Refactor diagnostic tools code to no longer use:
- isc_socket_recvv()
- isc_socket_sendtov2()
- isc_socket_sendv()
as these functions will be removed shortly.
Manual page of host contained instructions to disable IDN processing
when it was built with libidn2. When refactoring IDN support however,
support for disabling IDN in host and nslookup was lost. Use also
environment variable and document it for nslookup, host and dig.
The "exitcode" variable is set to 9 if a TCP connection fails, but is
not reset to 0 if a subsequent TCP connection succeeds. This causes dig
to return a non-zero exit code if it succeeds in getting a TCP response
after a retry. Fix by resetting "exitcode" to 0 if connect_done()
receives an event with the "result" field set to ISC_R_SUCCESS.
Make will choose modified manual from build directory or original from source
directory automagically. Take advantage of install tool feature.
Install all files in single command instead of iterating on each of them.
While idn2_to_unicode_8zlz() takes a 'flags' argument, it is ignored and
thus cannot be used to perform IDN checks on the output string.
The bug in libidn2 versions before 2.0.5 was not that a call to
idn2_to_unicode_8zlz() with certain flags set did not cause IDN checks
to be performed. The bug was that idn2_to_unicode_8zlz() did not check
whether a conversion can be performed between UTF-8 and the current
locale's character encoding. In other words, with libidn2 version
2.0.5+, if the current locale's character encoding is ASCII, then
idn2_to_unicode_8zlz() will fail when it is passed any Punycode string
which decodes to a non-ASCII string, even if it is a valid IDNA2008
name.
Rework idn_ace_to_locale() so that invalid IDNA2008 names are properly
and consistently detected for all libidn2 versions and locales.
Update the "idna" system test accordingly. Add checks for processing a
server response containing Punycode which decodes to an invalid IDNA2008
name. Fix invalid subtest description.
Since idn_output_filter() no longer uses its 'absolute' argument and no
other callback is used with dns_name_settotextfilter(), remove the
'absolute' argument from the dns_name_totextfilter_t prototype.
output_filter() does not need to dot-terminate its input name because
libidn2 properly handles both dot-terminated and non-dot-terminated
names. libidn2 also does not implicitly dot-terminate names passed to
it, so parts of output_filter() handling dot termination can simply be
removed.
Fix a logical condition to make sure 'src' can fit the terminating NULL
byte. Replace the MAXDLEN macro with the MXNAME macro used in the rest
of dig source code. Tweak comments and variable names.
Rename output_filter() to idn_output_filter() so that it can be easily
associated with IDN and other idn_*() functions.
idn_ace_to_locale() may return a string longer than MAXDLEN because it
is using the current locale's character encoding. Rather then imposing
an arbitrary limit on the length of the string that function can return,
make it pass the string prepared by libidn2 back to the caller verbatim,
making the latter responsible for freeing that string. In conjunction
with the fact that libidn2 errors are considered fatal, this makes
returning an isc_result_t from idn_ace_to_locale() unnecessary.
Do not process success cases in conditional branches for improved
consistency with the rest of BIND source code. Add a comment explaining
the purpose of idn_ace_to_locale(). Rename that function's parameters
to match common BIND naming pattern.
idn_locale_to_ace() is a static function which is always used with a
buffer of size MXNAME, i.e. one that can fit any valid domain name.
Since libidn2 detects invalid domain names and libidn2 errors are
considered fatal, remove size checks from idn_locale_to_ace(). This
makes returning an isc_result_t from it unnecessary.
Do not process success cases in conditional branches for improved
consistency with the rest of BIND source code. Add a comment explaining
the purpose of idn_locale_to_ace(). Rename that function's parameters
to match common BIND naming pattern.
Certain characters, like symbols, are allowed by IDNA2003, but not by
IDNA2008. Make dig reject such symbols when IDN input processing is
enabled to ensure BIND only supports IDNA2008. Update the "idna" system
test so that it uses one of such symbols rather than one which is
disallowed by both IDNA2003 and IDNA2008.
There is no need to call dns_name_settotextfilter() in setup_system()
because setup_lookup() determines whether IDN output processing should
be enabled for a specific lookup (taking the global setting into
consideration) and calls dns_name_settotextfilter() anyway if it is.
Remove the dns_name_settotextfilter() call from setup_system().
Clean up the parts of configure.in responsible for handling libidn2
detection and adjust other pieces of the build system to match these
cleanups:
- use pkg-config when --with-libidn2 is used without an explicit path,
- look for idn2_to_ascii_lz() rather than idn2_to_ascii_8z() as the
former is used in BIND while the latter is not,
- do not look for idn2_to_unicode_8zlz() as it is present in all
libidn2 versions which have idn2_to_ascii_lz(),
- check whether the <idn2.h> header is usable,
- set LDFLAGS in the Makefile for dig so that, if specified, the
requested libidn2 path is used when linking with libidn2,
- override CPPFLAGS when looking for libidn2 components so that the
configure script does not produce warnings when libidn2 is not
installed system-wide,
- merge the AS_CASE() call into the AS_IF() call below it to simplify
code,
- indicate the default value of --with-libidn2 in "./configure --help"
output,
- use $with_libidn2 rather than $use_libidn2 to better match the name
of the configure script argument,
- stop differentiating between IDN "in" and "out" support, i.e. make
dig either support libidn2 or not; remove WITH_* Autoconf macros and
use a new one, HAVE_LIBIDN2, to determine whether libidn2 support
should be enabled.
This commit reverts the previous change to use system provided
entropy, as (SYS_)getrandom is very slow on Linux because it is
a syscall.
The change introduced in this commit adds a new call isc_nonce_buf
that uses CSPRNG from cryptographic library provider to generate
secure data that can be and must be used for generating nonces.
Example usage would be DNS cookies.
The isc_random() API has been changed to use fast PRNG that is not
cryptographically secure, but runs entirely in user space. Two
contestants have been considered xoroshiro family of the functions
by Villa&Blackman and PCG by O'Neill. After a consideration the
xoshiro128starstar function has been used as uint32_t random number
provider because it is very fast and has good enough properties
for our usage pattern.
The other change introduced in the commit is the more extensive usage
of isc_random_uniform in places where the usage pattern was
isc_random() % n to prevent modulo bias. For usage patterns where
only 16 or 8 bits are needed (DNS Message ID), the isc_random()
functions has been renamed to isc_random32(), and isc_random16() and
isc_random8() functions have been introduced by &-ing the
isc_random32() output with 0xffff and 0xff. Please note that the
functions that uses stripped down bit count doesn't pass our
NIST SP 800-22 based random test.
- Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
HAVE_OPENSSL/HAVE_PKCS11
- Don't enforce the crypto provider from platform.h, just from dst_api.c
and configure scripts
The three functions has been modeled after the arc4random family of
functions, and they will always return random bytes.
The isc_random family of functions internally use these CSPRNG (if available):
1. getrandom() libc call (might be available on Linux and Solaris)
2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
4. crypto library function:
4a. RAND_bytes in case OpenSSL
4b. pkcs_C_GenerateRandom() in case PKCS#11 library
Replace dns_fixedname_init() calls followed by dns_fixedname_name()
calls with calls to dns_fixedname_initname() where it is possible
without affecting current behavior and/or performance.
This patch was mostly prepared using Coccinelle and the following
semantic patch:
@@
expression fixedname, name;
@@
- dns_fixedname_init(&fixedname);
...
- name = dns_fixedname_name(&fixedname);
+ name = dns_fixedname_initname(&fixedname);
The resulting set of changes was then manually reviewed to exclude false
positives and apply minor tweaks.
It is likely that more occurrences of this pattern can be refactored in
an identical way. This commit only takes care of the low-hanging fruit.
