command -v libtoolize)" ]; then
rm -f config.guess config.sub
if ! libtoolize -ci ; then
echo "Failed to libtoolize (libtoolize)"
exit 1
fi
else
echo "Failed to find a libtool"
exit 1
fi
echo "Updating config.guess"
if ! wget -q -O config.guess 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD'; then
echo "Failed to download config.guess"
fi
echo "Updating config.sub"
if ! wget -q -O config.sub 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD'; then
echo "Failed to download config.sub"
fi
echo "Fixing config permissions"
chmod a+x config.guess config.sub
if [ -n "$(command -v xattr 2>/dev/null)" ]; then
xattr -d com.apple.quarantine config.guess 2>/dev/null
xattr -d com.apple.quarantine config.sub 2>/dev/null
fi
echo "Running autoreconf"
if ! autoreconf -fi ; then
echo "Failed to autoreconf"
exit 1
fi
exit 0

52
contrib/ios/install_openssl.sh Executable file
View file

@ -0,0 +1,52 @@
#!/usr/bin/env bash
echo "Downloading OpenSSL"
if ! curl -L -k -s -o openssl-1.1.1d.tar.gz https://www.openssl.org/source/openssl-1.1.1d.tar.gz;
then
echo "Failed to download OpenSSL"
exit 1
fi
echo "Unpacking OpenSSL"
rm -rf ./openssl-1.1.1d
if ! tar -xf openssl-1.1.1d.tar.gz;
then
echo "Failed to unpack OpenSSL"
exit 1
fi
cd openssl-1.1.1d || exit 1
if ! cp ../contrib/ios/15-ios.conf Configurations/; then
echo "Failed to copy OpenSSL ios config"
exit 1
fi
# ocsp.c:947:23: error: 'fork' is unavailable: not available on tvOS
# ocsp.c:978:23: error: 'fork' is unavailable: not available on watchOS
# Also see https://github.com/openssl/openssl/issues/7607.
if ! patch -u -p0 < ../contrib/ios/openssl.patch; then
echo "Failed to patch OpenSSL"
exit 1
fi
echo "Configuring OpenSSL"
if ! ./Configure "$OPENSSL_HOST" -DNO_FORK no-comp no-asm no-hw no-engine no-tests no-unit-test \
--prefix="$IOS_PREFIX" --openssldir="$IOS_PREFIX"; then
echo "Failed to configure OpenSSL"
exit 1
fi
echo "Building OpenSSL"
if ! make; then
echo "Failed to build OpenSSL"
exit 1
fi
echo "Installing OpenSSL"
if ! make install_sw; then
echo "Failed to install OpenSSL"
exit 1
fi
exit 0

9
contrib/ios/install_tools.sh Executable file
View file

@ -0,0 +1,9 @@
#!/usr/bin/env bash
# This step should install tools needed for all packages - OpenSSL and LDNS
# When running on Travis, Homebrew fails in unusual ways, hence '|| true'.
# https://travis-ci.community/t/homebrew-fails-because-an-automake-update-is-an-error/7831/3
echo "Updating tools"
brew update 1>/dev/null || true
echo "Installing tools"
brew install autoconf automake libtool pkg-config curl perl 1>/dev/null || true

48
contrib/ios/openssl.patch Normal file
View file

@ -0,0 +1,48 @@
--- apps/speed.c
+++ apps/speed.c
@@ -99,6 +99,13 @@
#endif
#include <openssl/modes.h>
+/* fork() breaks AppleTVOS, WatchOS, AppleTVSimulator and WatchSimulator */
+/* Users should configure with -DNO_FORK */
+#if defined(NO_FORK)
+# undef HAVE_FORK
+# define HAVE_FORK 0
+#endif
+
#ifndef HAVE_FORK
# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
# define HAVE_FORK 0
@@ -110,6 +117,7 @@
#if HAVE_FORK
# undef NO_FORK
#else
+# undef NO_FORK
# define NO_FORK
#endif
--- apps/ocsp.c
+++ apps/ocsp.c
@@ -36,6 +36,13 @@
# include <openssl/x509v3.h>
# include <openssl/rand.h>
+/* fork() breaks AppleTVOS, WatchOS, AppleTVSimulator and WatchSimulator */
+/* Users should configure with -DNO_FORK */
+#if defined(NO_FORK)
+# undef HAVE_FORK
+# define HAVE_FORK 0
+#endif
+
#ifndef HAVE_FORK
# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
# define HAVE_FORK 0
@@ -47,6 +54,7 @@
#if HAVE_FORK
# undef NO_FORK
#else
+# undef NO_FORK
# define NO_FORK
#endif

274
contrib/ios/setenv_ios.sh Executable file
View file

@ -0,0 +1,274 @@
#!/usr/bin/env bash
# ====================================================================
# Sets the cross compile environment for Xcode/iOS
#
# Based upon OpenSSL's setenv-ios.sh by TH, JW, and SM.
# Heavily modified by JWW for Crypto++.
# Modified by JWW for LDNS.
# ====================================================================
#########################################
##### Some validation #####
#########################################
# In the past we could mostly infer arch or cpu from the SDK (and
# mostly vice-versa). Nowadays we need it set for us because Apple
# platforms can be either 32-bit or 64-bit.
if [ -z "$IOS_SDK" ]; then
echo "IOS_SDK is not set. Please set it"
[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
fi
if [ -z "$IOS_CPU" ]; then
echo "IOS_CPU is not set. Please set it"
[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
fi
# cryptest-ios.sh may run this script without sourcing.
if [ "$0" = "${BASH_SOURCE[0]}" ]; then
echo "setenv-ios.sh is usually sourced, but not this time."
fi
#########################################
##### Small Fixups, if needed #####
#########################################
if [[ "$IOS_SDK" == "iPhone" ]]; then
IOS_SDK=iPhoneOS
fi
if [[ "$IOS_SDK" == "iPhoneOSSimulator" ]]; then
IOS_SDK=iPhoneSimulator
fi
if [[ "$IOS_SDK" == "TV" || "$IOS_SDK" == "AppleTV" ]]; then
IOS_SDK=AppleTVOS
fi
if [[ "$IOS_SDK" == "Watch" || "$IOS_SDK" == "AppleWatch" ]]; then
IOS_SDK=WatchOS
fi
if [[ "$IOS_CPU" == "aarch64" || "$IOS_CPU" == "armv8"* ]] ; then
IOS_CPU=arm64
fi
########################################
##### Environment #####
########################################
# The flags below were tested with Xcode 8 on Travis. If
# you use downlevel versions of Xcode, then you can push
# xxx-version-min=n lower. For example, Xcode 6 can use
# -miphoneos-version-min=5.
# iPhones can be either 32-bit or 64-bit
if [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "armv7"* ]]; then
MIN_VER=-miphoneos-version-min=6
elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "arm64" ]]; then
MIN_VER=-miphoneos-version-min=6
# Fixups for convenience
elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "i386" ]]; then
IOS_SDK=iPhoneSimulator
# MIN_VER=-miphoneos-version-min=6
MIN_VER=-miphonesimulator-version-min=6
elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "x86_64" ]]; then
IOS_SDK=iPhoneSimulator
# MIN_VER=-miphoneos-version-min=6
MIN_VER=-miphonesimulator-version-min=6
# Simulator builds
elif [[ "$IOS_SDK" == "iPhoneSimulator" && "$IOS_CPU" == "i386" ]]; then
MIN_VER=-miphonesimulator-version-min=6
elif [[ "$IOS_SDK" == "iPhoneSimulator" && "$IOS_CPU" == "x86_64" ]]; then
MIN_VER=-miphonesimulator-version-min=6
# Apple TV can be 32-bit Intel (1st gen), 32-bit ARM (2nd, 3rd gen) or 64-bit ARM (4th gen)
elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "i386" ]]; then
MIN_VER=-mappletvos-version-min=6
elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "armv7"* ]]; then
MIN_VER=-mappletvos-version-min=6
elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "arm64" ]]; then
MIN_VER=-mappletvos-version-min=6
# Simulator builds
elif [[ "$IOS_SDK" == "AppleTVSimulator" && "$IOS_CPU" == "i386" ]]; then
MIN_VER=-mappletvsimulator-version-min=6
elif [[ "$IOS_SDK" == "AppleTVSimulator" && "$IOS_CPU" == "x86_64" ]]; then
MIN_VER=-mappletvsimulator-version-min=6
# Watch can be either 32-bit or 64-bit ARM. TODO: figure out which
# -mwatchos-version-min=n is needed for arm64. 9 is not enough.
elif [[ "$IOS_SDK" == "WatchOS" && "$IOS_CPU" == "armv7"* ]]; then
MIN_VER=-mwatchos-version-min=6
elif [[ "$IOS_SDK" == "WatchOS" && "$IOS_CPU" == "arm64" ]]; then
MIN_VER=-mwatchos-version-min=10
# Simulator builds. TODO: figure out which -watchos-version-min=n
# is needed for arm64. 6 compiles and links, but is it correct?
elif [[ "$IOS_SDK" == "WatchSimulator" && "$IOS_CPU" == "i386" ]]; then
MIN_VER=-mwatchsimulator-version-min=6
elif [[ "$IOS_SDK" == "WatchSimulator" && "$IOS_CPU" == "x86_64" ]]; then
MIN_VER=-mwatchsimulator-version-min=6
# And the final catch-all
else
echo "IOS_SDK and IOS_CPU are not valid. Please fix them"
[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
fi
#####################################################################
# Xcode 6 and below cannot handle -miphonesimulator-version-min
# Fix it so the simulator will compile as expected. This trick
# may work on other SDKs, but it was not tested.
if [ -n "$(command -v xcodebuild 2>/dev/null)" ]; then
# Output of xcodebuild is similar to "Xcode 6.2". The first cut gets
# the dotted decimal value. The second cut gets the major version.
XCODE_VERSION=$(xcodebuild -version 2>/dev/null | head -n 1 | cut -f2 -d" " | cut -f1 -d".")
if [ -z "$XCODE_VERSION" ]; then XCODE_VERSION=100; fi
if [ "$XCODE_VERSION" -le 6 ]; then
MIN_VER="${MIN_VER//iphonesimulator/iphoneos}"
fi
fi
#####################################################################
# Allow a user override? I think we should be doing this. The use case is,
# move /Applications/Xcode somewhere else for a side-by-side installation.
if [ -z "${XCODE_DEVELOPER-}" ]; then
XCODE_DEVELOPER=$(xcode-select -print-path 2>/dev/null)
fi
if [ ! -d "$XCODE_DEVELOPER" ]; then
echo "ERROR: unable to find XCODE_DEVELOPER directory."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# XCODE_DEVELOPER_SDK is the SDK location.
XCODE_DEVELOPER_SDK="$XCODE_DEVELOPER/Platforms/$IOS_SDK.platform"
if [ ! -d "$XCODE_DEVELOPER_SDK" ]; then
echo "ERROR: unable to find XCODE_DEVELOPER_SDK directory."
echo " Is the SDK supported by Xcode and installed?"
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# XCODE_TOOLCHAIN is the location of the actual compiler tools.
if [ -d "$XCODE_DEVELOPER/Toolchains/XcodeDefault.xctoolchain/usr/bin/" ]; then
XCODE_TOOLCHAIN="$XCODE_DEVELOPER/Toolchains/XcodeDefault.xctoolchain/usr/bin/"
elif [ -d "$XCODE_DEVELOPER_SDK/Developer/usr/bin/" ]; then
XCODE_TOOLCHAIN="$XCODE_DEVELOPER_SDK/Developer/usr/bin/"
fi
if [ -z "$XCODE_TOOLCHAIN" ] || [ ! -d "$XCODE_TOOLCHAIN" ]; then
echo "ERROR: unable to find Xcode cross-compiler tools."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# XCODE_SDK is the SDK name/version being used - adjust the list as appropriate.
# For example, remove 4.3, 6.2, and 6.1 if they are not installed. We go back to
# the 1.0 SDKs because Apple WatchOS uses low numbers, like 2.0 and 2.1.
XCODE_SDK=
for i in $(seq -f "%.1f" 30.0 -0.1 1.0)
do
if [ -d "$XCODE_DEVELOPER_SDK/Developer/SDKs/$IOS_SDK$i.sdk" ]; then
XCODE_SDK="$IOS_SDK$i.sdk"
break
fi
done
# Error checking
if [ -z "$XCODE_SDK" ]; then
echo "ERROR: unable to find a SDK."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
IOS_SYSROOT="$XCODE_DEVELOPER_SDK/Developer/SDKs/$XCODE_SDK"
if [ -z "$IOS_SYSROOT" ] || [ ! -d "$IOS_SYSROOT" ]; then
echo "ERROR: unable to find IOS_SYSROOT directory."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
#####################################################################
# We want to set AR=libtool and ARFLAGS="-static -o",
# but I am not sure Autotools can handle it.
CPP=cpp; CC=clang; CXX=clang++; LD=ld
AS=as; AR=ar; RANLIB=ranlib; STRIP=strip
# Error checking
if [ ! -e "$XCODE_TOOLCHAIN/$CC" ]; then
echo "ERROR: Failed to find iOS clang. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -e "$XCODE_TOOLCHAIN/$CXX" ]; then
echo "ERROR: Failed to find iOS clang++. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -e "$XCODE_TOOLCHAIN/$RANLIB" ]; then
echo "ERROR: Failed to find iOS ranlib. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -e "$XCODE_TOOLCHAIN/$AR" ]; then
echo "ERROR: Failed to find iOS ar. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -e "$XCODE_TOOLCHAIN/$AS" ]; then
echo "ERROR: Failed to find iOS as. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
# Error checking
if [ ! -e "$XCODE_TOOLCHAIN/$LD" ]; then
echo "ERROR: Failed to find iOS ld. Please edit this script."
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1
fi
#####################################################################
LENGTH=${#XCODE_TOOLCHAIN}
SUBSTR=${PATH:0:$LENGTH}
if [ "$SUBSTR" != "$XCODE_TOOLCHAIN" ]; then
export PATH="$XCODE_TOOLCHAIN":"$PATH"
fi
#####################################################################
export CPP CC CXX LD AS AR RANLIB STRIP
export IOS_SYSROOT
export CFLAGS="-arch $IOS_CPU $MIN_VER --sysroot=$IOS_SYSROOT"
export CXXFLAGS="-arch $IOS_CPU $MIN_VER -stdlib-libc++ --sysroot=$IOS_SYSROOT"
#####################################################################
echo "XCODE_TOOLCHAIN: $XCODE_TOOLCHAIN"
echo "CPP: $(command -v "$CPP")"
echo "CC: $(command -v "$CC")"
echo "CXX: $(command -v "$CXX")"
echo "LD: $(command -v "$LD")"
echo "AS: $(command -v "$AS")"
echo "AR: $(command -v "$AR")"
echo "IOS_SYSROOT: $IOS_SYSROOT"
echo "CPPFLAGS: $CPPFLAGS"
echo "CFLAGS: $CFLAGS"
echo "CXXFLAGS: $CXXFLAGS"
[ "$0" = "${BASH_SOURCE[0]}" ] && exit 0 || return 0

4
contrib/ldnsx/README
View file

@ -1,8 +1,8 @@
LDNSX: Easy DNS (including DNSSEC) via ldns.
ldns is a great library. It is a powerfull tool for
ldns is a great library. It is a powerful tool for
working with DNS. python-ldns it is a straight up clone of the C
interface, howver that is not a very good interface for python. Its
interface, however that is not a very good interface for python. Its
documentation is incomplete and some functions don't work as
described. And some objects don't have a full python API.

18
contrib/ldnsx/ldnsx.py
View file

@ -4,9 +4,9 @@
""" Easy DNS (including DNSSEC) via ldns.
ldns is a great library. It is a powerfull tool for
ldns is a great library. It is a powerful tool for
working with DNS. python-ldns it is a straight up clone of the C
interface, howver that is not a very good interface for python. Its
interface, however that is not a very good interface for python. Its
documentation is incomplete and some functions don't work as
described. And some objects don't have a full python API.
@ -204,7 +204,7 @@ class resolver:
defaults to settings from /etc/resolv.conf
* dnssec -- should the resolver try and use dnssec or not?
* tcp -- should the resolver use TCP
'auto' is a depricated work around for old ldns problems
'auto' is a deprecated work around for old ldns problems
* port -- the port to use, must be the same for all nameservers
"""
@ -238,7 +238,7 @@ class resolver:
* rr_type -- the record type to query for
* rr_class -- the class to query for, defaults to IN (Internet)
* flags -- the flags to send the query with
* tries -- the number of times to attempt to acheive query in case of packet loss, etc
* tries -- the number of times to attempt to achieve query in case of packet loss, etc
**Examples**
@ -284,7 +284,7 @@ class resolver:
If the version of ldnsx you are using is old, it is possible that there could be new rr_types that
we don't recognise mnemonic for. You can still use the number XXX or the string "TYPEXXX". To
determine what rr_type menmonics we support, please refer to resolver.supported_rr_types()
determine what rr_type mnemonics we support, please refer to resolver.supported_rr_types()
"""
# Determine rr_type int
@ -320,7 +320,7 @@ class resolver:
pkt = self._ldns_resolver.query(name, _rr_type, _rr_class, _flags)
except KeyboardInterrupt: #Since so much time is spent waiting on ldns, this is very common place for Ctr-C to fall
raise
except: #Since the ldns exceptiion is not very descriptive...
except: #Since the ldns exception is not very descriptive...
raise Exception("ldns backend ran into problems. Likely, the name you were querying for, %s, was invalid." % name)
#Deal with failed queries
if not pkt:
@ -384,7 +384,7 @@ class resolver:
>>> tlds.append(rr.owner())
"""
#Dname seems to be unecessary on some computers, but it is on others. Avoid bugs.
#Dname seems to be unnecessary on some computers, but it is on others. Avoid bugs.
if self._ldns_resolver.axfr_start(ldns.ldns_dname(name), ldns.LDNS_RR_CLASS_IN) != ldns.LDNS_STATUS_OK:
raise Exception("Starting AXFR failed. Error: %s" % ldns.ldns_get_errorstr_by_id(status))
pres = self._ldns_resolver.axfr_next()
@ -497,7 +497,7 @@ class packet:
Example returned value: "NOERROR"
possilbe rcodes (via ldns): "FORMERR", "MASK", "NOERROR",
possible rcodes (via ldns): "FORMERR", "MASK", "NOERROR",
"NOTAUTH", "NOTIMPL", "NOTZONE", "NXDOMAIN",
"NXRSET", "REFUSED", "SERVFAIL", "SHIFT",
"YXDOMAIN", "YXRRSET"
@ -823,7 +823,7 @@ class resource_record:
return -1
def protocol(self):
""" Returns proticol of the DNSKEY"""
""" Returns protocol of the DNSKEY"""
t = self.rr_type()
if t == "DNSKEY":
return int(self[5])

4
contrib/ldnsx/source/index.rst
View file

@ -3,9 +3,9 @@ Welcome to ldnsx's documentation!
LDNSX: Easy DNS (including DNSSEC) via ldns.
ldns is a great library. It is a powerfull tool for
ldns is a great library. It is a powerful tool for
working with DNS. python-ldns it is a straight up clone of the C
interface, howver that is not a very good interface for python. Its
interface, however that is not a very good interface for python. Its
documentation is incomplete and some functions don't work as
described. And some objects don't have a full python API.

2
contrib/python/Changelog
View file

@ -2,7 +2,7 @@
* Added ldns_rdf.data_as_bytearray(). The method returns a bytearray object
containing rdf data.
* Changed the behaviour of ldns_resolver.trusted_key() in order to prevent
memory corrupotion and leaks.
memory corruption and leaks.
* Fixed memory leaks when destroying ldns_resolver.
* Removed ldns_pkt.section_count(), ldns_resolver.set_searchlist_count()
because it is marked static in the library.

2
contrib/python/docs/source/examples/example1.rst
View file

@ -50,7 +50,7 @@ In the third step we tell the resolver to query for our domain, type MX, of clas
pkt = resolver.query(dname, ldns.LDNS_RR_TYPE_MX, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD)
The function should return a packet if everything goes well and this packet will contain resource records we asked for.
Note that there exists a simplier way. Instead of using a dname variable, we can use a string which will be automatically converted.
Note that there exists a simpler way. Instead of using a dname variable, we can use a string which will be automatically converted.
::
pkt = resolver.query("fit.vutbr.cz", ldns.LDNS_RR_TYPE_MX, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD)

6
contrib/python/docs/source/examples/example8.rst
View file

@ -10,8 +10,8 @@ In order to be able sign a zone file, you have to generate a key-pair using ``ld
Signing consists of three steps
1. In the first step, the content of a zone file is readed and parsed. This can be done using :class:`ldns.ldns_zone` class.
1. In the first step, the content of a zone file is read and parsed. This can be done using :class:`ldns.ldns_zone` class.
2. In the second step, the private and public key is readed and public key is inserted into zone (as DNSKEY).
2. In the second step, the private and public key is read and public key is inserted into zone (as DNSKEY).
3. In the last step, the DNSSEC zone instace is created and all the RRs from zone file are copied here. Then, all the records are signed using :meth:`ldns.ldns_zone.sign` method. If the signing was successfull, the content of DNSSEC zone is written to a file.
3. In the last step, the DNSSEC zone instance is created and all the RRs from zone file are copied here. Then, all the records are signed using :meth:`ldns.ldns_zone.sign` method. If the signing was successful, the content of DNSSEC zone is written to a file.

2
contrib/python/docs/source/install.rst
View file

@ -14,7 +14,7 @@ is required.
**Download**
The lates source codes can be downloaded from `here`_.
The latest source codes can be downloaded from `here`_.
.. _here: http://nlnetlabs.nl/projects/ldns/

2
contrib/python/examples/test_buffer.py
View file

@ -230,7 +230,7 @@ if True:
#if not error_detected:
if True:
mehod_name = "ldns_buffer.flip()"
method_name = "ldns_buffer.flip()"
buf.printf("abcdef")
try:
buf.flip()

2
contrib/python/examples/test_dname.py
View file

@ -44,7 +44,7 @@ if True:
except:
set_error()
#
# Error when printing a dname wich was created fron an empty string.
# Error when printing a dname which was created from an empty string.
# Must find out why.
#
try:

0
contrib/python/examples/test_rr.py Normal file → Executable file
View file

25
contrib/python/ldns.i
View file

@ -399,6 +399,28 @@ PyObject* ldns_wire2pkt_(const char *str, int len)
return tuple;
}
PyObject* ldns_pkt2wire_(const ldns_pkt *pkt)
//returns tuple (status, result)
{
PyObject *resultobj = 0;
uint8_t *arg1 = NULL;
size_t arg3;
ldns_status result;
PyObject* tuple;
result = (ldns_status)ldns_pkt2wire(&arg1,pkt,&arg3);
tuple = PyTuple_New(2);
PyTuple_SetItem(tuple, 0, SWIG_From_int(result));
if (result == LDNS_STATUS_OK)
PyTuple_SetItem(tuple, 1, SWIG_FromCharPtrAndSize((char *)arg1, arg3));
else {
Py_INCREF(Py_None);
PyTuple_SetItem(tuple, 1, Py_None);
}
LDNS_FREE(arg1);
return tuple;
}
%}
%pythoncode %{
@ -408,6 +430,9 @@ def ldns_fetch_valid_domain_keys(res, domain, keys):
def ldns_wire2pkt(data):
return _ldns.ldns_wire2pkt_(data)
def ldns_pkt2wire(data):
return _ldns.ldns_pkt2wire_(data)
def ldns_rr_iter_frm_fp_l(input_file):
"""Creates an iterator (generator) that returns individual parsed
RRs from an open zone file."""

2
contrib/python/ldns_buffer.i
View file

@ -483,7 +483,7 @@
:param amount: Amount to use.
:type amount: positive integer
:throws TypeError: When `amount` of non-integer type.
:return: (bool) hether this failed or succeeded.
:return: (bool) Whether this failed or succeeded.
"""
return _ldns.ldns_buffer_reserve(self, amount)
#parameters: ldns_buffer *, size_t,

4
contrib/python/ldns_dname.i
View file

@ -36,7 +36,7 @@
/* ========================================================================= */
/*
* Not here (with the exception of functions defined in this C code sction),
* Not here (with the exception of functions defined in this C code section),
* must be set in ldns_rdf.i.
*/
@ -46,7 +46,7 @@
/* ========================================================================= */
/*
* Not here (with the exception of functions defined in this C code sction),
* Not here (with the exception of functions defined in this C code section),
* must be set in ldns_rdf.i.
*/

2
contrib/python/ldns_dnssec.i
View file

@ -163,7 +163,7 @@
@staticmethod
def new_frm_rr(raiseException=True):
"""Create a new instace of dnssec name for the given RR.
"""Create a new instance of dnssec name for the given RR.
:returns: (ldns_dnssec_name) instance
"""

6
contrib/python/ldns_key.i
View file

@ -41,7 +41,7 @@
$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_key), SWIGTYPE_p_ldns_struct_key, SWIG_POINTER_OWN | 0 ));
}
%exception ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r) %{ $action Py_INCREF(obj1); %}
%typemap(argout) ldns_rdf *r "Py_INCREF($input);"
%nodefaultctor ldns_struct_key; //no default constructor & destructor
%nodefaultdtor ldns_struct_key;
@ -204,7 +204,7 @@ This class can contains all types of keys that are used in DNSSEC. Mostly used t
def expiration(self):
"""return the key's expiration date
:returns: (uint32_t) the experiration date
:returns: (uint32_t) the expiration date
"""
return _ldns.ldns_key_expiration(self)
#parameters: const ldns_key *,
@ -514,7 +514,7 @@ void _ldns_key_list_free (ldns_key_list* k) {
"""Set the keylist's key count to count.
:param count:
the cuont
the count
"""
_ldns.ldns_key_list_set_key_count(self,count)
#parameters: ldns_key_list *,size_t,

4
contrib/python/ldns_packet.i
View file

@ -736,7 +736,7 @@ This simple example instances a resolver in order to resolve NS for nic.cz."
"""
Return the packet's edns data.
:return: (:class:`ldns_rdf`) The ensd data.
:return: (:class:`ldns_rdf`) The edns data.
"""
return _ldns._ldns_pkt_edns_data(self)
#parameters: const ldns_pkt *,
@ -1346,7 +1346,7 @@ This simple example instances a resolver in order to resolve NS for nic.cz."
def set_rcode(self, c):
"""
Set the packet's respons code.
Set the packet's response code.
:param c: The rcode.
:type c: uint8_t

29
contrib/python/ldns_rdf.i
View file

@ -221,6 +221,8 @@
case LDNS_RDF_TYPE_EUI64: return "EUI64";
case LDNS_RDF_TYPE_TAG: return "TAG";
case LDNS_RDF_TYPE_LONG_STR: return "LONG_STR";
case LDNS_RDF_TYPE_AMTRELAY: return "AMTRELAY";
case LDNS_RDF_TYPE_SVCPARAMS: return "SVCPARAMS";
case LDNS_RDF_TYPE_CERTIFICATE_USAGE:
return "CERTIFICATE_USAGE";
case LDNS_RDF_TYPE_SELECTOR: return "SELECTOR";
@ -313,8 +315,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
rr = _ldns.ldns_rdf_new_frm_str(rr_type, string)
if (not rr) and raiseException:
raise Exception("Can't create query packet, " +
"error: %d" % status)
raise Exception("Can't create query packet")
return rr
#
@ -584,7 +585,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.dname_new_frm_str() method is" +
" scheduled to be deprecated in future releases." +
" Use ldsn_dname constructor instead.",
" Use ldns_dname constructor instead.",
PendingDeprecationWarning, stacklevel=2)
return _ldns.ldns_dname_new_frm_str(string)
@ -607,7 +608,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.absolute() method is scheduled" +
" to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
if self.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
string = self.__str__()
@ -629,7 +630,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.make_canonical() method is scheduled" +
" to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
_ldns.ldns_dname2canonical(self)
@ -652,7 +653,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.dname_compare() method is" +
" scheduled to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
#
# The wrapped function generates asserts instead of setting
@ -684,7 +685,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.cat() method is scheduled" +
" to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
return _ldns.ldns_dname_cat(self, rd2)
#parameters: ldns_rdf *, ldns_rdf *,
@ -709,7 +710,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.cat_clone() method is scheduled" +
" to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
return _ldns.ldns_dname_cat_clone(self, rd2)
#parameters: const ldns_rdf *, const ldns_rdf *,
@ -739,7 +740,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.interval() method is scheduled" +
" to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
#
# The wrapped function generates asserts instead of setting
@ -778,7 +779,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.is_subdomain() method is scheduled" +
" to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
return _ldns.ldns_dname_is_subdomain(self, parent)
#parameters: const ldns_rdf *, const ldns_rdf *,
@ -805,7 +806,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.label() method is scheduled" +
" to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
return _ldns.ldns_dname_label(self, labelpos)
#parameters: const ldns_rdf *, uint8_t,
@ -825,7 +826,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.label_count() method is scheduled" +
" to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
return _ldns.ldns_dname_label_count(self)
#parameters: const ldns_rdf *,
@ -847,7 +848,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.left_chop() method is scheduled" +
" to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
return _ldns.ldns_dname_left_chop(self)
#parameters: const ldns_rdf *,
@ -870,7 +871,7 @@ specified in the (16-bit) type field with a value from ldns_rdf_type."
"""
warnings.warn("The ldns_rdf.reverse() method is scheduled" +
" to be deprecated in future releases." +
" Convert the ldns_rdf to ldsn_dname and the use its" +
" Convert the ldns_rdf to ldns_dname and the use its" +
" methods.", PendingDeprecationWarning, stacklevel=2)
if self.get_type() != _ldns.LDNS_RDF_TYPE_DNAME:
raise Exception("Operand must be a dname rdf.")

6
contrib/python/ldns_resolver.i
View file

@ -35,7 +35,7 @@
/* SWIG setting and definitions. */
/* ========================================================================= */
/* Creates temporary instance of (ldns_rersolver *). */
/* Creates temporary instance of (ldns_resolver *). */
%typemap(in,numinputs=0,noblock=1) (ldns_resolver **r)
{
ldns_resolver *$1_res;
@ -350,7 +350,7 @@ record."
Creates a resolver object from given file name
:param filename: Name of file which contains resolver
informations (usually /etc/resolv.conf).
information (usually /etc/resolv.conf).
:type filename: str
:param raiseException: If True, an exception occurs in case a
resolver object can't be created.
@ -431,7 +431,7 @@ record."
Ask the resolver about name and return all address records.
:param name: The name to look for. String is automatically
converrted to dname.
converted to dname.
:type name: :class:`ldns_dname` or str
:param aclass: The class to use.
:type aclass: ldns_rr_class

20
contrib/python/ldns_rr.i
View file

@ -456,7 +456,7 @@
%{
void _ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *rdf)
{
return ldns_rr_set_owner(rr, ldns_rdf_clone(rdf));
ldns_rr_set_owner(rr, ldns_rdf_clone(rdf));
}
%}
@ -562,7 +562,7 @@ to create :class:`ldns_rr` instances.
:type prev: :class:`ldns_rdf`
:param raiseException: If True, an exception occurs in case a rr
instance can't be created.
:throws Exception: If `raiseExceprion` is set and fails.
:throws Exception: If `raiseException` is set and fails.
:throws TypeError: When parameters of incorrect types.
:return: (:class:`ldns_rr`) RR instance or None.
@ -612,7 +612,7 @@ to create :class:`ldns_rr` instances.
:type prev: :class:`ldns_rdf`
:param raiseException: If True, an exception occurs in case
a rr instance can't be created.
:throws Exception: If `raiseExceprion` is set and fails.
:throws Exception: If `raiseException` is set and fails.
:throws TypeError: When parameters of incorrect types.
:return: (:class:`ldns_rr`) RR instance or None. If the object
can't be created and `raiseException` is True,
@ -657,7 +657,7 @@ to create :class:`ldns_rr` instances.
:type prev: :class:`ldns_rdf`
:param raiseException: If True, an exception occurs in case when
a rr instance can't be created.
:throws Exception: If `raiseExceprion` is set and fails.
:throws Exception: If `raiseException` is set and fails.
:throws TypeError: When parameters of incorrect types.
:return: None when fails, otherwise a tuple containing:
@ -751,7 +751,7 @@ to create :class:`ldns_rr` instances.
:type origin: :class:`ldns_dname`
:param prev: When the owner is white spaces use this.
:type prev: :class:`ldns_rdf`
:param raiseException: Iif True, an exception occurs in case
:param raiseException: If True, an exception occurs in case
a resolver object can't be created.
:throws Exception: If `raiseException` is set and the input
cannot be read.
@ -1424,9 +1424,9 @@ to create :class:`ldns_rr` instances.
def rrsig_set_expiration(self, f):
"""
Sets the expireation date of a LDNS_RR_TYPE_RRSIG rr.
Sets the expiration date of a LDNS_RR_TYPE_RRSIG rr.
:param f: The expireation date to set.
:param f: The expiration date to set.
:type f: :class:`ldns_rdf`
:throws TypeError: when `f` of non-:class:`ldns_rdf` type.
:return: (bool) True on success, False otherwise.
@ -1653,7 +1653,7 @@ to create :class:`ldns_rr` instances.
Sets the type in the rr.
:param rr_type: Set to this type.
:type rr_type: ineteger
:type rr_type: integer
:throws TypeError: when `rr_type` of non-integer type.
"""
_ldns.ldns_rr_set_type(self, rr_type)
@ -1695,7 +1695,7 @@ to create :class:`ldns_rr` instances.
"""
Calculates the uncompressed size of an RR.
:return: (inetger) size of the rr.
:return: (integer) size of the rr.
"""
return _ldns.ldns_rr_uncompressed_size(self)
#parameters: const ldns_rr *,
@ -2441,7 +2441,7 @@ In order to create a class instance use :meth:`ldns_rr_descriptor`.
:param field: The field number.
:type field: positive int
:throws TypeError: when `field` of non-inetger type.
:throws TypeError: when `field` of non-integer type.
:return: (int) the rdf type for the field.
"""
return _ldns.ldns_rr_descriptor_field_type(self, field)

8
contrib/python/ldns_zone.i
View file

@ -132,7 +132,7 @@ The ``zone.txt`` file contains the following records::
:param file: a file object
:param origin: (ldns_rdf) the zones' origin
:param ttl: default ttl to use
:param rr_class: efault class to use (IN)
:param rr_class: Default class to use (IN)
:param raiseException: if True, an exception occurs in case a zone instance can't be created
:returns: zone instance or None. If an instance can't be created and raiseException is True, an exception occurs.
"""
@ -149,7 +149,7 @@ The ``zone.txt`` file contains the following records::
:param file: a file object
:param origin: (ldns_rdf) the zones' origin
:param ttl: default ttl to use
:param rr_class: efault class to use (IN)
:param rr_class: Default class to use (IN)
:param raiseException: if True, an exception occurs in case a zone instance can't be created
:returns:
* zone - zone instance or None. If an instance can't be created and raiseException is True, an exception occurs.
@ -216,7 +216,7 @@ The ``zone.txt`` file contains the following records::
:param rr:
the rr to add
:returns: (bool) a true on succes otherwise falsed
:returns: (bool) a true on success otherwise falsed
"""
return _ldns.ldns_zone_push_rr(self,rr)
#parameters: ldns_zone *,ldns_rr *,
@ -229,7 +229,7 @@ The ``zone.txt`` file contains the following records::
:param list:
the list to add
:returns: (bool) a true on succes otherwise falsed
:returns: (bool) a true on success otherwise falsed
"""
return _ldns.ldns_zone_push_rr_list(self,list)
#parameters: ldns_zone *,ldns_rr_list *,

65
dane.c
View file

@ -1,7 +1,7 @@
/*
* Verify or create TLS authentication with DANE (RFC6698)
*
* (c) NLnetLabs 2012
* (c) NLnetLabs 2012-2020
*
* See the file LICENSE for the license.
*
@ -29,6 +29,63 @@
#include <openssl/x509v3.h>
#endif
/* OpenSSL context options. At the moment, disable SSLv2, SSLv3
* and Compression, if available. TLSv1.0 is allowed at the moment.
* TLSv1.1 is the first to provide elliptic curves, so it is usually
* allowed in a TLS stack. TLSv1.2 is the first to provide authentication
* modes of operation, like GCM. The defines below are a moving
* target based on OpenSSL library version. Grep is useful to find
* the defines: grep -IR SSL_OP_NO_ /usr/include/openssl.
*/
#ifdef HAVE_SSL
# ifdef SSL_OP_NO_SSLv2
const long NoOpenSSLv2 = SSL_OP_NO_SSLv2;
# else
const long NoOpenSSLv2 = 0L;
# endif
# ifdef SSL_OP_NO_SSLv3
const long NoOpenSSLv3 = SSL_OP_NO_SSLv3;
# else
const long NoOpenSSLv3 = 0L;
# endif
# ifdef SSL_OP_NO_TLSv1
const long NoOpenTLSv1 = SSL_OP_NO_TLSv1;
# else
const long NoOpenTLSv1 = 0L;
# endif
# ifdef SSL_OP_NO_DTLSv1
const long NoOpenDTLSv1 = SSL_OP_NO_DTLSv1;
# else
const long NoOpenDTLSv1 = 0L;
# endif
# ifdef SSL_OP_NO_COMPRESSION
const long NoOpenSSLCompression = SSL_OP_NO_COMPRESSION;
# else
const long NoOpenSSLCompression = 0L;
# endif
#endif
#if defined(USE_DANE_VERIFY) && defined(USE_DANE_TA_USAGE)
static SSL_CTX*
ldns_dane_new_ssl_context(void)
{
SSL_CTX* ssl_ctx;
ssl_ctx = SSL_CTX_new(TLS_client_method());
if (ssl_ctx != NULL)
{
/* ldns allows TLS and DTLS v1.0 at the moment. Some may disagree.
* Sometime in the future they may be disabled, too. Maybe
* --disable-tlsv1 and --disable-dtlsv1 should be configure options.
*/
long flags = NoOpenSSLv2 | NoOpenSSLv3 | NoOpenSSLCompression;
SSL_CTX_set_options(ssl_ctx, flags);
}
return ssl_ctx;
}
#endif
ldns_status
ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
uint16_t port, ldns_dane_transport transport)
@ -193,7 +250,7 @@ ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs,
}
/* Orinary PKIX validation of cert (with extra_certs to help)
/* Ordinary PKIX validation of cert (with extra_certs to help)
* against the CA's in store, but also return the validation chain.
*/
static ldns_status
@ -641,7 +698,7 @@ ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
* verification. We use these undocumented means with the ldns
* dane function prototypes which did only offline dane verification.
*/
if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
if (!(ssl_ctx = ldns_dane_new_ssl_context()))
s = LDNS_STATUS_MEM_ERR;
else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
@ -841,7 +898,7 @@ ldns_dane_verify(const ldns_rr_list* tlsas,
* verification. We use these undocumented means with the ldns
* dane function prototypes which did only offline dane verification.
*/
if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
if (!(ssl_ctx = ldns_dane_new_ssl_context()))
s = LDNS_STATUS_MEM_ERR;
else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)

2
dname.c
View file

@ -3,7 +3,7 @@
*
* dname specific rdata implementations
* A dname is a rdf structure with type LDNS_RDF_TYPE_DNAME
* It is not a /real/ type! All function must therefor check
* It is not a /real/ type! All function must therefore check
* for LDNS_RDF_TYPE_DNAME.
*
* a Net::DNS like library for C

91
dnssec.c
View file

@ -23,6 +23,11 @@
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/md5.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#ifdef USE_DSA
#include <openssl/dsa.h>
#endif
#endif
ldns_rr *
@ -149,6 +154,7 @@ ldns_dnssec_nsec3_closest_encloser(const ldns_rdf *qname,
LDNS_FREE(salt);
ldns_rdf_deep_free(zone_name);
ldns_rdf_deep_free(sname);
ldns_rdf_deep_free(hashed_sname);
return NULL;
}
@ -326,6 +332,7 @@ uint16_t ldns_calc_keytag_raw(const uint8_t* key, size_t keysize)
}
#ifdef HAVE_SSL
#ifdef USE_DSA
DSA *
ldns_key_buf2dsa(const ldns_buffer *key)
{
@ -365,7 +372,6 @@ ldns_key_buf2dsa_raw(const unsigned char* key, size_t len)
offset += length;
Y = BN_bin2bn(key+offset, (int)length, NULL);
offset += length;
/* create the key and set its properties */
if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
@ -375,7 +381,7 @@ ldns_key_buf2dsa_raw(const unsigned char* key, size_t len)
BN_free(Y);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
#ifndef S_SPLINT_S
dsa->p = P;
dsa->q = Q;
@ -402,6 +408,7 @@ ldns_key_buf2dsa_raw(const unsigned char* key, size_t len)
#endif /* OPENSSL_VERSION_NUMBER */
return dsa;
}
#endif /* USE_DSA */
RSA *
ldns_key_buf2rsa(const ldns_buffer *key)
@ -427,7 +434,7 @@ ldns_key_buf2rsa_raw(const unsigned char* key, size_t len)
return NULL;
/* need some smart comment here XXX*/
/* the exponent is too large so it's places
* futher...???? */
* further...???? */
memmove(&int16, key+1, 2);
exp = ntohs(int16);
offset = 3;
@ -461,7 +468,7 @@ ldns_key_buf2rsa_raw(const unsigned char* key, size_t len)
BN_free(modulus);
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
#ifndef S_SPLINT_S
rsa->n = modulus;
rsa->e = exponent;
@ -905,7 +912,7 @@ ldns_dnssec_create_nsec3(const ldns_dnssec_name *from,
cur_rrsets = from->rrsets;
while (cur_rrsets) {
/* Do not include non-authoritative rrsets on the delegation point
* in the type bitmap. Potentionally not skipping insecure
* in the type bitmap. Potentially not skipping insecure
* delegation should have been done earlier, in function
* ldns_dnssec_zone_create_nsec3s, or even earlier in:
* ldns_dnssec_zone_sign_nsec3_flg .
@ -1327,6 +1334,8 @@ ldns_nsec3_salt_data(const ldns_rr *nsec3_rr)
ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr);
if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) {
salt_length = ldns_rdf_data(salt_rdf)[0];
if((size_t)salt_length+1 > ldns_rdf_size(salt_rdf))
return NULL;
salt = LDNS_XMALLOC(uint8_t, salt_length);
if(!salt) return NULL;
memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length);
@ -1556,6 +1565,7 @@ ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o,
ldns_rr_list *sigs_covered;
ldns_rdf *rdf_t;
ldns_rr_type t_netorder;
ldns_status status;
if (!k) {
return LDNS_STATUS_ERR;
@ -1607,7 +1617,9 @@ ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o,
}
return LDNS_STATUS_ERR;
}
return ldns_verify_time(rrset, sigs, k, check_time, good_keys);
status = ldns_verify_time(rrset, sigs, k, check_time, good_keys);
ldns_rr_list_deep_free(rrset);
return status;
}
ldns_status
@ -1896,7 +1908,7 @@ ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf)
{
/* convert from two BIGNUMs in the rdata buffer, to ASN notation.
* ASN preable: 30440220 <R 32bytefor256> 0220 <S 32bytefor256>
* ASN preamble: 30440220 <R 32bytefor256> 0220 <S 32bytefor256>
* the '20' is the length of that field (=bnsize).
* the '44' is the total remaining length.
* if negative, start with leading zero.
@ -1942,69 +1954,4 @@ ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
#endif /* S_SPLINT_S */
#endif /* USE_ECDSA */
#if defined(USE_ED25519) || defined(USE_ED448)
/* debug printout routine */
static void print_hex(const char* str, uint8_t* d, int len)
{
const char hex[] = "0123456789abcdef";
int i;
printf("%s [len=%d]: ", str, len);
for(i=0; i<len; i++) {
int x = (d[i]&0xf0)>>4;
int y = (d[i]&0x0f);
printf("%c%c", hex[x], hex[y]);
}
printf("\n");
}
#endif
#ifdef USE_ED25519
ldns_rdf *
ldns_convert_ed25519_rrsig_asn12rdf(const ldns_buffer *sig, long sig_len)
{
unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
ldns_rdf* rdf = NULL;
/* TODO when Openssl supports signing and you can test this */
print_hex("sig in ASN", data, sig_len);
return rdf;
}
ldns_status
ldns_convert_ed25519_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf)
{
/* TODO when Openssl supports signing and you can test this. */
/* convert sig_buf into ASN1 into the target_buffer */
print_hex("sig raw", ldns_rdf_data(sig_rdf), ldns_rdf_size(sig_rdf));
return ldns_buffer_status(target_buffer);
}
#endif /* USE_ED25519 */
#ifdef USE_ED448
ldns_rdf *
ldns_convert_ed448_rrsig_asn12rdf(const ldns_buffer *sig, long sig_len)
{
unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
ldns_rdf* rdf = NULL;
/* TODO when Openssl supports signing and you can test this */
print_hex("sig in ASN", data, sig_len);
return rdf;
}
ldns_status
ldns_convert_ed448_rrsig_rdf2asn1(ldns_buffer *target_buffer,
const ldns_rdf *sig_rdf)
{
/* TODO when Openssl supports signing and you can test this. */
/* convert sig_buf into ASN1 into the target_buffer */
print_hex("sig raw", ldns_rdf_data(sig_rdf), ldns_rdf_size(sig_rdf));
return ldns_buffer_status(target_buffer);
}
#endif /* USE_ED448 */
#endif /* HAVE_SSL */

317
dnssec_sign.c
View file

@ -17,8 +17,16 @@
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/md5.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#ifdef USE_DSA
#include <openssl/dsa.h>
#endif
#endif /* HAVE_SSL */
#define LDNS_SIGN_WITH_ZONEMD ( LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384 \
| LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512 )
ldns_rr *
ldns_create_empty_rrsig(const ldns_rr_list *rrset,
const ldns_key *current_key)
@ -184,7 +192,7 @@ ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
EVP_sha512());
NULL);
break;
#endif
#ifdef USE_ED448
@ -192,7 +200,7 @@ ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
EVP_sha512());
NULL);
break;
#endif
case LDNS_SIGN_RSAMD5:
@ -234,8 +242,6 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
new_owner = NULL;
signatures = ldns_rr_list_new();
/* prepare a signature and add all the know data
* prepare the rrset. Sign this together. */
rrset_clone = ldns_rr_list_clone(rrset);
@ -252,6 +258,8 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
/* sort */
ldns_rr_list_sort(rrset_clone);
signatures = ldns_rr_list_new();
for (key_count = 0;
key_count < ldns_key_list_key_count(keys);
key_count++) {
@ -320,14 +328,6 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
return signatures;
}
/**
* Sign data with DSA
*
* \param[in] to_sign The ldns_buffer containing raw data that is
* to be signed
* \param[in] key The DSA key structure to sign with
* \return ldns_rdf for the RRSIG ldns_rr
*/
ldns_rdf *
ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
{
@ -408,11 +408,14 @@ ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
{
EC_KEY* ec;
const EC_GROUP* g;
#ifdef HAVE_EVP_PKEY_BASE_ID
#ifdef HAVE_EVP_PKEY_GET_BASE_ID
if(EVP_PKEY_get_base_id(pkey) != EVP_PKEY_EC)
return 0;
#elif defined(HAVE_EVP_PKEY_BASE_ID)
if(EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
return 0;
#else
if(EVP_PKEY_type(key->type) != EVP_PKEY_EC)
if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC)
return 0;
#endif
ec = EVP_PKEY_get1_EC_KEY(pkey);
@ -456,8 +459,19 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
/* initializes a signing context */
md_type = digest_type;
#ifdef USE_ED25519
if(EVP_PKEY_id(key) == NID_ED25519) {
/* digest must be NULL for ED25519 sign and verify */
md_type = NULL;
} else
#endif
#ifdef USE_ED448
if(EVP_PKEY_id(key) == NID_ED448) {
md_type = NULL;
} else
#endif
if(!md_type) {
/* unknown message difest */
/* unknown message digest */
ldns_buffer_free(b64sig);
return NULL;
}
@ -473,23 +487,34 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
return NULL;
}
r = EVP_SignInit(ctx, md_type);
if(r == 1) {
r = EVP_SignUpdate(ctx, (unsigned char*)
ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign));
#if defined(USE_ED25519) || defined(USE_ED448)
if(md_type == NULL) {
/* for these methods we must use the one-shot DigestSign */
r = EVP_DigestSignInit(ctx, NULL, md_type, NULL, key);
if(r == 1) {
size_t siglen_sizet = ldns_buffer_capacity(b64sig);
r = EVP_DigestSign(ctx,
(unsigned char*)ldns_buffer_begin(b64sig),
&siglen_sizet,
(unsigned char*)ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign));
siglen = (unsigned int)siglen_sizet;
}
} else {
ldns_buffer_free(b64sig);
EVP_MD_CTX_destroy(ctx);
return NULL;
}
if(r == 1) {
r = EVP_SignFinal(ctx, (unsigned char*)
ldns_buffer_begin(b64sig), &siglen, key);
} else {
ldns_buffer_free(b64sig);
EVP_MD_CTX_destroy(ctx);
return NULL;
#else
r = 0;
if(md_type != NULL) {
#endif
r = EVP_SignInit(ctx, md_type);
if(r == 1) {
r = EVP_SignUpdate(ctx, (unsigned char*)
ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign));
}
if(r == 1) {
r = EVP_SignFinal(ctx, (unsigned char*)
ldns_buffer_begin(b64sig), &siglen, key);
}
}
if(r != 1) {
ldns_buffer_free(b64sig);
@ -502,7 +527,9 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
#ifdef USE_DSA
#ifndef S_SPLINT_S
/* unfortunately, OpenSSL output is different from DNS DSA format */
# ifdef HAVE_EVP_PKEY_BASE_ID
# ifdef HAVE_EVP_PKEY_GET_BASE_ID
if (EVP_PKEY_get_base_id(key) == EVP_PKEY_DSA) {
# elif defined(HAVE_EVP_PKEY_BASE_ID)
if (EVP_PKEY_base_id(key) == EVP_PKEY_DSA) {
# else
if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
@ -512,9 +539,11 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
}
#endif
#endif
#if defined(USE_ECDSA) || defined(USE_ED25519) || defined(USE_ED448)
#if defined(USE_ECDSA)
if(
# ifdef HAVE_EVP_PKEY_BASE_ID
# ifdef HAVE_EVP_PKEY_GET_BASE_ID
EVP_PKEY_get_base_id(key)
# elif defined(HAVE_EVP_PKEY_BASE_ID)
EVP_PKEY_base_id(key)
# else
EVP_PKEY_type(key->type)
@ -527,20 +556,6 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
b64sig, (long)siglen, ldns_pkey_is_ecdsa(key));
}
# endif /* USE_ECDSA */
# ifdef USE_ED25519
if(EVP_PKEY_id(key) == NID_X25519) {
r = 1;
sigdata_rdf = ldns_convert_ed25519_rrsig_asn12rdf(
b64sig, siglen);
}
# endif /* USE_ED25519 */
# ifdef USE_ED448
if(EVP_PKEY_id(key) == NID_X448) {
r = 1;
sigdata_rdf = ldns_convert_ed448_rrsig_asn12rdf(
b64sig, siglen);
}
# endif /* USE_ED448 */
}
#endif /* PKEY_EC */
if(r == 0) {
@ -642,7 +657,7 @@ ldns_dnssec_addresses_on_glue_list(
/* ldns_rr_list_push_rr()
* returns false when unable
* to increase the capacity
* of the ldsn_rr_list
* of the ldns_rr_list
*/
}
}
@ -653,20 +668,6 @@ ldns_dnssec_addresses_on_glue_list(
return LDNS_STATUS_OK;
}
/**
* Marks the names in the zone that are occluded. Those names will be skipped
* when walking the tree with the ldns_dnssec_name_node_next_nonglue()
* function. But watch out! Names that are partially occluded (like glue with
* the same name as the delegation) will not be marked and should specifically
* be taken into account separately.
*
* When glue_list is given (not NULL), in the process of marking the names, all
* glue resource records will be pushed to that list, even glue at delegation names.
*
* \param[in] zone the zone in which to mark the names
* \param[in] glue_list the list to which to push the glue rrs
* \return LDNS_STATUS_OK on success, an error code otherwise
*/
ldns_status
ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
ldns_rr_list *glue_list)
@ -678,7 +679,7 @@ ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
/* When the cut is caused by a delegation, below_delegation will be 1.
* When caused by a DNAME, below_delegation will be 0.
*/
int below_delegation = -1; /* init suppresses comiler warning */
int below_delegation = -1; /* init suppresses compiler warning */
ldns_status s;
if (!zone || !zone->names) {
@ -700,7 +701,7 @@ ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
* FIXME! If there are labels in between the SOA and
* the cut, going from the authoritative space (below
* the SOA) up into occluded space again, will not be
* detected with the contruct below!
* detected with the construct below!
*/
if (ldns_dname_is_subdomain(owner, cut) &&
!ldns_dnssec_rrsets_contains_type(
@ -746,16 +747,6 @@ ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
return LDNS_STATUS_OK;
}
/**
* Marks the names in the zone that are occluded. Those names will be skipped
* when walking the tree with the ldns_dnssec_name_node_next_nonglue()
* function. But watch out! Names that are partially occluded (like glue with
* the same name as the delegation) will not be marked and should specifically
* be taken into account separately.
*
* \param[in] zone the zone in which to mark the names
* \return LDNS_STATUS_OK on success, an error code otherwise
*/
ldns_status
ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
{
@ -799,17 +790,24 @@ ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
uint32_t nsec_ttl;
ldns_dnssec_rrsets *soa;
/* the TTL of NSEC rrs should be set to the minimum TTL of
* the zone SOA (RFC4035 Section 2.3)
/* The TTL value for any NSEC RR SHOULD be the same TTL value as the
* lesser of the MINIMUM field of the SOA record and the TTL of the SOA
* itself. This matches the definition of the TTL for negative
* responses in [RFC2308]. (draft-ietf-dnsop-nsec-ttl-01 update of
* RFC4035 Section 2.3)
*/
soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA);
/* did the caller actually set it? if not,
* fall back to default ttl
*/
if (soa && soa->rrs && soa->rrs->rr
&& (ldns_rr_rdf(soa->rrs->rr, 6) != NULL)) {
nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6));
if (soa && soa->rrs && soa->rrs->rr) {
ldns_rr *soa_rr = soa->rrs->rr;
ldns_rdf *min_rdf = ldns_rr_rdf(soa_rr, 6);
nsec_ttl = min_rdf == NULL
|| ldns_rr_ttl(soa_rr) < ldns_rdf2native_int32(min_rdf)
? ldns_rr_ttl(soa_rr) : ldns_rdf2native_int32(min_rdf);
} else {
nsec_ttl = LDNS_DEFAULT_TTL;
}
@ -893,17 +891,24 @@ ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone,
return LDNS_STATUS_ERR;
}
/* the TTL of NSEC rrs should be set to the minimum TTL of
* the zone SOA (RFC4035 Section 2.3)
/* The TTL value for any NSEC RR SHOULD be the same TTL value as the
* lesser of the MINIMUM field of the SOA record and the TTL of the SOA
* itself. This matches the definition of the TTL for negative
* responses in [RFC2308]. (draft-ietf-dnsop-nsec-ttl-01 update of
* RFC4035 Section 2.3)
*/
soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA);
/* did the caller actually set it? if not,
* fall back to default ttl
*/
if (soa && soa->rrs && soa->rrs->rr
&& ldns_rr_rdf(soa->rrs->rr, 6) != NULL) {
nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6));
if (soa && soa->rrs && soa->rrs->rr) {
ldns_rr *soa_rr = soa->rrs->rr;
ldns_rdf *min_rdf = ldns_rr_rdf(soa_rr, 6);
nsec_ttl = min_rdf == NULL
|| ldns_rr_ttl(soa_rr) < ldns_rdf2native_int32(min_rdf)
? ldns_rr_ttl(soa_rr) : ldns_rdf2native_int32(min_rdf);
} else {
nsec_ttl = LDNS_DEFAULT_TTL;
}
@ -984,7 +989,6 @@ ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone,
; hashmap_node != LDNS_RBTREE_NULL
; hashmap_node = ldns_rbtree_next(hashmap_node)
) {
current_name = (ldns_dnssec_name *) hashmap_node->data;
nsec_rr = ((ldns_dnssec_name *) hashmap_node->data)->nsec;
if (nsec_rr) {
ldns_rr_list_push_rr(nsec3_list, nsec_rr);
@ -1129,17 +1133,22 @@ ldns_key_list_filter_for_dnskey(ldns_key_list *key_list, int flags)
if (!ldns_key_list_key_count(key_list))
return;
/* Mark all KSKs */
for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if ((ldns_key_flags(key) & LDNS_KEY_SEP_KEY) && !saw_ksk)
saw_ksk = ldns_key_algorithm(key);
algos[ldns_key_algorithm(key)] = true;
if ((ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) {
if (!saw_ksk)
saw_ksk = ldns_key_algorithm(key);
algos[ldns_key_algorithm(key)] = true;
}
}
if (!saw_ksk)
return;
else
algos[saw_ksk] = 0;
return; /* No KSKs means sign using all ZSKs */
/* Deselect the ZSKs so they do not sign DNSKEY RRs.
* Except with the LDNS_SIGN_WITH_ALL_ALGORITHMS flag, then use it,
* but only if it has an algorithm for which there is no KSK
*/
for (i =0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if (!(ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) {
@ -1147,15 +1156,15 @@ ldns_key_list_filter_for_dnskey(ldns_key_list *key_list, int flags)
* Still use it if it has a unique algorithm though!
*/
if ((flags & LDNS_SIGN_WITH_ALL_ALGORITHMS) &&
algos[ldns_key_algorithm(key)])
algos[ldns_key_algorithm(key)] = false;
!algos[ldns_key_algorithm(key)])
algos[ldns_key_algorithm(key)] = true;
else
ldns_key_set_use(key, 0);
}
}
}
/** If there are no ZSKs use KSK as ZSK */
/** If there are no ZSKs use KSKs as ZSK too */
static void
ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list, int flags)
{
@ -1171,17 +1180,22 @@ ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list, int flags)
if (!ldns_key_list_key_count(key_list))
return;
/* Mark all ZSKs */
for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if (!(ldns_key_flags(key) & LDNS_KEY_SEP_KEY) && !saw_zsk)
saw_zsk = ldns_key_algorithm(key);
algos[ldns_key_algorithm(key)] = true;
if (!(ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) {
if (!saw_zsk)
saw_zsk = ldns_key_algorithm(key);
algos[ldns_key_algorithm(key)] = true;
}
}
if (!saw_zsk)
return;
else
algos[saw_zsk] = 0;
return; /* No ZSKs means sign using all KSKs */
/* Deselect the KSKs so they do not sign non DNSKEY RRs.
* Except with the LDNS_SIGN_WITH_ALL_ALGORITHMS flag, then use it,
* but only if it has an algorithm for which there is no ZSK
*/
for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
key = ldns_key_list_key(key_list, i);
if((ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) {
@ -1189,8 +1203,8 @@ ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list, int flags)
* Still use it if it has a unique algorithm though!
*/
if ((flags & LDNS_SIGN_WITH_ALL_ALGORITHMS) &&
algos[ldns_key_algorithm(key)])
algos[ldns_key_algorithm(key)] = false;
!algos[ldns_key_algorithm(key)])
algos[ldns_key_algorithm(key)] = true;
else
ldns_key_set_use(key, 0);
}
@ -1251,12 +1265,15 @@ ldns_dnssec_zone_create_rrsigs_flg( ldns_dnssec_zone *zone
key_list,
func,
arg);
if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK) &&
cur_rrset->type == LDNS_RR_TYPE_DNSKEY)
ldns_key_list_filter_for_dnskey(key_list, flags);
if(cur_rrset->type != LDNS_RR_TYPE_DNSKEY)
if(cur_rrset->type == LDNS_RR_TYPE_DNSKEY ||
cur_rrset->type == LDNS_RR_TYPE_CDNSKEY ||
cur_rrset->type == LDNS_RR_TYPE_CDS) {
if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK)) {
ldns_key_list_filter_for_dnskey(key_list, flags);
}
} else {
ldns_key_list_filter_for_non_dnskey(key_list, flags);
}
/* TODO: just set count to zero? */
rr_list = ldns_rr_list_new();
@ -1350,6 +1367,8 @@ ldns_dnssec_zone_sign(ldns_dnssec_zone *zone,
return ldns_dnssec_zone_sign_flg(zone, new_rrs, key_list, func, arg, 0);
}
ldns_status dnssec_zone_equip_zonemd(ldns_dnssec_zone *zone,
ldns_rr_list *new_rrs, ldns_key_list *key_list, int flags);
ldns_status
ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
ldns_rr_list *new_rrs,
@ -1359,25 +1378,46 @@ ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
int flags)
{
ldns_status result = LDNS_STATUS_OK;
ldns_dnssec_rrsets zonemd_rrset;
bool zonemd_added = false;
if (!zone || !new_rrs || !key_list) {
return LDNS_STATUS_ERR;
}
if (flags & LDNS_SIGN_WITH_ZONEMD) {
ldns_dnssec_rrsets **rrsets_ref = &zone->soa->rrsets;
while (*rrsets_ref
&& (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD)
rrsets_ref = &(*rrsets_ref)->next;
if (!*rrsets_ref
|| (*rrsets_ref)->type > LDNS_RR_TYPE_ZONEMD) {
zonemd_rrset.rrs = NULL;
zonemd_rrset.type = LDNS_RR_TYPE_ZONEMD;
zonemd_rrset.signatures = NULL;
zonemd_rrset.next = *rrsets_ref;
*rrsets_ref = &zonemd_rrset;
zonemd_added = true;
}
}
/* zone is already sorted */
result = ldns_dnssec_zone_mark_glue(zone);
if (result != LDNS_STATUS_OK) {
return result;
}
/* check whether we need to add nsecs */
if (zone->names && !((ldns_dnssec_name *)zone->names->root->data)->nsec) {
if ((flags & LDNS_SIGN_NO_KEYS_NO_NSECS)
&& ldns_key_list_key_count(key_list) < 1)
; /* pass */
else if (zone->names
&& !((ldns_dnssec_name *)zone->names->root->data)->nsec) {
result = ldns_dnssec_zone_create_nsecs(zone, new_rrs);
if (result != LDNS_STATUS_OK) {
return result;
}
}
result = ldns_dnssec_zone_create_rrsigs_flg(zone,
new_rrs,
key_list,
@ -1385,7 +1425,18 @@ ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
arg,
flags);
return result;
if (zonemd_added) {
ldns_dnssec_rrsets **rrsets_ref
= &zone->soa->rrsets;
while (*rrsets_ref
&& (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD)
rrsets_ref = &(*rrsets_ref)->next;
*rrsets_ref = zonemd_rrset.next;
}
return flags & LDNS_SIGN_WITH_ZONEMD
? dnssec_zone_equip_zonemd(zone, new_rrs, key_list, flags)
: result;
}
ldns_status
@ -1421,6 +1472,8 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
{
ldns_rr *nsec3, *nsec3param;
ldns_status result = LDNS_STATUS_OK;
bool zonemd_added = false;
ldns_dnssec_rrsets zonemd_rrset;
/* zone is already sorted */
result = ldns_dnssec_zone_mark_glue(zone);
@ -1439,7 +1492,13 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
}
nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec;
if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) {
/* check whether we need to add nsecs */
if ((signflags & LDNS_SIGN_NO_KEYS_NO_NSECS)
&& ldns_key_list_key_count(key_list) < 1)
; /* pass */
else if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) {
/* no need to recreate */
} else {
if (!ldns_dnssec_zone_find_rrset(zone,
@ -1466,6 +1525,23 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
}
ldns_rr_list_push_rr(new_rrs, nsec3param);
}
if (signflags & LDNS_SIGN_WITH_ZONEMD) {
ldns_dnssec_rrsets **rrsets_ref
= &zone->soa->rrsets;
while (*rrsets_ref
&& (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD)
rrsets_ref = &(*rrsets_ref)->next;
if (!*rrsets_ref
|| (*rrsets_ref)->type > LDNS_RR_TYPE_ZONEMD) {
zonemd_rrset.rrs = NULL;
zonemd_rrset.type = LDNS_RR_TYPE_ZONEMD;
zonemd_rrset.signatures = NULL;
zonemd_rrset.next = *rrsets_ref;
*rrsets_ref = &zonemd_rrset;
zonemd_added = true;
}
}
result = ldns_dnssec_zone_create_nsec3s_mkmap(zone,
new_rrs,
algorithm,
@ -1474,6 +1550,15 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
salt_length,
salt,
map);
if (zonemd_added) {
ldns_dnssec_rrsets **rrsets_ref
= &zone->soa->rrsets;
while (*rrsets_ref
&& (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD)
rrsets_ref = &(*rrsets_ref)->next;
*rrsets_ref = zonemd_rrset.next;
}
if (result != LDNS_STATUS_OK) {
return result;
}
@ -1486,8 +1571,12 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
arg,
signflags);
}
if (result || !zone->names)
return result;
return result;
return signflags & LDNS_SIGN_WITH_ZONEMD
? dnssec_zone_equip_zonemd(zone, new_rrs, key_list, signflags)
: result;
}
ldns_status

208
dnssec_verify.c
View file

@ -21,7 +21,7 @@ ldns_dnssec_data_chain_new(void)
ldns_dnssec_data_chain *nc = LDNS_CALLOC(ldns_dnssec_data_chain, 1);
if(!nc) return NULL;
/*
* not needed anymore because CALLOC initalizes everything to zero.
* not needed anymore because CALLOC initializes everything to zero.
nc->rrset = NULL;
nc->parent_type = 0;
@ -415,14 +415,17 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
new_chain);
}
if (type != LDNS_RR_TYPE_DNSKEY) {
ldns_dnssec_build_data_chain_dnskey(res,
qflags,
pkt,
signatures,
new_chain,
key_name,
c
);
if (type != LDNS_RR_TYPE_DS ||
ldns_dname_is_subdomain(name, key_name)) {
ldns_dnssec_build_data_chain_dnskey(res,
qflags,
pkt,
signatures,
new_chain,
key_name,
c
);
}
} else {
ldns_dnssec_build_data_chain_other(res,
qflags,
@ -594,7 +597,9 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE *out,
if (tree->parent_status[i]
== LDNS_STATUS_SSL_ERR) {
printf("; SSL Error: ");
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
ERR_load_crypto_strings();
#endif
ERR_print_errors_fp(stdout);
printf("\n");
}
@ -903,8 +908,9 @@ ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
cur_status = ldns_verify_rrsig_time(
cur_rrset, cur_sig_rr,
cur_parent_rr, check_time);
(void) ldns_dnssec_trust_tree_add_parent(new_tree,
cur_parent_tree, cur_sig_rr, cur_status);
if (ldns_dnssec_trust_tree_add_parent(new_tree,
cur_parent_tree, cur_sig_rr, cur_status))
ldns_dnssec_trust_tree_free(cur_parent_tree);
}
}
}
@ -1018,8 +1024,10 @@ ldns_dnssec_derive_trust_tree_no_sig_time(
data_chain->parent,
cur_parent_rr,
check_time);
(void) ldns_dnssec_trust_tree_add_parent(new_tree,
cur_parent_tree, NULL, result);
if (ldns_dnssec_trust_tree_add_parent(new_tree,
cur_parent_tree, NULL, result))
ldns_dnssec_trust_tree_free(cur_parent_tree);
}
}
}
@ -1495,7 +1503,7 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
ldns_rr_list *rrsigs)
{
ldns_rdf *rr_name;
ldns_rdf *wildcard_name;
ldns_rdf *wildcard_name = NULL;
ldns_rdf *chopped_dname;
ldns_rr *cur_nsec;
size_t i;
@ -1506,14 +1514,19 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
bool type_covered = false;
bool wildcard_covered = false;
bool wildcard_type_covered = false;
bool rr_name_is_root = false;
wildcard_name = ldns_dname_new_frm_str("*");
rr_name = ldns_rr_owner(rr);
chopped_dname = ldns_dname_left_chop(rr_name);
result = ldns_dname_cat(wildcard_name, chopped_dname);
ldns_rdf_deep_free(chopped_dname);
if (result != LDNS_STATUS_OK) {
return result;
rr_name_is_root = ldns_rdf_size(rr_name) == 1
&& *ldns_rdf_data(rr_name) == 0;
if (!rr_name_is_root) {
wildcard_name = ldns_dname_new_frm_str("*");
chopped_dname = ldns_dname_left_chop(rr_name);
result = ldns_dname_cat(wildcard_name, chopped_dname);
ldns_rdf_deep_free(chopped_dname);
if (result != LDNS_STATUS_OK) {
return result;
}
}
for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
@ -1540,6 +1553,9 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
name_covered = true;
}
if (rr_name_is_root)
continue;
if (ldns_dname_compare(wildcard_name,
ldns_rr_owner(cur_nsec)) == 0) {
if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(cur_nsec),
@ -1560,6 +1576,9 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
return LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
}
if (rr_name_is_root)
return LDNS_STATUS_OK;
if (wildcard_type_covered || !wildcard_covered) {
return LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED;
}
@ -1583,8 +1602,6 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
bool wildcard_covered = false;
ldns_rdf *zone_name;
ldns_rdf *hashed_name;
/* self assignment to suppress uninitialized warning */
ldns_rdf *next_closer = next_closer;
ldns_rdf *hashed_next_closer;
size_t i;
ldns_status result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
@ -1659,6 +1676,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
}
}
}
ldns_rdf_deep_free(hashed_name);
result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
/* wildcard no data? section 8.7 */
closest_encloser = ldns_dnssec_nsec3_closest_encloser(
@ -1748,7 +1766,9 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
/* Query name *is* the "next closer". */
hashed_next_closer = hashed_name;
} else {
ldns_rdf *next_closer;
ldns_rdf_deep_free(hashed_name);
/* "next closer" has less labels than the query name.
* Create the name and hash it.
*/
@ -1762,6 +1782,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
next_closer
);
(void) ldns_dname_cat(hashed_next_closer, zone_name);
ldns_rdf_deep_free(next_closer);
}
/* Find the NSEC3 that covers the "next closer" */
for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
@ -1776,15 +1797,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
break;
}
}
if (ldns_dname_label_count(closest_encloser) + 1
< ldns_dname_label_count(ldns_rr_owner(rr))) {
/* "next closer" has less labels than the query name.
* Dispose of the temporary variables that held that name.
*/
ldns_rdf_deep_free(hashed_next_closer);
ldns_rdf_deep_free(next_closer);
}
ldns_rdf_deep_free(hashed_next_closer);
ldns_rdf_deep_free(closest_encloser);
}
@ -1858,27 +1871,19 @@ ldns_verify_rrsig_gost_raw(const unsigned char* sig, size_t siglen,
EVP_PKEY*
ldns_ed255192pkey_raw(const unsigned char* key, size_t keylen)
{
const unsigned char* pp = key; /* pp gets modified by o2i() */
/* ASN1 for ED25519 is 302a300506032b6570032100 <32byteskey> */
uint8_t pre[] = {0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x70, 0x03, 0x21, 0x00};
int pre_len = 12;
uint8_t buf[256];
EVP_PKEY *evp_key;
EC_KEY *ec;
if(keylen != 32)
/* pp gets modified by d2i() */
const unsigned char* pp = (unsigned char*)buf;
if(keylen != 32 || keylen + pre_len > sizeof(buf))
return NULL; /* wrong length */
ec = EC_KEY_new_by_curve_name(NID_X25519);
if(!ec) return NULL;
if(!o2i_ECPublicKey(&ec, &pp, (int)keylen)) {
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
memmove(buf, pre, pre_len);
memmove(buf+pre_len, key, keylen);
evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
return evp_key;
}
@ -1894,8 +1899,7 @@ ldns_verify_rrsig_ed25519_raw(unsigned char* sig, size_t siglen,
/* could not convert key */
return LDNS_STATUS_CRYPTO_BOGUS;
}
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key,
EVP_sha512());
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, NULL);
EVP_PKEY_free(evp_key);
return result;
}
@ -1905,27 +1909,19 @@ ldns_verify_rrsig_ed25519_raw(unsigned char* sig, size_t siglen,
EVP_PKEY*
ldns_ed4482pkey_raw(const unsigned char* key, size_t keylen)
{
const unsigned char* pp = key; /* pp gets modified by o2i() */
/* ASN1 for ED448 is 3043300506032b6571033a00 <57byteskey> */
uint8_t pre[] = {0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x71, 0x03, 0x3a, 0x00};
int pre_len = 12;
uint8_t buf[256];
EVP_PKEY *evp_key;
EC_KEY *ec;
if(keylen != 57)
/* pp gets modified by d2i() */
const unsigned char* pp = (unsigned char*)buf;
if(keylen != 57 || keylen + pre_len > sizeof(buf))
return NULL; /* wrong length */
ec = EC_KEY_new_by_curve_name(NID_X448);
if(!ec) return NULL;
if(!o2i_ECPublicKey(&ec, &pp, (int)keylen)) {
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
memmove(buf, pre, pre_len);
memmove(buf+pre_len, key, keylen);
evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
return evp_key;
}
@ -1941,8 +1937,7 @@ ldns_verify_rrsig_ed448_raw(unsigned char* sig, size_t siglen,
/* could not convert key */
return LDNS_STATUS_CRYPTO_BOGUS;
}
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key,
EVP_sha512());
result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, NULL);
EVP_PKEY_free(evp_key);
return result;
}
@ -2187,6 +2182,12 @@ ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, const ldns_rr* rrsig)
#endif
#ifdef USE_GOST
case LDNS_ECC_GOST:
#endif
#ifdef USE_ED25519
case LDNS_ED25519:
#endif
#ifdef USE_ED448
case LDNS_ED448:
#endif
if (ldns_rr_rdf(rrsig, 8) == NULL) {
return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
@ -2228,32 +2229,6 @@ ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, const ldns_rr* rrsig)
return LDNS_STATUS_MEM_ERR;
}
break;
#endif
#ifdef USE_ED25519
case LDNS_ED25519:
/* EVP produces an ASN prefix on the signature, which is
* not used in the DNS */
if (ldns_rr_rdf(rrsig, 8) == NULL) {
return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
}
if (ldns_convert_ed25519_rrsig_rdf2asn1(
rawsig_buf, ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) {
return LDNS_STATUS_MEM_ERR;
}
break;
#endif
#ifdef USE_ED448
case LDNS_ED448:
/* EVP produces an ASN prefix on the signature, which is
* not used in the DNS */
if (ldns_rr_rdf(rrsig, 8) == NULL) {
return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
}
if (ldns_convert_ed448_rrsig_rdf2asn1(
rawsig_buf, ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) {
return LDNS_STATUS_MEM_ERR;
}
break;
#endif
case LDNS_DH:
case LDNS_ECC:
@ -2428,8 +2403,12 @@ ldns_verify_rrsig_keylist_time(
ldns_rr_list *good_keys)
{
ldns_status result;
ldns_rr_list *valid = ldns_rr_list_new();
if (!valid)
ldns_rr_list *valid;
if (!good_keys)
valid = NULL;
else if (!(valid = ldns_rr_list_new()))
return LDNS_STATUS_MEM_ERR;
result = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, valid);
@ -2633,16 +2612,31 @@ ldns_verify_rrsig_evp_raw(const unsigned char *sig, size_t siglen,
if(!ctx)
return LDNS_STATUS_MEM_ERR;
EVP_VerifyInit(ctx, digest_type);
EVP_VerifyUpdate(ctx,
ldns_buffer_begin(rrset),
ldns_buffer_position(rrset));
res = EVP_VerifyFinal(ctx, sig, (unsigned int) siglen, key);
#if defined(USE_ED25519) || defined(USE_ED448)
if(!digest_type) {
res = EVP_DigestVerifyInit(ctx, NULL, digest_type, NULL, key);
if(res == 1) {
res = EVP_DigestVerify(ctx, sig, siglen,
ldns_buffer_begin(rrset),
ldns_buffer_position(rrset));
}
} else {
#else
res = 0;
if(digest_type) {
#endif
EVP_VerifyInit(ctx, digest_type);
EVP_VerifyUpdate(ctx,
ldns_buffer_begin(rrset),
ldns_buffer_position(rrset));
res = EVP_VerifyFinal(ctx, sig, (unsigned int) siglen, key);
}
EVP_MD_CTX_destroy(ctx);
if (res == 1) {
return LDNS_STATUS_OK;
} else if (res == 0) {
return LDNS_STATUS_CRYPTO_BOGUS;
}

853
dnssec_zone.c
View file

@ -323,7 +323,7 @@ ldns_dnssec_name_new(void)
return NULL;
}
/*
* not needed anymore because CALLOC initalizes everything to zero.
* not needed anymore because CALLOC initializes everything to zero.
new_name->name = NULL;
new_name->rrsets = NULL;
@ -370,9 +370,10 @@ ldns_dnssec_name_free_internal(ldns_dnssec_name *name,
ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep);
}
if (name->hashed_name) {
if (deep) {
ldns_rdf_deep_free(name->hashed_name);
}
/* Hashed name is always allocated when signing,
* so always deep free
*/
ldns_rdf_deep_free(name->hashed_name);
}
LDNS_FREE(name);
}
@ -588,7 +589,7 @@ rr_is_rrsig_covering(ldns_rr* rr, ldns_rr_type t)
/* When the zone is first read into an list and then inserted into an
* ldns_dnssec_zone (rbtree) the nodes of the rbtree are allocated close (next)
* to each other. Because ldns-verify-zone (the only program that uses this
* function) uses the rbtree mostly for sequentual walking, this results
* function) uses the rbtree mostly for sequential walking, this results
* in a speed increase (of 15% on linux) because we have less CPU-cache misses.
*/
#define FASTER_DNSSEC_ZONE_NEW_FRM_FP 1 /* Because of L2 cache efficiency */
@ -604,9 +605,13 @@ ldns_todo_nsec3_ents_node_free(ldns_rbnode_t *node, void *arg) {
LDNS_FREE(node);
}
ldns_status _ldns_rr_new_frm_fp_l_internal(ldns_rr **newrr, FILE *fp,
uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev,
int *line_nr, bool *explicit_ttl);
ldns_status
ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* origin,
uint32_t ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr)
uint32_t default_ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr)
{
ldns_rr* cur_rr;
size_t i;
@ -626,7 +631,7 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
nsec3_ents (where ent is e.n.t.; i.e. empty non terminal) will
hold the NSEC3s that still didn't have a matching name in the
zone tree, even after all names were read. They can only match
after the zone is equiped with all the empty non terminals. */
after the zone is equipped with all the empty non terminals. */
ldns_rbtree_t todo_nsec3_ents;
ldns_rbnode_t *new_node;
ldns_rr_list* todo_nsec3_rrsigs = ldns_rr_list_new();
@ -636,13 +641,19 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
ldns_zone* zone = NULL;
#else
uint32_t my_ttl = ttl;
ldns_rr *prev_rr = NULL;
uint32_t my_ttl = default_ttl;
/* RFC 1035 Section 5.1, says 'Omitted class and TTL values are default
* to the last explicitly stated values.'
*/
bool ttl_from_TTL = false;
bool explicit_ttl = false;
#endif
ldns_rbtree_init(&todo_nsec3_ents, ldns_dname_compare_v);
#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
status = ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr);
status = ldns_zone_new_frm_fp_l(&zone, fp, origin, default_ttl, c, line_nr);
if (status != LDNS_STATUS_OK)
goto error;
#endif
@ -672,13 +683,61 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
status = LDNS_STATUS_OK;
#else
while (!feof(fp)) {
/* If ttl came from $TTL line, then it should be the default.
* (RFC 2308 Section 4)
* Otherwise it "defaults to the last explicitly stated value"
* (RFC 1035 Section 5.1)
*/
if (ttl_from_TTL)
my_ttl = default_ttl;
status = ldns_rr_new_frm_fp_l(&cur_rr, fp, &my_ttl, &my_origin,
&my_prev, line_nr);
&my_prev, line_nr, &explicit_ttl);
#endif
switch (status) {
case LDNS_STATUS_OK:
#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP
if (explicit_ttl) {
if (!ttl_from_TTL) {
/* No $TTL, so ttl "defaults to the
* last explicitly stated value"
* (RFC 1035 Section 5.1)
*/
my_ttl = ldns_rr_ttl(cur_rr);
}
/* When ttl is implicit, try to adhere to the rules as
* much as possible. (also for compatibility with bind)
* This was changed when fixing an issue with ZONEMD
* which hashes the TTL too.
*/
} else if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SIG
|| ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG) {
if (ldns_rr_rd_count(cur_rr) >= 4
&& ldns_rdf_get_type(ldns_rr_rdf(cur_rr, 3)) == LDNS_RDF_TYPE_INT32)
/* SIG without explicit ttl get ttl
* from the original_ttl field
* (RFC 2535 Section 7.2)
*
* Similarly for RRSIG, but stated less
* specifically in the spec.
* (RFC 4034 Section 3)
*/
ldns_rr_set_ttl(cur_rr,
ldns_rdf2native_int32(
ldns_rr_rdf(rr, 3)));
} else if (prev_rr
&& ldns_rr_get_type(prev_rr) == ldns_rr_get_type(cur_rr)
&& ldns_dname_compare( ldns_rr_owner(prev_rr)
, ldns_rr_owner(cur_rr)) == 0)
/* "TTLs of all RRs in an RRSet must be the same"
* (RFC 2881 Section 5.2)
*/
ldns_rr_set_ttl(cur_rr, ldns_rr_ttl(prev_rr));
prev_rr = cur_rr;
#endif
status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
if (status ==
LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) {
@ -698,9 +757,16 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
break;
case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/
#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP
default_ttl = my_ttl;
ttl_from_TTL = true;
#endif
status = LDNS_STATUS_OK;
break;
case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */
case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/
case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/
status = LDNS_STATUS_OK;
break;
@ -746,6 +812,7 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
newzone = NULL;
} else {
ldns_dnssec_zone_free(newzone);
newzone = NULL;
}
error:
@ -792,10 +859,21 @@ ldns_dnssec_name_node_deep_free(ldns_rbnode_t *node, void *arg) {
LDNS_FREE(node);
}
static void
ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) {
(void) arg;
LDNS_FREE(node);
}
void
ldns_dnssec_zone_free(ldns_dnssec_zone *zone)
{
if (zone) {
if (zone->hashed_names) {
ldns_traverse_postorder(zone->hashed_names,
ldns_hashed_names_node_free, NULL);
LDNS_FREE(zone->hashed_names);
}
if (zone->names) {
/* destroy all name structures within the tree */
ldns_traverse_postorder(zone->names,
@ -811,6 +889,11 @@ void
ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone)
{
if (zone) {
if (zone->hashed_names) {
ldns_traverse_postorder(zone->hashed_names,
ldns_hashed_names_node_free, NULL);
LDNS_FREE(zone->hashed_names);
}
if (zone->names) {
/* destroy all name structures within the tree */
ldns_traverse_postorder(zone->names,
@ -832,12 +915,6 @@ static void
ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone,
ldns_dnssec_name* name, ldns_rr* nsec3rr);
static void
ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) {
(void) arg;
LDNS_FREE(node);
}
static void
ldns_dnssec_zone_hashed_names_from_nsec3(
ldns_dnssec_zone* zone, ldns_rr* nsec3rr)
@ -907,20 +984,22 @@ ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone,
static ldns_rbnode_t *
ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone, ldns_rr *rr) {
ldns_rdf *hashed_name;
ldns_rbnode_t *to_return;
hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0);
if (hashed_name == NULL) {
return NULL;
}
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 && ! zone->_nsec3params){
ldns_dnssec_zone_hashed_names_from_nsec3(zone, rr);
}
if (zone->hashed_names == NULL) {
ldns_rdf_deep_free(hashed_name);
return NULL;
}
return ldns_rbtree_search(zone->hashed_names, hashed_name);
hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0);
if (hashed_name == NULL) {
return NULL;
}
to_return = ldns_rbtree_search(zone->hashed_names, hashed_name);
ldns_rdf_deep_free(hashed_name);
return to_return;
}
ldns_status
@ -1105,8 +1184,12 @@ ldns_dnssec_zone_add_empty_nonterminals_nsec3(
ldns_rdf *ent_name;
if (!(ent_name = ldns_dname_clone_from(
next_name, i)))
next_name, i))) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
return LDNS_STATUS_MEM_ERR;
}
if (nsec3s && zone->_nsec3params) {
ldns_rdf *ent_hashed_name;
@ -1114,28 +1197,35 @@ ldns_dnssec_zone_add_empty_nonterminals_nsec3(
if (!(ent_hashed_name =
ldns_nsec3_hash_name_frm_nsec3(
zone->_nsec3params,
ent_name)))
ent_name))) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
ldns_rdf_deep_free(ent_name);
return LDNS_STATUS_MEM_ERR;
}
node = ldns_rbtree_search(nsec3s,
ent_hashed_name);
ldns_rdf_deep_free(ent_hashed_name);
if (!node) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
ldns_rdf_deep_free(ent_name);
continue;
}
}
new_name = ldns_dnssec_name_new();
if (!new_name) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
ldns_rdf_deep_free(ent_name);
return LDNS_STATUS_MEM_ERR;
}
new_name->name = ent_name;
if (!new_name->name) {
ldns_dnssec_name_free(new_name);
return LDNS_STATUS_MEM_ERR;
}
new_name->name_alloced = true;
new_node = LDNS_MALLOC(ldns_rbnode_t);
if (!new_node) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
ldns_dnssec_name_free(new_name);
return LDNS_STATUS_MEM_ERR;
}
@ -1190,3 +1280,706 @@ ldns_dnssec_zone_is_nsec3_optout(const ldns_dnssec_zone* zone)
}
return false;
}
/*
* Stuff for calculating and verifying zone digests
*/
typedef enum dnssec_zone_rr_iter_state {
DNSSEC_ZONE_RR_ITER_LT_RRSIG
, DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC
, DNSSEC_ZONE_RR_ITER_REST
, DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC
, DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST
, DNSSEC_ZONE_RR_ITER_NSEC3
, DNSSEC_ZONE_RR_ITER_FINI
} dnssec_zone_rr_iter_state;
typedef struct dnssec_zone_rr_iter {
ldns_dnssec_zone *zone;
ldns_rbnode_t *node;
ldns_dnssec_name *name;
ldns_dnssec_rrsets *rrsets;
ldns_dnssec_rrs *rrs;
ldns_dnssec_rrsets *rrsets4rrsigs;
ldns_rbnode_t *nsec3_node;
ldns_dnssec_name *nsec3_name;
dnssec_zone_rr_iter_state state;
ldns_rdf *apex_name;
uint8_t apex_labs;
} dnssec_zone_rr_iter;
INLINE void
dnssec_zone_rr_iter_set_state_for_next_name(dnssec_zone_rr_iter *i)
{
/* Make sure the i->name is "in zone" (i.e. below the apex) */
if (i->apex_name) {
ldns_rdf *name = (ldns_rdf *)i->node->key;
while (i->name && name != i->apex_name /* not apex */
&& ( ldns_dname_label_count(name) != i->apex_labs
|| ldns_dname_compare(name, i->apex_name)) /* not apex */
&& !ldns_dname_is_subdomain(name, i->apex_name) /* no sub */) {
/* next name */
i->node = ldns_rbtree_next(i->node);
if (i->node == LDNS_RBTREE_NULL)
i->name = NULL;
else {
i->name = (ldns_dnssec_name *)i->node->data;
name = (ldns_rdf *)i->node->key;
}
}
}
/* determine state */
if (!i->name) {
if (!i->nsec3_name)
i->state = DNSSEC_ZONE_RR_ITER_FINI;
else {
i->rrs = i->nsec3_name->nsec_signatures;
i->state = DNSSEC_ZONE_RR_ITER_NSEC3;
}
} else if (!i->nsec3_name) {
i->rrsets = i->name->rrsets;
i->state = DNSSEC_ZONE_RR_ITER_LT_RRSIG;
} else if (ldns_dname_compare( ldns_rr_owner(i->nsec3_name->nsec)
, (ldns_rdf *)i->node->key) < 0) {
i->rrs = i->nsec3_name->nsec_signatures;
i->state = DNSSEC_ZONE_RR_ITER_NSEC3;
} else {
i->rrsets = i->name->rrsets;
i->state = DNSSEC_ZONE_RR_ITER_LT_RRSIG;
}
}
/**
* Iterate over the RR's in the ldns_dnssec_zone in canonical order.
* There are three possible paths through the RR's in a ldns_dnssec_name.
*
* 1. There is no NSEC:
*
* 1.1. All the RRs in the name->rrsets with type < RRSIG,
* state: DNSSEC_ZONE_RR_ITER_LT_RRSIG
*
* 1.2. Then all the RRSIGs from name->rrsets (likely none)
* state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC
*
* 1.3. Finally the remaining RRs in name->rrsets (type > RRSIG)
* state: DNSSEC_ZONE_RR_ITER_REST
*
*
* 2. There is a NSEC of type NSEC with this name:
*
* 2.1. All the RRs in the name->rrsets with type < RRSIG,
* state: DNSSEC_ZONE_RR_ITER_LT_RRSIG
*
* 2.2. Then all the RRSIGs from name->rrsets with type < NSEC
* state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC
*
* 2.3. Then the signatures of the NSEC RR, followed by
* the signatures of the remaining name->rrsets (type > NSEC),
* followed by the NSEC rr.
* state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC
*
* 2.4. Finally the remaining RRs in name->rrsets (type > RRSIG)
* state: DNSSEC_ZONE_RR_ITER_REST
*
*
* 3. There is a NSEC of type NSEC3 for this name:
*
* 3.1. If the NSEC3 name is before the name for other RRsets in the zone,
* Then all signatures of the NSEC3 RR, followed by the NSEC3
* state: DNSSEC_ZONE_RR_ITER_NSEC3
*
* otherwise follow path for "no NSEC" for the name for other RRsets
*/
static ldns_rr *
dnssec_zone_rr_iter_next(dnssec_zone_rr_iter *i)
{
ldns_rr *nsec3;
for (;;) {
if (i->rrs) {
ldns_rr *rr = i->rrs->rr;
i->rrs = i->rrs->next;
return rr;
}
switch (i->state) {
case DNSSEC_ZONE_RR_ITER_LT_RRSIG:
if (i->rrsets
&& i->rrsets->type < LDNS_RR_TYPE_RRSIG) {
i->rrs = i->rrsets->rrs;
i->rrsets = i->rrsets->next;
break;
}
i->rrsets4rrsigs = i->name->rrsets;
if (i->name->nsec && ldns_rr_get_type(i->name->nsec)
== LDNS_RR_TYPE_NSEC) {
i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC;
break;
}
i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC;
/* fallthrough */
case DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC:
if (i->rrsets4rrsigs) {
i->rrs = i->rrsets4rrsigs->signatures;
i->rrsets4rrsigs = i->rrsets4rrsigs->next;
break;
}
i->state = DNSSEC_ZONE_RR_ITER_REST;
/* fallthrough */
case DNSSEC_ZONE_RR_ITER_REST:
if (i->rrsets) {
i->rrs = i->rrsets->rrs;
i->rrsets = i->rrsets->next;
break;
}
/* next name */
i->node = ldns_rbtree_next(i->node);
i->name = i->node == LDNS_RBTREE_NULL ? NULL
: (ldns_dnssec_name *)i->node->data;
dnssec_zone_rr_iter_set_state_for_next_name(i);
break;
case DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC:
if (i->rrsets4rrsigs
&& i->rrsets4rrsigs->type < LDNS_RR_TYPE_NSEC) {
i->rrs = i->rrsets4rrsigs->signatures;
i->rrsets4rrsigs = i->rrsets4rrsigs->next;
break;
}
i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST;
i->rrs = i->name->nsec_signatures;
break;
case DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST:
if (i->rrsets4rrsigs) {
i->rrs = i->rrsets4rrsigs->signatures;
i->rrsets4rrsigs = i->rrsets4rrsigs->next;
break;
}
i->state = DNSSEC_ZONE_RR_ITER_REST;
return i->name->nsec;
case DNSSEC_ZONE_RR_ITER_NSEC3:
nsec3 = i->nsec3_name->nsec;
/* next nsec3 */
do {
i->nsec3_node
= ldns_rbtree_next(i->nsec3_node);
i->nsec3_name
= i->nsec3_node == LDNS_RBTREE_NULL ? NULL
: (ldns_dnssec_name*)i->nsec3_node->data;
/* names for glue can be in the hashed_names
* tree, but will not have a NSEC3
*/
} while (i->nsec3_name && !i->nsec3_name->nsec);
dnssec_zone_rr_iter_set_state_for_next_name(i);
return nsec3;
case DNSSEC_ZONE_RR_ITER_FINI:
return NULL;
}
}
}
static ldns_rr *
dnssec_zone_rr_iter_first(dnssec_zone_rr_iter *i, ldns_dnssec_zone *zone)
{
if (!i || !zone)
return NULL;
memset(i, 0, sizeof(*i));
i->zone = zone;
if (zone->soa && zone->soa->name) {
i->apex_name = zone->soa->name;
i->apex_labs = ldns_dname_label_count(i->apex_name);
} else
i->apex_name = NULL;
i->node = ldns_rbtree_first(zone->names);
i->name = i->node == LDNS_RBTREE_NULL ? NULL
: (ldns_dnssec_name *)i->node->data;
if (zone->hashed_names) {
do {
i->nsec3_node = ldns_rbtree_first(zone->hashed_names);
i->nsec3_name = i->nsec3_node == LDNS_RBTREE_NULL ?NULL
: (ldns_dnssec_name*)i->nsec3_node->data;
} while (i->nsec3_name && !i->nsec3_name->nsec);
}
dnssec_zone_rr_iter_set_state_for_next_name(i);
return dnssec_zone_rr_iter_next(i);
}
enum enum_zonemd_scheme {
ZONEMD_SCHEME_FIRST = 1,
ZONEMD_SCHEME_SIMPLE = 1,
ZONEMD_SCHEME_LAST = 1
};
typedef enum enum_zonemd_scheme zonemd_scheme;
enum enum_zonemd_hash {
ZONEMD_HASH_FIRST = 1,
ZONEMD_HASH_SHA384 = 1,
ZONEMD_HASH_SHA512 = 2,
ZONEMD_HASH_LAST = 2
};
typedef enum enum_zonemd_hash zonemd_hash;
struct struct_zone_digester {
ldns_sha384_CTX sha384_CTX;
ldns_sha512_CTX sha512_CTX;
unsigned simple_sha384 : 1;
unsigned simple_sha512 : 1;
unsigned double_sha384 : 1;
unsigned double_sha512 : 1;
};
typedef struct struct_zone_digester zone_digester;
INLINE bool zone_digester_set(zone_digester *zd)
{ return zd && (zd->simple_sha384 || zd->simple_sha512); }
INLINE void zone_digester_init(zone_digester *zd)
{ memset(zd, 0, sizeof(*zd)); }
static ldns_status
zone_digester_add(zone_digester *zd, zonemd_scheme scheme, zonemd_hash hash)
{
if (!zd)
return LDNS_STATUS_NULL;
switch (scheme) {
case ZONEMD_SCHEME_SIMPLE:
switch (hash) {
case ZONEMD_HASH_SHA384:
if (zd->double_sha384)
return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
else if (zd->simple_sha384) {
zd->simple_sha384 = 0;
zd->double_sha384 = 1;
return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
}
ldns_sha384_init(&zd->sha384_CTX);
zd->simple_sha384 = 1;
break;
case ZONEMD_HASH_SHA512:
if (zd->double_sha512)
return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
else if (zd->simple_sha512) {
zd->simple_sha512 = 0;
zd->double_sha512 = 1;
return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE;
}
ldns_sha512_init(&zd->sha512_CTX);
zd->simple_sha512 = 1;
break;
default:
return LDNS_STATUS_ZONEMD_UNKNOWN_HASH;
}
break;
default:
return LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME;
}
return LDNS_STATUS_OK;
}
static ldns_status
zone_digester_update(zone_digester *zd, ldns_rr *rr)
{
uint8_t data[65536];
ldns_buffer buf;
ldns_status st;
buf._data = data;
buf._position = 0;
buf._limit = sizeof(data);
buf._capacity = sizeof(data);
buf._fixed = 1;
buf._status = LDNS_STATUS_OK;
if ((st = ldns_rr2buffer_wire_canonical(&buf, rr, LDNS_SECTION_ANSWER)))
return st;
if (zd->simple_sha384)
ldns_sha384_update(&zd->sha384_CTX, data, buf._position);
if (zd->simple_sha512)
ldns_sha512_update(&zd->sha512_CTX, data, buf._position);
return LDNS_STATUS_OK;
}
INLINE ldns_rr *
new_zonemd(ldns_rr *soa, zonemd_hash hash)
{
ldns_rr *rr = NULL;
uint8_t *data = NULL;
ldns_rdf *rdf;
size_t md_len = hash == ZONEMD_HASH_SHA384
? LDNS_SHA384_DIGEST_LENGTH
: LDNS_SHA512_DIGEST_LENGTH;
if (!(rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_ZONEMD)))
return NULL;
if (!(rdf = ldns_rdf_clone(ldns_rr_owner(soa))))
goto error;
ldns_rr_set_owner(rr, rdf);
ldns_rr_set_class(rr, ldns_rr_get_class(soa));
ldns_rr_set_ttl(rr, ldns_rr_ttl(soa));
if (!(rdf = ldns_rdf_clone(ldns_rr_rdf(soa, 2))))
goto error;
ldns_rr_set_rdf(rr, rdf, 0);
if (!(rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, 1)))
goto error;
ldns_rr_set_rdf(rr, rdf, 1);
if (!(rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, hash)))
goto error;
ldns_rr_set_rdf(rr, rdf, 2);
if (!(data = LDNS_XMALLOC(uint8_t, md_len)))
goto error;
if (!(rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, md_len, data)))
goto error;
ldns_rr_set_rdf(rr, rdf, 3);
return rr;
error:
if (data)
LDNS_FREE(data);
ldns_rr_free(rr);
return NULL;
}
static ldns_rr_list *
zone_digester_export(
zone_digester *zd, ldns_rr *soa, ldns_status *ret_st)
{
ldns_status st = LDNS_STATUS_OK;
ldns_rr_list *rr_list = NULL;
ldns_rr *sha384 = NULL;
ldns_rr *sha512 = NULL;
if (!zd || !soa)
st = LDNS_STATUS_NULL;
else if (ldns_rr_get_type(soa) != LDNS_RR_TYPE_SOA
|| ldns_rr_rd_count(soa) < 3)
st = LDNS_STATUS_ZONEMD_INVALID_SOA;
else if (!(rr_list = ldns_rr_list_new()))
st = LDNS_STATUS_MEM_ERR;
else if (zd->simple_sha384
&& !(sha384 = new_zonemd(soa, ZONEMD_HASH_SHA384)))
st = LDNS_STATUS_MEM_ERR;
else if (zd->simple_sha512
&& !(sha512 = new_zonemd(soa, ZONEMD_HASH_SHA512)))
st = LDNS_STATUS_MEM_ERR;
else if (zd->simple_sha384
&& !ldns_rr_list_push_rr(rr_list, sha384))
st = LDNS_STATUS_MEM_ERR;
else if (zd->simple_sha512
&& !ldns_rr_list_push_rr(rr_list, sha512)) {
if (zd->simple_sha384)
sha384 = NULL; /* deleted by ldns_rr_list_deep_free */
st = LDNS_STATUS_MEM_ERR;
} else {
if (sha384)
ldns_sha384_final( ldns_rdf_data(ldns_rr_rdf(sha384,3))
, &zd->sha384_CTX);
if (sha512)
ldns_sha512_final( ldns_rdf_data(ldns_rr_rdf(sha512,3))
, &zd->sha512_CTX);
return rr_list;
}
if (ret_st)
*ret_st = st;
if (sha384)
ldns_rr_free(sha384);
if (sha512)
ldns_rr_free(sha512);
if (rr_list)
ldns_rr_list_deep_free(rr_list);
return NULL;
}
static ldns_status
ldns_digest_zone(ldns_dnssec_zone *zone, zone_digester *zd)
{
ldns_status st = LDNS_STATUS_OK;
dnssec_zone_rr_iter rr_iter;
ldns_rr *rr;
ldns_rdf *apex_name; /* name of zone apex */
if (!zone || !zd || !zone->soa || !zone->soa->name)
return LDNS_STATUS_NULL;
apex_name = zone->soa->name;
for ( rr = dnssec_zone_rr_iter_first(&rr_iter, zone)
; rr && !st
; rr = dnssec_zone_rr_iter_next(&rr_iter)) {
/* Skip apex ZONEMD RRs */
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_ZONEMD
&& !ldns_dname_compare(ldns_rr_owner(rr), apex_name))
continue;
/* Skip RRSIGs for apex ZONEMD RRs */
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG
&& LDNS_RR_TYPE_ZONEMD == ldns_rdf2rr_type(
ldns_rr_rrsig_typecovered(rr))
&& !ldns_dname_compare(ldns_rr_owner(rr), apex_name))
continue;
st = zone_digester_update(zd, rr);
}
return st;
}
ldns_status
ldns_dnssec_zone_verify_zonemd(ldns_dnssec_zone *zone)
{
ldns_dnssec_rrsets *zonemd, *soa;
zone_digester zd;
ldns_dnssec_rrs *rrs;
ldns_rr *soa_rr;
ldns_status st;
uint8_t simple_sha384[LDNS_SHA384_DIGEST_LENGTH];
uint8_t simple_sha512[LDNS_SHA512_DIGEST_LENGTH];
size_t valid_zonemds;
if (!zone)
return LDNS_STATUS_NULL;
zonemd = ldns_dnssec_zone_find_rrset(
zone, zone->soa->name, LDNS_RR_TYPE_ZONEMD);
if (!zonemd) {
ldns_rbnode_t *nsec3_node;
/* we need proof of non-existence for ZONEMD at the apex */
if (zone->soa->nsec) {
if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(
zone->soa->nsec),
LDNS_RR_TYPE_ZONEMD))
return LDNS_STATUS_NO_ZONEMD;
} else if (!zone->soa->hashed_name || !zone->hashed_names)
return LDNS_STATUS_NO_ZONEMD;
else if (LDNS_RBTREE_NULL ==
(nsec3_node = ldns_rbtree_search( zone->hashed_names
, zone->soa->hashed_name)))
return LDNS_STATUS_NO_ZONEMD;
else {
ldns_dnssec_name *nsec3
= (ldns_dnssec_name *)nsec3_node->data;
if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(
nsec3->nsec),
LDNS_RR_TYPE_ZONEMD))
return LDNS_STATUS_NO_ZONEMD;
}
/* ZONEMD at apex does really not exist */
return LDNS_STATUS_OK;
}
soa = ldns_dnssec_zone_find_rrset(
zone, zone->soa->name, LDNS_RR_TYPE_SOA);
if (!soa || !soa->rrs || !soa->rrs->rr)
return LDNS_STATUS_ZONEMD_INVALID_SOA;
soa_rr = soa->rrs->rr;
if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA
|| ldns_rr_rd_count(soa_rr) < 3)
return LDNS_STATUS_ZONEMD_INVALID_SOA;
zone_digester_init(&zd);
for (rrs = zonemd->rrs; rrs; rrs = rrs->next) {
if (!rrs->rr
|| ldns_rr_get_type(rrs->rr) != LDNS_RR_TYPE_ZONEMD
|| ldns_rr_rd_count(rrs->rr) < 4)
continue;
/* serial should match SOA's serial */
if (ldns_rdf2native_int32(ldns_rr_rdf(soa_rr, 2))
!= ldns_rdf2native_int32(ldns_rr_rdf(rrs->rr, 0)))
continue;
/* Add (scheme, hash) to digester */
zone_digester_add(&zd,
ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 1)),
ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 2)));
}
if (!zone_digester_set(&zd))
return LDNS_STATUS_NO_VALID_ZONEMD;
if ((st = ldns_digest_zone(zone, &zd)))
return st;
if (zd.simple_sha384)
ldns_sha384_final(simple_sha384, &zd.sha384_CTX);
if (zd.simple_sha512)
ldns_sha512_final(simple_sha512, &zd.sha512_CTX);
valid_zonemds = 0;
for (rrs = zonemd->rrs; rrs; rrs = rrs->next) {
if (!rrs->rr
|| ldns_rr_get_type(rrs->rr) != LDNS_RR_TYPE_ZONEMD
|| ldns_rr_rd_count(rrs->rr) < 4)
continue;
/* serial should match SOA's serial */
if (ldns_rdf2native_int32(ldns_rr_rdf(soa_rr, 2))
!= ldns_rdf2native_int32(ldns_rr_rdf(rrs->rr, 0)))
continue;
if (ZONEMD_SCHEME_SIMPLE !=
ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 1)))
continue;
if (ZONEMD_HASH_SHA384
== ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr,2))
&& LDNS_SHA384_DIGEST_LENGTH
== ldns_rdf_size(ldns_rr_rdf(rrs->rr, 3))
&& memcmp( simple_sha384
, ldns_rdf_data(ldns_rr_rdf(rrs->rr, 3))
, LDNS_SHA384_DIGEST_LENGTH) == 0)
valid_zonemds += 1;
if (ZONEMD_HASH_SHA512
== ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr,2))
&& LDNS_SHA512_DIGEST_LENGTH
== ldns_rdf_size(ldns_rr_rdf(rrs->rr, 3))
&& memcmp( simple_sha512
, ldns_rdf_data(ldns_rr_rdf(rrs->rr, 3))
, LDNS_SHA512_DIGEST_LENGTH) == 0)
valid_zonemds += 1;
}
return valid_zonemds ? LDNS_STATUS_OK : LDNS_STATUS_NO_VALID_ZONEMD;
}
#ifdef HAVE_SSL
static ldns_status
rr_list2dnssec_rrs(ldns_rr_list *rr_list, ldns_dnssec_rrs **rrs,
ldns_rr_list *new_rrs)
{
ldns_rr *rr = NULL;
if (!rr_list || !rrs)
return LDNS_STATUS_NULL;
if (ldns_rr_list_rr_count(rr_list) == 0)
return LDNS_STATUS_OK;
if (!*rrs) {
if (!(*rrs = ldns_dnssec_rrs_new()))
return LDNS_STATUS_MEM_ERR;
(*rrs)->rr = ldns_rr_list_pop_rr(rr_list);
if (new_rrs)
ldns_rr_list_push_rr(new_rrs, (*rrs)->rr);
}
while ((rr = ldns_rr_list_pop_rr(rr_list))) {
ldns_status st;
if ((st = ldns_dnssec_rrs_add_rr(*rrs, rr))) {
ldns_rr_list_push_rr(rr_list, rr);
return st;
} else if (new_rrs)
ldns_rr_list_push_rr(new_rrs, rr);
}
return LDNS_STATUS_OK;
}
ldns_status
dnssec_zone_equip_zonemd(ldns_dnssec_zone *zone,
ldns_rr_list *new_rrs, ldns_key_list *key_list, int signflags)
{
ldns_status st = LDNS_STATUS_OK;
zone_digester zd;
ldns_rr_list *zonemd_rr_list = NULL;
ldns_rr_list *zonemd_rrsigs = NULL;
ldns_dnssec_rrsets *soa_rrset;
ldns_rr *soa_rr = NULL;
ldns_dnssec_rrsets **rrset_ref;
ldns_dnssec_rrsets *zonemd_rrset;
zone_digester_init(&zd);
if (signflags & LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384)
zone_digester_add(&zd, ZONEMD_SCHEME_SIMPLE
, ZONEMD_HASH_SHA384);
if (signflags & LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512)
zone_digester_add(&zd, ZONEMD_SCHEME_SIMPLE
, ZONEMD_HASH_SHA512);
if ((st = ldns_digest_zone(zone, &zd)))
return st;
soa_rrset = ldns_dnssec_zone_find_rrset(
zone, zone->soa->name, LDNS_RR_TYPE_SOA);
if (!soa_rrset || !soa_rrset->rrs || !soa_rrset->rrs->rr)
return LDNS_STATUS_ZONEMD_INVALID_SOA;
soa_rr = soa_rrset->rrs->rr;
if (!(zonemd_rr_list = zone_digester_export(&zd, soa_rr, &st)))
return st;
/* - replace or add ZONEMD rrset */
rrset_ref = &zone->soa->rrsets; /* scan rrsets at apex */
while (*rrset_ref && (*rrset_ref)->type < LDNS_RR_TYPE_ZONEMD)
rrset_ref = &(*rrset_ref)->next;
if (*rrset_ref && (*rrset_ref)->type == LDNS_RR_TYPE_ZONEMD) {
/* reuse zonemd rrset */
zonemd_rrset = *rrset_ref;
ldns_dnssec_rrs_free(zonemd_rrset->rrs);
zonemd_rrset->rrs = NULL;
ldns_dnssec_rrs_free(zonemd_rrset->signatures);
zonemd_rrset->signatures = NULL;
} else {
/* insert zonemd rrset */
zonemd_rrset = ldns_dnssec_rrsets_new();
if (!zonemd_rrset) {
ldns_rr_list_deep_free(zonemd_rr_list);
return LDNS_STATUS_MEM_ERR;
}
zonemd_rrset->type = LDNS_RR_TYPE_ZONEMD;
zonemd_rrset->next = *rrset_ref;
*rrset_ref = zonemd_rrset;
}
if ((zonemd_rrsigs = ldns_sign_public(zonemd_rr_list, key_list)))
st = rr_list2dnssec_rrs( zonemd_rrsigs
, &zonemd_rrset->signatures, new_rrs);
if (!st)
st = rr_list2dnssec_rrs( zonemd_rr_list
, &zonemd_rrset->rrs, new_rrs);
ldns_rr_list_deep_free(zonemd_rr_list);
ldns_rr_list_deep_free(zonemd_rrsigs);
return st;
}
#endif /* HAVE_SSL */

6
doc/API-header.xml
View file

@ -68,7 +68,7 @@ A small abstract will come here, TBD.
<section title="Introduction">
<t>
LibDNS (or lDNS) is modelled after the Net::DNS perl library. It has
been shown that Net::DNS can be used vefficiently for
been shown that Net::DNS can be used efficiently for
programming DNS aware applications. We want to bring the same
level of efficiency to C programmers.
</t>
@ -97,9 +97,9 @@ Further more it is to be expected that lDNS will depend on OpenSSL for
its cryptography.
</t>
<t>
As said, lDNS is modelled after Net::DNS, therefor its application API
As said, lDNS is modelled after Net::DNS, therefore its application API
looks very much like the one used for Net::DNS. Some modification are made
ofcourse, because not all functionality of Perl can be caught in C.
of course, because not all functionality of Perl can be caught in C.
</t>
<t>

10
doc/API.xml
View file

@ -68,7 +68,7 @@ A small abstract will come here, TBD.
<section title="Introduction">
<t>
LibDNS (or lDNS) is modelled after the Net::DNS perl library. It has
been shown that Net::DNS can be used vefficiently for
been shown that Net::DNS can be used efficiently for
programming DNS aware applications. We want to bring the same
level of efficiency to C programmers.
</t>
@ -97,9 +97,9 @@ Further more it is to be expected that lDNS will depend on OpenSSL for
its cryptography.
</t>
<t>
As said, lDNS is modelled after Net::DNS, therefor its application API
As said, lDNS is modelled after Net::DNS, therefore its application API
looks very much like the one used for Net::DNS. Some modification are made
ofcourse, because not all functionality of Perl can be caught in C.
of course, because not all functionality of Perl can be caught in C.
</t>
<t>
@ -336,7 +336,7 @@ Returns a pointer to a ldns_rr_list of representing the additional
section of the packet.
</t>
<t hangText=" void ldsn_pkt_print(ldns_pkt *pkt):">
<t hangText=" void ldns_pkt_print(ldns_pkt *pkt):">
Prints the packet data on the standard output in an ASCII format similar
to that used in DNS zone files. See RFC1035.
@ -400,7 +400,7 @@ insert your long list here.
<section title="Examples">
<t>
A small example, which queries a nameserver on localhost
to diplay the MX records for miek.nl.
to display the MX records for miek.nl.
</t>
<t>

2
doc/CodingStyle
View file

@ -60,5 +60,5 @@ The libdns coding style guide
arcount = additional section count
ldns-<tools>
* use exit(EXIT_FAILURE)/ exit(SUCCES)
* use exit(EXIT_FAILURE)/ exit(EXIT_SUCCESS)
*

2
doc/dns-lib-implementations
View file

@ -20,7 +20,7 @@ From libfiredns(3):
libfiredns is a library for handling asynchronous DNS
requests. It provides a very simple interface for sending
requests and parsing reponses, as well as low-timeout
requests and parsing responses, as well as low-timeout
blocking functions. libfiredns functions have much lower
timeouts than the stock functions and tend to be faster
because they send requests to all configured system

6
doc/doxyparse.pl
View file

@ -37,8 +37,7 @@ my $BASE="doc/man";
my $MAN_SECTION = "3";
my $MAN_HEADER = ".ad l\n.TH ldns $MAN_SECTION \"30 May 2006\"\n";
my $MAN_MIDDLE = ".SH AUTHOR
The ldns team at NLnet Labs. Which consists out of
Jelte Jansen and Miek Gieben.
The ldns team at NLnet Labs.
.SH REPORTING BUGS
Please report bugs to ldns-team\@nlnetlabs.nl or in
@ -53,8 +52,7 @@ MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
";
my $MAN_FOOTER = ".SH REMARKS
This manpage was automatically generated from the ldns source code by
use of Doxygen and some perl.
This manpage was automatically generated from the ldns source code.
";
getopts("em:",\%options);

6
doc/function_manpages
View file

@ -47,7 +47,7 @@ ldns_rdf, ldns_rdf_type | ldns_rdf_set_size, ldns_rdf_set_type, ldns_rdf_set_dat
ldns_rdf_set_size, ldns_rdf_set_type, ldns_rdf_set_data | ldns_rdf - set rdf attributes
ldns_rdf_size, ldns_rdf_get_type, ldns_rdf_data, ldns_rdf_compare | ldns_rdf - get rdf attributes
ldns_rdf_new, ldns_rdf_clone, ldns_rdf_new_frm_data, ldns_rdf_new_frm_str, ldns_rdf_new_frm_fp, ldns_rdf_free, ldns_rdf_deep_free, ldns_rdf_print | ldns_rdf - ldns_rdf creation, destruction and printing
ldns_native2rdf_int8, ldns_native2rdf_int16, ldns_native2rdf_int32, ldns_native2rdf_int16_data, ldns_rdf2native_int8, ldns_rdf2native_int16, ldns_rdf2native_int32, ldns_rdf2native_sockaddr_storage, ldns_rdf2native_time_t | ldns_rdf - rdf numeric converion functions
ldns_native2rdf_int8, ldns_native2rdf_int16, ldns_native2rdf_int32, ldns_native2rdf_int16_data, ldns_rdf2native_int8, ldns_rdf2native_int16, ldns_rdf2native_int32, ldns_rdf2native_sockaddr_storage, ldns_rdf2native_time_t | ldns_rdf - rdf numeric conversion functions
ldns_rdf_address_reverse | ldns_rdf - reverse an address rdf
ldns_octet | ldns_rdf - removes escaped from the input
# why is this in rdata.h?
@ -121,7 +121,7 @@ ldns_key | ldns_key_new, ldns_key_new_frm_algorithm,ldns_key_new_frm_fp,ldns_key
### MIEK TOT HIER TOT HIER
# errr.h
# error.h
ldns_get_errorstr_by_id, ldns_status - errors
### net.h
@ -169,7 +169,7 @@ ldns_rr_label_count | ldns_rr, ldns_rr_list - return ownername label count
ldns_rr_descriptor, ldns_rr_descript, ldns_rr_descriptor_minimum, ldns_rr_descriptor_maximum, ldns_rr_descriptor_field_type | ldns_rr, ldns_rdf - rdata field descriptors
# packet.h
ldns_pkt, ldns_pkt_section, ldns_pkt_type | ldns_pkt_new, ldns_pkt_free, ldns_pkt_print, ldns_pkt_query_new, ldns_pkt_query_new_frm_str, ldns_pkt_reply_type, ldns_pkt_id, ldns_pkt_qr, ldns_pkt_aa, ldns_pkt_tc, ldns_pkt_rd, ldns_pkt_cd, ldns_pkt_ra, ldns_pkt_ad, ldns_pkt_get_opcode, ldns_pkt_get_rcode, ldns_pkt_qdcount, ldns_pkt_ancount, ldns_pkt_nscount, ldns_pkt_arcount, ldns_pkt_answerfrom, ldns_pkt_querytime, ldns_pkt_size, ldns_pkt_tsig, ldns_pkt_question, ldns_pkt_answer, ldns_pkt_authority, ldns_pkt_additional, ldns_pkt_get_section_clone, ldns_pkt_rr_list_by_name, ldns_pkt_rr_list_by_type, ldns_pkt_rr_list_by_name_and_type, ldns_pkt_set_flags, ldns_pkt_set_id, ldns_pkt_set_qr, ldns_pkt_set_aa, ldns_pkt_set_tc, ldns_pkt_set_rd, ldns_pkt_set_cd, ldns_pkt_set_ra, ldns_pkt_set_ad, ldns_pkt_set_opcode, ldns_pkt_set_rcode, ldns_pkt_set_qdcount, ldns_pkt_set_ancount, ldns_pkt_set_nscount, ldns_pkt_set_arcount, ldns_pkt_set_answerfrom, ldns_pkt_set_querytime, ldns_pkt_set_size, ldns_pkt_set_section_count, ldns_pkt_set_tsig, ldns_pkt_edns, ldns_pkt_edns_udp_size, ldns_pkt_edns_extended_rcode, ldns_pkt_edns_version, ldns_pkt_edns_z, ldns_pkt_edns_data, ldns_pkt_set_edns_udp_size, ldns_pkt_set_edns_extended_rcode, ldns_pkt_set_edns_version, ldns_pkt_set_edns_z, ldns_pkt_set_edns_data - request or anser packets types
ldns_pkt, ldns_pkt_section, ldns_pkt_type | ldns_pkt_new, ldns_pkt_free, ldns_pkt_print, ldns_pkt_query_new, ldns_pkt_query_new_frm_str, ldns_pkt_reply_type, ldns_pkt_id, ldns_pkt_qr, ldns_pkt_aa, ldns_pkt_tc, ldns_pkt_rd, ldns_pkt_cd, ldns_pkt_ra, ldns_pkt_ad, ldns_pkt_get_opcode, ldns_pkt_get_rcode, ldns_pkt_qdcount, ldns_pkt_ancount, ldns_pkt_nscount, ldns_pkt_arcount, ldns_pkt_answerfrom, ldns_pkt_querytime, ldns_pkt_size, ldns_pkt_tsig, ldns_pkt_question, ldns_pkt_answer, ldns_pkt_authority, ldns_pkt_additional, ldns_pkt_get_section_clone, ldns_pkt_rr_list_by_name, ldns_pkt_rr_list_by_type, ldns_pkt_rr_list_by_name_and_type, ldns_pkt_set_flags, ldns_pkt_set_id, ldns_pkt_set_qr, ldns_pkt_set_aa, ldns_pkt_set_tc, ldns_pkt_set_rd, ldns_pkt_set_cd, ldns_pkt_set_ra, ldns_pkt_set_ad, ldns_pkt_set_opcode, ldns_pkt_set_rcode, ldns_pkt_set_qdcount, ldns_pkt_set_ancount, ldns_pkt_set_nscount, ldns_pkt_set_arcount, ldns_pkt_set_answerfrom, ldns_pkt_set_querytime, ldns_pkt_set_size, ldns_pkt_set_section_count, ldns_pkt_set_tsig, ldns_pkt_edns, ldns_pkt_edns_udp_size, ldns_pkt_edns_extended_rcode, ldns_pkt_edns_version, ldns_pkt_edns_z, ldns_pkt_edns_unassigned, ldns_pkt_edns_data, ldns_pkt_set_edns_udp_size, ldns_pkt_set_edns_extended_rcode, ldns_pkt_set_edns_version, ldns_pkt_set_edns_z, ldns_pkt_set_edns_unassigned, ldns_pkt_set_edns_data - request or answer packets types
ldns_pkt_new, ldns_pkt_free, ldns_pkt_print, ldns_pkt_query_new, ldns_pkt_query_new_frm_str, ldns_pkt_reply_type | ldns_pkt - ldns_pkt creation, destruction and printing
# gets

470
doc/ldns_manpages Normal file
View file

@ -0,0 +1,470 @@
ldns_rr_new
ldns_rr_new_frm_type
ldns_rr_new_frm_str
ldns_rr_new_frm_fp
ldns_rr_free
ldns_rr_print
ldns_pkt_verify
ldns_rr_uncompressed_size
ldns_pkt_set_flags
ldns_pkt_set_id
ldns_pkt_set_qr
ldns_pkt_set_aa
ldns_pkt_set_tc
ldns_pkt_set_rd
ldns_pkt_set_cd
ldns_pkt_set_ra
ldns_pkt_set_ad
ldns_pkt_set_opcode
ldns_pkt_set_rcode
ldns_pkt_set_qdcount
ldns_pkt_set_ancount
ldns_pkt_set_nscount
ldns_pkt_set_arcount
ldns_pkt_set_answerfrom
ldns_pkt_set_querytime
ldns_pkt_set_size
ldns_pkt_set_section_count
ldns_pkt_set_tsig
ldns_dname2canonical
ldns_dnssec_data_chain
ldns_dnssec_data_chain_struct
ldns_dnssec_trust_tree
ldns_rr_list_sort
ldns_key_list_push_key
ldns_key_list_pop_key
ldns_rr_set_push_rr
ldns_rr_set_pop_rr
ldns_get_rr_list_hosts_frm_file
ldns_get_rr_list_hosts_frm_fp
ldns_get_rr_list_hosts_frm_fp_l
ldns_send
ldns_verify
ldns_verify_rrsig
ldns_verify_rrsig_keylist
ldns_verify_rrsig_keylist_notime
ldns_verify_notime
ldns_update_pkt_new
ldns_zone_push_rr
ldns_zone_push_rr_list
ldns_key2rr
ldns_rr_list_cat
ldns_rr_list_push_rr
ldns_rr_list_pop_rr
ldns_zone_rrs
ldns_zone_soa
ldns_rr_rdf
ldns_rr_owner
ldns_rr_rd_count
ldns_rr_ttl
ldns_rr_get_class
ldns_fget_token
ldns_fskipcs
ldns_rdf_address_reverse
ldns_rr_label_count
ldns_zone_sort
ldns_zone_glue_rr_list
ldns_dnssec_zone_sign
ldns_dnssec_zone_sign_nsec3
ldns_dnssec_zone_mark_glue
ldns_dnssec_name_node_next_nonglue
ldns_dnssec_zone_create_nsecs
ldns_dnssec_remove_signatures
ldns_dnssec_zone_create_rrsigs
ldns_rr2wire
ldns_pkt2wire
ldns_rdf2wire
ldns_native2rdf_int8
ldns_native2rdf_int16
ldns_native2rdf_int32
ldns_native2rdf_int16_data
ldns_rdf2native_int8
ldns_rdf2native_int16
ldns_rdf2native_int32
ldns_rdf2native_sockaddr_storage
ldns_rdf2native_time_t
ldns_dane_create_tlsa_rr
ldns_dane_create_tlsa_owner
ldns_dane_cert2rdf
ldns_dane_select_certificate
ldns_dnssec_trust_tree_new
ldns_dnssec_trust_tree_free
ldns_dnssec_trust_tree_depth
ldns_dnssec_derive_trust_tree
ldns_dnssec_trust_tree_contains_keys
ldns_dnssec_trust_tree_print
ldns_dnssec_trust_tree_print_sm
ldns_dnssec_trust_tree_add_parent
ldns_dnssec_derive_trust_tree_normal_rrset
ldns_dnssec_derive_trust_tree_dnskey_rrset
ldns_dnssec_derive_trust_tree_ds_rrset
ldns_dnssec_derive_trust_tree_no_sig
ldns_update_set_zocount
ldns_update_set_prcount
ldns_update_set_upcount
ldns_update_set_adcount
ldns_rr2str
ldns_pkt2str
ldns_rdf2str
ldns_rr_list2str
ldns_key2str
ldns_dname_left_chop
ldns_dname_label_count
ldns_dnssec_data_chain_new
ldns_dnssec_data_chain_free
ldns_dnssec_data_chain_deep_free
ldns_dnssec_build_data_chain
ldns_dnssec_data_chain_print
ldns_zone_rr_count
ldns_dname_cat_clone
ldns_dname_cat
ldns_rr_set_owner
ldns_rr_set_ttl
ldns_rr_set_type
ldns_rr_set_rd_count
ldns_rr_set_class
ldns_rr_set_rdf
ldns_buffer_write_at
ldns_buffer_write
ldns_buffer_write_string_at
ldns_buffer_write_string
ldns_buffer_write_u8_at
ldns_buffer_write_u8
ldns_buffer_write_u16_at
ldns_buffer_write_u16
ldns_buffer_read_at
ldns_buffer_read
ldns_buffer_read_u8_at
ldns_buffer_read_u8
ldns_buffer_read_u16_at
ldns_buffer_read_u16
ldns_buffer_read_u32_at
ldns_buffer_read_u32
ldns_buffer_write_u32
ldns_buffer_write_u32_at
ldns_b32_ntop_calculate_size
ldns_b32_pton_calculate_size
ldns_b64_ntop_calculate_size
ldns_b64_pton_calculate_size
ldns_rr_list_rr_count
ldns_rr_list_set_rr_count
ldns_get_rr_list_addr_by_name
ldns_get_rr_list_name_by_addr
ldns_calc_keytag
ldns_calc_keytag_raw
ldns_wire2rr
ldns_wire2pkt
ldns_wire2rdf
ldns_wire2dname
ldns_pkt
ldns_pkt_section
ldns_pkt_type
ldns_dnssec_name_new
ldns_dnssec_name_new_frm_rr
ldns_dnssec_name_free
ldns_dnssec_name_name
ldns_dnssec_name_set_name
ldns_dnssec_name_set_nsec
ldns_dnssec_name_cmp
ldns_dnssec_name_add_rr
ldns_dnssec_name_find_rrset
ldns_dnssec_name_print
ldns_get_errorstr_by_id
ldns_status
ldns_pkt_id
ldns_pkt_qr
ldns_pkt_aa
ldns_pkt_tc
ldns_pkt_rd
ldns_pkt_cd
ldns_pkt_ra
ldns_pkt_ad
ldns_pkt_get_opcode
ldns_pkt_get_rcode
ldns_pkt_qdcount
ldns_pkt_ancount
ldns_pkt_nscount
ldns_pkt_arcount
ldns_pkt_answerfrom
ldns_pkt_querytime
ldns_pkt_size
ldns_pkt_tsig
ldns_pkt_question
ldns_pkt_answer
ldns_pkt_authority
ldns_pkt_additional
ldns_pkt_get_section_clone
ldns_pkt_rr_list_by_name
ldns_pkt_rr_list_by_type
ldns_pkt_rr_list_by_name_and_type
ldns_rdf_new
ldns_rdf_clone
ldns_rdf_new_frm_data
ldns_rdf_new_frm_str
ldns_rdf_new_frm_fp
ldns_rdf_free
ldns_rdf_deep_free
ldns_rdf_print
ldns_rr_list_clone
ldns_rr2canonical
ldns_octet
ldns_key_new
ldns_key_new_frm_algorithm
ldns_key_new_frm_fp
ldns_key_new_frm_fp_l
ldns_key_new_frm_fp_rsa
ldns_key_new_frm_fp_rsa_l
ldns_key_new_frm_fp_dsa
ldns_key_new_frm_fp_dsa_l
ldns_rr_push_rdf
ldns_rr_pop_rdf
ldns_algorithm
ldns_rr_ns_nsdname
ldns_key_list_new
ldns_rr_list_new
ldns_rr_list_free
ldns_key_buf2dsa
ldns_key_buf2rsa
ldns_rdf
ldns_rdf_type
ldns_rr_descriptor
ldns_rr_descript
ldns_rr_descriptor_minimum
ldns_rr_descriptor_maximum
ldns_rr_descriptor_field_type
ldns_duration_type
ldns_duration_create
ldns_duration_create_from_string
ldns_duration_cleanup
ldns_duration_compare
ldns_duration2string
ldns_duration2time
ldns_getaddrinfo
ldns_is_rrset
ldns_dname_new
ldns_dname_new_frm_str
ldns_dname_new_frm_data
ldns_pkt_new
ldns_pkt_free
ldns_pkt_print
ldns_pkt_query_new
ldns_pkt_query_new_frm_str
ldns_pkt_reply_type
ldns_key_rr2ds
ldns_key
ldns_dnssec_zone_find_rrset
ldns_dnssec_zone_new
ldns_dnssec_zone_free
ldns_dnssec_zone_add_rr
ldns_dnssec_zone_names_print
ldns_dnssec_zone_print
ldns_dnssec_zone_add_empty_nonterminals
ldns_str2period
ldns_rr_dnskey_flags
ldns_rr_dnskey_set_flags
ldns_rr_dnskey_protocol
ldns_rr_dnskey_set_protocol
ldns_rr_dnskey_algorithm
ldns_rr_dnskey_set_algorithm
ldns_rr_dnskey_key
ldns_rr_dnskey_set_key
ldns_get_rr_class_by_name
ldns_get_rr_type_by_name
ldns_dname_is_subdomain
ldns_dname_str_absolute
ldns_dname_label
ldns_pkt2buffer_str
ldns_pktheader2buffer_str
ldns_rr2buffer_str
ldns_rr_list2buffer_str
ldns_rdf2buffer_str
ldns_key2buffer_str
ldns_pkt2buffer_wire
ldns_rr2buffer_wire
ldns_rdf2buffer_wire
ldns_rrsig2buffer_wire
ldns_rr_rdata2buffer_wire
ldns_key_set_algorithm
ldns_key_set_rsa_key
ldns_key_set_dsa_key
ldns_key_set_hmac_key
ldns_key_set_origttl
ldns_key_set_inception
ldns_key_set_expiration
ldns_key_set_pubkey_owner
ldns_key_set_keytag
ldns_key_set_flags
ldns_key_list_set_key_count
ldns_key_algo_supported
ldns_sign_public
ldns_tcp_send_query
ldns_tcp_read_wire
ldns_tcp_connect
ldns_buffer2pkt_wire
ldns_rr
ldns_rr_class
ldns_rr_type
ldns_rr_compress
ldns_rr_list
ldns_pkt_tsig_verify
ldns_pkt_tsig_sign
ldns_update_pkt_tsig_add
ldns_key_list_key_count
ldns_key_list_key
ldns_key_rsa_key
ldns_key_dsa_key
ldns_key_algorithm
ldns_key_hmac_key
ldns_key_origttl
ldns_key_inception
ldns_key_expiration
ldns_key_keytag
ldns_key_pubkey_owner
ldns_key_flags
ldns_dnssec_rrsets_new
ldns_dnssec_rrsets_free
ldns_dnssec_rrsets_type
ldns_dnssec_rrsets_set_type
ldns_dnssec_rrsets_add_rr
ldns_dnssec_rrsets_print
ldns_zone_sign
ldns_zone_sign_nsec3
ldns_buffer
ldns_buffer_new
ldns_buffer_new_frm_data
ldns_buffer_clear
ldns_buffer_printf
ldns_buffer_free
ldns_buffer_copy
ldns_buffer_export
ldns_buffer_export2str
ldns_buffer2str
ldns_rdf2buffer_str_a
ldns_rdf2buffer_str_aaaa
ldns_rdf2buffer_str_str
ldns_rdf2buffer_str_b64
ldns_rdf2buffer_str_hex
ldns_rdf2buffer_str_type
ldns_rdf2buffer_str_class
ldns_rdf2buffer_str_alg
ldns_rdf2buffer_str_loc
ldns_rdf2buffer_str_unknown
ldns_rdf2buffer_str_nsap
ldns_rdf2buffer_str_wks
ldns_rdf2buffer_str_nsec
ldns_rdf2buffer_str_period
ldns_rdf2buffer_str_tsigtime
ldns_rdf2buffer_str_apl
ldns_rdf2buffer_str_int16_data
ldns_rdf2buffer_str_int16
ldns_rdf2buffer_str_ipseckey
ldns_bubblebabble
ldns_create_nsec
ldns_dname_compare
ldns_dname_interval
ldns_rr_compare
ldns_rr_compare_ds
ldns_buffer_limit
ldns_buffer_set_limit
ldns_buffer_capacity
ldns_buffer_set_capacity
ldns_buffer_reserve
ldns_buffer_at
ldns_buffer_begin
ldns_buffer_end
ldns_buffer_current
ldns_zone_set_rrs
ldns_zone_set_soa
ldns_dnssec_rrs_new
ldns_dnssec_rrs_free
ldns_dnssec_rrs_add_rr
ldns_dnssec_rrs_print
ldns_rr_mx_preference
ldns_rr_mx_exchange
ldns_rdf_size
ldns_rdf_get_type
ldns_rdf_data
ldns_rdf_compare
ldns_verify_rrsig_dsa
ldns_verify_rrsig_rsasha1
ldns_verify_rrsig_rsamd5
ldns_dane_verify
ldns_dane_verify_rr
ldns_update_zocount
ldns_update_prcount
ldns_update_upcount
ldns_update_adcount
ldns_pkt_edns
ldns_pkt_edns_udp_size
ldns_pkt_edns_extended_rcode
ldns_pkt_edns_version
ldns_pkt_edns_z
ldns_pkt_edns_data
ldns_pkt_set_edns_udp_size
ldns_pkt_set_edns_extended_rcode
ldns_pkt_set_edns_version
ldns_pkt_set_edns_z
ldns_pkt_set_edns_data
ldns_rr_rrsig_typecovered
ldns_rr_rrsig_set_typecovered
ldns_rr_rrsig_algorithm
ldns_rr_rrsig_set_algorithm
ldns_rr_rrsig_labels
ldns_rr_rrsig_set_labels
ldns_rr_rrsig_origttl
ldns_rr_rrsig_set_origttl
ldns_rr_rrsig_expiration
ldns_rr_rrsig_set_expiration
ldns_rr_rrsig_inception
ldns_rr_rrsig_set_inception
ldns_rr_rrsig_keytag
ldns_rr_rrsig_set_keytag
ldns_rr_rrsig_signame
ldns_rr_rrsig_set_signame
ldns_rr_rrsig_sig
ldns_rr_rrsig_set_sig
ldns_key_free
ldns_key_deep_free
ldns_key_list_free
ldns_dnssec_verify_denial
ldns_dnssec_verify_denial_nsec3
ldns_sign_public_dsa
ldns_sign_public_rsamd5
ldns_sign_public_rsasha1
ldns_buffer_flip
ldns_buffer_rewind
ldns_buffer_position
ldns_buffer_set_position
ldns_buffer_skip
ldns_init_random
ldns_zone
ldns_zone_new
ldns_zone_free
ldns_zone_deep_free
ldns_zone_new_frm_fp
ldns_zone_new_frm_fp_l
ldns_zone_print
ldns_zone_print_fmt
ldns_version
ldns_dnssec_zone
ldns_dnssec_name
ldns_dnssec_rrs
ldns_dnssec_rrsets
ldns_rdf_set_size
ldns_rdf_set_type
ldns_rdf_set_data
ldns_buffer_remaining_at
ldns_buffer_remaining
ldns_buffer_available_at
ldns_buffer_available
ldns_buffer_status
ldns_buffer_status_ok
ldns_bget_token
ldns_bgetc
ldns_bskipcs
ldns_axfr_start
ldns_axfr_next
ldns_axfr_abort
ldns_axfr_complete
ldns_axfr_last_pkt
ldns_key_print

81
doc/man/man3/ldns_algorithm.3 Normal file
View file

@ -0,0 +1,81 @@
.ad l
.TH ldns 3 "30 May 2006"
.SH NAME
ldns_algorithm \- numbers assigned to algorithms used in dns
.SH SYNOPSIS
#include <stdint.h>
.br
#include <stdbool.h>
.br
.PP
#include <ldns/ldns.h>
.PP
.SH DESCRIPTION
.HP
\fIldns_algorithm\fR
.br
Algorithms used in dns
.br
enum ldns_enum_algorithm
.br
{
.br
LDNS_RSAMD5 = 1, /* RFC 4034,4035 */
.br
LDNS_DH = 2,
.br
LDNS_DSA = 3,
.br
LDNS_ECC = 4,
.br
LDNS_RSASHA1 = 5,
.br
LDNS_DSA_NSEC3 = 6,
.br
LDNS_RSASHA1_NSEC3 = 7,
.br
LDNS_RSASHA256 = 8, /* RFC 5702 */
.br
LDNS_RSASHA512 = 10, /* RFC 5702 */
.br
LDNS_ECC_GOST = 12, /* RFC 5933 */
.br
LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */
.br
LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */
.br
LDNS_ED25519 = 15, /* RFC 8080 */
.br
LDNS_ED448 = 16, /* RFC 8080 */
.br
LDNS_INDIRECT = 252,
.br
LDNS_PRIVATEDNS = 253,
.br
LDNS_PRIVATEOID = 254
.br
};
.br
typedef enum ldns_enum_algorithm ldns_algorithm;
.PP
.SH AUTHOR
The ldns team at NLnet Labs.
.SH REPORTING BUGS
Please report bugs to ldns-team@nlnetlabs.nl or in
our bugzilla at
http://www.nlnetlabs.nl/bugs/index.html
.SH COPYRIGHT
Copyright (c) 2004 - 2006 NLnet Labs.
.PP
Licensed under the BSD License. There is NO warranty; not even for
MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
.SH SEE ALSO
\fBperldoc Net::DNS\fR, \fBRFC1034\fR,
\fBRFC1035\fR, \fBRFC4033\fR, \fBRFC4034\fR and \fBRFC4035\fR.
.SH REMARKS
This manpage was automatically generated from the ldns source code.

1
doc/man/man3/ldns_axfr_abort.3 Symbolic link
View file

@ -0,0 +1 @@
ldns_axfr_start.3

1
doc/man/man3/ldns_axfr_complete.3 Symbolic link
View file

@ -0,0 +1 @@
ldns_axfr_start.3

1
doc/man/man3/ldns_axfr_last_pkt.3 Symbolic link
View file

@ -0,0 +1 @@
ldns_axfr_start.3

1
doc/man/man3/ldns_axfr_next.3 Symbolic link
View file

@ -0,0 +1 @@
ldns_axfr_start.3

81
doc/man/man3/ldns_axfr_start.3 Normal file
View file

@ -0,0 +1,81 @@
.ad l
.TH ldns 3 "30 May 2006"
.SH NAME
ldns_axfr_start, ldns_axfr_next, ldns_axfr_abort, ldns_axfr_complete, ldns_axfr_last_pkt \- functions for full zone transfer
.SH SYNOPSIS
#include <stdint.h>
.br
#include <stdbool.h>
.br
.PP
#include <ldns/ldns.h>
.PP
ldns_axfr_start();
.PP
ldns_rr* ldns_axfr_next(ldns_resolver *resolver);
.PP
void ldns_axfr_abort(ldns_resolver *resolver);
.PP
bool ldns_axfr_complete(const ldns_resolver *resolver);
.PP
ldns_pkt* ldns_axfr_last_pkt(const ldns_resolver *res);
.PP
.SH DESCRIPTION
.HP
\fIldns_axfr_start\fR()
.PP
.HP
\fIldns_axfr_next\fR()
Get the next stream of RRs in a \%AXFR
\.br
\fBresolver\fR: the resolver to use. First ldns_axfr_start() must be
called
\.br
Returns ldns_rr the next \%RR from the \%AXFR stream
After you get this returned \%RR (not \%NULL: on error), then check if
ldns_axfr_complete() is true to see if the zone transfer has completed.
.PP
.HP
\fIldns_axfr_abort\fR()
Abort a transfer that is in progress
\.br
\fBresolver\fR: the resolver that is used
.PP
.HP
\fIldns_axfr_complete\fR()
Returns true if the axfr transfer has completed (i.e. 2 \%SOA RRs and no errors were encountered
\.br
\fBresolver\fR: the resolver that is used
\.br
Returns bool true if axfr transfer was completed without error
.PP
.HP
\fIldns_axfr_last_pkt\fR()
Returns a pointer to the last ldns_pkt that was sent by the server in the \%AXFR transfer
usable for instance to get the error code on failure
\.br
\fBres\fR: the resolver that was used in the axfr transfer
\.br
Returns ldns_pkt the last packet sent
.PP
.SH AUTHOR
The ldns team at NLnet Labs.
.SH REPORTING BUGS
Please report bugs to ldns-team@nlnetlabs.nl or in
our bugzilla at
http://www.nlnetlabs.nl/bugs/index.html
.SH COPYRIGHT
Copyright (c) 2004 - 2006 NLnet Labs.
.PP
Licensed under the BSD License. There is NO warranty; not even for
MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
.SH SEE ALSO
\fBperldoc Net::DNS\fR, \fBRFC1034\fR,
\fBRFC1035\fR, \fBRFC4033\fR, \fBRFC4034\fR and \fBRFC4035\fR.
.SH REMARKS
This manpage was automatically generated from the ldns source code.

54
doc/man/man3/ldns_b32_ntop_calculate_size.3 Normal file
View file

@ -0,0 +1,54 @@
.ad l
.TH ldns 3 "30 May 2006"
.SH NAME
ldns_b32_ntop_calculate_size, ldns_b32_pton_calculate_size, ldns_b64_ntop_calculate_size, ldns_b64_pton_calculate_size \- return size needed for b32 or b64 encoded or decoded data
.SH SYNOPSIS
#include <stdint.h>
.br
#include <stdbool.h>
.br
.PP
#include <ldns/ldns.h>
.PP
ldns_b32_ntop_calculate_size();
.PP
ldns_b32_pton_calculate_size();
.PP
ldns_b64_ntop_calculate_size();
.PP
ldns_b64_pton_calculate_size();
.PP
.SH DESCRIPTION
.HP
\fIldns_b32_ntop_calculate_size\fR()
.PP
.HP
\fIldns_b32_pton_calculate_size\fR()
.PP
.HP
\fIldns_b64_ntop_calculate_size\fR()
.PP
.HP
\fIldns_b64_pton_calculate_size\fR()
.PP
.SH AUTHOR
The ldns team at NLnet Labs.
.SH REPORTING BUGS
Please report bugs to ldns-team@nlnetlabs.nl or in
our bugzilla at
http://www.nlnetlabs.nl/bugs/index.html
.SH COPYRIGHT
Copyright (c) 2004 - 2006 NLnet Labs.
.PP
Licensed under the BSD License. There is NO warranty; not even for
MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
.SH SEE ALSO
\fBperldoc Net::DNS\fR, \fBRFC1034\fR,
\fBRFC1035\fR, \fBRFC4033\fR, \fBRFC4034\fR and \fBRFC4035\fR.
.SH REMARKS
This manpage was automatically generated from the ldns source code.

1
doc/man/man3/ldns_b32_pton_calculate_size.3 Symbolic link
View file

@ -0,0 +1 @@
ldns_b32_ntop_calculate_size.3

1
doc/man/man3/ldns_b64_ntop_calculate_size.3 Symbolic link
View file

@ -0,0 +1 @@
ldns_b32_ntop_calculate_size.3

1
doc/man/man3/ldns_b64_pton_calculate_size.3 Symbolic link
View file

@ -0,0 +1 @@
ldns_b32_ntop_calculate_size.3

79
doc/man/man3/ldns_bget_token.3 Normal file
View file

@ -0,0 +1,79 @@
.ad l
.TH ldns 3 "30 May 2006"
.SH NAME
ldns_bget_token, ldns_bgetc, ldns_bskipcs \- get tokens from buffers
.SH SYNOPSIS
#include <stdint.h>
.br
#include <stdbool.h>
.br
.PP
#include <ldns/ldns.h>
.PP
ssize_t ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit);
.PP
int ldns_bgetc(ldns_buffer *buffer);
.PP
void ldns_bskipcs(ldns_buffer *buffer, const char *s);
.PP
.SH DESCRIPTION
.HP
\fIldns_bget_token\fR()
returns a token/char from the buffer b.
This function deals with ( and ) in the buffer,
and ignores when it finds them.
\.br
\fB*b\fR: the buffer to read from
\.br
\fB*token\fR: the token is put here
\.br
\fB*delim\fR: chars at which the parsing should stop
\.br
\fB*limit\fR: how much to read. If 0 the builtin maximum is used
\.br
Returns s 0 on error of \%EOF of b. Otherwise return the length of what is read
.PP
.HP
\fIldns_bgetc\fR()
returns the next character from a buffer. Advances the position pointer with 1.
When end of buffer is reached returns \%EOF. This is the buffer's equivalent
for getc().
\.br
\fB*buffer\fR: buffer to read from
\.br
Returns \%EOF on failure otherwise return the character
.PP
.HP
\fIldns_bskipcs\fR()
skips all of the characters in the given string in the buffer, moving
the position to the first character that is not in *s.
\.br
\fB*buffer\fR: buffer to use
\.br
\fB*s\fR: characters to skip
\.br
Returns void
.PP
.SH AUTHOR
The ldns team at NLnet Labs.
.SH REPORTING BUGS
Please report bugs to ldns-team@nlnetlabs.nl or in
our bugzilla at
http://www.nlnetlabs.nl/bugs/index.html
.SH COPYRIGHT
Copyright (c) 2004 - 2006 NLnet Labs.
.PP
Licensed under the BSD License. There is NO warranty; not even for
MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
.SH SEE ALSO
\fIldns_buffer\fR.
And \fBperldoc Net::DNS\fR, \fBRFC1034\fR,
\fBRFC1035\fR, \fBRFC4033\fR, \fBRFC4034\fR and \fBRFC4035\fR.
.SH REMARKS
This manpage was automatically generated from the ldns source code.

Some files were not shown because too many files have changed in this diff Show more