diff options
Diffstat (limited to 'validator/val_nsec3.c')
-rw-r--r-- | validator/val_nsec3.c | 121 |
1 files changed, 61 insertions, 60 deletions
diff --git a/validator/val_nsec3.c b/validator/val_nsec3.c index 20580c0d755f..fe5091c0a384 100644 --- a/validator/val_nsec3.c +++ b/validator/val_nsec3.c @@ -21,16 +21,16 @@ * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /** @@ -62,18 +62,19 @@ #include "util/data/msgreply.h" /* we include nsec.h for the bitmap_has_type function */ #include "validator/val_nsec.h" +#include "ldns/sbuffer.h" /** * This function we get from ldns-compat or from base system * it returns the number of data bytes stored at the target, or <0 on error. */ -int ldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength, +int sldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength, char *target, size_t targsize); /** * This function we get from ldns-compat or from base system * it returns the number of data bytes stored at the target, or <0 on error. */ -int ldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, +int sldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize); /** @@ -259,7 +260,7 @@ size_t nsec3_hash_to_b32(uint8_t* hash, size_t hashlen, uint8_t* zone, int ret; if(max < hashlen*2+1) /* quick approx of b32, as if hexb16 */ return 0; - ret = ldns_b32_ntop_extended_hex(hash, hashlen, (char*)buf+1, max-1); + ret = sldns_b32_ntop_extended_hex(hash, hashlen, (char*)buf+1, max-1); if(ret < 1) return 0; buf[0] = (uint8_t)ret; /* length of b32 label */ @@ -534,16 +535,16 @@ nsec3_hash_cmp(const void* c1, const void* c2) } size_t -nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo, +nsec3_get_hashed(sldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo, size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max) { size_t i, hash_len; /* prepare buffer for first iteration */ - ldns_buffer_clear(buf); - ldns_buffer_write(buf, nm, nmlen); - query_dname_tolower(ldns_buffer_begin(buf)); - ldns_buffer_write(buf, salt, saltlen); - ldns_buffer_flip(buf); + sldns_buffer_clear(buf); + sldns_buffer_write(buf, nm, nmlen); + query_dname_tolower(sldns_buffer_begin(buf)); + sldns_buffer_write(buf, salt, saltlen); + sldns_buffer_flip(buf); switch(algo) { #if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS) case NSEC3_HASH_SHA1: @@ -555,29 +556,29 @@ nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo, if(hash_len > max) return 0; # ifdef HAVE_SSL - (void)SHA1((unsigned char*)ldns_buffer_begin(buf), - (unsigned long)ldns_buffer_limit(buf), + (void)SHA1((unsigned char*)sldns_buffer_begin(buf), + (unsigned long)sldns_buffer_limit(buf), (unsigned char*)res); # else (void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)res, - (unsigned char*)ldns_buffer_begin(buf), - (unsigned long)ldns_buffer_limit(buf)); + (unsigned char*)sldns_buffer_begin(buf), + (unsigned long)sldns_buffer_limit(buf)); # endif for(i=0; i<iter; i++) { - ldns_buffer_clear(buf); - ldns_buffer_write(buf, res, hash_len); - ldns_buffer_write(buf, salt, saltlen); - ldns_buffer_flip(buf); + sldns_buffer_clear(buf); + sldns_buffer_write(buf, res, hash_len); + sldns_buffer_write(buf, salt, saltlen); + sldns_buffer_flip(buf); # ifdef HAVE_SSL (void)SHA1( - (unsigned char*)ldns_buffer_begin(buf), - (unsigned long)ldns_buffer_limit(buf), + (unsigned char*)sldns_buffer_begin(buf), + (unsigned long)sldns_buffer_limit(buf), (unsigned char*)res); # else (void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)res, - (unsigned char*)ldns_buffer_begin(buf), - (unsigned long)ldns_buffer_limit(buf)); + (unsigned char*)sldns_buffer_begin(buf), + (unsigned long)sldns_buffer_limit(buf)); # endif } break; @@ -591,7 +592,7 @@ nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo, /** perform hash of name */ static int -nsec3_calc_hash(struct regional* region, ldns_buffer* buf, +nsec3_calc_hash(struct regional* region, sldns_buffer* buf, struct nsec3_cached_hash* c) { int algo = nsec3_get_algo(c->nsec3, c->rr); @@ -601,11 +602,11 @@ nsec3_calc_hash(struct regional* region, ldns_buffer* buf, if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen)) return -1; /* prepare buffer for first iteration */ - ldns_buffer_clear(buf); - ldns_buffer_write(buf, c->dname, c->dname_len); - query_dname_tolower(ldns_buffer_begin(buf)); - ldns_buffer_write(buf, salt, saltlen); - ldns_buffer_flip(buf); + sldns_buffer_clear(buf); + sldns_buffer_write(buf, c->dname, c->dname_len); + query_dname_tolower(sldns_buffer_begin(buf)); + sldns_buffer_write(buf, salt, saltlen); + sldns_buffer_flip(buf); switch(algo) { #if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS) case NSEC3_HASH_SHA1: @@ -619,30 +620,30 @@ nsec3_calc_hash(struct regional* region, ldns_buffer* buf, if(!c->hash) return 0; # ifdef HAVE_SSL - (void)SHA1((unsigned char*)ldns_buffer_begin(buf), - (unsigned long)ldns_buffer_limit(buf), + (void)SHA1((unsigned char*)sldns_buffer_begin(buf), + (unsigned long)sldns_buffer_limit(buf), (unsigned char*)c->hash); # else (void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)c->hash, - (unsigned char*)ldns_buffer_begin(buf), - (unsigned long)ldns_buffer_limit(buf)); + (unsigned char*)sldns_buffer_begin(buf), + (unsigned long)sldns_buffer_limit(buf)); # endif for(i=0; i<iter; i++) { - ldns_buffer_clear(buf); - ldns_buffer_write(buf, c->hash, c->hash_len); - ldns_buffer_write(buf, salt, saltlen); - ldns_buffer_flip(buf); + sldns_buffer_clear(buf); + sldns_buffer_write(buf, c->hash, c->hash_len); + sldns_buffer_write(buf, salt, saltlen); + sldns_buffer_flip(buf); # ifdef HAVE_SSL (void)SHA1( - (unsigned char*)ldns_buffer_begin(buf), - (unsigned long)ldns_buffer_limit(buf), + (unsigned char*)sldns_buffer_begin(buf), + (unsigned long)sldns_buffer_limit(buf), (unsigned char*)c->hash); # else (void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)c->hash, - (unsigned char*)ldns_buffer_begin(buf), - (unsigned long)ldns_buffer_limit(buf)); + (unsigned char*)sldns_buffer_begin(buf), + (unsigned long)sldns_buffer_limit(buf)); # endif } break; @@ -656,19 +657,19 @@ nsec3_calc_hash(struct regional* region, ldns_buffer* buf, /** perform b32 encoding of hash */ static int -nsec3_calc_b32(struct regional* region, ldns_buffer* buf, +nsec3_calc_b32(struct regional* region, sldns_buffer* buf, struct nsec3_cached_hash* c) { int r; - ldns_buffer_clear(buf); - r = ldns_b32_ntop_extended_hex(c->hash, c->hash_len, - (char*)ldns_buffer_begin(buf), ldns_buffer_limit(buf)); + sldns_buffer_clear(buf); + r = sldns_b32_ntop_extended_hex(c->hash, c->hash_len, + (char*)sldns_buffer_begin(buf), sldns_buffer_limit(buf)); if(r < 1) { log_err("b32_ntop_extended_hex: error in encoding: %d", r); return 0; } c->b32_len = (size_t)r; - c->b32 = regional_alloc_init(region, ldns_buffer_begin(buf), + c->b32 = regional_alloc_init(region, sldns_buffer_begin(buf), c->b32_len); if(!c->b32) return 0; @@ -676,7 +677,7 @@ nsec3_calc_b32(struct regional* region, ldns_buffer* buf, } int -nsec3_hash_name(rbtree_t* table, struct regional* region, ldns_buffer* buf, +nsec3_hash_name(rbtree_t* table, struct regional* region, sldns_buffer* buf, struct ub_packed_rrset_key* nsec3, int rr, uint8_t* dname, size_t dname_len, struct nsec3_cached_hash** hash) { @@ -816,7 +817,7 @@ find_matching_nsec3(struct module_env* env, struct nsec3_filter* flt, int nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash, - struct ub_packed_rrset_key* rrset, int rr, ldns_buffer* buf) + struct ub_packed_rrset_key* rrset, int rr, sldns_buffer* buf) { uint8_t* next, *owner; size_t nextlen; @@ -840,10 +841,10 @@ nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash, return 1; /* convert owner name from text to binary */ - ldns_buffer_clear(buf); - owner = ldns_buffer_begin(buf); - len = ldns_b32_pton_extended_hex((char*)rrset->rk.dname+1, - hash->b32_len, owner, ldns_buffer_limit(buf)); + sldns_buffer_clear(buf); + owner = sldns_buffer_begin(buf); + len = sldns_b32_pton_extended_hex((char*)rrset->rk.dname+1, + hash->b32_len, owner, sldns_buffer_limit(buf)); if(len<1) return 0; /* bad owner name in some way */ if((size_t)len != hash->hash_len || (size_t)len != nextlen) |