summaryrefslogtreecommitdiffstats
path: root/src/resolve/resolved-dns-dnssec.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* openssl: add rsa_pkey_new(), rsa_pkey_from_n_e(), rsa_pkey_to_n_e()Dan Streetman2023-08-041-1/+1
| | | | | | Add function to generate an EVP_PKEY for a specific 'n' and 'e', and function to get 'n' and 'e' values from existing RSA public key. Also add a function to generate a new RSA key with a specified number of bits.
* tree-wide: use memstream-utilYu Watanabe2023-05-311-16/+5
|
* tree-wide: check memstream buffer after closing the handleFrantisek Sumsal2023-05-241-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When closing the FILE handle attached to a memstream, it may attempt to do a realloc() that may fail during OOM situations, in which case we are left with the buffer pointer pointing to NULL and buffer size > 0. For example: ``` #include <errno.h> #include <stdio.h> #include <stdlib.h> void *realloc(void *ptr, size_t size) { return NULL; } int main(int argc, char *argv[]) { FILE *f; char *buf; size_t sz = 0; f = open_memstream(&buf, &sz); if (!f) return -ENOMEM; fputs("Hello", f); fflush(f); printf("buf: 0x%lx, sz: %lu, errno: %d\n", (unsigned long) buf, sz, errno); fclose(f); printf("buf: 0x%lx, sz: %lu, errno: %d\n", (unsigned long) buf, sz, errno); return 0; } ``` ``` $ gcc -o main main.c $ ./main buf: 0x74d4a0, sz: 5, errno: 0 buf: 0x0, sz: 5, errno: 0 ``` This might do unexpected things if the underlying code expects a valid pointer to the memstream buffer after closing the handle. Found by Nallocfuzz.
* treewide: fix a few typos in NEWS, docs and commentsDmitry V. Levin2023-02-151-1/+1
|
* Merge pull request #23114 from yuwata/resolve-dnssecZbigniew Jędrzejewski-Szmek2022-05-171-3/+2
|\ | | | | resolve: always request additional record to verify negative answer
| * resolve: drop unused argumentYu Watanabe2022-04-181-3/+2
| |
* | resolve: fix false maybe-uninitialized warningYu Watanabe2022-05-071-1/+2
| |
* | resolve: use dns_answer_isempty() at one more placeYu Watanabe2022-05-071-1/+1
|/
* resolve: add missing initialization of libgcryptYu Watanabe2022-01-051-0/+2
| | | | Fixes #21951.
* openssl: supress warnings about functions deprecated by openssl 3.0Zbigniew Jędrzejewski-Szmek2021-12-091-12/+18
| | | | | | | | | | | | | | | | | | | | | | | We get warnings for RSA_free(), EC_KEY_free(), EC_KEY_new(), etc. Those functions are now deprecated and we're supposed to use the new "EVP API" that is all the rage in openssl 3.0. With some effort I converted dnssec_rsa_verify_raw() to use the new API. The code is significantly longer and, if anything, less readable. The EC code is more complicated and I assume that the EVP API version will be even more complex. It is possiblet that I'm missing some way to call the new functions in a better way, but the documentation is abysmal, so it's really hard to figure out the best way. Of course there are almost no examples, and the ones that are there are not terribly useful and are also stubs that don't do interesting things, don't implement error handling, or memory cleanup. I'll submit my conversion draft as a separate PR. Maybe somebody who knows openssl better will pick it up and write a proper solution. For now, let's just use the existing code, but suppress the warnings. The new version just came out, so it's unlikely that the deprecated functions will be removed any time soon. Fixes #21666.
* resolved: do not use BN_dup() unnecessarillyZbigniew Jędrzejewski-Szmek2021-12-011-2/+4
| | | | Suggested in https://github.com/systemd/systemd/pull/21170#discussion_r738696794
* resolve: Port nsec3 code to openssl^gcryptKevin Kuehler2021-12-011-14/+59
| | | | Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
* resolve: Port dnskey verification by ds to openssl^gcryptKevin Kuehler2021-11-301-24/+73
| | | | Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
* resolve: Port dnssec verify from gcrypt to openssl^gcryptKevin Kuehler2021-11-301-51/+237
| | | | Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
* resolved: split out function to hash signatureZbigniew Jędrzejewski-Szmek2021-11-301-74/+79
| | | | dnssec_verify_rrset() is just too long.
* resolved: split out function to generate signatureZbigniew Jędrzejewski-Szmek2021-11-301-47/+78
| | | | dnssec_verify_rrset() is just too long.
* Drop the text argument from assert_not_reached()Zbigniew Jędrzejewski-Szmek2021-08-031-1/+1
| | | | | | | | | | | | | | | | | In general we almost never hit those asserts in production code, so users see them very rarely, if ever. But either way, we just need something that users can pass to the developers. We have quite a few of those asserts, and some have fairly nice messages, but many are like "WTF?" or "???" or "unexpected something". The error that is printed includes the file location, and function name. In almost all functions there's at most one assert, so the function name alone is enough to identify the failure for a developer. So we don't get much extra from the message, and we might just as well drop them. Dropping them makes our code a tiny bit smaller, and most importantly, improves development experience by making it easy to insert such an assert in the code without thinking how to phrase the argument.
* resolved: check return value of gcrypt APIsLuca Boccassi2021-05-201-3/+6
| | | | | | Coverity complains about missing error check. CID #1453234
* resolved: inline iterator variable declarationsZbigniew Jędrzejewski-Szmek2021-05-141-9/+5
|
* resolved: use narrower types for label counts in rrZbigniew Jędrzejewski-Szmek2021-05-141-5/+6
| | | | Order will be adjusted later to remove holes.
* resolved: indent tables for readabilityZbigniew Jędrzejewski-Szmek2021-05-141-13/+13
| | | | | Some of the tables in resolved were already doing using this convention. This makes the rest of them do so too.
* resolved: use _cleanup_(gcry_md_closep) in one more placeLuca Boccassi2021-04-011-14/+6
| | | | | | | | | | Documentation says gcry_md_close will ignore a NULL input so should be safe: https://gnupg.org/documentation/manuals/gcrypt/Working-with-hash-algorithms.html Makes Coverity happy, follow-up for 248b1e0aa4 CID #1451555
* gcrypt: do not ignore return valuesLuca Boccassi2021-03-311-4/+6
| | | | | | | | | | | | | | Check the return code from gcrypt's functions. In some cases just log, as it shoulnd't really happen. Fixes various Coverity issues: CID #1444702 CID #1444704 CID #1444706 CID #1444711 CID #1444712 CID #1444713
* tree-wide: use UINT64_MAX or friendsYu Watanabe2021-03-041-3/+3
|
* tree-wide: fix "a the" or "the a"Yu Watanabe2020-11-131-1/+1
|
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* resolved: handle RRs where we don't have a signerLennart Poettering2020-11-031-0/+2
| | | | | | If we encounter an RR that has no matching signature, then we don't know whether it was expanded from a wildcard or not. We need to accept that and not make the NSEC test fail, just skip over the RR.
* Remove dnssec_canonicalize function which is no longer usedTom Hughes2020-02-241-49/+0
|
* tree-wide: drop gcrypt.h when gcrypt-util.h is includedYu Watanabe2019-11-031-4/+0
|
* tree-wide: get rid of strappend()Lennart Poettering2019-07-121-1/+1
| | | | | It's a special case of strjoin(), so no need to keep both. In particular as typing strjoin() is even shoert than strappend().
* codespell: fix spelling errorsBen Boeckel2019-04-291-2/+2
|
* Add open_memstream_unlocked() wrapperZbigniew Jędrzejewski-Szmek2019-04-121-5/+2
|
* util: split out sorting related calls to new sort-util.[ch]Lennart Poettering2019-03-131-0/+1
|
* util: split out memcmp()/memset() related calls into memory-util.[ch]Lennart Poettering2019-03-131-0/+1
| | | | Just some source rearranging.
* resolved: correctly prove the non-existense of wildcardAlexander Tsoy2019-02-181-28/+44
| | | | | | | | | | | | * Current logic: For each NSEC RR find the common suffix between the owner name and the next name, append asterisk to that suffix and check that generated wildcard is covered by the NSEC RR in question. * New logic: Find NSEC RR covering queried name, generate wildcard as <asterisk>.<closest encloser> using this RR, then check if any of the NSEC RRs covers generated wildcard.
* tree-wide: use newa() instead of alloca() wherever we canLennart Poettering2019-01-261-1/+1
| | | | | Typesafety is nice. And this way we can take benefit of the new size assert() the previous commit added.
* Always explicitly discard popped stream type from __fsetlockingChris Down2018-12-111-1/+1
| | | | No biggie, but I noticed this while looking into bus_match_to_string.
* resolve: reject host names with leading or trailing dashes in /etc/hostsZbigniew Jędrzejewski-Szmek2018-12-101-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately) that only letters, numbers, and non-leading non-trailing dashes are allowed (for entries with A/AAAA records). We set no restrictions. hosts(5) says: > Host names may contain only alphanumeric characters, minus signs ("-"), and > periods ("."). They must begin with an alphabetic character and end with an > alphanumeric character. nss-files follows those rules, and will ignore names in /etc/hosts that do not follow this rule. Let's follow the documented rules for /etc/hosts. In particular, this makes us consitent with nss-files, reducing surprises for the user. I'm pretty sure we should apply stricter filtering to names received over DNS and LLMNR and MDNS, but it's a bigger project, because the rules differ depepending on which level the label appears (rules for top-level names are stricter), and this patch takes the minimalistic approach and only changes behaviour for /etc/hosts. Escape syntax is also disallowed in /etc/hosts, even if the resulting character would be allowed. Other tools that parse /etc/hosts do not support this, and there is no need to use it because no allowed characters benefit from escaping.
* coccinelle: make use of SYNTHETIC_ERRNOZbigniew Jędrzejewski-Szmek2018-11-221-4/+4
| | | | | | | | | | | Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
* cocci: simplify some if checksLennart Poettering2018-11-161-9/+3
|
* tree-wide: use typesafe_qsort()Yu Watanabe2018-09-191-15/+8
|
* resolve: use memcmp_safe() and memcpy_safe()Yu Watanabe2018-08-081-1/+1
| | | | | | As the length of salt in NSEC3 may be zero. Fixes #9757.
* tree-wide: drop empty lines in commentsYu Watanabe2018-07-231-1/+0
|
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* resolved: rework NSEC covering testsLennart Poettering2018-06-111-25/+24
| | | | | | | | | | | | | | | | | | This makes two changes: first of all we will now explicitly check whether a domain to test against an NSEC record is actually below the signer's name. This is relevant for NSEC records that chain up the end and the beginning of a zone: we shouldn't alow that NSEC record to match against domains outside of the zone. This also fixes how we handle NSEC checks for domains that are prefixes of the NSEC RR domain itself, fixing #8164 which triggers this specific case. The non-wildcard NSEC check is simplified for that, we can directly make our between check, there's no need to find the "Next Closer" first, as the between check should not be affected by additional prefixes. For the wild card NSEC check we'll prepend the asterisk in this case to the NSEC RR itself to make a correct check. Fixes: #8164
* resolved: fix typo in macro nameZbigniew Jędrzejewski-Szmek2018-06-081-3/+3
|
* resolved: fix DNSKEY validation against DSLennart Poettering2018-06-081-4/+4
| | | | | | Let's use the wireformat name, not the text version. Fixes: #8901
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* resolved: use _cleanup_ in one more placeZbigniew Jędrzejewski-Szmek2018-02-051-10/+4
| | | | No functional change.