Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
795 Commits 8 Branches 0 Tags
f01d7be6c647cc41f4911cdedadf739e24b08f28
Commit Graph

795 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Giovanni Bajo
23c2176681 Process RRSIGs also in authority and additional sections. 2013-08-20 15:41:23 +01:00
Giovanni Bajo
e83297d0f6 RSASHA1-NSEC3-SHA1 is equivalent to RSASHA1 for the purpose of RRSIG validation. 2013-08-20 15:41:23 +01:00
Giovanni Bajo
41de7442d2 Reformat some code (no semantic difference). 2013-08-20 15:41:23 +01:00
Giovanni Bajo
0852d76b58 Start implementing canonicalization of RDATA wire formats. 2013-08-20 15:41:22 +01:00
Giovanni Bajo
a55ce08cc0 Silence a few warnings. 2013-08-20 15:41:22 +01:00
Giovanni Bajo
dd090561bf Convert to C-style comments. 2013-08-20 15:41:22 +01:00
Giovanni Bajo
28f04fd647 Remove unused variable. 2013-08-20 15:41:22 +01:00
Giovanni Bajo
50a96b62f1 Fix a validation bug when owner != signer. 
Since owner and signer are both domain names and share the same
buffer in memory (daemon->namebuff), we need to go through a little
hoop to make sure one doesn't step on the other's toes. We don't
really need to extract the signer name until we have finished
calculating the hash of the RRset, so we postpone its extraction.
 2013-08-20 15:41:22 +01:00
Giovanni Bajo
00b963ab72 Improve logging message. 2013-08-20 15:41:22 +01:00
Giovanni Bajo
79333a2498 Fix a bug in extract_name_no_compression. 
When the maxlen was exactly equal to the length of the string,
the function was returning 0 because the end-of-buffer check was
misplaced.
 2013-08-20 15:41:22 +01:00
Giovanni Bajo
32f82c62c8 Export skip_name function. 2013-08-20 15:41:21 +01:00
Giovanni Bajo
4e076d746f Debug function. 2013-08-20 15:41:21 +01:00
Giovanni Bajo
13e435ebca Bugfix: domain names must go through hash function in DNS format (but uncompressed!) 2013-08-20 15:41:21 +01:00
Giovanni Bajo
4b0eecbb44 Bugfix: rdata flags must go through hash function in network byte order. 2013-08-20 15:41:21 +01:00
Giovanni Bajo
0360a524df Implement RSA verification. 2013-08-20 15:41:21 +01:00
Giovanni Bajo
262ac85107 verify() function must take a keydata chained buffer for input key. 2013-08-20 15:41:21 +01:00
Giovanni Bajo
4c70046d93 Move helper functions to common header file. 2013-08-20 15:41:21 +01:00
Giovanni Bajo
458824dcb4 Helper function to walk through keydata chained blocks. 2013-08-20 15:41:21 +01:00
Giovanni Bajo
a7338645d7 Add a FIXME for missing logic. 2013-08-20 15:41:21 +01:00
Giovanni Bajo
776fd04754 Add cast to silence warning. 2013-08-20 15:41:20 +01:00
Giovanni Bajo
20bccd499f Rework the loop a little (no functionality changes) 2013-08-20 15:41:20 +01:00
Giovanni Bajo
708bcd2dd3 Call valg verify functions (unimplemented for now) 2013-08-20 15:41:20 +01:00
Giovanni Bajo
d0edff7d6e Insert all DNSKEY/DS records into cache in one transaction. 2013-08-20 15:41:20 +01:00
Giovanni Bajo
ccca70cb33 Change some logging messages. 2013-08-20 15:41:20 +01:00
Giovanni Bajo
0d829ebc69 Skip non-signing keys 2013-08-20 15:41:20 +01:00
Giovanni Bajo
4137b84e4e Postpone RRSIG processing after all DNSKEY/DS have been parsed. 2013-08-20 15:41:20 +01:00
Giovanni Bajo
e6c2a670fe Before using a key for validation, also verify that algorithm matches. 2013-08-20 15:41:20 +01:00
Giovanni Bajo
47f99dd2b3 Fix argument in dnssec_parsekey() call. 2013-08-20 15:41:20 +01:00
Giovanni Bajo
6759b99e28 Add function to extract algorithm number from context. 2013-08-20 15:41:20 +01:00
Giovanni Bajo
3471f18130 Start parsing DNSKEY records and insert them into cache. 2013-08-20 15:41:20 +01:00
Giovanni Bajo
2ef843dd16 extract_name_no_compression: strip trailing dot. 2013-08-20 15:41:19 +01:00
Giovanni Bajo
ce2a0f5a6a Macros to simplify tentative parsing. 2013-08-20 15:41:19 +01:00
Giovanni Bajo
adca3e9c4b Refactor to use new VerifyAlg context, and start implementing logic for querying DNSKEYs. 2013-08-20 15:41:19 +01:00
Giovanni Bajo
366dfcb907 Explicitize the context of verification algorithm. 2013-08-20 15:41:19 +01:00
Giovanni Bajo
28c625572b Move general macros in dnsmasq.h 2013-08-20 15:41:19 +01:00
Giovanni Bajo
02f9b76418 Rename key cache field. 2013-08-20 15:41:19 +01:00
Giovanni Bajo
ba8badd6df Fix bug in keydata_alloc() 2013-08-20 15:41:19 +01:00
Giovanni Bajo
0decc869ae Fix rrset qsort comparison function. 2013-08-20 15:41:19 +01:00
Giovanni Bajo
b573aebc09 Add skeleton for RSASHA256. 2013-08-20 15:41:19 +01:00
Giovanni Bajo
d31d057aa3 Remove useless endian-conversion after GETLONG(). 2013-08-20 15:41:18 +01:00
Giovanni Bajo
6445c8ed73 Fix off-by-one in iteration. 2013-08-20 15:41:18 +01:00
Giovanni Bajo
382e38f494 Specify the correct place where to canonicalize RR within RRset. 2013-08-20 15:41:18 +01:00
Giovanni Bajo
9940aba9f6 Initial openssl RSASHA1 implementation (only SHA1 for now). 2013-08-20 15:41:18 +01:00
Giovanni Bajo
7e846b9858 Add openssl support to build machinery. 2013-08-20 15:41:18 +01:00
Giovanni Bajo
d322de0613 Further abstract API of verify crypto. 2013-08-20 15:41:18 +01:00
Giovanni Bajo
b98f771519 Filter out invalid characters in domain names. 2013-08-20 15:41:18 +01:00
Giovanni Bajo
c7a93f6e4e Skip trailing \0 in domain name. 2013-08-20 15:41:18 +01:00
Giovanni Bajo
970ce22b68 Augment verify algorithm table. 2013-08-20 15:41:18 +01:00
Giovanni Bajo
e292e93d35 Initial dnssec structure. 2013-08-20 15:41:18 +01:00
Giovanni Bajo
fa164d459f DNSSEC validation require EDNS0, force larger packet size. 2013-08-20 15:41:17 +01:00