660 	dns_rdata_nsec3param_t		nsec3param;
674  * 'nsec3param' contains the parameters of the NSEC3 chain being created
677  * 'salt' is buffer space and is referenced via 'nsec3param.salt'.
857 typedef struct nsec3param nsec3param_t;
858 struct nsec3param {
3319 zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
3349 	if (!nsec3ok && (nsec3param->flags & DNS_NSEC3FLAG_REMOVE) == 0) {
3369 	nsec3chain->nsec3param.common.rdclass = nsec3param->common.rdclass;
3370 	nsec3chain->nsec3param.common.rdtype = nsec3param->common.rdtype;
3371 	nsec3chain->nsec3param.hash = nsec3param->hash;
3372 	nsec3chain->nsec3param.iterations = nsec3param->iterations;
3373 	nsec3chain->nsec3param.flags = nsec3param->flags;
3374 	nsec3chain->nsec3param.salt_length = nsec3param->salt_length;
3375 	memmove(nsec3chain->salt, nsec3param->salt, nsec3param->salt_length);
3376 	nsec3chain->nsec3param.salt = nsec3chain->salt;
3384 	if (nsec3param->flags == 0)
3388 		if (nsec3param->flags & DNS_NSEC3FLAG_REMOVE)
3390 		if (nsec3param->flags & DNS_NSEC3FLAG_INITIAL) {
3396 		if (nsec3param->flags & DNS_NSEC3FLAG_CREATE) {
3402 		if (nsec3param->flags & DNS_NSEC3FLAG_NONSEC) {
3408 		if (nsec3param->flags & DNS_NSEC3FLAG_OPTOUT) {
3415 	result = dns_nsec3param_salttotext(nsec3param, saltbuf,
3420 		      nsec3param->hash, flags, nsec3param->iterations,
3432 		    current->nsec3param.hash == nsec3param->hash &&
3433 		    current->nsec3param.iterations == nsec3param->iterations &&
3434 		    current->nsec3param.salt_length == nsec3param->salt_length
3435 		    && !memcmp(current->nsec3param.salt, nsec3param->salt,
3436 			       nsec3param->salt_length))
3446 	if ((nsec3chain->nsec3param.flags & DNS_NSEC3FLAG_CREATE) != 0)
3500 	dns_rdata_nsec3param_t nsec3param;
3558 		result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
3560 		if (((nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0) ||
3561 		    ((nsec3param.flags & DNS_NSEC3FLAG_CREATE) != 0 && nsec3ok))
3568 			result = zone_addnsec3chain(zone, &nsec3param);
3639 	dns_rdata_nsec3param_t nsec3param;
3650 			     "nsec3param lookup failure: %s",
3667 			     "nsec3param lookup failure: %s",
3682 		result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
3686 		    nsec3param.hash == DNS_NSEC3_UNKNOWNALG && !dynamic)
3690 				     nsec3param.hash);
3692 		} else if (!dns_nsec3_supportedhash(nsec3param.hash)) {
3697 					     nsec3param.hash);
3705 					     nsec3param.hash);
7042 	dns_rdata_nsec3param_t nsec3param;
7073 		CHECK(dns_rdata_tostruct(&rdata, &nsec3param, NULL));
7075 		if (nsec3param.hash != chain->nsec3param.hash ||
7076 		    (active && nsec3param.flags != 0) ||
7077 		    nsec3param.iterations != chain->nsec3param.iterations ||
7078 		    nsec3param.salt_length != chain->nsec3param.salt_length ||
7079 		    memcmp(nsec3param.salt, chain->nsec3param.salt,
7080 			   nsec3param.salt_length)) {
7122 		CHECK(dns_rdata_tostruct(&rdata, &nsec3param, NULL));
7125 		     (nsec3param.flags & DNS_NSEC3FLAG_INITIAL) != 0) ||
7126 		    nsec3param.hash != chain->nsec3param.hash ||
7127 		    nsec3param.iterations != chain->nsec3param.iterations ||
7128 		    nsec3param.salt_length != chain->nsec3param.salt_length ||
7129 		    memcmp(nsec3param.salt, chain->nsec3param.salt,
7130 			   nsec3param.salt_length)) {
7143 	if ((chain->nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0) {
7152 	 * Note: we do not clear chain->nsec3param.flags as this change
7158 				   &chain->nsec3param, &buffer));
7535 		if (NSEC3REMOVE(nsec3chain->nsec3param.flags))
7618 					    &nsec3chain->nsec3param,
7738 		if (!NSEC3REMOVE(nsec3chain->nsec3param.flags))
7746 		    (nsec3chain->nsec3param.flags & DNS_NSEC3FLAG_NONSEC) == 0)
7749 						 &nsec3chain->nsec3param,
7789 						     &nsec3chain->nsec3param,
14393 	nsec3param_t *nsec3param = NULL;
14418 	 * walk nsec3param rdataset making a list of parameters (note that
14433 			      "looping through nsec3param data");
14434 		nsec3param = isc_mem_get(zone->mctx, sizeof(nsec3param_t));
14435 		if (nsec3param == NULL)
14437 		ISC_LINK_INIT(nsec3param, link);
14441 		 * the nsec3param
14444 					 zone->privatetype, nsec3param->data,
14445 					 sizeof(nsec3param->data));
14446 		nsec3param->length = private.length;
14447 		ISC_LIST_APPEND(*nsec3list, nsec3param, link);
14471 			      "looping through nsec3param private data");
14507 		nsec3param = isc_mem_get(zone->mctx, sizeof(nsec3param_t));
14508 		if (nsec3param == NULL)
14510 		ISC_LINK_INIT(nsec3param, link);
14516 		INSIST(private.length <= sizeof(nsec3param->data));
14517 		memmove(nsec3param->data, private.data, private.length);
14518 		nsec3param->length = private.length;
14519 		ISC_LIST_APPEND(*nsec3list, nsec3param, link);
17249 dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
17255 	result = dns_nsec3param_salttotext(nsec3param, salt, sizeof(salt));
17259 		     nsec3param->hash, nsec3param->iterations,
17262 	result = zone_addnsec3chain(zone, nsec3param);
18017 			dns_rdata_nsec3param_t nsec3param;
18026 			result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
18028 			if (nsec3param.flags == 0)
18031 			result = zone_addnsec3chain(zone, &nsec3param);
18896  * Called when an "rndc signing -nsec3param ..." command is received.
18901  *   - if NSEC3 is to be disabled ("-nsec3param none"), only set the "nsec"

Indexes created Tue Jul 24 14:28:13 CEST 2018