some dnssec.c tweaks. And its ALG_DH not DS

diff --git a/Makefile.in b/Makefile.in
index b861ad2693193a3139d891d62f2d5e8e2640d66c..9f586fd633c27b7cad8514f36405843a4d1c7261 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -38,6 +38,7 @@ LIBDNS_HEADERS        =       ldns/error.h            \
                        ldns/resolver.h         \
                        ldns/net.h              \
                        ldns/dname.h            \
+                       ldns/dnssec.h           \
                        util.h
 LIBDNS_OBJECTS =       $(LIBDNS_SOURCES:.c=.o)
 

diff --git a/dnssec.c b/dnssec.c
index 6d70aca36942d09ab6390b8941a71b05b3fe2ce4..b28061c9edd0fb67517f99221119070bcd970f72 100644 (file)
--- a/dnssec.c
+++ b/dnssec.c
@@ -20,8 +20,6 @@
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 
-#define LDNS_ALG_RSAMD5 10
-
 /** 
  * calcalutes a keytag of a key for use in DNSSEC
  * \param[in] key the key to use for the calc.
@@ -48,7 +46,7 @@ ldns_keytag(ldns_rr *key)
        keysize= ldns_buffer_capacity(keybuf);
 
        /* look at the algorithm field */
-       if (ldns_rdf2native_int8(ldns_rr_rdf(key, 2)) == LDNS_ALG_RSAMD5) {
+       if (ldns_rdf2native_int8(ldns_rr_rdf(key, 2)) == LDNS_RSAMD5) {
                /* rsamd5 must be handled seperately */
                /* weird stuff copied from drill0.x XXX */
                if (keysize > 4) {
@@ -68,14 +66,93 @@ ldns_keytag(ldns_rr *key)
        }
 }
 
+#if 0
+
+/**
+ * verify an rrsig 
+ * \param[in] rrset the rrset to check
+ * \param[in] rrsig the signature of the rrset
+ * \param[in] keys the keys to try
+ */
+bool
+ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr_list *rrsig, ldns_rr_list *keys)
+{
+
+       
+       ldns_buffer *rawsig_buf;
+       ldns_rdf *orig_ttl;
+
+
+
+
+
+       /* create a buffer which will certainly hold the
+        * raw data */
+       rawsig_buf = ldns_buffer_new(MAX_PACKETLEN);
+       
+       ldns_rrsig2buffer_wire(rawsig_buf, rrsig);
+
+       /* sort the rrset in canonical order */
+       ldns_rr_list_sort(rrset);
+
+       /* 4 or 3... */
+       orig_ttl = ldns_rdf_rr(rrsig, 4);
+       /* reset the ttl in the rrset with the orig_ttl
+        * from the sig */
+       
+       
+
+       /* set the ttl in the rrset... */
+       int32 = rdata2uint32(rrsig->rdata[3]);
+       rrset_set_ttl(rrset, int32);
+       length += rrset2wire(rrset, verifybuf, length, MAX_PACKET);
+       key_bytes = (unsigned char *) base64_decode((unsigned char *) dnskey->rdata[3]->data,
+               (int) dnskey->rdata[3]->length, (size_t *) &keylen);
+
+       if (keylen < 0) {
+               warning("Error in base64 decode of key data:");
+               /* XXX TODO */
+               print_rd(dnskey->rdata[3]);
+               printf("\n");
+               return RET_FAIL;
+       }
+       switch (rdata2uint8(rrsig->rdata[1])) {
+               case ALG_DSA:
+                       result = verify_rrsig_dsa(verifybuf, length, sigbuf,
+                                       siglen, key_bytes, keylen);
+                       break;
+               case ALG_RSASHA1:
+                       result = verify_rrsig_rsasha1(verifybuf, length, sigbuf,
+                                       siglen, key_bytes, keylen);
+                       break;
+               case ALG_RSAMD5:
+                       result = verify_rrsig_rsamd5(verifybuf, length, sigbuf,
+                                       siglen, key_bytes, keylen);
+                       break;
+               default:
+                       warning("unknown or unimplemented algorithm (alg %s nr %d)", namebyint(rdata2uint8(rrsig->rdata[1]), dnssec_algos), rdata2uint8(rrsig->rdata[1]));
+print_rr(rrsig, FOLLOW);
+                       exit(EXIT_FAILURE);
+                       break;
+       }
+
+       xfree(key_bytes);
+       xfree(verifybuf);
+       xfree(sigbuf);
+       
+       return result;
+}
+#endif
+
 
 #if 0
 
 /**
  * Verify an rrsig with the DSA algorithm, see RFC 2536
+ * \param[in]
  */
-int
-verify_rrsig_dsa(uint8_t *verifybuf, unsigned long length, unsigned char *sigbuf, unsigned int siglen,
+bool
+ldns_verify_rrsig_dsa(uint8_t *verifybuf, unsigned long length, unsigned char *sigbuf, unsigned int siglen,
                unsigned char *key_bytes, unsigned int keylen)
 {
        uint8_t T = (uint8_t) key_bytes[0];
@@ -300,64 +377,4 @@ verify_rrsig_rsamd5(uint8_t *verifybuf, unsigned long length, unsigned char *sig
        return result;
 }
 
-bool
-verify_rrsig(ldns_rr_list rrset, ldns_rr_list *rrsig, ldns_rr_list *dnskey)
-{
-       /* translate rrsig+rrset to binary data */
-       uint8_t *verifybuf;
-       unsigned char *sigbuf;
-       unsigned char *key_bytes;
-       uint32_t int32;
-       unsigned long length = 0;
-       unsigned int siglen;
-       unsigned int keylen;
-       int result;
-       
-       verifybuf = xmalloc(MAX_PACKET);
-       sigbuf = (unsigned char *) base64_decode((unsigned char *) rrsig->rdata[8]->data,
-               (int) rrsig->rdata[8]->length, (size_t *) &siglen);
-
-       length += sig2verifybytes(rrsig, verifybuf, length, MAX_PACKET);
-       rrset_sort(&rrset);
-
-       /* set the ttl in the rrset... */
-       int32 = rdata2uint32(rrsig->rdata[3]);
-       rrset_set_ttl(rrset, int32);
-       length += rrset2wire(rrset, verifybuf, length, MAX_PACKET);
-       key_bytes = (unsigned char *) base64_decode((unsigned char *) dnskey->rdata[3]->data,
-               (int) dnskey->rdata[3]->length, (size_t *) &keylen);
-
-       if (keylen < 0) {
-               warning("Error in base64 decode of key data:");
-               /* XXX TODO */
-               print_rd(dnskey->rdata[3]);
-               printf("\n");
-               return RET_FAIL;
-       }
-       switch (rdata2uint8(rrsig->rdata[1])) {
-               case ALG_DSA:
-                       result = verify_rrsig_dsa(verifybuf, length, sigbuf,
-                                       siglen, key_bytes, keylen);
-                       break;
-               case ALG_RSASHA1:
-                       result = verify_rrsig_rsasha1(verifybuf, length, sigbuf,
-                                       siglen, key_bytes, keylen);
-                       break;
-               case ALG_RSAMD5:
-                       result = verify_rrsig_rsamd5(verifybuf, length, sigbuf,
-                                       siglen, key_bytes, keylen);
-                       break;
-               default:
-                       warning("unknown or unimplemented algorithm (alg %s nr %d)", namebyint(rdata2uint8(rrsig->rdata[1]), dnssec_algos), rdata2uint8(rrsig->rdata[1]));
-print_rr(rrsig, FOLLOW);
-                       exit(EXIT_FAILURE);
-                       break;
-       }
-
-       xfree(key_bytes);
-       xfree(verifybuf);
-       xfree(sigbuf);
-       
-       return result;
-}
 #endif

diff --git a/host2str.c b/host2str.c
index 254cccff29fee897abfbe90d8b034475f9412747..262a68a2f1eb614abf91f9015c3f9032a12214e8 100644 (file)
--- a/host2str.c
+++ b/host2str.c
@@ -39,14 +39,14 @@ ldns_lookup_table ldns_certificate_types[] = {
 
 /* Taken from RFC 2535, section 7.  */
 ldns_lookup_table ldns_algorithms[] = {
-        { 1, "RSAMD5" },
-        { 2, "DS" },
-        { 3, "DSA" },
-        { 4, "ECC" },
-        { 5, "RSASHA1" },
-        { 252, "INDIRECT" },
-        { 253, "PRIVATEDNS" },
-        { 254, "PRIVATEOID" },
+        { LDNS_RSAMD5, "RSAMD5" },
+        { LDNS_DH, "DH" },
+        { LDNS_DSA, "DSA" },
+        { LDNS_ECC, "ECC" },
+        { LDNS_RSASHA1, "RSASHA1" },
+        { LDNS_INDIRECT, "INDIRECT" },
+        { LDNS_PRIVATEDNS, "PRIVATEDNS" },
+        { LDNS_PRIVATEOID, "PRIVATEOID" },
         { 0, NULL }
 };
 

diff --git a/host2wire.c b/host2wire.c
index 7cc40625df0e185a65bcce2ed0c6ba8f45a5db63..5ca5b7265c30899e16e23e4f0e0e0b4cdaab4a0a 100644 (file)
--- a/host2wire.c
+++ b/host2wire.c
@@ -5,8 +5,6 @@
  * This will usually just a re-ordering of the
  * data (as we store it in network format)
  *
- * XXX not sure if we need to keep this around
- *
  * a Net::DNS like library for C
  *
  * (c) NLnet Labs, 2004
@@ -119,8 +117,8 @@ ldns_rrsig2buffer_wire(ldns_buffer *buffer, ldns_rr *rr)
                ldns_buffer_write_u16(buffer, 0);
        }       
 
-       /* now convert all the rdf, except the actual signature data
-        * rdf number 8 */
+       /* now convert all the rdfs, except the actual signature data
+        * rdf number 8  - the last, hence: -1 */
        for (i = 0; i < ldns_rr_rd_count(rr) - 1; i++) {
                (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr, i));
        }

diff --git a/ldns/dns.h b/ldns/dns.h
index ad4cd52658333de6f0421acbeba1ae04f91eb7ef..d03a86a1ddd90a15e1be5302cb6fd17bad62f92c 100644 (file)
--- a/ldns/dns.h
+++ b/ldns/dns.h
@@ -15,7 +15,7 @@
 #include <ldns/buffer.h>
 #include <ldns/common.h>
 #include <ldns/dname.h>
-#include <ldns/dns.h>
+#include <ldns/dnssec.h>
 #include <ldns/error.h>
 #include <ldns/host2str.h>
 #include <ldns/host2wire.h>

diff --git a/resolver.c b/resolver.c
index 63553fb2d74b8b070ca6f9761ce13a49e5fa1e5a..58b599cccbe513125db557d1dc1fa2da6cdef7dd 100644 (file)
--- a/resolver.c
+++ b/resolver.c
@@ -414,17 +414,18 @@ ldns_axfr_start(ldns_resolver *resolver,
        ns = ldns_rdf2native_sockaddr_storage(resolver->_nameservers[0]);
 
        /* Determine the address size.
-        * This is a nice one for a convenience funtion
         */
        switch(ns->ss_family) {
                case AF_INET:
                        ns4 = (struct sockaddr_in*) ns;
-                       ns4->sin_port = htons(53);
+                       ns4->sin_port = htons(
+                                       ldns_resolver_port(resolver));
                        ns_len = (socklen_t)sizeof(struct sockaddr_in);
                        break;
                case AF_INET6:
                        ns6 = (struct sockaddr_in6*) ns;
-                       ns6->sin6_port = htons(53);
+                       ns6->sin6_port = htons(
+                                       ldns_resolver_port(resolver));
                        ns_len = (socklen_t)sizeof(struct sockaddr_in6);
                        break;
                 default:

diff --git a/rr.c b/rr.c
index 1c292e9264c0a53183f98ab9d5e82c9446624e28..f58539e602821043ddcbf19e3efa6363b6f45dc2 100644 (file)
--- a/rr.c
+++ b/rr.c
@@ -248,7 +248,7 @@ ldns_rr_pop_rdf(ldns_rr *rr)
 
        pop = rr->_rdata_fields[rd_count];
        
-       /* grow the array */
+       /* shrink the array */
        rr->_rdata_fields = XREALLOC(
                rr->_rdata_fields, ldns_rdf *, rd_count - 1);