Commit 75ce8785 authored by Ondrej Sury's avatar Ondrej Sury

Imported Upstream version 1.6.13

parent 291a2812
1.6.13 2012-05-21
* New -S option for ldns-verify-zone to chase signatures online.
* New -k option for ldns-verify-zone to validate using a trusted key.
* New inception and expiration margin options (-i and -e) to
ldns-verify-zone.
* New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l
functions.
* New ldns_duration* functions (copied from OpenDNSSEC source)
* fix ldns-verify-zone to allow NSEC3 signatures to come before
the NSEC3 RR in all cases. Thanks Wolfgang Nagele.
* Zero the correct flag (opt-out) when creating NSEC3PARAMS.
Thanks Peter van Dijk.
* Canonicalize RRSIG's Signer's name too when validating, because
bind and unbound do that too. Thanks Peter van Dijk.
* bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
* bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free
* bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT
* bugfix #427: Explicitely link ssl with the programs that use it.
* Fix reading \DDD: Error on values that are outside range (>255).
* bugfix #429: fix doxyparse.pl fails on NetBSD because specified
path to perl.
* New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl.
* fix verifying denial of existence for DS's in NSEC3 Opt-Out zones.
Thanks John Barnitz
1.6.12 2012-01-11
* bugfix #413: Fix manpage source for srcdir != builddir
* Canonicalize the signers name rdata field in RRSIGs when signing
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
......@@ -2,7 +2,9 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 19
# Version 21
# 2012-02-09 Fix AHX_MEMCMP_BROKEN with undef in compat/memcmp.h.
# 2012-01-20 Fix COMPILER_FLAGS_UNBOUND for gcc 4.6.2 assigned-not-used-warns.
# 2011-12-05 Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc.
# Fix ACX_MALLOC for redefined malloc error.
# Fix GETADDRINFO_WITH_INCLUDES to add -lws2_32
......@@ -259,6 +261,8 @@ int test() {
a = getopt(2, opts, "a");
a = isascii(32);
str = gai_strerror(0);
if(str && t && tv.tv_usec && msg.msg_control)
a = 0;
return a;
}
], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"])
......@@ -294,6 +298,8 @@ int test() {
a = getopt(2, opts, "a");
a = isascii(32);
str = gai_strerror(0);
if(str && t && tv.tv_usec && msg.msg_control)
a = 0;
return a;
}
], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"])
......@@ -360,6 +366,8 @@ int test() {
const char* str = NULL;
t = ctime_r(&time, buf);
str = gai_strerror(0);
if(t && str)
a = 0;
return a;
}
], [CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=200112"])
......@@ -386,6 +394,8 @@ int test() {
srandom(32);
a = getopt(2, opts, "a");
a = isascii(32);
if(tv.tv_usec)
a = 0;
return a;
}
], [CFLAGS="$CFLAGS -D__EXTENSIONS__"])
......@@ -1317,9 +1327,7 @@ int main(void)
dnl define memcmp to its replacement, pass unique id for program as arg
AC_DEFUN([AHX_MEMCMP_BROKEN], [
#ifdef MEMCMP_IS_BROKEN
# ifdef memcmp
# undef memcmp
# endif
#include "compat/memcmp.h"
#define memcmp memcmp_$1
int memcmp(const void *x, const void *y, size_t n);
#endif
......
......@@ -178,7 +178,8 @@ for e in get_config_vars ('VERSION'):
if (e != None):
ret += e
print (ret)
EOD`
EOD
`
if test -z "$ac_python_version"; then
if test -n "$PYTHON_VERSION"; then
......@@ -202,7 +203,8 @@ for e in distutils.sysconfig.get_config_vars ('LIBDIR'):
if e != None:
print (e)
break
EOD`
EOD
`
# Before checking for libpythonX.Y, we need to know
# the extension the OS we're on uses for libraries
......
......@@ -2,9 +2,9 @@
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
# 2011 Free Software Foundation, Inc.
# 2011, 2012 Free Software Foundation, Inc.
timestamp='2011-05-11'
timestamp='2012-02-10'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
......@@ -17,9 +17,7 @@ timestamp='2011-05-11'
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
# 02110-1301, USA.
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
......@@ -57,8 +55,8 @@ GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
Software Foundation, Inc.
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
......@@ -145,7 +143,7 @@ UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:NetBSD:*:*)
# NetBSD (nbsd) targets should (where applicable) match one or
# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
# switched to ELF, *-*-netbsd* would select the old
# object file format. This provides both forward
......@@ -792,13 +790,12 @@ EOF
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
exit ;;
*:FreeBSD:*:*)
case ${UNAME_MACHINE} in
pc98)
echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
UNAME_PROCESSOR=`/usr/bin/uname -p`
case ${UNAME_PROCESSOR} in
amd64)
echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
*)
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
esac
exit ;;
i*:CYGWIN*:*)
......@@ -807,6 +804,9 @@ EOF
*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit ;;
i*:MSYS*:*)
echo ${UNAME_MACHINE}-pc-msys
exit ;;
i*:windows32*:*)
# uname -m includes "-pc" on this system.
echo ${UNAME_MACHINE}-mingw32
......@@ -861,6 +861,13 @@ EOF
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit ;;
aarch64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
aarch64_be:Linux:*:*)
UNAME_MACHINE=aarch64_be
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
......@@ -895,13 +902,16 @@ EOF
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
cris:Linux:*:*)
echo cris-axis-linux-gnu
echo ${UNAME_MACHINE}-axis-linux-gnu
exit ;;
crisv32:Linux:*:*)
echo crisv32-axis-linux-gnu
echo ${UNAME_MACHINE}-axis-linux-gnu
exit ;;
frv:Linux:*:*)
echo frv-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
hexagon:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
i*86:Linux:*:*)
LIBC=gnu
......@@ -943,7 +953,7 @@ EOF
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
;;
or32:Linux:*:*)
echo or32-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
padre:Linux:*:*)
echo sparc-unknown-linux-gnu
......@@ -978,13 +988,13 @@ EOF
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
tile*:Linux:*:*)
echo ${UNAME_MACHINE}-tilera-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
vax:Linux:*:*)
echo ${UNAME_MACHINE}-dec-linux-gnu
exit ;;
x86_64:Linux:*:*)
echo x86_64-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
......@@ -1315,6 +1325,9 @@ EOF
i*86:AROS:*:*)
echo ${UNAME_MACHINE}-pc-aros
exit ;;
x86_64:VMkernel:*:*)
echo ${UNAME_MACHINE}-unknown-esx
exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
......
......@@ -2,9 +2,9 @@
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
# 2011 Free Software Foundation, Inc.
# 2011, 2012 Free Software Foundation, Inc.
timestamp='2011-03-23'
timestamp='2012-02-10'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
......@@ -21,9 +21,7 @@ timestamp='2011-03-23'
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
# 02110-1301, USA.
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
......@@ -76,8 +74,8 @@ version="\
GNU config.sub ($timestamp)
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
Software Foundation, Inc.
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
......@@ -132,6 +130,10 @@ case $maybe_os in
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
android-linux)
os=-linux-android
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
;;
*)
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
if [ $basic_machine != $1 ]
......@@ -247,17 +249,22 @@ case $basic_machine in
# Some are omitted here because they have special meanings below.
1750a | 580 \
| a29k \
| aarch64 | aarch64_be \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
| be32 | be64 \
| bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
| epiphany \
| fido | fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
| le32 | le64 \
| lm32 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
| maxq | mb | microblaze | mcore | mep | metag \
......@@ -291,7 +298,7 @@ case $basic_machine in
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle \
| pyramid \
| rx \
| rl78 | rx \
| score \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
......@@ -300,7 +307,7 @@ case $basic_machine in
| spu \
| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
| ubicom32 \
| v850 | v850e \
| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| we32k \
| x86 | xc16x | xstormy16 | xtensa \
| z8k | z80)
......@@ -315,8 +322,7 @@ case $basic_machine in
c6x)
basic_machine=tic6x-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12 | picochip)
# Motorola 68HC11/12.
m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
basic_machine=$basic_machine-unknown
os=-none
;;
......@@ -329,7 +335,10 @@ case $basic_machine in
strongarm | thumb | xscale)
basic_machine=arm-unknown
;;
xgate)
basic_machine=$basic_machine-unknown
os=-none
;;
xscaleeb)
basic_machine=armeb-unknown
;;
......@@ -352,11 +361,13 @@ case $basic_machine in
# Recognize the basic CPU types with company name.
580-* \
| a29k-* \
| aarch64-* | aarch64_be-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
| be32-* | be64-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \
| clipper-* | craynv-* | cydra-* \
......@@ -365,8 +376,10 @@ case $basic_machine in
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| hexagon-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
| le32-* | le64-* \
| lm32-* \
| m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
......@@ -400,7 +413,7 @@ case $basic_machine in
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
| romp-* | rs6000-* | rx-* \
| rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
......@@ -408,10 +421,11 @@ case $basic_machine in
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
| tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tile-* | tilegx-* \
| tile*-* \
| tron-* \
| ubicom32-* \
| v850-* | v850e-* | vax-* \
| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
| vax-* \
| we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* \
| xstormy16-* | xtensa*-* \
......@@ -711,7 +725,6 @@ case $basic_machine in
i370-ibm* | ibm*)
basic_machine=i370-ibm
;;
# I'm not sure what "Sysv32" means. Should this be sysv3.2?
i*86v32)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv32
......@@ -808,10 +821,18 @@ case $basic_machine in
ms1-*)
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
;;
msys)
basic_machine=i386-pc
os=-msys
;;
mvs)
basic_machine=i370-ibm
os=-mvs
;;
nacl)
basic_machine=le32-unknown
os=-nacl
;;
ncr3000)
basic_machine=i486-ncr
os=-sysv4
......@@ -1120,13 +1141,8 @@ case $basic_machine in
basic_machine=t90-cray
os=-unicos
;;
# This must be matched before tile*.
tilegx*)
basic_machine=tilegx-unknown
os=-linux-gnu
;;
tile*)
basic_machine=tile-unknown
basic_machine=$basic_machine-unknown
os=-linux-gnu
;;
tx39)
......@@ -1336,7 +1352,7 @@ case $os in
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* \
......@@ -1548,9 +1564,6 @@ case $basic_machine in
;;
m68000-sun)
os=-sunos3
# This also exists in the configure program, but was not the
# default.
# os=-sunos4
;;
m68*-cisco)
os=-aout
......
This diff is collapsed.
......@@ -6,7 +6,7 @@ sinclude(acx_nlnetlabs.m4)
# must be numbers. ac_defun because of later processing.
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[6])
m4_define([VERSION_MICRO],[12])
m4_define([VERSION_MICRO],[13])
AC_INIT(ldns, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), libdns@nlnetlabs.nl, libdns)
AC_CONFIG_SRCDIR([packet.c])
# needed to build correct soname
......@@ -297,31 +297,21 @@ case "$enable_gost" in
;;
esac
AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--enable-ecdsa], [Enable ECDSA support, experimental]))
AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--disable-ecdsa], [Disable ECDSA support]))
case "$enable_ecdsa" in
yes)
no)
;;
*) dnl default
if test "x$HAVE_SSL" != "xyes"; then
AC_MSG_ERROR([ECDSA enabled, but no SSL support])
fi
AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA])])
AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384])])
AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curve])], [AC_INCLUDES_DEFAULT
AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade OpenSSL or rerun with --disable-ecdsa])])
AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade OpenSSL or rerun with --disable-ecdsa])])
AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade OpenSSL or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
# we now know we have ECDSA and the required curves.
AC_DEFINE_UNQUOTED([USE_ECDSA], [1], [Define this to enable ECDSA support.])
AC_SUBST(ldns_build_config_use_ecdsa, 1)
AC_WARN([
*****************************************************************
*** YOU HAVE ENABLED ECDSA WHICH IS EXPERIMENTAL AT THIS TIME ***
*** PLEASE DO NOT USE THIS ON THE PUBLIC INTERNET ***
*****************************************************************])
;;
no)
AC_SUBST(ldns_build_config_use_ecdsa, 0)
;;
*)
AC_SUBST(ldns_build_config_use_ecdsa, 0)
;;
esac
......
......@@ -87,9 +87,6 @@ ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2)
if (left_size > 0 &&ldns_rdf_data(rd1)[left_size - 1] == 0) {
left_size--;
}
if(left_size == 0) {
return LDNS_STATUS_OK;
}
size = left_size + ldns_rdf_size(rd2);
newd = LDNS_XREALLOC(ldns_rdf_data(rd1), uint8_t, size);
......@@ -530,6 +527,7 @@ ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos)
uint16_t len;
ldns_rdf *tmpnew;
size_t s;
uint8_t *data;
if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_DNAME) {
return NULL;
......@@ -543,19 +541,19 @@ ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos)
while ((len > 0) && src_pos < s) {
if (labelcnt == labelpos) {
/* found our label */
tmpnew = LDNS_MALLOC(ldns_rdf);
if (!tmpnew) {
data = LDNS_XMALLOC(uint8_t, len + 2);
if (!data) {
return NULL;
}
tmpnew->_type = LDNS_RDF_TYPE_DNAME;
tmpnew->_data = LDNS_XMALLOC(uint8_t, len + 2);
if (!tmpnew->_data) {
LDNS_FREE(tmpnew);
memcpy(data, ldns_rdf_data(rdf) + src_pos, len + 1);
data[len + 2 - 1] = 0;
tmpnew = ldns_rdf_new( LDNS_RDF_TYPE_DNAME
, len + 2, data);
if (!tmpnew) {
LDNS_FREE(data);
return NULL;
}
memset(tmpnew->_data, 0, len + 2);
memcpy(tmpnew->_data, ldns_rdf_data(rdf) + src_pos, len + 1);
tmpnew->_size = len + 2;
return tmpnew;
}
src_pos++;
......
......@@ -116,7 +116,6 @@ ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
size_t nsec_i;
ldns_rr *nsec;
ldns_rdf *result = NULL;
qtype = qtype;
if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) {
return NULL;
......@@ -533,17 +532,18 @@ ldns_key_rr2ds(const ldns_rr *key, ldns_hash h)
ldns_rr_free(ds);
return NULL;
#endif
#ifdef USE_ECDSA
/* Make similar ``not implemented'' construct as above when
draft-hoffman-dnssec-ecdsa-04 becomes a standard
*/
case LDNS_SHA384:
#ifdef USE_ECDSA
digest = LDNS_XMALLOC(uint8_t, SHA384_DIGEST_LENGTH);
if (!digest) {
ldns_rr_free(ds);
return NULL;
}
break;
#else
/* not implemented */
ldns_rr_free(ds);
return NULL;
#endif
}
......@@ -636,8 +636,8 @@ ldns_key_rr2ds(const ldns_rr *key, ldns_hash h)
ldns_rr_push_rdf(ds, tmp);
#endif
break;
#ifdef USE_ECDSA
case LDNS_SHA384:
#ifdef USE_ECDSA
(void) SHA384((unsigned char *) ldns_buffer_begin(data_buf),
(unsigned int) ldns_buffer_position(data_buf),
(unsigned char *) digest);
......@@ -645,8 +645,8 @@ ldns_key_rr2ds(const ldns_rr *key, ldns_hash h)
SHA384_DIGEST_LENGTH,
digest);
ldns_rr_push_rdf(ds, tmp);
break;
#endif
break;
}
LDNS_FREE(digest);
......@@ -839,8 +839,6 @@ ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
ldns_status status;
int on_delegation_point;
flags = flags;
if (!from) {
return NULL;
}
......@@ -1568,34 +1566,34 @@ ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted)
}
int
ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n)
ldns_dnssec_default_add_to_signatures( ATTR_UNUSED(ldns_rr *sig)
, ATTR_UNUSED(void *n)
)
{
sig = sig;
n = n;
return LDNS_SIGNATURE_LEAVE_ADD_NEW;
}
int
ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n)
ldns_dnssec_default_leave_signatures( ATTR_UNUSED(ldns_rr *sig)
, ATTR_UNUSED(void *n)
)
{
sig = sig;
n = n;
return LDNS_SIGNATURE_LEAVE_NO_ADD;
}
int
ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n)
ldns_dnssec_default_delete_signatures( ATTR_UNUSED(ldns_rr *sig)
, ATTR_UNUSED(void *n)
)
{
sig = sig;
n = n;
return LDNS_SIGNATURE_REMOVE_NO_ADD;
}
int
ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n)
ldns_dnssec_default_replace_signatures( ATTR_UNUSED(ldns_rr *sig)
, ATTR_UNUSED(void *n)
)
{
sig = sig;
n = n;
return LDNS_SIGNATURE_REMOVE_ADD_NEW;
}
......
......@@ -888,10 +888,11 @@ ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
#endif /* HAVE_SSL */
ldns_dnssec_rrs *
ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures,
ldns_key_list *key_list,
int (*func)(ldns_rr *, void *),
void *arg)
ldns_dnssec_remove_signatures( ldns_dnssec_rrs *signatures
, ATTR_UNUSED(ldns_key_list *key_list)
, int (*func)(ldns_rr *, void *)
, void *arg
)
{
ldns_dnssec_rrs *base_rrs = signatures;
ldns_dnssec_rrs *cur_rr = base_rrs;
......@@ -901,8 +902,6 @@ ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures,
uint16_t keytag;
size_t i;
key_list = key_list;
if (!cur_rr) {
switch(func(NULL, arg)) {
case LDNS_SIGNATURE_LEAVE_ADD_NEW:
......@@ -1024,12 +1023,13 @@ ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list)
}
ldns_status
ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone,
ldns_rr_list *new_rrs,
ldns_key_list *key_list,
int (*func)(ldns_rr *, void*),
void *arg,
int flags)
ldns_dnssec_zone_create_rrsigs_flg( ATTR_UNUSED(ldns_dnssec_zone *zone)
, ATTR_UNUSED(ldns_rr_list *new_rrs)
, ATTR_UNUSED(ldns_key_list *key_list)
, int (*func)(ldns_rr *, void*)
, void *arg
, int flags
)
{
ldns_status result = LDNS_STATUS_OK;
......@@ -1047,12 +1047,11 @@ ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone,
int on_delegation_point = 0; /* handle partially occluded names */
ldns_rr_list *pubkey_list = ldns_rr_list_new();
zone = zone;
new_rrs = new_rrs;
key_list = key_list;
for (i = 0; i<ldns_key_list_key_count(key_list); i++) {
ldns_rr_list_push_rr(pubkey_list,
ldns_key2rr(ldns_key_list_key(key_list, i)));
ldns_rr_list_push_rr( pubkey_list
, ldns_key2rr(ldns_key_list_key(
key_list, i))
);
}
/* TODO: callback to see is list should be signed */
/* TODO: remove 'old' signatures from signature list */
......@@ -1279,8 +1278,9 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
salt_length,
salt);
/* always set bit 7 of the flags to zero, according to
* rfc5155 section 11 */
ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 7, 0);
* rfc5155 section 11. The bits are counted from right to left,
* so bit 7 in rfc5155 is bit 0 in ldns */
ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 0, 0);
result = ldns_dnssec_zone_add_rr(zone, nsec3param);
if (result != LDNS_STATUS_OK) {
return result;
......
......@@ -509,7 +509,7 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE *out,
if (!sibmap) {
treedepth = ldns_dnssec_trust_tree_depth(tree);
sibmap = malloc(treedepth);
sibmap = LDNS_XMALLOC(uint8_t, treedepth);
if(!sibmap)
return; /* mem err */
memset(sibmap, 0, treedepth);
......@@ -623,7 +623,7 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE *out,
}
if (mapset) {
free(sibmap);
LDNS_FREE(sibmap);
}
}
......@@ -1578,13 +1578,14 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
#ifdef HAVE_SSL
ldns_status
ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr,
ldns_rr_list *nsecs,
ldns_rr_list *rrsigs,
ldns_pkt_rcode packet_rcode,
ldns_rr_type packet_qtype,
bool packet_nodata,