Merge branch 'branch-1.4prep' into hashtable_unify

80f0e519 · Marek Vavrusa · b0eeeb7d · 3107c34b · 80f0e519 · 80f0e519
Commit 80f0e519 authored 11 years ago by Marek Vavrusa
--- a/src/knot/server/xfr-handler.c
+++ b/src/knot/server/xfr-handler.c
@@ -577,6 +577,7 @@ static int xfr_async_finish(fdset_t *set, unsigned id)
 static int xfr_task_finalize(xfrworker_t *w, knot_ns_xfr_t *rq)
 {
 	int ret = KNOT_EINVAL;
+	rcu_read_lock();
 	knot_nameserver_t *ns = w->master->ns;

 	if (rq->type == XFR_TYPE_AIN) {
@@ -614,6 +615,8 @@ static int xfr_task_finalize(xfrworker_t *w, knot_ns_xfr_t *rq)
 		rq->new_contents = NULL; /* Do not free. */
 	}

+	rcu_read_unlock();
+
 	return ret;
 }


--- a/src/knot/server/zones.c
+++ b/src/knot/server/zones.c
@@ -981,6 +981,7 @@ static int zones_journal_apply(knot_zone_t *zone)
 	knot_changesets_t* chsets =
 		knot_changesets_create(KNOT_CHANGESET_TYPE_IXFR);
 	if (chsets == NULL) {
+		rcu_read_unlock();
 		return KNOT_ERROR;
 	}

@@ -1313,6 +1314,7 @@ static int zones_do_diff_and_sign(const conf_zone_t *z,
 			                      &new_contents,
 			                      sec_chs->changes);
 			zones_free_merged_changesets(diff_chs, sec_chs);
+			rcu_read_unlock();
 			return ret;
 		}
 	}
@@ -1325,6 +1327,8 @@ static int zones_do_diff_and_sign(const conf_zone_t *z,
 		free(zname);
 	}

+	rcu_read_unlock();
+
 	zones_free_merged_changesets(diff_chs, sec_chs);
 	return ret;
 }
@@ -2937,6 +2941,8 @@ int zones_save_zone(const knot_ns_xfr_t *xfr)

 	dbg_xfr("xfr: %s Saving new zone file.\n", xfr->msg);

+	rcu_read_lock();
+
 	zonedata_t *zd = (zonedata_t *)knot_zone_data(xfr->zone);
 	knot_zone_contents_t *new_zone = xfr->new_contents;

@@ -2957,6 +2963,7 @@ int zones_save_zone(const knot_ns_xfr_t *xfr)

 	/* dump the zone into text zone file */
 	int ret = zones_dump_zone_text(new_zone, zonefile);
+	rcu_read_unlock();
 	return ret;
 }

@@ -3509,6 +3516,7 @@ static int zones_dnssec_ev(event_t *event, bool force)
 		evsched_event_free(event->parent, event);
 		zd->dnssec_timer = NULL;
 		pthread_mutex_unlock(&zd->lock);
+		rcu_read_unlock();
 		return KNOT_ENOMEM;
 	}
 	knot_changeset_t *ch = knot_changesets_create_changeset(chs);
@@ -3517,6 +3525,7 @@ static int zones_dnssec_ev(event_t *event, bool force)
 		evsched_event_free(event->parent, event);
 		zd->dnssec_timer = NULL;
 		pthread_mutex_unlock(&zd->lock);
+		rcu_read_unlock();
 		return KNOT_ENOMEM;
 	}

@@ -3533,6 +3542,7 @@ static int zones_dnssec_ev(event_t *event, bool force)
 		evsched_event_free(event->parent, event);
 		zd->dnssec_timer = NULL;
 		pthread_mutex_unlock(&zd->lock);
+		rcu_read_unlock();
 		return ret;
 	}

@@ -3548,6 +3558,7 @@ static int zones_dnssec_ev(event_t *event, bool force)
 			zd->dnssec_timer = NULL;
 			pthread_mutex_unlock(&zd->lock);
 			free(zname);
+			rcu_read_unlock();
 			return ret;
 		}
 	} else {

--- a/src/libknot/dnssec/sign.c
+++ b/src/libknot/dnssec/sign.c
@@ -406,6 +406,35 @@ static int dsa_sign_verify(const knot_dnssec_sign_context_t *context,

 #ifndef OPENSSL_NO_ECDSA

+/*!
+ * \brief Decode ECDSA public key from RDATA and set it into EC key.
+ * \note DNSKEY format for ECDSA is described in RFC 6605 section 4.
+ */
+static int ecdsa_set_public_key(const knot_binary_t *rdata, EC_KEY *ec_key)
+{
+	assert(rdata);
+	assert(ec_key);
+
+	if (rdata->size % 2 != 0) {
+		return KNOT_EINVAL;
+	}
+
+	size_t param_size = rdata->size / 2;
+	uint8_t *x_ptr = rdata->data;
+	uint8_t *y_ptr = rdata->data + param_size;
+
+	BIGNUM *x = BN_bin2bn(x_ptr, param_size, NULL);
+	BIGNUM *y = BN_bin2bn(y_ptr, param_size, NULL);
+
+	if (EC_KEY_set_public_key_affine_coordinates(ec_key, x, y) != 1) {
+		BN_free(x);
+		BN_free(y);
+		return KNOT_DNSSEC_EINVALID_KEY;
+	}
+
+	return KNOT_EOK;
+}
+
 /*!
 * \brief Create ECDSA private key from key parameters.
 * \see rsa_create_pkey
@@ -429,9 +458,21 @@ static int ecdsa_create_pkey(const knot_key_params_t *params, EVP_PKEY *key)
 		return KNOT_ENOMEM;
 	}

-	EC_KEY_set_private_key(ec_key, binary_to_bn(&params->private_key));
+	int result = ecdsa_set_public_key(&params->rdata, ec_key);
+	if (result != KNOT_EOK) {
+		EC_KEY_free(ec_key);
+		return result;
+	}

-	// EC_KEY_check_key() could be added, but fails without public key
+	if (EC_KEY_set_private_key(ec_key, binary_to_bn(&params->private_key)) != 1) {
+		EC_KEY_free(ec_key);
+		return KNOT_DNSSEC_EINVALID_KEY;
+	}
+
+	if (EC_KEY_check_key(ec_key) != 1) {
+		EC_KEY_free(ec_key);
+		return KNOT_DNSSEC_EINVALID_KEY;
+	}

 	if (!EVP_PKEY_assign_EC_KEY(key, ec_key)) {
 		EC_KEY_free(ec_key);

--- a/src/libknot/nameserver/name-server.c
+++ b/src/libknot/nameserver/name-server.c
@@ -4058,7 +4058,9 @@ int knot_ns_switch_zone(knot_nameserver_t *nameserver,
 		zone->zone = z;
 	}

+	rcu_read_unlock();
 	int ret = xfrin_switch_zone(z, zone, xfr->type);
+	rcu_read_lock();

 dbg_ns_exec_verb(
 	dbg_ns_verb("Zone db contents: (zone count: %zu)\n",

--- a/src/tests/libknot/dnssec_sign_tests.c
+++ b/src/tests/libknot/dnssec_sign_tests.c
@@ -49,6 +49,8 @@ static void test_algorithm(const char *alg, const knot_key_params_t *kp)
 	ctx = knot_dnssec_sign_init(&key);
 	ok(ctx != NULL, "%s: create signing context", alg);

+	skip(ctx == NULL, 12, "%s: required test failed", alg);
+
 	size_t sig_size = knot_dnssec_sign_size(&key);
 	ok(sig_size > 0, "%s: get signature size", alg);

@@ -88,6 +90,8 @@ static void test_algorithm(const char *alg, const knot_key_params_t *kp)
 	result = knot_dnssec_sign_verify(ctx, sig, sig_size);
 	ok(result == KNOT_EOK, "%s: verify valid signature", alg);

+	endskip;
+
 	knot_dnssec_sign_free(ctx);
 	knot_dnssec_key_free(&key);
 }
@@ -137,7 +141,7 @@ static int dnssec_sign_tests_run(int argc, char *argv[])
 	kp.name = knot_dname_from_str("example.com", 12);
 	kp.algorithm = 13;
 	knot_binary_from_base64("1N/PvpB8jZcvv+zr3Q987RKK1cBxDKULzEc5F/nnpSg=", &kp.private_key);
-	//knot_binary_from_base64("fe3oR+S8crl9AwayWFZwJ8wXpDeg1uiXZ/X0MYBvyvj1lfuJDXawUjKuzYKLAPEVH1jt8XbM5nTTlVXUsDebVA==", &kp.public_key);
+	knot_binary_from_base64("fe3oR+S8crl9AwayWFZwJ8wXpDeg1uiXZ/X0MYBvyvj1lfuJDXawUjKuzYKLAPEVH1jt8XbM5nTTlVXUsDebVA==", &kp.rdata);

 	test_algorithm("ECDSA", &kp);
 	knot_free_key_params(&kp);