<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"> <title>ldns documentation</title> <link href="doxygen.css" rel="stylesheet" type="text/css"> <link href="tabs.css" rel="stylesheet" type="text/css"> </head><body> <div class="logo"> <img src="LogoInGradientBar2-y100.png"/> </div> <!-- Generated by Doxygen 1.7.4 --> <div id="navrow1" class="tabs"> <ul class="tablist"> <li><a href="index.html"><span>Main Page</span></a></li> <li><a href="pages.html"><span>Related Pages</span></a></li> <li><a href="annotated.html"><span>Data Structures</span></a></li> <li class="current"><a href="files.html"><span>Files</span></a></li> <li><a href="dirs.html"><span>Directories</span></a></li> </ul> </div> <div id="navrow2" class="tabs2"> <ul class="tablist"> <li><a href="files.html"><span>File List</span></a></li> <li><a href="globals.html"><span>Globals</span></a></li> </ul> </div> <div class="header"> <div class="headertitle"> <div class="title">dnssec_sign.c</div> </div> </div> <div class="contents"> <a href="dnssec__sign_8c.html">Go to the documentation of this file.</a><div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <span class="preprocessor">#include <<a class="code" href="ldns_2config_8h.html">ldns/config.h</a>></span> <a name="l00002"></a>00002 <a name="l00003"></a>00003 <span class="preprocessor">#include <<a class="code" href="ldns_8h.html" title="Including this file will include all ldns files, and define some lookup tables.">ldns/ldns.h</a>></span> <a name="l00004"></a>00004 <a name="l00005"></a>00005 <span class="preprocessor">#include <<a class="code" href="dnssec_8h.html" title="This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035).">ldns/dnssec.h</a>></span> <a name="l00006"></a>00006 <span class="preprocessor">#include <<a class="code" href="dnssec__sign_8h.html">ldns/dnssec_sign.h</a>></span> <a name="l00007"></a>00007 <a name="l00008"></a>00008 <span class="preprocessor">#include <strings.h></span> <a name="l00009"></a>00009 <span class="preprocessor">#include <time.h></span> <a name="l00010"></a>00010 <a name="l00011"></a>00011 <span class="preprocessor">#ifdef HAVE_SSL</span> <a name="l00012"></a>00012 <span class="preprocessor"></span><span class="comment">/* this entire file is rather useless when you don't have</span> <a name="l00013"></a>00013 <span class="comment"> * crypto...</span> <a name="l00014"></a>00014 <span class="comment"> */</span> <a name="l00015"></a>00015 <span class="preprocessor">#include <openssl/ssl.h></span> <a name="l00016"></a>00016 <span class="preprocessor">#include <openssl/evp.h></span> <a name="l00017"></a>00017 <span class="preprocessor">#include <openssl/rand.h></span> <a name="l00018"></a>00018 <span class="preprocessor">#include <openssl/err.h></span> <a name="l00019"></a>00019 <span class="preprocessor">#include <openssl/md5.h></span> <a name="l00020"></a>00020 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span> <a name="l00021"></a>00021 <a name="l00022"></a>00022 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> * <a name="l00023"></a><a class="code" href="dnssec__sign_8h.html#ac62543d73cea7f985d9dd99aa981546e">00023</a> <a class="code" href="dnssec__sign_8c.html#a1f83993b2aa5f98cd8c12e50327a0bc6" title="Create an empty RRSIG RR (i.e.">ldns_create_empty_rrsig</a>(<a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrset, <a name="l00024"></a>00024 <a class="code" href="structldns__struct__key.html" title="General key structure, can contain all types of keys that are used in DNSSEC.">ldns_key</a> *current_key) <a name="l00025"></a>00025 { <a name="l00026"></a>00026 uint32_t orig_ttl; <a name="l00027"></a>00027 <a class="code" href="rr_8h.html#aa11e99c7e7c630e03373f2a2cafc4ee9">ldns_rr_class</a> orig_class; <a name="l00028"></a>00028 time_t now; <a name="l00029"></a>00029 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *current_sig; <a name="l00030"></a>00030 uint8_t label_count; <a name="l00031"></a>00031 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *signame; <a name="l00032"></a>00032 <a name="l00033"></a>00033 label_count = <a class="code" href="dname_8c.html#add94977e68ceab64921e9ae69cd92ef3" title="count the number of labels inside a LDNS_RDF_DNAME type rdf.">ldns_dname_label_count</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, <a name="l00034"></a>00034 0))); <a name="l00035"></a>00035 <span class="comment">/* RFC4035 2.2: not counting the leftmost label if it is a wildcard */</span> <a name="l00036"></a>00036 <span class="keywordflow">if</span>(<a class="code" href="dname_8c.html#a0f7736b29e88e9513fb42f0edd3e7d25" title="Check if dname is a wildcard, starts with *.">ldns_dname_is_wildcard</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, 0)))) <a name="l00037"></a>00037 label_count --; <a name="l00038"></a>00038 <a name="l00039"></a>00039 current_sig = <a class="code" href="rr_8c.html#a49a0499723e18408806c7023b5090517" title="creates a new rr structure, based on the given type.">ldns_rr_new_frm_type</a>(<a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>); <a name="l00040"></a>00040 <a name="l00041"></a>00041 <span class="comment">/* set the type on the new signature */</span> <a name="l00042"></a>00042 orig_ttl = <a class="code" href="rr_8c.html#a144e619c75e8cef52fa5a1de7d74c695" title="returns the ttl of an rr structure.">ldns_rr_ttl</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, 0)); <a name="l00043"></a>00043 orig_class = <a class="code" href="rr_8c.html#a9674642920718eda5c65483e03587fff" title="returns the class of the rr.">ldns_rr_get_class</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, 0)); <a name="l00044"></a>00044 <a name="l00045"></a>00045 <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(current_sig, orig_ttl); <a name="l00046"></a>00046 <a class="code" href="rr_8c.html#aac682e10305e017760e65a423e6e6374" title="sets the class in the rr.">ldns_rr_set_class</a>(current_sig, orig_class); <a name="l00047"></a>00047 <a class="code" href="rr_8c.html#a2c7374383b168ce0d33b56f43a91c940" title="sets the owner in the rr structure.">ldns_rr_set_owner</a>(current_sig, <a name="l00048"></a>00048 <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>( <a name="l00049"></a>00049 <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>( <a name="l00050"></a>00050 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, <a name="l00051"></a>00051 0)))); <a name="l00052"></a>00052 <a name="l00053"></a>00053 <span class="comment">/* fill in what we know of the signature */</span> <a name="l00054"></a>00054 <a name="l00055"></a>00055 <span class="comment">/* set the orig_ttl */</span> <a name="l00056"></a>00056 (void)<a class="code" href="rr__functions_8c.html#af093e1310b29998d2d93e43531682a85" title="sets the original TTL of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_origttl</a>( <a name="l00057"></a>00057 current_sig, <a name="l00058"></a>00058 <a class="code" href="rdata_8c.html#ae1b93acd6f2ae2982b9e4817a3e670c8" title="returns an rdf that contains the given int32 value.">ldns_native2rdf_int32</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a077e8e14046bf02ac92053e784921e73" title="32 bits">LDNS_RDF_TYPE_INT32</a>, <a name="l00059"></a>00059 orig_ttl)); <a name="l00060"></a>00060 <span class="comment">/* the signers name */</span> <a name="l00061"></a>00061 signame = <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(<a class="code" href="keys_8c.html#ab8c7cbd30af086afa9046f059bc245c9" title="return the public key's owner">ldns_key_pubkey_owner</a>(current_key)); <a name="l00062"></a>00062 <a class="code" href="dname_8c.html#a86a798d6401b11e85d4592b1609ffd8f" title="Put a dname into canonical fmt - ie.">ldns_dname2canonical</a>(signame); <a name="l00063"></a>00063 (void)<a class="code" href="rr__functions_8c.html#a9b909f2ac0be7038df3c4368914fa9d9" title="sets the signers name of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_signame</a>( <a name="l00064"></a>00064 current_sig, <a name="l00065"></a>00065 signame); <a name="l00066"></a>00066 <span class="comment">/* label count - get it from the first rr in the rr_list */</span> <a name="l00067"></a>00067 (void)<a class="code" href="rr__functions_8c.html#a868e2c57564ba90d61b119e5d4890580" title="sets the number of labels of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_labels</a>( <a name="l00068"></a>00068 current_sig, <a name="l00069"></a>00069 <a class="code" href="rdata_8c.html#a422cc4adfa134f9325547abf15bfd925" title="returns the rdf containing the native uint8_t repr.">ldns_native2rdf_int8</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9ac18c3e598d6a7a85b8eb1d1a047ac557" title="8 bits">LDNS_RDF_TYPE_INT8</a>, <a name="l00070"></a>00070 label_count)); <a name="l00071"></a>00071 <span class="comment">/* inception, expiration */</span> <a name="l00072"></a>00072 now = time(NULL); <a name="l00073"></a>00073 <span class="keywordflow">if</span> (<a class="code" href="keys_8c.html#aab487cf33d6af3c24bf4c500772d951e" title="return the key's inception date">ldns_key_inception</a>(current_key) != 0) { <a name="l00074"></a>00074 (void)<a class="code" href="rr__functions_8c.html#a887bd03782a5d8d7ab6dce0d6fec1eb1" title="sets the inception date of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_inception</a>( <a name="l00075"></a>00075 current_sig, <a name="l00076"></a>00076 <a class="code" href="rdata_8c.html#ae1b93acd6f2ae2982b9e4817a3e670c8" title="returns an rdf that contains the given int32 value.">ldns_native2rdf_int32</a>( <a name="l00077"></a>00077 <a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a75048af9090d43c3105a41fbec16c96e" title="time (32 bits)">LDNS_RDF_TYPE_TIME</a>, <a name="l00078"></a>00078 <a class="code" href="keys_8c.html#aab487cf33d6af3c24bf4c500772d951e" title="return the key's inception date">ldns_key_inception</a>(current_key))); <a name="l00079"></a>00079 } <span class="keywordflow">else</span> { <a name="l00080"></a>00080 (void)<a class="code" href="rr__functions_8c.html#a887bd03782a5d8d7ab6dce0d6fec1eb1" title="sets the inception date of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_inception</a>( <a name="l00081"></a>00081 current_sig, <a name="l00082"></a>00082 <a class="code" href="rdata_8c.html#ae1b93acd6f2ae2982b9e4817a3e670c8" title="returns an rdf that contains the given int32 value.">ldns_native2rdf_int32</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a75048af9090d43c3105a41fbec16c96e" title="time (32 bits)">LDNS_RDF_TYPE_TIME</a>, now)); <a name="l00083"></a>00083 } <a name="l00084"></a>00084 <span class="keywordflow">if</span> (<a class="code" href="keys_8c.html#a083d425d1bb74ace49cd4e7aa8d738fb" title="return the key's expiration date">ldns_key_expiration</a>(current_key) != 0) { <a name="l00085"></a>00085 (void)<a class="code" href="rr__functions_8c.html#a3babbd14e40490efaa4a1601e9b39682" title="sets the expireation date of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_expiration</a>( <a name="l00086"></a>00086 current_sig, <a name="l00087"></a>00087 <a class="code" href="rdata_8c.html#ae1b93acd6f2ae2982b9e4817a3e670c8" title="returns an rdf that contains the given int32 value.">ldns_native2rdf_int32</a>( <a name="l00088"></a>00088 <a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a75048af9090d43c3105a41fbec16c96e" title="time (32 bits)">LDNS_RDF_TYPE_TIME</a>, <a name="l00089"></a>00089 <a class="code" href="keys_8c.html#a083d425d1bb74ace49cd4e7aa8d738fb" title="return the key's expiration date">ldns_key_expiration</a>(current_key))); <a name="l00090"></a>00090 } <span class="keywordflow">else</span> { <a name="l00091"></a>00091 (void)<a class="code" href="rr__functions_8c.html#a3babbd14e40490efaa4a1601e9b39682" title="sets the expireation date of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_expiration</a>( <a name="l00092"></a>00092 current_sig, <a name="l00093"></a>00093 <a class="code" href="rdata_8c.html#ae1b93acd6f2ae2982b9e4817a3e670c8" title="returns an rdf that contains the given int32 value.">ldns_native2rdf_int32</a>( <a name="l00094"></a>00094 <a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a75048af9090d43c3105a41fbec16c96e" title="time (32 bits)">LDNS_RDF_TYPE_TIME</a>, <a name="l00095"></a>00095 now + <a class="code" href="dnssec_8h.html#a565cc51b68d4b5723830434ee1c0dfe0">LDNS_DEFAULT_EXP_TIME</a>)); <a name="l00096"></a>00096 } <a name="l00097"></a>00097 <a name="l00098"></a>00098 (void)<a class="code" href="rr__functions_8c.html#a3f507c209856f83959d3f8c9aa5f40f5" title="sets the keytag of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_keytag</a>( <a name="l00099"></a>00099 current_sig, <a name="l00100"></a>00100 <a class="code" href="rdata_8c.html#a73fc4d5c6e12d7ac79b0778f51b60e13" title="returns the rdf containing the native uint16_t representation.">ldns_native2rdf_int16</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9adef66c8791f83ba190e5f5775791e4c6" title="16 bits">LDNS_RDF_TYPE_INT16</a>, <a name="l00101"></a>00101 <a class="code" href="keys_8c.html#a8cf2ca2fc8d72b28076157beb791b347" title="return the keytag">ldns_key_keytag</a>(current_key))); <a name="l00102"></a>00102 <a name="l00103"></a>00103 (void)<a class="code" href="rr__functions_8c.html#a5322db96ef0b25bdf53c8ed1b38c79c1" title="sets the algorithm of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_algorithm</a>( <a name="l00104"></a>00104 current_sig, <a name="l00105"></a>00105 <a class="code" href="rdata_8c.html#a422cc4adfa134f9325547abf15bfd925" title="returns the rdf containing the native uint8_t repr.">ldns_native2rdf_int8</a>( <a name="l00106"></a>00106 <a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9ae267872ec0957925bbf1d6720b93597a" title="a key algorithm">LDNS_RDF_TYPE_ALG</a>, <a name="l00107"></a>00107 <a class="code" href="keys_8c.html#a906b7cc79acd016fb1f400aff16b9f1c" title="return the signing alg of the key">ldns_key_algorithm</a>(current_key))); <a name="l00108"></a>00108 <a name="l00109"></a>00109 (void)<a class="code" href="rr__functions_8c.html#a793485ed72ab4152bcfc4010b4df89c3" title="sets the typecovered of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_typecovered</a>( <a name="l00110"></a>00110 current_sig, <a name="l00111"></a>00111 <a class="code" href="rdata_8c.html#a73fc4d5c6e12d7ac79b0778f51b60e13" title="returns the rdf containing the native uint16_t representation.">ldns_native2rdf_int16</a>( <a name="l00112"></a>00112 <a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9af943c7b93856ac0cfcda816c7c952c9f" title="a RR type">LDNS_RDF_TYPE_TYPE</a>, <a name="l00113"></a>00113 <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, <a name="l00114"></a>00114 0)))); <a name="l00115"></a>00115 <span class="keywordflow">return</span> current_sig; <a name="l00116"></a>00116 } <a name="l00117"></a>00117 <a name="l00118"></a>00118 <span class="preprocessor">#ifdef HAVE_SSL</span> <a name="l00119"></a>00119 <span class="preprocessor"></span><a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l00120"></a><a class="code" href="dnssec__sign_8h.html#aeee467cce7e9b3d6c364e484a8a85216">00120</a> <a class="code" href="dnssec__sign_8c.html#af78cff3d19f9ab52854111aa9e399c07" title="Sign the buffer which contains the wiredata of an rrset, and the corresponding empty rrsig rr with th...">ldns_sign_public_buffer</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *sign_buf, <a class="code" href="structldns__struct__key.html" title="General key structure, can contain all types of keys that are used in DNSSEC.">ldns_key</a> *current_key) <a name="l00121"></a>00121 { <a name="l00122"></a>00122 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *b64rdf = NULL; <a name="l00123"></a>00123 <a name="l00124"></a>00124 <span class="keywordflow">switch</span>(<a class="code" href="keys_8c.html#a906b7cc79acd016fb1f400aff16b9f1c" title="return the signing alg of the key">ldns_key_algorithm</a>(current_key)) { <a name="l00125"></a>00125 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a98ae68498fea31062b1d03a861846aa5">LDNS_SIGN_DSA</a>: <a name="l00126"></a>00126 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a28624a25c45025703d05de9984c4ee4a">LDNS_SIGN_DSA_NSEC3</a>: <a name="l00127"></a>00127 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>( <a name="l00128"></a>00128 sign_buf, <a name="l00129"></a>00129 <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key), <a name="l00130"></a>00130 EVP_dss1()); <a name="l00131"></a>00131 <span class="keywordflow">break</span>; <a name="l00132"></a>00132 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a062ab8c29c8f73b28bbb552597975dbc">LDNS_SIGN_RSASHA1</a>: <a name="l00133"></a>00133 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a7a8b2b416cc65f7637108b6ba35cad69">LDNS_SIGN_RSASHA1_NSEC3</a>: <a name="l00134"></a>00134 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>( <a name="l00135"></a>00135 sign_buf, <a name="l00136"></a>00136 <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key), <a name="l00137"></a>00137 EVP_sha1()); <a name="l00138"></a>00138 <span class="keywordflow">break</span>; <a name="l00139"></a>00139 <span class="preprocessor">#ifdef USE_SHA2</span> <a name="l00140"></a>00140 <span class="preprocessor"></span> <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a9f88342b4f9ce95700a72154b6d30269">LDNS_SIGN_RSASHA256</a>: <a name="l00141"></a>00141 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>( <a name="l00142"></a>00142 sign_buf, <a name="l00143"></a>00143 <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key), <a name="l00144"></a>00144 EVP_sha256()); <a name="l00145"></a>00145 <span class="keywordflow">break</span>; <a name="l00146"></a>00146 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a93fc09210171fbecee85ed84ebfc7dbd">LDNS_SIGN_RSASHA512</a>: <a name="l00147"></a>00147 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>( <a name="l00148"></a>00148 sign_buf, <a name="l00149"></a>00149 <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key), <a name="l00150"></a>00150 EVP_sha512()); <a name="l00151"></a>00151 <span class="keywordflow">break</span>; <a name="l00152"></a>00152 <span class="preprocessor">#endif </span><span class="comment">/* USE_SHA2 */</span> <a name="l00153"></a>00153 <span class="preprocessor">#ifdef USE_GOST</span> <a name="l00154"></a>00154 <span class="preprocessor"></span> <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a2f5cc1330edd5c11be92509543402f98">LDNS_SIGN_ECC_GOST</a>: <a name="l00155"></a>00155 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>( <a name="l00156"></a>00156 sign_buf, <a name="l00157"></a>00157 <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key), <a name="l00158"></a>00158 EVP_get_digestbyname(<span class="stringliteral">"md_gost94"</span>)); <a name="l00159"></a>00159 <span class="keywordflow">break</span>; <a name="l00160"></a>00160 <span class="preprocessor">#endif </span><span class="comment">/* USE_GOST */</span> <a name="l00161"></a>00161 <span class="preprocessor">#ifdef USE_ECDSA</span> <a name="l00162"></a>00162 <span class="preprocessor"></span> <span class="keywordflow">case</span> LDNS_SIGN_ECDSAP256SHA256: <a name="l00163"></a>00163 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>( <a name="l00164"></a>00164 sign_buf, <a name="l00165"></a>00165 <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key), <a name="l00166"></a>00166 EVP_sha256()); <a name="l00167"></a>00167 <span class="keywordflow">break</span>; <a name="l00168"></a>00168 <span class="keywordflow">case</span> LDNS_SIGN_ECDSAP384SHA384: <a name="l00169"></a>00169 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>( <a name="l00170"></a>00170 sign_buf, <a name="l00171"></a>00171 <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key), <a name="l00172"></a>00172 EVP_sha384()); <a name="l00173"></a>00173 <span class="keywordflow">break</span>; <a name="l00174"></a>00174 <span class="preprocessor">#endif</span> <a name="l00175"></a>00175 <span class="preprocessor"></span> <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#aa9c34fead27309e4540a2c4cee3db664a92e7ccac219c462f054e00c8e6c8321b">LDNS_SIGN_RSAMD5</a>: <a name="l00176"></a>00176 b64rdf = <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>( <a name="l00177"></a>00177 sign_buf, <a name="l00178"></a>00178 <a class="code" href="keys_8c.html#a1b18028c1c2b8bca296f099461dc747a" title="returns the (openssl) EVP struct contained in the key">ldns_key_evp_key</a>(current_key), <a name="l00179"></a>00179 EVP_md5()); <a name="l00180"></a>00180 <span class="keywordflow">break</span>; <a name="l00181"></a>00181 <span class="keywordflow">default</span>: <a name="l00182"></a>00182 <span class="comment">/* do _you_ know this alg? */</span> <a name="l00183"></a>00183 printf(<span class="stringliteral">"unknown algorithm, "</span>); <a name="l00184"></a>00184 printf(<span class="stringliteral">"is the one used available on this system?\n"</span>); <a name="l00185"></a>00185 <span class="keywordflow">break</span>; <a name="l00186"></a>00186 } <a name="l00187"></a>00187 <a name="l00188"></a>00188 <span class="keywordflow">return</span> b64rdf; <a name="l00189"></a>00189 } <a name="l00190"></a>00190 <a name="l00195"></a>00195 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> * <a name="l00196"></a><a class="code" href="dnssec__sign_8h.html#a1e464ee25453579eb3f55b8ff468f67f">00196</a> <a class="code" href="dnssec__sign_8c.html#a1e464ee25453579eb3f55b8ff468f67f" title="use this function to sign with a public/private key alg return the created signatures">ldns_sign_public</a>(<a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrset, <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *keys) <a name="l00197"></a>00197 { <a name="l00198"></a>00198 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *signatures; <a name="l00199"></a>00199 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrset_clone; <a name="l00200"></a>00200 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *current_sig; <a name="l00201"></a>00201 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *b64rdf; <a name="l00202"></a>00202 <a class="code" href="structldns__struct__key.html" title="General key structure, can contain all types of keys that are used in DNSSEC.">ldns_key</a> *current_key; <a name="l00203"></a>00203 <span class="keywordtype">size_t</span> key_count; <a name="l00204"></a>00204 uint16_t i; <a name="l00205"></a>00205 <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *sign_buf; <a name="l00206"></a>00206 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *new_owner; <a name="l00207"></a>00207 <a name="l00208"></a>00208 <span class="keywordflow">if</span> (!rrset || <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(rrset) < 1 || !keys) { <a name="l00209"></a>00209 <span class="keywordflow">return</span> NULL; <a name="l00210"></a>00210 } <a name="l00211"></a>00211 <a name="l00212"></a>00212 new_owner = NULL; <a name="l00213"></a>00213 <a name="l00214"></a>00214 signatures = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>(); <a name="l00215"></a>00215 <a name="l00216"></a>00216 <span class="comment">/* prepare a signature and add all the know data</span> <a name="l00217"></a>00217 <span class="comment"> * prepare the rrset. Sign this together. */</span> <a name="l00218"></a>00218 rrset_clone = <a class="code" href="rr_8c.html#ae40b961189f215fba0bad6406088674a" title="clones an rrlist.">ldns_rr_list_clone</a>(rrset); <a name="l00219"></a>00219 <span class="keywordflow">if</span> (!rrset_clone) { <a name="l00220"></a>00220 <span class="keywordflow">return</span> NULL; <a name="l00221"></a>00221 } <a name="l00222"></a>00222 <a name="l00223"></a>00223 <span class="comment">/* make it canonical */</span> <a name="l00224"></a>00224 <span class="keywordflow">for</span>(i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(rrset_clone); i++) { <a name="l00225"></a>00225 <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset_clone, i), <a name="l00226"></a>00226 <a class="code" href="rr_8c.html#a144e619c75e8cef52fa5a1de7d74c695" title="returns the ttl of an rr structure.">ldns_rr_ttl</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset, 0))); <a name="l00227"></a>00227 <a class="code" href="rr_8c.html#a6e26228733c74b4fb7aacc985a350519" title="converts each dname in a rr to its canonical form.">ldns_rr2canonical</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrset_clone, i)); <a name="l00228"></a>00228 } <a name="l00229"></a>00229 <span class="comment">/* sort */</span> <a name="l00230"></a>00230 <a class="code" href="rr_8c.html#a59fd6b0801f57bd952d1c69386677095" title="sorts an rr_list (canonical wire format).">ldns_rr_list_sort</a>(rrset_clone); <a name="l00231"></a>00231 <a name="l00232"></a>00232 <span class="keywordflow">for</span> (key_count = 0; <a name="l00233"></a>00233 key_count < <a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(keys); <a name="l00234"></a>00234 key_count++) { <a name="l00235"></a>00235 <span class="keywordflow">if</span> (!<a class="code" href="keys_8c.html#afee1fabe43cf6dfb43c8b0966350153e" title="return the use flag">ldns_key_use</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(keys, key_count))) { <a name="l00236"></a>00236 <span class="keywordflow">continue</span>; <a name="l00237"></a>00237 } <a name="l00238"></a>00238 sign_buf = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>); <a name="l00239"></a>00239 <span class="keywordflow">if</span> (!sign_buf) { <a name="l00240"></a>00240 <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(rrset_clone); <a name="l00241"></a>00241 <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(signatures); <a name="l00242"></a>00242 <a class="code" href="rdata_8c.html#ae31cf54f363a70e01db4b6d15c3ad190" title="frees a rdf structure, leaving the data pointer intact.">ldns_rdf_free</a>(new_owner); <a name="l00243"></a>00243 <span class="keywordflow">return</span> NULL; <a name="l00244"></a>00244 } <a name="l00245"></a>00245 b64rdf = NULL; <a name="l00246"></a>00246 <a name="l00247"></a>00247 current_key = <a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(keys, key_count); <a name="l00248"></a>00248 <span class="comment">/* sign all RRs with keys that have ZSKbit, !SEPbit.</span> <a name="l00249"></a>00249 <span class="comment"> sign DNSKEY RRs with keys that have ZSKbit&SEPbit */</span> <a name="l00250"></a>00250 <span class="keywordflow">if</span> (<a class="code" href="keys_8c.html#ad4359824295f24c7cef57b616288947d" title="return the flag of the key">ldns_key_flags</a>(current_key) & <a class="code" href="keys_8h.html#ad5f212d6a80316d427f4b068e849ff73">LDNS_KEY_ZONE_KEY</a>) { <a name="l00251"></a>00251 current_sig = <a class="code" href="dnssec__sign_8c.html#a1f83993b2aa5f98cd8c12e50327a0bc6" title="Create an empty RRSIG RR (i.e.">ldns_create_empty_rrsig</a>(rrset_clone, <a name="l00252"></a>00252 current_key); <a name="l00253"></a>00253 <a name="l00254"></a>00254 <span class="comment">/* right now, we have: a key, a semi-sig and an rrset. For</span> <a name="l00255"></a>00255 <span class="comment"> * which we can create the sig and base64 encode that and</span> <a name="l00256"></a>00256 <span class="comment"> * add that to the signature */</span> <a name="l00257"></a>00257 <a name="l00258"></a>00258 <span class="keywordflow">if</span> (<a class="code" href="host2wire_8c.html#a2c9c3a23cf907d632f9f85aa72f2bbf0" title="Converts a rrsig to wireformat BUT EXCLUDE the rrsig rdata This is needed in DNSSEC verification...">ldns_rrsig2buffer_wire</a>(sign_buf, current_sig) <a name="l00259"></a>00259 != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l00260"></a>00260 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(sign_buf); <a name="l00261"></a>00261 <span class="comment">/* ERROR */</span> <a name="l00262"></a>00262 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(rrset_clone); <a name="l00263"></a>00263 <span class="keywordflow">return</span> NULL; <a name="l00264"></a>00264 } <a name="l00265"></a>00265 <a name="l00266"></a>00266 <span class="comment">/* add the rrset in sign_buf */</span> <a name="l00267"></a>00267 <span class="keywordflow">if</span> (<a class="code" href="host2wire_8c.html#a2b65b6f4ecb3364639d46ce3a8276153" title="Copies the rr_list data to the buffer in wire format.">ldns_rr_list2buffer_wire</a>(sign_buf, rrset_clone) <a name="l00268"></a>00268 != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l00269"></a>00269 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(sign_buf); <a name="l00270"></a>00270 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(rrset_clone); <a name="l00271"></a>00271 <span class="keywordflow">return</span> NULL; <a name="l00272"></a>00272 } <a name="l00273"></a>00273 <a name="l00274"></a>00274 b64rdf = <a class="code" href="dnssec__sign_8c.html#af78cff3d19f9ab52854111aa9e399c07" title="Sign the buffer which contains the wiredata of an rrset, and the corresponding empty rrsig rr with th...">ldns_sign_public_buffer</a>(sign_buf, current_key); <a name="l00275"></a>00275 <a name="l00276"></a>00276 <span class="keywordflow">if</span> (!b64rdf) { <a name="l00277"></a>00277 <span class="comment">/* signing went wrong */</span> <a name="l00278"></a>00278 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(rrset_clone); <a name="l00279"></a>00279 <span class="keywordflow">return</span> NULL; <a name="l00280"></a>00280 } <a name="l00281"></a>00281 <a name="l00282"></a>00282 <a class="code" href="rr__functions_8c.html#ad7b20e14c55263e86ae3c2e05071a098" title="sets the signature data of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_set_sig</a>(current_sig, b64rdf); <a name="l00283"></a>00283 <a name="l00284"></a>00284 <span class="comment">/* push the signature to the signatures list */</span> <a name="l00285"></a>00285 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(signatures, current_sig); <a name="l00286"></a>00286 } <a name="l00287"></a>00287 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(sign_buf); <span class="comment">/* restart for the next key */</span> <a name="l00288"></a>00288 } <a name="l00289"></a>00289 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(rrset_clone); <a name="l00290"></a>00290 <a name="l00291"></a>00291 <span class="keywordflow">return</span> signatures; <a name="l00292"></a>00292 } <a name="l00293"></a>00293 <a name="l00302"></a>00302 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l00303"></a><a class="code" href="dnssec__sign_8h.html#ad8a4247207b9e944964daa0cd9751733">00303</a> <a class="code" href="dnssec__sign_8c.html#ad8a4247207b9e944964daa0cd9751733" title="Sign data with DSA.">ldns_sign_public_dsa</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *to_sign, DSA *key) <a name="l00304"></a>00304 { <a name="l00305"></a>00305 <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *sha1_hash; <a name="l00306"></a>00306 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sigdata_rdf; <a name="l00307"></a>00307 <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *b64sig; <a name="l00308"></a>00308 <a name="l00309"></a>00309 DSA_SIG *sig; <a name="l00310"></a>00310 uint8_t *data; <a name="l00311"></a>00311 <span class="keywordtype">size_t</span> pad; <a name="l00312"></a>00312 <a name="l00313"></a>00313 b64sig = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>); <a name="l00314"></a>00314 <span class="keywordflow">if</span> (!b64sig) { <a name="l00315"></a>00315 <span class="keywordflow">return</span> NULL; <a name="l00316"></a>00316 } <a name="l00317"></a>00317 <a name="l00318"></a>00318 sha1_hash = SHA1((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(to_sign), <a name="l00319"></a>00319 ldns_buffer_position(to_sign), NULL); <a name="l00320"></a>00320 <span class="keywordflow">if</span> (!sha1_hash) { <a name="l00321"></a>00321 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00322"></a>00322 <span class="keywordflow">return</span> NULL; <a name="l00323"></a>00323 } <a name="l00324"></a>00324 <a name="l00325"></a>00325 sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key); <a name="l00326"></a>00326 <span class="keywordflow">if</span>(!sig) { <a name="l00327"></a>00327 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00328"></a>00328 <span class="keywordflow">return</span> NULL; <a name="l00329"></a>00329 } <a name="l00330"></a>00330 <a name="l00331"></a>00331 data = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH); <a name="l00332"></a>00332 <span class="keywordflow">if</span>(!data) { <a name="l00333"></a>00333 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00334"></a>00334 DSA_SIG_free(sig); <a name="l00335"></a>00335 <span class="keywordflow">return</span> NULL; <a name="l00336"></a>00336 } <a name="l00337"></a>00337 <a name="l00338"></a>00338 data[0] = 1; <a name="l00339"></a>00339 pad = 20 - (size_t) BN_num_bytes(sig->r); <a name="l00340"></a>00340 <span class="keywordflow">if</span> (pad > 0) { <a name="l00341"></a>00341 memset(data + 1, 0, pad); <a name="l00342"></a>00342 } <a name="l00343"></a>00343 BN_bn2bin(sig->r, (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) (data + 1) + pad); <a name="l00344"></a>00344 <a name="l00345"></a>00345 pad = 20 - (size_t) BN_num_bytes(sig->s); <a name="l00346"></a>00346 <span class="keywordflow">if</span> (pad > 0) { <a name="l00347"></a>00347 memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad); <a name="l00348"></a>00348 } <a name="l00349"></a>00349 BN_bn2bin(sig->s, (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) (data + 1 + SHA_DIGEST_LENGTH + pad)); <a name="l00350"></a>00350 <a name="l00351"></a>00351 sigdata_rdf = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a4bbe575feeed4d2e7045962b7262c180" title="b64 string">LDNS_RDF_TYPE_B64</a>, <a name="l00352"></a>00352 1 + 2 * SHA_DIGEST_LENGTH, <a name="l00353"></a>00353 data); <a name="l00354"></a>00354 <a name="l00355"></a>00355 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00356"></a>00356 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(data); <a name="l00357"></a>00357 DSA_SIG_free(sig); <a name="l00358"></a>00358 <a name="l00359"></a>00359 <span class="keywordflow">return</span> sigdata_rdf; <a name="l00360"></a>00360 } <a name="l00361"></a>00361 <a name="l00362"></a>00362 <span class="preprocessor">#ifdef USE_ECDSA</span> <a name="l00363"></a>00363 <span class="preprocessor"></span><span class="preprocessor">#ifndef S_SPLINT_S</span> <a name="l00364"></a>00364 <span class="preprocessor"></span><span class="keyword">static</span> <span class="keywordtype">int</span> <a name="l00365"></a>00365 ldns_pkey_is_ecdsa(EVP_PKEY* pkey) <a name="l00366"></a>00366 { <a name="l00367"></a>00367 EC_KEY* ec; <a name="l00368"></a>00368 <span class="keyword">const</span> EC_GROUP* g; <a name="l00369"></a>00369 <span class="keywordflow">if</span>(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) <a name="l00370"></a>00370 <span class="keywordflow">return</span> 0; <a name="l00371"></a>00371 ec = EVP_PKEY_get1_EC_KEY(pkey); <a name="l00372"></a>00372 g = EC_KEY_get0_group(ec); <a name="l00373"></a>00373 <span class="keywordflow">if</span>(!g) { <a name="l00374"></a>00374 EC_KEY_free(ec); <a name="l00375"></a>00375 <span class="keywordflow">return</span> 0; <a name="l00376"></a>00376 } <a name="l00377"></a>00377 <span class="keywordflow">if</span>(EC_GROUP_get_curve_name(g) == NID_secp224r1 || <a name="l00378"></a>00378 EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 || <a name="l00379"></a>00379 EC_GROUP_get_curve_name(g) == NID_secp384r1) { <a name="l00380"></a>00380 EC_KEY_free(ec); <a name="l00381"></a>00381 <span class="keywordflow">return</span> 1; <a name="l00382"></a>00382 } <a name="l00383"></a>00383 <span class="comment">/* downref the eckey, the original is still inside the pkey */</span> <a name="l00384"></a>00384 EC_KEY_free(ec); <a name="l00385"></a>00385 <span class="keywordflow">return</span> 0; <a name="l00386"></a>00386 } <a name="l00387"></a>00387 <span class="preprocessor">#endif </span><span class="comment">/* splint */</span> <a name="l00388"></a>00388 <span class="preprocessor">#endif </span><span class="comment">/* USE_ECDSA */</span> <a name="l00389"></a>00389 <a name="l00390"></a>00390 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l00391"></a><a class="code" href="dnssec__sign_8h.html#a62c41c90a2405cab414d9ff00c401586">00391</a> <a class="code" href="dnssec__sign_8c.html#a62c41c90a2405cab414d9ff00c401586" title="Sign data with EVP (general method for different algorithms)">ldns_sign_public_evp</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *to_sign, <a name="l00392"></a>00392 EVP_PKEY *key, <a name="l00393"></a>00393 <span class="keyword">const</span> EVP_MD *digest_type) <a name="l00394"></a>00394 { <a name="l00395"></a>00395 <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> siglen; <a name="l00396"></a>00396 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sigdata_rdf; <a name="l00397"></a>00397 <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *b64sig; <a name="l00398"></a>00398 EVP_MD_CTX ctx; <a name="l00399"></a>00399 <span class="keyword">const</span> EVP_MD *md_type; <a name="l00400"></a>00400 <span class="keywordtype">int</span> r; <a name="l00401"></a>00401 <a name="l00402"></a>00402 siglen = 0; <a name="l00403"></a>00403 b64sig = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>); <a name="l00404"></a>00404 <span class="keywordflow">if</span> (!b64sig) { <a name="l00405"></a>00405 <span class="keywordflow">return</span> NULL; <a name="l00406"></a>00406 } <a name="l00407"></a>00407 <a name="l00408"></a>00408 <span class="comment">/* initializes a signing context */</span> <a name="l00409"></a>00409 md_type = digest_type; <a name="l00410"></a>00410 <span class="keywordflow">if</span>(!md_type) { <a name="l00411"></a>00411 <span class="comment">/* unknown message difest */</span> <a name="l00412"></a>00412 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00413"></a>00413 <span class="keywordflow">return</span> NULL; <a name="l00414"></a>00414 } <a name="l00415"></a>00415 <a name="l00416"></a>00416 EVP_MD_CTX_init(&ctx); <a name="l00417"></a>00417 r = EVP_SignInit(&ctx, md_type); <a name="l00418"></a>00418 <span class="keywordflow">if</span>(r == 1) { <a name="l00419"></a>00419 r = EVP_SignUpdate(&ctx, (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*) <a name="l00420"></a>00420 ldns_buffer_begin(to_sign), <a name="l00421"></a>00421 ldns_buffer_position(to_sign)); <a name="l00422"></a>00422 } <span class="keywordflow">else</span> { <a name="l00423"></a>00423 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00424"></a>00424 <span class="keywordflow">return</span> NULL; <a name="l00425"></a>00425 } <a name="l00426"></a>00426 <span class="keywordflow">if</span>(r == 1) { <a name="l00427"></a>00427 r = EVP_SignFinal(&ctx, (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*) <a name="l00428"></a>00428 ldns_buffer_begin(b64sig), &siglen, key); <a name="l00429"></a>00429 } <span class="keywordflow">else</span> { <a name="l00430"></a>00430 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00431"></a>00431 <span class="keywordflow">return</span> NULL; <a name="l00432"></a>00432 } <a name="l00433"></a>00433 <span class="keywordflow">if</span>(r != 1) { <a name="l00434"></a>00434 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00435"></a>00435 <span class="keywordflow">return</span> NULL; <a name="l00436"></a>00436 } <a name="l00437"></a>00437 <a name="l00438"></a>00438 <span class="comment">/* unfortunately, OpenSSL output is differenct from DNS DSA format */</span> <a name="l00439"></a>00439 <span class="preprocessor">#ifndef S_SPLINT_S</span> <a name="l00440"></a>00440 <span class="preprocessor"></span> <span class="keywordflow">if</span> (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) { <a name="l00441"></a>00441 sigdata_rdf = <a class="code" href="dnssec_8c.html#a4634cf53a0db48001bbbbdd17cc19776" title="Converts the DSA signature from ASN1 representation (RFC2459, as used by OpenSSL) to raw signature da...">ldns_convert_dsa_rrsig_asn12rdf</a>(b64sig, siglen); <a name="l00442"></a>00442 <span class="preprocessor">#ifdef USE_ECDSA</span> <a name="l00443"></a>00443 <span class="preprocessor"></span> } <span class="keywordflow">else</span> <span class="keywordflow">if</span>(EVP_PKEY_type(key->type) == EVP_PKEY_EC && <a name="l00444"></a>00444 ldns_pkey_is_ecdsa(key)) { <a name="l00445"></a>00445 sigdata_rdf = <a class="code" href="dnssec_8h.html#a6abc850382a62cd75779a03c6714513c" title="Converts the ECDSA signature from ASN1 representation (as used by OpenSSL) to raw signature data as u...">ldns_convert_ecdsa_rrsig_asn12rdf</a>(b64sig, siglen); <a name="l00446"></a>00446 <span class="preprocessor">#endif</span> <a name="l00447"></a>00447 <span class="preprocessor"></span> } <span class="keywordflow">else</span> { <a name="l00448"></a>00448 <span class="comment">/* ok output for other types is the same */</span> <a name="l00449"></a>00449 sigdata_rdf = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a4bbe575feeed4d2e7045962b7262c180" title="b64 string">LDNS_RDF_TYPE_B64</a>, siglen, <a name="l00450"></a>00450 ldns_buffer_begin(b64sig)); <a name="l00451"></a>00451 } <a name="l00452"></a>00452 <span class="preprocessor">#endif </span><span class="comment">/* splint */</span> <a name="l00453"></a>00453 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00454"></a>00454 EVP_MD_CTX_cleanup(&ctx); <a name="l00455"></a>00455 <span class="keywordflow">return</span> sigdata_rdf; <a name="l00456"></a>00456 } <a name="l00457"></a>00457 <a name="l00458"></a>00458 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l00459"></a><a class="code" href="dnssec__sign_8h.html#af0b90e23dc9bb95a1fc5d09a5d9ad564">00459</a> <a class="code" href="dnssec__sign_8c.html#af0b90e23dc9bb95a1fc5d09a5d9ad564" title="Sign a buffer with the RSA key (hash with SHA1)">ldns_sign_public_rsasha1</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *to_sign, RSA *key) <a name="l00460"></a>00460 { <a name="l00461"></a>00461 <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *sha1_hash; <a name="l00462"></a>00462 <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> siglen; <a name="l00463"></a>00463 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sigdata_rdf; <a name="l00464"></a>00464 <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *b64sig; <a name="l00465"></a>00465 <span class="keywordtype">int</span> result; <a name="l00466"></a>00466 <a name="l00467"></a>00467 siglen = 0; <a name="l00468"></a>00468 b64sig = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>); <a name="l00469"></a>00469 <span class="keywordflow">if</span> (!b64sig) { <a name="l00470"></a>00470 <span class="keywordflow">return</span> NULL; <a name="l00471"></a>00471 } <a name="l00472"></a>00472 <a name="l00473"></a>00473 sha1_hash = SHA1((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(to_sign), <a name="l00474"></a>00474 ldns_buffer_position(to_sign), NULL); <a name="l00475"></a>00475 <span class="keywordflow">if</span> (!sha1_hash) { <a name="l00476"></a>00476 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00477"></a>00477 <span class="keywordflow">return</span> NULL; <a name="l00478"></a>00478 } <a name="l00479"></a>00479 <a name="l00480"></a>00480 result = RSA_sign(NID_sha1, sha1_hash, SHA_DIGEST_LENGTH, <a name="l00481"></a>00481 (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(b64sig), <a name="l00482"></a>00482 &siglen, key); <a name="l00483"></a>00483 <span class="keywordflow">if</span> (result != 1) { <a name="l00484"></a>00484 <span class="keywordflow">return</span> NULL; <a name="l00485"></a>00485 } <a name="l00486"></a>00486 <a name="l00487"></a>00487 <span class="keywordflow">if</span> (result != 1) { <a name="l00488"></a>00488 <span class="keywordflow">return</span> NULL; <a name="l00489"></a>00489 } <a name="l00490"></a>00490 <a name="l00491"></a>00491 sigdata_rdf = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a4bbe575feeed4d2e7045962b7262c180" title="b64 string">LDNS_RDF_TYPE_B64</a>, siglen, <a name="l00492"></a>00492 ldns_buffer_begin(b64sig)); <a name="l00493"></a>00493 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <span class="comment">/* can't free this buffer ?? */</span> <a name="l00494"></a>00494 <span class="keywordflow">return</span> sigdata_rdf; <a name="l00495"></a>00495 } <a name="l00496"></a>00496 <a name="l00497"></a>00497 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l00498"></a><a class="code" href="dnssec__sign_8h.html#a37b8a7a5783b0abb4c41b45e2f6b66bd">00498</a> <a class="code" href="dnssec__sign_8c.html#a37b8a7a5783b0abb4c41b45e2f6b66bd" title="Sign a buffer with the RSA key (hash with MD5)">ldns_sign_public_rsamd5</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *to_sign, RSA *key) <a name="l00499"></a>00499 { <a name="l00500"></a>00500 <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *md5_hash; <a name="l00501"></a>00501 <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> siglen; <a name="l00502"></a>00502 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sigdata_rdf; <a name="l00503"></a>00503 <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *b64sig; <a name="l00504"></a>00504 <a name="l00505"></a>00505 b64sig = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>); <a name="l00506"></a>00506 <span class="keywordflow">if</span> (!b64sig) { <a name="l00507"></a>00507 <span class="keywordflow">return</span> NULL; <a name="l00508"></a>00508 } <a name="l00509"></a>00509 <a name="l00510"></a>00510 md5_hash = MD5((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(to_sign), <a name="l00511"></a>00511 ldns_buffer_position(to_sign), NULL); <a name="l00512"></a>00512 <span class="keywordflow">if</span> (!md5_hash) { <a name="l00513"></a>00513 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00514"></a>00514 <span class="keywordflow">return</span> NULL; <a name="l00515"></a>00515 } <a name="l00516"></a>00516 <a name="l00517"></a>00517 RSA_sign(NID_md5, md5_hash, MD5_DIGEST_LENGTH, <a name="l00518"></a>00518 (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(b64sig), <a name="l00519"></a>00519 &siglen, key); <a name="l00520"></a>00520 <a name="l00521"></a>00521 sigdata_rdf = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a4bbe575feeed4d2e7045962b7262c180" title="b64 string">LDNS_RDF_TYPE_B64</a>, siglen, <a name="l00522"></a>00522 ldns_buffer_begin(b64sig)); <a name="l00523"></a>00523 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(b64sig); <a name="l00524"></a>00524 <span class="keywordflow">return</span> sigdata_rdf; <a name="l00525"></a>00525 } <a name="l00526"></a>00526 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span> <a name="l00527"></a>00527 <a name="l00531"></a>00531 <span class="keyword">static</span> <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l00532"></a>00532 ldns_dnssec_addresses_on_glue_list( <a name="l00533"></a>00533 <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *cur_rrset, <a name="l00534"></a>00534 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *glue_list) <a name="l00535"></a>00535 { <a name="l00536"></a>00536 <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *cur_rrs; <a name="l00537"></a>00537 <span class="keywordflow">while</span> (cur_rrset) { <a name="l00538"></a>00538 <span class="keywordflow">if</span> (cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa1c46026dd2245d1e8b8dd17f972f34c2" title="a host address">LDNS_RR_TYPE_A</a> <a name="l00539"></a>00539 || cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa98b91f4b456322f75c67a1ecac18c7fe" title="ipv6 address">LDNS_RR_TYPE_AAAA</a>) { <a name="l00540"></a>00540 <span class="keywordflow">for</span> (cur_rrs = cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>; <a name="l00541"></a>00541 cur_rrs; <a name="l00542"></a>00542 cur_rrs = cur_rrs-><a class="code" href="structldns__struct__dnssec__rrs.html#acac5b19d843d109920d2257b16939ba2">next</a>) { <a name="l00543"></a>00543 <span class="keywordflow">if</span> (cur_rrs-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>) { <a name="l00544"></a>00544 <span class="keywordflow">if</span> (!<a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(glue_list, <a name="l00545"></a>00545 cur_rrs-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>)) { <a name="l00546"></a>00546 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa81e80e66a14551db514726fa49290498">LDNS_STATUS_MEM_ERR</a>; <a name="l00547"></a>00547 <span class="comment">/* ldns_rr_list_push_rr()</span> <a name="l00548"></a>00548 <span class="comment"> * returns false when unable</span> <a name="l00549"></a>00549 <span class="comment"> * to increase the capacity</span> <a name="l00550"></a>00550 <span class="comment"> * of the ldsn_rr_list</span> <a name="l00551"></a>00551 <span class="comment"> */</span> <a name="l00552"></a>00552 } <a name="l00553"></a>00553 } <a name="l00554"></a>00554 } <a name="l00555"></a>00555 } <a name="l00556"></a>00556 cur_rrset = cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a980e963be13c1f575bf86ce65936d95b">next</a>; <a name="l00557"></a>00557 } <a name="l00558"></a>00558 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>; <a name="l00559"></a>00559 } <a name="l00560"></a>00560 <a name="l00575"></a>00575 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l00576"></a><a class="code" href="dnssec__sign_8h.html#a661031dc7bd1b27892a2dac908e42ce3">00576</a> <a class="code" href="dnssec__sign_8c.html#a661031dc7bd1b27892a2dac908e42ce3" title="Marks the names in the zone that are occluded.">ldns_dnssec_zone_mark_and_get_glue</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l00577"></a>00577 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *glue_list) <a name="l00578"></a>00578 { <a name="l00579"></a>00579 <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *node; <a name="l00580"></a>00580 <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *name; <a name="l00581"></a>00581 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *owner; <a name="l00582"></a>00582 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *cut = NULL; <span class="comment">/* keeps track of zone cuts */</span> <a name="l00583"></a>00583 <span class="comment">/* When the cut is caused by a delegation, below_delegation will be 1.</span> <a name="l00584"></a>00584 <span class="comment"> * When caused by a DNAME, below_delegation will be 0.</span> <a name="l00585"></a>00585 <span class="comment"> */</span> <a name="l00586"></a>00586 <span class="keywordtype">int</span> below_delegation = -1; <span class="comment">/* init suppresses comiler warning */</span> <a name="l00587"></a>00587 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> s; <a name="l00588"></a>00588 <a name="l00589"></a>00589 <span class="keywordflow">if</span> (!zone || !zone-><a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>) { <a name="l00590"></a>00590 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa6d2e84d0a5c36fd156f348d9f9913dcf">LDNS_STATUS_NULL</a>; <a name="l00591"></a>00591 } <a name="l00592"></a>00592 <span class="keywordflow">for</span> (node = <a class="code" href="rbtree_8c.html#a76946c6350e5d16e645c5c0bbecfe017" title="Returns first (smallest) node in the tree.">ldns_rbtree_first</a>(zone-><a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>); <a name="l00593"></a>00593 node != <a class="code" href="rbtree_8h.html#ab30c305b53af0832956712d035d96631" title="The nullpointer, points to empty node.">LDNS_RBTREE_NULL</a>; <a name="l00594"></a>00594 node = <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(node)) { <a name="l00595"></a>00595 name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *) node-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>; <a name="l00596"></a>00596 owner = <a class="code" href="dnssec__zone_8c.html#a90c2052eebf29fb8932960a18a4d29e3" title="Returns the domain name of the given dnssec_name structure.">ldns_dnssec_name_name</a>(name); <a name="l00597"></a>00597 <a name="l00598"></a>00598 <span class="keywordflow">if</span> (cut) { <a name="l00599"></a>00599 <span class="comment">/* The previous node was a zone cut, or a subdomain</span> <a name="l00600"></a>00600 <span class="comment"> * below a zone cut. Is this node (still) a subdomain</span> <a name="l00601"></a>00601 <span class="comment"> * below the cut? Then the name is occluded. Unless</span> <a name="l00602"></a>00602 <span class="comment"> * the name contains a SOA, after which we are </span> <a name="l00603"></a>00603 <span class="comment"> * authoritative again.</span> <a name="l00604"></a>00604 <span class="comment"> *</span> <a name="l00605"></a>00605 <span class="comment"> * FIXME! If there are labels in between the SOA and</span> <a name="l00606"></a>00606 <span class="comment"> * the cut, going from the authoritative space (below</span> <a name="l00607"></a>00607 <span class="comment"> * the SOA) up into occluded space again, will not be</span> <a name="l00608"></a>00608 <span class="comment"> * detected with the contruct below!</span> <a name="l00609"></a>00609 <span class="comment"> */</span> <a name="l00610"></a>00610 <span class="keywordflow">if</span> (<a class="code" href="dname_8c.html#a6caadb8042c9cf755d3d5defcfbd44eb" title="test wether the name sub falls under parent (i.e.">ldns_dname_is_subdomain</a>(owner, cut) && <a name="l00611"></a>00611 !<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>( <a name="l00612"></a>00612 name-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>)) { <a name="l00613"></a>00613 <a name="l00614"></a>00614 <span class="keywordflow">if</span> (below_delegation && glue_list) { <a name="l00615"></a>00615 s = ldns_dnssec_addresses_on_glue_list( <a name="l00616"></a>00616 name-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, glue_list); <a name="l00617"></a>00617 <span class="keywordflow">if</span> (s != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l00618"></a>00618 <span class="keywordflow">return</span> s; <a name="l00619"></a>00619 } <a name="l00620"></a>00620 } <a name="l00621"></a>00621 name-><a class="code" href="structldns__struct__dnssec__name.html#a5d8462ca54ab4c2411ec798f92ec215f" title="Unlike what the name is_glue suggests, this field is set to true by ldns_dnssec_zone_mark_glue() or l...">is_glue</a> = <span class="keyword">true</span>; <span class="comment">/* Mark occluded name! */</span> <a name="l00622"></a>00622 <span class="keywordflow">continue</span>; <a name="l00623"></a>00623 } <span class="keywordflow">else</span> { <a name="l00624"></a>00624 cut = NULL; <a name="l00625"></a>00625 } <a name="l00626"></a>00626 } <a name="l00627"></a>00627 <a name="l00628"></a>00628 <span class="comment">/* The node is not below a zone cut. Is it a zone cut itself?</span> <a name="l00629"></a>00629 <span class="comment"> * Everything below a SOA is authoritative of course; Except</span> <a name="l00630"></a>00630 <span class="comment"> * when the name also contains a DNAME :).</span> <a name="l00631"></a>00631 <span class="comment"> */</span> <a name="l00632"></a>00632 <span class="keywordflow">if</span> (<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>( <a name="l00633"></a>00633 name-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daaa3b41f5c015a14a145a7f21ae29a8795" title="an authoritative name server">LDNS_RR_TYPE_NS</a>) <a name="l00634"></a>00634 && !<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>( <a name="l00635"></a>00635 name-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>)) { <a name="l00636"></a>00636 cut = owner; <a name="l00637"></a>00637 below_delegation = 1; <a name="l00638"></a>00638 <span class="keywordflow">if</span> (glue_list) { <span class="comment">/* record glue on the zone cut */</span> <a name="l00639"></a>00639 s = ldns_dnssec_addresses_on_glue_list( <a name="l00640"></a>00640 name-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, glue_list); <a name="l00641"></a>00641 <span class="keywordflow">if</span> (s != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l00642"></a>00642 <span class="keywordflow">return</span> s; <a name="l00643"></a>00643 } <a name="l00644"></a>00644 } <a name="l00645"></a>00645 } <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>( <a name="l00646"></a>00646 name-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa57f8e369be5617d221b91f3007769981" title="RFC2672.">LDNS_RR_TYPE_DNAME</a>)) { <a name="l00647"></a>00647 cut = owner; <a name="l00648"></a>00648 below_delegation = 0; <a name="l00649"></a>00649 } <a name="l00650"></a>00650 } <a name="l00651"></a>00651 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>; <a name="l00652"></a>00652 } <a name="l00653"></a>00653 <a name="l00664"></a>00664 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l00665"></a><a class="code" href="dnssec__sign_8h.html#a5e1d049026b2768cd455952bb6725d86">00665</a> <a class="code" href="dnssec__sign_8c.html#a5e1d049026b2768cd455952bb6725d86" title="Marks the names in the zone that are occluded.">ldns_dnssec_zone_mark_glue</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone) <a name="l00666"></a>00666 { <a name="l00667"></a>00667 <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#a661031dc7bd1b27892a2dac908e42ce3" title="Marks the names in the zone that are occluded.">ldns_dnssec_zone_mark_and_get_glue</a>(zone, NULL); <a name="l00668"></a>00668 } <a name="l00669"></a>00669 <a name="l00670"></a>00670 <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> * <a name="l00671"></a><a class="code" href="dnssec__sign_8h.html#a4eb9cc6743e87e343d87285ef2fe92a5">00671</a> <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>(<a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *node) <a name="l00672"></a>00672 { <a name="l00673"></a>00673 <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *next_node = NULL; <a name="l00674"></a>00674 <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *next_name = NULL; <a name="l00675"></a>00675 <span class="keywordtype">bool</span> done = <span class="keyword">false</span>; <a name="l00676"></a>00676 <a name="l00677"></a>00677 <span class="keywordflow">if</span> (node == <a class="code" href="rbtree_8h.html#ab30c305b53af0832956712d035d96631" title="The nullpointer, points to empty node.">LDNS_RBTREE_NULL</a>) { <a name="l00678"></a>00678 <span class="keywordflow">return</span> NULL; <a name="l00679"></a>00679 } <a name="l00680"></a>00680 next_node = node; <a name="l00681"></a>00681 <span class="keywordflow">while</span> (!done) { <a name="l00682"></a>00682 <span class="keywordflow">if</span> (next_node == <a class="code" href="rbtree_8h.html#ab30c305b53af0832956712d035d96631" title="The nullpointer, points to empty node.">LDNS_RBTREE_NULL</a>) { <a name="l00683"></a>00683 <span class="keywordflow">return</span> NULL; <a name="l00684"></a>00684 } <span class="keywordflow">else</span> { <a name="l00685"></a>00685 next_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)next_node-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>; <a name="l00686"></a>00686 if (!next_name-><a class="code" href="structldns__struct__dnssec__name.html#a5d8462ca54ab4c2411ec798f92ec215f" title="Unlike what the name is_glue suggests, this field is set to true by ldns_dnssec_zone_mark_glue() or l...">is_glue</a>) { <a name="l00687"></a>00687 done = <span class="keyword">true</span>; <a name="l00688"></a>00688 } <span class="keywordflow">else</span> { <a name="l00689"></a>00689 next_node = <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(next_node); <a name="l00690"></a>00690 } <a name="l00691"></a>00691 } <a name="l00692"></a>00692 } <a name="l00693"></a>00693 <span class="keywordflow">return</span> next_node; <a name="l00694"></a>00694 } <a name="l00695"></a>00695 <a name="l00696"></a>00696 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l00697"></a><a class="code" href="dnssec__sign_8h.html#ae40e5c92c6c14b68f305f861b393ca4c">00697</a> <a class="code" href="dnssec__sign_8c.html#ae40e5c92c6c14b68f305f861b393ca4c" title="Adds NSEC records to the given dnssec_zone.">ldns_dnssec_zone_create_nsecs</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l00698"></a>00698 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs) <a name="l00699"></a>00699 { <a name="l00700"></a>00700 <a name="l00701"></a>00701 <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *first_node, *cur_node, *next_node; <a name="l00702"></a>00702 <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *cur_name, *next_name; <a name="l00703"></a>00703 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec_rr; <a name="l00704"></a>00704 uint32_t nsec_ttl; <a name="l00705"></a>00705 <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *soa; <a name="l00706"></a>00706 <a name="l00707"></a>00707 <span class="comment">/* the TTL of NSEC rrs should be set to the minimum TTL of</span> <a name="l00708"></a>00708 <span class="comment"> * the zone SOA (RFC4035 Section 2.3)</span> <a name="l00709"></a>00709 <span class="comment"> */</span> <a name="l00710"></a>00710 soa = <a class="code" href="dnssec__zone_8c.html#a9b061c9c1442ba443893e0ca0c01127b" title="Find the RRset with the given type in within this name structure.">ldns_dnssec_name_find_rrset</a>(zone-><a class="code" href="structldns__struct__dnssec__zone.html#af801912584df39827a745eee20273fb0" title="points to the name containing the SOA RR">soa</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>); <a name="l00711"></a>00711 <a name="l00712"></a>00712 <span class="comment">/* did the caller actually set it? if not,</span> <a name="l00713"></a>00713 <span class="comment"> * fall back to default ttl</span> <a name="l00714"></a>00714 <span class="comment"> */</span> <a name="l00715"></a>00715 <span class="keywordflow">if</span> (soa && soa-><a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a> && soa-><a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a> <a name="l00716"></a>00716 && (<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(soa-><a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, 6) != NULL)) { <a name="l00717"></a>00717 nsec_ttl = <a class="code" href="rdata_8c.html#a534722bf45958532404e7d2d3f0536cb" title="returns the native uint32_t representation from the rdf.">ldns_rdf2native_int32</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(soa-><a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, 6)); <a name="l00718"></a>00718 } <span class="keywordflow">else</span> { <a name="l00719"></a>00719 nsec_ttl = <a class="code" href="ldns_8h.html#a2bdd8bfa0eb61ccf7719d5ffcd1ac79e">LDNS_DEFAULT_TTL</a>; <a name="l00720"></a>00720 } <a name="l00721"></a>00721 <a name="l00722"></a>00722 first_node = <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>( <a name="l00723"></a>00723 <a class="code" href="rbtree_8c.html#a76946c6350e5d16e645c5c0bbecfe017" title="Returns first (smallest) node in the tree.">ldns_rbtree_first</a>(zone-><a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>)); <a name="l00724"></a>00724 cur_node = first_node; <a name="l00725"></a>00725 <span class="keywordflow">if</span> (cur_node) { <a name="l00726"></a>00726 next_node = <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>( <a name="l00727"></a>00727 <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(cur_node)); <a name="l00728"></a>00728 } <span class="keywordflow">else</span> { <a name="l00729"></a>00729 next_node = NULL; <a name="l00730"></a>00730 } <a name="l00731"></a>00731 <a name="l00732"></a>00732 <span class="keywordflow">while</span> (cur_node && next_node) { <a name="l00733"></a>00733 cur_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)cur_node-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>; <a name="l00734"></a>00734 next_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)next_node-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>; <a name="l00735"></a>00735 nsec_rr = <a class="code" href="dnssec_8c.html#ae6fa0e94ef20702415ce458afc041f32" title="Creates NSEC.">ldns_dnssec_create_nsec</a>(cur_name, <a name="l00736"></a>00736 next_name, <a name="l00737"></a>00737 <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>); <a name="l00738"></a>00738 <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(nsec_rr, nsec_ttl); <a name="l00739"></a>00739 <span class="keywordflow">if</span>(<a class="code" href="dnssec__zone_8c.html#a75451a846632c2f8b6cf461a7dba3f1b" title="Inserts the given rr at the right place in the current dnssec_name No checking is done whether the na...">ldns_dnssec_name_add_rr</a>(cur_name, nsec_rr)!=<a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>){ <a name="l00740"></a>00740 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(nsec_rr); <a name="l00741"></a>00741 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>; <a name="l00742"></a>00742 } <a name="l00743"></a>00743 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs, nsec_rr); <a name="l00744"></a>00744 cur_node = next_node; <a name="l00745"></a>00745 <span class="keywordflow">if</span> (cur_node) { <a name="l00746"></a>00746 next_node = <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>( <a name="l00747"></a>00747 <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(cur_node)); <a name="l00748"></a>00748 } <a name="l00749"></a>00749 } <a name="l00750"></a>00750 <a name="l00751"></a>00751 <span class="keywordflow">if</span> (cur_node && !next_node) { <a name="l00752"></a>00752 cur_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)cur_node-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>; <a name="l00753"></a>00753 next_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)first_node-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>; <a name="l00754"></a>00754 nsec_rr = <a class="code" href="dnssec_8c.html#ae6fa0e94ef20702415ce458afc041f32" title="Creates NSEC.">ldns_dnssec_create_nsec</a>(cur_name, <a name="l00755"></a>00755 next_name, <a name="l00756"></a>00756 <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>); <a name="l00757"></a>00757 <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(nsec_rr, nsec_ttl); <a name="l00758"></a>00758 <span class="keywordflow">if</span>(<a class="code" href="dnssec__zone_8c.html#a75451a846632c2f8b6cf461a7dba3f1b" title="Inserts the given rr at the right place in the current dnssec_name No checking is done whether the na...">ldns_dnssec_name_add_rr</a>(cur_name, nsec_rr)!=<a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>){ <a name="l00759"></a>00759 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(nsec_rr); <a name="l00760"></a>00760 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>; <a name="l00761"></a>00761 } <a name="l00762"></a>00762 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs, nsec_rr); <a name="l00763"></a>00763 } <span class="keywordflow">else</span> { <a name="l00764"></a>00764 printf(<span class="stringliteral">"error\n"</span>); <a name="l00765"></a>00765 } <a name="l00766"></a>00766 <a name="l00767"></a>00767 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>; <a name="l00768"></a>00768 } <a name="l00769"></a>00769 <a name="l00770"></a>00770 <span class="preprocessor">#ifdef HAVE_SSL</span> <a name="l00771"></a>00771 <span class="preprocessor"></span><span class="comment">/* in dnssec_zone.c */</span> <a name="l00772"></a>00772 <span class="keyword">extern</span> <span class="keywordtype">int</span> <a class="code" href="dnssec__sign_8c.html#aeb0c26592af6d6f00caf8b166ca4e143">ldns_dname_compare_v</a>(<span class="keyword">const</span> <span class="keywordtype">void</span> *a, <span class="keyword">const</span> <span class="keywordtype">void</span> *b); <a name="l00773"></a>00773 <a name="l00774"></a>00774 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l00775"></a><a class="code" href="dnssec__sign_8c.html#a10869af14890cd67324ce653a3c85a7d">00775</a> <a class="code" href="dnssec__sign_8c.html#a10869af14890cd67324ce653a3c85a7d">ldns_dnssec_zone_create_nsec3s_mkmap</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l00776"></a>00776 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs, <a name="l00777"></a>00777 uint8_t algorithm, <a name="l00778"></a>00778 uint8_t flags, <a name="l00779"></a>00779 uint16_t iterations, <a name="l00780"></a>00780 uint8_t salt_length, <a name="l00781"></a>00781 uint8_t *salt, <a name="l00782"></a>00782 <a class="code" href="structldns__rbtree__t.html" title="definition for tree struct">ldns_rbtree_t</a> **map) <a name="l00783"></a>00783 { <a name="l00784"></a>00784 <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *first_name_node; <a name="l00785"></a>00785 <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *current_name_node; <a name="l00786"></a>00786 <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *current_name; <a name="l00787"></a>00787 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> result = <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>; <a name="l00788"></a>00788 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec_rr; <a name="l00789"></a>00789 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *nsec3_list; <a name="l00790"></a>00790 uint32_t nsec_ttl; <a name="l00791"></a>00791 <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *soa; <a name="l00792"></a>00792 <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *hashmap_node; <a name="l00793"></a>00793 <a name="l00794"></a>00794 <span class="keywordflow">if</span> (!zone || !new_rrs || !zone-><a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>) { <a name="l00795"></a>00795 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>; <a name="l00796"></a>00796 } <a name="l00797"></a>00797 <a name="l00798"></a>00798 <span class="comment">/* the TTL of NSEC rrs should be set to the minimum TTL of</span> <a name="l00799"></a>00799 <span class="comment"> * the zone SOA (RFC4035 Section 2.3)</span> <a name="l00800"></a>00800 <span class="comment"> */</span> <a name="l00801"></a>00801 soa = <a class="code" href="dnssec__zone_8c.html#a9b061c9c1442ba443893e0ca0c01127b" title="Find the RRset with the given type in within this name structure.">ldns_dnssec_name_find_rrset</a>(zone-><a class="code" href="structldns__struct__dnssec__zone.html#af801912584df39827a745eee20273fb0" title="points to the name containing the SOA RR">soa</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>); <a name="l00802"></a>00802 <a name="l00803"></a>00803 <span class="comment">/* did the caller actually set it? if not,</span> <a name="l00804"></a>00804 <span class="comment"> * fall back to default ttl</span> <a name="l00805"></a>00805 <span class="comment"> */</span> <a name="l00806"></a>00806 <span class="keywordflow">if</span> (soa && soa-><a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a> && soa-><a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a> <a name="l00807"></a>00807 && <a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(soa-><a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, 6) != NULL) { <a name="l00808"></a>00808 nsec_ttl = <a class="code" href="rdata_8c.html#a534722bf45958532404e7d2d3f0536cb" title="returns the native uint32_t representation from the rdf.">ldns_rdf2native_int32</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(soa-><a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, 6)); <a name="l00809"></a>00809 } <span class="keywordflow">else</span> { <a name="l00810"></a>00810 nsec_ttl = <a class="code" href="ldns_8h.html#a2bdd8bfa0eb61ccf7719d5ffcd1ac79e">LDNS_DEFAULT_TTL</a>; <a name="l00811"></a>00811 } <a name="l00812"></a>00812 <a name="l00813"></a>00813 <span class="keywordflow">if</span> (map) { <a name="l00814"></a>00814 <span class="keywordflow">if</span> ((*map = <a class="code" href="rbtree_8c.html#a1319e3ff5b8355d6e1e7b65554bc854d" title="Create new tree (malloced) with given key compare function.">ldns_rbtree_create</a>(<a class="code" href="dnssec__sign_8c.html#aeb0c26592af6d6f00caf8b166ca4e143">ldns_dname_compare_v</a>)) <a name="l00815"></a>00815 == NULL) { <a name="l00816"></a>00816 map = NULL; <a name="l00817"></a>00817 }; <a name="l00818"></a>00818 } <a name="l00819"></a>00819 nsec3_list = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>(); <a name="l00820"></a>00820 <a name="l00821"></a>00821 first_name_node = <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>( <a name="l00822"></a>00822 <a class="code" href="rbtree_8c.html#a76946c6350e5d16e645c5c0bbecfe017" title="Returns first (smallest) node in the tree.">ldns_rbtree_first</a>(zone-><a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>)); <a name="l00823"></a>00823 <a name="l00824"></a>00824 current_name_node = first_name_node; <a name="l00825"></a>00825 <a name="l00826"></a>00826 <span class="keywordflow">while</span> (current_name_node && <a name="l00827"></a>00827 current_name_node != <a class="code" href="rbtree_8h.html#ab30c305b53af0832956712d035d96631" title="The nullpointer, points to empty node.">LDNS_RBTREE_NULL</a>) { <a name="l00828"></a>00828 current_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *) current_name_node-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>; <a name="l00829"></a>00829 nsec_rr = <a class="code" href="dnssec_8c.html#a91a04e82a9a91edf77c5eb736921bbbb" title="Creates NSEC3.">ldns_dnssec_create_nsec3</a>(current_name, <a name="l00830"></a>00830 NULL, <a name="l00831"></a>00831 zone-><a class="code" href="structldns__struct__dnssec__zone.html#af801912584df39827a745eee20273fb0" title="points to the name containing the SOA RR">soa</a>-><a class="code" href="structldns__struct__dnssec__name.html#af6ffc673c82b7beb2081a02477ec4df0" title="pointer to a dname containing the name.">name</a>, <a name="l00832"></a>00832 algorithm, <a name="l00833"></a>00833 flags, <a name="l00834"></a>00834 iterations, <a name="l00835"></a>00835 salt_length, <a name="l00836"></a>00836 salt); <a name="l00837"></a>00837 <span class="comment">/* by default, our nsec based generator adds rrsigs</span> <a name="l00838"></a>00838 <span class="comment"> * remove the bitmap for empty nonterminals */</span> <a name="l00839"></a>00839 <span class="keywordflow">if</span> (!current_name-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>) { <a name="l00840"></a>00840 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(<a class="code" href="rr_8c.html#af5527e96a29a0216a275436bc12131ab" title="removes a rd_field member, it will be popped from the last position.">ldns_rr_pop_rdf</a>(nsec_rr)); <a name="l00841"></a>00841 } <a name="l00842"></a>00842 <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(nsec_rr, nsec_ttl); <a name="l00843"></a>00843 result = <a class="code" href="dnssec__zone_8c.html#a75451a846632c2f8b6cf461a7dba3f1b" title="Inserts the given rr at the right place in the current dnssec_name No checking is done whether the na...">ldns_dnssec_name_add_rr</a>(current_name, nsec_rr); <a name="l00844"></a>00844 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs, nsec_rr); <a name="l00845"></a>00845 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(nsec3_list, nsec_rr); <a name="l00846"></a>00846 <span class="keywordflow">if</span> (map) { <a name="l00847"></a>00847 hashmap_node = <a class="code" href="util_8h.html#a828619b138fdeb9756cd3c874d0551c1" title="Memory management macros.">LDNS_MALLOC</a>(<a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a>); <a name="l00848"></a>00848 <span class="keywordflow">if</span> (hashmap_node && <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(nsec_rr)) { <a name="l00849"></a>00849 hashmap_node-><a class="code" href="structldns__rbnode__t.html#ad6646f5af0664e6ddedbf78b9deed2dc" title="pointer to sorting key">key</a> = <a class="code" href="dname_8c.html#aee5c4a1b633f7c41d8788610bb2369a8" title="look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME try and retrieve a specific label...">ldns_dname_label</a>( <a name="l00850"></a>00850 <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(nsec_rr), 0); <a name="l00851"></a>00851 <span class="keywordflow">if</span> (hashmap_node-><a class="code" href="structldns__rbnode__t.html#ad6646f5af0664e6ddedbf78b9deed2dc" title="pointer to sorting key">key</a>) { <a name="l00852"></a>00852 hashmap_node-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a> = current_name-><a class="code" href="structldns__struct__dnssec__name.html#af6ffc673c82b7beb2081a02477ec4df0" title="pointer to a dname containing the name.">name</a>; <a name="l00853"></a>00853 (void) <a class="code" href="rbtree_8c.html#af7453903aed843b18ec24de879faf98f" title="Insert data into the tree.">ldns_rbtree_insert</a>( <a name="l00854"></a>00854 *map, hashmap_node); <a name="l00855"></a>00855 } <a name="l00856"></a>00856 } <a name="l00857"></a>00857 } <a name="l00858"></a>00858 current_name_node = <a class="code" href="dnssec__sign_8c.html#a4eb9cc6743e87e343d87285ef2fe92a5" title="Finds the first dnssec_name node in the rbtree that is not occluded.">ldns_dnssec_name_node_next_nonglue</a>( <a name="l00859"></a>00859 <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(current_name_node)); <a name="l00860"></a>00860 } <a name="l00861"></a>00861 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l00862"></a>00862 <span class="keywordflow">return</span> result; <a name="l00863"></a>00863 } <a name="l00864"></a>00864 <a name="l00865"></a>00865 <a class="code" href="dnssec_8c.html#a411a6000cc312ebf353ab0e302b97aec" title="sort nsec3 list">ldns_rr_list_sort_nsec3</a>(nsec3_list); <a name="l00866"></a>00866 result = <a class="code" href="dnssec_8c.html#ad00a2e53f01e8ae1c08402fc80dff757" title="chains nsec3 list">ldns_dnssec_chain_nsec3_list</a>(nsec3_list); <a name="l00867"></a>00867 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l00868"></a>00868 <span class="keywordflow">return</span> result; <a name="l00869"></a>00869 } <a name="l00870"></a>00870 <a name="l00871"></a>00871 <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(nsec3_list); <a name="l00872"></a>00872 <span class="keywordflow">return</span> result; <a name="l00873"></a>00873 } <a name="l00874"></a>00874 <a name="l00875"></a>00875 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l00876"></a><a class="code" href="dnssec__sign_8h.html#a7b2b133ca1f6eb0e1d2eeabc324ac79e">00876</a> <a class="code" href="dnssec__sign_8c.html#a7b2b133ca1f6eb0e1d2eeabc324ac79e" title="Adds NSEC3 records to the zone.">ldns_dnssec_zone_create_nsec3s</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l00877"></a>00877 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs, <a name="l00878"></a>00878 uint8_t algorithm, <a name="l00879"></a>00879 uint8_t flags, <a name="l00880"></a>00880 uint16_t iterations, <a name="l00881"></a>00881 uint8_t salt_length, <a name="l00882"></a>00882 uint8_t *salt) <a name="l00883"></a>00883 { <a name="l00884"></a>00884 <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#a10869af14890cd67324ce653a3c85a7d">ldns_dnssec_zone_create_nsec3s_mkmap</a>(zone, new_rrs, algorithm, <a name="l00885"></a>00885 flags, iterations, salt_length, salt, NULL); <a name="l00886"></a>00886 <a name="l00887"></a>00887 } <a name="l00888"></a>00888 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span> <a name="l00889"></a>00889 <a name="l00890"></a>00890 <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> * <a name="l00891"></a><a class="code" href="dnssec__sign_8h.html#a2a2c52b87423e4ecc2ab582fa9341b65">00891</a> <a class="code" href="dnssec__sign_8c.html#a2a2c52b87423e4ecc2ab582fa9341b65" title="remove signatures if callback function tells to">ldns_dnssec_remove_signatures</a>(<a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *signatures, <a name="l00892"></a>00892 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list, <a name="l00893"></a>00893 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *), <a name="l00894"></a>00894 <span class="keywordtype">void</span> *arg) <a name="l00895"></a>00895 { <a name="l00896"></a>00896 <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *base_rrs = signatures; <a name="l00897"></a>00897 <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *cur_rr = base_rrs; <a name="l00898"></a>00898 <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *prev_rr = NULL; <a name="l00899"></a>00899 <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *next_rr; <a name="l00900"></a>00900 <a name="l00901"></a>00901 uint16_t keytag; <a name="l00902"></a>00902 <span class="keywordtype">size_t</span> i; <a name="l00903"></a>00903 <a name="l00904"></a>00904 key_list = key_list; <a name="l00905"></a>00905 <a name="l00906"></a>00906 <span class="keywordflow">if</span> (!cur_rr) { <a name="l00907"></a>00907 <span class="keywordflow">switch</span>(func(NULL, arg)) { <a name="l00908"></a>00908 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#a7d75bfb1850f236aceceeb73dd91cc3d" title="return values for the old-signature callback">LDNS_SIGNATURE_LEAVE_ADD_NEW</a>: <a name="l00909"></a>00909 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#ad3c393ca14a32d2a34fb22585caeb73e">LDNS_SIGNATURE_REMOVE_ADD_NEW</a>: <a name="l00910"></a>00910 <span class="keywordflow">break</span>; <a name="l00911"></a>00911 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#af27db29d1fe3dc7fb7a0f98a766d1a12">LDNS_SIGNATURE_LEAVE_NO_ADD</a>: <a name="l00912"></a>00912 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#a9d87cb4cfbb8ee22ffbcc3ddb9d5dce1">LDNS_SIGNATURE_REMOVE_NO_ADD</a>: <a name="l00913"></a>00913 <a class="code" href="keys_8c.html#a40afb1fed3e89304d547a2b526d3db16" title="Set the 'use' flag for all keys in the list.">ldns_key_list_set_use</a>(key_list, <span class="keyword">false</span>); <a name="l00914"></a>00914 <span class="keywordflow">break</span>; <a name="l00915"></a>00915 <span class="keywordflow">default</span>: <a name="l00916"></a>00916 fprintf(stderr, <span class="stringliteral">"[XX] unknown return value from callback\n"</span>); <a name="l00917"></a>00917 <span class="keywordflow">break</span>; <a name="l00918"></a>00918 } <a name="l00919"></a>00919 <span class="keywordflow">return</span> NULL; <a name="l00920"></a>00920 } <a name="l00921"></a>00921 (void)func(cur_rr-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, arg); <a name="l00922"></a>00922 <a name="l00923"></a>00923 <span class="keywordflow">while</span> (cur_rr) { <a name="l00924"></a>00924 next_rr = cur_rr-><a class="code" href="structldns__struct__dnssec__rrs.html#acac5b19d843d109920d2257b16939ba2">next</a>; <a name="l00925"></a>00925 <a name="l00926"></a>00926 <span class="keywordflow">switch</span> (func(cur_rr-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>, arg)) { <a name="l00927"></a>00927 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#a7d75bfb1850f236aceceeb73dd91cc3d" title="return values for the old-signature callback">LDNS_SIGNATURE_LEAVE_ADD_NEW</a>: <a name="l00928"></a>00928 prev_rr = cur_rr; <a name="l00929"></a>00929 <span class="keywordflow">break</span>; <a name="l00930"></a>00930 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#af27db29d1fe3dc7fb7a0f98a766d1a12">LDNS_SIGNATURE_LEAVE_NO_ADD</a>: <a name="l00931"></a>00931 keytag = <a class="code" href="rdata_8c.html#a5906b621eda1380a2993255fa649c21d" title="returns the native uint16_t representation from the rdf.">ldns_rdf2native_int16</a>( <a name="l00932"></a>00932 <a class="code" href="rr__functions_8c.html#a5eb09e1c820357f339f9140a0c1f48a7" title="returns the keytag of a LDNS_RR_TYPE_RRSIG RR">ldns_rr_rrsig_keytag</a>(cur_rr-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>)); <a name="l00933"></a>00933 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++) { <a name="l00934"></a>00934 <span class="keywordflow">if</span> (<a class="code" href="keys_8c.html#a8cf2ca2fc8d72b28076157beb791b347" title="return the keytag">ldns_key_keytag</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i)) == <a name="l00935"></a>00935 keytag) { <a name="l00936"></a>00936 <a class="code" href="keys_8c.html#a3b7792865c5af9fd4fbc53c04946be01" title="set the use flag">ldns_key_set_use</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i), <a name="l00937"></a>00937 <span class="keyword">false</span>); <a name="l00938"></a>00938 } <a name="l00939"></a>00939 } <a name="l00940"></a>00940 prev_rr = cur_rr; <a name="l00941"></a>00941 <span class="keywordflow">break</span>; <a name="l00942"></a>00942 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#a9d87cb4cfbb8ee22ffbcc3ddb9d5dce1">LDNS_SIGNATURE_REMOVE_NO_ADD</a>: <a name="l00943"></a>00943 keytag = <a class="code" href="rdata_8c.html#a5906b621eda1380a2993255fa649c21d" title="returns the native uint16_t representation from the rdf.">ldns_rdf2native_int16</a>( <a name="l00944"></a>00944 <a class="code" href="rr__functions_8c.html#a5eb09e1c820357f339f9140a0c1f48a7" title="returns the keytag of a LDNS_RR_TYPE_RRSIG RR">ldns_rr_rrsig_keytag</a>(cur_rr-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>)); <a name="l00945"></a>00945 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++) { <a name="l00946"></a>00946 <span class="keywordflow">if</span> (<a class="code" href="keys_8c.html#a8cf2ca2fc8d72b28076157beb791b347" title="return the keytag">ldns_key_keytag</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i)) <a name="l00947"></a>00947 == keytag) { <a name="l00948"></a>00948 <a class="code" href="keys_8c.html#a3b7792865c5af9fd4fbc53c04946be01" title="set the use flag">ldns_key_set_use</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i), <a name="l00949"></a>00949 <span class="keyword">false</span>); <a name="l00950"></a>00950 } <a name="l00951"></a>00951 } <a name="l00952"></a>00952 <span class="keywordflow">if</span> (prev_rr) { <a name="l00953"></a>00953 prev_rr-><a class="code" href="structldns__struct__dnssec__rrs.html#acac5b19d843d109920d2257b16939ba2">next</a> = next_rr; <a name="l00954"></a>00954 } <span class="keywordflow">else</span> { <a name="l00955"></a>00955 base_rrs = next_rr; <a name="l00956"></a>00956 } <a name="l00957"></a>00957 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(cur_rr); <a name="l00958"></a>00958 <span class="keywordflow">break</span>; <a name="l00959"></a>00959 <span class="keywordflow">case</span> <a class="code" href="dnssec_8h.html#ad3c393ca14a32d2a34fb22585caeb73e">LDNS_SIGNATURE_REMOVE_ADD_NEW</a>: <a name="l00960"></a>00960 <span class="keywordflow">if</span> (prev_rr) { <a name="l00961"></a>00961 prev_rr-><a class="code" href="structldns__struct__dnssec__rrs.html#acac5b19d843d109920d2257b16939ba2">next</a> = next_rr; <a name="l00962"></a>00962 } <span class="keywordflow">else</span> { <a name="l00963"></a>00963 base_rrs = next_rr; <a name="l00964"></a>00964 } <a name="l00965"></a>00965 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(cur_rr); <a name="l00966"></a>00966 <span class="keywordflow">break</span>; <a name="l00967"></a>00967 <span class="keywordflow">default</span>: <a name="l00968"></a>00968 fprintf(stderr, <span class="stringliteral">"[XX] unknown return value from callback\n"</span>); <a name="l00969"></a>00969 <span class="keywordflow">break</span>; <a name="l00970"></a>00970 } <a name="l00971"></a>00971 cur_rr = next_rr; <a name="l00972"></a>00972 } <a name="l00973"></a>00973 <a name="l00974"></a>00974 <span class="keywordflow">return</span> base_rrs; <a name="l00975"></a>00975 } <a name="l00976"></a>00976 <a name="l00977"></a>00977 <span class="preprocessor">#ifdef HAVE_SSL</span> <a name="l00978"></a>00978 <span class="preprocessor"></span><a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l00979"></a><a class="code" href="dnssec__sign_8h.html#a9b1ca8286057ed8da5791b3d400fe150">00979</a> <a class="code" href="dnssec__sign_8c.html#a9b1ca8286057ed8da5791b3d400fe150" title="Adds signatures to the zone.">ldns_dnssec_zone_create_rrsigs</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l00980"></a>00980 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs, <a name="l00981"></a>00981 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list, <a name="l00982"></a>00982 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span>*), <a name="l00983"></a>00983 <span class="keywordtype">void</span> *arg) <a name="l00984"></a>00984 { <a name="l00985"></a>00985 <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#aee55b095c954f2bb72d9c7f6038766f8" title="Adds signatures to the zone.">ldns_dnssec_zone_create_rrsigs_flg</a>(zone, new_rrs, key_list, <a name="l00986"></a>00986 func, arg, 0); <a name="l00987"></a>00987 } <a name="l00988"></a>00988 <a name="l00990"></a>00990 <span class="keyword">static</span> <span class="keywordtype">void</span> <a name="l00991"></a>00991 ldns_key_list_filter_for_dnskey(<a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list) <a name="l00992"></a>00992 { <a name="l00993"></a>00993 <span class="keywordtype">int</span> saw_ksk = 0; <a name="l00994"></a>00994 <span class="keywordtype">size_t</span> i; <a name="l00995"></a>00995 <span class="keywordflow">for</span>(i=0; i<<a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++) <a name="l00996"></a>00996 <span class="keywordflow">if</span>((<a class="code" href="keys_8c.html#ad4359824295f24c7cef57b616288947d" title="return the flag of the key">ldns_key_flags</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i))&<a class="code" href="keys_8h.html#a32c73f4b55d4cd43d7303b1351baa84c">LDNS_KEY_SEP_KEY</a>)) { <a name="l00997"></a>00997 saw_ksk = 1; <a name="l00998"></a>00998 <span class="keywordflow">break</span>; <a name="l00999"></a>00999 } <a name="l01000"></a>01000 <span class="keywordflow">if</span>(!saw_ksk) <a name="l01001"></a>01001 <span class="keywordflow">return</span>; <a name="l01002"></a>01002 <span class="keywordflow">for</span>(i=0; i<<a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++) <a name="l01003"></a>01003 <span class="keywordflow">if</span>(!(<a class="code" href="keys_8c.html#ad4359824295f24c7cef57b616288947d" title="return the flag of the key">ldns_key_flags</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i))&LDNS_KEY_SEP_KEY)) <a name="l01004"></a>01004 <a class="code" href="keys_8c.html#a3b7792865c5af9fd4fbc53c04946be01" title="set the use flag">ldns_key_set_use</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i), 0); <a name="l01005"></a>01005 } <a name="l01006"></a>01006 <a name="l01008"></a>01008 <span class="keyword">static</span> <span class="keywordtype">void</span> <a name="l01009"></a>01009 ldns_key_list_filter_for_non_dnskey(<a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list) <a name="l01010"></a>01010 { <a name="l01011"></a>01011 <span class="keywordtype">int</span> saw_zsk = 0; <a name="l01012"></a>01012 <span class="keywordtype">size_t</span> i; <a name="l01013"></a>01013 <span class="keywordflow">for</span>(i=0; i<<a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++) <a name="l01014"></a>01014 <span class="keywordflow">if</span>(!(<a class="code" href="keys_8c.html#ad4359824295f24c7cef57b616288947d" title="return the flag of the key">ldns_key_flags</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i))&LDNS_KEY_SEP_KEY)) { <a name="l01015"></a>01015 saw_zsk = 1; <a name="l01016"></a>01016 <span class="keywordflow">break</span>; <a name="l01017"></a>01017 } <a name="l01018"></a>01018 <span class="keywordflow">if</span>(!saw_zsk) <a name="l01019"></a>01019 <span class="keywordflow">return</span>; <a name="l01020"></a>01020 <span class="comment">/* else filter all KSKs */</span> <a name="l01021"></a>01021 <span class="keywordflow">for</span>(i=0; i<<a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++) <a name="l01022"></a>01022 <span class="keywordflow">if</span>((<a class="code" href="keys_8c.html#ad4359824295f24c7cef57b616288947d" title="return the flag of the key">ldns_key_flags</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i))&LDNS_KEY_SEP_KEY)) <a name="l01023"></a>01023 <a class="code" href="keys_8c.html#a3b7792865c5af9fd4fbc53c04946be01" title="set the use flag">ldns_key_set_use</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i), 0); <a name="l01024"></a>01024 } <a name="l01025"></a>01025 <a name="l01026"></a>01026 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01027"></a><a class="code" href="dnssec__sign_8h.html#aee55b095c954f2bb72d9c7f6038766f8">01027</a> <a class="code" href="dnssec__sign_8c.html#aee55b095c954f2bb72d9c7f6038766f8" title="Adds signatures to the zone.">ldns_dnssec_zone_create_rrsigs_flg</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l01028"></a>01028 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs, <a name="l01029"></a>01029 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list, <a name="l01030"></a>01030 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span>*), <a name="l01031"></a>01031 <span class="keywordtype">void</span> *arg, <a name="l01032"></a>01032 <span class="keywordtype">int</span> flags) <a name="l01033"></a>01033 { <a name="l01034"></a>01034 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> result = <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>; <a name="l01035"></a>01035 <a name="l01036"></a>01036 <a class="code" href="structldns__rbnode__t.html" title="The rbnode_t struct definition.">ldns_rbnode_t</a> *cur_node; <a name="l01037"></a>01037 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rr_list; <a name="l01038"></a>01038 <a name="l01039"></a>01039 <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *cur_name; <a name="l01040"></a>01040 <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *cur_rrset; <a name="l01041"></a>01041 <a class="code" href="structldns__struct__dnssec__rrs.html">ldns_dnssec_rrs</a> *cur_rr; <a name="l01042"></a>01042 <a name="l01043"></a>01043 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *siglist; <a name="l01044"></a>01044 <a name="l01045"></a>01045 <span class="keywordtype">size_t</span> i; <a name="l01046"></a>01046 <a name="l01047"></a>01047 <span class="keywordtype">int</span> on_delegation_point = 0; <span class="comment">/* handle partially occluded names */</span> <a name="l01048"></a>01048 <a name="l01049"></a>01049 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *pubkey_list = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>(); <a name="l01050"></a>01050 zone = zone; <a name="l01051"></a>01051 new_rrs = new_rrs; <a name="l01052"></a>01052 key_list = key_list; <a name="l01053"></a>01053 <span class="keywordflow">for</span> (i = 0; i<<a class="code" href="keys_8c.html#ae89bbcf27c4ff67cda1369b583dec02f" title="returns the number of keys in the key list">ldns_key_list_key_count</a>(key_list); i++) { <a name="l01054"></a>01054 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(pubkey_list, <a name="l01055"></a>01055 <a class="code" href="keys_8c.html#a45bdcdbe6aac4764bff1ad12a86a6541" title="converts a ldns_key to a public key rr If the key data exists at an external point, the corresponding rdata field must still be added with ldns_rr_rdf_push() to the result rr of this function">ldns_key2rr</a>(<a class="code" href="keys_8c.html#afe06ede6432e59eb7ccc9d57a285060a" title="returns a pointer to the key in the list at the given position">ldns_key_list_key</a>(key_list, i))); <a name="l01056"></a>01056 } <a name="l01057"></a>01057 <span class="comment">/* TODO: callback to see is list should be signed */</span> <a name="l01058"></a>01058 <span class="comment">/* TODO: remove 'old' signatures from signature list */</span> <a name="l01059"></a>01059 cur_node = <a class="code" href="rbtree_8c.html#a76946c6350e5d16e645c5c0bbecfe017" title="Returns first (smallest) node in the tree.">ldns_rbtree_first</a>(zone-><a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>); <a name="l01060"></a>01060 <span class="keywordflow">while</span> (cur_node != <a class="code" href="rbtree_8h.html#ab30c305b53af0832956712d035d96631" title="The nullpointer, points to empty node.">LDNS_RBTREE_NULL</a>) { <a name="l01061"></a>01061 cur_name = (<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *) cur_node-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>; <a name="l01062"></a>01062 <a name="l01063"></a>01063 if (!cur_name-><a class="code" href="structldns__struct__dnssec__name.html#a5d8462ca54ab4c2411ec798f92ec215f" title="Unlike what the name is_glue suggests, this field is set to true by ldns_dnssec_zone_mark_glue() or l...">is_glue</a>) { <a name="l01064"></a>01064 on_delegation_point = <a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>( <a name="l01065"></a>01065 cur_name-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daaa3b41f5c015a14a145a7f21ae29a8795" title="an authoritative name server">LDNS_RR_TYPE_NS</a>) <a name="l01066"></a>01066 && !<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>( <a name="l01067"></a>01067 cur_name-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>); <a name="l01068"></a>01068 cur_rrset = cur_name-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>; <a name="l01069"></a>01069 <span class="keywordflow">while</span> (cur_rrset) { <a name="l01070"></a>01070 <span class="comment">/* reset keys to use */</span> <a name="l01071"></a>01071 <a class="code" href="keys_8c.html#a40afb1fed3e89304d547a2b526d3db16" title="Set the 'use' flag for all keys in the list.">ldns_key_list_set_use</a>(key_list, <span class="keyword">true</span>); <a name="l01072"></a>01072 <a name="l01073"></a>01073 <span class="comment">/* walk through old sigs, remove the old,</span> <a name="l01074"></a>01074 <span class="comment"> and mark which keys (not) to use) */</span> <a name="l01075"></a>01075 cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a> = <a name="l01076"></a>01076 <a class="code" href="dnssec__sign_8c.html#a2a2c52b87423e4ecc2ab582fa9341b65" title="remove signatures if callback function tells to">ldns_dnssec_remove_signatures</a>(cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a>, <a name="l01077"></a>01077 key_list, <a name="l01078"></a>01078 func, <a name="l01079"></a>01079 arg); <a name="l01080"></a>01080 <span class="keywordflow">if</span>(!(flags&<a class="code" href="dnssec__sign_8h.html#a8f8735648270a4f13583624b37f935fb" title="dnssec_verify">LDNS_SIGN_DNSKEY_WITH_ZSK</a>) && <a name="l01081"></a>01081 cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa316efb0ac15f31b6891fa6fba833eae8">LDNS_RR_TYPE_DNSKEY</a>) <a name="l01082"></a>01082 ldns_key_list_filter_for_dnskey(key_list); <a name="l01083"></a>01083 <a name="l01084"></a>01084 <span class="keywordflow">if</span>(cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa316efb0ac15f31b6891fa6fba833eae8">LDNS_RR_TYPE_DNSKEY</a>) <a name="l01085"></a>01085 ldns_key_list_filter_for_non_dnskey(key_list); <a name="l01086"></a>01086 <a name="l01087"></a>01087 <span class="comment">/* TODO: just set count to zero? */</span> <a name="l01088"></a>01088 rr_list = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>(); <a name="l01089"></a>01089 <a name="l01090"></a>01090 cur_rr = cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a2229da8122ce142529bfb87b20d62402">rrs</a>; <a name="l01091"></a>01091 <span class="keywordflow">while</span> (cur_rr) { <a name="l01092"></a>01092 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(rr_list, cur_rr-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a>); <a name="l01093"></a>01093 cur_rr = cur_rr-><a class="code" href="structldns__struct__dnssec__rrs.html#acac5b19d843d109920d2257b16939ba2">next</a>; <a name="l01094"></a>01094 } <a name="l01095"></a>01095 <a name="l01096"></a>01096 <span class="comment">/* only sign non-delegation RRsets */</span> <a name="l01097"></a>01097 <span class="comment">/* (glue should have been marked earlier, </span> <a name="l01098"></a>01098 <span class="comment"> * except on the delegation points itself) */</span> <a name="l01099"></a>01099 <span class="keywordflow">if</span> (!on_delegation_point || <a name="l01100"></a>01100 <a class="code" href="rr_8c.html#a3aca4f8ace1b6c619a92b014ba343899" title="Returns the type of the first element of the RR If there are no elements present, 0 is returned...">ldns_rr_list_type</a>(rr_list) <a name="l01101"></a>01101 == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6014f51afd4f88ae81c2d0e8afef8894" title="draft-ietf-dnsext-delegation">LDNS_RR_TYPE_DS</a> || <a name="l01102"></a>01102 <a class="code" href="rr_8c.html#a3aca4f8ace1b6c619a92b014ba343899" title="Returns the type of the first element of the RR If there are no elements present, 0 is returned...">ldns_rr_list_type</a>(rr_list) <a name="l01103"></a>01103 == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a> || <a name="l01104"></a>01104 <a class="code" href="rr_8c.html#a3aca4f8ace1b6c619a92b014ba343899" title="Returns the type of the first element of the RR If there are no elements present, 0 is returned...">ldns_rr_list_type</a>(rr_list) <a name="l01105"></a>01105 == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>) { <a name="l01106"></a>01106 siglist = <a class="code" href="dnssec__sign_8c.html#a1e464ee25453579eb3f55b8ff468f67f" title="use this function to sign with a public/private key alg return the created signatures">ldns_sign_public</a>(rr_list, key_list); <a name="l01107"></a>01107 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(siglist); i++) { <a name="l01108"></a>01108 <span class="keywordflow">if</span> (cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a>) { <a name="l01109"></a>01109 result = <a class="code" href="dnssec__zone_8c.html#a487c51146440838782c3cd244ff8f8ac" title="Adds an RR to the list of RRs.">ldns_dnssec_rrs_add_rr</a>(cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a>, <a name="l01110"></a>01110 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist, <a name="l01111"></a>01111 i)); <a name="l01112"></a>01112 } <span class="keywordflow">else</span> { <a name="l01113"></a>01113 cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a> = <a class="code" href="dnssec__zone_8c.html#a5bfffad41186e87d4617d8e737336f8f" title="Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs.">ldns_dnssec_rrs_new</a>(); <a name="l01114"></a>01114 cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a5ae22da890133db8ce47ceb8ab85b3a0">signatures</a>-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a> = <a name="l01115"></a>01115 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist, i); <a name="l01116"></a>01116 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs, <a name="l01117"></a>01117 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist, <a name="l01118"></a>01118 i)); <a name="l01119"></a>01119 } <a name="l01120"></a>01120 } <a name="l01121"></a>01121 <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(siglist); <a name="l01122"></a>01122 } <a name="l01123"></a>01123 <a name="l01124"></a>01124 <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(rr_list); <a name="l01125"></a>01125 <a name="l01126"></a>01126 cur_rrset = cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a980e963be13c1f575bf86ce65936d95b">next</a>; <a name="l01127"></a>01127 } <a name="l01128"></a>01128 <a name="l01129"></a>01129 <span class="comment">/* sign the nsec */</span> <a name="l01130"></a>01130 <a class="code" href="keys_8c.html#a40afb1fed3e89304d547a2b526d3db16" title="Set the 'use' flag for all keys in the list.">ldns_key_list_set_use</a>(key_list, <span class="keyword">true</span>); <a name="l01131"></a>01131 cur_name-><a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a> = <a name="l01132"></a>01132 <a class="code" href="dnssec__sign_8c.html#a2a2c52b87423e4ecc2ab582fa9341b65" title="remove signatures if callback function tells to">ldns_dnssec_remove_signatures</a>(cur_name-><a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a>, <a name="l01133"></a>01133 key_list, <a name="l01134"></a>01134 func, <a name="l01135"></a>01135 arg); <a name="l01136"></a>01136 ldns_key_list_filter_for_non_dnskey(key_list); <a name="l01137"></a>01137 <a name="l01138"></a>01138 rr_list = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>(); <a name="l01139"></a>01139 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(rr_list, cur_name-><a class="code" href="structldns__struct__dnssec__name.html#a19a33201b18f132a9fc42db8a0fd00be" title="NSEC pointing to the next name (or NSEC3 pointing to the next NSEC3)">nsec</a>); <a name="l01140"></a>01140 siglist = <a class="code" href="dnssec__sign_8c.html#a1e464ee25453579eb3f55b8ff468f67f" title="use this function to sign with a public/private key alg return the created signatures">ldns_sign_public</a>(rr_list, key_list); <a name="l01141"></a>01141 <a name="l01142"></a>01142 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(siglist); i++) { <a name="l01143"></a>01143 <span class="keywordflow">if</span> (cur_name-><a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a>) { <a name="l01144"></a>01144 result = <a class="code" href="dnssec__zone_8c.html#a487c51146440838782c3cd244ff8f8ac" title="Adds an RR to the list of RRs.">ldns_dnssec_rrs_add_rr</a>(cur_name-><a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a>, <a name="l01145"></a>01145 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist, i)); <a name="l01146"></a>01146 } <span class="keywordflow">else</span> { <a name="l01147"></a>01147 cur_name-><a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a> = <a class="code" href="dnssec__zone_8c.html#a5bfffad41186e87d4617d8e737336f8f" title="Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs.">ldns_dnssec_rrs_new</a>(); <a name="l01148"></a>01148 cur_name-><a class="code" href="structldns__struct__dnssec__name.html#a08b22ea2292d9782f10371acfe24cbf2" title="signatures for the NSEC record">nsec_signatures</a>-><a class="code" href="structldns__struct__dnssec__rrs.html#a103610b3db9efa6f56b50c07b72da327">rr</a> = <a name="l01149"></a>01149 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist, i); <a name="l01150"></a>01150 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs, <a name="l01151"></a>01151 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(siglist, i)); <a name="l01152"></a>01152 } <a name="l01153"></a>01153 } <a name="l01154"></a>01154 <a name="l01155"></a>01155 <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(siglist); <a name="l01156"></a>01156 <a class="code" href="rr_8c.html#a00ae3d3571b0dba3014269b617992492" title="frees an rr_list structure.">ldns_rr_list_free</a>(rr_list); <a name="l01157"></a>01157 } <a name="l01158"></a>01158 cur_node = <a class="code" href="rbtree_8c.html#aabc52dfc43c1df5841be22543be1e5fe" title="Returns next larger node in the tree.">ldns_rbtree_next</a>(cur_node); <a name="l01159"></a>01159 } <a name="l01160"></a>01160 <a name="l01161"></a>01161 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(pubkey_list); <a name="l01162"></a>01162 <span class="keywordflow">return</span> result; <a name="l01163"></a>01163 } <a name="l01164"></a>01164 <a name="l01165"></a>01165 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01166"></a><a class="code" href="dnssec__sign_8h.html#a7f6872f627b4d98f379481dd92080f9a">01166</a> <a class="code" href="dnssec__sign_8c.html#a7f6872f627b4d98f379481dd92080f9a" title="signs the given zone with the given keys">ldns_dnssec_zone_sign</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l01167"></a>01167 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs, <a name="l01168"></a>01168 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list, <a name="l01169"></a>01169 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *), <a name="l01170"></a>01170 <span class="keywordtype">void</span> *arg) <a name="l01171"></a>01171 { <a name="l01172"></a>01172 <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#abba5342158af42e5a15d5623bdf684c5" title="signs the given zone with the given keys">ldns_dnssec_zone_sign_flg</a>(zone, new_rrs, key_list, func, arg, 0); <a name="l01173"></a>01173 } <a name="l01174"></a>01174 <a name="l01175"></a>01175 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01176"></a><a class="code" href="dnssec__sign_8h.html#abba5342158af42e5a15d5623bdf684c5">01176</a> <a class="code" href="dnssec__sign_8c.html#abba5342158af42e5a15d5623bdf684c5" title="signs the given zone with the given keys">ldns_dnssec_zone_sign_flg</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l01177"></a>01177 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs, <a name="l01178"></a>01178 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list, <a name="l01179"></a>01179 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *), <a name="l01180"></a>01180 <span class="keywordtype">void</span> *arg, <a name="l01181"></a>01181 <span class="keywordtype">int</span> flags) <a name="l01182"></a>01182 { <a name="l01183"></a>01183 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> result = <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>; <a name="l01184"></a>01184 <a name="l01185"></a>01185 <span class="keywordflow">if</span> (!zone || !new_rrs || !key_list) { <a name="l01186"></a>01186 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>; <a name="l01187"></a>01187 } <a name="l01188"></a>01188 <a name="l01189"></a>01189 <span class="comment">/* zone is already sorted */</span> <a name="l01190"></a>01190 result = <a class="code" href="dnssec__sign_8c.html#a5e1d049026b2768cd455952bb6725d86" title="Marks the names in the zone that are occluded.">ldns_dnssec_zone_mark_glue</a>(zone); <a name="l01191"></a>01191 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l01192"></a>01192 <span class="keywordflow">return</span> result; <a name="l01193"></a>01193 } <a name="l01194"></a>01194 <a name="l01195"></a>01195 <span class="comment">/* check whether we need to add nsecs */</span> <a name="l01196"></a>01196 <span class="keywordflow">if</span> (zone-><a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a> && !((<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)zone-><a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>-><a class="code" href="structldns__rbtree__t.html#abfa0bbc0290bf80cfcb4b239a3e84046" title="The root of the red-black tree.">root</a>-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>)->nsec) { <a name="l01197"></a>01197 result = <a class="code" href="dnssec__sign_8c.html#ae40e5c92c6c14b68f305f861b393ca4c" title="Adds NSEC records to the given dnssec_zone.">ldns_dnssec_zone_create_nsecs</a>(zone, new_rrs); <a name="l01198"></a>01198 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l01199"></a>01199 <span class="keywordflow">return</span> result; <a name="l01200"></a>01200 } <a name="l01201"></a>01201 } <a name="l01202"></a>01202 <a name="l01203"></a>01203 result = <a class="code" href="dnssec__sign_8c.html#aee55b095c954f2bb72d9c7f6038766f8" title="Adds signatures to the zone.">ldns_dnssec_zone_create_rrsigs_flg</a>(zone, <a name="l01204"></a>01204 new_rrs, <a name="l01205"></a>01205 key_list, <a name="l01206"></a>01206 func, <a name="l01207"></a>01207 arg, <a name="l01208"></a>01208 flags); <a name="l01209"></a>01209 <a name="l01210"></a>01210 <span class="keywordflow">return</span> result; <a name="l01211"></a>01211 } <a name="l01212"></a>01212 <a name="l01213"></a>01213 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01214"></a><a class="code" href="dnssec__sign_8h.html#ae73c80d9bf48e9137233e10a5d972628">01214</a> <a class="code" href="dnssec__sign_8c.html#ae73c80d9bf48e9137233e10a5d972628" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l01215"></a>01215 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs, <a name="l01216"></a>01216 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list, <a name="l01217"></a>01217 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *), <a name="l01218"></a>01218 <span class="keywordtype">void</span> *arg, <a name="l01219"></a>01219 uint8_t algorithm, <a name="l01220"></a>01220 uint8_t flags, <a name="l01221"></a>01221 uint16_t iterations, <a name="l01222"></a>01222 uint8_t salt_length, <a name="l01223"></a>01223 uint8_t *salt) <a name="l01224"></a>01224 { <a name="l01225"></a>01225 <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#aa332464b3fd3d57c68a75fdc8e9b8c69" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3_flg_mkmap</a>(zone, new_rrs, key_list, <a name="l01226"></a>01226 func, arg, algorithm, flags, iterations, salt_length, salt, 0, <a name="l01227"></a>01227 NULL); <a name="l01228"></a>01228 } <a name="l01229"></a>01229 <a name="l01230"></a>01230 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01231"></a><a class="code" href="dnssec__sign_8h.html#aa332464b3fd3d57c68a75fdc8e9b8c69">01231</a> <a class="code" href="dnssec__sign_8c.html#aa332464b3fd3d57c68a75fdc8e9b8c69" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3_flg_mkmap</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l01232"></a>01232 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs, <a name="l01233"></a>01233 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list, <a name="l01234"></a>01234 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *), <a name="l01235"></a>01235 <span class="keywordtype">void</span> *arg, <a name="l01236"></a>01236 uint8_t algorithm, <a name="l01237"></a>01237 uint8_t flags, <a name="l01238"></a>01238 uint16_t iterations, <a name="l01239"></a>01239 uint8_t salt_length, <a name="l01240"></a>01240 uint8_t *salt, <a name="l01241"></a>01241 <span class="keywordtype">int</span> signflags, <a name="l01242"></a>01242 <a class="code" href="structldns__rbtree__t.html" title="definition for tree struct">ldns_rbtree_t</a> **map) <a name="l01243"></a>01243 { <a name="l01244"></a>01244 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3, *nsec3param; <a name="l01245"></a>01245 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> result = <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>; <a name="l01246"></a>01246 <a name="l01247"></a>01247 <span class="comment">/* zone is already sorted */</span> <a name="l01248"></a>01248 result = <a class="code" href="dnssec__sign_8c.html#a5e1d049026b2768cd455952bb6725d86" title="Marks the names in the zone that are occluded.">ldns_dnssec_zone_mark_glue</a>(zone); <a name="l01249"></a>01249 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l01250"></a>01250 <span class="keywordflow">return</span> result; <a name="l01251"></a>01251 } <a name="l01252"></a>01252 <a name="l01253"></a>01253 <span class="comment">/* TODO if there are already nsec3s presents and their</span> <a name="l01254"></a>01254 <span class="comment"> * parameters are the same as these, we don't have to recreate</span> <a name="l01255"></a>01255 <span class="comment"> */</span> <a name="l01256"></a>01256 <span class="keywordflow">if</span> (zone-><a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>) { <a name="l01257"></a>01257 <span class="comment">/* add empty nonterminals */</span> <a name="l01258"></a>01258 result = <a class="code" href="dnssec__zone_8c.html#a93138f81a2cb42fde4167121e0068258" title="Adds explicit dnssec_name structures for the empty nonterminals in this zone.">ldns_dnssec_zone_add_empty_nonterminals</a>(zone); <a name="l01259"></a>01259 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l01260"></a>01260 <span class="keywordflow">return</span> result; <a name="l01261"></a>01261 } <a name="l01262"></a>01262 <a name="l01263"></a>01263 nsec3 = ((<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *)zone-><a class="code" href="structldns__struct__dnssec__zone.html#a490b73f33563a1081d077a66ad51f49f" title="tree of ldns_dnssec_names">names</a>-><a class="code" href="structldns__rbtree__t.html#abfa0bbc0290bf80cfcb4b239a3e84046" title="The root of the red-black tree.">root</a>-><a class="code" href="structldns__rbnode__t.html#aa0988cf7f89971338f5aa79c9352a1df" title="pointer to data">data</a>)->nsec; <a name="l01264"></a>01264 <span class="keywordflow">if</span> (nsec3 && <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>) { <a name="l01265"></a>01265 <span class="comment">/* no need to recreate */</span> <a name="l01266"></a>01266 } <span class="keywordflow">else</span> { <a name="l01267"></a>01267 <span class="keywordflow">if</span> (!<a class="code" href="dnssec__zone_8c.html#a8c3439ad6e89e3d4d469946f05868250" title="Find the RRset with the given name and type in the zone.">ldns_dnssec_zone_find_rrset</a>(zone, <a name="l01268"></a>01268 zone-><a class="code" href="structldns__struct__dnssec__zone.html#af801912584df39827a745eee20273fb0" title="points to the name containing the SOA RR">soa</a>-><a class="code" href="structldns__struct__dnssec__name.html#af6ffc673c82b7beb2081a02477ec4df0" title="pointer to a dname containing the name.">name</a>, <a name="l01269"></a>01269 <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6ae1d49278325b00ed6f8f5c21ed2c77">LDNS_RR_TYPE_NSEC3PARAM</a>)) { <a name="l01270"></a>01270 <span class="comment">/* create and add the nsec3param rr */</span> <a name="l01271"></a>01271 nsec3param = <a name="l01272"></a>01272 <a class="code" href="rr_8c.html#a49a0499723e18408806c7023b5090517" title="creates a new rr structure, based on the given type.">ldns_rr_new_frm_type</a>(<a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6ae1d49278325b00ed6f8f5c21ed2c77">LDNS_RR_TYPE_NSEC3PARAM</a>); <a name="l01273"></a>01273 <a class="code" href="rr_8c.html#a2c7374383b168ce0d33b56f43a91c940" title="sets the owner in the rr structure.">ldns_rr_set_owner</a>(nsec3param, <a name="l01274"></a>01274 <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(zone-><a class="code" href="structldns__struct__dnssec__zone.html#af801912584df39827a745eee20273fb0" title="points to the name containing the SOA RR">soa</a>-><a class="code" href="structldns__struct__dnssec__name.html#af6ffc673c82b7beb2081a02477ec4df0" title="pointer to a dname containing the name.">name</a>)); <a name="l01275"></a>01275 <a class="code" href="dnssec_8c.html#a32e7e1f34ec0a19c6d20997bd4191b61" title="Sets all the NSEC3 options.">ldns_nsec3_add_param_rdfs</a>(nsec3param, <a name="l01276"></a>01276 algorithm, <a name="l01277"></a>01277 flags, <a name="l01278"></a>01278 iterations, <a name="l01279"></a>01279 salt_length, <a name="l01280"></a>01280 salt); <a name="l01281"></a>01281 <span class="comment">/* always set bit 7 of the flags to zero, according to</span> <a name="l01282"></a>01282 <span class="comment"> * rfc5155 section 11 */</span> <a name="l01283"></a>01283 <a class="code" href="util_8c.html#a2d1ca37b28b9053aedc68d9ab4c62cae" title="sets the specified bit in the specified byte to 1 if value is true, 0 if false The bits are counted f...">ldns_set_bit</a>(<a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3param, 1)), 7, 0); <a name="l01284"></a>01284 result = <a class="code" href="dnssec__zone_8c.html#a82eddabbee6ef7441a8c3d723c23bdc2" title="Adds the given RR to the zone.">ldns_dnssec_zone_add_rr</a>(zone, nsec3param); <a name="l01285"></a>01285 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l01286"></a>01286 <span class="keywordflow">return</span> result; <a name="l01287"></a>01287 } <a name="l01288"></a>01288 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(new_rrs, nsec3param); <a name="l01289"></a>01289 } <a name="l01290"></a>01290 result = <a class="code" href="dnssec__sign_8c.html#a10869af14890cd67324ce653a3c85a7d">ldns_dnssec_zone_create_nsec3s_mkmap</a>(zone, <a name="l01291"></a>01291 new_rrs, <a name="l01292"></a>01292 algorithm, <a name="l01293"></a>01293 flags, <a name="l01294"></a>01294 iterations, <a name="l01295"></a>01295 salt_length, <a name="l01296"></a>01296 salt, <a name="l01297"></a>01297 map); <a name="l01298"></a>01298 <span class="keywordflow">if</span> (result != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l01299"></a>01299 <span class="keywordflow">return</span> result; <a name="l01300"></a>01300 } <a name="l01301"></a>01301 } <a name="l01302"></a>01302 <a name="l01303"></a>01303 result = <a class="code" href="dnssec__sign_8c.html#aee55b095c954f2bb72d9c7f6038766f8" title="Adds signatures to the zone.">ldns_dnssec_zone_create_rrsigs_flg</a>(zone, <a name="l01304"></a>01304 new_rrs, <a name="l01305"></a>01305 key_list, <a name="l01306"></a>01306 func, <a name="l01307"></a>01307 arg, <a name="l01308"></a>01308 signflags); <a name="l01309"></a>01309 } <a name="l01310"></a>01310 <a name="l01311"></a>01311 <span class="keywordflow">return</span> result; <a name="l01312"></a>01312 } <a name="l01313"></a>01313 <a name="l01314"></a>01314 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01315"></a><a class="code" href="dnssec__sign_8h.html#a92fc18d880bcfcdd8d3cbdc2df4c0b0d">01315</a> <a class="code" href="dnssec__sign_8c.html#a92fc18d880bcfcdd8d3cbdc2df4c0b0d" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3_flg</a>(<a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *zone, <a name="l01316"></a>01316 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs, <a name="l01317"></a>01317 <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list, <a name="l01318"></a>01318 <span class="keywordtype">int</span> (*func)(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *, <span class="keywordtype">void</span> *), <a name="l01319"></a>01319 <span class="keywordtype">void</span> *arg, <a name="l01320"></a>01320 uint8_t algorithm, <a name="l01321"></a>01321 uint8_t flags, <a name="l01322"></a>01322 uint16_t iterations, <a name="l01323"></a>01323 uint8_t salt_length, <a name="l01324"></a>01324 uint8_t *salt, <a name="l01325"></a>01325 <span class="keywordtype">int</span> signflags) <a name="l01326"></a>01326 { <a name="l01327"></a>01327 <span class="keywordflow">return</span> <a class="code" href="dnssec__sign_8c.html#aa332464b3fd3d57c68a75fdc8e9b8c69" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3_flg_mkmap</a>(zone, new_rrs, key_list, <a name="l01328"></a>01328 func, arg, algorithm, flags, iterations, salt_length, salt, <a name="l01329"></a>01329 signflags, NULL); <a name="l01330"></a>01330 } <a name="l01331"></a>01331 <a name="l01332"></a>01332 <a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> * <a name="l01333"></a><a class="code" href="dnssec__sign_8h.html#a51bcf188424a6c3e90241b59aa2c172b">01333</a> <a class="code" href="dnssec__sign_8c.html#a51bcf188424a6c3e90241b59aa2c172b" title="Signs the zone, and returns a newly allocated signed zone.">ldns_zone_sign</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> *zone, <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list) <a name="l01334"></a>01334 { <a name="l01335"></a>01335 <a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *dnssec_zone; <a name="l01336"></a>01336 <a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> *signed_zone; <a name="l01337"></a>01337 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs; <a name="l01338"></a>01338 <span class="keywordtype">size_t</span> i; <a name="l01339"></a>01339 <a name="l01340"></a>01340 signed_zone = <a class="code" href="zone_8c.html#a0f700a61daf31429b1c2b3f0426e186e" title="create a new ldns_zone structure">ldns_zone_new</a>(); <a name="l01341"></a>01341 dnssec_zone = <a class="code" href="dnssec__zone_8c.html#a980d3d3a4c36b3cab999f85d1d312ee4" title="Creates a new dnssec_zone structure.">ldns_dnssec_zone_new</a>(); <a name="l01342"></a>01342 <a name="l01343"></a>01343 (void) <a class="code" href="dnssec__zone_8c.html#a82eddabbee6ef7441a8c3d723c23bdc2" title="Adds the given RR to the zone.">ldns_dnssec_zone_add_rr</a>(dnssec_zone, <a class="code" href="zone_8c.html#aae16d59c27e1f2292f8bd87604517e0c" title="Return the soa record of a zone.">ldns_zone_soa</a>(zone)); <a name="l01344"></a>01344 <a class="code" href="zone_8c.html#a07b0fcc3777e44bbb8940aaeeb2e3661" title="Set the zone's soa record.">ldns_zone_set_soa</a>(signed_zone, <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="zone_8c.html#aae16d59c27e1f2292f8bd87604517e0c" title="Return the soa record of a zone.">ldns_zone_soa</a>(zone))); <a name="l01345"></a>01345 <a name="l01346"></a>01346 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone's content.">ldns_zone_rrs</a>(zone)); i++) { <a name="l01347"></a>01347 (void) <a class="code" href="dnssec__zone_8c.html#a82eddabbee6ef7441a8c3d723c23bdc2" title="Adds the given RR to the zone.">ldns_dnssec_zone_add_rr</a>(dnssec_zone, <a name="l01348"></a>01348 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone's content.">ldns_zone_rrs</a>(zone), <a name="l01349"></a>01349 i)); <a name="l01350"></a>01350 <a class="code" href="zone_8c.html#aa292fe9d4d934d13780d0a56de21ebe2" title="push an single rr to a zone structure.">ldns_zone_push_rr</a>(signed_zone, <a name="l01351"></a>01351 <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone's content.">ldns_zone_rrs</a>(zone), <a name="l01352"></a>01352 i))); <a name="l01353"></a>01353 } <a name="l01354"></a>01354 <a name="l01355"></a>01355 new_rrs = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>(); <a name="l01356"></a>01356 (void) <a class="code" href="dnssec__sign_8c.html#a7f6872f627b4d98f379481dd92080f9a" title="signs the given zone with the given keys">ldns_dnssec_zone_sign</a>(dnssec_zone, <a name="l01357"></a>01357 new_rrs, <a name="l01358"></a>01358 key_list, <a name="l01359"></a>01359 <a class="code" href="dnssec_8c.html#aa20001e7098d4be9f24baf56a8761410" title="Default callback function to always leave present signatures, and add new ones.">ldns_dnssec_default_replace_signatures</a>, <a name="l01360"></a>01360 NULL); <a name="l01361"></a>01361 <a name="l01362"></a>01362 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(new_rrs); i++) { <a name="l01363"></a>01363 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone's content.">ldns_zone_rrs</a>(signed_zone), <a name="l01364"></a>01364 <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(new_rrs, i))); <a name="l01365"></a>01365 } <a name="l01366"></a>01366 <a name="l01367"></a>01367 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(new_rrs); <a name="l01368"></a>01368 <a class="code" href="dnssec__zone_8c.html#a9ff1744a3e694570150698880ede6e42" title="Frees the given zone structure, and its rbtree of dnssec_names Individual ldns_rr RRs within those na...">ldns_dnssec_zone_free</a>(dnssec_zone); <a name="l01369"></a>01369 <a name="l01370"></a>01370 <span class="keywordflow">return</span> signed_zone; <a name="l01371"></a>01371 } <a name="l01372"></a>01372 <a name="l01373"></a>01373 <a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> * <a name="l01374"></a><a class="code" href="dnssec__sign_8h.html#ae31c63b6961a1550031b357723498680">01374</a> <a class="code" href="dnssec__sign_8c.html#ae31c63b6961a1550031b357723498680" title="Signs the zone with NSEC3, and returns a newly allocated signed zone.">ldns_zone_sign_nsec3</a>(<a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> *zone, <a class="code" href="structldns__struct__key__list.html" title="Same as rr_list, but now for keys.">ldns_key_list</a> *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) <a name="l01375"></a>01375 { <a name="l01376"></a>01376 <a class="code" href="structldns__struct__dnssec__zone.html" title="Structure containing a dnssec zone.">ldns_dnssec_zone</a> *dnssec_zone; <a name="l01377"></a>01377 <a class="code" href="structldns__struct__zone.html" title="DNS Zone.">ldns_zone</a> *signed_zone; <a name="l01378"></a>01378 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *new_rrs; <a name="l01379"></a>01379 <span class="keywordtype">size_t</span> i; <a name="l01380"></a>01380 <a name="l01381"></a>01381 signed_zone = <a class="code" href="zone_8c.html#a0f700a61daf31429b1c2b3f0426e186e" title="create a new ldns_zone structure">ldns_zone_new</a>(); <a name="l01382"></a>01382 dnssec_zone = <a class="code" href="dnssec__zone_8c.html#a980d3d3a4c36b3cab999f85d1d312ee4" title="Creates a new dnssec_zone structure.">ldns_dnssec_zone_new</a>(); <a name="l01383"></a>01383 <a name="l01384"></a>01384 (void) <a class="code" href="dnssec__zone_8c.html#a82eddabbee6ef7441a8c3d723c23bdc2" title="Adds the given RR to the zone.">ldns_dnssec_zone_add_rr</a>(dnssec_zone, <a class="code" href="zone_8c.html#aae16d59c27e1f2292f8bd87604517e0c" title="Return the soa record of a zone.">ldns_zone_soa</a>(zone)); <a name="l01385"></a>01385 <a class="code" href="zone_8c.html#a07b0fcc3777e44bbb8940aaeeb2e3661" title="Set the zone's soa record.">ldns_zone_set_soa</a>(signed_zone, <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="zone_8c.html#aae16d59c27e1f2292f8bd87604517e0c" title="Return the soa record of a zone.">ldns_zone_soa</a>(zone))); <a name="l01386"></a>01386 <a name="l01387"></a>01387 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone's content.">ldns_zone_rrs</a>(zone)); i++) { <a name="l01388"></a>01388 (void) <a class="code" href="dnssec__zone_8c.html#a82eddabbee6ef7441a8c3d723c23bdc2" title="Adds the given RR to the zone.">ldns_dnssec_zone_add_rr</a>(dnssec_zone, <a name="l01389"></a>01389 <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone's content.">ldns_zone_rrs</a>(zone), <a name="l01390"></a>01390 i)); <a name="l01391"></a>01391 <a class="code" href="zone_8c.html#aa292fe9d4d934d13780d0a56de21ebe2" title="push an single rr to a zone structure.">ldns_zone_push_rr</a>(signed_zone, <a name="l01392"></a>01392 <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone's content.">ldns_zone_rrs</a>(zone), <a name="l01393"></a>01393 i))); <a name="l01394"></a>01394 } <a name="l01395"></a>01395 <a name="l01396"></a>01396 new_rrs = <a class="code" href="rr_8c.html#aa7405c3451df02516f62f6197ff06268" title="creates a new rr_list structure.">ldns_rr_list_new</a>(); <a name="l01397"></a>01397 (void) <a class="code" href="dnssec__sign_8c.html#ae73c80d9bf48e9137233e10a5d972628" title="signs the given zone with the given new zone, with NSEC3">ldns_dnssec_zone_sign_nsec3</a>(dnssec_zone, <a name="l01398"></a>01398 new_rrs, <a name="l01399"></a>01399 key_list, <a name="l01400"></a>01400 <a class="code" href="dnssec_8c.html#aa20001e7098d4be9f24baf56a8761410" title="Default callback function to always leave present signatures, and add new ones.">ldns_dnssec_default_replace_signatures</a>, <a name="l01401"></a>01401 NULL, <a name="l01402"></a>01402 algorithm, <a name="l01403"></a>01403 flags, <a name="l01404"></a>01404 iterations, <a name="l01405"></a>01405 salt_length, <a name="l01406"></a>01406 salt); <a name="l01407"></a>01407 <a name="l01408"></a>01408 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(new_rrs); i++) { <a name="l01409"></a>01409 <a class="code" href="rr_8c.html#a8bdc038678e7492ae3facf83283f8d04" title="pushes an rr to an rrlist.">ldns_rr_list_push_rr</a>(<a class="code" href="zone_8c.html#a5a75b7744ea0d91770d579730a84bbf9" title="Get a list of a zone's content.">ldns_zone_rrs</a>(signed_zone), <a name="l01410"></a>01410 <a class="code" href="rr_8c.html#adcb1e754775e6f7bf64dc2ac860671df" title="clones a rr and all its data">ldns_rr_clone</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(new_rrs, i))); <a name="l01411"></a>01411 } <a name="l01412"></a>01412 <a name="l01413"></a>01413 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(new_rrs); <a name="l01414"></a>01414 <a class="code" href="dnssec__zone_8c.html#a9ff1744a3e694570150698880ede6e42" title="Frees the given zone structure, and its rbtree of dnssec_names Individual ldns_rr RRs within those na...">ldns_dnssec_zone_free</a>(dnssec_zone); <a name="l01415"></a>01415 <a name="l01416"></a>01416 <span class="keywordflow">return</span> signed_zone; <a name="l01417"></a>01417 } <a name="l01418"></a>01418 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span> <a name="l01419"></a>01419 <a name="l01420"></a>01420 </pre></div></div> </div> <hr class="footer"/><address class="footer"><small>Generated on Wed Jan 11 2012 for ldns by  <a href="http://www.doxygen.org/index.html"> <img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.4 </small></address> </body> </html>