Commit ac8f69d4 authored by Ondrej Sury's avatar Ondrej Sury

Imported Upstream version 1.4.0

parent f3f7a4d9
1.4.0
Bug fixes:
* sig chase return code fix (patch from Rafael Justo, bug id 189)
* rdata.c memory leaks on error and allocation checks fixed (patch
from Shane Kerr, bug id 188)
* zone.c memory leaks on error and allocation checks fixed (patch
from Shane Kerr, bug id 189)
* ldns-zplit output and error messages fixed (patch from Shane Kerr,
bug id 190)
* Fixed potential buffer overflow in ldns_str2rdf_dname
* Signing code no longer signs delegation NS rrsets
* Some minor configure/makefile updates
* Fixed a bug in the randomness initialization
* Fixed a bug in the reading of resolv.conf
* Fixed a bug concerning whitespace in zone data (with patch from Ondrej
Sury, bug 213)
* Fixed a small fallback problem in axfr client code
API CHANGES:
* added 2str convenience functions:
- ldns_rr_type2str
- ldns_rr_class2str
- ldns_rr_type2buffer_str
- ldns_rr_class2buffer_str
* buffer2str() is now called ldns_buffer2str
* base32 and base64 function names are now also prepended with ldns_
* ldns_rr_new_frm_str() now returns an error on missing RDATA fields.
Since you cannot read QUESTION section RRs with this anymore,
there is now a function called ldns_rr_new_question_frm_str()
LIBRARY FEATURES:
* DS RRs string representation now add bubblebabble in a comment
(patch from Jakob Schlyter)
* DLV RR type added
* TCP fallback system has been improved
* HMAC-SHA256 TSIG support has been added.
* TTLS are now correcly set in NSEC(3) records when signing zones
EXAMPLE TOOLS:
* New example: ldns-revoke to revoke DNSKEYs according to RFC5011
* ldns-testpkts has been fixed and updated
* ldns-signzone now has the option to not add the DNSKEY
* ldns-signzone now has an (full zone only) opt-out option for
NSEC3
* ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys
* ldns-walk output has been fixed
* ldns-compare-zones has been fixed, and now has an option
to show all differences (-a)
* ldns-read-zone now has an option to print DNSSEC records only
1.3
Base library:
......
......@@ -51,7 +51,6 @@ LIBDNS_HEADERS = $(srcdir)/ldns/error.h \
$(srcdir)/ldns/str2host.h \
$(srcdir)/ldns/buffer.h \
$(srcdir)/ldns/resolver.h \
$(srcdir)/ldns/net.h \
$(srcdir)/ldns/dname.h \
$(srcdir)/ldns/dnssec.h \
$(srcdir)/ldns/dnssec_verify.h \
......@@ -91,7 +90,13 @@ linktest: $(srcdir)/linktest.c $(LIBDNS_HEADERS) ldns/util.h ldns/config.h libld
lib: libldns.la
if [ ! -d lib ] ; then ln -s .libs lib ; fi ;
lib-export-all: libldns.la-export-all
if [ ! -d lib ] ; then ln -s .libs lib ; fi ;
libldns.la: $(LIBDNS_OBJECTS)
$(LINK_LIB) --export-symbols $(srcdir)/ldns_symbols.def -o libldns.la $(LIBDNS_LOBJECTS) -rpath $(libdir) $(RUNTIME_PATH)
libldns.la-export-all: $(LIBDNS_OBJECTS)
$(LINK_LIB) -o libldns.la $(LIBDNS_LOBJECTS) -rpath $(libdir) $(RUNTIME_PATH)
$(addprefix include/ldns/, $(notdir $(LIBDNS_HEADERS))): include/ldns/%.h: $(srcdir)/ldns/%.h
......@@ -139,6 +144,7 @@ install-h: lib
for i in $(LIBDNS_HEADERS); do \
MVPROG=/bin/cp $(INSTALL) -m 644 $$i $(DESTDIR)$(includedir)/ldns/; done
MVPROG=/bin/cp $(INSTALL) -m 644 include/ldns/util.h $(DESTDIR)$(includedir)/ldns/
MVPROG=/bin/cp $(INSTALL) -m 644 include/ldns/net.h $(DESTDIR)$(includedir)/ldns/
uninstall-h:
for i in $(LIBDNS_HEADERS); do \
......@@ -164,7 +170,7 @@ clean:
rm -f *.ds
rm -f *.private
rm -rf include/
rm -f lib
rm -rf lib
rm -rf .libs
rm -f linktest
......@@ -275,3 +281,9 @@ test-clean:
tpkg -b test clean
#-include $(ALL_SOURCES:.c=.d)
# Recreate symbols file, only needed when API changes
# make clean first (and after this make clean; make again)
symbols: lib-export-all
nm -g lib/libldns.so | cut -d " " -f 3 | grep ldns | sort > $(srcdir)/ldns_symbols.def
......@@ -174,7 +174,7 @@ static const char Pad32 = '=';
int
b32_ntop_ar(uint8_t const *src, size_t srclength, char *target, size_t targsize, const char B32_ar[]) {
ldns_b32_ntop_ar(uint8_t const *src, size_t srclength, char *target, size_t targsize, const char B32_ar[]) {
size_t datalength = 0;
uint8_t input[5];
uint8_t output[8];
......@@ -296,13 +296,25 @@ b32_ntop_ar(uint8_t const *src, size_t srclength, char *target, size_t targsize,
return (int) (datalength);
}
int
ldns_b32_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) {
return ldns_b32_ntop_ar(src, srclength, target, targsize, Base32);
}
/* deprecated, here for backwards compatibility */
int
b32_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) {
return b32_ntop_ar(src, srclength, target, targsize, Base32);
return ldns_b32_ntop_ar(src, srclength, target, targsize, Base32);
}
int
ldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength, char *target, size_t targsize) {
return ldns_b32_ntop_ar(src, srclength, target, targsize, Base32_extended_hex);
}
/* deprecated, here for backwards compatibility */
int
b32_ntop_extended_hex(uint8_t const *src, size_t srclength, char *target, size_t targsize) {
return b32_ntop_ar(src, srclength, target, targsize, Base32_extended_hex);
return ldns_b32_ntop_ar(src, srclength, target, targsize, Base32_extended_hex);
}
......@@ -177,7 +177,7 @@ static const char Pad32 = '=';
*/
int
b32_pton_ar(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize, const char B32_ar[])
ldns_b32_pton_ar(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize, const char B32_ar[])
{
int tarindex, state, ch;
char *pos;
......@@ -362,15 +362,28 @@ b32_pton_ar(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_
return (tarindex);
}
int
ldns_b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize)
{
return ldns_b32_pton_ar(src, hashed_owner_str_len, target, targsize, Base32);
}
/* deprecated, here for backwards compatibility */
int
b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize)
{
return b32_pton_ar(src, hashed_owner_str_len, target, targsize, Base32);
return ldns_b32_pton_ar(src, hashed_owner_str_len, target, targsize, Base32);
}
int
b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize)
ldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize)
{
return b32_pton_ar(src, hashed_owner_str_len, target, targsize, Base32_extended_hex);
return ldns_b32_pton_ar(src, hashed_owner_str_len, target, targsize, Base32_extended_hex);
}
/* deprecated, here for backwards compatibility */
int
b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize)
{
return ldns_b32_pton_ar(src, hashed_owner_str_len, target, targsize, Base32_extended_hex);
}
......@@ -131,7 +131,7 @@ static const char Pad64 = '=';
*/
int
b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) {
ldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) {
size_t datalength = 0;
uint8_t input[3];
uint8_t output[4];
......
......@@ -137,7 +137,7 @@ static const char Pad64 = '=';
*/
int
b64_pton(char const *src, uint8_t *target, size_t targsize)
ldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
{
int tarindex, state, ch;
char *pos;
......
......@@ -48,6 +48,7 @@
* First, socket and INET6 related definitions
*/
#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
#ifndef _SS_MAXSIZE
# define _SS_MAXSIZE 128 /* Implementation specific max size */
# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr))
struct sockaddr_storage {
......@@ -55,6 +56,7 @@ struct sockaddr_storage {
char __ss_pad2[_SS_PADSIZE];
};
# define ss_family ss_sa.sa_family
#endif /* _SS_MAXSIZE */
#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */
#ifndef IN6_IS_ADDR_LOOPBACK
......
......@@ -103,7 +103,7 @@ inet_aton(const char *cp, struct in_addr *addr)
* Values are specified as for C:
* 0x=hex, 0=octal, isdigit=decimal.
*/
if (!isdigit(c))
if (!isdigit((int) c))
return (0);
val = 0; base = 10;
if (c == '0') {
......@@ -114,12 +114,12 @@ inet_aton(const char *cp, struct in_addr *addr)
base = 8;
}
for (;;) {
if (isascii(c) && isdigit(c)) {
if (isascii((int) c) && isdigit((int) c)) {
val = (val * base) + (c - '0');
c = *++cp;
} else if (base == 16 && isascii(c) && isxdigit(c)) {
} else if (base == 16 && isascii((int) c) && isxdigit((int) c)) {
val = (val << 4) |
(c + 10 - (islower(c) ? 'a' : 'A'));
(c + 10 - (islower((int) c) ? 'a' : 'A'));
c = *++cp;
} else
break;
......@@ -141,7 +141,7 @@ inet_aton(const char *cp, struct in_addr *addr)
/*
* Check for trailing characters.
*/
if (c != '\0' && (!isascii(c) || !isspace(c)))
if (c != '\0' && (!isascii((int) c) || !isspace((int) c)))
return (0);
/*
* Concoct the address according to
......
......@@ -199,7 +199,7 @@ static void dopr (char *buffer, size_t maxlen, const char *format, va_list args)
}
break;
case DP_S_MIN:
if (isdigit(ch))
if (isdigit((int) ch))
{
min = 10*min + char_to_int (ch);
ch = *format++;
......@@ -223,7 +223,7 @@ static void dopr (char *buffer, size_t maxlen, const char *format, va_list args)
state = DP_S_MOD;
break;
case DP_S_MAX:
if (isdigit(ch))
if (isdigit((int) ch))
{
if (max < 0)
max = 0;
......@@ -526,7 +526,7 @@ static long double abs_val (long double value)
return result;
}
static long double pow10 (int exp)
static double pow10 (double exp)
{
long double result = 1;
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -2,15 +2,16 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.56)
AC_INIT(ldns, 1.3.0, libdns@nlnetlabs.nl, libdns)
AC_INIT(ldns, 1.4.0, libdns@nlnetlabs.nl, libdns)
AC_CONFIG_SRCDIR([packet.c])
# needed to build correct soname
AC_SUBST(LIBTOOL_VERSION_INFO, "1:3:0")
AC_SUBST(LIBTOOL_VERSION_INFO, "1:4:0")
PACKAGE_VERSION="$PACKAGE_VERSION"
OURCPPFLAGS=''
CPPFLAGS=${CPPFLAGS:-${OURCPPFLAGS}}
CFLAGS="$CFLAGS"
AC_AIX
# Checks for programs.
......@@ -59,18 +60,18 @@ AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache,
[
echo '$2' > conftest.c
echo 'void f(){}' >>conftest.c
if test -z "`$CC $CFLAGS -Werror -Wall -c conftest.c 2>&1`"; then
if test -z "`$CC -Werror -Wall $CFLAGS -c conftest.c 2>&1`"; then
eval "cv_prog_cc_flag_needed_$cache=no"
else
[
if test -z "`$CC $CFLAGS $1 -Werror -Wall -c conftest.c 2>&1`"; then
if test -z "`$CC $1 -Werror -Wall $CFLAGS -c conftest.c 2>&1`"; then
eval "cv_prog_cc_flag_needed_$cache=yes"
else
eval "cv_prog_cc_flag_needed_$cache=fail"
#echo 'Test with flag fails too!'
#cat conftest.c
#echo "$CC $CFLAGS $1 -Werror -Wall -c conftest.c 2>&1"
#echo `$CC $CFLAGS $1 -Werror -Wall -c conftest.c`
#echo "$CC $1 -Werror -Wall $CFLAGS -c conftest.c 2>&1"
#echo `$CC $1 -Werror -Wall $CFLAGS -c conftest.c`
#exit 1
fi
]
......@@ -90,10 +91,10 @@ else
AC_MSG_RESULT(failed)
:
#cat conftest.c
#echo "$CC $CFLAGS -Werror -Wall -c conftest.c"
#echo `$CC $CFLAGS -Werror -Wall -c conftest.c`
#echo "$CC $CFLAGS $1 -Werror -Wall -c conftest.c"
#echo `$CC $CFLAGS $1 -Werror -Wall -c conftest.c`
#echo "$CC -Werror -Wall $CFLAGS -c conftest.c"
#echo `$CC -Werror -Wall $CFLAGS -c conftest.c`
#echo "$CC $1 -Werror -Wall $CFLAGS -c conftest.c"
#echo `$CC $1 -Werror -Wall $CFLAGS -c conftest.c`
$5
fi
......@@ -104,9 +105,11 @@ fi
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_LANG_C
CHECK_COMPILER_FLAG(Wall, [CFLAGS="$CFLAGS -Wall"])
CHECK_COMPILER_FLAG(W, [CFLAGS="$CFLAGS -W"])
CHECK_COMPILER_FLAG(Wwrite-strings, [CFLAGS="$CFLAGS -Wwrite-strings"])
CHECK_COMPILER_FLAG(g, [CFLAGS="-g $CFLAGS"])
CHECK_COMPILER_FLAG(O2, [CFLAGS="-O2 $CFLAGS"])
CHECK_COMPILER_FLAG(Wall, [CFLAGS="-Wall $CFLAGS"])
CHECK_COMPILER_FLAG(W, [CFLAGS="-W $CFLAGS"])
CHECK_COMPILER_FLAG(Wwrite-strings, [CFLAGS="-Wwrite-strings $CFLAGS"])
AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT])
......@@ -282,21 +285,21 @@ fi
# copied again for use in ldns
AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
[enable SSL (will check /usr/local/ssl
/usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr/sfw /usr)]),[
/usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
])
if test x_$withval != x_no; then
AC_MSG_CHECKING(for SSL)
if test x_$withval = x_ -o x_$withval = x_yes; then
withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr/sfw /usr"
withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr"
fi
for dir in $withval; do
ssldir="$dir"
if test -f "$dir/include/openssl/ssl.h"; then
found_ssl="yes";
found_ssl="yes"
AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.])
CPPFLAGS="$CPPFLAGS -I$ssldir/include";
CPPFLAGS="$CPPFLAGS -I$ssldir/include"
break;
fi
done
......@@ -305,17 +308,46 @@ AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
else
AC_MSG_RESULT(found in $ssldir)
HAVE_SSL=yes
LDFLAGS="$LDFLAGS -L$ssldir/lib -lcrypto";
if test "x$enable_rpath" = xyes; then
LDFLAGS="$LDFLAGS -L$ssldir/lib -lcrypto"
if test "x$enable_rpath" = xyes; then
RUNTIME_PATH="$RUNTIME_PATH -R$ssldir/lib"
fi
AC_CHECK_LIB(crypto, HMAC_CTX_init,, [
fi
AC_MSG_CHECKING([for HMAC_CTX_init in -lcrypto])
ORIGLIBS="$LIBS"
LIBS="$LIBS -lcrypto"
AC_TRY_LINK(, [
int HMAC_CTX_init(void);
(void)HMAC_CTX_init();
], [
AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_HMAC_CTX_INIT], 1,
[If you have HMAC_CTX_init])
], [
AC_MSG_RESULT(no)
# check if -lwsock32 or -lgdi32 are needed.
LIBS="$LIBS -lgdi32"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
AC_TRY_LINK([], [
int HMAC_CTX_init(void);
(void)HMAC_CTX_init();
],[
AC_DEFINE([HAVE_HMAC_CTX_INIT], 1,
[If you have HMAC_CTX_init])
AC_MSG_RESULT(yes)
LDFLAGS="$LDFLAGS -lgdi32"
],[
AC_MSG_RESULT(no)
AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])
])
])
])
fi
AC_SUBST(HAVE_SSL)
AC_SUBST(RUNTIME_PATH)
fi
AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT])
AC_ARG_ENABLE(sha2, AC_HELP_STRING([--enable-sha2], [Enable SHA256 and SHA512 RRSIG support]))
case "$enable_sha2" in
......@@ -362,7 +394,7 @@ AC_HEADER_STDC
#AC_CHECK_HEADERS([getopt.h fcntl.h stdlib.h string.h strings.h unistd.h])
# do the very minimum - we can always extend this
AC_CHECK_HEADERS([getopt.h stdarg.h stdbool.h openssl/ssl.h netinet/in.h time.h arpa/inet.h netdb.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/socket.h,,,
AC_CHECK_HEADERS(sys/param.h sys/mount.h,,,
[AC_INCLUDES_DEFAULT
[
#if HAVE_SYS_PARAM_H
......@@ -370,6 +402,21 @@ AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/socket.h,,,
#endif
]
])
AC_CHECK_HEADER(sys/socket.h,
[
include_sys_socket_h='#include <sys/socket.h>'
AC_DEFINE(HAVE_SYS_SOCKET_H, 1, [define if you have sys/socket.h])
],[
include_sys_socket_h=''
],[AC_INCLUDES_DEFAULT
[
#if HAVE_SYS_PARAM_H
# include <sys/param.h>
#endif
]
])
AC_SUBST(include_sys_socket_h)
AC_CHECK_TYPE(socklen_t, ,
[AC_DEFINE([socklen_t], [int], [Define to 'int' if not defined])], [
AC_INCLUDES_DEFAULT
......@@ -524,57 +571,63 @@ AH_BOTTOM([
AH_BOTTOM([
#ifndef B64_PTON
int b64_ntop(uint8_t const *src, size_t srclength,
char *target, size_t targsize);
int ldns_b64_ntop(uint8_t const *src, size_t srclength,
char *target, size_t targsize);
/**
* calculates the size needed to store the result of b64_ntop
*/
/*@unused@*/
static inline size_t b64_ntop_calculate_size(size_t srcsize)
static inline size_t ldns_b64_ntop_calculate_size(size_t srcsize)
{
return ((((srcsize + 2) / 3) * 4) + 1);
}
#endif /* !B64_PTON */
#ifndef B64_NTOP
int b64_pton(char const *src, uint8_t *target, size_t targsize);
int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
/**
* calculates the size needed to store the result of b64_pton
* calculates the size needed to store the result of ldns_b64_pton
*/
/*@unused@*/
static inline size_t b64_pton_calculate_size(size_t srcsize)
static inline size_t ldns_b64_pton_calculate_size(size_t srcsize)
{
return ((((srcsize / 4) * 3) - 2) + 2);
}
#endif /* !B64_NTOP */
#ifndef B32_NTOP
int ldns_b32_ntop(uint8_t const *src, size_t srclength,
char *target, size_t targsize);
int b32_ntop(uint8_t const *src, size_t srclength,
char *target, size_t targsize);
int ldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
char *target, size_t targsize);
int b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
char *target, size_t targsize);
/**
* calculates the size needed to store the result of b32_ntop
*/
/*@unused@*/
static inline size_t b32_ntop_calculate_size(size_t srcsize)
static inline size_t ldns_b32_ntop_calculate_size(size_t srcsize)
{
size_t result = ((((srcsize / 5) * 8) - 2) + 2);
return result;
}
#endif /* !B32_PTON */
#endif /* !B32_NTOP */
#ifndef B32_PTON
int ldns_b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
int b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
int ldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
int b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize);
/**
* calculates the size needed to store the result of b32_pton
*/
/*@unused@*/
static inline size_t b32_pton_calculate_size(size_t srcsize)
static inline size_t ldns_b32_pton_calculate_size(size_t srcsize)
{
size_t result = ((((srcsize) / 8) * 5));
return result;
}
#endif /* !B32_NTOP */
#endif /* !B32_PTON */
#ifndef HAVE_SLEEP
/* use windows sleep, in millisecs, instead */
......@@ -621,7 +674,7 @@ size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
])
AC_CONFIG_FILES([Makefile ldns/util.h])
AC_CONFIG_FILES([Makefile ldns/net.h ldns/util.h])
AC_CONFIG_HEADER([ldns/config.h])
AC_OUTPUT
......
......@@ -408,6 +408,8 @@ ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle,
bool
ldns_dname_str_absolute(const char *dname_str)
{
if(dname_str && strcmp(dname_str, ".") == 0)
return 1;
return (dname_str &&
strlen(dname_str) > 1 &&
dname_str[strlen(dname_str) - 1] == '.' &&
......
......@@ -97,8 +97,8 @@ ldns_nsec_get_bitmap(ldns_rr *nsec) {
/* this is NOT the hash, but the original name! */
ldns_rdf *
ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
ATTR_UNUSED(ldns_rr_type qtype),
ldns_rr_list *nsec3s)
ATTR_UNUSED(ldns_rr_type qtype),
ldns_rr_list *nsec3s)
{
/* remember parameters, they must match */
uint8_t algorithm;
......@@ -119,6 +119,7 @@ ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
size_t nsec_i;
ldns_rr *nsec;
ldns_rdf *result = NULL;
qtype = qtype;
if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) {
return NULL;
......@@ -644,7 +645,9 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
}
ldns_rr *
ldns_dnssec_create_nsec(ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rr_type nsec_type)
ldns_dnssec_create_nsec(ldns_dnssec_name *from,
ldns_dnssec_name *to,
ldns_rr_type nsec_type)
{
ldns_rr *nsec_rr;
ldns_rr_type types[1024];
......@@ -728,10 +731,10 @@ ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
ldns_rr_set_rdf(nsec_rr, NULL, 4);
}
ldns_rr_set_rdf(nsec_rr,
ldns_dnssec_create_nsec_bitmap(types,
type_count,
LDNS_RR_TYPE_NSEC3), 5);
ldns_rr_push_rdf(nsec_rr,
ldns_dnssec_create_nsec_bitmap(types,
type_count,
LDNS_RR_TYPE_NSEC3));
return nsec_rr;
}
......@@ -906,14 +909,14 @@ ldns_nsec3_hash_name(ldns_rdf *name,
hashed_owner_str_len = SHA_DIGEST_LENGTH;
hashed_owner_b32 = LDNS_XMALLOC(char,
b32_ntop_calculate_size(
hashed_owner_str_len) + 1);
ldns_b32_ntop_calculate_size(
hashed_owner_str_len) + 1);
hashed_owner_b32_len =
(size_t) b32_ntop_extended_hex((uint8_t *) hashed_owner_str,
hashed_owner_str_len,
hashed_owner_b32,
b32_ntop_calculate_size(
hashed_owner_str_len));
(size_t) ldns_b32_ntop_extended_hex((uint8_t *) hashed_owner_str,
hashed_owner_str_len,
hashed_owner_b32,
ldns_b32_ntop_calculate_size(
hashed_owner_str_len));
if (hashed_owner_b32_len < 1) {
fprintf(stderr, "Error in base32 extended hex encoding ");
fprintf(stderr, "of hashed owner name (name: ");
......@@ -1001,6 +1004,7 @@ ldns_create_nsec3(ldns_rdf *cur_owner,
uint16_t cur_data_size = 0;
ldns_status status;
hashed_owner = ldns_nsec3_hash_name(cur_owner,
algorithm,
......@@ -1108,11 +1112,10 @@ ldns_create_nsec3(ldns_rdf *cur_owner,
cur_data_size += cur_window_max + 3;
}
ldns_rr_set_rdf(nsec,
ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC,
cur_data_size,
data),
5);
ldns_rr_push_rdf(nsec,
ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC,
cur_data_size,
data));
LDNS_FREE(bitmap);
LDNS_FREE(data);
......@@ -1536,61 +1539,6 @@ ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted)
qsort_rr_compare_nsec3);
}
ldns_status
ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
ldns_rr_list *new_rrs,
uint8_t algorithm,
uint8_t flags,
uint16_t iterations,
uint8_t salt_length,
uint8_t *salt)
{
ldns_rbnode_t *first_name_node;
ldns_rbnode_t *current_name_node;
ldns_dnssec_name *current_name;
ldns_status result = LDNS_STATUS_OK;
ldns_rr *nsec_rr;
ldns_rr_list *nsec3_list;
if (!zone || !new_rrs || !zone->names) {
return LDNS_STATUS_ERR;
}
nsec3_list = ldns_rr_list_new();
first_name_node = ldns_dnssec_name_node_next_nonglue(
ldns_rbtree_first(zone->names));
current_name_node = first_name_node;
while (current_name_node &&
current_name_node != LDNS_RBTREE_NULL) {
current_name = (ldns_dnssec_name *) current_name_node->data;
nsec_rr = ldns_dnssec_create_nsec3(current_name,
NULL,
zone->soa->name,
algorithm,
flags,
iterations,
salt_length,
salt);
ldns_dnssec_name_add_rr(current_name, nsec_rr);
ldns_rr_list_push_rr(new_rrs, nsec_rr);
ldns_rr_list_push_rr(nsec3_list, nsec_rr);
current_name_node = ldns_dnssec_name_node_next_nonglue(
ldns_rbtree_next(current_name_node));
}
ldns_rr_list_sort_nsec3(nsec3_list);
ldns_dnssec_chain_nsec3_list(nsec3_list);
if (result != LDNS_STATUS_OK) {
return result;
}
ldns_rr_list_free(nsec3_list);
return result;
}
int
ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n)
{
......
......@@ -216,12 +216,14 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
break;
#ifdef USE_SHA2
case LDNS_SIGN_RSASHA256:
case LDNS_SIGN_RSASHA256_NSEC3:
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
EVP_sha256());
break;
case LDNS_SIGN_RSASHA512:
case LDNS_SIGN_RSASHA512_NSEC3:
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
......@@ -457,8 +459,7 @@ ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
while (cur_node != LDNS_RBTREE_NULL) {
cur_name = (ldns_dnssec_name *) cur_node->data;
cur_node = ldns_rbtree_next(cur_node);
if (cur_name->rrsets && !cur_name->rrsets->next &&
if (cur_name->rrsets &&
(cur_name->rrsets->type == LDNS_RR_TYPE_A ||
cur_name->rrsets->type == LDNS_RR_TYPE_AAAA
)) {
......@@ -470,6 +471,11 @@ ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
if (ldns_dnssec_zone_find_rrset(zone,
cur_owner,
LDNS_RR_TYPE_NS)) {
/*
fprintf(stderr, "[XX] Marking as glue: ");
ldns_rdf_print(stderr, cur_name->name);
fprintf(stderr, "\n");
*/
cur_name->is_glue = true;
}
cur_parent = ldns_dname_left_chop(cur_owner);
......@@ -510,13 +516,30 @@ ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node)
ldns_status
ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
<