View | Details | Raw Unified | Return to bug 1276 | Differences between
and this patch

Collapse All | Expand All

(-)b/dnscrypt/cert.h (-1 / +1 lines)
 Lines 20-31   struct SignedCert { Link Here 
20
    uint8_t version_minor[2];
20
    uint8_t version_minor[2];
21
21
22
    // Signed Content
22
    // Signed Content
23
    uint8_t signed_content[64];
23
    uint8_t server_publickey[crypto_box_PUBLICKEYBYTES];
24
    uint8_t server_publickey[crypto_box_PUBLICKEYBYTES];
24
    uint8_t magic_query[8];
25
    uint8_t magic_query[8];
25
    uint8_t serial[4];
26
    uint8_t serial[4];
26
    uint8_t ts_begin[4];
27
    uint8_t ts_begin[4];
27
    uint8_t ts_end[4];
28
    uint8_t ts_end[4];
28
    uint8_t end[64];
29
};
29
};
30
30
31
31
(-)b/dnscrypt/dnscrypt.c (-45 / +141 lines)
 Lines 15-20    Link Here 
15
15
16
#include "dnscrypt/cert.h"
16
#include "dnscrypt/cert.h"
17
#include "dnscrypt/dnscrypt.h"
17
#include "dnscrypt/dnscrypt.h"
18
#include "dnscrypt/dnscrypt_config.h"
18
19
19
#include <ctype.h>
20
#include <ctype.h>
20
21
 Lines 35-52    Link Here 
35
    (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES + crypto_box_HALF_NONCEBYTES)
36
    (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES + crypto_box_HALF_NONCEBYTES)
36
37
37
/**
38
/**
38
 * Decrypt a query using the keypair that was found using dnsc_find_keypair.
39
 * Decrypt a query using the dnsccert that was found using dnsc_find_cert.
39
 * The client nonce will be extracted from the encrypted query and stored in
40
 * The client nonce will be extracted from the encrypted query and stored in
40
 * client_nonce, a shared secret will be computed and stored in nmkey and the
41
 * client_nonce, a shared secret will be computed and stored in nmkey and the
41
 * buffer will be decrypted inplace.
42
 * buffer will be decrypted inplace.
42
 * \param[in] keypair the keypair that matches this encrypted query.
43
 * \param[in] cert the cert that matches this encrypted query.
43
 * \param[in] client_nonce where the client nonce will be stored.
44
 * \param[in] client_nonce where the client nonce will be stored.
44
 * \param[in] nmkey where the shared secret key will be written.
45
 * \param[in] nmkey where the shared secret key will be written.
45
 * \param[in] buffer the encrypted buffer.
46
 * \param[in] buffer the encrypted buffer.
46
 * \return 0 on success.
47
 * \return 0 on success.
47
 */
48
 */
48
static int
49
static int
49
dnscrypt_server_uncurve(const KeyPair *keypair,
50
dnscrypt_server_uncurve(const dnsccert *cert,
50
                        uint8_t client_nonce[crypto_box_HALF_NONCEBYTES],
51
                        uint8_t client_nonce[crypto_box_HALF_NONCEBYTES],
51
                        uint8_t nmkey[crypto_box_BEFORENMBYTES],
52
                        uint8_t nmkey[crypto_box_BEFORENMBYTES],
52
                        struct sldns_buffer* buffer)
53
                        struct sldns_buffer* buffer)
 Lines 62-86   dnscrypt_server_uncurve(const KeyPair *keypair, Link Here 
62
63
63
    query_header = (struct dnscrypt_query_header *)buf;
64
    query_header = (struct dnscrypt_query_header *)buf;
64
    memcpy(nmkey, query_header->publickey, crypto_box_PUBLICKEYBYTES);
65
    memcpy(nmkey, query_header->publickey, crypto_box_PUBLICKEYBYTES);
65
    if (crypto_box_beforenm(nmkey, nmkey, keypair->crypt_secretkey) != 0) {
66
    if(cert->es_version[1] == 2) {
67
#ifdef HAVE_XCHACHA20
68
        if (crypto_box_curve25519xchacha20poly1305_beforenm(
69
                nmkey, nmkey, cert->keypair->crypt_secretkey) != 0) {
70
            return -1;
71
        }
72
#else
66
        return -1;
73
        return -1;
74
#endif
75
    } else {
76
        if (crypto_box_beforenm(nmkey, nmkey, cert->keypair->crypt_secretkey) != 0) {
77
            return -1;
78
        }
67
    }
79
    }
68
80
69
    memcpy(nonce, query_header->nonce, crypto_box_HALF_NONCEBYTES);
81
    memcpy(nonce, query_header->nonce, crypto_box_HALF_NONCEBYTES);
70
    memset(nonce + crypto_box_HALF_NONCEBYTES, 0, crypto_box_HALF_NONCEBYTES);
82
    memset(nonce + crypto_box_HALF_NONCEBYTES, 0, crypto_box_HALF_NONCEBYTES);
71
83
72
    sldns_buffer_set_at(buffer,
84
    if(cert->es_version[1] == 2) {
73
                        DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES,
85
#ifdef HAVE_XCHACHA20
74
                        0, crypto_box_BOXZEROBYTES);
86
        if (crypto_box_curve25519xchacha20poly1305_open_easy_afternm
75
87
                (buf,
76
    if (crypto_box_open_afternm
88
                buf + DNSCRYPT_QUERY_BOX_OFFSET,
77
        (buf + DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES,
89
                len - DNSCRYPT_QUERY_BOX_OFFSET, nonce,
78
         buf + DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES,
90
                nmkey) != 0) {
79
         len - DNSCRYPT_QUERY_BOX_OFFSET + crypto_box_BOXZEROBYTES, nonce,
91
            return -1;
80
         nmkey) != 0) {
92
        }
93
#else
81
        return -1;
94
        return -1;
95
#endif
96
    } else {
97
        if (crypto_box_open_easy_afternm
98
            (buf,
99
             buf + DNSCRYPT_QUERY_BOX_OFFSET,
100
             len - DNSCRYPT_QUERY_BOX_OFFSET, nonce,
101
             nmkey) != 0) {
102
            return -1;
103
        }
82
    }
104
    }
83
105
106
    len -= DNSCRYPT_QUERY_HEADER_SIZE;
107
84
    while (*sldns_buffer_at(buffer, --len) == 0)
108
    while (*sldns_buffer_at(buffer, --len) == 0)
85
	    ;
109
	    ;
86
110
 Lines 89-100   dnscrypt_server_uncurve(const KeyPair *keypair, Link Here 
89
    }
113
    }
90
114
91
    memcpy(client_nonce, nonce, crypto_box_HALF_NONCEBYTES);
115
    memcpy(client_nonce, nonce, crypto_box_HALF_NONCEBYTES);
92
    memmove(sldns_buffer_begin(buffer),
93
            sldns_buffer_at(buffer, DNSCRYPT_QUERY_HEADER_SIZE),
94
            len - DNSCRYPT_QUERY_HEADER_SIZE);
95
116
96
    sldns_buffer_set_position(buffer, 0);
117
    sldns_buffer_set_position(buffer, 0);
97
    sldns_buffer_set_limit(buffer, len - DNSCRYPT_QUERY_HEADER_SIZE);
118
    sldns_buffer_set_limit(buffer, len);
98
119
99
    return 0;
120
    return 0;
100
}
121
}
 Lines 182-191   add_server_nonce(uint8_t *nonce) Link Here 
182
}
203
}
183
204
184
/**
205
/**
185
 * Encrypt a reply using the keypair that was used with the query.
206
 * Encrypt a reply using the dnsccert that was used with the query.
186
 * The client nonce will be extracted from the encrypted query and stored in
207
 * The client nonce will be extracted from the encrypted query and stored in
187
 * The buffer will be encrypted inplace.
208
 * The buffer will be encrypted inplace.
188
 * \param[in] keypair the keypair that matches this encrypted query.
209
 * \param[in] cert the dnsccert that matches this encrypted query.
189
 * \param[in] client_nonce client nonce used during the query
210
 * \param[in] client_nonce client nonce used during the query
190
 * \param[in] nmkey shared secret key used during the query.
211
 * \param[in] nmkey shared secret key used during the query.
191
 * \param[in] buffer the buffer where to encrypt the reply.
212
 * \param[in] buffer the buffer where to encrypt the reply.
 Lines 194-200   add_server_nonce(uint8_t *nonce) Link Here 
194
 * \return 0 on success.
215
 * \return 0 on success.
195
 */
216
 */
196
static int
217
static int
197
dnscrypt_server_curve(const KeyPair *keypair,
218
dnscrypt_server_curve(const dnsccert *cert,
198
                      uint8_t client_nonce[crypto_box_HALF_NONCEBYTES],
219
                      uint8_t client_nonce[crypto_box_HALF_NONCEBYTES],
199
                      uint8_t nmkey[crypto_box_BEFORENMBYTES],
220
                      uint8_t nmkey[crypto_box_BEFORENMBYTES],
200
                      struct sldns_buffer* buffer,
221
                      struct sldns_buffer* buffer,
 Lines 223-229   dnscrypt_server_curve(const KeyPair *keypair, Link Here 
223
    memmove(boxed + crypto_box_MACBYTES, buf, len);
244
    memmove(boxed + crypto_box_MACBYTES, buf, len);
224
    len = dnscrypt_pad(boxed + crypto_box_MACBYTES, len,
245
    len = dnscrypt_pad(boxed + crypto_box_MACBYTES, len,
225
                       max_len - DNSCRYPT_REPLY_HEADER_SIZE, nonce,
246
                       max_len - DNSCRYPT_REPLY_HEADER_SIZE, nonce,
226
                       keypair->crypt_secretkey);
247
                       cert->keypair->crypt_secretkey);
227
    sldns_buffer_set_at(buffer,
248
    sldns_buffer_set_at(buffer,
228
                        DNSCRYPT_REPLY_BOX_OFFSET - crypto_box_BOXZEROBYTES,
249
                        DNSCRYPT_REPLY_BOX_OFFSET - crypto_box_BOXZEROBYTES,
229
                        0, crypto_box_ZEROBYTES);
250
                        0, crypto_box_ZEROBYTES);
 Lines 231-240   dnscrypt_server_curve(const KeyPair *keypair, Link Here 
231
    // add server nonce extension
252
    // add server nonce extension
232
    add_server_nonce(nonce);
253
    add_server_nonce(nonce);
233
254
234
    if (crypto_box_afternm
255
    if(cert->es_version[1] == 2) {
235
        (boxed - crypto_box_BOXZEROBYTES, boxed - crypto_box_BOXZEROBYTES,
256
#ifdef HAVE_XCHACHA20
236
         len + crypto_box_ZEROBYTES, nonce, nmkey) != 0) {
257
        if (crypto_box_curve25519xchacha20poly1305_easy_afternm
258
            (boxed, boxed + crypto_box_MACBYTES, len, nonce, nmkey) != 0) {
259
            return -1;
260
        }
261
#else
237
        return -1;
262
        return -1;
263
#endif
264
    } else {
265
        if (crypto_box_easy_afternm
266
            (boxed, boxed + crypto_box_MACBYTES, len, nonce, nmkey) != 0) {
267
            return -1;
268
        }
238
    }
269
    }
239
270
240
    sldns_buffer_write_at(buffer, 0, DNSCRYPT_MAGIC_RESPONSE, DNSCRYPT_MAGIC_HEADER_LEN);
271
    sldns_buffer_write_at(buffer, 0, DNSCRYPT_MAGIC_RESPONSE, DNSCRYPT_MAGIC_HEADER_LEN);
 Lines 326-341   dnsc_key_to_fingerprint(char fingerprint[80U], const uint8_t * const key) Link Here 
326
}
357
}
327
358
328
/**
359
/**
329
 * Find the keypair matching a DNSCrypt query.
360
 * Find the cert matching a DNSCrypt query.
330
 * \param[in] dnscenv The DNSCrypt enviroment, which contains the list of keys
361
 * \param[in] dnscenv The DNSCrypt enviroment, which contains the list of certs
331
 * supported by the server.
362
 * supported by the server.
332
 * \param[in] buffer The encrypted DNS query.
363
 * \param[in] buffer The encrypted DNS query.
333
 * \return a KeyPair * if we found a key pair matching the query, NULL otherwise.
364
 * \return a dnsccert * if we found a cert matching the magic_number of the
365
 * query, NULL otherwise.
334
 */
366
 */
335
static const KeyPair *
367
static const dnsccert *
336
dnsc_find_keypair(struct dnsc_env* dnscenv, struct sldns_buffer* buffer)
368
dnsc_find_cert(struct dnsc_env* dnscenv, struct sldns_buffer* buffer)
337
{
369
{
338
	const KeyPair *keypairs = dnscenv->keypairs;
370
	const dnsccert *certs = dnscenv->certs;
339
	struct dnscrypt_query_header *dnscrypt_header;
371
	struct dnscrypt_query_header *dnscrypt_header;
340
	size_t i;
372
	size_t i;
341
373
 Lines 343-352   dnsc_find_keypair(struct dnsc_env* dnscenv, struct sldns_buffer* buffer) Link Here 
343
		return NULL;
375
		return NULL;
344
	}
376
	}
345
	dnscrypt_header = (struct dnscrypt_query_header *)sldns_buffer_begin(buffer);
377
	dnscrypt_header = (struct dnscrypt_query_header *)sldns_buffer_begin(buffer);
346
	for (i = 0U; i < dnscenv->keypairs_count; i++) {
378
	for (i = 0U; i < dnscenv->signed_certs_count; i++) {
347
		if (memcmp(keypairs[i].crypt_publickey, dnscrypt_header->magic_query,
379
		if (memcmp(certs[i].magic_query, dnscrypt_header->magic_query,
348
                   DNSCRYPT_MAGIC_HEADER_LEN) == 0) {
380
                   DNSCRYPT_MAGIC_HEADER_LEN) == 0) {
349
			return &keypairs[i];
381
			return &certs[i];
350
		}
382
		}
351
	}
383
	}
352
	return NULL;
384
	return NULL;
 Lines 404-412   dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) Link Here 
404
    return dnscenv->signed_certs_count;
436
    return dnscenv->signed_certs_count;
405
}
437
}
406
438
439
static const char *
440
key_get_es_version(uint8_t version[2])
441
{
442
    struct es_version {
443
        uint8_t es_version[2];
444
        const char *name;
445
    };
446
447
    struct es_version es_versions[] = {
448
        {{0x00, 0x01}, "X25519-XSalsa20Poly1305"},
449
        {{0x00, 0x02}, "X25519-XChacha20Poly1305"},
450
    };
451
    int i;
452
    for(i=0; i < sizeof es_versions; i++){
453
        if(es_versions[i].es_version[0] == version[0] &&
454
           es_versions[i].es_version[1] == version[1]){
455
            return es_versions[i].name;
456
        }
457
    }
458
    return NULL;
459
}
460
461
407
/**
462
/**
408
 * Parse the secret key files from `dnscrypt-secret-key` config and populates
463
 * Parse the secret key files from `dnscrypt-secret-key` config and populates
409
 * a list of secret/public keys supported by dnscrypt listener.
464
 * a list of dnsccert with es_version, magic number and secret/public keys
465
 * supported by dnscrypt listener.
410
 * \param[in] env The dnsc_env structure which will hold the keypairs.
466
 * \param[in] env The dnsc_env structure which will hold the keypairs.
411
 * \param[in] cfg The config with the secret key file paths.
467
 * \param[in] cfg The config with the secret key file paths.
412
 */
468
 */
 Lines 414-446   static int Link Here 
414
dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg)
470
dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg)
415
{
471
{
416
	struct config_strlist *head;
472
	struct config_strlist *head;
417
	size_t keypair_id;
473
	size_t cert_id, keypair_id;
474
    size_t c;
418
475
419
	env->keypairs_count = 0U;
476
	env->keypairs_count = 0U;
420
	for (head = cfg->dnscrypt_secret_key; head; head = head->next) {
477
	for (head = cfg->dnscrypt_secret_key; head; head = head->next) {
421
		env->keypairs_count++;
478
		env->keypairs_count++;
422
	}
479
	}
480
423
	env->keypairs = sodium_allocarray(env->keypairs_count,
481
	env->keypairs = sodium_allocarray(env->keypairs_count,
424
										  sizeof *env->keypairs);
482
										  sizeof *env->keypairs);
483
	env->certs = sodium_allocarray(env->signed_certs_count,
484
										  sizeof *env->certs);
425
485
426
	keypair_id = 0U;
486
	cert_id = 0U;
487
    keypair_id = 0U;
427
	for(head = cfg->dnscrypt_secret_key; head; head = head->next, keypair_id++) {
488
	for(head = cfg->dnscrypt_secret_key; head; head = head->next, keypair_id++) {
428
		char fingerprint[80];
489
		char fingerprint[80];
490
        int found_cert = 0;
491
        KeyPair *current_keypair = &env->keypairs[keypair_id];
492
429
		if(dnsc_read_from_file(
493
		if(dnsc_read_from_file(
430
				head->str,
494
				head->str,
431
				(char *)(env->keypairs[keypair_id].crypt_secretkey),
495
				(char *)(current_keypair->crypt_secretkey),
432
				crypto_box_SECRETKEYBYTES) != 0) {
496
				crypto_box_SECRETKEYBYTES) != 0) {
433
			fatal_exit("dnsc_parse_keys: failed to load %s: %s", head->str, strerror(errno));
497
			fatal_exit("dnsc_parse_keys: failed to load %s: %s", head->str, strerror(errno));
434
		}
498
		}
435
		verbose(VERB_OPS, "Loaded key %s", head->str);
499
		verbose(VERB_OPS, "Loaded key %s", head->str);
436
		if (crypto_scalarmult_base(env->keypairs[keypair_id].crypt_publickey,
500
		if (crypto_scalarmult_base(current_keypair->crypt_publickey,
437
								   env->keypairs[keypair_id].crypt_secretkey) != 0) {
501
								   current_keypair->crypt_secretkey) != 0) {
438
			fatal_exit("dnsc_parse_keys: could not generate public key from %s", head->str);
502
			fatal_exit("dnsc_parse_keys: could not generate public key from %s", head->str);
439
		}
503
		}
440
		dnsc_key_to_fingerprint(fingerprint, env->keypairs[keypair_id].crypt_publickey);
504
        // find the cert matching this key
441
		verbose(VERB_OPS, "Crypt public key fingerprint for %s: %s", head->str, fingerprint);
505
        for(c = 0; c < env->signed_certs_count; c++) {
506
            if(memcmp(current_keypair->crypt_publickey,
507
                      env->signed_certs[c].server_publickey,
508
                      crypto_box_PUBLICKEYBYTES) == 0) {
509
                dnsccert *current_cert = &env->certs[cert_id++];
510
                found_cert = 1;
511
                current_cert->keypair = current_keypair;
512
                memcpy(current_cert->magic_query,
513
                       env->signed_certs[c].magic_query,
514
                        sizeof env->signed_certs[c].magic_query);
515
                memcpy(current_cert->es_version,
516
                       env->signed_certs[c].version_major,
517
                       sizeof env->signed_certs[c].version_major
518
                );
519
                dnsc_key_to_fingerprint(fingerprint,
520
                                        current_cert->keypair->crypt_publickey);
521
                verbose(VERB_OPS, "Crypt public key fingerprint for %s: %s",
522
                        head->str, fingerprint);
523
                verbose(VERB_OPS, "Using %s",
524
                        key_get_es_version(current_cert->es_version));
525
#ifndef HAVE_XCHACHA20
526
                if (current_cert->es_version[1] == 0x02) {
527
                    fatal_exit("Certificate for XChacha20 but libsodium does not support it.");
528
                }
529
#endif
530
531
            }
532
        }
533
        if (!found_cert) {
534
            fatal_exit("dnsc_parse_keys: could not match certificate for key "
535
                       "%s. Unable to determine ES version.",
536
                       head->str);
537
        }
442
	}
538
	}
443
	return keypair_id;
539
	return cert_id;
444
}
540
}
445
541
446
542
 Lines 463-470   dnsc_handle_curved_request(struct dnsc_env* dnscenv, Link Here 
463
    // Attempt to decrypt the query. If it is not crypted, we may still need
559
    // Attempt to decrypt the query. If it is not crypted, we may still need
464
    // to serve the certificate.
560
    // to serve the certificate.
465
    verbose(VERB_ALGO, "handle request called on DNSCrypt socket");
561
    verbose(VERB_ALGO, "handle request called on DNSCrypt socket");
466
    if ((repinfo->keypair = dnsc_find_keypair(dnscenv, c->buffer)) != NULL) {
562
    if ((repinfo->dnsc_cert = dnsc_find_cert(dnscenv, c->buffer)) != NULL) {
467
        if(dnscrypt_server_uncurve(repinfo->keypair,
563
        if(dnscrypt_server_uncurve(repinfo->dnsc_cert,
468
                                   repinfo->client_nonce,
564
                                   repinfo->client_nonce,
469
                                   repinfo->nmkey,
565
                                   repinfo->nmkey,
470
                                   c->buffer) != 0){
566
                                   c->buffer) != 0){
 Lines 488-494   dnsc_handle_uncurved_request(struct comm_reply *repinfo) Link Here 
488
    if(!repinfo->is_dnscrypted) {
584
    if(!repinfo->is_dnscrypted) {
489
        return 1;
585
        return 1;
490
    }
586
    }
491
	if(dnscrypt_server_curve(repinfo->keypair,
587
	if(dnscrypt_server_curve(repinfo->dnsc_cert,
492
                             repinfo->client_nonce,
588
                             repinfo->client_nonce,
493
                             repinfo->nmkey,
589
                             repinfo->nmkey,
494
                             repinfo->c->dnscrypt_buffer,
590
                             repinfo->c->dnscrypt_buffer,
(-)b/dnscrypt/dnscrypt.h (+11 lines)
 Lines 35-40    Link Here 
35
#define DNSCRYPT_REPLY_HEADER_SIZE \
35
#define DNSCRYPT_REPLY_HEADER_SIZE \
36
    (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES * 2 + crypto_box_MACBYTES)
36
    (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES * 2 + crypto_box_MACBYTES)
37
37
38
#ifdef crypto_box_curve25519xchacha20poly1305_MACBYTES
39
# define HAVE_XCHACHA20 1
40
#endif
41
38
struct sldns_buffer;
42
struct sldns_buffer;
39
struct config_file;
43
struct config_file;
40
struct comm_reply;
44
struct comm_reply;
 Lines 44-51   typedef struct KeyPair_ { Link Here 
44
    uint8_t crypt_secretkey[crypto_box_SECRETKEYBYTES];
48
    uint8_t crypt_secretkey[crypto_box_SECRETKEYBYTES];
45
} KeyPair;
49
} KeyPair;
46
50
51
typedef struct cert_ {
52
    uint8_t magic_query[DNSCRYPT_MAGIC_HEADER_LEN];
53
    uint8_t es_version[2];
54
    KeyPair *keypair;
55
} dnsccert;
56
47
struct dnsc_env {
57
struct dnsc_env {
48
	struct SignedCert *signed_certs;
58
	struct SignedCert *signed_certs;
59
    dnsccert *certs;
49
	size_t signed_certs_count;
60
	size_t signed_certs_count;
50
	uint8_t provider_publickey[crypto_sign_ed25519_PUBLICKEYBYTES];
61
	uint8_t provider_publickey[crypto_sign_ed25519_PUBLICKEYBYTES];
51
	uint8_t provider_secretkey[crypto_sign_ed25519_SECRETKEYBYTES];
62
	uint8_t provider_secretkey[crypto_sign_ed25519_SECRETKEYBYTES];
(-)b/util/netevent.h (-3 / +1 lines)
 Lines 120-126   struct comm_reply { Link Here 
120
#ifdef USE_DNSCRYPT
120
#ifdef USE_DNSCRYPT
121
	uint8_t client_nonce[crypto_box_HALF_NONCEBYTES];
121
	uint8_t client_nonce[crypto_box_HALF_NONCEBYTES];
122
	uint8_t nmkey[crypto_box_BEFORENMBYTES];
122
	uint8_t nmkey[crypto_box_BEFORENMBYTES];
123
	const KeyPair *keypair;
123
	const dnsccert *dnsc_cert;
124
	int is_dnscrypted;
124
	int is_dnscrypted;
125
#endif
125
#endif
126
	/** the return source interface data */
126
	/** the return source interface data */
127
- 
128
--
129
testdata/dnscrypt_cert.tpkg | Bin 2875 -> 3158 bytes
127
testdata/dnscrypt_cert.tpkg | Bin 2875 -> 3158 bytes
130
1 file changed, 0 insertions(+), 0 deletions(-)
128
1 file changed, 0 insertions(+), 0 deletions(-)
(-)b/testcode/do-tests.sh (-1 / +1 lines)
 Lines 9-15   NEED_CURL='06-ianaports.tpkg root_anchor.tpkg' Link Here 
9
NEED_WHOAMI='07-confroot.tpkg'
9
NEED_WHOAMI='07-confroot.tpkg'
10
NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg edns_cache.tpkg'
10
NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg edns_cache.tpkg'
11
NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg'
11
NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg'
12
NEED_DNSCRYPT_PROXY='dnscrypt_queries.tpkg'
12
NEED_DNSCRYPT_PROXY='dnscrypt_queries.tpkg dnscrypt_queries_chacha.tpkg'
13
13
14
# test if dig and ldns-testns are available.
14
# test if dig and ldns-testns are available.
15
test_tool_avail "dig"
15
test_tool_avail "dig"

Return to bug 1276