Commit Graph
1248 Commits
Author SHA1 Message Date
Ondřej Surý 64fe6bbaf2 Replace ISC_PRINT_QUADFORMAT with inttypes.h format constants 2018-08-08 09:36:44 +02:00
Ondřej Surý 20faf4652a Change isc_buffer_reallocate() into a static functions as it is not used outside of isc_buffer_reserve() 2018-07-31 22:00:30 +02:00
Ondřej Surý b105ccee68 Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp() 2018-07-20 10:06:14 -04:00
Ondřej Surý 66ba2fdad5 Replace isc_safe routines with their OpenSSL counter parts 2018-07-20 00:34:26 -04:00
Mark AndrewsandOndřej Surý 4c3386ad95 remove lib/isc/print.c and lib/isc/tests/print_test.c 2018-07-19 23:24:28 -04:00
Ondřej Surý fc496b2b5d Fix DH and ECDSA algorithms in PKCS#11 build 2018-07-19 14:00:40 -04:00
Ondřej Surý c3b8130fe8 Make OpenSSL mandatory 2018-07-19 12:47:03 -04:00
Ondřej Surý 45bee4d3c3 Cleanup cmocka related whitespace 2018-06-21 12:20:07 +02:00
Ondřej SurýandOndřej Surý 52731c000d Add support for cmocka assert testing by overriding REQUIRE/INSIST/... macros when UNIT_TESTING is defined 2018-06-20 06:30:07 -04:00
Ondřej SurýandOndřej Surý 8ee23a47e8 Add better EMPTY_TRANSLATION_UNIT to isc/util.h 2018-06-14 17:58:03 -04:00
Ondřej Surý b4aa7a9d7e Remove entropy.h from Makefile.in 2018-06-06 14:36:33 +02:00
Ondřej Surý 27593e65dc Remove support for obsoleted ECC-GOST (GOST R 34.11-94) algorithm 2018-06-05 09:14:14 +02:00
Ondřej Surý 28e0b2c4c4 Use isc int types to be able to build with old VS 2018-05-30 06:26:05 +02:00
Ondřej Surý ce71d94434 Make the xoshiro128plusplus thread-safe 2018-05-29 22:58:49 +02:00
Ondřej Surý 99ba29bc52 Change isc_random() to be just PRNG, and add isc_nonce_buf() that uses CSPRNG
This commit reverts the previous change to use system provided
entropy, as (SYS_)getrandom is very slow on Linux because it is
a syscall.

The change introduced in this commit adds a new call isc_nonce_buf
that uses CSPRNG from cryptographic library provider to generate
secure data that can be and must be used for generating nonces.
Example usage would be DNS cookies.

The isc_random() API has been changed to use fast PRNG that is not
cryptographically secure, but runs entirely in user space.  Two
contestants have been considered xoroshiro family of the functions
by Villa&Blackman and PCG by O'Neill.  After a consideration the
xoshiro128starstar function has been used as uint32_t random number
provider because it is very fast and has good enough properties
for our usage pattern.

The other change introduced in the commit is the more extensive usage
of isc_random_uniform in places where the usage pattern was
isc_random() % n to prevent modulo bias.  For usage patterns where
only 16 or 8 bits are needed (DNS Message ID), the isc_random()
functions has been renamed to isc_random32(), and isc_random16() and
isc_random8() functions have been introduced by &-ing the
isc_random32() output with 0xffff and 0xff.  Please note that the
functions that uses stripped down bit count doesn't pass our
NIST SP 800-22 based random test.
2018-05-29 22:58:21 +02:00
Evan Hunt 3006ccb7f0 improve readability of radix code
- use RADIX_V4 and RADIX_V6 instead of 0 and 1 as array indices
- remove some unused macros
2018-05-28 18:45:41 -04:00
Evan Hunt e324449349 remove the experimental authoritative ECS support from named
- mark the 'geoip-use-ecs' option obsolete; warn when it is used
  in named.conf
- prohibit 'ecs' ACL tags in named.conf; note that this is a fatal error
  since simply ignoring the tags could make ACLs behave unpredictably
- re-simplify the radix and iptable code
- clean up dns_acl_match(), dns_aclelement_match(), dns_acl_allowed()
  and dns_geoip_match() so they no longer take ecs options
- remove the ECS-specific unit and system test cases
- remove references to ECS from the ARM
2018-05-25 08:21:25 -07:00
Ondřej SurýandEvan Hunt 7ee8a7e69f address win32 build issues
- Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
  HAVE_OPENSSL/HAVE_PKCS11
- Don't enforce the crypto provider from platform.h, just from dst_api.c
  and configure scripts
2018-05-22 16:32:21 -07:00
Ondřej SurýandWitold Kręcicki 3a4f820d62 Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API.
The three functions has been modeled after the arc4random family of
functions, and they will always return random bytes.

The isc_random family of functions internally use these CSPRNG (if available):

1. getrandom() libc call (might be available on Linux and Solaris)
2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
4. crypto library function:
4a. RAND_bytes in case OpenSSL
4b. pkcs_C_GenerateRandom() in case PKCS#11 library
2018-05-16 09:54:35 +02:00
Michał Kępień 6ddbca6f2b isc_buffer_*(): if source can be NULL, only call memmove() when length is non-zero
Certain isc_buffer_*() functions might call memmove() with the second
argument (source) set to NULL and the third argument (length) set to 0.
While harmless, it triggers an ubsan warning:

    runtime error: null pointer passed as argument 2, which is declared to never be null

Modify all memmove() call sites in lib/isc/include/isc/buffer.h and
lib/isc/buffer.c which may potentially use NULL as the second argument
(source) so that memmove() is only called if the third argument (length)
is non-zero.
2018-05-15 09:11:34 +02:00
Ondřej SurýandEvan Hunt 23c1f7e506 Enforce usage of OpenSSL or PKCS#11 library in platform.h header 2018-05-13 19:18:56 -07:00
Ondřej Surý 55a10b7acd Remove $Id markers, Principal Author and Reviewed tags from the full source tree 2018-05-11 13:17:46 +02:00
Ondřej Surý 9a3a257374 Always use random data from the crypto provider 2018-05-03 15:03:46 +02:00
Ondřej Surý 7278c455bc Remove isc_string_strcasestr implementation and clean up the header and headers 2018-04-12 10:37:33 +02:00
Ondřej Surý 921d05ddcf Replace usage of strsep with POSIX strtok_r() 2018-04-12 10:37:33 +02:00
Ondřej Surý b9552250cb Remove unused isc_string_regiondup function. 2018-04-12 10:37:33 +02:00
Ondřej Surý 9fda5253fd Remove isc_string_printf and isc_string_printf_truncate.
Replace with simple snprintf() as appropriate.
2018-04-12 10:37:33 +02:00
Ondřej Surý ccdb0287e8 Remove isc_string_copy, isc_string_copy_truncate and isc_string_append.
Use strlcpy and strlcat as appropriate instead.
2018-04-12 10:37:33 +02:00
Ondřej Surý 20d145efef Replace isc_string_touint64 with strtoull (C99) 2018-04-12 10:37:33 +02:00
Ondřej Surý 8bdc23add2 Change ISC_SOCKEVENTATTR_* defines into isc_sockeventattr_t enum 2018-04-12 09:54:24 +02:00
Ondřej Surý c2f42583c0 Refactor ISC_SOCKET_* defines into an isc_socket_options_t enum 2018-04-12 09:54:21 +02:00
Ondřej Surý 3c092eff4a Cleanup included headers in hash.c using iwyu 2018-04-04 23:12:14 +02:00
Ondřej Surý b097be17ef Remove unused obsolete isc_hash_* function, and just keep the FNV-1a version 2018-04-04 23:12:14 +02:00
Evan Hunt 0fabe0da83 update file headers 2018-03-15 18:33:13 -07:00
Ondřej Surý 843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Evan Hunt 883a9485e9 [master] copyrights 2018-02-15 11:56:13 -08:00
Ondřej Surý 4ff2d36adc Remove whole unused ondestroy callback mechanism 2018-02-12 14:49:32 +01:00
Tinderbox User 47d13972e9 update copyright notice / whitespace 2018-01-24 23:46:02 +00:00
Mark Andrews 99178b6329 4875. [bug] Address compile failures on older systems. [RT #47015] 2018-01-24 13:10:14 +11:00
Tinderbox User 8b8c2990d6 update copyright notice / whitespace 2018-01-17 23:45:56 +00:00
Francis Dupont 614d838acf Merged rt46864 (check MD5 amd SHA1 support) 2018-01-17 14:33:21 +01:00
Mark Andrews 14e9925868 add missing entries to .def files [RT #46215] 2017-11-27 13:49:39 +11:00
Mark Andrews 9bb32395b2 silence compiler warning [RT #46471] 2017-11-23 17:01:40 +11:00
Mark Andrews e03e455cd5 whitespace 2017-11-08 23:30:46 +11:00
Mark Andrews a1a5145867 4811. [bug] Revert api changes to use <isc/buffer.h> inline
macros.  Provide a alternative mechanism to turn
                        on the use of inline macros when building BIND.
                        [RT #46520]
2017-11-08 23:28:10 +11:00
Mukund SivaramanandEvan Hunt 7e1df5182c [master] isc_rng_randombytes()
4807.	[cleanup]	isc_rng_randombytes() returns a specified number of
			bytes from the PRNG; this is now used instead of
			calling isc_rng_random() multiple times. [RT #46230]
2017-11-06 10:44:37 -08:00
Mark Andrews ff30290b48 4804. [port] win32: access() does not work on directories as
required by POSIX.  Supply a alternative in
                        isc_file_isdirwritable. [RT #46394]
2017-11-01 09:29:24 +11:00
Evan Hunt 5c76f3664c [master] enable ISC_BUFFER_USEINLINE to be overridden 2017-10-25 21:42:56 -07:00
Tinderbox User 429a43b720 update copyright notice / whitespace 2017-10-19 23:46:02 +00:00
Mark Andrews 0fab171196 s/REQUIRE/ISC_REQUIRE/; include <isc/assertions.h> if ISC_REQUIRE is used; include <isc/likely.h> if ISC_{UN}LIKELY is used 2017-10-19 16:39:53 +11:00