15 #include <openssl/ssl.h>
16 #include <openssl/evp.h>
17 #include <openssl/rand.h>
18 #include <openssl/err.h>
19 #include <openssl/md5.h>
158 EVP_get_digestbyname(
"md_gost94"));
183 printf(
"unknown algorithm, ");
184 printf(
"is the one used available on this system?\n");
311 unsigned char *sha1_hash;
324 sha1_hash = SHA1((
unsigned char*)ldns_buffer_begin(to_sign),
325 ldns_buffer_position(to_sign), NULL);
331 sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key);
337 data =
LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH);
345 pad = 20 - (size_t) BN_num_bytes(sig->r);
347 memset(data + 1, 0, pad);
349 BN_bn2bin(sig->r, (
unsigned char *) (data + 1) + pad);
351 pad = 20 - (size_t) BN_num_bytes(sig->s);
353 memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad);
355 BN_bn2bin(sig->s, (
unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad));
358 1 + 2 * SHA_DIGEST_LENGTH,
371 ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
375 if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC)
377 ec = EVP_PKEY_get1_EC_KEY(pkey);
378 g = EC_KEY_get0_group(ec);
383 if(EC_GROUP_get_curve_name(g) == NID_secp224r1 ||
384 EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 ||
385 EC_GROUP_get_curve_name(g) == NID_secp384r1) {
399 const EVP_MD *digest_type)
405 const EVP_MD *md_type;
415 md_type = digest_type;
422 EVP_MD_CTX_init(&ctx);
423 r = EVP_SignInit(&ctx, md_type);
425 r = EVP_SignUpdate(&ctx, (
unsigned char*)
426 ldns_buffer_begin(to_sign),
427 ldns_buffer_position(to_sign));
433 r = EVP_SignFinal(&ctx, (
unsigned char*)
434 ldns_buffer_begin(b64sig), &siglen, key);
446 if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
449 }
else if(EVP_PKEY_type(key->type) == EVP_PKEY_EC &&
450 ldns_pkey_is_ecdsa(key)) {
456 ldns_buffer_begin(b64sig));
460 EVP_MD_CTX_cleanup(&ctx);
467 unsigned char *sha1_hash;
479 sha1_hash = SHA1((
unsigned char*)ldns_buffer_begin(to_sign),
480 ldns_buffer_position(to_sign), NULL);
486 result = RSA_sign(NID_sha1, sha1_hash, SHA_DIGEST_LENGTH,
487 (
unsigned char*)ldns_buffer_begin(b64sig),
495 ldns_buffer_begin(b64sig));
503 unsigned char *md5_hash;
513 md5_hash = MD5((
unsigned char*)ldns_buffer_begin(to_sign),
514 ldns_buffer_position(to_sign), NULL);
520 RSA_sign(NID_md5, md5_hash, MD5_DIGEST_LENGTH,
521 (
unsigned char*)ldns_buffer_begin(b64sig),
525 ldns_buffer_begin(b64sig));
535 ldns_dnssec_addresses_on_glue_list(
543 for (cur_rrs = cur_rrset->
rrs;
545 cur_rrs = cur_rrs->
next) {
559 cur_rrset = cur_rrset->
next;
589 int below_delegation = -1;
592 if (!zone || !zone->
names) {
617 if (below_delegation && glue_list) {
618 s = ldns_dnssec_addresses_on_glue_list(
640 below_delegation = 1;
642 s = ldns_dnssec_addresses_on_glue_list(
651 below_delegation = 0;
727 cur_node = first_node;
735 while (cur_node && next_node) {
747 cur_node = next_node;
754 if (cur_node && !next_node) {
775 ldns_hashed_names_node_free(
ldns_rbnode_t *node,
void *arg) {
800 if (!zone || !new_rrs || !zone->
names) {
821 ldns_hashed_names_node_free, NULL);
832 current_name_node = first_name_node;
848 if (!current_name->
rrsets) {
856 if (hashmap_node == NULL) {
867 hashmap_node->
data = current_name;
884 if (nsec3_list == NULL) {
912 return ldns_dnssec_zone_create_nsec3s_mkmap(zone, new_rrs, algorithm,
913 flags, iterations, salt_length, salt, NULL);
921 ,
int (*func)(
ldns_rr *,
void *)
934 switch(func(NULL, arg)) {
944 fprintf(stderr,
"[XX] unknown return value from callback\n");
950 (void)func(cur_rr->
rr, arg);
953 next_rr = cur_rr->
next;
955 switch (func(cur_rr->
rr, arg)) {
982 prev_rr->
next = next_rr;
990 prev_rr->
next = next_rr;
998 fprintf(stderr,
"[XX] unknown return value from callback\n");
1013 int (*func)(
ldns_rr *,
void*),
1040 ldns_key_list_filter_for_non_dnskey(
ldns_key_list *key_list)
1061 ,
int (*func)(
ldns_rr *,
void*)
1079 int on_delegation_point = 0;
1099 cur_rrset = cur_name->
rrsets;
1113 ldns_key_list_filter_for_dnskey(key_list);
1116 ldns_key_list_filter_for_non_dnskey(key_list);
1121 cur_rr = cur_rrset->
rrs;
1124 cur_rr = cur_rr->
next;
1130 if (!on_delegation_point ||
1159 cur_rrset = cur_rrset->
next;
1169 ldns_key_list_filter_for_non_dnskey(key_list);
1204 int (*func)(
ldns_rr *,
void *),
1214 int (*func)(
ldns_rr *,
void *),
1220 if (!zone || !new_rrs || !key_list) {
1252 int (*func)(
ldns_rr *,
void *),
1256 uint16_t iterations,
1257 uint8_t salt_length,
1261 func, arg, algorithm, flags, iterations, salt_length, salt, 0,
1269 int (*func)(
ldns_rr *,
void *),
1273 uint16_t iterations,
1274 uint8_t salt_length,
1326 result = ldns_dnssec_zone_create_nsec3s_mkmap(zone,
1354 int (*func)(
ldns_rr *,
void *),
1358 uint16_t iterations,
1359 uint8_t salt_length,
1364 func, arg, algorithm, flags, iterations, salt_length, salt,
ldns_rdf * ldns_rr_rdf(const ldns_rr *rr, size_t nr)
returns the rdata field member counter.
implementation of buffers to ease operations
ldns_rdf * ldns_sign_public_evp(ldns_buffer *to_sign, EVP_PKEY *key, const EVP_MD *digest_type)
Sign data with EVP (general method for different algorithms)
ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags)
signs the given zone with the given new zone, with NSEC3
ldns_rbnode_t * ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node)
Finds the first dnssec_name node in the rbtree that is not occluded.
ldns_key * ldns_key_list_key(const ldns_key_list *key, size_t nr)
returns a pointer to the key in the list at the given position
ldns_rdf * ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
Sign data with DSA.
ldns_rr * ldns_zone_soa(const ldns_zone *z)
Return the soa record of a zone.
#define LDNS_DEFAULT_EXP_TIME
ldns_rr * ldns_rr_clone(const ldns_rr *rr)
clones a rr and all its data
#define LDNS_SIGNATURE_LEAVE_ADD_NEW
return values for the old-signature callback
ldns_rdf * ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key)
Sign a buffer with the RSA key (hash with SHA1)
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key's owner
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
uint8_t ldns_dname_label_count(const ldns_rdf *r)
count the number of labels inside a LDNS_RDF_DNAME type rdf.
void ldns_rr2canonical(ldns_rr *rr)
converts each dname in a rr to its canonical form.
ldns_rdf * ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
returns the rdf containing the native uint16_t representation.
ldns_rbnode_t * ldns_rbtree_insert(ldns_rbtree_t *rbtree, ldns_rbnode_t *data)
Insert data into the tree.
enum ldns_enum_rr_class ldns_rr_class
List or Set of Resource Records.
_Bool ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f)
sets the expireation date of a LDNS_RR_TYPE_RRSIG rr
ldns_zone * ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Signs the zone with NSEC3, and returns a newly allocated signed zone.
_Bool ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f)
sets the signers name of a LDNS_RR_TYPE_RRSIG rr
void ldns_key_set_use(ldns_key *k, _Bool v)
_Bool ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr)
push an single rr to a zone structure.
_Bool ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f)
sets the keytag of a LDNS_RR_TYPE_RRSIG rr
#define LDNS_SIGN_DNSKEY_WITH_ZSK
dnssec_verify
ldns_dnssec_rrsets * rrsets
The rrsets for this name.
ldns_status ldns_rr_list2buffer_wire(ldns_buffer *buffer, const ldns_rr_list *rr_list)
Copies the rr_list data to the buffer in wire format.
#define LDNS_XMALLOC(type, count)
void ldns_nsec3_add_param_rdfs(ldns_rr *rr, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Sets all the NSEC3 options.
void ldns_rr_list_deep_free(ldns_rr_list *rr_list)
frees an rr_list structure and all rrs contained therein.
void ldns_buffer_free(ldns_buffer *buffer)
frees the buffer.
_Bool ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f)
sets the typecovered of a LDNS_RR_TYPE_RRSIG rr
ldns_rr * ldns_rr_new_frm_type(ldns_rr_type t)
creates a new rr structure, based on the given type.
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
_Bool ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f)
sets the signature data of a LDNS_RR_TYPE_RRSIG rr
void ldns_dname2canonical(const ldns_rdf *rd)
Put a dname into canonical fmt - ie.
ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
signs the given zone with the given new zone, with NSEC3
ldns_rdf * ldns_rr_rrsig_keytag(const ldns_rr *r)
returns the keytag of a LDNS_RR_TYPE_RRSIG RR
#define LDNS_MAX_PACKETLEN
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
Structure containing a dnssec zone.
ldns_rbnode_t * root
The root of the red-black tree.
void ldns_rr_list_free(ldns_rr_list *rr_list)
frees an rr_list structure.
_Bool ldns_key_use(const ldns_key *k)
return the use flag
void ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa)
Set the zone's soa record.
ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
Adds signatures to the zone.
ldns_rr_list * ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
use this function to sign with a public/private key alg return the created signatures ...
void ldns_rdf_free(ldns_rdf *rd)
frees a rdf structure, leaving the data pointer intact.
ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name, ldns_rr *rr)
Inserts the given rr at the right place in the current dnssec_name No checking is done whether the na...
const void * data
pointer to data
ldns_rbtree_t * names
tree of ldns_dnssec_names
Including this file will include all ldns files, and define some lookup tables.
ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags, ldns_rbtree_t **map)
signs the given zone with the given new zone, with NSEC3
ldns_rdf * ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value)
returns the rdf containing the native uint8_t repr.
marks the start of a zone of authority
int ldns_dnssec_rrsets_contains_type(ldns_dnssec_rrsets *rrsets, ldns_rr_type type)
returns whether a rrset of the given type is found in the rrsets.
ldns_rdf * ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value)
returns an rdf that contains the given int32 value.
_Bool ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f)
sets the number of labels of a LDNS_RR_TYPE_RRSIG rr
General key structure, can contain all types of keys that are used in DNSSEC.
uint8_t * ldns_rdf_data(const ldns_rdf *rd)
returns the data of the rdf.
_Bool ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f)
sets the original TTL of a LDNS_RR_TYPE_RRSIG rr
ldns_rr * ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr)
returns a specific rr of an rrlist.
ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
Adds the given RR to the zone.
ldns_dnssec_rrs * ldns_dnssec_rrs_new(void)
Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs.
void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class)
sets the class in the rr.
#define LDNS_SIGNATURE_REMOVE_NO_ADD
ldns_rr * ldns_dnssec_create_nsec(ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rr_type nsec_type)
Creates NSEC.
ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
signs the given zone with the given keys
The rbnode_t struct definition.
ldns_rbtree_t * ldns_rbtree_create(int(*cmpf)(const void *, const void *))
Create new tree (malloced) with given key compare function.
uint16_t ldns_rdf2native_int16(const ldns_rdf *rd)
returns the native uint16_t representation from the rdf.
ldns_rr * ldns_dnssec_create_nsec3(ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rdf *zone_name, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Creates NSEC3.
ldns_status ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone, ldns_rr_list *glue_list)
Marks the names in the zone that are occluded.
signed char is_glue
Unlike what the name is_glue suggests, this field is set to true by ldns_dnssec_zone_mark_glue() or l...
int ldns_dname_is_wildcard(const ldns_rdf *dname)
Check if dname is a wildcard, starts with *.
ldns_rr_list * ldns_rr_list_new(void)
creates a new rr_list structure.
ldns_dnssec_rrs * signatures
ldns_rdf * ldns_rr_pop_rdf(ldns_rr *rr)
removes a rd_field member, it will be popped from the last position.
#define LDNS_KEY_ZONE_KEY
ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs)
Adds NSEC records to the given dnssec_zone.
Same as rr_list, but now for keys.
ldns_zone * ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list)
Signs the zone, and returns a newly allocated signed zone.
int ldns_dname_compare_v(const void *a, const void *b)
Given in dnssec_zone.c, also used in dnssec_sign.c:w.
ldns_rdf * ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key)
Sign a buffer with the RSA key (hash with MD5)
ldns_rr_list * ldns_rr_list_clone(const ldns_rr_list *rrlist)
clones an rrlist.
_Bool ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f)
sets the inception date of a LDNS_RR_TYPE_RRSIG rr
definition for tree struct
void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
sets the owner in the rr structure.
uint32_t ldns_key_inception(const ldns_key *k)
return the key's inception date
#define LDNS_SIGNATURE_REMOVE_ADD_NEW
uint32_t ldns_rdf2native_int32(const ldns_rdf *rd)
returns the native uint32_t representation from the rdf.
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
void ldns_set_bit(uint8_t *byte, int bit_nr, _Bool value)
ldns_dnssec_rrs * ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, ldns_key_list *key_list __attribute__((unused)), int(*func)(ldns_rr *, void *), void *arg)
ldns_dnssec_name * soa
points to the name containing the SOA RR
void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl)
sets the ttl in the rr structure.
enum ldns_enum_status ldns_status
EVP_PKEY * ldns_key_evp_key(const ldns_key *k)
returns the (openssl) EVP struct contained in the key
ldns_rdf * ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
Sign the buffer which contains the wiredata of an rrset, and the corresponding empty rrsig rr with th...
ldns_rdf * ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
allocates a new rdf structure and fills it.
#define LDNS_MALLOC(type)
Memory management macros.
ldns_dnssec_rrsets * ldns_dnssec_name_find_rrset(ldns_dnssec_name *name, ldns_rr_type type)
Find the RRset with the given type in within this name structure.
ldns_rdf * hashed_name
pointer to store the hashed name (only used when in an NSEC3 zone
ldns_buffer * ldns_buffer_new(size_t capacity)
creates a new buffer with the specified capacity.
This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035).
ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k)
return the signing alg of the key
void ldns_key_list_set_use(ldns_key_list *keys, _Bool v)
uint32_t ldns_key_expiration(const ldns_key *k)
return the key's expiration date
void ldns_dnssec_zone_free(ldns_dnssec_zone *zone)
Frees the given zone structure, and its rbtree of dnssec_names Individual ldns_rr RRs within those na...
_Bool ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr)
pushes an rr to an rrlist.
ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
Adds signatures to the zone.
#define LDNS_RBTREE_NULL
The nullpointer, points to empty node.
ldns_status ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Adds NSEC3 records to the zone.
ldns_rr_list * ldns_zone_rrs(const ldns_zone *z)
Get a list of a zone's content.
const void * key
pointer to sorting key
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point, the corresponding rdata field must still be added with ldns_rr_rdf_push() to the result rr of this function
ldns_status ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
Marks the names in the zone that are occluded.
Resource record data field.
ldns_dnssec_zone * ldns_dnssec_zone_new(void)
Creates a new dnssec_zone structure.
ldns_dnssec_rrsets * next
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
void ldns_traverse_postorder(ldns_rbtree_t *tree, void(*func)(ldns_rbnode_t *, void *), void *arg)
Call function for all elements in the redblack tree, such that leaf elements are called before parent...
ldns_rdf * ldns_rr_owner(const ldns_rr *rr)
returns the owner name of an rr structure.
size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list)
returns the number of rr's in an rr_list.
#define LDNS_SIGNATURE_LEAVE_NO_ADD
ldns_status ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs)
chains nsec3 list
an authoritative name server
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
ldns_status ldns_rrsig2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr)
Converts a rrsig to wireformat BUT EXCLUDE the rrsig rdata This is needed in DNSSEC verification...
ldns_rdf * ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
Converts the ECDSA signature from ASN1 representation (as used by OpenSSL) to raw signature data as u...
ldns_rbnode_t * ldns_rbtree_first(ldns_rbtree_t *rbtree)
Returns first (smallest) node in the tree.
ldns_rr * ldns_create_empty_rrsig(ldns_rr_list *rrset, ldns_key *current_key)
Create an empty RRSIG RR (i.e.
ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos)
look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME try and retrieve a specific label...
uint32_t ldns_rr_ttl(const ldns_rr *rr)
returns the ttl of an rr structure.
ldns_rr_type ldns_rr_list_type(const ldns_rr_list *rr_list)
Returns the type of the first element of the RR If there are no elements present, 0 is returned...
ldns_dnssec_rrsets * ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone, ldns_rdf *dname, ldns_rr_type type)
Find the RRset with the given name and type in the zone.
_Bool ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent)
test wether the name sub falls under parent (i.e.
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
ldns_rr_class ldns_rr_get_class(const ldns_rr *rr)
returns the class of the rr.
int ldns_dnssec_default_replace_signatures(ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused)))
ldns_dnssec_rrs * nsec_signatures
signatures for the NSEC record
ldns_rbnode_t * ldns_rbtree_next(ldns_rbnode_t *node)
Returns next larger node in the tree.
ldns_rbtree_t * hashed_names
tree of ldns_dnssec_names by nsec3 hashes (when applicible)
ldns_rdf * ldns_dnssec_name_name(ldns_dnssec_name *name)
Returns the domain name of the given dnssec_name structure.
ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
Adds explicit dnssec_name structures for the empty nonterminals in this zone.
ldns_zone * ldns_zone_new(void)
create a new ldns_zone structure
ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
signs the given zone with the given keys
void ldns_rr_list_sort(ldns_rr_list *unsorted)
sorts an rr_list (canonical wire format).
ldns_rdf * ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
Converts the DSA signature from ASN1 representation (RFC2459, as used by OpenSSL) to raw signature da...
ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr)
Adds an RR to the list of RRs.
ldns_rr * nsec
NSEC pointing to the next name (or NSEC3 pointing to the next NSEC3)
_Bool ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f)
sets the algorithm of a LDNS_RR_TYPE_RRSIG rr
ldns_rdf * name
pointer to a dname containing the name.