diff --git a/Makefile b/Makefile index ff3747b0fdc230551d1694cfd503eb7511a761f6..78d10e8282497f7d28154ccca71c8fa8b1b4753c 100644 --- a/Makefile +++ b/Makefile @@ -28,6 +28,7 @@ $(eval $(call find_bin,gccgo)) $(eval $(call find_python)) $(eval $(call find_lib,libmemcached,1.0)) $(eval $(call find_lib,hiredis)) +$(eval $(call find_lib,libdnssec)) # Work around luajit on OS X ifeq ($(PLATFORM), Darwin) @@ -36,7 +37,7 @@ ifneq (,$(findstring luajit, $(lua_LIBS))) endif endif -CFLAGS += $(libknot_CFLAGS) $(libuv_CFLAGS) $(cmocka_CFLAGS) $(python_CFLAGS) $(lua_CFLAGS) +CFLAGS += $(libknot_CFLAGS) $(libuv_CFLAGS) $(cmocka_CFLAGS) $(python_CFLAGS) $(lua_CFLAGS) $(libdnssec_CFLAGS) # Sub-targets include help.mk diff --git a/daemon/daemon.mk b/daemon/daemon.mk index 6088050782d8f303670d5bc1921a30438e6ff688..0b7b0f271babe39ba98645005faabf6a80625fdd 100644 --- a/daemon/daemon.mk +++ b/daemon/daemon.mk @@ -19,7 +19,7 @@ daemon/engine.o: daemon/lua/sandbox.inc daemon/lua/config.inc # Dependencies kresd_DEPEND := $(libkres) -kresd_LIBS := $(libkres_TARGET) $(libknot_LIBS) $(libuv_LIBS) $(lua_LIBS) +kresd_LIBS := $(libkres_TARGET) $(libknot_LIBS) $(libdnssec_LIBS) $(libuv_LIBS) $(lua_LIBS) # Make binary ifeq ($(HAS_lua)|$(HAS_libuv), yes|yes) diff --git a/daemon/main.c b/daemon/main.c index 5f4d9fff6c28d2d519a5d0bbdb2385b31dfe7754..202abd31bdf631908ff3cde2c9eca2723119f99d 100644 --- a/daemon/main.c +++ b/daemon/main.c @@ -24,6 +24,7 @@ #include "contrib/ccan/asprintf/asprintf.h" #include "lib/defines.h" #include "lib/resolve.h" +#include "lib/dnssec.h" #include "daemon/network.h" #include "daemon/worker.h" #include "daemon/engine.h" @@ -244,6 +245,8 @@ int main(int argc, char **argv) } } + kr_crypto_init(); + /* Fork subprocesses if requested */ while (--forks > 0) { int pid = fork(); @@ -253,6 +256,7 @@ int main(int argc, char **argv) } /* Forked process */ if (pid == 0) { + kr_crypto_reinit(); break; } } @@ -298,5 +302,6 @@ int main(int argc, char **argv) if (ret != 0) { ret = EXIT_FAILURE; } + kr_crypto_cleanup(); return ret; } diff --git a/lib/dnssec.c b/lib/dnssec.c new file mode 100644 index 0000000000000000000000000000000000000000..e7ac4a5d4ee81072c16f266fde43e41f2c0175e1 --- /dev/null +++ b/lib/dnssec.c @@ -0,0 +1,36 @@ +/* Copyright (C) 2015 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <dnssec/crypto.h> + +#include "lib/dnssec.h" + +#define DEBUG_MSG(fmt...) fprintf(stderr, fmt) + +void kr_crypto_init(void) +{ + dnssec_crypto_init(); +} + +void kr_crypto_cleanup(void) +{ + dnssec_crypto_cleanup(); +} + +void kr_crypto_reinit(void) +{ + dnssec_crypto_reinit(); +} diff --git a/lib/dnssec.h b/lib/dnssec.h new file mode 100644 index 0000000000000000000000000000000000000000..a29249cc0a64252872ecbac3b4d86eb717f2470f --- /dev/null +++ b/lib/dnssec.h @@ -0,0 +1,33 @@ +/* Copyright (C) 2015 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#pragma once + +/** + * Initialise cryptographic back-end. + */ +void kr_crypto_init(void); + +/** + * De-initialise cryptographic back-end. + */ +void kr_crypto_cleanup(void); + +/** + * Re-initialise cryptographic back-end. + * @note Must be called after fork() in the child. + */ +void kr_crypto_reinit(void); diff --git a/lib/lib.mk b/lib/lib.mk index a4b1bacb102f102dbe387a65f59034a0fcb28a1c..a47c67017ed7ee3b926cd381652559c9644afbba 100644 --- a/lib/lib.mk +++ b/lib/lib.mk @@ -11,6 +11,7 @@ libkres_SOURCES := \ lib/layer/validate.c \ lib/layer/rrcache.c \ lib/layer/pktcache.c \ + lib/dnssec.c \ lib/utils.c \ lib/nsrep.c \ lib/module.c \ @@ -24,6 +25,7 @@ libkres_HEADERS := \ lib/generic/map.h \ lib/generic/set.h \ lib/layer.h \ + lib/dnssec.h \ lib/utils.h \ lib/nsrep.h \ lib/module.h \ @@ -34,7 +36,7 @@ libkres_HEADERS := \ # Dependencies libkres_DEPEND := -libkres_LIBS := $(libknot_LIBS) +libkres_LIBS := $(libknot_LIBS) $(libdnssec_LIBS) libkres_TARGET := -Wl,-rpath,lib -Llib -lkres # Make library