<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type"
content="text/html;charset=iso-8859-1">
<title>ldns documentation</title>
<link href="doxygen.css" rel="stylesheet" type="text/css">
<link href="tabs.css" rel="stylesheet" type="text/css">
</head><body>
<div class="logo">
<img src="LogoInGradientBar2-y100.png"/>
</div>
<!-- Generated by Doxygen 1.7.4 -->
  <div id="navrow1" class="tabs">
    <ul class="tablist">
      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
      <li><a href="pages.html"><span>Related&#160;Pages</span></a></li>
      <li><a href="annotated.html"><span>Data&#160;Structures</span></a></li>
      <li class="current"><a href="files.html"><span>Files</span></a></li>
      <li><a href="dirs.html"><span>Directories</span></a></li>
    </ul>
  </div>
  <div id="navrow2" class="tabs2">
    <ul class="tablist">
      <li><a href="files.html"><span>File&#160;List</span></a></li>
      <li><a href="globals.html"><span>Globals</span></a></li>
    </ul>
  </div>
<div class="header">
  <div class="headertitle">
<div class="title">dnssec_sign.c</div>  </div>
</div>
<div class="contents">
<a href="dnssec__sign_8c.html">Go to the documentation of this file.</a><div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <span class="preprocessor">#include &lt;<a class="code" href="ldns_2config_8h.html">ldns/config.h</a>&gt;</span>
<a name="l00002"></a>00002 
<a name="l00003"></a>00003 <span class="preprocessor">#include &lt;<a class="code" href="ldns_8h.html" title="Including this file will include all ldns files, and define some lookup tables.">ldns/ldns.h</a>&gt;</span>
<a name="l00004"></a>00004 
<a name="l00005"></a>00005 <span class="preprocessor">#include &lt;<a class="code" href="dnssec_8h.html" title="This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035).">ldns/dnssec.h</a>&gt;</span>
<a name="l00006"></a>00006 <span class="preprocessor">#include &lt;<a class="code" href="dnssec__sign_8h.html">ldns/dnssec_sign.h</a>&gt;</span>
<a name="l00007"></a>00007 
<a name="l00008"></a>00008 <span class="preprocessor">#include &lt;strings.h&gt;</span>
<a name="l00009"></a>00009 <span class="preprocessor">#include &lt;time.h&gt;</span>
<a name="l00010"></a>00010 
<a name="l00011"></a>00011 <span class="preprocessor">#ifdef HAVE_SSL</span>
<a name="l00012"></a>00012 <span class="preprocessor"></span><span class="comment">/* this entire file is rather useless when you don&#39;t have</span>
<a name="l00013"></a>00013 <span class="comment"> * crypto...</span>
<a name="l00014"></a>00014 <span class="comment"> */</span>
<a name="l00015"></a>00015 <span class="preprocessor">#include &lt;openssl/ssl.h&gt;</span>
<a name="l00016"></a>00016 <span class="preprocessor">#include &lt;openssl/evp.h&gt;</span>
<a name="l00017"></a>00017 <span class="preprocessor">#include &lt;openssl/rand.h&gt;</span>
<a name="l00018"></a>00018 <span class="preprocessor">#include &lt;openssl/err.h&gt;</span>
<a name="l00019"></a>00019 <span class="preprocessor">#include &lt;openssl/md5.h&gt;</span>
<a name="l00020"></a>00020 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span>
<a name="l00021"></a>00021 
<a name="l00022"></a>00022 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *
<a name="l00023"></a><a class="code" href="dnssec__sign_8h.html#ac62543d73cea7f985d9dd99aa981546e">00023</a> <a class="code" href="dnssec__sign_8c.html#a1f83993b2aa5f98cd8c12e50327a0bc6" title="Create an empty RRSIG RR (i.e.">ldns_create_empty_rrsig</a>(<a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrset,
<a name="l00024"></a>00024                         <a class="code" href="structldns__struct__key.html" title="General key structure, can contain all types of keys that are used in DNSSEC.">ldns_key</a> *current_key)
<a name="l00025"></a>00025 {
<a name="l00026"></a>00026         uint32_t orig_ttl;
<a name="l00027"></a>00027         <a class="code" href="rr_8h.html#aa11e99c7e7c630e03373f2a2cafc4ee9">ldns_rr_class</a> orig_class;
<a name="l00028"></a>00028         time_t now;
<a name="l00029"></a>00029         <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *current_sig;
<a name="l00030"></a>00030         uint8_t label_count;
<a name="l00031"></a>00031         <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *signame;
<a name="l00032"></a>00032 
<a name="l00033"></a>00033         label_count = <a class="code" href="dname_8c.html#add94977e68ceab64921e9ae69cd92ef3" title="count the number of labels inside a LDNS_RDF_DNAME type rdf.">ldns_dname_label_count</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset,
<a name="l00034"></a>00034                                                            0)));
<a name="l00035"></a>00035         <span class="comment">/* RFC4035 2.2: not counting the leftmost label if it is a wildcard */</span>
<a name="l00036"></a>00036         <span class="keywordflow">if</span>(<a class="code" href="dname_8c.html#a0f7736b29e88e9513fb42f0edd3e7d25" title="Check if dname is a wildcard, starts with *.">ldns_dname_is_wildcard</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, 0))))
<a name="l00037"></a>00037                 label_count --;
<a name="l00038"></a>00038 
<a name="l00039"></a>00039         current_sig = <a class="code" href="rr_8c.html#a49a0499723e18408806c7023b5090517" title="creates a new rr structure, based on the given type.">ldns_rr_new_frm_type</a>(<a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>);
<a name="l00040"></a>00040 
<a name="l00041"></a>00041         <span class="comment">/* set the type on the new signature */</span>
<a name="l00042"></a>00042         orig_ttl = <a class="code" href="rr_8c.html#a144e619c75e8cef52fa5a1de7d74c695" title="returns the ttl of an rr structure.">ldns_rr_ttl</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, 0));
<a name="l00043"></a>00043         orig_class = <a class="code" href="rr_8c.html#a9674642920718eda5c65483e03587fff" title="returns the class of the rr.">ldns_rr_get_class</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, 0));
<a name="l00044"></a>00044 
<a name="l00045"></a>00045         <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(current_sig, orig_ttl);
<a name="l00046"></a>00046         <a class="code" href="rr_8c.html#aac682e10305e017760e65a423e6e6374" title="sets the class in the rr.">ldns_rr_set_class</a>(current_sig, orig_class);
<a name="l00047"></a>00047         <a class="code" href="rr_8c.html#a2c7374383b168ce0d33b56f43a91c940" title="sets the owner in the rr structure.">ldns_rr_set_owner</a>(current_sig,
<a name="l00048"></a>00048                           <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(
<a name="l00049"></a>00049                                <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(
<a name="l00050"></a>00050                                     <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset,
<a name="l00051"></a>00051                                                     0))));
<a name="l00052"></a>00052 
<a name="l00053"></a>00053         <span class="comment">/* fill in what we know of the signature */</span>
<a name="l00054"></a>00054 
<a name="l00055"></a>00055         <span class="comment">/* set the orig_ttl */</span>
<a name="l00056"></a>00056         (void)<a class="code" href="rr__functions_8c.html#af093e1310b29998d2d93e43531682a85" title="sets the original TTL of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_origttl</a>(
<a name="l00057"></a>00057                    current_sig,
<a name="l00058"></a>00058                    <a class="code" href="rdata_8c.html#ae1b93acd6f2ae2982b9e4817a3e670c8" title="returns an rdf that contains the given int32 value.">ldns_native2rdf_int32</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a077e8e14046bf02ac92053e784921e73" title="32 bits">LDNS_RDF_TYPE_INT32</a>,
<a name="l00059"></a>00059                                          orig_ttl));
<a name="l00060"></a>00060         <span class="comment">/* the signers name */</span>
<a name="l00061"></a>00061         signame = <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(<a class="code" href="keys_8c.html#ab8c7cbd30af086afa9046f059bc245c9" title="return the public key&#39;s owner">ldns_key_pubkey_owner</a>(current_key));
<a name="l00062"></a>00062         <a class="code" href="dname_8c.html#a86a798d6401b11e85d4592b1609ffd8f" title="Put a dname into canonical fmt - ie.">ldns_dname2canonical</a>(signame);
<a name="l00063"></a>00063         (void)<a class="code" href="rr__functions_8c.html#a9b909f2ac0be7038df3c4368914fa9d9" title="sets the signers name of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_signame</a>(
<a name="l00064"></a>00064                         current_sig,
<a name="l00065"></a>00065                         signame);
<a name="l00066"></a>00066         <span class="comment">/* label count - get it from the first rr in the rr_list */</span>
<a name="l00067"></a>00067         (void)<a class="code" href="rr__functions_8c.html#a868e2c57564ba90d61b119e5d4890580" title="sets the number of labels of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_labels</a>(
<a name="l00068"></a>00068                         current_sig,
<a name="l00069"></a>00069                         <a class="code" href="rdata_8c.html#a422cc4adfa134f9325547abf15bfd925" title="returns the rdf containing the native uint8_t repr.">ldns_native2rdf_int8</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9ac18c3e598d6a7a85b8eb1d1a047ac557" title="8 bits">LDNS_RDF_TYPE_INT8</a>,
<a name="l00070"></a>00070                                              label_count));
<a name="l00071"></a>00071         <span class="comment">/* inception, expiration */</span>
<a name="l00072"></a>00072         now = time(NULL);
<a name="l00073"></a>00073         <span class="keywordflow">if</span> (<a class="code" href="keys_8c.html#aab487cf33d6af3c24bf4c500772d951e" title="return the key&#39;s inception date">ldns_key_inception</a>(current_key) != 0) {
<a name="l00074"></a>00074                 (void)<a class="code" href="rr__functions_8c.html#a887bd03782a5d8d7ab6dce0d6fec1eb1" title="sets the inception date of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_inception</a>(
<a name="l00075"></a>00075                                 current_sig,
<a name="l00076"></a>00076                                 <a class="code" href="rdata_8c.html#ae1b93acd6f2ae2982b9e4817a3e670c8" title="returns an rdf that contains the given int32 value.">ldns_native2rdf_int32</a>(
<a name="l00077"></a>00077                                     <a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a75048af9090d43c3105a41fbec16c96e" title="time (32 bits)">LDNS_RDF_TYPE_TIME</a>,
<a name="l00078"></a>00078                                     <a class="code" href="keys_8c.html#aab487cf33d6af3c24bf4c500772d951e" title="return the key&#39;s inception date">ldns_key_inception</a>(current_key)));
<a name="l00079"></a>00079         } <span class="keywordflow">else</span> {
<a name="l00080"></a>00080                 (void)<a class="code" href="rr__functions_8c.html#a887bd03782a5d8d7ab6dce0d6fec1eb1" title="sets the inception date of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_inception</a>(
<a name="l00081"></a>00081                                 current_sig,
<a name="l00082"></a>00082                                 <a class="code" href="rdata_8c.html#ae1b93acd6f2ae2982b9e4817a3e670c8" title="returns an rdf that contains the given int32 value.">ldns_native2rdf_int32</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a75048af9090d43c3105a41fbec16c96e" title="time (32 bits)">LDNS_RDF_TYPE_TIME</a>, now));
<a name="l00083"></a>00083         }
<a name="l00084"></a>00084         <span class="keywordflow">if</span> (<a class="code" href="keys_8c.html#a083d425d1bb74ace49cd4e7aa8d738fb" title="return the key&#39;s expiration date">ldns_key_expiration</a>(current_key) != 0) {
<a name="l00085"></a>00085                 (void)<a class="code" href="rr__functions_8c.html#a3babbd14e40490efaa4a1601e9b39682" title="sets the expireation date of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_expiration</a>(
<a name="l00086"></a>00086                                 current_sig,
<a name="l00087"></a>00087                                 <a class="code" href="rdata_8c.html#ae1b93acd6f2ae2982b9e4817a3e670c8" title="returns an rdf that contains the given int32 value.">ldns_native2rdf_int32</a>(
<a name="l00088"></a>00088                                     <a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a75048af9090d43c3105a41fbec16c96e" title="time (32 bits)">LDNS_RDF_TYPE_TIME</a>,
<a name="l00089"></a>00089                                     <a class="code" href="keys_8c.html#a083d425d1bb74ace49cd4e7aa8d738fb" title="return the key&#39;s expiration date">ldns_key_expiration</a>(current_key)));
<a name="l00090"></a>00090         } <span class="keywordflow">else</span> {
<a name="l00091"></a>00091                 (void)<a class="code" href="rr__functions_8c.html#a3babbd14e40490efaa4a1601e9b39682" title="sets the expireation date of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_expiration</a>(
<a name="l00092"></a>00092                              current_sig,
<a name="l00093"></a>00093                                 <a class="code" href="rdata_8c.html#ae1b93acd6f2ae2982b9e4817a3e670c8" title="returns an rdf that contains the given int32 value.">ldns_native2rdf_int32</a>(
<a name="l00094"></a>00094                                     <a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a75048af9090d43c3105a41fbec16c96e" title="time (32 bits)">LDNS_RDF_TYPE_TIME</a>,
<a name="l00095"></a>00095                                     now + <a class="code" href="dnssec_8h.html#a565cc51b68d4b5723830434ee1c0dfe0">LDNS_DEFAULT_EXP_TIME</a>));
<a name="l00096"></a>00096         }
<a name="l00097"></a>00097 
<a name="l00098"></a>00098         (void)<a class="code" href="rr__functions_8c.html#a3f507c209856f83959d3f8c9aa5f40f5" title="sets the keytag of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_keytag</a>(
<a name="l00099"></a>00099                    current_sig,
<a name="l00100"></a>00100                    <a class="code" href="rdata_8c.html#a73fc4d5c6e12d7ac79b0778f51b60e13" title="returns the rdf containing the native uint16_t representation.">ldns_native2rdf_int16</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9adef66c8791f83ba190e5f5775791e4c6" title="16 bits">LDNS_RDF_TYPE_INT16</a>,
<a name="l00101"></a>00101                                          <a class="code" href="keys_8c.html#a8cf2ca2fc8d72b28076157beb791b347" title="return the keytag">ldns_key_keytag</a>(current_key)));
<a name="l00102"></a>00102 
<a name="l00103"></a>00103         (void)<a class="code" href="rr__functions_8c.html#a5322db96ef0b25bdf53c8ed1b38c79c1" title="sets the algorithm of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_algorithm</a>(
<a name="l00104"></a>00104                         current_sig,
<a name="l00105"></a>00105                         <a class="code" href="rdata_8c.html#a422cc4adfa134f9325547abf15bfd925" title="returns the rdf containing the native uint8_t repr.">ldns_native2rdf_int8</a>(
<a name="l00106"></a>00106                             <a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9ae267872ec0957925bbf1d6720b93597a" title="a key algorithm">LDNS_RDF_TYPE_ALG</a>,
<a name="l00107"></a>00107                             <a class="code" href="keys_8c.html#a906b7cc79acd016fb1f400aff16b9f1c" title="return the signing alg of the key">ldns_key_algorithm</a>(current_key)));
<a name="l00108"></a>00108 
<a name="l00109"></a>00109         (void)<a class="code" href="rr__functions_8c.html#a793485ed72ab4152bcfc4010b4df89c3" title="sets the typecovered of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_typecovered</a>(
<a name="l00110"></a>00110                         current_sig,
<a name="l00111"></a>00111                         <a class="code" href="rdata_8c.html#a73fc4d5c6e12d7ac79b0778f51b60e13" title="returns the rdf containing the native uint16_t representation.">ldns_native2rdf_int16</a>(
<a name="l00112"></a>00112                             <a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9af943c7b93856ac0cfcda816c7c952c9f" title="a RR type">LDNS_RDF_TYPE_TYPE</a>,
<a name="l00113"></a>00113                             <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset,
<a name="l00114"></a>00114                                                              0))));
<a name="l00115"></a>00115         <span class="keywordflow">return</span> current_sig;
<a name="l00116"></a>00116 }
<a name="l00117"></a>00117 
<a name="l00118"></a>00118 <span class="preprocessor">#ifdef HAVE_SSL</span>
<a name="l00119"></a>00119 <span class="preprocessor"></span><a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *
<a name="l00120"></a><a class="code" href="dnssec__sign_8h.html#aeee467cce7e9b3d6c364e484a8a85216">00120</a> <a class="code" href="dnssec__sign_8c.html#af78cff3d19f9ab52854111aa9e399c07" title="Sign the buffer which contains the wiredata of an rrset, and the corresponding empty rrsig rr with th...">ldns_sign_public_buffer</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *sign_buf, <a class="code" href="structldns__struct__key.html" title="General key structure, can contain all types of keys that are used in DNSSEC.">ldns_key</a> *current_key)
<a name="l00121"></a>00121 {
<a name="l00122"></a>00122         <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *b64rdf = NULL;
<a name="l00123"></a>00123 
<a name="l00124"></a>00124         <span class="keywordflow">switch</span>(<a class="code" href="keys_8c.html#a906b7cc79acd016fb1f400aff16b9f1c" title="return the signing alg of the key">ldns_key_algorithm</a>(current_key)) {
<a name="l00125"></a>00125         <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a98ae68498fea31062b1d03a861846aa5">LDNS_SIGN_DSA</a>:
<a name="l00126"></a>00126         <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a28624a25c45025703d05de9984c4ee4a">LDNS_SIGN_DSA_NSEC3</a>:
<a name="l00127"></a>00127                 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>(
<a name="l00128"></a>00128                                    sign_buf,
<a name="l00129"></a>00129                                    <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key),
<a name="l00130"></a>00130                                    EVP_dss1());
<a name="l00131"></a>00131                 <span class="keywordflow">break</span>;
<a name="l00132"></a>00132         <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a062ab8c29c8f73b28bbb552597975dbc">LDNS_SIGN_RSASHA1</a>:
<a name="l00133"></a>00133         <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a7a8b2b416cc65f7637108b6ba35cad69">LDNS_SIGN_RSASHA1_NSEC3</a>:
<a name="l00134"></a>00134                 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>(
<a name="l00135"></a>00135                                    sign_buf,
<a name="l00136"></a>00136                                    <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key),
<a name="l00137"></a>00137                                    EVP_sha1());
<a name="l00138"></a>00138                 <span class="keywordflow">break</span>;
<a name="l00139"></a>00139 <span class="preprocessor">#ifdef USE_SHA2</span>
<a name="l00140"></a>00140 <span class="preprocessor"></span>        <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a9f88342b4f9ce95700a72154b6d30269">LDNS_SIGN_RSASHA256</a>:
<a name="l00141"></a>00141                 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>(
<a name="l00142"></a>00142                                    sign_buf,
<a name="l00143"></a>00143                                    <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key),
<a name="l00144"></a>00144                                    EVP_sha256());
<a name="l00145"></a>00145                 <span class="keywordflow">break</span>;
<a name="l00146"></a>00146         <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a93fc09210171fbecee85ed84ebfc7dbd">LDNS_SIGN_RSASHA512</a>:
<a name="l00147"></a>00147                 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>(
<a name="l00148"></a>00148                                    sign_buf,
<a name="l00149"></a>00149                                    <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key),
<a name="l00150"></a>00150                                    EVP_sha512());
<a name="l00151"></a>00151                 <span class="keywordflow">break</span>;
<a name="l00152"></a>00152 <span class="preprocessor">#endif </span><span class="comment">/* USE_SHA2 */</span>
<a name="l00153"></a>00153 <span class="preprocessor">#ifdef USE_GOST</span>
<a name="l00154"></a>00154 <span class="preprocessor"></span>        <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a2f5cc1330edd5c11be92509543402f98">LDNS_SIGN_ECC_GOST</a>:
<a name="l00155"></a>00155                 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>(
<a name="l00156"></a>00156                                    sign_buf,
<a name="l00157"></a>00157                                    <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key),
<a name="l00158"></a>00158                                    EVP_get_digestbyname(<span class="stringliteral">&quot;md_gost94&quot;</span>));
<a name="l00159"></a>00159                 <span class="keywordflow">break</span>;
<a name="l00160"></a>00160 <span class="preprocessor">#endif </span><span class="comment">/* USE_GOST */</span>
<a name="l00161"></a>00161 <span class="preprocessor">#ifdef USE_ECDSA</span>
<a name="l00162"></a>00162 <span class="preprocessor"></span>        <span class="keywordflow">case</span> LDNS_SIGN_ECDSAP256SHA256:
<a name="l00163"></a>00163                 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>(
<a name="l00164"></a>00164                                    sign_buf,
<a name="l00165"></a>00165                                    <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key),
<a name="l00166"></a>00166                                    EVP_sha256());
<a name="l00167"></a>00167                 <span class="keywordflow">break</span>;
<a name="l00168"></a>00168         <span class="keywordflow">case</span> LDNS_SIGN_ECDSAP384SHA384:
<a name="l00169"></a>00169                 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>(
<a name="l00170"></a>00170                                    sign_buf,
<a name="l00171"></a>00171                                    <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key),
<a name="l00172"></a>00172                                    EVP_sha384());
<a name="l00173"></a>00173                 <span class="keywordflow">break</span>;
<a name="l00174"></a>00174 <span class="preprocessor">#endif</span>
<a name="l00175"></a>00175 <span class="preprocessor"></span>        <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a92e7ccac219c462f054e00c8e6c8321b">LDNS_SIGN_RSAMD5</a>:
<a name="l00176"></a>00176                 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>(
<a name="l00177"></a>00177                                    sign_buf,
<a name="l00178"></a>00178                                    <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key),
<a name="l00179"></a>00179                                    EVP_md5());
<a name="l00180"></a>00180                 <span class="keywordflow">break</span>;
<a name="l00181"></a>00181         <span class="keywordflow">default</span>:
<a name="l00182"></a>00182                 <span class="comment">/* do _you_ know this alg? */</span>
<a name="l00183"></a>00183                 printf(<span class="stringliteral">&quot;unknown algorithm, &quot;</span>);
<a name="l00184"></a>00184                 printf(<span class="stringliteral">&quot;is the one used available on this system?\n&quot;</span>);
<a name="l00185"></a>00185                 <span class="keywordflow">break</span>;
<a name="l00186"></a>00186         }
<a name="l00187"></a>00187 
<a name="l00188"></a>00188         <span class="keywordflow">return</span> b64rdf;
<a name="l00189"></a>00189 }
<a name="l00190"></a>00190 
<a name="l00195"></a>00195 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *
<a name="l00196"></a><a class="code" href="dnssec__sign_8h.html#a1e464ee25453579eb3f55b8ff468f67f">00196</a> <a class="code" href="dnssec__sign_8c.html#a1e464ee25453579eb3f55b8ff468f67f" title="use this function to sign with a public/private key alg return the created signatures">ldns_sign_public</a>(<a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrset, <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *keys)
<a name="l00197"></a>00197 {
<a name="l00198"></a>00198         <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *signatures;
<a name="l00199"></a>00199         <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrset_clone;
<a name="l00200"></a>00200         <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *current_sig;
<a name="l00201"></a>00201         <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *b64rdf;
<a name="l00202"></a>00202         <a class="code" href="structldns__struct__key.html" title="General key structure, can contain all types of keys that are used in DNSSEC.">ldns_key</a> *current_key;
<a name="l00203"></a>00203         <span class="keywordtype">size_t</span> key_count;
<a name="l00204"></a>00204         uint16_t i;
<a name="l00205"></a>00205         <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *sign_buf;
<a name="l00206"></a>00206         <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *new_owner;
<a name="l00207"></a>00207 
<a name="l00208"></a>00208         <span class="keywordflow">if</span> (!rrset || <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr&#39;s in an rr_list.">ldns_rr_list_rr_count</a>(rrset) &lt; 1 || !keys) {
<a name="l00209"></a>00209                 <span class="keywordflow">return</span> NULL;
<a name="l00210"></a>00210         }
<a name="l00211"></a>00211 
<a name="l00212"></a>00212         new_owner = NULL;
<a name="l00213"></a>00213 
<a name="l00214"></a>00214         signatures = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>();
<a name="l00215"></a>00215 
<a name="l00216"></a>00216         <span class="comment">/* prepare a signature and add all the know data</span>
<a name="l00217"></a>00217 <span class="comment">         * prepare the rrset. Sign this together.  */</span>
<a name="l00218"></a>00218         rrset_clone = <a class="code" href="rr_8c.html#ae40b961189f215fba0bad6406088674a" title="clones an rrlist.">ldns_rr_list_clone</a>(rrset);
<a name="l00219"></a>00219         <span class="keywordflow">if</span> (!rrset_clone) {
<a name="l00220"></a>00220                 <span class="keywordflow">return</span> NULL;
<a name="l00221"></a>00221         }
<a name="l00222"></a>00222 
<a name="l00223"></a>00223         <span class="comment">/* make it canonical */</span>
<a name="l00224"></a>00224         <span class="keywordflow">for</span>(i = 0; i &lt; <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr&#39;s in an rr_list.">ldns_rr_list_rr_count</a>(rrset_clone); i++) {
<a name="l00225"></a>00225                 <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset_clone, i), 
<a name="l00226"></a>00226                         <a class="code" href="rr_8c.html#a144e619c75e8cef52fa5a1de7d74c695" title="returns the ttl of an rr structure.">ldns_rr_ttl</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, 0)));
<a name="l00227"></a>00227                 <a class="code" href="rr_8c.html#a6e26228733c74b4fb7aacc985a350519" title="converts each dname in a rr to its canonical form.">ldns_rr2canonical</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset_clone, i));
<a name="l00228"></a>00228         }
<a name="l00229"></a>00229         <span class="comment">/* sort */</span>
<a name="l00230"></a>00230         <a class="code" href="rr_8c.html#a59fd6b0801f57bd952d1c69386677095" title="sorts an rr_list (canonical wire format).">ldns_rr_list_sort</a>(rrset_clone);
<a name="l00231"></a>00231 
<a name="l00232"></a>00232         <span class="keywordflow">for</span> (key_count = 0;
<a name="l00233"></a>00233                 key_count &lt; <a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(keys);
<a name="l00234"></a>00234                 key_count++) {
<a name="l00235"></a>00235                 <span class="keywordflow">if</span> (!<a class="code" href="keys_8c.html#afee1fabe43cf6dfb43c8b0966350153e" title="return the use flag">ldns_key_use</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(keys, key_count))) {
<a name="l00236"></a>00236                         <span class="keywordflow">continue</span>;
<a name="l00237"></a>00237                 }
<a name="l00238"></a>00238                 sign_buf = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>);
<a name="l00239"></a>00239                 <span class="keywordflow">if</span> (!sign_buf) {
<a name="l00240"></a>00240                         <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(rrset_clone);
<a name="l00241"></a>00241                         <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(signatures);
<a name="l00242"></a>00242                         <a class="code" href="rdata_8c.html#ae31cf54f363a70e01db4b6d15c3ad190" title="frees a rdf structure, leaving the data pointer intact.">ldns_rdf_free</a>(new_owner);
<a name="l00243"></a>00243                         <span class="keywordflow">return</span> NULL;
<a name="l00244"></a>00244                 }
<a name="l00245"></a>00245                 b64rdf = NULL;
<a name="l00246"></a>00246 
<a name="l00247"></a>00247                 current_key = <a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(keys, key_count);
<a name="l00248"></a>00248                 <span class="comment">/* sign all RRs with keys that have ZSKbit, !SEPbit.</span>
<a name="l00249"></a>00249 <span class="comment">                   sign DNSKEY RRs with keys that have ZSKbit&amp;SEPbit */</span>
<a name="l00250"></a>00250                 <span class="keywordflow">if</span> (<a class="code" href="keys_8c.html#ad4359824295f24c7cef57b616288947d" title="return the flag of the key">ldns_key_flags</a>(current_key) &amp; <a class="code" href="keys_8h.html#ad5f212d6a80316d427f4b068e849ff73">LDNS_KEY_ZONE_KEY</a>) {
<a name="l00251"></a>00251                         current_sig = <a class="code" href="dnssec__sign_8c.html#a1f83993b2aa5f98cd8c12e50327a0bc6" title="Create an empty RRSIG RR (i.e.">ldns_create_empty_rrsig</a>(rrset_clone,
<a name="l00252"></a>00252                                                               current_key);
<a name="l00253"></a>00253 
<a name="l00254"></a>00254                         <span class="comment">/* right now, we have: a key, a semi-sig and an rrset. For</span>
<a name="l00255"></a>00255 <span class="comment">                         * which we can create the sig and base64 encode that and</span>
<a name="l00256"></a>00256 <span class="comment">                         * add that to the signature */</span>
<a name="l00257"></a>00257 
<a name="l00258"></a>00258                         <span class="keywordflow">if</span> (<a class="code" href="host2wire_8c.html#a2c9c3a23cf907d632f9f85aa72f2bbf0" title="Converts a rrsig to wireformat BUT EXCLUDE the rrsig rdata This is needed in DNSSEC verification...">ldns_rrsig2buffer_wire</a>(sign_buf, current_sig)
<a name="l00259"></a>00259                             != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l00260"></a>00260                                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(sign_buf);
<a name="l00261"></a>00261                                 <span class="comment">/* ERROR */</span>
<a name="l00262"></a>00262                                 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(rrset_clone);
<a name="l00263"></a>00263                                 <span class="keywordflow">return</span> NULL;
<a name="l00264"></a>00264                         }
<a name="l00265"></a>00265 
<a name="l00266"></a>00266                         <span class="comment">/* add the rrset in sign_buf */</span>
<a name="l00267"></a>00267                         <span class="keywordflow">if</span> (<a class="code" href="host2wire_8c.html#a2b65b6f4ecb3364639d46ce3a8276153" title="Copies the rr_list data to the buffer in wire format.">ldns_rr_list2buffer_wire</a>(sign_buf, rrset_clone)
<a name="l00268"></a>00268                             != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l00269"></a>00269                                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(sign_buf);
<a name="l00270"></a>00270                                 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(rrset_clone);
<a name="l00271"></a>00271                                 <span class="keywordflow">return</span> NULL;
<a name="l00272"></a>00272                         }
<a name="l00273"></a>00273 
<a name="l00274"></a>00274                         b64rdf = <a class="code" href="dnssec__sign_8c.html#af78cff3d19f9ab52854111aa9e399c07" title="Sign the buffer which contains the wiredata of an rrset, and the corresponding empty rrsig rr with th...">ldns_sign_public_buffer</a>(sign_buf, current_key);
<a name="l00275"></a>00275 
<a name="l00276"></a>00276                         <span class="keywordflow">if</span> (!b64rdf) {
<a name="l00277"></a>00277                                 <span class="comment">/* signing went wrong */</span>
<a name="l00278"></a>00278                                 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(rrset_clone);
<a name="l00279"></a>00279                                 <span class="keywordflow">return</span> NULL;
<a name="l00280"></a>00280                         }
<a name="l00281"></a>00281 
<a name="l00282"></a>00282                         <a class="code" href="rr__functions_8c.html#ad7b20e14c55263e86ae3c2e05071a098" title="sets the signature data of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_sig</a>(current_sig, b64rdf);
<a name="l00283"></a>00283 
<a name="l00284"></a>00284                         <span class="comment">/* push the signature to the signatures list */</span>
<a name="l00285"></a>00285                         <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(signatures, current_sig);
<a name="l00286"></a>00286                 }
<a name="l00287"></a>00287                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(sign_buf); <span class="comment">/* restart for the next key */</span>
<a name="l00288"></a>00288         }
<a name="l00289"></a>00289         <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(rrset_clone);
<a name="l00290"></a>00290 
<a name="l00291"></a>00291         <span class="keywordflow">return</span> signatures;
<a name="l00292"></a>00292 }
<a name="l00293"></a>00293 
<a name="l00302"></a>00302 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *
<a name="l00303"></a><a class="code" href="dnssec__sign_8h.html#ad8a4247207b9e944964daa0cd9751733">00303</a> <a class="code" href="dnssec__sign_8c.html#ad8a4247207b9e944964daa0cd9751733" title="Sign data with DSA.">ldns_sign_public_dsa</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *to_sign, DSA *key)
<a name="l00304"></a>00304 {
<a name="l00305"></a>00305         <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *sha1_hash;
<a name="l00306"></a>00306         <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sigdata_rdf;
<a name="l00307"></a>00307         <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *b64sig;
<a name="l00308"></a>00308 
<a name="l00309"></a>00309         DSA_SIG *sig;
<a name="l00310"></a>00310         uint8_t *data;
<a name="l00311"></a>00311         <span class="keywordtype">size_t</span> pad;
<a name="l00312"></a>00312 
<a name="l00313"></a>00313         b64sig = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>);
<a name="l00314"></a>00314         <span class="keywordflow">if</span> (!b64sig) {
<a name="l00315"></a>00315                 <span class="keywordflow">return</span> NULL;
<a name="l00316"></a>00316         }
<a name="l00317"></a>00317 
<a name="l00318"></a>00318         sha1_hash = SHA1((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(to_sign),
<a name="l00319"></a>00319                                   ldns_buffer_position(to_sign), NULL);
<a name="l00320"></a>00320         <span class="keywordflow">if</span> (!sha1_hash) {
<a name="l00321"></a>00321                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00322"></a>00322                 <span class="keywordflow">return</span> NULL;
<a name="l00323"></a>00323         }
<a name="l00324"></a>00324 
<a name="l00325"></a>00325         sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key);
<a name="l00326"></a>00326         <span class="keywordflow">if</span>(!sig) {
<a name="l00327"></a>00327                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00328"></a>00328                 <span class="keywordflow">return</span> NULL;
<a name="l00329"></a>00329         }
<a name="l00330"></a>00330 
<a name="l00331"></a>00331         data = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH);
<a name="l00332"></a>00332         <span class="keywordflow">if</span>(!data) {
<a name="l00333"></a>00333                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00334"></a>00334                 DSA_SIG_free(sig);
<a name="l00335"></a>00335                 <span class="keywordflow">return</span> NULL;
<a name="l00336"></a>00336         }
<a name="l00337"></a>00337 
<a name="l00338"></a>00338         data[0] = 1;
<a name="l00339"></a>00339         pad = 20 - (size_t) BN_num_bytes(sig-&gt;r);
<a name="l00340"></a>00340         <span class="keywordflow">if</span> (pad &gt; 0) {
<a name="l00341"></a>00341                 memset(data + 1, 0, pad);
<a name="l00342"></a>00342         }
<a name="l00343"></a>00343         BN_bn2bin(sig-&gt;r, (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) (data + 1) + pad);
<a name="l00344"></a>00344 
<a name="l00345"></a>00345         pad = 20 - (size_t) BN_num_bytes(sig-&gt;s);
<a name="l00346"></a>00346         <span class="keywordflow">if</span> (pad &gt; 0) {
<a name="l00347"></a>00347                 memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad);
<a name="l00348"></a>00348         }
<a name="l00349"></a>00349         BN_bn2bin(sig-&gt;s, (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) (data + 1 + SHA_DIGEST_LENGTH + pad));
<a name="l00350"></a>00350 
<a name="l00351"></a>00351         sigdata_rdf = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a4bbe575feeed4d2e7045962b7262c180" title="b64 string">LDNS_RDF_TYPE_B64</a>,
<a name="l00352"></a>00352                                                                  1 + 2 * SHA_DIGEST_LENGTH,
<a name="l00353"></a>00353                                                                  data);
<a name="l00354"></a>00354 
<a name="l00355"></a>00355         <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00356"></a>00356         <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(data);
<a name="l00357"></a>00357         DSA_SIG_free(sig);
<a name="l00358"></a>00358 
<a name="l00359"></a>00359         <span class="keywordflow">return</span> sigdata_rdf;
<a name="l00360"></a>00360 }
<a name="l00361"></a>00361 
<a name="l00362"></a>00362 <span class="preprocessor">#ifdef USE_ECDSA</span>
<a name="l00363"></a>00363 <span class="preprocessor"></span><span class="preprocessor">#ifndef S_SPLINT_S</span>
<a name="l00364"></a>00364 <span class="preprocessor"></span><span class="keyword">static</span> <span class="keywordtype">int</span>
<a name="l00365"></a>00365 ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
<a name="l00366"></a>00366 {
<a name="l00367"></a>00367         EC_KEY* ec;
<a name="l00368"></a>00368         <span class="keyword">const</span> EC_GROUP* g;
<a name="l00369"></a>00369         <span class="keywordflow">if</span>(EVP_PKEY_type(pkey-&gt;type) != EVP_PKEY_EC)
<a name="l00370"></a>00370                 <span class="keywordflow">return</span> 0;
<a name="l00371"></a>00371         ec = EVP_PKEY_get1_EC_KEY(pkey);
<a name="l00372"></a>00372         g = EC_KEY_get0_group(ec);
<a name="l00373"></a>00373         <span class="keywordflow">if</span>(!g) {
<a name="l00374"></a>00374                 EC_KEY_free(ec);
<a name="l00375"></a>00375                 <span class="keywordflow">return</span> 0;
<a name="l00376"></a>00376         }
<a name="l00377"></a>00377         <span class="keywordflow">if</span>(EC_GROUP_get_curve_name(g) == NID_secp224r1 ||
<a name="l00378"></a>00378                 EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 ||
<a name="l00379"></a>00379                 EC_GROUP_get_curve_name(g) == NID_secp384r1) {
<a name="l00380"></a>00380                 EC_KEY_free(ec);
<a name="l00381"></a>00381                 <span class="keywordflow">return</span> 1;
<a name="l00382"></a>00382         }
<a name="l00383"></a>00383         <span class="comment">/* downref the eckey, the original is still inside the pkey */</span>
<a name="l00384"></a>00384         EC_KEY_free(ec);
<a name="l00385"></a>00385         <span class="keywordflow">return</span> 0;
<a name="l00386"></a>00386 }
<a name="l00387"></a>00387 <span class="preprocessor">#endif </span><span class="comment">/* splint */</span>
<a name="l00388"></a>00388 <span class="preprocessor">#endif </span><span class="comment">/* USE_ECDSA */</span>
<a name="l00389"></a>00389 
<a name="l00390"></a>00390 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *
<a name="l00391"></a><a class="code" href="dnssec__sign_8h.html#a62c41c90a2405cab414d9ff00c401586">00391</a> <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *to_sign,
<a name="l00392"></a>00392                                  EVP_PKEY *key,
<a name="l00393"></a>00393                                  <span class="keyword">const</span> EVP_MD *digest_type)
<a name="l00394"></a>00394 {
<a name="l00395"></a>00395         <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> siglen;
<a name="l00396"></a>00396         <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sigdata_rdf;
<a name="l00397"></a>00397         <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *b64sig;
<a name="l00398"></a>00398         EVP_MD_CTX ctx;
<a name="l00399"></a>00399         <span class="keyword">const</span> EVP_MD *md_type;
<a name="l00400"></a>00400         <span class="keywordtype">int</span> r;
<a name="l00401"></a>00401 
<a name="l00402"></a>00402         siglen = 0;
<a name="l00403"></a>00403         b64sig = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>);
<a name="l00404"></a>00404         <span class="keywordflow">if</span> (!b64sig) {
<a name="l00405"></a>00405                 <span class="keywordflow">return</span> NULL;
<a name="l00406"></a>00406         }
<a name="l00407"></a>00407 
<a name="l00408"></a>00408         <span class="comment">/* initializes a signing context */</span>
<a name="l00409"></a>00409         md_type = digest_type;
<a name="l00410"></a>00410         <span class="keywordflow">if</span>(!md_type) {
<a name="l00411"></a>00411                 <span class="comment">/* unknown message difest */</span>
<a name="l00412"></a>00412                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00413"></a>00413                 <span class="keywordflow">return</span> NULL;
<a name="l00414"></a>00414         }
<a name="l00415"></a>00415 
<a name="l00416"></a>00416         EVP_MD_CTX_init(&amp;ctx);
<a name="l00417"></a>00417         r = EVP_SignInit(&amp;ctx, md_type);
<a name="l00418"></a>00418         <span class="keywordflow">if</span>(r == 1) {
<a name="l00419"></a>00419                 r = EVP_SignUpdate(&amp;ctx, (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)
<a name="l00420"></a>00420                                             ldns_buffer_begin(to_sign),
<a name="l00421"></a>00421                                             ldns_buffer_position(to_sign));
<a name="l00422"></a>00422         } <span class="keywordflow">else</span> {
<a name="l00423"></a>00423                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00424"></a>00424                 <span class="keywordflow">return</span> NULL;
<a name="l00425"></a>00425         }
<a name="l00426"></a>00426         <span class="keywordflow">if</span>(r == 1) {
<a name="l00427"></a>00427                 r = EVP_SignFinal(&amp;ctx, (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)
<a name="l00428"></a>00428                                            ldns_buffer_begin(b64sig), &amp;siglen, key);
<a name="l00429"></a>00429         } <span class="keywordflow">else</span> {
<a name="l00430"></a>00430                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00431"></a>00431                 <span class="keywordflow">return</span> NULL;
<a name="l00432"></a>00432         }
<a name="l00433"></a>00433         <span class="keywordflow">if</span>(r != 1) {
<a name="l00434"></a>00434                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00435"></a>00435                 <span class="keywordflow">return</span> NULL;
<a name="l00436"></a>00436         }
<a name="l00437"></a>00437 
<a name="l00438"></a>00438         <span class="comment">/* unfortunately, OpenSSL output is differenct from DNS DSA format */</span>
<a name="l00439"></a>00439 <span class="preprocessor">#ifndef S_SPLINT_S</span>
<a name="l00440"></a>00440 <span class="preprocessor"></span>        <span class="keywordflow">if</span> (EVP_PKEY_type(key-&gt;type) == EVP_PKEY_DSA) {
<a name="l00441"></a>00441                 sigdata_rdf = <a class="code" href="dnssec_8c.html#a4634cf53a0db48001bbbbdd17cc19776" title="Converts the DSA signature from ASN1 representation (RFC2459, as used by OpenSSL) to raw signature da...">ldns_convert_dsa_rrsig_asn12rdf</a>(b64sig, siglen);
<a name="l00442"></a>00442 <span class="preprocessor">#ifdef USE_ECDSA</span>
<a name="l00443"></a>00443 <span class="preprocessor"></span>        } <span class="keywordflow">else</span> <span class="keywordflow">if</span>(EVP_PKEY_type(key-&gt;type) == EVP_PKEY_EC &amp;&amp;
<a name="l00444"></a>00444                 ldns_pkey_is_ecdsa(key)) {
<a name="l00445"></a>00445                 sigdata_rdf = <a class="code" href="dnssec_8h.html#a6abc850382a62cd75779a03c6714513c" title="Converts the ECDSA signature from ASN1 representation (as used by OpenSSL) to raw signature data as u...">ldns_convert_ecdsa_rrsig_asn12rdf</a>(b64sig, siglen);
<a name="l00446"></a>00446 <span class="preprocessor">#endif</span>
<a name="l00447"></a>00447 <span class="preprocessor"></span>        } <span class="keywordflow">else</span> {
<a name="l00448"></a>00448                 <span class="comment">/* ok output for other types is the same */</span>
<a name="l00449"></a>00449                 sigdata_rdf = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a4bbe575feeed4d2e7045962b7262c180" title="b64 string">LDNS_RDF_TYPE_B64</a>, siglen,
<a name="l00450"></a>00450                                                                          ldns_buffer_begin(b64sig));
<a name="l00451"></a>00451         }
<a name="l00452"></a>00452 <span class="preprocessor">#endif </span><span class="comment">/* splint */</span>
<a name="l00453"></a>00453         <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00454"></a>00454         EVP_MD_CTX_cleanup(&amp;ctx);
<a name="l00455"></a>00455         <span class="keywordflow">return</span> sigdata_rdf;
<a name="l00456"></a>00456 }
<a name="l00457"></a>00457 
<a name="l00458"></a>00458 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *
<a name="l00459"></a><a class="code" href="dnssec__sign_8h.html#af0b90e23dc9bb95a1fc5d09a5d9ad564">00459</a> <a class="code" href="dnssec__sign_8c.html#af0b90e23dc9bb95a1fc5d09a5d9ad564" title="Sign a buffer with the RSA key (hash with SHA1)">ldns_sign_public_rsasha1</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *to_sign, RSA *key)
<a name="l00460"></a>00460 {
<a name="l00461"></a>00461         <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *sha1_hash;
<a name="l00462"></a>00462         <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> siglen;
<a name="l00463"></a>00463         <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sigdata_rdf;
<a name="l00464"></a>00464         <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *b64sig;
<a name="l00465"></a>00465         <span class="keywordtype">int</span> result;
<a name="l00466"></a>00466 
<a name="l00467"></a>00467         siglen = 0;
<a name="l00468"></a>00468         b64sig = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>);
<a name="l00469"></a>00469         <span class="keywordflow">if</span> (!b64sig) {
<a name="l00470"></a>00470                 <span class="keywordflow">return</span> NULL;
<a name="l00471"></a>00471         }
<a name="l00472"></a>00472 
<a name="l00473"></a>00473         sha1_hash = SHA1((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(to_sign),
<a name="l00474"></a>00474                                   ldns_buffer_position(to_sign), NULL);
<a name="l00475"></a>00475         <span class="keywordflow">if</span> (!sha1_hash) {
<a name="l00476"></a>00476                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00477"></a>00477                 <span class="keywordflow">return</span> NULL;
<a name="l00478"></a>00478         }
<a name="l00479"></a>00479 
<a name="l00480"></a>00480         result = RSA_sign(NID_sha1, sha1_hash, SHA_DIGEST_LENGTH,
<a name="l00481"></a>00481                                    (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(b64sig),
<a name="l00482"></a>00482                                    &amp;siglen, key);
<a name="l00483"></a>00483         <span class="keywordflow">if</span> (result != 1) {
<a name="l00484"></a>00484                 <span class="keywordflow">return</span> NULL;
<a name="l00485"></a>00485         }
<a name="l00486"></a>00486 
<a name="l00487"></a>00487         <span class="keywordflow">if</span> (result != 1) {
<a name="l00488"></a>00488                 <span class="keywordflow">return</span> NULL;
<a name="l00489"></a>00489         }
<a name="l00490"></a>00490 
<a name="l00491"></a>00491         sigdata_rdf = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a4bbe575feeed4d2e7045962b7262c180" title="b64 string">LDNS_RDF_TYPE_B64</a>, siglen, 
<a name="l00492"></a>00492                                                                  ldns_buffer_begin(b64sig));
<a name="l00493"></a>00493         <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <span class="comment">/* can&#39;t free this buffer ?? */</span>
<a name="l00494"></a>00494         <span class="keywordflow">return</span> sigdata_rdf;
<a name="l00495"></a>00495 }
<a name="l00496"></a>00496 
<a name="l00497"></a>00497 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *
<a name="l00498"></a><a class="code" href="dnssec__sign_8h.html#a37b8a7a5783b0abb4c41b45e2f6b66bd">00498</a> <a class="code" href="dnssec__sign_8c.html#a37b8a7a5783b0abb4c41b45e2f6b66bd" title="Sign a buffer with the RSA key (hash with MD5)">ldns_sign_public_rsamd5</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *to_sign, RSA *key)
<a name="l00499"></a>00499 {
<a name="l00500"></a>00500         <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *md5_hash;
<a name="l00501"></a>00501         <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> siglen;
<a name="l00502"></a>00502         <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sigdata_rdf;
<a name="l00503"></a>00503         <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *b64sig;
<a name="l00504"></a>00504 
<a name="l00505"></a>00505         b64sig = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>);
<a name="l00506"></a>00506         <span class="keywordflow">if</span> (!b64sig) {
<a name="l00507"></a>00507                 <span class="keywordflow">return</span> NULL;
<a name="l00508"></a>00508         }
<a name="l00509"></a>00509 
<a name="l00510"></a>00510         md5_hash = MD5((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(to_sign),
<a name="l00511"></a>00511                                 ldns_buffer_position(to_sign), NULL);
<a name="l00512"></a>00512         <span class="keywordflow">if</span> (!md5_hash) {
<a name="l00513"></a>00513                 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00514"></a>00514                 <span class="keywordflow">return</span> NULL;
<a name="l00515"></a>00515         }
<a name="l00516"></a>00516 
<a name="l00517"></a>00517         RSA_sign(NID_md5, md5_hash, MD5_DIGEST_LENGTH,
<a name="l00518"></a>00518                     (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(b64sig),
<a name="l00519"></a>00519                     &amp;siglen, key);
<a name="l00520"></a>00520 
<a name="l00521"></a>00521         sigdata_rdf = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a4bbe575feeed4d2e7045962b7262c180" title="b64 string">LDNS_RDF_TYPE_B64</a>, siglen,
<a name="l00522"></a>00522                                                                  ldns_buffer_begin(b64sig));
<a name="l00523"></a>00523         <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig);
<a name="l00524"></a>00524         <span class="keywordflow">return</span> sigdata_rdf;
<a name="l00525"></a>00525 }
<a name="l00526"></a>00526 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span>
<a name="l00527"></a>00527 
<a name="l00531"></a>00531 <span class="keyword">static</span> <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l00532"></a>00532 ldns_dnssec_addresses_on_glue_list(
<a name="l00533"></a>00533                 <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *cur_rrset,
<a name="l00534"></a>00534                 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *glue_list)
<a name="l00535"></a>00535 {
<a name="l00536"></a>00536         <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *cur_rrs;
<a name="l00537"></a>00537         <span class="keywordflow">while</span> (cur_rrset) {
<a name="l00538"></a>00538                 <span class="keywordflow">if</span> (cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa1c46026dd2245d1e8b8dd17f972f34c2" title="a host address">LDNS_RR_TYPE_A</a> 
<a name="l00539"></a>00539                                 || cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa98b91f4b456322f75c67a1ecac18c7fe" title="ipv6 address">LDNS_RR_TYPE_AAAA</a>) {
<a name="l00540"></a>00540                         <span class="keywordflow">for</span> (cur_rrs = cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>; 
<a name="l00541"></a>00541                                         cur_rrs; 
<a name="l00542"></a>00542                                         cur_rrs = cur_rrs-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#acac5b19d843d109920d2257b16939ba2">next</a>) {
<a name="l00543"></a>00543                                 <span class="keywordflow">if</span> (cur_rrs-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>) {
<a name="l00544"></a>00544                                         <span class="keywordflow">if</span> (!<a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(glue_list, 
<a name="l00545"></a>00545                                                         cur_rrs-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>)) {
<a name="l00546"></a>00546                                                 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa81e80e66a14551db514726fa49290498">LDNS_STATUS_MEM_ERR</a>; 
<a name="l00547"></a>00547                                                 <span class="comment">/* ldns_rr_list_push_rr()</span>
<a name="l00548"></a>00548 <span class="comment">                                                 * returns false when unable</span>
<a name="l00549"></a>00549 <span class="comment">                                                 * to increase the capacity</span>
<a name="l00550"></a>00550 <span class="comment">                                                 * of the ldsn_rr_list</span>
<a name="l00551"></a>00551 <span class="comment">                                                 */</span>
<a name="l00552"></a>00552                                         }
<a name="l00553"></a>00553                                 }
<a name="l00554"></a>00554                         }
<a name="l00555"></a>00555                 }
<a name="l00556"></a>00556                 cur_rrset = cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a980e963be13c1f575bf86ce65936d95b">next</a>;
<a name="l00557"></a>00557         }
<a name="l00558"></a>00558         <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>;
<a name="l00559"></a>00559 }
<a name="l00560"></a>00560 
<a name="l00575"></a>00575 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l00576"></a><a class="code" href="dnssec__sign_8h.html#a661031dc7bd1b27892a2dac908e42ce3">00576</a> <a class="code" href="dnssec__sign_8c.html#a661031dc7bd1b27892a2dac908e42ce3" title="Marks the names in the zone that are occluded.">ldns_dnssec_zone_mark_and_get_glue</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, 
<a name="l00577"></a>00577         <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *glue_list)
<a name="l00578"></a>00578 {
<a name="l00579"></a>00579         <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a>    *node;
<a name="l00580"></a>00580         <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *name;
<a name="l00581"></a>00581         <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a>         *owner;
<a name="l00582"></a>00582         <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a>         *cut = NULL; <span class="comment">/* keeps track of zone cuts */</span>
<a name="l00583"></a>00583         <span class="comment">/* When the cut is caused by a delegation, below_delegation will be 1.</span>
<a name="l00584"></a>00584 <span class="comment">         * When caused by a DNAME, below_delegation will be 0.</span>
<a name="l00585"></a>00585 <span class="comment">         */</span>
<a name="l00586"></a>00586         <span class="keywordtype">int</span> below_delegation = -1; <span class="comment">/* init suppresses comiler warning */</span>
<a name="l00587"></a>00587         <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> s;
<a name="l00588"></a>00588 
<a name="l00589"></a>00589         <span class="keywordflow">if</span> (!zone || !zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>) {
<a name="l00590"></a>00590                 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa6d2e84d0a5c36fd156f348d9f9913dcf">LDNS_STATUS_NULL</a>;
<a name="l00591"></a>00591         }
<a name="l00592"></a>00592         <span class="keywordflow">for</span> (node = <a class="code" href="rbtree_8c.html#a76946c6350e5d16e645c5c0bbecfe017" title="Returns first (smallest) node in the tree.">ldns_rbtree_first</a>(zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>); 
<a name="l00593"></a>00593                         node != <a class="code" href="rbtree_8h.html#ab30c305b53af0832956712d035d96631" title="The nullpointer, points to empty node.">LDNS_RBTREE_NULL</a>; 
<a name="l00594"></a>00594                         node = <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(node)) {
<a name="l00595"></a>00595                 name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *) node-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>;
<a name="l00596"></a>00596                 owner = <a class="code" href="dnssec__zone_8c.html#a90c2052eebf29fb8932960a18a4d29e3" title="Returns the domain name of the given dnssec_name structure.">ldns_dnssec_name_name</a>(name);
<a name="l00597"></a>00597 
<a name="l00598"></a>00598                 <span class="keywordflow">if</span> (cut) { 
<a name="l00599"></a>00599                         <span class="comment">/* The previous node was a zone cut, or a subdomain</span>
<a name="l00600"></a>00600 <span class="comment">                         * below a zone cut. Is this node (still) a subdomain</span>
<a name="l00601"></a>00601 <span class="comment">                         * below the cut? Then the name is occluded. Unless</span>
<a name="l00602"></a>00602 <span class="comment">                         * the name contains a SOA, after which we are </span>
<a name="l00603"></a>00603 <span class="comment">                         * authoritative again.</span>
<a name="l00604"></a>00604 <span class="comment">                         *</span>
<a name="l00605"></a>00605 <span class="comment">                         * FIXME! If there are labels in between the SOA and</span>
<a name="l00606"></a>00606 <span class="comment">                         * the cut, going from the authoritative space (below</span>
<a name="l00607"></a>00607 <span class="comment">                         * the SOA) up into occluded space again, will not be</span>
<a name="l00608"></a>00608 <span class="comment">                         * detected with the contruct below!</span>
<a name="l00609"></a>00609 <span class="comment">                         */</span>
<a name="l00610"></a>00610                         <span class="keywordflow">if</span> (<a class="code" href="dname_8c.html#a6caadb8042c9cf755d3d5defcfbd44eb" title="test wether the name sub falls under parent (i.e.">ldns_dname_is_subdomain</a>(owner, cut) &amp;&amp;
<a name="l00611"></a>00611                                         !<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>(
<a name="l00612"></a>00612                                         name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>)) {
<a name="l00613"></a>00613 
<a name="l00614"></a>00614                                 <span class="keywordflow">if</span> (below_delegation &amp;&amp; glue_list) {
<a name="l00615"></a>00615                                         s = ldns_dnssec_addresses_on_glue_list(
<a name="l00616"></a>00616                                                 name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, glue_list);
<a name="l00617"></a>00617                                         <span class="keywordflow">if</span> (s != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l00618"></a>00618                                                 <span class="keywordflow">return</span> s;
<a name="l00619"></a>00619                                         }
<a name="l00620"></a>00620                                 }
<a name="l00621"></a>00621                                 name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#a5d8462ca54ab4c2411ec798f92ec215f" title="Unlike what the name is_glue suggests, this field is set to true by ldns_dnssec_zone_mark_glue() or l...">is_glue</a> = <span class="keyword">true</span>; <span class="comment">/* Mark occluded name! */</span>
<a name="l00622"></a>00622                                 <span class="keywordflow">continue</span>;
<a name="l00623"></a>00623                         } <span class="keywordflow">else</span> {
<a name="l00624"></a>00624                                 cut = NULL;
<a name="l00625"></a>00625                         }
<a name="l00626"></a>00626                 }
<a name="l00627"></a>00627 
<a name="l00628"></a>00628                 <span class="comment">/* The node is not below a zone cut. Is it a zone cut itself?</span>
<a name="l00629"></a>00629 <span class="comment">                 * Everything below a SOA is authoritative of course; Except</span>
<a name="l00630"></a>00630 <span class="comment">                 * when the name also contains a DNAME :).</span>
<a name="l00631"></a>00631 <span class="comment">                 */</span>
<a name="l00632"></a>00632                 <span class="keywordflow">if</span> (<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>(
<a name="l00633"></a>00633                                 name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daaa3b41f5c015a14a145a7f21ae29a8795" title="an authoritative name server">LDNS_RR_TYPE_NS</a>)
<a name="l00634"></a>00634                             &amp;&amp; !<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>(
<a name="l00635"></a>00635                                 name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>)) {
<a name="l00636"></a>00636                         cut = owner;
<a name="l00637"></a>00637                         below_delegation = 1;
<a name="l00638"></a>00638                         <span class="keywordflow">if</span> (glue_list) { <span class="comment">/* record glue on the zone cut */</span>
<a name="l00639"></a>00639                                 s = ldns_dnssec_addresses_on_glue_list(
<a name="l00640"></a>00640                                         name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, glue_list);
<a name="l00641"></a>00641                                 <span class="keywordflow">if</span> (s != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l00642"></a>00642                                         <span class="keywordflow">return</span> s;
<a name="l00643"></a>00643                                 }
<a name="l00644"></a>00644                         }
<a name="l00645"></a>00645                 } <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>(
<a name="l00646"></a>00646                                 name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa57f8e369be5617d221b91f3007769981" title="RFC2672.">LDNS_RR_TYPE_DNAME</a>)) {
<a name="l00647"></a>00647                         cut = owner;
<a name="l00648"></a>00648                         below_delegation = 0;
<a name="l00649"></a>00649                 }
<a name="l00650"></a>00650         }
<a name="l00651"></a>00651         <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>;
<a name="l00652"></a>00652 }
<a name="l00653"></a>00653 
<a name="l00664"></a>00664 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l00665"></a><a class="code" href="dnssec__sign_8h.html#a5e1d049026b2768cd455952bb6725d86">00665</a> <a class="code" href="dnssec__sign_8c.html#a5e1d049026b2768cd455952bb6725d86" title="Marks the names in the zone that are occluded.">ldns_dnssec_zone_mark_glue</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone)
<a name="l00666"></a>00666 {
<a name="l00667"></a>00667         <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#a661031dc7bd1b27892a2dac908e42ce3" title="Marks the names in the zone that are occluded.">ldns_dnssec_zone_mark_and_get_glue</a>(zone, NULL);
<a name="l00668"></a>00668 }
<a name="l00669"></a>00669 
<a name="l00670"></a>00670 <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *
<a name="l00671"></a><a class="code" href="dnssec__sign_8h.html#a4eb9cc6743e87e343d87285ef2fe92a5">00671</a> <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>(<a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *node)
<a name="l00672"></a>00672 {
<a name="l00673"></a>00673         <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *next_node = NULL;
<a name="l00674"></a>00674         <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *next_name = NULL;
<a name="l00675"></a>00675         <span class="keywordtype">bool</span> done = <span class="keyword">false</span>;
<a name="l00676"></a>00676 
<a name="l00677"></a>00677         <span class="keywordflow">if</span> (node == <a class="code" href="rbtree_8h.html#ab30c305b53af0832956712d035d96631" title="The nullpointer, points to empty node.">LDNS_RBTREE_NULL</a>) {
<a name="l00678"></a>00678                 <span class="keywordflow">return</span> NULL;
<a name="l00679"></a>00679         }
<a name="l00680"></a>00680         next_node = node;
<a name="l00681"></a>00681         <span class="keywordflow">while</span> (!done) {
<a name="l00682"></a>00682                 <span class="keywordflow">if</span> (next_node == <a class="code" href="rbtree_8h.html#ab30c305b53af0832956712d035d96631" title="The nullpointer, points to empty node.">LDNS_RBTREE_NULL</a>) {
<a name="l00683"></a>00683                         <span class="keywordflow">return</span> NULL;
<a name="l00684"></a>00684                 } <span class="keywordflow">else</span> {
<a name="l00685"></a>00685                         next_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)next_node-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>;
<a name="l00686"></a>00686                         if (!next_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#a5d8462ca54ab4c2411ec798f92ec215f" title="Unlike what the name is_glue suggests, this field is set to true by ldns_dnssec_zone_mark_glue() or l...">is_glue</a>) {
<a name="l00687"></a>00687                                 done = <span class="keyword">true</span>;
<a name="l00688"></a>00688                         } <span class="keywordflow">else</span> {
<a name="l00689"></a>00689                                 next_node = <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(next_node);
<a name="l00690"></a>00690                         }
<a name="l00691"></a>00691                 }
<a name="l00692"></a>00692         }
<a name="l00693"></a>00693         <span class="keywordflow">return</span> next_node;
<a name="l00694"></a>00694 }
<a name="l00695"></a>00695 
<a name="l00696"></a>00696 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l00697"></a><a class="code" href="dnssec__sign_8h.html#ae40e5c92c6c14b68f305f861b393ca4c">00697</a> <a class="code" href="dnssec__sign_8c.html#ae40e5c92c6c14b68f305f861b393ca4c" title="Adds NSEC records to the given dnssec_zone.">ldns_dnssec_zone_create_nsecs</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone,
<a name="l00698"></a>00698                               <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs)
<a name="l00699"></a>00699 {
<a name="l00700"></a>00700 
<a name="l00701"></a>00701         <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *first_node, *cur_node, *next_node;
<a name="l00702"></a>00702         <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *cur_name, *next_name;
<a name="l00703"></a>00703         <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec_rr;
<a name="l00704"></a>00704         uint32_t nsec_ttl;
<a name="l00705"></a>00705         <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *soa;
<a name="l00706"></a>00706 
<a name="l00707"></a>00707         <span class="comment">/* the TTL of NSEC rrs should be set to the minimum TTL of</span>
<a name="l00708"></a>00708 <span class="comment">         * the zone SOA (RFC4035 Section 2.3)</span>
<a name="l00709"></a>00709 <span class="comment">         */</span>
<a name="l00710"></a>00710         soa = <a class="code" href="dnssec__zone_8c.html#a9b061c9c1442ba443893e0ca0c01127b" title="Find the RRset with the given type in within this name structure.">ldns_dnssec_name_find_rrset</a>(zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#af801912584df39827a745eee20273fb0" title="points to the name containing the SOA RR">soa</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>);
<a name="l00711"></a>00711 
<a name="l00712"></a>00712         <span class="comment">/* did the caller actually set it? if not,</span>
<a name="l00713"></a>00713 <span class="comment">         * fall back to default ttl</span>
<a name="l00714"></a>00714 <span class="comment">         */</span>
<a name="l00715"></a>00715         <span class="keywordflow">if</span> (soa &amp;&amp; soa-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a> &amp;&amp; soa-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>
<a name="l00716"></a>00716                         &amp;&amp; (<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(soa-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, 6) != NULL)) {
<a name="l00717"></a>00717                 nsec_ttl = <a class="code" href="rdata_8c.html#a534722bf45958532404e7d2d3f0536cb" title="returns the native uint32_t representation from the rdf.">ldns_rdf2native_int32</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(soa-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, 6));
<a name="l00718"></a>00718         } <span class="keywordflow">else</span> {
<a name="l00719"></a>00719                 nsec_ttl = <a class="code" href="ldns_8h.html#a2bdd8bfa0eb61ccf7719d5ffcd1ac79e">LDNS_DEFAULT_TTL</a>;
<a name="l00720"></a>00720         }
<a name="l00721"></a>00721 
<a name="l00722"></a>00722         first_node = <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>(
<a name="l00723"></a>00723                                <a class="code" href="rbtree_8c.html#a76946c6350e5d16e645c5c0bbecfe017" title="Returns first (smallest) node in the tree.">ldns_rbtree_first</a>(zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>));
<a name="l00724"></a>00724         cur_node = first_node;
<a name="l00725"></a>00725         <span class="keywordflow">if</span> (cur_node) {
<a name="l00726"></a>00726                 next_node = <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>(
<a name="l00727"></a>00727                                    <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(cur_node));
<a name="l00728"></a>00728         } <span class="keywordflow">else</span> {
<a name="l00729"></a>00729                 next_node = NULL;
<a name="l00730"></a>00730         }
<a name="l00731"></a>00731 
<a name="l00732"></a>00732         <span class="keywordflow">while</span> (cur_node &amp;&amp; next_node) {
<a name="l00733"></a>00733                 cur_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)cur_node-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>;
<a name="l00734"></a>00734                 next_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)next_node-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>;
<a name="l00735"></a>00735                 nsec_rr = <a class="code" href="dnssec_8c.html#ae6fa0e94ef20702415ce458afc041f32" title="Creates NSEC.">ldns_dnssec_create_nsec</a>(cur_name,
<a name="l00736"></a>00736                                                   next_name,
<a name="l00737"></a>00737                                                   <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>);
<a name="l00738"></a>00738                 <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(nsec_rr, nsec_ttl);
<a name="l00739"></a>00739                 <span class="keywordflow">if</span>(<a class="code" href="dnssec__zone_8c.html#a75451a846632c2f8b6cf461a7dba3f1b" title="Inserts the given rr at the right place in the current dnssec_name No checking is done whether the na...">ldns_dnssec_name_add_rr</a>(cur_name, nsec_rr)!=<a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>){
<a name="l00740"></a>00740                         <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(nsec_rr);
<a name="l00741"></a>00741                         <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>;
<a name="l00742"></a>00742                 }
<a name="l00743"></a>00743                 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs, nsec_rr);
<a name="l00744"></a>00744                 cur_node = next_node;
<a name="l00745"></a>00745                 <span class="keywordflow">if</span> (cur_node) {
<a name="l00746"></a>00746                         next_node = <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>(
<a name="l00747"></a>00747                                <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(cur_node));
<a name="l00748"></a>00748                 }
<a name="l00749"></a>00749         }
<a name="l00750"></a>00750 
<a name="l00751"></a>00751         <span class="keywordflow">if</span> (cur_node &amp;&amp; !next_node) {
<a name="l00752"></a>00752                 cur_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)cur_node-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>;
<a name="l00753"></a>00753                 next_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)first_node-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>;
<a name="l00754"></a>00754                 nsec_rr = <a class="code" href="dnssec_8c.html#ae6fa0e94ef20702415ce458afc041f32" title="Creates NSEC.">ldns_dnssec_create_nsec</a>(cur_name,
<a name="l00755"></a>00755                                                   next_name,
<a name="l00756"></a>00756                                                   <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>);
<a name="l00757"></a>00757                 <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(nsec_rr, nsec_ttl);
<a name="l00758"></a>00758                 <span class="keywordflow">if</span>(<a class="code" href="dnssec__zone_8c.html#a75451a846632c2f8b6cf461a7dba3f1b" title="Inserts the given rr at the right place in the current dnssec_name No checking is done whether the na...">ldns_dnssec_name_add_rr</a>(cur_name, nsec_rr)!=<a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>){
<a name="l00759"></a>00759                         <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(nsec_rr);
<a name="l00760"></a>00760                         <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>;
<a name="l00761"></a>00761                 }
<a name="l00762"></a>00762                 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs, nsec_rr);
<a name="l00763"></a>00763         } <span class="keywordflow">else</span> {
<a name="l00764"></a>00764                 printf(<span class="stringliteral">&quot;error\n&quot;</span>);
<a name="l00765"></a>00765         }
<a name="l00766"></a>00766 
<a name="l00767"></a>00767         <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>;
<a name="l00768"></a>00768 }
<a name="l00769"></a>00769 
<a name="l00770"></a>00770 <span class="preprocessor">#ifdef HAVE_SSL</span>
<a name="l00771"></a>00771 <span class="preprocessor"></span><span class="comment">/* in dnssec_zone.c */</span>
<a name="l00772"></a>00772 <span class="keyword">extern</span> <span class="keywordtype">int</span> <a class="code" href="dnssec__sign_8c.html#aeb0c26592af6d6f00caf8b166ca4e143">ldns_dname_compare_v</a>(<span class="keyword">const</span> <span class="keywordtype">void</span> *a, <span class="keyword">const</span> <span class="keywordtype">void</span> *b);
<a name="l00773"></a>00773 
<a name="l00774"></a>00774 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l00775"></a><a class="code" href="dnssec__sign_8c.html#a10869af14890cd67324ce653a3c85a7d">00775</a> <a class="code" href="dnssec__sign_8c.html#a10869af14890cd67324ce653a3c85a7d">ldns_dnssec_zone_create_nsec3s_mkmap</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone,
<a name="l00776"></a>00776                 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs,
<a name="l00777"></a>00777                 uint8_t algorithm,
<a name="l00778"></a>00778                 uint8_t flags,
<a name="l00779"></a>00779                 uint16_t iterations,
<a name="l00780"></a>00780                 uint8_t salt_length,
<a name="l00781"></a>00781                 uint8_t *salt,
<a name="l00782"></a>00782                 <a class="code" href="structldns__rbtree__t.html" title="definition for tree struct">ldns_rbtree_t</a> **map)
<a name="l00783"></a>00783 {
<a name="l00784"></a>00784         <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *first_name_node;
<a name="l00785"></a>00785         <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *current_name_node;
<a name="l00786"></a>00786         <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *current_name;
<a name="l00787"></a>00787         <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> result = <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>;
<a name="l00788"></a>00788         <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec_rr;
<a name="l00789"></a>00789         <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *nsec3_list;
<a name="l00790"></a>00790         uint32_t nsec_ttl;
<a name="l00791"></a>00791         <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *soa;
<a name="l00792"></a>00792         <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *hashmap_node;
<a name="l00793"></a>00793 
<a name="l00794"></a>00794         <span class="keywordflow">if</span> (!zone || !new_rrs || !zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>) {
<a name="l00795"></a>00795                 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>;
<a name="l00796"></a>00796         }
<a name="l00797"></a>00797 
<a name="l00798"></a>00798         <span class="comment">/* the TTL of NSEC rrs should be set to the minimum TTL of</span>
<a name="l00799"></a>00799 <span class="comment">         * the zone SOA (RFC4035 Section 2.3)</span>
<a name="l00800"></a>00800 <span class="comment">         */</span>
<a name="l00801"></a>00801         soa = <a class="code" href="dnssec__zone_8c.html#a9b061c9c1442ba443893e0ca0c01127b" title="Find the RRset with the given type in within this name structure.">ldns_dnssec_name_find_rrset</a>(zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#af801912584df39827a745eee20273fb0" title="points to the name containing the SOA RR">soa</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>);
<a name="l00802"></a>00802 
<a name="l00803"></a>00803         <span class="comment">/* did the caller actually set it? if not,</span>
<a name="l00804"></a>00804 <span class="comment">         * fall back to default ttl</span>
<a name="l00805"></a>00805 <span class="comment">         */</span>
<a name="l00806"></a>00806         <span class="keywordflow">if</span> (soa &amp;&amp; soa-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a> &amp;&amp; soa-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>
<a name="l00807"></a>00807                         &amp;&amp; <a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(soa-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, 6) != NULL) {
<a name="l00808"></a>00808                 nsec_ttl = <a class="code" href="rdata_8c.html#a534722bf45958532404e7d2d3f0536cb" title="returns the native uint32_t representation from the rdf.">ldns_rdf2native_int32</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(soa-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, 6));
<a name="l00809"></a>00809         } <span class="keywordflow">else</span> {
<a name="l00810"></a>00810                 nsec_ttl = <a class="code" href="ldns_8h.html#a2bdd8bfa0eb61ccf7719d5ffcd1ac79e">LDNS_DEFAULT_TTL</a>;
<a name="l00811"></a>00811         }
<a name="l00812"></a>00812 
<a name="l00813"></a>00813         <span class="keywordflow">if</span> (map) {
<a name="l00814"></a>00814                 <span class="keywordflow">if</span> ((*map = <a class="code" href="rbtree_8c.html#a1319e3ff5b8355d6e1e7b65554bc854d" title="Create new tree (malloced) with given key compare function.">ldns_rbtree_create</a>(<a class="code" href="dnssec__sign_8c.html#aeb0c26592af6d6f00caf8b166ca4e143">ldns_dname_compare_v</a>)) 
<a name="l00815"></a>00815                                 == NULL) {
<a name="l00816"></a>00816                         map = NULL;
<a name="l00817"></a>00817                 };
<a name="l00818"></a>00818         }
<a name="l00819"></a>00819         nsec3_list = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>();
<a name="l00820"></a>00820 
<a name="l00821"></a>00821         first_name_node = <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>(
<a name="l00822"></a>00822                                           <a class="code" href="rbtree_8c.html#a76946c6350e5d16e645c5c0bbecfe017" title="Returns first (smallest) node in the tree.">ldns_rbtree_first</a>(zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>));
<a name="l00823"></a>00823 
<a name="l00824"></a>00824         current_name_node = first_name_node;
<a name="l00825"></a>00825 
<a name="l00826"></a>00826         <span class="keywordflow">while</span> (current_name_node &amp;&amp;
<a name="l00827"></a>00827                current_name_node != <a class="code" href="rbtree_8h.html#ab30c305b53af0832956712d035d96631" title="The nullpointer, points to empty node.">LDNS_RBTREE_NULL</a>) {
<a name="l00828"></a>00828                 current_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *) current_name_node-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>;
<a name="l00829"></a>00829                 nsec_rr = <a class="code" href="dnssec_8c.html#a91a04e82a9a91edf77c5eb736921bbbb" title="Creates NSEC3.">ldns_dnssec_create_nsec3</a>(current_name,
<a name="l00830"></a>00830                                                    NULL,
<a name="l00831"></a>00831                                                    zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#af801912584df39827a745eee20273fb0" title="points to the name containing the SOA RR">soa</a>-&gt;<a class="code" href="structldns__struct__dnssec__name.html#af6ffc673c82b7beb2081a02477ec4df0" title="pointer to a dname containing the name.">name</a>,
<a name="l00832"></a>00832                                                    algorithm,
<a name="l00833"></a>00833                                                    flags,
<a name="l00834"></a>00834                                                    iterations,
<a name="l00835"></a>00835                                                    salt_length,
<a name="l00836"></a>00836                                                    salt);
<a name="l00837"></a>00837                 <span class="comment">/* by default, our nsec based generator adds rrsigs</span>
<a name="l00838"></a>00838 <span class="comment">                 * remove the bitmap for empty nonterminals */</span>
<a name="l00839"></a>00839                 <span class="keywordflow">if</span> (!current_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>) {
<a name="l00840"></a>00840                         <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(<a class="code" href="rr_8c.html#af5527e96a29a0216a275436bc12131ab" title="removes a rd_field member, it will be popped from the last position.">ldns_rr_pop_rdf</a>(nsec_rr));
<a name="l00841"></a>00841                 }
<a name="l00842"></a>00842                 <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(nsec_rr, nsec_ttl);
<a name="l00843"></a>00843                 result = <a class="code" href="dnssec__zone_8c.html#a75451a846632c2f8b6cf461a7dba3f1b" title="Inserts the given rr at the right place in the current dnssec_name No checking is done whether the na...">ldns_dnssec_name_add_rr</a>(current_name, nsec_rr);
<a name="l00844"></a>00844                 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs, nsec_rr);
<a name="l00845"></a>00845                 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(nsec3_list, nsec_rr);
<a name="l00846"></a>00846                 <span class="keywordflow">if</span> (map) {
<a name="l00847"></a>00847                         hashmap_node = <a class="code" href="util_8h.html#a828619b138fdeb9756cd3c874d0551c1" title="Memory management macros.">LDNS_MALLOC</a>(<a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a>);
<a name="l00848"></a>00848                         <span class="keywordflow">if</span> (hashmap_node &amp;&amp; <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(nsec_rr)) {
<a name="l00849"></a>00849                                 hashmap_node-&gt;<a class="code" href="structldns__rbnode__t.html#ad6646f5af0664e6ddedbf78b9deed2dc" title="pointer to sorting key">key</a> = <a class="code" href="dname_8c.html#aee5c4a1b633f7c41d8788610bb2369a8" title="look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME try and retrieve a specific label...">ldns_dname_label</a>(
<a name="l00850"></a>00850                                         <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(nsec_rr), 0);
<a name="l00851"></a>00851                                 <span class="keywordflow">if</span> (hashmap_node-&gt;<a class="code" href="structldns__rbnode__t.html#ad6646f5af0664e6ddedbf78b9deed2dc" title="pointer to sorting key">key</a>) {
<a name="l00852"></a>00852                                         hashmap_node-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a> = current_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#af6ffc673c82b7beb2081a02477ec4df0" title="pointer to a dname containing the name.">name</a>;
<a name="l00853"></a>00853                                         (void) <a class="code" href="rbtree_8c.html#af7453903aed843b18ec24de879faf98f" title="Insert data into the tree.">ldns_rbtree_insert</a>(
<a name="l00854"></a>00854                                                         *map, hashmap_node);
<a name="l00855"></a>00855                                 }
<a name="l00856"></a>00856                         }
<a name="l00857"></a>00857                 }
<a name="l00858"></a>00858                 current_name_node = <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>(
<a name="l00859"></a>00859                                    <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(current_name_node));
<a name="l00860"></a>00860         }
<a name="l00861"></a>00861         <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l00862"></a>00862                 <span class="keywordflow">return</span> result;
<a name="l00863"></a>00863         }
<a name="l00864"></a>00864 
<a name="l00865"></a>00865         <a class="code" href="dnssec_8c.html#a411a6000cc312ebf353ab0e302b97aec" title="sort nsec3 list">ldns_rr_list_sort_nsec3</a>(nsec3_list);
<a name="l00866"></a>00866         result = <a class="code" href="dnssec_8c.html#ad00a2e53f01e8ae1c08402fc80dff757" title="chains nsec3 list">ldns_dnssec_chain_nsec3_list</a>(nsec3_list);
<a name="l00867"></a>00867         <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l00868"></a>00868                 <span class="keywordflow">return</span> result;
<a name="l00869"></a>00869         }
<a name="l00870"></a>00870 
<a name="l00871"></a>00871         <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(nsec3_list);
<a name="l00872"></a>00872         <span class="keywordflow">return</span> result;
<a name="l00873"></a>00873 }
<a name="l00874"></a>00874 
<a name="l00875"></a>00875 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l00876"></a><a class="code" href="dnssec__sign_8h.html#a7b2b133ca1f6eb0e1d2eeabc324ac79e">00876</a> <a class="code" href="dnssec__sign_8c.html#a7b2b133ca1f6eb0e1d2eeabc324ac79e" title="Adds NSEC3 records to the zone.">ldns_dnssec_zone_create_nsec3s</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone,
<a name="l00877"></a>00877                 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs,
<a name="l00878"></a>00878                 uint8_t algorithm,
<a name="l00879"></a>00879                 uint8_t flags,
<a name="l00880"></a>00880                 uint16_t iterations,
<a name="l00881"></a>00881                 uint8_t salt_length,
<a name="l00882"></a>00882                 uint8_t *salt)
<a name="l00883"></a>00883 {
<a name="l00884"></a>00884         <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#a10869af14890cd67324ce653a3c85a7d">ldns_dnssec_zone_create_nsec3s_mkmap</a>(zone, new_rrs, algorithm,
<a name="l00885"></a>00885                         flags, iterations, salt_length, salt, NULL);
<a name="l00886"></a>00886 
<a name="l00887"></a>00887 }
<a name="l00888"></a>00888 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span>
<a name="l00889"></a>00889 
<a name="l00890"></a>00890 <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *
<a name="l00891"></a><a class="code" href="dnssec__sign_8h.html#a2a2c52b87423e4ecc2ab582fa9341b65">00891</a> <a class="code" href="dnssec__sign_8c.html#a2a2c52b87423e4ecc2ab582fa9341b65" title="remove signatures if callback function tells to">ldns_dnssec_remove_signatures</a>(<a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *signatures,
<a name="l00892"></a>00892                                                 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list,
<a name="l00893"></a>00893                                                 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *),
<a name="l00894"></a>00894                                                 <span class="keywordtype">void</span> *arg)
<a name="l00895"></a>00895 {
<a name="l00896"></a>00896         <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *base_rrs = signatures;
<a name="l00897"></a>00897         <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *cur_rr = base_rrs;
<a name="l00898"></a>00898         <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *prev_rr = NULL;
<a name="l00899"></a>00899         <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *next_rr;
<a name="l00900"></a>00900 
<a name="l00901"></a>00901         uint16_t keytag;
<a name="l00902"></a>00902         <span class="keywordtype">size_t</span> i;
<a name="l00903"></a>00903 
<a name="l00904"></a>00904         key_list = key_list;
<a name="l00905"></a>00905 
<a name="l00906"></a>00906         <span class="keywordflow">if</span> (!cur_rr) {
<a name="l00907"></a>00907                 <span class="keywordflow">switch</span>(func(NULL, arg)) {
<a name="l00908"></a>00908                 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#a7d75bfb1850f236aceceeb73dd91cc3d" title="return values for the old-signature callback">LDNS_SIGNATURE_LEAVE_ADD_NEW</a>:
<a name="l00909"></a>00909                 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#ad3c393ca14a32d2a34fb22585caeb73e">LDNS_SIGNATURE_REMOVE_ADD_NEW</a>:
<a name="l00910"></a>00910                 <span class="keywordflow">break</span>;
<a name="l00911"></a>00911                 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#af27db29d1fe3dc7fb7a0f98a766d1a12">LDNS_SIGNATURE_LEAVE_NO_ADD</a>:
<a name="l00912"></a>00912                 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#a9d87cb4cfbb8ee22ffbcc3ddb9d5dce1">LDNS_SIGNATURE_REMOVE_NO_ADD</a>:
<a name="l00913"></a>00913                 <a class="code" href="keys_8c.html#a40afb1fed3e89304d547a2b526d3db16" title="Set the &#39;use&#39; flag for all keys in the list.">ldns_key_list_set_use</a>(key_list, <span class="keyword">false</span>);
<a name="l00914"></a>00914                 <span class="keywordflow">break</span>;
<a name="l00915"></a>00915                 <span class="keywordflow">default</span>:
<a name="l00916"></a>00916                         fprintf(stderr, <span class="stringliteral">&quot;[XX] unknown return value from callback\n&quot;</span>);
<a name="l00917"></a>00917                         <span class="keywordflow">break</span>;
<a name="l00918"></a>00918                 }
<a name="l00919"></a>00919                 <span class="keywordflow">return</span> NULL;
<a name="l00920"></a>00920         }
<a name="l00921"></a>00921         (void)func(cur_rr-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, arg);
<a name="l00922"></a>00922 
<a name="l00923"></a>00923         <span class="keywordflow">while</span> (cur_rr) {
<a name="l00924"></a>00924                 next_rr = cur_rr-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#acac5b19d843d109920d2257b16939ba2">next</a>;
<a name="l00925"></a>00925 
<a name="l00926"></a>00926                 <span class="keywordflow">switch</span> (func(cur_rr-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, arg)) {
<a name="l00927"></a>00927                 <span class="keywordflow">case</span>  <a class="code" href="dnssec_8h.html#a7d75bfb1850f236aceceeb73dd91cc3d" title="return values for the old-signature callback">LDNS_SIGNATURE_LEAVE_ADD_NEW</a>:
<a name="l00928"></a>00928                         prev_rr = cur_rr;
<a name="l00929"></a>00929                         <span class="keywordflow">break</span>;
<a name="l00930"></a>00930                 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#af27db29d1fe3dc7fb7a0f98a766d1a12">LDNS_SIGNATURE_LEAVE_NO_ADD</a>:
<a name="l00931"></a>00931                         keytag = <a class="code" href="rdata_8c.html#a5906b621eda1380a2993255fa649c21d" title="returns the native uint16_t representation from the rdf.">ldns_rdf2native_int16</a>(
<a name="l00932"></a>00932                                            <a class="code" href="rr__functions_8c.html#a5eb09e1c820357f339f9140a0c1f48a7" title="returns the keytag of a LDNS_RR_TYPE_RRSIG RR">ldns_rr_rrsig_keytag</a>(cur_rr-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>));
<a name="l00933"></a>00933                         <span class="keywordflow">for</span> (i = 0; i &lt; <a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++) {
<a name="l00934"></a>00934                                 <span class="keywordflow">if</span> (<a class="code" href="keys_8c.html#a8cf2ca2fc8d72b28076157beb791b347" title="return the keytag">ldns_key_keytag</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i)) ==
<a name="l00935"></a>00935                                     keytag) {
<a name="l00936"></a>00936                                         <a class="code" href="keys_8c.html#a3b7792865c5af9fd4fbc53c04946be01" title="set the use flag">ldns_key_set_use</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i),
<a name="l00937"></a>00937                                                                   <span class="keyword">false</span>);
<a name="l00938"></a>00938                                 }
<a name="l00939"></a>00939                         }
<a name="l00940"></a>00940                         prev_rr = cur_rr;
<a name="l00941"></a>00941                         <span class="keywordflow">break</span>;
<a name="l00942"></a>00942                 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#a9d87cb4cfbb8ee22ffbcc3ddb9d5dce1">LDNS_SIGNATURE_REMOVE_NO_ADD</a>:
<a name="l00943"></a>00943                         keytag = <a class="code" href="rdata_8c.html#a5906b621eda1380a2993255fa649c21d" title="returns the native uint16_t representation from the rdf.">ldns_rdf2native_int16</a>(
<a name="l00944"></a>00944                                            <a class="code" href="rr__functions_8c.html#a5eb09e1c820357f339f9140a0c1f48a7" title="returns the keytag of a LDNS_RR_TYPE_RRSIG RR">ldns_rr_rrsig_keytag</a>(cur_rr-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>));
<a name="l00945"></a>00945                         <span class="keywordflow">for</span> (i = 0; i &lt; <a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++) {
<a name="l00946"></a>00946                                 <span class="keywordflow">if</span> (<a class="code" href="keys_8c.html#a8cf2ca2fc8d72b28076157beb791b347" title="return the keytag">ldns_key_keytag</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i))
<a name="l00947"></a>00947                                     == keytag) {
<a name="l00948"></a>00948                                         <a class="code" href="keys_8c.html#a3b7792865c5af9fd4fbc53c04946be01" title="set the use flag">ldns_key_set_use</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i),
<a name="l00949"></a>00949                                                                   <span class="keyword">false</span>);
<a name="l00950"></a>00950                                 }
<a name="l00951"></a>00951                         }
<a name="l00952"></a>00952                         <span class="keywordflow">if</span> (prev_rr) {
<a name="l00953"></a>00953                                 prev_rr-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#acac5b19d843d109920d2257b16939ba2">next</a> = next_rr;
<a name="l00954"></a>00954                         } <span class="keywordflow">else</span> {
<a name="l00955"></a>00955                                 base_rrs = next_rr;
<a name="l00956"></a>00956                         }
<a name="l00957"></a>00957                         <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(cur_rr);
<a name="l00958"></a>00958                         <span class="keywordflow">break</span>;
<a name="l00959"></a>00959                 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#ad3c393ca14a32d2a34fb22585caeb73e">LDNS_SIGNATURE_REMOVE_ADD_NEW</a>:
<a name="l00960"></a>00960                         <span class="keywordflow">if</span> (prev_rr) {
<a name="l00961"></a>00961                                 prev_rr-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#acac5b19d843d109920d2257b16939ba2">next</a> = next_rr;
<a name="l00962"></a>00962                         } <span class="keywordflow">else</span> {
<a name="l00963"></a>00963                                 base_rrs = next_rr;
<a name="l00964"></a>00964                         }
<a name="l00965"></a>00965                         <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(cur_rr);
<a name="l00966"></a>00966                         <span class="keywordflow">break</span>;
<a name="l00967"></a>00967                 <span class="keywordflow">default</span>:
<a name="l00968"></a>00968                         fprintf(stderr, <span class="stringliteral">&quot;[XX] unknown return value from callback\n&quot;</span>);
<a name="l00969"></a>00969                         <span class="keywordflow">break</span>;
<a name="l00970"></a>00970                 }
<a name="l00971"></a>00971                 cur_rr = next_rr;
<a name="l00972"></a>00972         }
<a name="l00973"></a>00973 
<a name="l00974"></a>00974         <span class="keywordflow">return</span> base_rrs;
<a name="l00975"></a>00975 }
<a name="l00976"></a>00976 
<a name="l00977"></a>00977 <span class="preprocessor">#ifdef HAVE_SSL</span>
<a name="l00978"></a>00978 <span class="preprocessor"></span><a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l00979"></a><a class="code" href="dnssec__sign_8h.html#a9b1ca8286057ed8da5791b3d400fe150">00979</a> <a class="code" href="dnssec__sign_8c.html#a9b1ca8286057ed8da5791b3d400fe150" title="Adds signatures to the zone.">ldns_dnssec_zone_create_rrsigs</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone,
<a name="l00980"></a>00980                                <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs,
<a name="l00981"></a>00981                                <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list,
<a name="l00982"></a>00982                                <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span>*),
<a name="l00983"></a>00983                                <span class="keywordtype">void</span> *arg)
<a name="l00984"></a>00984 {
<a name="l00985"></a>00985         <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#aee55b095c954f2bb72d9c7f6038766f8" title="Adds signatures to the zone.">ldns_dnssec_zone_create_rrsigs_flg</a>(zone, new_rrs, key_list,
<a name="l00986"></a>00986                 func, arg, 0);
<a name="l00987"></a>00987 }
<a name="l00988"></a>00988 
<a name="l00990"></a>00990 <span class="keyword">static</span> <span class="keywordtype">void</span>
<a name="l00991"></a>00991 ldns_key_list_filter_for_dnskey(<a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list)
<a name="l00992"></a>00992 {
<a name="l00993"></a>00993         <span class="keywordtype">int</span> saw_ksk = 0;
<a name="l00994"></a>00994         <span class="keywordtype">size_t</span> i;
<a name="l00995"></a>00995         <span class="keywordflow">for</span>(i=0; i&lt;<a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++)
<a name="l00996"></a>00996                 <span class="keywordflow">if</span>((<a class="code" href="keys_8c.html#ad4359824295f24c7cef57b616288947d" title="return the flag of the key">ldns_key_flags</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i))&amp;<a class="code" href="keys_8h.html#a32c73f4b55d4cd43d7303b1351baa84c">LDNS_KEY_SEP_KEY</a>)) {
<a name="l00997"></a>00997                         saw_ksk = 1;
<a name="l00998"></a>00998                         <span class="keywordflow">break</span>;
<a name="l00999"></a>00999                 }
<a name="l01000"></a>01000         <span class="keywordflow">if</span>(!saw_ksk)
<a name="l01001"></a>01001                 <span class="keywordflow">return</span>;
<a name="l01002"></a>01002         <span class="keywordflow">for</span>(i=0; i&lt;<a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++)
<a name="l01003"></a>01003                 <span class="keywordflow">if</span>(!(<a class="code" href="keys_8c.html#ad4359824295f24c7cef57b616288947d" title="return the flag of the key">ldns_key_flags</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i))&amp;LDNS_KEY_SEP_KEY))
<a name="l01004"></a>01004                         <a class="code" href="keys_8c.html#a3b7792865c5af9fd4fbc53c04946be01" title="set the use flag">ldns_key_set_use</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i), 0);
<a name="l01005"></a>01005 }
<a name="l01006"></a>01006 
<a name="l01008"></a>01008 <span class="keyword">static</span> <span class="keywordtype">void</span>
<a name="l01009"></a>01009 ldns_key_list_filter_for_non_dnskey(<a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list)
<a name="l01010"></a>01010 {
<a name="l01011"></a>01011         <span class="keywordtype">int</span> saw_zsk = 0;
<a name="l01012"></a>01012         <span class="keywordtype">size_t</span> i;
<a name="l01013"></a>01013         <span class="keywordflow">for</span>(i=0; i&lt;<a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++)
<a name="l01014"></a>01014                 <span class="keywordflow">if</span>(!(<a class="code" href="keys_8c.html#ad4359824295f24c7cef57b616288947d" title="return the flag of the key">ldns_key_flags</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i))&amp;LDNS_KEY_SEP_KEY)) {
<a name="l01015"></a>01015                         saw_zsk = 1;
<a name="l01016"></a>01016                         <span class="keywordflow">break</span>;
<a name="l01017"></a>01017                 }
<a name="l01018"></a>01018         <span class="keywordflow">if</span>(!saw_zsk)
<a name="l01019"></a>01019                 <span class="keywordflow">return</span>;
<a name="l01020"></a>01020         <span class="comment">/* else filter all KSKs */</span>
<a name="l01021"></a>01021         <span class="keywordflow">for</span>(i=0; i&lt;<a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++)
<a name="l01022"></a>01022                 <span class="keywordflow">if</span>((<a class="code" href="keys_8c.html#ad4359824295f24c7cef57b616288947d" title="return the flag of the key">ldns_key_flags</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i))&amp;LDNS_KEY_SEP_KEY))
<a name="l01023"></a>01023                         <a class="code" href="keys_8c.html#a3b7792865c5af9fd4fbc53c04946be01" title="set the use flag">ldns_key_set_use</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i), 0);
<a name="l01024"></a>01024 }
<a name="l01025"></a>01025 
<a name="l01026"></a>01026 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l01027"></a><a class="code" href="dnssec__sign_8h.html#aee55b095c954f2bb72d9c7f6038766f8">01027</a> <a class="code" href="dnssec__sign_8c.html#aee55b095c954f2bb72d9c7f6038766f8" title="Adds signatures to the zone.">ldns_dnssec_zone_create_rrsigs_flg</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone,
<a name="l01028"></a>01028                                <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs,
<a name="l01029"></a>01029                                <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list,
<a name="l01030"></a>01030                                <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span>*),
<a name="l01031"></a>01031                                <span class="keywordtype">void</span> *arg,
<a name="l01032"></a>01032                                <span class="keywordtype">int</span> flags)
<a name="l01033"></a>01033 {
<a name="l01034"></a>01034         <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> result = <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>;
<a name="l01035"></a>01035 
<a name="l01036"></a>01036         <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *cur_node;
<a name="l01037"></a>01037         <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rr_list;
<a name="l01038"></a>01038 
<a name="l01039"></a>01039         <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *cur_name;
<a name="l01040"></a>01040         <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *cur_rrset;
<a name="l01041"></a>01041         <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *cur_rr;
<a name="l01042"></a>01042 
<a name="l01043"></a>01043         <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *siglist;
<a name="l01044"></a>01044 
<a name="l01045"></a>01045         <span class="keywordtype">size_t</span> i;
<a name="l01046"></a>01046 
<a name="l01047"></a>01047         <span class="keywordtype">int</span> on_delegation_point = 0; <span class="comment">/* handle partially occluded names */</span>
<a name="l01048"></a>01048 
<a name="l01049"></a>01049         <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *pubkey_list = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>();
<a name="l01050"></a>01050         zone = zone;
<a name="l01051"></a>01051         new_rrs = new_rrs;
<a name="l01052"></a>01052         key_list = key_list;
<a name="l01053"></a>01053         <span class="keywordflow">for</span> (i = 0; i&lt;<a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++) {
<a name="l01054"></a>01054                 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(pubkey_list,
<a name="l01055"></a>01055                                                  <a class="code" href="keys_8c.html#a45bdcdbe6aac4764bff1ad12a86a6541" title="converts a ldns_key to a public key rr If the key data exists at an external point, the corresponding rdata field must still be added with ldns_rr_rdf_push() to the result rr of this function">ldns_key2rr</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i)));
<a name="l01056"></a>01056         }
<a name="l01057"></a>01057         <span class="comment">/* TODO: callback to see is list should be signed */</span>
<a name="l01058"></a>01058         <span class="comment">/* TODO: remove &#39;old&#39; signatures from signature list */</span>
<a name="l01059"></a>01059         cur_node = <a class="code" href="rbtree_8c.html#a76946c6350e5d16e645c5c0bbecfe017" title="Returns first (smallest) node in the tree.">ldns_rbtree_first</a>(zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>);
<a name="l01060"></a>01060         <span class="keywordflow">while</span> (cur_node != <a class="code" href="rbtree_8h.html#ab30c305b53af0832956712d035d96631" title="The nullpointer, points to empty node.">LDNS_RBTREE_NULL</a>) {
<a name="l01061"></a>01061                 cur_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *) cur_node-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>;
<a name="l01062"></a>01062 
<a name="l01063"></a>01063                 if (!cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#a5d8462ca54ab4c2411ec798f92ec215f" title="Unlike what the name is_glue suggests, this field is set to true by ldns_dnssec_zone_mark_glue() or l...">is_glue</a>) {
<a name="l01064"></a>01064                         on_delegation_point = <a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>(
<a name="l01065"></a>01065                                         cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daaa3b41f5c015a14a145a7f21ae29a8795" title="an authoritative name server">LDNS_RR_TYPE_NS</a>)
<a name="l01066"></a>01066                                 &amp;&amp; !<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>(
<a name="l01067"></a>01067                                         cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>);
<a name="l01068"></a>01068                         cur_rrset = cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>;
<a name="l01069"></a>01069                         <span class="keywordflow">while</span> (cur_rrset) {
<a name="l01070"></a>01070                                 <span class="comment">/* reset keys to use */</span>
<a name="l01071"></a>01071                                 <a class="code" href="keys_8c.html#a40afb1fed3e89304d547a2b526d3db16" title="Set the &#39;use&#39; flag for all keys in the list.">ldns_key_list_set_use</a>(key_list, <span class="keyword">true</span>);
<a name="l01072"></a>01072 
<a name="l01073"></a>01073                                 <span class="comment">/* walk through old sigs, remove the old,</span>
<a name="l01074"></a>01074 <span class="comment">                                   and mark which keys (not) to use) */</span>
<a name="l01075"></a>01075                                 cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a> =
<a name="l01076"></a>01076                                         <a class="code" href="dnssec__sign_8c.html#a2a2c52b87423e4ecc2ab582fa9341b65" title="remove signatures if callback function tells to">ldns_dnssec_remove_signatures</a>(cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a>,
<a name="l01077"></a>01077                                                                                         key_list,
<a name="l01078"></a>01078                                                                                         func,
<a name="l01079"></a>01079                                                                                         arg);
<a name="l01080"></a>01080                                 <span class="keywordflow">if</span>(!(flags&amp;<a class="code" href="dnssec__sign_8h.html#a8f8735648270a4f13583624b37f935fb" title="dnssec_verify">LDNS_SIGN_DNSKEY_WITH_ZSK</a>) &amp;&amp;
<a name="l01081"></a>01081                                         cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa316efb0ac15f31b6891fa6fba833eae8">LDNS_RR_TYPE_DNSKEY</a>)
<a name="l01082"></a>01082                                         ldns_key_list_filter_for_dnskey(key_list);
<a name="l01083"></a>01083 
<a name="l01084"></a>01084                                 <span class="keywordflow">if</span>(cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa316efb0ac15f31b6891fa6fba833eae8">LDNS_RR_TYPE_DNSKEY</a>)
<a name="l01085"></a>01085                                         ldns_key_list_filter_for_non_dnskey(key_list);
<a name="l01086"></a>01086 
<a name="l01087"></a>01087                                 <span class="comment">/* TODO: just set count to zero? */</span>
<a name="l01088"></a>01088                                 rr_list = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>();
<a name="l01089"></a>01089 
<a name="l01090"></a>01090                                 cur_rr = cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>;
<a name="l01091"></a>01091                                 <span class="keywordflow">while</span> (cur_rr) {
<a name="l01092"></a>01092                                         <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(rr_list, cur_rr-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>);
<a name="l01093"></a>01093                                         cur_rr = cur_rr-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#acac5b19d843d109920d2257b16939ba2">next</a>;
<a name="l01094"></a>01094                                 }
<a name="l01095"></a>01095 
<a name="l01096"></a>01096                                 <span class="comment">/* only sign non-delegation RRsets */</span>
<a name="l01097"></a>01097                                 <span class="comment">/* (glue should have been marked earlier, </span>
<a name="l01098"></a>01098 <span class="comment">                                 *  except on the delegation points itself) */</span>
<a name="l01099"></a>01099                                 <span class="keywordflow">if</span> (!on_delegation_point ||
<a name="l01100"></a>01100                                                 <a class="code" href="rr_8c.html#a3aca4f8ace1b6c619a92b014ba343899" title="Returns the type of the first element of the RR If there are no elements present, 0 is returned...">ldns_rr_list_type</a>(rr_list) 
<a name="l01101"></a>01101                                                         == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6014f51afd4f88ae81c2d0e8afef8894" title="draft-ietf-dnsext-delegation">LDNS_RR_TYPE_DS</a> ||
<a name="l01102"></a>01102                                                 <a class="code" href="rr_8c.html#a3aca4f8ace1b6c619a92b014ba343899" title="Returns the type of the first element of the RR If there are no elements present, 0 is returned...">ldns_rr_list_type</a>(rr_list) 
<a name="l01103"></a>01103                                                         == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a> ||
<a name="l01104"></a>01104                                                 <a class="code" href="rr_8c.html#a3aca4f8ace1b6c619a92b014ba343899" title="Returns the type of the first element of the RR If there are no elements present, 0 is returned...">ldns_rr_list_type</a>(rr_list) 
<a name="l01105"></a>01105                                                         == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>) {
<a name="l01106"></a>01106                                         siglist = <a class="code" href="dnssec__sign_8c.html#a1e464ee25453579eb3f55b8ff468f67f" title="use this function to sign with a public/private key alg return the created signatures">ldns_sign_public</a>(rr_list, key_list);
<a name="l01107"></a>01107                                         <span class="keywordflow">for</span> (i = 0; i &lt; <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr&#39;s in an rr_list.">ldns_rr_list_rr_count</a>(siglist); i++) {
<a name="l01108"></a>01108                                                 <span class="keywordflow">if</span> (cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a>) {
<a name="l01109"></a>01109                                                         result = <a class="code" href="dnssec__zone_8c.html#a487c51146440838782c3cd244ff8f8ac" title="Adds an RR to the list of RRs.">ldns_dnssec_rrs_add_rr</a>(cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a>,
<a name="l01110"></a>01110                                                                                            <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist,
<a name="l01111"></a>01111                                                                                                                     i));
<a name="l01112"></a>01112                                                 } <span class="keywordflow">else</span> {
<a name="l01113"></a>01113                                                         cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a> = <a class="code" href="dnssec__zone_8c.html#a5bfffad41186e87d4617d8e737336f8f" title="Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs.">ldns_dnssec_rrs_new</a>();
<a name="l01114"></a>01114                                                         cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a>-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a> =
<a name="l01115"></a>01115                                                                 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist, i);
<a name="l01116"></a>01116                                                         <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs,
<a name="l01117"></a>01117                                                                                          <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist,
<a name="l01118"></a>01118                                                                                                                   i));
<a name="l01119"></a>01119                                                 }
<a name="l01120"></a>01120                                         }
<a name="l01121"></a>01121                                         <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(siglist);
<a name="l01122"></a>01122                                 }
<a name="l01123"></a>01123 
<a name="l01124"></a>01124                                 <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(rr_list);
<a name="l01125"></a>01125 
<a name="l01126"></a>01126                                 cur_rrset = cur_rrset-&gt;<a class="code" href="structldns__struct__dnssec__rrsets.html#a980e963be13c1f575bf86ce65936d95b">next</a>;
<a name="l01127"></a>01127                         }
<a name="l01128"></a>01128 
<a name="l01129"></a>01129                         <span class="comment">/* sign the nsec */</span>
<a name="l01130"></a>01130                         <a class="code" href="keys_8c.html#a40afb1fed3e89304d547a2b526d3db16" title="Set the &#39;use&#39; flag for all keys in the list.">ldns_key_list_set_use</a>(key_list, <span class="keyword">true</span>);
<a name="l01131"></a>01131                         cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a> =
<a name="l01132"></a>01132                                 <a class="code" href="dnssec__sign_8c.html#a2a2c52b87423e4ecc2ab582fa9341b65" title="remove signatures if callback function tells to">ldns_dnssec_remove_signatures</a>(cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a>,
<a name="l01133"></a>01133                                                                                 key_list,
<a name="l01134"></a>01134                                                                                 func,
<a name="l01135"></a>01135                                                                                 arg);
<a name="l01136"></a>01136                         ldns_key_list_filter_for_non_dnskey(key_list);
<a name="l01137"></a>01137 
<a name="l01138"></a>01138                         rr_list = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>();
<a name="l01139"></a>01139                         <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(rr_list, cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#a19a33201b18f132a9fc42db8a0fd00be" title="NSEC pointing to the next name (or NSEC3 pointing to the next NSEC3)">nsec</a>);
<a name="l01140"></a>01140                         siglist = <a class="code" href="dnssec__sign_8c.html#a1e464ee25453579eb3f55b8ff468f67f" title="use this function to sign with a public/private key alg return the created signatures">ldns_sign_public</a>(rr_list, key_list);
<a name="l01141"></a>01141 
<a name="l01142"></a>01142                         <span class="keywordflow">for</span> (i = 0; i &lt; <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr&#39;s in an rr_list.">ldns_rr_list_rr_count</a>(siglist); i++) {
<a name="l01143"></a>01143                                 <span class="keywordflow">if</span> (cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a>) {
<a name="l01144"></a>01144                                         result = <a class="code" href="dnssec__zone_8c.html#a487c51146440838782c3cd244ff8f8ac" title="Adds an RR to the list of RRs.">ldns_dnssec_rrs_add_rr</a>(cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a>,
<a name="l01145"></a>01145                                                                            <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist, i));
<a name="l01146"></a>01146                                 } <span class="keywordflow">else</span> {
<a name="l01147"></a>01147                                         cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a> = <a class="code" href="dnssec__zone_8c.html#a5bfffad41186e87d4617d8e737336f8f" title="Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs.">ldns_dnssec_rrs_new</a>();
<a name="l01148"></a>01148                                         cur_name-&gt;<a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a>-&gt;<a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a> =
<a name="l01149"></a>01149                                                 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist, i);
<a name="l01150"></a>01150                                         <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs,
<a name="l01151"></a>01151                                                                          <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist, i));
<a name="l01152"></a>01152                                 }
<a name="l01153"></a>01153                         }
<a name="l01154"></a>01154 
<a name="l01155"></a>01155                         <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(siglist);
<a name="l01156"></a>01156                         <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(rr_list);
<a name="l01157"></a>01157                 }
<a name="l01158"></a>01158                 cur_node = <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(cur_node);
<a name="l01159"></a>01159         }
<a name="l01160"></a>01160 
<a name="l01161"></a>01161         <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(pubkey_list);
<a name="l01162"></a>01162         <span class="keywordflow">return</span> result;
<a name="l01163"></a>01163 }
<a name="l01164"></a>01164 
<a name="l01165"></a>01165 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l01166"></a><a class="code" href="dnssec__sign_8h.html#a7f6872f627b4d98f379481dd92080f9a">01166</a> <a class="code" href="dnssec__sign_8c.html#a7f6872f627b4d98f379481dd92080f9a" title="signs the given zone with the given keys">ldns_dnssec_zone_sign</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone,
<a name="l01167"></a>01167                                   <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs,
<a name="l01168"></a>01168                                   <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list,
<a name="l01169"></a>01169                                   <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *),
<a name="l01170"></a>01170                                   <span class="keywordtype">void</span> *arg)
<a name="l01171"></a>01171 {
<a name="l01172"></a>01172         <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#abba5342158af42e5a15d5623bdf684c5" title="signs the given zone with the given keys">ldns_dnssec_zone_sign_flg</a>(zone, new_rrs, key_list, func, arg, 0);
<a name="l01173"></a>01173 }
<a name="l01174"></a>01174 
<a name="l01175"></a>01175 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l01176"></a><a class="code" href="dnssec__sign_8h.html#abba5342158af42e5a15d5623bdf684c5">01176</a> <a class="code" href="dnssec__sign_8c.html#abba5342158af42e5a15d5623bdf684c5" title="signs the given zone with the given keys">ldns_dnssec_zone_sign_flg</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone,
<a name="l01177"></a>01177                                   <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs,
<a name="l01178"></a>01178                                   <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list,
<a name="l01179"></a>01179                                   <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *),
<a name="l01180"></a>01180                                   <span class="keywordtype">void</span> *arg,
<a name="l01181"></a>01181                                   <span class="keywordtype">int</span> flags)
<a name="l01182"></a>01182 {
<a name="l01183"></a>01183         <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> result = <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>;
<a name="l01184"></a>01184 
<a name="l01185"></a>01185         <span class="keywordflow">if</span> (!zone || !new_rrs || !key_list) {
<a name="l01186"></a>01186                 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>;
<a name="l01187"></a>01187         }
<a name="l01188"></a>01188 
<a name="l01189"></a>01189         <span class="comment">/* zone is already sorted */</span>
<a name="l01190"></a>01190         result = <a class="code" href="dnssec__sign_8c.html#a5e1d049026b2768cd455952bb6725d86" title="Marks the names in the zone that are occluded.">ldns_dnssec_zone_mark_glue</a>(zone);
<a name="l01191"></a>01191         <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l01192"></a>01192                 <span class="keywordflow">return</span> result;
<a name="l01193"></a>01193         }
<a name="l01194"></a>01194 
<a name="l01195"></a>01195         <span class="comment">/* check whether we need to add nsecs */</span>
<a name="l01196"></a>01196         <span class="keywordflow">if</span> (zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a> &amp;&amp; !((<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>-&gt;<a class="code" href="structldns__rbtree__t.html#abfa0bbc0290bf80cfcb4b239a3e84046" title="The root of the red-black tree.">root</a>-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>)-&gt;nsec) {
<a name="l01197"></a>01197                 result = <a class="code" href="dnssec__sign_8c.html#ae40e5c92c6c14b68f305f861b393ca4c" title="Adds NSEC records to the given dnssec_zone.">ldns_dnssec_zone_create_nsecs</a>(zone, new_rrs);
<a name="l01198"></a>01198                 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l01199"></a>01199                         <span class="keywordflow">return</span> result;
<a name="l01200"></a>01200                 }
<a name="l01201"></a>01201         }
<a name="l01202"></a>01202 
<a name="l01203"></a>01203         result = <a class="code" href="dnssec__sign_8c.html#aee55b095c954f2bb72d9c7f6038766f8" title="Adds signatures to the zone.">ldns_dnssec_zone_create_rrsigs_flg</a>(zone,
<a name="l01204"></a>01204                                         new_rrs,
<a name="l01205"></a>01205                                         key_list,
<a name="l01206"></a>01206                                         func,
<a name="l01207"></a>01207                                         arg,
<a name="l01208"></a>01208                                         flags);
<a name="l01209"></a>01209 
<a name="l01210"></a>01210         <span class="keywordflow">return</span> result;
<a name="l01211"></a>01211 }
<a name="l01212"></a>01212 
<a name="l01213"></a>01213 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l01214"></a><a class="code" href="dnssec__sign_8h.html#ae73c80d9bf48e9137233e10a5d972628">01214</a> <a class="code" href="dnssec__sign_8c.html#ae73c80d9bf48e9137233e10a5d972628" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone,
<a name="l01215"></a>01215                                            <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs,
<a name="l01216"></a>01216                                            <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list,
<a name="l01217"></a>01217                                            <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *),
<a name="l01218"></a>01218                                            <span class="keywordtype">void</span> *arg,
<a name="l01219"></a>01219                                            uint8_t algorithm,
<a name="l01220"></a>01220                                            uint8_t flags,
<a name="l01221"></a>01221                                            uint16_t iterations,
<a name="l01222"></a>01222                                            uint8_t salt_length,
<a name="l01223"></a>01223                                            uint8_t *salt)
<a name="l01224"></a>01224 {
<a name="l01225"></a>01225         <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#aa332464b3fd3d57c68a75fdc8e9b8c69" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3_flg_mkmap</a>(zone, new_rrs, key_list,
<a name="l01226"></a>01226                 func, arg, algorithm, flags, iterations, salt_length, salt, 0,
<a name="l01227"></a>01227                 NULL);
<a name="l01228"></a>01228 }
<a name="l01229"></a>01229 
<a name="l01230"></a>01230 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l01231"></a><a class="code" href="dnssec__sign_8h.html#aa332464b3fd3d57c68a75fdc8e9b8c69">01231</a> <a class="code" href="dnssec__sign_8c.html#aa332464b3fd3d57c68a75fdc8e9b8c69" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3_flg_mkmap</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone,
<a name="l01232"></a>01232                 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs,
<a name="l01233"></a>01233                 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list,
<a name="l01234"></a>01234                 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *),
<a name="l01235"></a>01235                 <span class="keywordtype">void</span> *arg,
<a name="l01236"></a>01236                 uint8_t algorithm,
<a name="l01237"></a>01237                 uint8_t flags,
<a name="l01238"></a>01238                 uint16_t iterations,
<a name="l01239"></a>01239                 uint8_t salt_length,
<a name="l01240"></a>01240                 uint8_t *salt,
<a name="l01241"></a>01241                 <span class="keywordtype">int</span> signflags,
<a name="l01242"></a>01242                 <a class="code" href="structldns__rbtree__t.html" title="definition for tree struct">ldns_rbtree_t</a> **map)
<a name="l01243"></a>01243 {
<a name="l01244"></a>01244         <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3, *nsec3param;
<a name="l01245"></a>01245         <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> result = <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>;
<a name="l01246"></a>01246 
<a name="l01247"></a>01247         <span class="comment">/* zone is already sorted */</span>
<a name="l01248"></a>01248         result = <a class="code" href="dnssec__sign_8c.html#a5e1d049026b2768cd455952bb6725d86" title="Marks the names in the zone that are occluded.">ldns_dnssec_zone_mark_glue</a>(zone);
<a name="l01249"></a>01249         <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l01250"></a>01250                 <span class="keywordflow">return</span> result;
<a name="l01251"></a>01251         }
<a name="l01252"></a>01252 
<a name="l01253"></a>01253         <span class="comment">/* TODO if there are already nsec3s presents and their</span>
<a name="l01254"></a>01254 <span class="comment">         * parameters are the same as these, we don&#39;t have to recreate</span>
<a name="l01255"></a>01255 <span class="comment">         */</span>
<a name="l01256"></a>01256         <span class="keywordflow">if</span> (zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>) {
<a name="l01257"></a>01257                 <span class="comment">/* add empty nonterminals */</span>
<a name="l01258"></a>01258                 result = <a class="code" href="dnssec__zone_8c.html#a93138f81a2cb42fde4167121e0068258" title="Adds explicit dnssec_name structures for the empty nonterminals in this zone.">ldns_dnssec_zone_add_empty_nonterminals</a>(zone);
<a name="l01259"></a>01259                 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l01260"></a>01260                         <span class="keywordflow">return</span> result;
<a name="l01261"></a>01261                 }
<a name="l01262"></a>01262 
<a name="l01263"></a>01263                 nsec3 = ((<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>-&gt;<a class="code" href="structldns__rbtree__t.html#abfa0bbc0290bf80cfcb4b239a3e84046" title="The root of the red-black tree.">root</a>-&gt;<a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>)-&gt;nsec;
<a name="l01264"></a>01264                 <span class="keywordflow">if</span> (nsec3 &amp;&amp; <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>) {
<a name="l01265"></a>01265                         <span class="comment">/* no need to recreate */</span>
<a name="l01266"></a>01266                 } <span class="keywordflow">else</span> {
<a name="l01267"></a>01267                         <span class="keywordflow">if</span> (!<a class="code" href="dnssec__zone_8c.html#a8c3439ad6e89e3d4d469946f05868250" title="Find the RRset with the given name and type in the zone.">ldns_dnssec_zone_find_rrset</a>(zone,
<a name="l01268"></a>01268                                                                            zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#af801912584df39827a745eee20273fb0" title="points to the name containing the SOA RR">soa</a>-&gt;<a class="code" href="structldns__struct__dnssec__name.html#af6ffc673c82b7beb2081a02477ec4df0" title="pointer to a dname containing the name.">name</a>,
<a name="l01269"></a>01269                                                                            <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6ae1d49278325b00ed6f8f5c21ed2c77">LDNS_RR_TYPE_NSEC3PARAM</a>)) {
<a name="l01270"></a>01270                                 <span class="comment">/* create and add the nsec3param rr */</span>
<a name="l01271"></a>01271                                 nsec3param =
<a name="l01272"></a>01272                                         <a class="code" href="rr_8c.html#a49a0499723e18408806c7023b5090517" title="creates a new rr structure, based on the given type.">ldns_rr_new_frm_type</a>(<a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6ae1d49278325b00ed6f8f5c21ed2c77">LDNS_RR_TYPE_NSEC3PARAM</a>);
<a name="l01273"></a>01273                                 <a class="code" href="rr_8c.html#a2c7374383b168ce0d33b56f43a91c940" title="sets the owner in the rr structure.">ldns_rr_set_owner</a>(nsec3param,
<a name="l01274"></a>01274                                                            <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(zone-&gt;<a class="code" href="structldns__struct__dnssec__zone.html#af801912584df39827a745eee20273fb0" title="points to the name containing the SOA RR">soa</a>-&gt;<a class="code" href="structldns__struct__dnssec__name.html#af6ffc673c82b7beb2081a02477ec4df0" title="pointer to a dname containing the name.">name</a>));
<a name="l01275"></a>01275                                 <a class="code" href="dnssec_8c.html#a32e7e1f34ec0a19c6d20997bd4191b61" title="Sets all the NSEC3 options.">ldns_nsec3_add_param_rdfs</a>(nsec3param,
<a name="l01276"></a>01276                                                                          algorithm,
<a name="l01277"></a>01277                                                                          flags,
<a name="l01278"></a>01278                                                                          iterations,
<a name="l01279"></a>01279                                                                          salt_length,
<a name="l01280"></a>01280                                                                          salt);
<a name="l01281"></a>01281                                 <span class="comment">/* always set bit 7 of the flags to zero, according to</span>
<a name="l01282"></a>01282 <span class="comment">                                 * rfc5155 section 11 */</span>
<a name="l01283"></a>01283                                 <a class="code" href="util_8c.html#a2d1ca37b28b9053aedc68d9ab4c62cae" title="sets the specified bit in the specified byte to 1 if value is true, 0 if false The bits are counted f...">ldns_set_bit</a>(<a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3param, 1)), 7, 0);
<a name="l01284"></a>01284                                 result = <a class="code" href="dnssec__zone_8c.html#a82eddabbee6ef7441a8c3d723c23bdc2" title="Adds the given RR to the zone.">ldns_dnssec_zone_add_rr</a>(zone, nsec3param);
<a name="l01285"></a>01285                                 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l01286"></a>01286                                         <span class="keywordflow">return</span> result;
<a name="l01287"></a>01287                                 }
<a name="l01288"></a>01288                                 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs, nsec3param);
<a name="l01289"></a>01289                         }
<a name="l01290"></a>01290                         result = <a class="code" href="dnssec__sign_8c.html#a10869af14890cd67324ce653a3c85a7d">ldns_dnssec_zone_create_nsec3s_mkmap</a>(zone,
<a name="l01291"></a>01291                                                                                         new_rrs,
<a name="l01292"></a>01292                                                                                         algorithm,
<a name="l01293"></a>01293                                                                                         flags,
<a name="l01294"></a>01294                                                                                         iterations,
<a name="l01295"></a>01295                                                                                         salt_length,
<a name="l01296"></a>01296                                                                                         salt,
<a name="l01297"></a>01297                                                                                         map);
<a name="l01298"></a>01298                         <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) {
<a name="l01299"></a>01299                                 <span class="keywordflow">return</span> result;
<a name="l01300"></a>01300                         }
<a name="l01301"></a>01301                 }
<a name="l01302"></a>01302 
<a name="l01303"></a>01303                 result = <a class="code" href="dnssec__sign_8c.html#aee55b095c954f2bb72d9c7f6038766f8" title="Adds signatures to the zone.">ldns_dnssec_zone_create_rrsigs_flg</a>(zone,
<a name="l01304"></a>01304                                                 new_rrs,
<a name="l01305"></a>01305                                                 key_list,
<a name="l01306"></a>01306                                                 func,
<a name="l01307"></a>01307                                                 arg,
<a name="l01308"></a>01308                                                 signflags);
<a name="l01309"></a>01309         }
<a name="l01310"></a>01310 
<a name="l01311"></a>01311         <span class="keywordflow">return</span> result;
<a name="l01312"></a>01312 }
<a name="l01313"></a>01313 
<a name="l01314"></a>01314 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a>
<a name="l01315"></a><a class="code" href="dnssec__sign_8h.html#a92fc18d880bcfcdd8d3cbdc2df4c0b0d">01315</a> <a class="code" href="dnssec__sign_8c.html#a92fc18d880bcfcdd8d3cbdc2df4c0b0d" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3_flg</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone,
<a name="l01316"></a>01316                 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs,
<a name="l01317"></a>01317                 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list,
<a name="l01318"></a>01318                 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *),
<a name="l01319"></a>01319                 <span class="keywordtype">void</span> *arg,
<a name="l01320"></a>01320                 uint8_t algorithm,
<a name="l01321"></a>01321                 uint8_t flags,
<a name="l01322"></a>01322                 uint16_t iterations,
<a name="l01323"></a>01323                 uint8_t salt_length,
<a name="l01324"></a>01324                 uint8_t *salt,
<a name="l01325"></a>01325                 <span class="keywordtype">int</span> signflags)
<a name="l01326"></a>01326 {
<a name="l01327"></a>01327         <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#aa332464b3fd3d57c68a75fdc8e9b8c69" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3_flg_mkmap</a>(zone, new_rrs, key_list,
<a name="l01328"></a>01328                 func, arg, algorithm, flags, iterations, salt_length, salt,
<a name="l01329"></a>01329                 signflags, NULL);
<a name="l01330"></a>01330 }
<a name="l01331"></a>01331 
<a name="l01332"></a>01332 <a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> *
<a name="l01333"></a><a class="code" href="dnssec__sign_8h.html#a51bcf188424a6c3e90241b59aa2c172b">01333</a> <a class="code" href="dnssec__sign_8c.html#a51bcf188424a6c3e90241b59aa2c172b" title="Signs the zone, and returns a newly allocated signed zone.">ldns_zone_sign</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> *zone, <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list)
<a name="l01334"></a>01334 {
<a name="l01335"></a>01335         <a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *dnssec_zone;
<a name="l01336"></a>01336         <a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> *signed_zone;
<a name="l01337"></a>01337         <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs;
<a name="l01338"></a>01338         <span class="keywordtype">size_t</span> i;
<a name="l01339"></a>01339 
<a name="l01340"></a>01340         signed_zone = <a class="code" href="zone_8c.html#a0f700a61daf31429b1c2b3f0426e186e" title="create a new ldns_zone structure">ldns_zone_new</a>();
<a name="l01341"></a>01341         dnssec_zone = <a class="code" href="dnssec__zone_8c.html#a980d3d3a4c36b3cab999f85d1d312ee4" title="Creates a new dnssec_zone structure.">ldns_dnssec_zone_new</a>();
<a name="l01342"></a>01342 
<a name="l01343"></a>01343         (void) <a class="code" href="dnssec__zone_8c.html#a82eddabbee6ef7441a8c3d723c23bdc2" title="Adds the given RR to the zone.">ldns_dnssec_zone_add_rr</a>(dnssec_zone, <a class="code" href="zone_8c.html#aae16d59c27e1f2292f8bd87604517e0c" title="Return the soa record of a zone.">ldns_zone_soa</a>(zone));
<a name="l01344"></a>01344         <a class="code" href="zone_8c.html#a07b0fcc3777e44bbb8940aaeeb2e3661" title="Set the zone&#39;s soa record.">ldns_zone_set_soa</a>(signed_zone, <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="zone_8c.html#aae16d59c27e1f2292f8bd87604517e0c" title="Return the soa record of a zone.">ldns_zone_soa</a>(zone)));
<a name="l01345"></a>01345 
<a name="l01346"></a>01346         <span class="keywordflow">for</span> (i = 0; i &lt; <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr&#39;s in an rr_list.">ldns_rr_list_rr_count</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone&#39;s content.">ldns_zone_rrs</a>(zone)); i++) {
<a name="l01347"></a>01347                 (void) <a class="code" href="dnssec__zone_8c.html#a82eddabbee6ef7441a8c3d723c23bdc2" title="Adds the given RR to the zone.">ldns_dnssec_zone_add_rr</a>(dnssec_zone,
<a name="l01348"></a>01348                                                                  <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone&#39;s content.">ldns_zone_rrs</a>(zone),
<a name="l01349"></a>01349                                                                                           i));
<a name="l01350"></a>01350                 <a class="code" href="zone_8c.html#aa292fe9d4d934d13780d0a56de21ebe2" title="push an single rr to a zone structure.">ldns_zone_push_rr</a>(signed_zone,
<a name="l01351"></a>01351                                            <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone&#39;s content.">ldns_zone_rrs</a>(zone),
<a name="l01352"></a>01352                                                                                            i)));
<a name="l01353"></a>01353         }
<a name="l01354"></a>01354 
<a name="l01355"></a>01355         new_rrs = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>();
<a name="l01356"></a>01356         (void) <a class="code" href="dnssec__sign_8c.html#a7f6872f627b4d98f379481dd92080f9a" title="signs the given zone with the given keys">ldns_dnssec_zone_sign</a>(dnssec_zone,
<a name="l01357"></a>01357                                                     new_rrs,
<a name="l01358"></a>01358                                                     key_list,
<a name="l01359"></a>01359                                                     <a class="code" href="dnssec_8c.html#aa20001e7098d4be9f24baf56a8761410" title="Default callback function to always leave present signatures, and add new ones.">ldns_dnssec_default_replace_signatures</a>,
<a name="l01360"></a>01360                                                     NULL);
<a name="l01361"></a>01361 
<a name="l01362"></a>01362         <span class="keywordflow">for</span> (i = 0; i &lt; <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr&#39;s in an rr_list.">ldns_rr_list_rr_count</a>(new_rrs); i++) {
<a name="l01363"></a>01363                 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone&#39;s content.">ldns_zone_rrs</a>(signed_zone),
<a name="l01364"></a>01364                                                  <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(new_rrs, i)));
<a name="l01365"></a>01365         }
<a name="l01366"></a>01366 
<a name="l01367"></a>01367         <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(new_rrs);
<a name="l01368"></a>01368         <a class="code" href="dnssec__zone_8c.html#a9ff1744a3e694570150698880ede6e42" title="Frees the given zone structure, and its rbtree of dnssec_names Individual ldns_rr RRs within those na...">ldns_dnssec_zone_free</a>(dnssec_zone);
<a name="l01369"></a>01369 
<a name="l01370"></a>01370         <span class="keywordflow">return</span> signed_zone;
<a name="l01371"></a>01371 }
<a name="l01372"></a>01372 
<a name="l01373"></a>01373 <a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> *
<a name="l01374"></a><a class="code" href="dnssec__sign_8h.html#ae31c63b6961a1550031b357723498680">01374</a> <a class="code" href="dnssec__sign_8c.html#ae31c63b6961a1550031b357723498680" title="Signs the zone with NSEC3, and returns a newly allocated signed zone.">ldns_zone_sign_nsec3</a>(<a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> *zone, <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
<a name="l01375"></a>01375 {
<a name="l01376"></a>01376         <a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *dnssec_zone;
<a name="l01377"></a>01377         <a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> *signed_zone;
<a name="l01378"></a>01378         <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs;
<a name="l01379"></a>01379         <span class="keywordtype">size_t</span> i;
<a name="l01380"></a>01380 
<a name="l01381"></a>01381         signed_zone = <a class="code" href="zone_8c.html#a0f700a61daf31429b1c2b3f0426e186e" title="create a new ldns_zone structure">ldns_zone_new</a>();
<a name="l01382"></a>01382         dnssec_zone = <a class="code" href="dnssec__zone_8c.html#a980d3d3a4c36b3cab999f85d1d312ee4" title="Creates a new dnssec_zone structure.">ldns_dnssec_zone_new</a>();
<a name="l01383"></a>01383 
<a name="l01384"></a>01384         (void) <a class="code" href="dnssec__zone_8c.html#a82eddabbee6ef7441a8c3d723c23bdc2" title="Adds the given RR to the zone.">ldns_dnssec_zone_add_rr</a>(dnssec_zone, <a class="code" href="zone_8c.html#aae16d59c27e1f2292f8bd87604517e0c" title="Return the soa record of a zone.">ldns_zone_soa</a>(zone));
<a name="l01385"></a>01385         <a class="code" href="zone_8c.html#a07b0fcc3777e44bbb8940aaeeb2e3661" title="Set the zone&#39;s soa record.">ldns_zone_set_soa</a>(signed_zone, <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="zone_8c.html#aae16d59c27e1f2292f8bd87604517e0c" title="Return the soa record of a zone.">ldns_zone_soa</a>(zone)));
<a name="l01386"></a>01386 
<a name="l01387"></a>01387         <span class="keywordflow">for</span> (i = 0; i &lt; <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr&#39;s in an rr_list.">ldns_rr_list_rr_count</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone&#39;s content.">ldns_zone_rrs</a>(zone)); i++) {
<a name="l01388"></a>01388                 (void) <a class="code" href="dnssec__zone_8c.html#a82eddabbee6ef7441a8c3d723c23bdc2" title="Adds the given RR to the zone.">ldns_dnssec_zone_add_rr</a>(dnssec_zone,
<a name="l01389"></a>01389                                                                  <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone&#39;s content.">ldns_zone_rrs</a>(zone),
<a name="l01390"></a>01390                                                                                           i));
<a name="l01391"></a>01391                 <a class="code" href="zone_8c.html#aa292fe9d4d934d13780d0a56de21ebe2" title="push an single rr to a zone structure.">ldns_zone_push_rr</a>(signed_zone, 
<a name="l01392"></a>01392                                            <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone&#39;s content.">ldns_zone_rrs</a>(zone),
<a name="l01393"></a>01393                                                                                            i)));
<a name="l01394"></a>01394         }
<a name="l01395"></a>01395 
<a name="l01396"></a>01396         new_rrs = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>();
<a name="l01397"></a>01397         (void) <a class="code" href="dnssec__sign_8c.html#ae73c80d9bf48e9137233e10a5d972628" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3</a>(dnssec_zone,
<a name="l01398"></a>01398                                                                 new_rrs,
<a name="l01399"></a>01399                                                                 key_list,
<a name="l01400"></a>01400                                                                 <a class="code" href="dnssec_8c.html#aa20001e7098d4be9f24baf56a8761410" title="Default callback function to always leave present signatures, and add new ones.">ldns_dnssec_default_replace_signatures</a>,
<a name="l01401"></a>01401                                                                 NULL,
<a name="l01402"></a>01402                                                                 algorithm,
<a name="l01403"></a>01403                                                                 flags,
<a name="l01404"></a>01404                                                                 iterations,
<a name="l01405"></a>01405                                                                 salt_length,
<a name="l01406"></a>01406                                                                 salt);
<a name="l01407"></a>01407 
<a name="l01408"></a>01408         <span class="keywordflow">for</span> (i = 0; i &lt; <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr&#39;s in an rr_list.">ldns_rr_list_rr_count</a>(new_rrs); i++) {
<a name="l01409"></a>01409                 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone&#39;s content.">ldns_zone_rrs</a>(signed_zone),
<a name="l01410"></a>01410                                                  <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(new_rrs, i)));
<a name="l01411"></a>01411         }
<a name="l01412"></a>01412 
<a name="l01413"></a>01413         <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(new_rrs);
<a name="l01414"></a>01414         <a class="code" href="dnssec__zone_8c.html#a9ff1744a3e694570150698880ede6e42" title="Frees the given zone structure, and its rbtree of dnssec_names Individual ldns_rr RRs within those na...">ldns_dnssec_zone_free</a>(dnssec_zone);
<a name="l01415"></a>01415 
<a name="l01416"></a>01416         <span class="keywordflow">return</span> signed_zone;
<a name="l01417"></a>01417 }
<a name="l01418"></a>01418 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span>
<a name="l01419"></a>01419 
<a name="l01420"></a>01420 
</pre></div></div>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Jan 11 2012 for ldns by&#160;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.4 </small></address>
</body>
</html>