/** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. * @return size in bytes of digest, or 0 if not supported. */ size_t ds_digest_size_supported(int algo) { switch(algo) { case LDNS_SHA1: #if defined(HAVE_EVP_SHA1) && defined(USE_SHA1) return SHA_DIGEST_LENGTH; #else if(fake_sha1) return 20; return 0; #endif #ifdef HAVE_EVP_SHA256 case LDNS_SHA256: return SHA256_DIGEST_LENGTH; #endif #ifdef USE_GOST case LDNS_HASH_GOST: /* we support GOST if it can be loaded */ (void)sldns_key_EVP_load_gost_id(); if(EVP_get_digestbyname("md_gost94")) return 32; else return 0; #endif #ifdef USE_ECDSA case LDNS_SHA384: return SHA384_DIGEST_LENGTH; #endif default: break; } return 0; }
/** return true if DNSKEY algorithm id is supported */ int dnskey_algo_id_is_supported(int id) { switch(id) { case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */ return 0; case LDNS_DSA: case LDNS_DSA_NSEC3: case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) case LDNS_RSASHA256: #endif #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) case LDNS_RSASHA512: #endif #ifdef USE_ECDSA case LDNS_ECDSAP256SHA256: case LDNS_ECDSAP384SHA384: #endif return 1; #ifdef USE_GOST case LDNS_ECC_GOST: /* we support GOST if it can be loaded */ return sldns_key_EVP_load_gost_id(); #endif default: return 0; } }
void verify_test(void) { unit_show_feature("signature verify"); #ifdef USE_SHA1 verifytest_file("testdata/test_signatures.1", "20070818005004"); #endif #if defined(USE_DSA) && defined(USE_SHA1) verifytest_file("testdata/test_signatures.2", "20080414005004"); verifytest_file("testdata/test_signatures.3", "20080416005004"); verifytest_file("testdata/test_signatures.4", "20080416005004"); verifytest_file("testdata/test_signatures.5", "20080416005004"); verifytest_file("testdata/test_signatures.6", "20080416005004"); verifytest_file("testdata/test_signatures.7", "20070829144150"); #endif /* USE_DSA */ #ifdef USE_SHA1 verifytest_file("testdata/test_signatures.8", "20070829144150"); #endif #if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) verifytest_file("testdata/test_sigs.rsasha256", "20070829144150"); # ifdef USE_SHA1 verifytest_file("testdata/test_sigs.sha1_and_256", "20070829144150"); # endif verifytest_file("testdata/test_sigs.rsasha256_draft", "20090101000000"); #endif #if (defined(HAVE_EVP_SHA512) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) verifytest_file("testdata/test_sigs.rsasha512_draft", "20070829144150"); #endif #ifdef USE_SHA1 verifytest_file("testdata/test_sigs.hinfo", "20090107100022"); verifytest_file("testdata/test_sigs.revoked", "20080414005004"); #endif #ifdef USE_GOST if(sldns_key_EVP_load_gost_id()) verifytest_file("testdata/test_sigs.gost", "20090807060504"); else printf("Warning: skipped GOST, openssl does not provide gost.\n"); #endif #ifdef USE_ECDSA /* test for support in case we use libNSS and ECC is removed */ if(dnskey_algo_id_is_supported(LDNS_ECDSAP256SHA256)) { verifytest_file("testdata/test_sigs.ecdsa_p256", "20100908100439"); verifytest_file("testdata/test_sigs.ecdsa_p384", "20100908100439"); } dstest_file("testdata/test_ds.sha384"); #endif #ifdef USE_SHA1 dstest_file("testdata/test_ds.sha1"); #endif nsectest(); nsec3_hash_test("testdata/test_nsec3_hash.1"); }
struct daemon* daemon_init(void) { struct daemon* daemon = (struct daemon*)calloc(1, sizeof(struct daemon)); #ifdef USE_WINSOCK int r; WSADATA wsa_data; #endif if(!daemon) return NULL; #ifdef USE_WINSOCK r = WSAStartup(MAKEWORD(2,2), &wsa_data); if(r != 0) { fatal_exit("could not init winsock. WSAStartup: %s", wsa_strerror(r)); } #endif /* USE_WINSOCK */ signal_handling_record(); checklock_start(); #ifdef HAVE_SSL # ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); # endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) ERR_load_SSL_strings(); #endif # ifdef USE_GOST (void)sldns_key_EVP_load_gost_id(); # endif # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) OpenSSL_add_all_algorithms(); # else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); # endif # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS /* grab the COMP method ptr because openssl leaks it */ comp_meth = (void*)SSL_COMP_get_compression_methods(); # endif # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) (void)SSL_library_init(); # else (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); # endif # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) if(!ub_openssl_lock_init()) fatal_exit("could not init openssl locks"); # endif #elif defined(HAVE_NSS) if(NSS_NoDB_Init(NULL) != SECSuccess) fatal_exit("could not init NSS"); #endif /* HAVE_SSL or HAVE_NSS */ #ifdef HAVE_TZSET /* init timezone info while we are not chrooted yet */ tzset(); #endif /* open /dev/random if needed */ ub_systemseed((unsigned)time(NULL)^(unsigned)getpid()^0xe67); daemon->need_to_exit = 0; modstack_init(&daemon->mods); if(!(daemon->env = (struct module_env*)calloc(1, sizeof(*daemon->env)))) { free(daemon); return NULL; } /* init edns_known_options */ if(!edns_known_options_init(daemon->env)) { free(daemon->env); free(daemon); return NULL; } alloc_init(&daemon->superalloc, NULL, 0); daemon->acl = acl_list_create(); if(!daemon->acl) { edns_known_options_delete(daemon->env); free(daemon->env); free(daemon); return NULL; } if(gettimeofday(&daemon->time_boot, NULL) < 0) log_err("gettimeofday: %s", strerror(errno)); daemon->time_last_stat = daemon->time_boot; if((daemon->env->auth_zones = auth_zones_create()) == 0) { acl_list_delete(daemon->acl); edns_known_options_delete(daemon->env); free(daemon->env); free(daemon); return NULL; } return daemon; }
/** * Main fake event test program. Setup, teardown and report errors. * @param argc: arg count. * @param argv: array of commandline arguments. * @return program failure if test fails. */ int main(int argc, char* argv[]) { int c, res; int pass_argc = 0; char* pass_argv[MAXARG]; char* playback_file = NULL; int init_optind = optind; char* init_optarg = optarg; struct replay_scenario* scen = NULL; /* we do not want the test to depend on the timezone */ (void)putenv("TZ=UTC"); log_init(NULL, 0, NULL); /* determine commandline options for the daemon */ pass_argc = 1; pass_argv[0] = "unbound"; add_opts("-d", &pass_argc, pass_argv); while( (c=getopt(argc, argv, "2egho:p:s")) != -1) { switch(c) { case 's': free(pass_argv[1]); testbound_selftest(); printf("selftest successful\n"); exit(0); case '2': #if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS)) && defined(USE_SHA2) printf("SHA256 supported\n"); exit(0); #else printf("SHA256 not supported\n"); exit(1); #endif break; case 'e': #if defined(USE_ECDSA) printf("ECDSA supported\n"); exit(0); #else printf("ECDSA not supported\n"); exit(1); #endif break; case 'g': #ifdef USE_GOST if(sldns_key_EVP_load_gost_id()) { printf("GOST supported\n"); exit(0); } else { printf("GOST not supported\n"); exit(1); } #else printf("GOST not supported\n"); exit(1); #endif break; case 'p': playback_file = optarg; break; case 'o': add_opts(optarg, &pass_argc, pass_argv); break; case '?': case 'h': default: testbound_usage(); return 1; } } argc -= optind; argv += optind; if(argc != 0) { testbound_usage(); return 1; } log_info("Start of %s testbound program.", PACKAGE_STRING); if(atexit(&remove_configfile) != 0) fatal_exit("atexit() failed: %s", strerror(errno)); /* setup test environment */ scen = setup_playback(playback_file, &pass_argc, pass_argv); /* init fake event backend */ fake_event_init(scen); pass_argv[pass_argc] = NULL; echo_cmdline(pass_argc, pass_argv); /* reset getopt processing */ optind = init_optind; optarg = init_optarg; /* run the normal daemon */ res = daemon_main(pass_argc, pass_argv); fake_event_cleanup(); for(c=1; c<pass_argc; c++) free(pass_argv[c]); if(res == 0) { log_info("Testbound Exit Success"); #ifdef HAVE_PTHREAD /* dlopen frees its thread state (dlopen of gost engine) */ pthread_exit(NULL); #endif } return res; }