}
}
+/**
+ * Returns an rr_list that contains the possible rrsigs for the given
+ * rr in the given packet
+ * Allocates and copies, so don't forget to free!
+ * TODO: helper for rr copying?
+ */
+ldns_rr_list *
+ldns_pkt_get_sigs(ldns_pkt *pkt, ldns_rr *rr)
+{
+ ldns_rr_list *sigs = ldns_rr_list_new();
+ ldns_rr_list *pkt_rrs;
+ ldns_rr *cur_rr;
+ int i;
+
+ pkt_rrs = ldns_pkt_answer(pkt);
+ if (pkt_rrs) {
+ for (i = 0; i < ldns_rr_list_rr_count(pkt_rrs); i++) {
+ cur_rr = ldns_rr_list_rr(pkt_rrs, i);
+ if (ldns_rdf_compare(ldns_rr_owner(rr),
+ ldns_rr_owner(cur_rr)
+ )
+ &&
+ ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG
+ ) {
+ ldns_rr_list_push_rr(sigs,
+ ldns_rr_deep_clone(cur_rr));
+ }
+ }
+ }
+ pkt_rrs = ldns_pkt_authority(pkt);
+ if (pkt_rrs) {
+ for (i = 0; i < ldns_rr_list_rr_count(pkt_rrs); i++) {
+ cur_rr = ldns_rr_list_rr(pkt_rrs, i);
+ if (ldns_rdf_compare(ldns_rr_owner(rr),
+ ldns_rr_owner(cur_rr)
+ )
+ &&
+ ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG
+ ) {
+ ldns_rr_list_push_rr(sigs,
+ ldns_rr_deep_clone(cur_rr));
+ }
+ }
+ }
+ pkt_rrs = ldns_pkt_additional(pkt);
+ if (pkt_rrs) {
+ for (i = 0; i < ldns_rr_list_rr_count(pkt_rrs); i++) {
+ cur_rr = ldns_rr_list_rr(pkt_rrs, i);
+ if (ldns_rdf_compare(ldns_rr_owner(rr),
+ ldns_rr_owner(cur_rr)
+ )
+ &&
+ ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG
+ ) {
+ ldns_rr_list_push_rr(sigs,
+ ldns_rr_deep_clone(cur_rr));
+ }
+ }
+ }
+
+ return sigs;
+}
+
+
/**
* verify an rrsig rrset
*/
bool result;
result = false;
+ if (!rrset || !rrsig || !keys) {
+ return false;
+ }
+
for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) {
result = ldns_verify_rrsig(rrset,
ldns_rr_list_rr(rrsig, i),
ldns_resolver_edns_udp_size(r));
}
+ /* set DO bit if necessary */
+ /* TODO: macro or inline function for bit */
+ if (ldns_resolver_dnssec(r) != 0) {
+ ldns_pkt_set_edns_z(query_pkt,
+ ldns_pkt_edns_z(query_pkt) | 0x8000
+ );
+ }
+
if (ldns_resolver_debug(r)) {
ldns_pkt_print(stdout, query_pkt);
}
projects / thirdparty / ldns.git / commitdiff
