Commit Graph

175 Commits

Author SHA1 Message Date
Ondřej Surý
a520fbc047 Optimize selecting the signing key
Don't parse the crypto data before parsing and matching the id and the
algorithm for consecutive DNSKEYs.  This allows us to parse the RData
only in case the other parameters match allowing us to skip keys that
are of no interest to us, but still would consume precious CPU time by
parsing possibly garbage with OpenSSL.

(cherry picked from commit f39cd17a26)
2024-02-01 21:51:07 +01:00
Michal Nowak
771fed4a14 Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
Matthijs Mekking
d3147417c5 Require valid key for dst_key functions
Make sure that the key structure is valid when calling the following
functions:
- dst_key_setexternal
- dst_key_isexternal
- dst_key_setmodified
- dst_key_ismodified

This commit is adapted because 9.16 has a different approach
of deconsting the variable.

(cherry picked from commit 888ec4e0d4)
2022-05-23 12:31:23 +02:00
Matthijs Mekking
7c42c04f3f Fix CID 352776: Concurrent data access violations
*** CID 352776:  Concurrent data access violations  (MISSING_LOCK)
/lib/dns/dst_api.c: 474 in dst_key_setmodified()
468     dst_key_isexternal(dst_key_t *key) {
469		return (key->external);
470     }
471
472     void
473     dst_key_setmodified(dst_key_t *key, bool value) {
>>>     CID 352776:  Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "key->modified" without holding lock
>>>	"dst_key.mdlock". Elsewhere, "dst_key.modified" is accessed with
>>>	"dst_key.mdlock" held 8 out of 11 times (8 of these accesses
>>>	strongly imply that it is necessary).
474		key->modified = value;
475     }
476
477     bool
478     dst_key_ismodified(dst_key_t *key) {
479		return (key->modified);

(cherry picked from commit 1fa24d0afb)
2022-05-23 12:03:56 +02:00
Matthijs Mekking
c2e8c72298 Check if key metadata is modified before writing
Add a new parameter to the dst_key structure, mark a key modified if
dst_key_(un)set[bool,num,state,time] is called. Only write out key
files during a keymgr run if the metadata has changed.

(cherry picked from commit 1da91b3ab4)
2022-05-16 10:35:33 +02:00
Ondřej Surý
2bf7921c7e Update the copyright information in all files in the repository
This commit converts the license handling to adhere to the REUSE
specification.  It specifically:

1. Adds used licnses to LICENSES/ directory

2. Add "isc" template for adding the copyright boilerplate

3. Changes all source files to include copyright and SPDX license
   header, this includes all the C sources, documentation, zone files,
   configuration files.  There are notes in the doc/dev/copyrights file
   on how to add correct headers to the new files.

4. Handle the rest that can't be modified via .reuse/dep5 file.  The
   binary (or otherwise unmodifiable) files could have license places
   next to them in <foo>.license file, but this would lead to cluttered
   repository and most of the files handled in the .reuse/dep5 file are
   system test files.

(cherry picked from commit 58bd26b6cf)
2022-01-11 12:22:09 +01:00
Matthijs Mekking
4fec33fd20 Fix bug in dst_key_copymetadata
When copying metadata from one dst_key to another, when the source
dst_key has a boolean metadata unset, the destination dst_key will
have a numeric metadata unset instead.

This means that if a key has KSK or ZSK unset, we may be clearing the
Predecessor or Successor metadata in the destination dst_key.

(cherry picked from commit 94bb545087)
2021-08-11 15:18:10 +02:00
Matthijs Mekking
dd92a7d5e3 Protect dst key metadata with lock
The DST key metadata can be written by several threads in parralel.
Protect the dst_key_get* and dst_key_set* functions with a mutex.

(cherry picked from commit 39df3f0475)
2021-07-01 14:48:47 +02:00
Matthijs Mekking
96d4f99a8f Add key metadata for DS published/withdrawn
In order to keep track of how many parents have the DS for a given key
published or withdrawn, keep a counter.

(cherry picked from commit 6e2c24be7c)
2021-07-01 14:48:23 +02:00
Matthijs Mekking
884750b66d Add dst_key_role function
Change the static function 'get_ksk_zsk' to a library function that
can be used to determine the role of a dst_key. Add checks if the
boolean parameters to store the role are not NULL. Rename to
'dst_key_role'.

(cherry picked from commit c9b7f62767)
2021-07-01 14:48:23 +02:00
Mark Andrews
1b0c38c416 Address potential resource leak in dst_key_fromnamedfile
(cherry picked from commit 8eed392add)
2021-05-18 11:42:48 +10:00
Matthijs Mekking
87e90f27a8 When reading public key from file, also read state
The 'dst_key_fromnamedfile()' function did not read and store the
key state from the .state file when reading a public key file.

(cherry picked from commit fa05c1b8da)
2021-05-05 12:49:22 +02:00
Ondřej Surý
6da91bf16c Move most of the OpenSSL initialization to isc_tls
Since we now require both libcrypto and libssl to be initialized for
netmgr, we move all the OpenSSL initialization code except the engine
initialization to isc_tls API.

The isc_tls_initialize() and isc_tls_destroy() has been made idempotent,
so they could be called multiple time.  However when isc_tls_destroy()
has been called, the isc_tls_initialize() could not be called again.
2021-02-26 17:07:01 +01:00
Mark Andrews
d51b78c85b Stop including <gssapi.h> from <dst/gssapi.h> header
The only reason for including the gssapi.h from the dst/gssapi.h header
was to get the typedefs of gss_cred_id_t and gss_ctx_id_t.  Instead of
using those types directly this commit introduces dns_gss_cred_id_t and
dns_gss_ctx_id_t types that are being used in the public API and
privately retyped to their counterparts when we actually call the gss
api.

This also conceals the gssapi headers, so users of the libdns library
doesn't have to add GSSAPI_CFLAGS to the Makefile when including libdns
dst API.
2021-02-16 12:08:21 +11:00
Matthijs Mekking
6ff69ee8ba Add function to see if dst key uses kasp
For purposes of zones transitioning back to insecure mode, it is
practical to see if related keys have a state file associated.

(cherry picked from commit 8f2c5e45da)
2020-12-23 11:56:25 +01:00
Evan Hunt
df698d73f4 update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
Matthijs Mekking
5dcf56f216 Fix time printing in key files
Don't strip off the final character when printing times in key files.

With the introduction of 'rndc dnssec -status' we introduced
'isc_stdtime_tostring()'. This changed in behavior such that it was no
longer needed to strip of the final '\n' of the string format
datetime. However, in 'printtime()' it still stripped the final
character.

(cherry picked from commit e3eb55fd1c)
2020-08-07 13:30:30 +02:00
Matthijs Mekking
81d0c63ecb Implement 'rndc dnssec -checkds'
Add a new 'rndc' command 'dnssec -checkds' that allows the user to
signal named that a new DS record has been seen published in the
parent, or that an existing DS record has been withdrawn from the
parent.

Upon the 'checkds' request, 'named' will write out the new state for
the key, updating the 'DSPublish' or 'DSRemoved' timing metadata.

This replaces the "parent-registration-delay" configuration option,
this was unreliable because it was purely time based (if the user
did not actually submit the new DS to the parent for example, this
could result in an invalid DNSSEC state).

Because we cannot rely on the parent registration delay for state
transition, we need to replace it with a different guard. Instead,
if a key wants its DS state to be moved to RUMOURED, the "DSPublish"
time must be set and must not be in the future. If a key wants its
DS state to be moved to UNRETENTIVE, the "DSRemoved" time must be set
and must not be in the future.

By default, with '-checkds' you set the time that the DS has been
published or withdrawn to now, but you can set a different time with
'-when'. If there is only one KSK for the zone, that key has its
DS state moved to RUMOURED. If there are multiple keys for the zone,
specify the right key with '-key'.

(cherry picked from commit 04d8fc0143)
2020-08-07 13:30:19 +02:00
Matthijs Mekking
7915327aac Move dst key printtime in separate function
I'd like to use the same functionality (pretty print the datetime
of keytime metadata) in the 'rndc dnssec -status' command.  So it is
better that this logic is done in a separate function.

Since the stdtime.c code have differernt files for unix and win32,
I think the "#ifdef WIN32" define can be dropped.

(cherry picked from commit 9e03f8e8fe)
2020-07-01 09:57:44 +02:00
Matthijs Mekking
6879cdca77 Set keytimes appropriately when using kasp
While kasp relies on key states to determine when a key needs to
be published or be used for signing, the keytimes are used by
operators to get some expectation of key publication and usage.

Update the code such that these keytimes are set appropriately.
That means:
- Print "PublishCDS" and "DeleteCDS" times in the state files.
- The keymgr sets the "Removed" and "PublishCDS" times and derives
  those from the dnssec-policy.
- Tweak setting of the "Retired" time, when retiring keys, only
  update the time to now when the retire time is not yet set, or is
  in the future.

This also fixes a bug in "keymgr_transition_time" where we may wait
too long before zone signatrues become omnipresent or hidden. Not
only can we skip waiting the sign delay Dsgn if there is no
predecessor, we can also skip it if there is no successor.

Finally, this commit moves setting the lifetime, reducing two calls
to one.

(cherry picked from commit 18dc27afd3)
2020-06-02 11:34:04 +02:00
Evan Hunt
c19a593d3e change "expr == false" to "!expr" in conditionals
(cherry picked from commit 57e54c46e4)
2020-05-25 17:04:04 -07:00
Evan Hunt
00c816778d change 'expr == true' to 'expr' in conditionals
(cherry picked from commit 68a1c9d679)
2020-05-25 17:03:59 -07:00
Aaron Thompson
f534519af5 Finish refactoring after the removal of --with-ecdsa and --with-eddsa.
Missed in c3b8130fe8.

(cherry picked from commit 7fc4f926fb)
2020-05-01 06:54:26 +02:00
Ondřej Surý
f3c2274479 Use the new sorting rules to regroup #include headers 2020-03-11 08:55:12 +00:00
Ondřej Surý
829b461c54 Merge branch '46-enforce-clang-format-rules' into 'master'
Start enforcing the clang-format rules on changed files

Closes #46

See merge request isc-projects/bind9!3063

(cherry picked from commit a04cdde45d)

d2b5853b Start enforcing the clang-format rules on changed files
618947c6 Switch AlwaysBreakAfterReturnType from TopLevelDefinitions to All
654927c8 Add separate .clang-format files for headers
5777c44a Reformat using the new rules
60d29f69 Don't enforce copyrights on .clang-format
2020-02-14 08:45:59 +00:00
Ondřej Surý
cdef20bb66 Merge branch 'each-style-tweak' into 'master'
adjust clang-format options to get closer to ISC style

See merge request isc-projects/bind9!3061

(cherry picked from commit d3b49b6675)

0255a974 revise .clang-format and add a C formatting script in util
e851ed0b apply the modified style
2020-02-14 05:35:29 +00:00
Ondřej Surý
2e55baddd8 Merge branch '46-add-curly-braces' into 'master'
Add curly braces using uncrustify and then reformat with clang-format back

Closes #46

See merge request isc-projects/bind9!3057

(cherry picked from commit 67b68e06ad)

36c6105e Use coccinelle to add braces to nested single line statement
d14bb713 Add copy of run-clang-tidy that can fixup the filepaths
056e133c Use clang-tidy to add curly braces around one-line statements
2020-02-13 21:28:35 +00:00
Ondřej Surý
c931d8e417 Merge branch '46-just-use-clang-format-to-reformat-sources' into 'master'
Reformat source code with clang-format

Closes #46

See merge request isc-projects/bind9!2156

(cherry picked from commit 7099e79a9b)

4c3b063e Import Linux kernel .clang-format with small modifications
f50b1e06 Use clang-format to reformat the source files
11341c76 Update the definition files for Windows
df6c1f76 Remove tkey_test (which is no-op anyway)
2020-02-12 14:51:18 +00:00
Ondřej Surý
bc1d4c9cb4 Clear the pointer to destroyed object early using the semantic patch
Also disable the semantic patch as the code needs tweaks here and there because
some destroy functions might not destroy the object and return early if the
object is still in use.
2020-02-09 18:00:17 -08:00
Matthijs Mekking
a9a9aa7fd8 Add parentheses around return values 2020-02-06 10:17:22 +01:00
Matthijs Mekking
b378d0371f Fix kasp bug new KSK on restart [#1593]
When you do a restart or reconfig of named, or rndc loadkeys, this
triggers the key manager to run.  The key manager will check if new
keys need to be created. If there is an active key, and key rollover
is scheduled far enough away, no new key needs to be created.

However, there was a bug that when you just start to sign your zone,
it takes a while before the KSK becomes an active key. An active KSK
has its DS submitted or published, but before the key manager allows
that, the DNSKEY needs to be omnipresent. If you restart named
or rndc loadkeys in quick succession when you just started to sign
your zone, new keys will be created because the KSK is not yet
considered active.

Fix is to check for introducing as well as active keys. These keys
all have in common that their goal is to become omnipresent.
2020-02-06 10:17:22 +01:00
Ondřej Surý
c73e5866c4 Refactor the isc_buffer_allocate() usage using the semantic patch
The isc_buffer_allocate() function now cannot fail with ISC_R_MEMORY.
This commit removes all the checks on the return code using the semantic
patch from previous commit, as isc_buffer_allocate() now returns void.
2020-02-03 08:29:00 +01:00
Ondřej Surý
edd97cddc1 Refactor dns_name_dup() usage using the semantic patch 2019-11-29 14:00:37 +01:00
Matthijs Mekking
1211c348bb Add dst_key_copy_metadata function.
When updating DNSSEC keys we would like to be able to copy the
metadata from one key to another.
2019-11-06 22:36:21 +01:00
Matthijs Mekking
67033bfd3d Code changes for CSK
Update dns_dnssec_keyactive to differentiate between the roles ZSK
and KSK.  A key is active if it is signing but that differs per role.
A ZSK is signing if its ZRRSIG state is in RUMOURED or OMNIPRESENT,
a KSK is signing if its KRRSIG state is in RUMOURED or OMNIPRESENT.

This means that a key can be actively signing for one role but not
the other.  Add checks in inline signing (zone.c and update.c) to
cover the case where a CSK is active in its KSK role but not the ZSK
role.
2019-11-06 22:36:21 +01:00
Matthijs Mekking
314b90dfdd Useful dst_key functions
Add a couple of dst_key functions for determining hints that
consider key states if they are available.
- dst_key_is_unused:
  A key has no timing metadata set other than Created.
- dst_key_is_published:
  A key has publish timing metadata <= now, DNSKEY state in
  RUMOURED or OMNIPRESENT.
- dst_key_is_active:
  A key has active timing metadata <= now, RRSIG state in
  RUMOURED or OMNIPRESENT.
- dst_key_is_signing:
  KSK is_signing and is_active means different things than
  for a ZSK. A ZSK is active means it is also signing, but
  a KSK always signs its DNSKEY RRset but is considered
  active if its DS is present (rumoured or omnipresent).
- dst_key_is_revoked:
  A key has revoke timing metadata <= now.
- dst_key_is_removed:
  A key has delete timing metadata <= now, DNSKEY state in
  UNRETENTIVE or HIDDEN.
2019-11-06 22:36:21 +01:00
Matthijs Mekking
dcf79ce61f keygen/settime: Write out successor/predecessor
When creating a successor key, or calculating time for a successor
key, write out the successor and predecessor metadata to the
related files.
2019-11-06 22:36:21 +01:00
Matthijs Mekking
72042a06d6 dnssec-settime: Allow manipulating state files
Introduce a new option '-s' for dnssec-settime that when manipulating
timing metadata, it also updates the key state file.

For testing purposes, add options to dnssec-settime to set key
states and when they last changed.

The dst code adds ways to write and read the new key states and
timing metadata. It updates the parsing code for private key files
to not parse the newly introduced metadata (these are for state
files only).

Introduce key goal (the state the key wants to be in).
2019-11-06 22:31:45 +01:00
Matthijs Mekking
c55625b035 Add functionality to read key state from disk
When reading a key from file, you can set the DST_TYPE_STATE option
to also read the key state.

This expects the Algorithm and Length fields go above the metadata,
so update the write functionality to do so accordingly.

Introduce new DST metadata types for KSK, ZSK, Lifetime and the
timing metadata used in state files.
2019-11-06 22:31:45 +01:00
Matthijs Mekking
77d2895a5a Update dst key code to maintain key state
Add a number of metadata variables (lifetime, ksk and zsk role).

For the roles we add a new type of metadata (booleans).

Add a function to write the state of the key to a separate file.

Only write out known metadata to private file.  With the
introduction of the numeric metadata "Lifetime", adjust the write
private key file functionality to only write out metadata it knows
about.
2019-11-06 22:31:45 +01:00
Mark Andrews
b59fe46e76 address or suppress cppcheck warnings 2019-09-12 17:59:28 +10:00
Ondřej Surý
ae83801e2b Remove blocks checking whether isc_mem_get() failed using the coccinelle 2019-07-23 15:32:35 -04:00
Ondřej Surý
78d0cb0a7d Use coccinelle to remove explicit '#include <config.h>' from the source files 2019-03-08 15:15:05 +01:00
Ondřej Surý
e69dc0dbc7 Remove RSAMD5 support 2018-12-11 11:32:24 +01:00
Ondřej Surý
b2b43fd235 Turn (int & flag) into (int & flag) != 0 when implicitly typed to bool 2018-11-08 12:21:53 +07:00
Ondřej Surý
7fc78e7cad Remove internal dst memory context that was used just for OpenSSL and was passthrough for malloc and free 2018-10-25 08:16:24 +02:00
Ondřej Surý
b98ac2593c Add generic hashed message authentication code API (isc_hmac) to replace specific HMAC functions hmacmd5/hmacsha1/hmacsha2... 2018-10-25 08:15:42 +02:00
Ondřej Surý
7fd3dc63de Add generic message digest API (isc_md) to replace specific MD functions md5/sha1/sha256 2018-10-25 08:15:42 +02:00
Mark Andrews
607c2d7441 free key on error 2018-10-23 20:19:07 -04:00
Evan Hunt
09f58ab63f retain a minimal "methods" struct in the mctx
- this enables memory to be allocated and freed in dyndb modules
  when named is linked statically. when we standardize on libtool,
  this should become unnecessary.
- also, simplified the isc_mem_create/createx API by removing
  extra compatibility functions
2018-10-18 09:19:12 +00:00