unbound/smallapp/unbound-anchor.c

*b7579f77SDag-Erling Smørgrav/*
*b7579f77SDag-Erling Smørgrav * unbound-anchor.c - update the root anchor if necessary.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * Copyright (c) 2010, NLnet Labs. All rights reserved.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * This software is open source.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without
*b7579f77SDag-Erling Smørgrav * modification, are permitted provided that the following conditions
*b7579f77SDag-Erling Smørgrav * are met:
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * Redistributions of source code must retain the above copyright notice,
*b7579f77SDag-Erling Smørgrav * this list of conditions and the following disclaimer.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * Redistributions in binary form must reproduce the above copyright notice,
*b7579f77SDag-Erling Smørgrav * this list of conditions and the following disclaimer in the documentation
*b7579f77SDag-Erling Smørgrav * and/or other materials provided with the distribution.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * Neither the name of the NLNET LABS nor the names of its contributors may
*b7579f77SDag-Erling Smørgrav * be used to endorse or promote products derived from this software without
*b7579f77SDag-Erling Smørgrav * specific prior written permission.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
*b7579f77SDag-Erling Smørgrav * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
*b7579f77SDag-Erling Smørgrav * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
*b7579f77SDag-Erling Smørgrav * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
*b7579f77SDag-Erling Smørgrav * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
*b7579f77SDag-Erling Smørgrav * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
*b7579f77SDag-Erling Smørgrav * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
*b7579f77SDag-Erling Smørgrav * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
*b7579f77SDag-Erling Smørgrav * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
*b7579f77SDag-Erling Smørgrav * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
*b7579f77SDag-Erling Smørgrav * POSSIBILITY OF SUCH DAMAGE.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * \file
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * This file checks to see that the current 5011 keys work to prime the
*b7579f77SDag-Erling Smørgrav * current root anchor.  If not a certificate is used to update the anchor.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * This is a concept solution for distribution of the DNSSEC root
*b7579f77SDag-Erling Smørgrav * trust anchor.  It is a small tool, called "unbound-anchor", that
*b7579f77SDag-Erling Smørgrav * runs before the main validator starts.  I.e. in the init script:
*b7579f77SDag-Erling Smørgrav * unbound-anchor; unbound.  Thus it is meant to run at system boot time.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * Management-Abstract:
*b7579f77SDag-Erling Smørgrav *    * first run: fill root.key file with hardcoded DS record.
*b7579f77SDag-Erling Smørgrav *    * mostly: use RFC5011 tracking, quick . DNSKEY UDP query.
*b7579f77SDag-Erling Smørgrav *    * failover: use builtin certificate, do https and update.
*b7579f77SDag-Erling Smørgrav * Special considerations:
*b7579f77SDag-Erling Smørgrav *    * 30-days RFC5011 timer saves a lot of https traffic.
*b7579f77SDag-Erling Smørgrav *    * DNSKEY probe must be NOERROR, saves a lot of https traffic.
*b7579f77SDag-Erling Smørgrav *    * fail if clock before sign date of the root, if cert expired.
*b7579f77SDag-Erling Smørgrav *    * if the root goes back to unsigned, deals with it.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * It has hardcoded the root DS anchors and the ICANN CA root certificate.
*b7579f77SDag-Erling Smørgrav * It allows with options to override those.  It also takes root-hints (it
*b7579f77SDag-Erling Smørgrav * has to do a DNS resolve), and also has hardcoded defaults for those.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * Once it starts, just before the validator starts, it quickly checks if
*b7579f77SDag-Erling Smørgrav * the root anchor file needs to be updated.  First it tries to use
*b7579f77SDag-Erling Smørgrav * RFC5011-tracking of the root key.  If that fails (and for 30-days since
*b7579f77SDag-Erling Smørgrav * last successful probe), then it attempts to update using the
*b7579f77SDag-Erling Smørgrav * certificate.  So most of the time, the RFC5011 tracking will work fine,
*b7579f77SDag-Erling Smørgrav * and within a couple milliseconds, the main daemon can start.  It will
*b7579f77SDag-Erling Smørgrav * have only probed the . DNSKEY, not done expensive https transfers on the
*b7579f77SDag-Erling Smørgrav * root infrastructure.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * If there is no root key in the root.key file, it bootstraps the
*b7579f77SDag-Erling Smørgrav * RFC5011-tracking with its builtin DS anchors; if that fails it
*b7579f77SDag-Erling Smørgrav * bootstraps the RFC5011-tracking using the certificate.  (again to avoid
*b7579f77SDag-Erling Smørgrav * https, and it is also faster).
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * It uses the XML file by converting it to DS records and writing that to the
*b7579f77SDag-Erling Smørgrav * key file.  Unbound can detect that the 'special comments' are gone, and
*b7579f77SDag-Erling Smørgrav * the file contains a list of normal DNSKEY/DS records, and uses that to
*b7579f77SDag-Erling Smørgrav * bootstrap 5011 (the KSK is made VALID).
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * The certificate update is done by fetching root-anchors.xml and
*b7579f77SDag-Erling Smørgrav * root-anchors.p7s via SSL.  The HTTPS certificate can be logged but is
*b7579f77SDag-Erling Smørgrav * not validated (https for channel security; the security comes from the
*b7579f77SDag-Erling Smørgrav * certificate).  The 'data.iana.org' domain name A and AAAA are resolved
*b7579f77SDag-Erling Smørgrav * without DNSSEC.  It tries a random IP until the transfer succeeds.  It
*b7579f77SDag-Erling Smørgrav * then checks the p7s signature.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * On any failure, it leaves the root key file untouched.  The main
*b7579f77SDag-Erling Smørgrav * validator has to cope with it, it cannot fix things (So a failure does
*b7579f77SDag-Erling Smørgrav * not go 'without DNSSEC', no downgrade).  If it used its builtin stuff or
*b7579f77SDag-Erling Smørgrav * did the https, it exits with an exit code, so that this can trigger the
*b7579f77SDag-Erling Smørgrav * init script to log the event and potentially alert the operator that can
*b7579f77SDag-Erling Smørgrav * do a manual check.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * The date is also checked.  Before 2010-07-15 is a failure (root not
*b7579f77SDag-Erling Smørgrav * signed yet; avoids attacks on system clock).  The
*b7579f77SDag-Erling Smørgrav * last-successful-RFC5011-probe (if available) has to be more than 30 days
*b7579f77SDag-Erling Smørgrav * in the past (otherwise, RFC5011 should have worked).  This keeps
*b7579f77SDag-Erling Smørgrav * unneccesary https traffic down.  If the main certificate is expired, it
*b7579f77SDag-Erling Smørgrav * fails.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * The dates on the keys in the xml are checked (uses the libexpat xml
*b7579f77SDag-Erling Smørgrav * parser), only the valid ones are used to re-enstate RFC5011 tracking.
*b7579f77SDag-Erling Smørgrav * If 0 keys are valid, the zone has gone to insecure (a special marker is
*b7579f77SDag-Erling Smørgrav * written in the keyfile that tells the main validator daemon the zone is
*b7579f77SDag-Erling Smørgrav * insecure).
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * Only the root ICANN CA is shipped, not the intermediate ones.  The
*b7579f77SDag-Erling Smørgrav * intermediate CAs are included in the p7s file that was downloaded.  (the
*b7579f77SDag-Erling Smørgrav * root cert is valid to 2028 and the intermediate to 2014, today).
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav * Obviously, the tool also has options so the operator can provide a new
*b7579f77SDag-Erling Smørgrav * keyfile, a new certificate and new URLs, and fresh root hints.  By
*b7579f77SDag-Erling Smørgrav * default it logs nothing on failure and success; it 'just works'.
*b7579f77SDag-Erling Smørgrav *
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav#include "config.h"
*b7579f77SDag-Erling Smørgrav#include "libunbound/unbound.h"
*b7579f77SDag-Erling Smørgrav#include <ldns/rr.h>
*b7579f77SDag-Erling Smørgrav#include <expat.h>
*b7579f77SDag-Erling Smørgrav#ifndef HAVE_EXPAT_H
*b7579f77SDag-Erling Smørgrav#error "need libexpat to parse root-anchors.xml file."
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav#ifdef HAVE_GETOPT_H
*b7579f77SDag-Erling Smørgrav#include <getopt.h>
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav#ifdef HAVE_OPENSSL_SSL_H
*b7579f77SDag-Erling Smørgrav#include <openssl/ssl.h>
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav#ifdef HAVE_OPENSSL_ERR_H
*b7579f77SDag-Erling Smørgrav#include <openssl/err.h>
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav#ifdef HAVE_OPENSSL_RAND_H
*b7579f77SDag-Erling Smørgrav#include <openssl/rand.h>
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav#include <openssl/x509.h>
*b7579f77SDag-Erling Smørgrav#include <openssl/pem.h>
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** name of server in URL to fetch HTTPS from */
*b7579f77SDag-Erling Smørgrav#define URLNAME "data.iana.org"
*b7579f77SDag-Erling Smørgrav/** path on HTTPS server to xml file */
*b7579f77SDag-Erling Smørgrav#define XMLNAME "root-anchors/root-anchors.xml"
*b7579f77SDag-Erling Smørgrav/** path on HTTPS server to p7s file */
*b7579f77SDag-Erling Smørgrav#define P7SNAME "root-anchors/root-anchors.p7s"
*b7579f77SDag-Erling Smørgrav/** port number for https access */
*b7579f77SDag-Erling Smørgrav#define HTTPS_PORT 443
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav#ifdef USE_WINSOCK
*b7579f77SDag-Erling Smørgrav/* sneakily reuse the the wsa_strerror function, on windows */
*b7579f77SDag-Erling Smørgravchar* wsa_strerror(int err);
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** verbosity for this application */
*b7579f77SDag-Erling Smørgravstatic int verb = 0;
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** list of IP addresses */
*b7579f77SDag-Erling Smørgravstruct ip_list {
*b7579f77SDag-Erling Smørgrav	/** next in list */
*b7579f77SDag-Erling Smørgrav	struct ip_list* next;
*b7579f77SDag-Erling Smørgrav	/** length of addr */
*b7579f77SDag-Erling Smørgrav	socklen_t len;
*b7579f77SDag-Erling Smørgrav	/** address ready to connect to */
*b7579f77SDag-Erling Smørgrav	struct sockaddr_storage addr;
*b7579f77SDag-Erling Smørgrav	/** has the address been used */
*b7579f77SDag-Erling Smørgrav	int used;
*b7579f77SDag-Erling Smørgrav};
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** Give unbound-anchor usage, and exit (1). */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravusage()
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	printf("Usage:	unbound-anchor [opts]\n");
*b7579f77SDag-Erling Smørgrav	printf("	Setup or update root anchor. "
*b7579f77SDag-Erling Smørgrav		"Most options have defaults.\n");
*b7579f77SDag-Erling Smørgrav	printf("	Run this program before you start the validator.\n");
*b7579f77SDag-Erling Smørgrav	printf("\n");
*b7579f77SDag-Erling Smørgrav	printf("	The anchor and cert have default builtin content\n");
*b7579f77SDag-Erling Smørgrav	printf("	if the file does not exist or is empty.\n");
*b7579f77SDag-Erling Smørgrav	printf("\n");
*b7579f77SDag-Erling Smørgrav	printf("-a file		root key file, default %s\n", ROOT_ANCHOR_FILE);
*b7579f77SDag-Erling Smørgrav	printf("		The key is input and output for this tool.\n");
*b7579f77SDag-Erling Smørgrav	printf("-c file		cert file, default %s\n", ROOT_CERT_FILE);
*b7579f77SDag-Erling Smørgrav	printf("-l		list builtin key and cert on stdout\n");
*b7579f77SDag-Erling Smørgrav	printf("-u name		server in https url, default %s\n", URLNAME);
*b7579f77SDag-Erling Smørgrav	printf("-x path		pathname to xml in url, default %s\n", XMLNAME);
*b7579f77SDag-Erling Smørgrav	printf("-s path		pathname to p7s in url, default %s\n", P7SNAME);
*b7579f77SDag-Erling Smørgrav	printf("-4		work using IPv4 only\n");
*b7579f77SDag-Erling Smørgrav	printf("-6		work using IPv6 only\n");
*b7579f77SDag-Erling Smørgrav	printf("-f resolv.conf	use given resolv.conf to resolve -u name\n");
*b7579f77SDag-Erling Smørgrav	printf("-r root.hints	use given root.hints to resolve -u name\n"
*b7579f77SDag-Erling Smørgrav		"		builtin root hints are used by default\n");
*b7579f77SDag-Erling Smørgrav	printf("-v		more verbose\n");
*b7579f77SDag-Erling Smørgrav	printf("-C conf		debug, read config\n");
*b7579f77SDag-Erling Smørgrav	printf("-P port		use port for https connect, default 443\n");
*b7579f77SDag-Erling Smørgrav	printf("-F 		debug, force update with cert\n");
*b7579f77SDag-Erling Smørgrav	printf("-h		show this usage help\n");
*b7579f77SDag-Erling Smørgrav	printf("Version %s\n", PACKAGE_VERSION);
*b7579f77SDag-Erling Smørgrav	printf("BSD licensed, see LICENSE in source package for details.\n");
*b7579f77SDag-Erling Smørgrav	printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
*b7579f77SDag-Erling Smørgrav	exit(1);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** return the built in root update certificate */
*b7579f77SDag-Erling Smørgravstatic const char*
*b7579f77SDag-Erling Smørgravget_builtin_cert(void)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	return
*b7579f77SDag-Erling Smørgrav/* The ICANN CA fetched at 24 Sep 2010.  Valid to 2028 */
*b7579f77SDag-Erling Smørgrav"-----BEGIN CERTIFICATE-----\n"
*b7579f77SDag-Erling Smørgrav"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
*b7579f77SDag-Erling Smørgrav"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
*b7579f77SDag-Erling Smørgrav"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n"
*b7579f77SDag-Erling Smørgrav"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n"
*b7579f77SDag-Erling Smørgrav"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n"
*b7579f77SDag-Erling Smørgrav"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n"
*b7579f77SDag-Erling Smørgrav"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n"
*b7579f77SDag-Erling Smørgrav"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n"
*b7579f77SDag-Erling Smørgrav"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n"
*b7579f77SDag-Erling Smørgrav"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n"
*b7579f77SDag-Erling Smørgrav"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n"
*b7579f77SDag-Erling Smørgrav"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n"
*b7579f77SDag-Erling Smørgrav"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n"
*b7579f77SDag-Erling Smørgrav"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n"
*b7579f77SDag-Erling Smørgrav"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n"
*b7579f77SDag-Erling Smørgrav"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n"
*b7579f77SDag-Erling Smørgrav"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n"
*b7579f77SDag-Erling Smørgrav"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
*b7579f77SDag-Erling Smørgrav"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
*b7579f77SDag-Erling Smørgrav"-----END CERTIFICATE-----\n"
*b7579f77SDag-Erling Smørgrav		;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** return the built in root DS trust anchor */
*b7579f77SDag-Erling Smørgravstatic const char*
*b7579f77SDag-Erling Smørgravget_builtin_ds(void)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	return
*b7579f77SDag-Erling Smørgrav". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n";
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** print hex data */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravprint_data(char* msg, char* data, int len)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int i;
*b7579f77SDag-Erling Smørgrav	printf("%s: ", msg);
*b7579f77SDag-Erling Smørgrav	for(i=0; i<len; i++) {
*b7579f77SDag-Erling Smørgrav		printf(" %2.2x", (unsigned char)data[i]);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	printf("\n");
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** print ub context creation error and exit */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravub_ctx_error_exit(struct ub_ctx* ctx, const char* str, const char* str2)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	ub_ctx_delete(ctx);
*b7579f77SDag-Erling Smørgrav	if(str && str2 && verb) printf("%s: %s\n", str, str2);
*b7579f77SDag-Erling Smørgrav	if(verb) printf("error: could not create unbound resolver context\n");
*b7579f77SDag-Erling Smørgrav	exit(0);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * Create a new unbound context with the commandline settings applied
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic struct ub_ctx*
*b7579f77SDag-Erling Smørgravcreate_unbound_context(char* res_conf, char* root_hints, char* debugconf,
*b7579f77SDag-Erling Smørgrav        int ip4only, int ip6only)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int r;
*b7579f77SDag-Erling Smørgrav	struct ub_ctx* ctx = ub_ctx_create();
*b7579f77SDag-Erling Smørgrav	if(!ctx) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	/* do not waste time and network traffic to fetch extra nameservers */
*b7579f77SDag-Erling Smørgrav	r = ub_ctx_set_option(ctx, "target-fetch-policy:", "0 0 0 0 0");
*b7579f77SDag-Erling Smørgrav	if(r && verb) printf("ctx targetfetchpolicy: %s\n", ub_strerror(r));
*b7579f77SDag-Erling Smørgrav	/* read config file first, so its settings can be overridden */
*b7579f77SDag-Erling Smørgrav	if(debugconf) {
*b7579f77SDag-Erling Smørgrav		r = ub_ctx_config(ctx, debugconf);
*b7579f77SDag-Erling Smørgrav		if(r) ub_ctx_error_exit(ctx, debugconf, ub_strerror(r));
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(res_conf) {
*b7579f77SDag-Erling Smørgrav		r = ub_ctx_resolvconf(ctx, res_conf);
*b7579f77SDag-Erling Smørgrav		if(r) ub_ctx_error_exit(ctx, res_conf, ub_strerror(r));
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(root_hints) {
*b7579f77SDag-Erling Smørgrav		r = ub_ctx_set_option(ctx, "root-hints:", root_hints);
*b7579f77SDag-Erling Smørgrav		if(r) ub_ctx_error_exit(ctx, root_hints, ub_strerror(r));
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(ip4only) {
*b7579f77SDag-Erling Smørgrav		r = ub_ctx_set_option(ctx, "do-ip6:", "no");
*b7579f77SDag-Erling Smørgrav		if(r) ub_ctx_error_exit(ctx, "ip4only", ub_strerror(r));
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(ip6only) {
*b7579f77SDag-Erling Smørgrav		r = ub_ctx_set_option(ctx, "do-ip4:", "no");
*b7579f77SDag-Erling Smørgrav		if(r) ub_ctx_error_exit(ctx, "ip6only", ub_strerror(r));
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return ctx;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** printout certificate in detail */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravverb_cert(char* msg, X509* x)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	if(verb == 0 || verb == 1) return;
*b7579f77SDag-Erling Smørgrav	if(verb == 2) {
*b7579f77SDag-Erling Smørgrav		if(msg) printf("%s\n", msg);
*b7579f77SDag-Erling Smørgrav		X509_print_ex_fp(stdout, x, 0, (unsigned long)-1
*b7579f77SDag-Erling Smørgrav			^(X509_FLAG_NO_SUBJECT
*b7579f77SDag-Erling Smørgrav			|X509_FLAG_NO_ISSUER|X509_FLAG_NO_VALIDITY));
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(msg) printf("%s\n", msg);
*b7579f77SDag-Erling Smørgrav	X509_print_fp(stdout, x);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** printout certificates in detail */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravverb_certs(char* msg, STACK_OF(X509)* sk)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int i, num = sk_X509_num(sk);
*b7579f77SDag-Erling Smørgrav	if(verb == 0 || verb == 1) return;
*b7579f77SDag-Erling Smørgrav	for(i=0; i<num; i++) {
*b7579f77SDag-Erling Smørgrav		printf("%s (%d/%d)\n", msg, i, num);
*b7579f77SDag-Erling Smørgrav		verb_cert(NULL, sk_X509_value(sk, i));
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** read certificates from a PEM bio */
*b7579f77SDag-Erling Smørgravstatic STACK_OF(X509)*
*b7579f77SDag-Erling Smørgravread_cert_bio(BIO* bio)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	STACK_OF(X509) *sk = sk_X509_new_null();
*b7579f77SDag-Erling Smørgrav	if(!sk) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	while(!BIO_eof(bio)) {
*b7579f77SDag-Erling Smørgrav		X509* x = PEM_read_bio_X509(bio, NULL, 0, NULL);
*b7579f77SDag-Erling Smørgrav		if(x == NULL) {
*b7579f77SDag-Erling Smørgrav			if(verb) {
*b7579f77SDag-Erling Smørgrav				printf("failed to read X509\n");
*b7579f77SDag-Erling Smørgrav			 	ERR_print_errors_fp(stdout);
*b7579f77SDag-Erling Smørgrav			}
*b7579f77SDag-Erling Smørgrav			continue;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if(!sk_X509_push(sk, x)) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav			exit(0);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return sk;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/* read the certificate file */
*b7579f77SDag-Erling Smørgravstatic STACK_OF(X509)*
*b7579f77SDag-Erling Smørgravread_cert_file(char* file)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	STACK_OF(X509)* sk;
*b7579f77SDag-Erling Smørgrav	FILE* in;
*b7579f77SDag-Erling Smørgrav	int content = 0;
*b7579f77SDag-Erling Smørgrav	char buf[128];
*b7579f77SDag-Erling Smørgrav	if(file == NULL || strcmp(file, "") == 0) {
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	sk = sk_X509_new_null();
*b7579f77SDag-Erling Smørgrav	if(!sk) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	in = fopen(file, "r");
*b7579f77SDag-Erling Smørgrav	if(!in) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("%s: %s\n", file, strerror(errno));
*b7579f77SDag-Erling Smørgrav#ifndef S_SPLINT_S
*b7579f77SDag-Erling Smørgrav		sk_X509_pop_free(sk, X509_free);
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	while(!feof(in)) {
*b7579f77SDag-Erling Smørgrav		X509* x = PEM_read_X509(in, NULL, 0, NULL);
*b7579f77SDag-Erling Smørgrav		if(x == NULL) {
*b7579f77SDag-Erling Smørgrav			if(verb) {
*b7579f77SDag-Erling Smørgrav				printf("failed to read X509 file\n");
*b7579f77SDag-Erling Smørgrav			 	ERR_print_errors_fp(stdout);
*b7579f77SDag-Erling Smørgrav			}
*b7579f77SDag-Erling Smørgrav			continue;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if(!sk_X509_push(sk, x)) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav			fclose(in);
*b7579f77SDag-Erling Smørgrav			exit(0);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		content = 1;
*b7579f77SDag-Erling Smørgrav		/* read away newline after --END CERT-- */
*b7579f77SDag-Erling Smørgrav		if(!fgets(buf, (int)sizeof(buf), in))
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	fclose(in);
*b7579f77SDag-Erling Smørgrav	if(!content) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("%s is empty\n", file);
*b7579f77SDag-Erling Smørgrav#ifndef S_SPLINT_S
*b7579f77SDag-Erling Smørgrav		sk_X509_pop_free(sk, X509_free);
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return sk;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** read certificates from the builtin certificate */
*b7579f77SDag-Erling Smørgravstatic STACK_OF(X509)*
*b7579f77SDag-Erling Smørgravread_builtin_cert(void)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	const char* builtin_cert = get_builtin_cert();
*b7579f77SDag-Erling Smørgrav	STACK_OF(X509)* sk;
*b7579f77SDag-Erling Smørgrav	BIO *bio = BIO_new_mem_buf((void*)builtin_cert,
*b7579f77SDag-Erling Smørgrav		(int)strlen(builtin_cert));
*b7579f77SDag-Erling Smørgrav	if(!bio) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	sk = read_cert_bio(bio);
*b7579f77SDag-Erling Smørgrav	if(!sk) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("internal error, out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	BIO_free(bio);
*b7579f77SDag-Erling Smørgrav	return sk;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** read update cert file or use builtin */
*b7579f77SDag-Erling Smørgravstatic STACK_OF(X509)*
*b7579f77SDag-Erling Smørgravread_cert_or_builtin(char* file)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	STACK_OF(X509) *sk = read_cert_file(file);
*b7579f77SDag-Erling Smørgrav	if(!sk) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("using builtin certificate\n");
*b7579f77SDag-Erling Smørgrav		sk = read_builtin_cert();
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(verb) printf("have %d trusted certificates\n", sk_X509_num(sk));
*b7579f77SDag-Erling Smørgrav	verb_certs("trusted certificates", sk);
*b7579f77SDag-Erling Smørgrav	return sk;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravdo_list_builtin(void)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	const char* builtin_cert = get_builtin_cert();
*b7579f77SDag-Erling Smørgrav	const char* builtin_ds = get_builtin_ds();
*b7579f77SDag-Erling Smørgrav	printf("%s\n", builtin_ds);
*b7579f77SDag-Erling Smørgrav	printf("%s\n", builtin_cert);
*b7579f77SDag-Erling Smørgrav	exit(0);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** printout IP address with message */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravverb_addr(char* msg, struct ip_list* ip)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	if(verb) {
*b7579f77SDag-Erling Smørgrav		char out[100];
*b7579f77SDag-Erling Smørgrav		void* a = &((struct sockaddr_in*)&ip->addr)->sin_addr;
*b7579f77SDag-Erling Smørgrav		if(ip->len != (socklen_t)sizeof(struct sockaddr_in))
*b7579f77SDag-Erling Smørgrav			a = &((struct sockaddr_in6*)&ip->addr)->sin6_addr;
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav		if(inet_ntop((int)((struct sockaddr_in*)&ip->addr)->sin_family,
*b7579f77SDag-Erling Smørgrav			a, out, (socklen_t)sizeof(out))==0)
*b7579f77SDag-Erling Smørgrav			printf("%s (inet_ntop error)\n", msg);
*b7579f77SDag-Erling Smørgrav		else printf("%s %s\n", msg, out);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** free ip_list */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravip_list_free(struct ip_list* p)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct ip_list* np;
*b7579f77SDag-Erling Smørgrav	while(p) {
*b7579f77SDag-Erling Smørgrav		np = p->next;
*b7579f77SDag-Erling Smørgrav		free(p);
*b7579f77SDag-Erling Smørgrav		p = np;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** create ip_list entry for a RR record */
*b7579f77SDag-Erling Smørgravstatic struct ip_list*
*b7579f77SDag-Erling SmørgravRR_to_ip(int tp, char* data, int len, int port)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct ip_list* ip = (struct ip_list*)calloc(1, sizeof(*ip));
*b7579f77SDag-Erling Smørgrav	uint16_t p = (uint16_t)port;
*b7579f77SDag-Erling Smørgrav	if(tp == LDNS_RR_TYPE_A) {
*b7579f77SDag-Erling Smørgrav		struct sockaddr_in* sa = (struct sockaddr_in*)&ip->addr;
*b7579f77SDag-Erling Smørgrav		ip->len = (socklen_t)sizeof(*sa);
*b7579f77SDag-Erling Smørgrav		sa->sin_family = AF_INET;
*b7579f77SDag-Erling Smørgrav		sa->sin_port = (in_port_t)htons(p);
*b7579f77SDag-Erling Smørgrav		if(len != (int)sizeof(sa->sin_addr)) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("skipped badly formatted A\n");
*b7579f77SDag-Erling Smørgrav			free(ip);
*b7579f77SDag-Erling Smørgrav			return NULL;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		memmove(&sa->sin_addr, data, sizeof(sa->sin_addr));
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	} else if(tp == LDNS_RR_TYPE_AAAA) {
*b7579f77SDag-Erling Smørgrav		struct sockaddr_in6* sa = (struct sockaddr_in6*)&ip->addr;
*b7579f77SDag-Erling Smørgrav		ip->len = (socklen_t)sizeof(*sa);
*b7579f77SDag-Erling Smørgrav		sa->sin6_family = AF_INET6;
*b7579f77SDag-Erling Smørgrav		sa->sin6_port = (in_port_t)htons(p);
*b7579f77SDag-Erling Smørgrav		if(len != (int)sizeof(sa->sin6_addr)) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("skipped badly formatted AAAA\n");
*b7579f77SDag-Erling Smørgrav			free(ip);
*b7579f77SDag-Erling Smørgrav			return NULL;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		memmove(&sa->sin6_addr, data, sizeof(sa->sin6_addr));
*b7579f77SDag-Erling Smørgrav	} else {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("internal error: bad type in RRtoip\n");
*b7579f77SDag-Erling Smørgrav		free(ip);
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	verb_addr("resolved server address", ip);
*b7579f77SDag-Erling Smørgrav	return ip;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** Resolve name, type, class and add addresses to iplist */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravresolve_host_ip(struct ub_ctx* ctx, char* host, int port, int tp, int cl,
*b7579f77SDag-Erling Smørgrav	struct ip_list** head)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct ub_result* res = NULL;
*b7579f77SDag-Erling Smørgrav	int r;
*b7579f77SDag-Erling Smørgrav	int i;
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	r = ub_resolve(ctx, host, tp, cl, &res);
*b7579f77SDag-Erling Smørgrav	if(r) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("error: resolve %s %s: %s\n", host,
*b7579f77SDag-Erling Smørgrav			(tp==LDNS_RR_TYPE_A)?"A":"AAAA", ub_strerror(r));
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(!res) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		ub_ctx_delete(ctx);
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	for(i = 0; res->data[i]; i++) {
*b7579f77SDag-Erling Smørgrav		struct ip_list* ip = RR_to_ip(tp, res->data[i], res->len[i],
*b7579f77SDag-Erling Smørgrav			port);
*b7579f77SDag-Erling Smørgrav		if(!ip) continue;
*b7579f77SDag-Erling Smørgrav		ip->next = *head;
*b7579f77SDag-Erling Smørgrav		*head = ip;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	ub_resolve_free(res);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** parse a text IP address into a sockaddr */
*b7579f77SDag-Erling Smørgravstatic struct ip_list*
*b7579f77SDag-Erling Smørgravparse_ip_addr(char* str, int port)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	socklen_t len = 0;
*b7579f77SDag-Erling Smørgrav	struct sockaddr_storage* addr = NULL;
*b7579f77SDag-Erling Smørgrav	struct sockaddr_in6 a6;
*b7579f77SDag-Erling Smørgrav	struct sockaddr_in a;
*b7579f77SDag-Erling Smørgrav	struct ip_list* ip;
*b7579f77SDag-Erling Smørgrav	uint16_t p = (uint16_t)port;
*b7579f77SDag-Erling Smørgrav	memset(&a6, 0, sizeof(a6));
*b7579f77SDag-Erling Smørgrav	memset(&a, 0, sizeof(a));
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	if(inet_pton(AF_INET6, str, &a6.sin6_addr) > 0) {
*b7579f77SDag-Erling Smørgrav		/* it is an IPv6 */
*b7579f77SDag-Erling Smørgrav		a6.sin6_family = AF_INET6;
*b7579f77SDag-Erling Smørgrav		a6.sin6_port = (in_port_t)htons(p);
*b7579f77SDag-Erling Smørgrav		addr = (struct sockaddr_storage*)&a6;
*b7579f77SDag-Erling Smørgrav		len = (socklen_t)sizeof(struct sockaddr_in6);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(inet_pton(AF_INET, str, &a.sin_addr) > 0) {
*b7579f77SDag-Erling Smørgrav		/* it is an IPv4 */
*b7579f77SDag-Erling Smørgrav		a.sin_family = AF_INET;
*b7579f77SDag-Erling Smørgrav		a.sin_port = (in_port_t)htons(p);
*b7579f77SDag-Erling Smørgrav		addr = (struct sockaddr_storage*)&a;
*b7579f77SDag-Erling Smørgrav		len = (socklen_t)sizeof(struct sockaddr_in);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(!len) return NULL;
*b7579f77SDag-Erling Smørgrav	ip = (struct ip_list*)calloc(1, sizeof(*ip));
*b7579f77SDag-Erling Smørgrav	if(!ip) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	ip->len = len;
*b7579f77SDag-Erling Smørgrav	memmove(&ip->addr, addr, len);
*b7579f77SDag-Erling Smørgrav	if(verb) printf("server address is %s\n", str);
*b7579f77SDag-Erling Smørgrav	return ip;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * Resolve a domain name (even though the resolver is down and there is
*b7579f77SDag-Erling Smørgrav * no trust anchor).  Without DNSSEC validation.
*b7579f77SDag-Erling Smørgrav * @param host: the name to resolve.
*b7579f77SDag-Erling Smørgrav * 	If this name is an IP4 or IP6 address this address is returned.
*b7579f77SDag-Erling Smørgrav * @param port: the port number used for the returned IP structs.
*b7579f77SDag-Erling Smørgrav * @param res_conf: resolv.conf (if any).
*b7579f77SDag-Erling Smørgrav * @param root_hints: root hints (if any).
*b7579f77SDag-Erling Smørgrav * @param debugconf: unbound.conf for debugging options.
*b7579f77SDag-Erling Smørgrav * @param ip4only: use only ip4 for resolve and only lookup A
*b7579f77SDag-Erling Smørgrav * @param ip6only: use only ip6 for resolve and only lookup AAAA
*b7579f77SDag-Erling Smørgrav * 	default is to lookup A and AAAA using ip4 and ip6.
*b7579f77SDag-Erling Smørgrav * @return list of IP addresses.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic struct ip_list*
*b7579f77SDag-Erling Smørgravresolve_name(char* host, int port, char* res_conf, char* root_hints,
*b7579f77SDag-Erling Smørgrav	char* debugconf, int ip4only, int ip6only)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct ub_ctx* ctx;
*b7579f77SDag-Erling Smørgrav	struct ip_list* list = NULL;
*b7579f77SDag-Erling Smørgrav	/* first see if name is an IP address itself */
*b7579f77SDag-Erling Smørgrav	if( (list=parse_ip_addr(host, port)) ) {
*b7579f77SDag-Erling Smørgrav		return list;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* create resolver context */
*b7579f77SDag-Erling Smørgrav	ctx = create_unbound_context(res_conf, root_hints, debugconf,
*b7579f77SDag-Erling Smørgrav        	ip4only, ip6only);
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* try resolution of A */
*b7579f77SDag-Erling Smørgrav	if(!ip6only) {
*b7579f77SDag-Erling Smørgrav		resolve_host_ip(ctx, host, port, LDNS_RR_TYPE_A,
*b7579f77SDag-Erling Smørgrav			LDNS_RR_CLASS_IN, &list);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* try resolution of AAAA */
*b7579f77SDag-Erling Smørgrav	if(!ip4only) {
*b7579f77SDag-Erling Smørgrav		resolve_host_ip(ctx, host, port, LDNS_RR_TYPE_AAAA,
*b7579f77SDag-Erling Smørgrav			LDNS_RR_CLASS_IN, &list);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	ub_ctx_delete(ctx);
*b7579f77SDag-Erling Smørgrav	if(!list) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("%s has no IP addresses I can use\n", host);
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return list;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** clear used flags */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravwipe_ip_usage(struct ip_list* p)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	while(p) {
*b7579f77SDag-Erling Smørgrav		p->used = 0;
*b7579f77SDag-Erling Smørgrav		p = p->next;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** cound unused IPs */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravcount_unused(struct ip_list* p)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int num = 0;
*b7579f77SDag-Erling Smørgrav	while(p) {
*b7579f77SDag-Erling Smørgrav		if(!p->used) num++;
*b7579f77SDag-Erling Smørgrav		p = p->next;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return num;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** pick random unused element from IP list */
*b7579f77SDag-Erling Smørgravstatic struct ip_list*
*b7579f77SDag-Erling Smørgravpick_random_ip(struct ip_list* list)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct ip_list* p = list;
*b7579f77SDag-Erling Smørgrav	int num = count_unused(list);
*b7579f77SDag-Erling Smørgrav	int sel;
*b7579f77SDag-Erling Smørgrav	if(num == 0) return NULL;
*b7579f77SDag-Erling Smørgrav	/* not perfect, but random enough */
*b7579f77SDag-Erling Smørgrav	sel = (int)ldns_get_random() % num;
*b7579f77SDag-Erling Smørgrav	/* skip over unused elements that we did not select */
*b7579f77SDag-Erling Smørgrav	while(sel > 0 && p) {
*b7579f77SDag-Erling Smørgrav		if(!p->used) sel--;
*b7579f77SDag-Erling Smørgrav		p = p->next;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	/* find the next unused element */
*b7579f77SDag-Erling Smørgrav	while(p && p->used)
*b7579f77SDag-Erling Smørgrav		p = p->next;
*b7579f77SDag-Erling Smørgrav	if(!p) return NULL; /* robustness */
*b7579f77SDag-Erling Smørgrav	return p;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** close the fd */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravfd_close(int fd)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav#ifndef USE_WINSOCK
*b7579f77SDag-Erling Smørgrav	close(fd);
*b7579f77SDag-Erling Smørgrav#else
*b7579f77SDag-Erling Smørgrav	closesocket(fd);
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** printout socket errno */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravprint_sock_err(const char* msg)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav#ifndef USE_WINSOCK
*b7579f77SDag-Erling Smørgrav	if(verb) printf("%s: %s\n", msg, strerror(errno));
*b7579f77SDag-Erling Smørgrav#else
*b7579f77SDag-Erling Smørgrav	if(verb) printf("%s: %s\n", msg, wsa_strerror(WSAGetLastError()));
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** connect to IP address */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravconnect_to_ip(struct ip_list* ip)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int fd;
*b7579f77SDag-Erling Smørgrav	verb_addr("connect to", ip);
*b7579f77SDag-Erling Smørgrav	fd = socket(ip->len==(socklen_t)sizeof(struct sockaddr_in)?
*b7579f77SDag-Erling Smørgrav		AF_INET:AF_INET6, SOCK_STREAM, 0);
*b7579f77SDag-Erling Smørgrav	if(fd == -1) {
*b7579f77SDag-Erling Smørgrav		print_sock_err("socket");
*b7579f77SDag-Erling Smørgrav		return -1;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(connect(fd, (struct sockaddr*)&ip->addr, ip->len) < 0) {
*b7579f77SDag-Erling Smørgrav		print_sock_err("connect");
*b7579f77SDag-Erling Smørgrav		fd_close(fd);
*b7579f77SDag-Erling Smørgrav		return -1;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return fd;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** create SSL context */
*b7579f77SDag-Erling Smørgravstatic SSL_CTX*
*b7579f77SDag-Erling Smørgravsetup_sslctx(void)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	SSL_CTX* sslctx = SSL_CTX_new(SSLv23_client_method());
*b7579f77SDag-Erling Smørgrav	if(!sslctx) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("SSL_CTX_new error\n");
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return sslctx;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** initiate TLS on a connection */
*b7579f77SDag-Erling Smørgravstatic SSL*
*b7579f77SDag-Erling SmørgravTLS_initiate(SSL_CTX* sslctx, int fd)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	X509* x;
*b7579f77SDag-Erling Smørgrav	int r;
*b7579f77SDag-Erling Smørgrav	SSL* ssl = SSL_new(sslctx);
*b7579f77SDag-Erling Smørgrav	if(!ssl) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("SSL_new error\n");
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	SSL_set_connect_state(ssl);
*b7579f77SDag-Erling Smørgrav	(void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
*b7579f77SDag-Erling Smørgrav	if(!SSL_set_fd(ssl, fd)) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("SSL_set_fd error\n");
*b7579f77SDag-Erling Smørgrav		SSL_free(ssl);
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	while(1) {
*b7579f77SDag-Erling Smørgrav		ERR_clear_error();
*b7579f77SDag-Erling Smørgrav		if( (r=SSL_do_handshake(ssl)) == 1)
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		r = SSL_get_error(ssl, r);
*b7579f77SDag-Erling Smørgrav		if(r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("SSL handshake failed\n");
*b7579f77SDag-Erling Smørgrav			SSL_free(ssl);
*b7579f77SDag-Erling Smørgrav			return NULL;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		/* wants to be called again */
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	x = SSL_get_peer_certificate(ssl);
*b7579f77SDag-Erling Smørgrav	if(!x) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("Server presented no peer certificate\n");
*b7579f77SDag-Erling Smørgrav		SSL_free(ssl);
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	verb_cert("server SSL certificate", x);
*b7579f77SDag-Erling Smørgrav	X509_free(x);
*b7579f77SDag-Erling Smørgrav	return ssl;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** perform neat TLS shutdown */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling SmørgravTLS_shutdown(int fd, SSL* ssl, SSL_CTX* sslctx)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	/* shutdown the SSL connection nicely */
*b7579f77SDag-Erling Smørgrav	if(SSL_shutdown(ssl) == 0) {
*b7579f77SDag-Erling Smørgrav		SSL_shutdown(ssl);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	SSL_free(ssl);
*b7579f77SDag-Erling Smørgrav	SSL_CTX_free(sslctx);
*b7579f77SDag-Erling Smørgrav	fd_close(fd);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** write a line over SSL */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravwrite_ssl_line(SSL* ssl, char* str, char* sec)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	char buf[1024];
*b7579f77SDag-Erling Smørgrav	size_t l;
*b7579f77SDag-Erling Smørgrav	if(sec) {
*b7579f77SDag-Erling Smørgrav		snprintf(buf, sizeof(buf), str, sec);
*b7579f77SDag-Erling Smørgrav	} else {
*b7579f77SDag-Erling Smørgrav		snprintf(buf, sizeof(buf), "%s", str);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	l = strlen(buf);
*b7579f77SDag-Erling Smørgrav	if(l+2 >= sizeof(buf)) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("line too long\n");
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(verb >= 2) printf("SSL_write: %s\n", buf);
*b7579f77SDag-Erling Smørgrav	buf[l] = '\r';
*b7579f77SDag-Erling Smørgrav	buf[l+1] = '\n';
*b7579f77SDag-Erling Smørgrav	buf[l+2] = 0;
*b7579f77SDag-Erling Smørgrav	/* add \r\n */
*b7579f77SDag-Erling Smørgrav	if(SSL_write(ssl, buf, (int)strlen(buf)) <= 0) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("could not SSL_write %s", str);
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return 1;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** process header line, check rcode and keeping track of size */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravprocess_one_header(char* buf, size_t* clen, int* chunked)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	if(verb>=2) printf("header: '%s'\n", buf);
*b7579f77SDag-Erling Smørgrav	if(strncasecmp(buf, "HTTP/1.1 ", 9) == 0) {
*b7579f77SDag-Erling Smørgrav		/* check returncode */
*b7579f77SDag-Erling Smørgrav		if(buf[9] != '2') {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("bad status %s\n", buf+9);
*b7579f77SDag-Erling Smørgrav			return 0;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	} else if(strncasecmp(buf, "Content-Length: ", 16) == 0) {
*b7579f77SDag-Erling Smørgrav		if(!*chunked)
*b7579f77SDag-Erling Smørgrav			*clen = (size_t)atoi(buf+16);
*b7579f77SDag-Erling Smørgrav	} else if(strncasecmp(buf, "Transfer-Encoding: chunked", 19+7) == 0) {
*b7579f77SDag-Erling Smørgrav		*clen = 0;
*b7579f77SDag-Erling Smørgrav		*chunked = 1;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return 1;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * Read one line from SSL
*b7579f77SDag-Erling Smørgrav * zero terminates.
*b7579f77SDag-Erling Smørgrav * skips "\r\n" (but not copied to buf).
*b7579f77SDag-Erling Smørgrav * @param ssl: the SSL connection to read from (blocking).
*b7579f77SDag-Erling Smørgrav * @param buf: buffer to return line in.
*b7579f77SDag-Erling Smørgrav * @param len: size of the buffer.
*b7579f77SDag-Erling Smørgrav * @return 0 on error, 1 on success.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravread_ssl_line(SSL* ssl, char* buf, size_t len)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	size_t n = 0;
*b7579f77SDag-Erling Smørgrav	int r;
*b7579f77SDag-Erling Smørgrav	int endnl = 0;
*b7579f77SDag-Erling Smørgrav	while(1) {
*b7579f77SDag-Erling Smørgrav		if(n >= len) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("line too long\n");
*b7579f77SDag-Erling Smørgrav			return 0;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if((r = SSL_read(ssl, buf+n, 1)) <= 0) {
*b7579f77SDag-Erling Smørgrav			if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
*b7579f77SDag-Erling Smørgrav				/* EOF */
*b7579f77SDag-Erling Smørgrav				break;
*b7579f77SDag-Erling Smørgrav			}
*b7579f77SDag-Erling Smørgrav			if(verb) printf("could not SSL_read\n");
*b7579f77SDag-Erling Smørgrav			return 0;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if(endnl && buf[n] == '\n') {
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		} else if(endnl) {
*b7579f77SDag-Erling Smørgrav			/* bad data */
*b7579f77SDag-Erling Smørgrav			if(verb) printf("error: stray linefeeds\n");
*b7579f77SDag-Erling Smørgrav			return 0;
*b7579f77SDag-Erling Smørgrav		} else if(buf[n] == '\r') {
*b7579f77SDag-Erling Smørgrav			/* skip \r, and also \n on the wire */
*b7579f77SDag-Erling Smørgrav			endnl = 1;
*b7579f77SDag-Erling Smørgrav			continue;
*b7579f77SDag-Erling Smørgrav		} else if(buf[n] == '\n') {
*b7579f77SDag-Erling Smørgrav			/* skip the \n, we are done */
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		} else n++;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	buf[n] = 0;
*b7579f77SDag-Erling Smørgrav	return 1;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** read http headers and process them */
*b7579f77SDag-Erling Smørgravstatic size_t
*b7579f77SDag-Erling Smørgravread_http_headers(SSL* ssl, size_t* clen)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	char buf[1024];
*b7579f77SDag-Erling Smørgrav	int chunked = 0;
*b7579f77SDag-Erling Smørgrav	*clen = 0;
*b7579f77SDag-Erling Smørgrav	while(read_ssl_line(ssl, buf, sizeof(buf))) {
*b7579f77SDag-Erling Smørgrav		if(buf[0] == 0)
*b7579f77SDag-Erling Smørgrav			return 1;
*b7579f77SDag-Erling Smørgrav		if(!process_one_header(buf, clen, &chunked))
*b7579f77SDag-Erling Smørgrav			return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return 0;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** read a data chunk */
*b7579f77SDag-Erling Smørgravstatic char*
*b7579f77SDag-Erling Smørgravread_data_chunk(SSL* ssl, size_t len)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	size_t got = 0;
*b7579f77SDag-Erling Smørgrav	int r;
*b7579f77SDag-Erling Smørgrav	char* data = malloc(len+1);
*b7579f77SDag-Erling Smørgrav	if(!data) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	while(got < len) {
*b7579f77SDag-Erling Smørgrav		if((r = SSL_read(ssl, data+got, (int)(len-got))) <= 0) {
*b7579f77SDag-Erling Smørgrav			if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
*b7579f77SDag-Erling Smørgrav				/* EOF */
*b7579f77SDag-Erling Smørgrav				if(verb) printf("could not SSL_read: unexpected EOF\n");
*b7579f77SDag-Erling Smørgrav				free(data);
*b7579f77SDag-Erling Smørgrav				return NULL;
*b7579f77SDag-Erling Smørgrav			}
*b7579f77SDag-Erling Smørgrav			if(verb) printf("could not SSL_read\n");
*b7579f77SDag-Erling Smørgrav			free(data);
*b7579f77SDag-Erling Smørgrav			return NULL;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if(verb >= 2) printf("at %d/%d\n", (int)got, (int)len);
*b7579f77SDag-Erling Smørgrav		got += r;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(verb>=2) printf("read %d data\n", (int)len);
*b7579f77SDag-Erling Smørgrav	data[len] = 0;
*b7579f77SDag-Erling Smørgrav	return data;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** parse chunk header */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravparse_chunk_header(char* buf, size_t* result)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	char* e = NULL;
*b7579f77SDag-Erling Smørgrav	size_t v = (size_t)strtol(buf, &e, 16);
*b7579f77SDag-Erling Smørgrav	if(e == buf)
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	*result = v;
*b7579f77SDag-Erling Smørgrav	return 1;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** read chunked data from connection */
*b7579f77SDag-Erling Smørgravstatic BIO*
*b7579f77SDag-Erling Smørgravdo_chunked_read(SSL* ssl)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	char buf[1024];
*b7579f77SDag-Erling Smørgrav	size_t len;
*b7579f77SDag-Erling Smørgrav	char* body;
*b7579f77SDag-Erling Smørgrav	BIO* mem = BIO_new(BIO_s_mem());
*b7579f77SDag-Erling Smørgrav	if(verb>=3) printf("do_chunked_read\n");
*b7579f77SDag-Erling Smørgrav	if(!mem) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	while(read_ssl_line(ssl, buf, sizeof(buf))) {
*b7579f77SDag-Erling Smørgrav		/* read the chunked start line */
*b7579f77SDag-Erling Smørgrav		if(verb>=2) printf("chunk header: %s\n", buf);
*b7579f77SDag-Erling Smørgrav		if(!parse_chunk_header(buf, &len)) {
*b7579f77SDag-Erling Smørgrav			BIO_free(mem);
*b7579f77SDag-Erling Smørgrav			if(verb>=3) printf("could not parse chunk header\n");
*b7579f77SDag-Erling Smørgrav			return NULL;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if(verb>=2) printf("chunk len: %d\n", (int)len);
*b7579f77SDag-Erling Smørgrav		/* are we done? */
*b7579f77SDag-Erling Smørgrav		if(len == 0) {
*b7579f77SDag-Erling Smørgrav			char z = 0;
*b7579f77SDag-Erling Smørgrav			/* skip end-of-chunk-trailer lines,
*b7579f77SDag-Erling Smørgrav			 * until the empty line after that */
*b7579f77SDag-Erling Smørgrav			do {
*b7579f77SDag-Erling Smørgrav				if(!read_ssl_line(ssl, buf, sizeof(buf))) {
*b7579f77SDag-Erling Smørgrav					BIO_free(mem);
*b7579f77SDag-Erling Smørgrav					return NULL;
*b7579f77SDag-Erling Smørgrav				}
*b7579f77SDag-Erling Smørgrav			} while (strlen(buf) > 0);
*b7579f77SDag-Erling Smørgrav			/* end of chunks, zero terminate it */
*b7579f77SDag-Erling Smørgrav			if(BIO_write(mem, &z, 1) <= 0) {
*b7579f77SDag-Erling Smørgrav				if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav				BIO_free(mem);
*b7579f77SDag-Erling Smørgrav				return NULL;
*b7579f77SDag-Erling Smørgrav			}
*b7579f77SDag-Erling Smørgrav			return mem;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		/* read the chunked body */
*b7579f77SDag-Erling Smørgrav		body = read_data_chunk(ssl, len);
*b7579f77SDag-Erling Smørgrav		if(!body) {
*b7579f77SDag-Erling Smørgrav			BIO_free(mem);
*b7579f77SDag-Erling Smørgrav			return NULL;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if(BIO_write(mem, body, (int)len) <= 0) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav			free(body);
*b7579f77SDag-Erling Smørgrav			BIO_free(mem);
*b7579f77SDag-Erling Smørgrav			return NULL;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		free(body);
*b7579f77SDag-Erling Smørgrav		/* skip empty line after data chunk */
*b7579f77SDag-Erling Smørgrav		if(!read_ssl_line(ssl, buf, sizeof(buf))) {
*b7579f77SDag-Erling Smørgrav			BIO_free(mem);
*b7579f77SDag-Erling Smørgrav			return NULL;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	BIO_free(mem);
*b7579f77SDag-Erling Smørgrav	return NULL;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** start HTTP1.1 transaction on SSL */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravwrite_http_get(SSL* ssl, char* pathname, char* urlname)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	if(write_ssl_line(ssl, "GET /%s HTTP/1.1", pathname) &&
*b7579f77SDag-Erling Smørgrav	   write_ssl_line(ssl, "Host: %s", urlname) &&
*b7579f77SDag-Erling Smørgrav	   write_ssl_line(ssl, "User-Agent: unbound-anchor/%s",
*b7579f77SDag-Erling Smørgrav	   	PACKAGE_VERSION) &&
*b7579f77SDag-Erling Smørgrav	   /* We do not really do multiple queries per connection,
*b7579f77SDag-Erling Smørgrav	    * but this header setting is also not needed.
*b7579f77SDag-Erling Smørgrav	    * write_ssl_line(ssl, "Connection: close", NULL) &&*/
*b7579f77SDag-Erling Smørgrav	   write_ssl_line(ssl, "", NULL)) {
*b7579f77SDag-Erling Smørgrav		return 1;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return 0;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** read chunked data and zero terminate; len is without zero */
*b7579f77SDag-Erling Smørgravstatic char*
*b7579f77SDag-Erling Smørgravread_chunked_zero_terminate(SSL* ssl, size_t* len)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	/* do the chunked version */
*b7579f77SDag-Erling Smørgrav	BIO* tmp = do_chunked_read(ssl);
*b7579f77SDag-Erling Smørgrav	char* data, *d = NULL;
*b7579f77SDag-Erling Smørgrav	size_t l;
*b7579f77SDag-Erling Smørgrav	if(!tmp) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("could not read from https\n");
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	l = (size_t)BIO_get_mem_data(tmp, &d);
*b7579f77SDag-Erling Smørgrav	if(verb>=2) printf("chunked data is %d\n", (int)l);
*b7579f77SDag-Erling Smørgrav	if(l == 0 || d == NULL) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	*len = l-1;
*b7579f77SDag-Erling Smørgrav	data = (char*)malloc(l);
*b7579f77SDag-Erling Smørgrav	if(data == NULL) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	memcpy(data, d, l);
*b7579f77SDag-Erling Smørgrav	BIO_free(tmp);
*b7579f77SDag-Erling Smørgrav	return data;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** read HTTP result from SSL */
*b7579f77SDag-Erling Smørgravstatic BIO*
*b7579f77SDag-Erling Smørgravread_http_result(SSL* ssl)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	size_t len = 0;
*b7579f77SDag-Erling Smørgrav	char* data;
*b7579f77SDag-Erling Smørgrav	BIO* m;
*b7579f77SDag-Erling Smørgrav	if(!read_http_headers(ssl, &len)) {
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(len == 0) {
*b7579f77SDag-Erling Smørgrav		data = read_chunked_zero_terminate(ssl, &len);
*b7579f77SDag-Erling Smørgrav	} else {
*b7579f77SDag-Erling Smørgrav		data = read_data_chunk(ssl, len);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(!data) return NULL;
*b7579f77SDag-Erling Smørgrav	if(verb >= 4) print_data("read data", data, (int)len);
*b7579f77SDag-Erling Smørgrav	m = BIO_new_mem_buf(data, (int)len);
*b7579f77SDag-Erling Smørgrav	if(!m) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return m;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** https to an IP addr, return BIO with pathname or NULL */
*b7579f77SDag-Erling Smørgravstatic BIO*
*b7579f77SDag-Erling Smørgravhttps_to_ip(struct ip_list* ip, char* pathname, char* urlname)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int fd;
*b7579f77SDag-Erling Smørgrav	SSL* ssl;
*b7579f77SDag-Erling Smørgrav	BIO* bio;
*b7579f77SDag-Erling Smørgrav	SSL_CTX* sslctx = setup_sslctx();
*b7579f77SDag-Erling Smørgrav	if(!sslctx) {
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	fd = connect_to_ip(ip);
*b7579f77SDag-Erling Smørgrav	if(fd == -1) {
*b7579f77SDag-Erling Smørgrav		SSL_CTX_free(sslctx);
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	ssl = TLS_initiate(sslctx, fd);
*b7579f77SDag-Erling Smørgrav	if(!ssl) {
*b7579f77SDag-Erling Smørgrav		SSL_CTX_free(sslctx);
*b7579f77SDag-Erling Smørgrav		fd_close(fd);
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(!write_http_get(ssl, pathname, urlname)) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("could not write to server\n");
*b7579f77SDag-Erling Smørgrav		SSL_free(ssl);
*b7579f77SDag-Erling Smørgrav		SSL_CTX_free(sslctx);
*b7579f77SDag-Erling Smørgrav		fd_close(fd);
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	bio = read_http_result(ssl);
*b7579f77SDag-Erling Smørgrav	TLS_shutdown(fd, ssl, sslctx);
*b7579f77SDag-Erling Smørgrav	return bio;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * Do a HTTPS, HTTP1.1 over TLS, to fetch a file
*b7579f77SDag-Erling Smørgrav * @param ip_list: list of IP addresses to use to fetch from.
*b7579f77SDag-Erling Smørgrav * @param pathname: pathname of file on server to GET.
*b7579f77SDag-Erling Smørgrav * @param urlname: name to pass as the virtual host for this request.
*b7579f77SDag-Erling Smørgrav * @return a memory BIO with the file in it.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic BIO*
*b7579f77SDag-Erling Smørgravhttps(struct ip_list* ip_list, char* pathname, char* urlname)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct ip_list* ip;
*b7579f77SDag-Erling Smørgrav	BIO* bio = NULL;
*b7579f77SDag-Erling Smørgrav	/* try random address first, and work through the list */
*b7579f77SDag-Erling Smørgrav	wipe_ip_usage(ip_list);
*b7579f77SDag-Erling Smørgrav	while( (ip = pick_random_ip(ip_list)) ) {
*b7579f77SDag-Erling Smørgrav		ip->used = 1;
*b7579f77SDag-Erling Smørgrav		bio = https_to_ip(ip, pathname, urlname);
*b7579f77SDag-Erling Smørgrav		if(bio) break;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(!bio) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("could not fetch %s\n", pathname);
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	} else {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("fetched %s (%d bytes)\n",
*b7579f77SDag-Erling Smørgrav			pathname, (int)BIO_ctrl_pending(bio));
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return bio;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** free up a downloaded file BIO */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravfree_file_bio(BIO* bio)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	char* pp = NULL;
*b7579f77SDag-Erling Smørgrav	(void)BIO_reset(bio);
*b7579f77SDag-Erling Smørgrav	(void)BIO_get_mem_data(bio, &pp);
*b7579f77SDag-Erling Smørgrav	free(pp);
*b7579f77SDag-Erling Smørgrav	BIO_free(bio);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** XML parse private data during the parse */
*b7579f77SDag-Erling Smørgravstruct xml_data {
*b7579f77SDag-Erling Smørgrav	/** the parser, reference */
*b7579f77SDag-Erling Smørgrav	XML_Parser parser;
*b7579f77SDag-Erling Smørgrav	/** the current tag; malloced; or NULL outside of tags */
*b7579f77SDag-Erling Smørgrav	char* tag;
*b7579f77SDag-Erling Smørgrav	/** current date to use during the parse */
*b7579f77SDag-Erling Smørgrav	time_t date;
*b7579f77SDag-Erling Smørgrav	/** number of keys usefully read in */
*b7579f77SDag-Erling Smørgrav	int num_keys;
*b7579f77SDag-Erling Smørgrav	/** the compiled anchors as DS records */
*b7579f77SDag-Erling Smørgrav	BIO* ds;
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/** do we want to use this anchor? */
*b7579f77SDag-Erling Smørgrav	int use_key;
*b7579f77SDag-Erling Smørgrav	/** the current anchor: Zone */
*b7579f77SDag-Erling Smørgrav	BIO* czone;
*b7579f77SDag-Erling Smørgrav	/** the current anchor: KeyTag */
*b7579f77SDag-Erling Smørgrav	BIO* ctag;
*b7579f77SDag-Erling Smørgrav	/** the current anchor: Algorithm */
*b7579f77SDag-Erling Smørgrav	BIO* calgo;
*b7579f77SDag-Erling Smørgrav	/** the current anchor: DigestType */
*b7579f77SDag-Erling Smørgrav	BIO* cdigtype;
*b7579f77SDag-Erling Smørgrav	/** the current anchor: Digest*/
*b7579f77SDag-Erling Smørgrav	BIO* cdigest;
*b7579f77SDag-Erling Smørgrav};
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** The BIO for the tag */
*b7579f77SDag-Erling Smørgravstatic BIO*
*b7579f77SDag-Erling Smørgravxml_selectbio(struct xml_data* data, const char* tag)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	BIO* b = NULL;
*b7579f77SDag-Erling Smørgrav	if(strcasecmp(tag, "KeyTag") == 0)
*b7579f77SDag-Erling Smørgrav		b = data->ctag;
*b7579f77SDag-Erling Smørgrav	else if(strcasecmp(tag, "Algorithm") == 0)
*b7579f77SDag-Erling Smørgrav		b = data->calgo;
*b7579f77SDag-Erling Smørgrav	else if(strcasecmp(tag, "DigestType") == 0)
*b7579f77SDag-Erling Smørgrav		b = data->cdigtype;
*b7579f77SDag-Erling Smørgrav	else if(strcasecmp(tag, "Digest") == 0)
*b7579f77SDag-Erling Smørgrav		b = data->cdigest;
*b7579f77SDag-Erling Smørgrav	return b;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * XML handle character data, the data inside an element.
*b7579f77SDag-Erling Smørgrav * @param userData: xml_data structure
*b7579f77SDag-Erling Smørgrav * @param s: the character data.  May not all be in one callback.
*b7579f77SDag-Erling Smørgrav * 	NOT zero terminated.
*b7579f77SDag-Erling Smørgrav * @param len: length of this part of the data.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravvoid
*b7579f77SDag-Erling Smørgravxml_charhandle(void *userData, const XML_Char *s, int len)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct xml_data* data = (struct xml_data*)userData;
*b7579f77SDag-Erling Smørgrav	BIO* b = NULL;
*b7579f77SDag-Erling Smørgrav	/* skip characters outside of elements */
*b7579f77SDag-Erling Smørgrav	if(!data->tag)
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	if(verb>=4) {
*b7579f77SDag-Erling Smørgrav		int i;
*b7579f77SDag-Erling Smørgrav		printf("%s%s charhandle: '",
*b7579f77SDag-Erling Smørgrav			data->use_key?"use ":"",
*b7579f77SDag-Erling Smørgrav			data->tag?data->tag:"none");
*b7579f77SDag-Erling Smørgrav		for(i=0; i<len; i++)
*b7579f77SDag-Erling Smørgrav			printf("%c", s[i]);
*b7579f77SDag-Erling Smørgrav		printf("'\n");
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(strcasecmp(data->tag, "Zone") == 0) {
*b7579f77SDag-Erling Smørgrav		if(BIO_write(data->czone, s, len) <= 0) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("out of memory in BIO_write\n");
*b7579f77SDag-Erling Smørgrav			exit(0);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	/* only store if key is used */
*b7579f77SDag-Erling Smørgrav	if(!data->use_key)
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	b = xml_selectbio(data, data->tag);
*b7579f77SDag-Erling Smørgrav	if(b) {
*b7579f77SDag-Erling Smørgrav		if(BIO_write(b, s, len) <= 0) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("out of memory in BIO_write\n");
*b7579f77SDag-Erling Smørgrav			exit(0);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * XML fetch value of particular attribute(by name) or NULL if not present.
*b7579f77SDag-Erling Smørgrav * @param atts: attribute array (from xml_startelem).
*b7579f77SDag-Erling Smørgrav * @param name: name of attribute to look for.
*b7579f77SDag-Erling Smørgrav * @return the value or NULL. (ptr into atts).
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic const XML_Char*
*b7579f77SDag-Erling Smørgravfind_att(const XML_Char **atts, XML_Char* name)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int i;
*b7579f77SDag-Erling Smørgrav	for(i=0; atts[i]; i+=2) {
*b7579f77SDag-Erling Smørgrav		if(strcasecmp(atts[i], name) == 0)
*b7579f77SDag-Erling Smørgrav			return atts[i+1];
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return NULL;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * XML convert DateTime element to time_t.
*b7579f77SDag-Erling Smørgrav * [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]
*b7579f77SDag-Erling Smørgrav * (with optional .ssssss fractional seconds)
*b7579f77SDag-Erling Smørgrav * @param str: the string
*b7579f77SDag-Erling Smørgrav * @return a time_t representation or 0 on failure.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic time_t
*b7579f77SDag-Erling Smørgravxml_convertdate(const char* str)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	time_t t = 0;
*b7579f77SDag-Erling Smørgrav	struct tm tm;
*b7579f77SDag-Erling Smørgrav	const char* s;
*b7579f77SDag-Erling Smørgrav	/* for this application, ignore minus in front;
*b7579f77SDag-Erling Smørgrav	 * only positive dates are expected */
*b7579f77SDag-Erling Smørgrav	s = str;
*b7579f77SDag-Erling Smørgrav	if(s[0] == '-') s++;
*b7579f77SDag-Erling Smørgrav	memset(&tm, 0, sizeof(tm));
*b7579f77SDag-Erling Smørgrav	/* parse initial content of the string (lots of whitespace allowed) */
*b7579f77SDag-Erling Smørgrav	s = strptime(s, "%t%Y%t-%t%m%t-%t%d%tT%t%H%t:%t%M%t:%t%S%t", &tm);
*b7579f77SDag-Erling Smørgrav	if(!s) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("xml_convertdate parse failure %s\n", str);
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	/* parse remainder of date string */
*b7579f77SDag-Erling Smørgrav	if(*s == '.') {
*b7579f77SDag-Erling Smørgrav		/* optional '.' and fractional seconds */
*b7579f77SDag-Erling Smørgrav		int frac = 0, n = 0;
*b7579f77SDag-Erling Smørgrav		if(sscanf(s+1, "%d%n", &frac, &n) < 1) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("xml_convertdate f failure %s\n", str);
*b7579f77SDag-Erling Smørgrav			return 0;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		/* fraction is not used, time_t has second accuracy */
*b7579f77SDag-Erling Smørgrav		s++;
*b7579f77SDag-Erling Smørgrav		s+=n;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(*s == 'Z' || *s == 'z') {
*b7579f77SDag-Erling Smørgrav		/* nothing to do for this */
*b7579f77SDag-Erling Smørgrav		s++;
*b7579f77SDag-Erling Smørgrav	} else if(*s == '+' || *s == '-') {
*b7579f77SDag-Erling Smørgrav		/* optional timezone spec: Z or +hh:mm or -hh:mm */
*b7579f77SDag-Erling Smørgrav		int hr = 0, mn = 0, n = 0;
*b7579f77SDag-Erling Smørgrav		if(sscanf(s+1, "%d:%d%n", &hr, &mn, &n) < 2) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("xml_convertdate tz failure %s\n", str);
*b7579f77SDag-Erling Smørgrav			return 0;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if(*s == '+') {
*b7579f77SDag-Erling Smørgrav			tm.tm_hour += hr;
*b7579f77SDag-Erling Smørgrav			tm.tm_min += mn;
*b7579f77SDag-Erling Smørgrav		} else {
*b7579f77SDag-Erling Smørgrav			tm.tm_hour -= hr;
*b7579f77SDag-Erling Smørgrav			tm.tm_min -= mn;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		s++;
*b7579f77SDag-Erling Smørgrav		s += n;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(*s != 0) {
*b7579f77SDag-Erling Smørgrav		/* not ended properly */
*b7579f77SDag-Erling Smørgrav		/* but ignore, (lenient) */
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	t = mktime(&tm);
*b7579f77SDag-Erling Smørgrav	if(t == (time_t)-1) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("xml_convertdate mktime failure\n");
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return t;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * XML handle the KeyDigest start tag, check validity periods.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravhandle_keydigest(struct xml_data* data, const XML_Char **atts)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	data->use_key = 0;
*b7579f77SDag-Erling Smørgrav	if(find_att(atts, "validFrom")) {
*b7579f77SDag-Erling Smørgrav		time_t from = xml_convertdate(find_att(atts, "validFrom"));
*b7579f77SDag-Erling Smørgrav		if(from == 0) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("error: xml cannot be parsed\n");
*b7579f77SDag-Erling Smørgrav			exit(0);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if(data->date < from)
*b7579f77SDag-Erling Smørgrav			return;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(find_att(atts, "validUntil")) {
*b7579f77SDag-Erling Smørgrav		time_t until = xml_convertdate(find_att(atts, "validUntil"));
*b7579f77SDag-Erling Smørgrav		if(until == 0) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("error: xml cannot be parsed\n");
*b7579f77SDag-Erling Smørgrav			exit(0);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if(data->date > until)
*b7579f77SDag-Erling Smørgrav			return;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	/* yes we want to use this key */
*b7579f77SDag-Erling Smørgrav	data->use_key = 1;
*b7579f77SDag-Erling Smørgrav	(void)BIO_reset(data->ctag);
*b7579f77SDag-Erling Smørgrav	(void)BIO_reset(data->calgo);
*b7579f77SDag-Erling Smørgrav	(void)BIO_reset(data->cdigtype);
*b7579f77SDag-Erling Smørgrav	(void)BIO_reset(data->cdigest);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** See if XML element equals the zone name */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravxml_is_zone_name(BIO* zone, char* name)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	char buf[1024];
*b7579f77SDag-Erling Smørgrav	char* z = NULL;
*b7579f77SDag-Erling Smørgrav	long zlen;
*b7579f77SDag-Erling Smørgrav	(void)BIO_seek(zone, 0);
*b7579f77SDag-Erling Smørgrav	zlen = BIO_get_mem_data(zone, &z);
*b7579f77SDag-Erling Smørgrav	if(!zlen || !z) return 0;
*b7579f77SDag-Erling Smørgrav	/* zero terminate */
*b7579f77SDag-Erling Smørgrav	if(zlen >= (long)sizeof(buf)) return 0;
*b7579f77SDag-Erling Smørgrav	memmove(buf, z, (size_t)zlen);
*b7579f77SDag-Erling Smørgrav	buf[zlen] = 0;
*b7579f77SDag-Erling Smørgrav	/* compare */
*b7579f77SDag-Erling Smørgrav	return (strncasecmp(buf, name, strlen(name)) == 0);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * XML start of element. This callback is called whenever an XML tag starts.
*b7579f77SDag-Erling Smørgrav * XML_Char is UTF8.
*b7579f77SDag-Erling Smørgrav * @param userData: the xml_data structure.
*b7579f77SDag-Erling Smørgrav * @param name: the tag that starts.
*b7579f77SDag-Erling Smørgrav * @param atts: array of strings, pairs of attr = value, ends with NULL.
*b7579f77SDag-Erling Smørgrav * 	i.e. att[0]="att[1]" att[2]="att[3]" att[4]isNull
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravxml_startelem(void *userData, const XML_Char *name, const XML_Char **atts)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct xml_data* data = (struct xml_data*)userData;
*b7579f77SDag-Erling Smørgrav	BIO* b;
*b7579f77SDag-Erling Smørgrav	if(verb>=4) printf("xml tag start '%s'\n", name);
*b7579f77SDag-Erling Smørgrav	free(data->tag);
*b7579f77SDag-Erling Smørgrav	data->tag = strdup(name);
*b7579f77SDag-Erling Smørgrav	if(!data->tag) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(verb>=4) {
*b7579f77SDag-Erling Smørgrav		int i;
*b7579f77SDag-Erling Smørgrav		for(i=0; atts[i]; i+=2) {
*b7579f77SDag-Erling Smørgrav			printf("  %s='%s'\n", atts[i], atts[i+1]);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	/* handle attributes to particular types */
*b7579f77SDag-Erling Smørgrav	if(strcasecmp(name, "KeyDigest") == 0) {
*b7579f77SDag-Erling Smørgrav		handle_keydigest(data, atts);
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	} else if(strcasecmp(name, "Zone") == 0) {
*b7579f77SDag-Erling Smørgrav		(void)BIO_reset(data->czone);
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* for other types we prepare to pick up the data */
*b7579f77SDag-Erling Smørgrav	if(!data->use_key)
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	b = xml_selectbio(data, data->tag);
*b7579f77SDag-Erling Smørgrav	if(b) {
*b7579f77SDag-Erling Smørgrav		/* empty it */
*b7579f77SDag-Erling Smørgrav		(void)BIO_reset(b);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** Append str to bio */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravxml_append_str(BIO* b, const char* s)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	if(BIO_write(b, s, (int)strlen(s)) <= 0) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory in BIO_write\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** Append bio to bio */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravxml_append_bio(BIO* b, BIO* a)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	char* z = NULL;
*b7579f77SDag-Erling Smørgrav	long i, len;
*b7579f77SDag-Erling Smørgrav	(void)BIO_seek(a, 0);
*b7579f77SDag-Erling Smørgrav	len = BIO_get_mem_data(a, &z);
*b7579f77SDag-Erling Smørgrav	if(!len || !z) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory in BIO_write\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	/* remove newlines in the data here */
*b7579f77SDag-Erling Smørgrav	for(i=0; i<len; i++) {
*b7579f77SDag-Erling Smørgrav		if(z[i] == '\r' || z[i] == '\n')
*b7579f77SDag-Erling Smørgrav			z[i] = ' ';
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	/* write to BIO */
*b7579f77SDag-Erling Smørgrav	if(BIO_write(b, z, len) <= 0) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory in BIO_write\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** write the parsed xml-DS to the DS list */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravxml_append_ds(struct xml_data* data)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	/* write DS to accumulated DS */
*b7579f77SDag-Erling Smørgrav	xml_append_str(data->ds, ". IN DS ");
*b7579f77SDag-Erling Smørgrav	xml_append_bio(data->ds, data->ctag);
*b7579f77SDag-Erling Smørgrav	xml_append_str(data->ds, " ");
*b7579f77SDag-Erling Smørgrav	xml_append_bio(data->ds, data->calgo);
*b7579f77SDag-Erling Smørgrav	xml_append_str(data->ds, " ");
*b7579f77SDag-Erling Smørgrav	xml_append_bio(data->ds, data->cdigtype);
*b7579f77SDag-Erling Smørgrav	xml_append_str(data->ds, " ");
*b7579f77SDag-Erling Smørgrav	xml_append_bio(data->ds, data->cdigest);
*b7579f77SDag-Erling Smørgrav	xml_append_str(data->ds, "\n");
*b7579f77SDag-Erling Smørgrav	data->num_keys++;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * XML end of element. This callback is called whenever an XML tag ends.
*b7579f77SDag-Erling Smørgrav * XML_Char is UTF8.
*b7579f77SDag-Erling Smørgrav * @param userData: the xml_data structure
*b7579f77SDag-Erling Smørgrav * @param name: the tag that ends.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravxml_endelem(void *userData, const XML_Char *name)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct xml_data* data = (struct xml_data*)userData;
*b7579f77SDag-Erling Smørgrav	if(verb>=4) printf("xml tag end   '%s'\n", name);
*b7579f77SDag-Erling Smørgrav	free(data->tag);
*b7579f77SDag-Erling Smørgrav	data->tag = NULL;
*b7579f77SDag-Erling Smørgrav	if(strcasecmp(name, "KeyDigest") == 0) {
*b7579f77SDag-Erling Smørgrav		if(data->use_key)
*b7579f77SDag-Erling Smørgrav			xml_append_ds(data);
*b7579f77SDag-Erling Smørgrav		data->use_key = 0;
*b7579f77SDag-Erling Smørgrav	} else if(strcasecmp(name, "Zone") == 0) {
*b7579f77SDag-Erling Smørgrav		if(!xml_is_zone_name(data->czone, ".")) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("xml not for the right zone\n");
*b7579f77SDag-Erling Smørgrav			exit(0);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * XML parser setup of the callbacks for the tags
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravxml_parse_setup(XML_Parser parser, struct xml_data* data, time_t now)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	char buf[1024];
*b7579f77SDag-Erling Smørgrav	memset(data, 0, sizeof(*data));
*b7579f77SDag-Erling Smørgrav	XML_SetUserData(parser, data);
*b7579f77SDag-Erling Smørgrav	data->parser = parser;
*b7579f77SDag-Erling Smørgrav	data->date = now;
*b7579f77SDag-Erling Smørgrav	data->ds = BIO_new(BIO_s_mem());
*b7579f77SDag-Erling Smørgrav	data->ctag = BIO_new(BIO_s_mem());
*b7579f77SDag-Erling Smørgrav	data->czone = BIO_new(BIO_s_mem());
*b7579f77SDag-Erling Smørgrav	data->calgo = BIO_new(BIO_s_mem());
*b7579f77SDag-Erling Smørgrav	data->cdigtype = BIO_new(BIO_s_mem());
*b7579f77SDag-Erling Smørgrav	data->cdigest = BIO_new(BIO_s_mem());
*b7579f77SDag-Erling Smørgrav	if(!data->ds || !data->ctag || !data->calgo || !data->czone ||
*b7579f77SDag-Erling Smørgrav		!data->cdigtype || !data->cdigest) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	snprintf(buf, sizeof(buf), "; created by unbound-anchor on %s",
*b7579f77SDag-Erling Smørgrav		ctime(&now));
*b7579f77SDag-Erling Smørgrav	if(BIO_write(data->ds, buf, (int)strlen(buf)) <= 0) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	XML_SetElementHandler(parser, xml_startelem, xml_endelem);
*b7579f77SDag-Erling Smørgrav	XML_SetCharacterDataHandler(parser, xml_charhandle);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * Perform XML parsing of the root-anchors file
*b7579f77SDag-Erling Smørgrav * Its format description can be read here
*b7579f77SDag-Erling Smørgrav * https://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.txt
*b7579f77SDag-Erling Smørgrav * It uses libexpat.
*b7579f77SDag-Erling Smørgrav * @param xml: BIO with xml data.
*b7579f77SDag-Erling Smørgrav * @param now: the current time for checking DS validity periods.
*b7579f77SDag-Erling Smørgrav * @return memoryBIO with the DS data in zone format.
*b7579f77SDag-Erling Smørgrav * 	or NULL if the zone is insecure.
*b7579f77SDag-Erling Smørgrav * 	(It exit()s on error)
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic BIO*
*b7579f77SDag-Erling Smørgravxml_parse(BIO* xml, time_t now)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	char* pp;
*b7579f77SDag-Erling Smørgrav	int len;
*b7579f77SDag-Erling Smørgrav	XML_Parser parser;
*b7579f77SDag-Erling Smørgrav	struct xml_data data;
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	parser = XML_ParserCreate(NULL);
*b7579f77SDag-Erling Smørgrav	if(!parser) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("could not XML_ParserCreate\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* setup callbacks */
*b7579f77SDag-Erling Smørgrav	xml_parse_setup(parser, &data, now);
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* parse it */
*b7579f77SDag-Erling Smørgrav	(void)BIO_reset(xml);
*b7579f77SDag-Erling Smørgrav	len = (int)BIO_get_mem_data(xml, &pp);
*b7579f77SDag-Erling Smørgrav	if(!len || !pp) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(!XML_Parse(parser, pp, len, 1 /*isfinal*/ )) {
*b7579f77SDag-Erling Smørgrav		const char *e = XML_ErrorString(XML_GetErrorCode(parser));
*b7579f77SDag-Erling Smørgrav		if(verb) printf("XML_Parse failure %s\n", e?e:"");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* parsed */
*b7579f77SDag-Erling Smørgrav	if(verb) printf("XML was parsed successfully, %d keys\n",
*b7579f77SDag-Erling Smørgrav			data.num_keys);
*b7579f77SDag-Erling Smørgrav	free(data.tag);
*b7579f77SDag-Erling Smørgrav	XML_ParserFree(parser);
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	if(verb >= 4) {
*b7579f77SDag-Erling Smørgrav		char* pp = NULL;
*b7579f77SDag-Erling Smørgrav		int len;
*b7579f77SDag-Erling Smørgrav		(void)BIO_seek(data.ds, 0);
*b7579f77SDag-Erling Smørgrav		len = BIO_get_mem_data(data.ds, &pp);
*b7579f77SDag-Erling Smørgrav		printf("got DS bio %d: '", len);
*b7579f77SDag-Erling Smørgrav		if(!fwrite(pp, (size_t)len, 1, stdout))
*b7579f77SDag-Erling Smørgrav			/* compilers do not allow us to ignore fwrite .. */
*b7579f77SDag-Erling Smørgrav			fprintf(stderr, "error writing to stdout\n");
*b7579f77SDag-Erling Smørgrav		printf("'\n");
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	BIO_free(data.czone);
*b7579f77SDag-Erling Smørgrav	BIO_free(data.ctag);
*b7579f77SDag-Erling Smørgrav	BIO_free(data.calgo);
*b7579f77SDag-Erling Smørgrav	BIO_free(data.cdigtype);
*b7579f77SDag-Erling Smørgrav	BIO_free(data.cdigest);
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	if(data.num_keys == 0) {
*b7579f77SDag-Erling Smørgrav		/* the root zone seems to have gone insecure */
*b7579f77SDag-Erling Smørgrav		BIO_free(data.ds);
*b7579f77SDag-Erling Smørgrav		return NULL;
*b7579f77SDag-Erling Smørgrav	} else {
*b7579f77SDag-Erling Smørgrav		return data.ds;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** verify a PKCS7 signature, false on failure */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravverify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	PKCS7* p7;
*b7579f77SDag-Erling Smørgrav	X509_STORE *store = X509_STORE_new();
*b7579f77SDag-Erling Smørgrav	int secure = 0;
*b7579f77SDag-Erling Smørgrav	int i;
*b7579f77SDag-Erling Smørgrav#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
*b7579f77SDag-Erling Smørgrav	X509_VERIFY_PARAM* param = X509_VERIFY_PARAM_new();
*b7579f77SDag-Erling Smørgrav	if(!param) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		X509_STORE_free(store);
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	/* do the selfcheck on the root certificate; it checks that the
*b7579f77SDag-Erling Smørgrav	 * input is valid */
*b7579f77SDag-Erling Smørgrav	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CHECK_SS_SIGNATURE);
*b7579f77SDag-Erling Smørgrav	if(store) X509_STORE_set1_param(store, param);
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav	if(!store) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
*b7579f77SDag-Erling Smørgrav		X509_VERIFY_PARAM_free(param);
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	(void)BIO_reset(p7s);
*b7579f77SDag-Erling Smørgrav	(void)BIO_reset(data);
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* convert p7s to p7 (the signature) */
*b7579f77SDag-Erling Smørgrav	p7 = d2i_PKCS7_bio(p7s, NULL);
*b7579f77SDag-Erling Smørgrav	if(!p7) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("could not parse p7s signature file\n");
*b7579f77SDag-Erling Smørgrav		X509_STORE_free(store);
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(verb >= 2) printf("parsed the PKCS7 signature\n");
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* convert trust to trusted certificate store */
*b7579f77SDag-Erling Smørgrav	for(i=0; i<sk_X509_num(trust); i++) {
*b7579f77SDag-Erling Smørgrav		if(!X509_STORE_add_cert(store, sk_X509_value(trust, i))) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("failed X509_STORE_add_cert\n");
*b7579f77SDag-Erling Smørgrav			X509_STORE_free(store);
*b7579f77SDag-Erling Smørgrav			PKCS7_free(p7);
*b7579f77SDag-Erling Smørgrav			return 0;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(verb >= 2) printf("setup the X509_STORE\n");
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	if(PKCS7_verify(p7, NULL, store, data, NULL, 0) == 1) {
*b7579f77SDag-Erling Smørgrav		secure = 1;
*b7579f77SDag-Erling Smørgrav		if(verb) printf("the PKCS7 signature verified\n");
*b7579f77SDag-Erling Smørgrav	} else {
*b7579f77SDag-Erling Smørgrav		if(verb) {
*b7579f77SDag-Erling Smørgrav			ERR_print_errors_fp(stdout);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	X509_STORE_free(store);
*b7579f77SDag-Erling Smørgrav	PKCS7_free(p7);
*b7579f77SDag-Erling Smørgrav	return secure;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** write unsigned root anchor file, a 5011 revoked tp */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravwrite_unsigned_root(char* root_anchor_file)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	FILE* out;
*b7579f77SDag-Erling Smørgrav	time_t now = time(NULL);
*b7579f77SDag-Erling Smørgrav	out = fopen(root_anchor_file, "w");
*b7579f77SDag-Erling Smørgrav	if(!out) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("%s: %s\n", root_anchor_file, strerror(errno));
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(fprintf(out, "; autotrust trust anchor file\n"
*b7579f77SDag-Erling Smørgrav		";;REVOKED\n"
*b7579f77SDag-Erling Smørgrav		";;id: . 1\n"
*b7579f77SDag-Erling Smørgrav		"; This file was written by unbound-anchor on %s"
*b7579f77SDag-Erling Smørgrav		"; It indicates that the root does not use DNSSEC\n"
*b7579f77SDag-Erling Smørgrav		"; to restart DNSSEC overwrite this file with a\n"
*b7579f77SDag-Erling Smørgrav		"; valid trustanchor or (empty-it and run unbound-anchor)\n"
*b7579f77SDag-Erling Smørgrav		, ctime(&now)) < 0) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("failed to write 'unsigned' to %s\n",
*b7579f77SDag-Erling Smørgrav			root_anchor_file);
*b7579f77SDag-Erling Smørgrav		if(verb && errno != 0) printf("%s\n", strerror(errno));
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	fclose(out);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** write root anchor file */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravwrite_root_anchor(char* root_anchor_file, BIO* ds)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	char* pp = NULL;
*b7579f77SDag-Erling Smørgrav	int len;
*b7579f77SDag-Erling Smørgrav	FILE* out;
*b7579f77SDag-Erling Smørgrav	(void)BIO_seek(ds, 0);
*b7579f77SDag-Erling Smørgrav	len = BIO_get_mem_data(ds, &pp);
*b7579f77SDag-Erling Smørgrav	if(!len || !pp) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	out = fopen(root_anchor_file, "w");
*b7579f77SDag-Erling Smørgrav	if(!out) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("%s: %s\n", root_anchor_file, strerror(errno));
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(fwrite(pp, (size_t)len, 1, out) != 1) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("failed to write all data to %s\n",
*b7579f77SDag-Erling Smørgrav			root_anchor_file);
*b7579f77SDag-Erling Smørgrav		if(verb && errno != 0) printf("%s\n", strerror(errno));
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	fclose(out);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** Perform the verification and update of the trustanchor file */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravverify_and_update_anchor(char* root_anchor_file, BIO* xml, BIO* p7s,
*b7579f77SDag-Erling Smørgrav	STACK_OF(X509)* cert)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	BIO* ds;
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* verify xml file */
*b7579f77SDag-Erling Smørgrav	if(!verify_p7sig(xml, p7s, cert)) {
*b7579f77SDag-Erling Smørgrav		printf("the PKCS7 signature failed\n");
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* parse the xml file into DS records */
*b7579f77SDag-Erling Smørgrav	ds = xml_parse(xml, time(NULL));
*b7579f77SDag-Erling Smørgrav	if(!ds) {
*b7579f77SDag-Erling Smørgrav		/* the root zone is unsigned now */
*b7579f77SDag-Erling Smørgrav		write_unsigned_root(root_anchor_file);
*b7579f77SDag-Erling Smørgrav	} else {
*b7579f77SDag-Erling Smørgrav		/* reinstate 5011 tracking */
*b7579f77SDag-Erling Smørgrav		write_root_anchor(root_anchor_file, ds);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	BIO_free(ds);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav#ifdef USE_WINSOCK
*b7579f77SDag-Erling Smørgravstatic void do_wsa_cleanup(void) { WSACleanup(); }
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** perform actual certupdate work */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravdo_certupdate(char* root_anchor_file, char* root_cert_file,
*b7579f77SDag-Erling Smørgrav	char* urlname, char* xmlname, char* p7sname,
*b7579f77SDag-Erling Smørgrav	char* res_conf, char* root_hints, char* debugconf,
*b7579f77SDag-Erling Smørgrav	int ip4only, int ip6only, int port, struct ub_result* dnskey)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	STACK_OF(X509)* cert;
*b7579f77SDag-Erling Smørgrav	BIO *xml, *p7s;
*b7579f77SDag-Erling Smørgrav	struct ip_list* ip_list = NULL;
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* read pem file or provide builtin */
*b7579f77SDag-Erling Smørgrav	cert = read_cert_or_builtin(root_cert_file);
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* lookup A, AAAA for the urlname (or parse urlname if IP address) */
*b7579f77SDag-Erling Smørgrav	ip_list = resolve_name(urlname, port, res_conf, root_hints, debugconf,
*b7579f77SDag-Erling Smørgrav		ip4only, ip6only);
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav#ifdef USE_WINSOCK
*b7579f77SDag-Erling Smørgrav	if(1) { /* libunbound finished, startup WSA for the https connection */
*b7579f77SDag-Erling Smørgrav		WSADATA wsa_data;
*b7579f77SDag-Erling Smørgrav		int r;
*b7579f77SDag-Erling Smørgrav		if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("WSAStartup failed: %s\n",
*b7579f77SDag-Erling Smørgrav				wsa_strerror(r));
*b7579f77SDag-Erling Smørgrav			exit(0);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		atexit(&do_wsa_cleanup);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* fetch the necessary files over HTTPS */
*b7579f77SDag-Erling Smørgrav	xml = https(ip_list, xmlname, urlname);
*b7579f77SDag-Erling Smørgrav	p7s = https(ip_list, p7sname, urlname);
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* verify and update the root anchor */
*b7579f77SDag-Erling Smørgrav	verify_and_update_anchor(root_anchor_file, xml, p7s, cert);
*b7579f77SDag-Erling Smørgrav	if(verb) printf("success: the anchor has been updated "
*b7579f77SDag-Erling Smørgrav			"using the cert\n");
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	free_file_bio(xml);
*b7579f77SDag-Erling Smørgrav	free_file_bio(p7s);
*b7579f77SDag-Erling Smørgrav#ifndef S_SPLINT_S
*b7579f77SDag-Erling Smørgrav	sk_X509_pop_free(cert, X509_free);
*b7579f77SDag-Erling Smørgrav#endif
*b7579f77SDag-Erling Smørgrav	ub_resolve_free(dnskey);
*b7579f77SDag-Erling Smørgrav	ip_list_free(ip_list);
*b7579f77SDag-Erling Smørgrav	return 1;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * Try to read the root RFC5011 autotrust anchor file,
*b7579f77SDag-Erling Smørgrav * @param file: filename.
*b7579f77SDag-Erling Smørgrav * @return:
*b7579f77SDag-Erling Smørgrav * 	0 if does not exist or empty
*b7579f77SDag-Erling Smørgrav * 	1 if trust-point-revoked-5011
*b7579f77SDag-Erling Smørgrav * 	2 if it is OK.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravtry_read_anchor(char* file)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int empty = 1;
*b7579f77SDag-Erling Smørgrav	char line[10240];
*b7579f77SDag-Erling Smørgrav	char* p;
*b7579f77SDag-Erling Smørgrav	FILE* in = fopen(file, "r");
*b7579f77SDag-Erling Smørgrav	if(!in) {
*b7579f77SDag-Erling Smørgrav		/* only if the file does not exist, can we fix it */
*b7579f77SDag-Erling Smørgrav		if(errno != ENOENT) {
*b7579f77SDag-Erling Smørgrav			if(verb) printf("%s: %s\n", file, strerror(errno));
*b7579f77SDag-Erling Smørgrav			if(verb) printf("error: cannot access the file\n");
*b7579f77SDag-Erling Smørgrav			exit(0);
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		if(verb) printf("%s does not exist\n", file);
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	while(fgets(line, (int)sizeof(line), in)) {
*b7579f77SDag-Erling Smørgrav		line[sizeof(line)-1] = 0;
*b7579f77SDag-Erling Smørgrav		if(strncmp(line, ";;REVOKED", 9) == 0) {
*b7579f77SDag-Erling Smørgrav			fclose(in);
*b7579f77SDag-Erling Smørgrav			if(verb) printf("%s : the trust point is revoked\n"
*b7579f77SDag-Erling Smørgrav				"and the zone is considered unsigned.\n"
*b7579f77SDag-Erling Smørgrav				"if you wish to re-enable, delete the file\n",
*b7579f77SDag-Erling Smørgrav				file);
*b7579f77SDag-Erling Smørgrav			return 1;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav		p=line;
*b7579f77SDag-Erling Smørgrav		while(*p == ' ' || *p == '\t')
*b7579f77SDag-Erling Smørgrav			p++;
*b7579f77SDag-Erling Smørgrav		if(p[0]==0 || p[0]=='\n' || p[0]==';') continue;
*b7579f77SDag-Erling Smørgrav		/* this line is a line of content */
*b7579f77SDag-Erling Smørgrav		empty = 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	fclose(in);
*b7579f77SDag-Erling Smørgrav	if(empty) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("%s is empty\n", file);
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(verb) printf("%s has content\n", file);
*b7579f77SDag-Erling Smørgrav	return 2;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** Write the builtin root anchor to a file */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravwrite_builtin_anchor(char* file)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	const char* builtin_root_anchor = get_builtin_ds();
*b7579f77SDag-Erling Smørgrav	FILE* out = fopen(file, "w");
*b7579f77SDag-Erling Smørgrav	if(!out) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("%s: %s\n", file, strerror(errno));
*b7579f77SDag-Erling Smørgrav		if(verb) printf("  could not write builtin anchor\n");
*b7579f77SDag-Erling Smørgrav		return;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(!fwrite(builtin_root_anchor, strlen(builtin_root_anchor), 1, out)) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("%s: %s\n", file, strerror(errno));
*b7579f77SDag-Erling Smørgrav		if(verb) printf("  could not complete write builtin anchor\n");
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	fclose(out);
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * Check the root anchor file.
*b7579f77SDag-Erling Smørgrav * If does not exist, provide builtin and write file.
*b7579f77SDag-Erling Smørgrav * If empty, provide builtin and write file.
*b7579f77SDag-Erling Smørgrav * If trust-point-revoked-5011 file: make the program exit.
*b7579f77SDag-Erling Smørgrav * @param root_anchor_file: filename of the root anchor.
*b7579f77SDag-Erling Smørgrav * @param used_builtin: set to 1 if the builtin is written.
*b7579f77SDag-Erling Smørgrav * @return 0 if trustpoint is insecure, 1 on success.  Exit on failure.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravprovide_builtin(char* root_anchor_file, int* used_builtin)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	/* try to read it */
*b7579f77SDag-Erling Smørgrav	switch(try_read_anchor(root_anchor_file))
*b7579f77SDag-Erling Smørgrav	{
*b7579f77SDag-Erling Smørgrav		case 0: /* no exist or empty */
*b7579f77SDag-Erling Smørgrav			write_builtin_anchor(root_anchor_file);
*b7579f77SDag-Erling Smørgrav			*used_builtin = 1;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 1: /* revoked tp */
*b7579f77SDag-Erling Smørgrav			return 0;
*b7579f77SDag-Erling Smørgrav		case 2: /* it is fine */
*b7579f77SDag-Erling Smørgrav		default:
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return 1;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * add an autotrust anchor for the root to the context
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic void
*b7579f77SDag-Erling Smørgravadd_5011_probe_root(struct ub_ctx* ctx, char* root_anchor_file)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int r;
*b7579f77SDag-Erling Smørgrav	r = ub_ctx_set_option(ctx, "auto-trust-anchor-file:", root_anchor_file);
*b7579f77SDag-Erling Smørgrav	if(r) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("add 5011 probe to ctx: %s\n", ub_strerror(r));
*b7579f77SDag-Erling Smørgrav		ub_ctx_delete(ctx);
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * Prime the root key and return the result.  Exit on error.
*b7579f77SDag-Erling Smørgrav * @param ctx: the unbound context to perform the priming with.
*b7579f77SDag-Erling Smørgrav * @return: the result of the prime, on error it exit()s.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic struct ub_result*
*b7579f77SDag-Erling Smørgravprime_root_key(struct ub_ctx* ctx)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct ub_result* res = NULL;
*b7579f77SDag-Erling Smørgrav	int r;
*b7579f77SDag-Erling Smørgrav	r = ub_resolve(ctx, ".", LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, &res);
*b7579f77SDag-Erling Smørgrav	if(r) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("resolve DNSKEY: %s\n", ub_strerror(r));
*b7579f77SDag-Erling Smørgrav		ub_ctx_delete(ctx);
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(!res) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("out of memory\n");
*b7579f77SDag-Erling Smørgrav		ub_ctx_delete(ctx);
*b7579f77SDag-Erling Smørgrav		exit(0);
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	return res;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** see if ADDPEND keys exist in autotrust file (if possible) */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravread_if_pending_keys(char* file)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	FILE* in = fopen(file, "r");
*b7579f77SDag-Erling Smørgrav	char line[8192];
*b7579f77SDag-Erling Smørgrav	if(!in) {
*b7579f77SDag-Erling Smørgrav		if(verb>=2) printf("%s: %s\n", file, strerror(errno));
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	while(fgets(line, (int)sizeof(line), in)) {
*b7579f77SDag-Erling Smørgrav		if(line[0]==';') continue;
*b7579f77SDag-Erling Smørgrav		if(strstr(line, "[ ADDPEND ]")) {
*b7579f77SDag-Erling Smørgrav			fclose(in);
*b7579f77SDag-Erling Smørgrav			if(verb) printf("RFC5011-state has ADDPEND keys\n");
*b7579f77SDag-Erling Smørgrav			return 1;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	fclose(in);
*b7579f77SDag-Erling Smørgrav	return 0;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** read last successful probe time from autotrust file (if possible) */
*b7579f77SDag-Erling Smørgravstatic int32_t
*b7579f77SDag-Erling Smørgravread_last_success_time(char* file)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	FILE* in = fopen(file, "r");
*b7579f77SDag-Erling Smørgrav	char line[1024];
*b7579f77SDag-Erling Smørgrav	if(!in) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("%s: %s\n", file, strerror(errno));
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	while(fgets(line, (int)sizeof(line), in)) {
*b7579f77SDag-Erling Smørgrav		if(strncmp(line, ";;last_success: ", 16) == 0) {
*b7579f77SDag-Erling Smørgrav			char* e;
*b7579f77SDag-Erling Smørgrav			time_t x = (unsigned int)strtol(line+16, &e, 10);
*b7579f77SDag-Erling Smørgrav			fclose(in);
*b7579f77SDag-Erling Smørgrav			if(line+16 == e) {
*b7579f77SDag-Erling Smørgrav				if(verb) printf("failed to parse "
*b7579f77SDag-Erling Smørgrav					"last_success probe time\n");
*b7579f77SDag-Erling Smørgrav				return 0;
*b7579f77SDag-Erling Smørgrav			}
*b7579f77SDag-Erling Smørgrav			if(verb) printf("last successful probe: %s", ctime(&x));
*b7579f77SDag-Erling Smørgrav			return (int32_t)x;
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	fclose(in);
*b7579f77SDag-Erling Smørgrav	if(verb) printf("no last_success probe time in anchor file\n");
*b7579f77SDag-Erling Smørgrav	return 0;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/**
*b7579f77SDag-Erling Smørgrav * Read autotrust 5011 probe file and see if the date
*b7579f77SDag-Erling Smørgrav * compared to the current date allows a certupdate.
*b7579f77SDag-Erling Smørgrav * If the last successful probe was recent then 5011 cannot be behind,
*b7579f77SDag-Erling Smørgrav * and the failure cannot be solved with a certupdate.
*b7579f77SDag-Erling Smørgrav * The debugconf is to validation-override the date for testing.
*b7579f77SDag-Erling Smørgrav * @param root_anchor_file: filename of root key
*b7579f77SDag-Erling Smørgrav * @return true if certupdate is ok.
*b7579f77SDag-Erling Smørgrav */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravprobe_date_allows_certupdate(char* root_anchor_file)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int has_pending_keys = read_if_pending_keys(root_anchor_file);
*b7579f77SDag-Erling Smørgrav	int32_t last_success = read_last_success_time(root_anchor_file);
*b7579f77SDag-Erling Smørgrav	int32_t now = (int32_t)time(NULL);
*b7579f77SDag-Erling Smørgrav	int32_t leeway = 30 * 24 * 3600; /* 30 days leeway */
*b7579f77SDag-Erling Smørgrav	/* if the date is before 2010-07-15:00.00.00 then the root has not
*b7579f77SDag-Erling Smørgrav	 * been signed yet, and thus we refuse to take action. */
*b7579f77SDag-Erling Smørgrav	if(time(NULL) < xml_convertdate("2010-07-15T00:00:00")) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("the date is before the root was first signed,"
*b7579f77SDag-Erling Smørgrav			" please correct the clock\n");
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(last_success == 0)
*b7579f77SDag-Erling Smørgrav		return 1; /* no probe time */
*b7579f77SDag-Erling Smørgrav	if(has_pending_keys)
*b7579f77SDag-Erling Smørgrav		return 1; /* key in ADDPEND state, a previous probe has
*b7579f77SDag-Erling Smørgrav		inserted that, and it was present in all recent probes,
*b7579f77SDag-Erling Smørgrav		but it has not become active.  The 30 day timer may not have
*b7579f77SDag-Erling Smørgrav		expired, but we know(for sure) there is a rollover going on.
*b7579f77SDag-Erling Smørgrav		If we only managed to pickup the new key on its last day
*b7579f77SDag-Erling Smørgrav		of announcement (for example) this can happen. */
*b7579f77SDag-Erling Smørgrav	if(now - last_success < 0) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("the last successful probe is in the future,"
*b7579f77SDag-Erling Smørgrav			" clock was modified\n");
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(now - last_success >= leeway) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("the last successful probe was more than 30 "
*b7579f77SDag-Erling Smørgrav			"days ago\n");
*b7579f77SDag-Erling Smørgrav		return 1;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(verb) printf("the last successful probe is recent\n");
*b7579f77SDag-Erling Smørgrav	return 0;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** perform the unbound-anchor work */
*b7579f77SDag-Erling Smørgravstatic int
*b7579f77SDag-Erling Smørgravdo_root_update_work(char* root_anchor_file, char* root_cert_file,
*b7579f77SDag-Erling Smørgrav	char* urlname, char* xmlname, char* p7sname,
*b7579f77SDag-Erling Smørgrav	char* res_conf, char* root_hints, char* debugconf,
*b7579f77SDag-Erling Smørgrav	int ip4only, int ip6only, int force, int port)
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	struct ub_ctx* ctx;
*b7579f77SDag-Erling Smørgrav	struct ub_result* dnskey;
*b7579f77SDag-Erling Smørgrav	int used_builtin = 0;
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* see if builtin rootanchor needs to be provided, or if
*b7579f77SDag-Erling Smørgrav	 * rootanchor is 'revoked-trust-point' */
*b7579f77SDag-Erling Smørgrav	if(!provide_builtin(root_anchor_file, &used_builtin))
*b7579f77SDag-Erling Smørgrav		return 0;
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* make unbound context with 5011-probe for root anchor,
*b7579f77SDag-Erling Smørgrav	 * and probe . DNSKEY */
*b7579f77SDag-Erling Smørgrav	ctx = create_unbound_context(res_conf, root_hints, debugconf,
*b7579f77SDag-Erling Smørgrav		ip4only, ip6only);
*b7579f77SDag-Erling Smørgrav	add_5011_probe_root(ctx, root_anchor_file);
*b7579f77SDag-Erling Smørgrav	dnskey = prime_root_key(ctx);
*b7579f77SDag-Erling Smørgrav	ub_ctx_delete(ctx);
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* if secure: exit */
*b7579f77SDag-Erling Smørgrav	if(dnskey->secure && !force) {
*b7579f77SDag-Erling Smørgrav		if(verb) printf("success: the anchor is ok\n");
*b7579f77SDag-Erling Smørgrav		ub_resolve_free(dnskey);
*b7579f77SDag-Erling Smørgrav		return used_builtin;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(force && verb) printf("debug cert update forced\n");
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	/* if not (and NOERROR): check date and do certupdate */
*b7579f77SDag-Erling Smørgrav	if((dnskey->rcode == 0 &&
*b7579f77SDag-Erling Smørgrav		probe_date_allows_certupdate(root_anchor_file)) || force) {
*b7579f77SDag-Erling Smørgrav		if(do_certupdate(root_anchor_file, root_cert_file, urlname,
*b7579f77SDag-Erling Smørgrav			xmlname, p7sname, res_conf, root_hints, debugconf,
*b7579f77SDag-Erling Smørgrav			ip4only, ip6only, port, dnskey))
*b7579f77SDag-Erling Smørgrav			return 1;
*b7579f77SDag-Erling Smørgrav		return used_builtin;
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	if(verb) printf("fail: the anchor is NOT ok and could not be fixed\n");
*b7579f77SDag-Erling Smørgrav	ub_resolve_free(dnskey);
*b7579f77SDag-Erling Smørgrav	return used_builtin;
*b7579f77SDag-Erling Smørgrav}
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** getopt global, in case header files fail to declare it. */
*b7579f77SDag-Erling Smørgravextern int optind;
*b7579f77SDag-Erling Smørgrav/** getopt global, in case header files fail to declare it. */
*b7579f77SDag-Erling Smørgravextern char* optarg;
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav/** Main routine for unbound-anchor */
*b7579f77SDag-Erling Smørgravint main(int argc, char* argv[])
*b7579f77SDag-Erling Smørgrav{
*b7579f77SDag-Erling Smørgrav	int c;
*b7579f77SDag-Erling Smørgrav	char* root_anchor_file = ROOT_ANCHOR_FILE;
*b7579f77SDag-Erling Smørgrav	char* root_cert_file = ROOT_CERT_FILE;
*b7579f77SDag-Erling Smørgrav	char* urlname = URLNAME;
*b7579f77SDag-Erling Smørgrav	char* xmlname = XMLNAME;
*b7579f77SDag-Erling Smørgrav	char* p7sname = P7SNAME;
*b7579f77SDag-Erling Smørgrav	char* res_conf = NULL;
*b7579f77SDag-Erling Smørgrav	char* root_hints = NULL;
*b7579f77SDag-Erling Smørgrav	char* debugconf = NULL;
*b7579f77SDag-Erling Smørgrav	int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT;
*b7579f77SDag-Erling Smørgrav	/* parse the options */
*b7579f77SDag-Erling Smørgrav	while( (c=getopt(argc, argv, "46C:FP:a:c:f:hlr:s:u:vx:")) != -1) {
*b7579f77SDag-Erling Smørgrav		switch(c) {
*b7579f77SDag-Erling Smørgrav		case 'l':
*b7579f77SDag-Erling Smørgrav			dolist = 1;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case '4':
*b7579f77SDag-Erling Smørgrav			ip4only = 1;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case '6':
*b7579f77SDag-Erling Smørgrav			ip6only = 1;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 'a':
*b7579f77SDag-Erling Smørgrav			root_anchor_file = optarg;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 'c':
*b7579f77SDag-Erling Smørgrav			root_cert_file = optarg;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 'u':
*b7579f77SDag-Erling Smørgrav			urlname = optarg;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 'x':
*b7579f77SDag-Erling Smørgrav			xmlname = optarg;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 's':
*b7579f77SDag-Erling Smørgrav			p7sname = optarg;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 'f':
*b7579f77SDag-Erling Smørgrav			res_conf = optarg;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 'r':
*b7579f77SDag-Erling Smørgrav			root_hints = optarg;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 'C':
*b7579f77SDag-Erling Smørgrav			debugconf = optarg;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 'F':
*b7579f77SDag-Erling Smørgrav			force = 1;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 'P':
*b7579f77SDag-Erling Smørgrav			port = atoi(optarg);
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case 'v':
*b7579f77SDag-Erling Smørgrav			verb++;
*b7579f77SDag-Erling Smørgrav			break;
*b7579f77SDag-Erling Smørgrav		case '?':
*b7579f77SDag-Erling Smørgrav		case 'h':
*b7579f77SDag-Erling Smørgrav		default:
*b7579f77SDag-Erling Smørgrav			usage();
*b7579f77SDag-Erling Smørgrav		}
*b7579f77SDag-Erling Smørgrav	}
*b7579f77SDag-Erling Smørgrav	argc -= optind;
*b7579f77SDag-Erling Smørgrav	argv += optind;
*b7579f77SDag-Erling Smørgrav	if(argc != 0)
*b7579f77SDag-Erling Smørgrav		usage();
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	ERR_load_crypto_strings();
*b7579f77SDag-Erling Smørgrav	ERR_load_SSL_strings();
*b7579f77SDag-Erling Smørgrav	OpenSSL_add_all_algorithms();
*b7579f77SDag-Erling Smørgrav	(void)SSL_library_init();
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	if(dolist) do_list_builtin();
*b7579f77SDag-Erling Smørgrav
*b7579f77SDag-Erling Smørgrav	return do_root_update_work(root_anchor_file, root_cert_file, urlname,
*b7579f77SDag-Erling Smørgrav		xmlname, p7sname, res_conf, root_hints, debugconf, ip4only,
*b7579f77SDag-Erling Smørgrav		ip6only, force, port);
*b7579f77SDag-Erling Smørgrav}