1.3
-* some ldns_buffer functions have been moved to inline, so a clean rebuild of applications relying on those is needed (otherwise you'll get linker errors)
-* ldns_dname_label now returns one extra (zero) byte, so it can be seen as an fqdn.
-* NSEC3 type code update for signing algorithms.
-* DSA key generation of DNSKEY RRs fixed (one byte too small).
+ Base library:
+ * Added a new family of functions based around ldns_dnssec_zone,
+ which is a new structure that keeps a zone sorted through an
+ rbtree and links signatures and NSEC(3) records directly to their
+ RRset. These functions all start with ldns_dnssec_
+
+ * ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but
+ have been changed to internally use the new
+ ldns_dnssec_zone_sign(_nsec3)
+
+ * Moved some ldns_buffer functions inline, so a clean rebuild of
+ applications relying on those is needed (otherwise you'll get
+ linker errors)
+ * ldns_dname_label now returns one extra (zero)
+ byte, so it can be seen as an fqdn.
+ * NSEC3 type code update for signing algorithms.
+ * DSA key generation of DNSKEY RRs fixed (one byte too small).
+
+ * Added support for RSA/SHA256 and RSA/SHA512, as specified in
+ draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not
+ final, and this feature is not enabled by default. It can be
+ enabled at compilation time with the flag --with-sha2
+
+ * Added 2wire_canonical family of functions that lowercase dnames
+ in rdata fields in resource records of the types in the list in
+ rfc3597
+
+ * Fixed DSA RRSIG conversion when calling OpenSSL
+
+ Drill:
+
+ * Chase output is completely different, it shows, in ascii, the
+ relations in the trust hierarchy.
+
+ Examples:
+ * Added ldns-verify-zone, that can verify the internal DNSSEC records
+ of a signed BIND-style zone file
+
+ * ldns-keygen now takes an -a argument specifying the algorithm,
+ instead of -R or -D. -a list show a list of supported algorithms
+
+ * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3
+ for RSA key generation
+
+ * ldns-signzone now has support for HSMs
+ * ldns-signzone uses the new ldns_dnssec_ structures and functions
+ which improves its speed, and output; RRSIGS are now placed
+ directly after their RRset, NSEC(3) records directly after the
+ name they handle
+
+ Contrib:
+ * new contrib/ dir with user contributions
+ * added compilation script for solaris (thanks to Jakob Schlyter)
+
28 Nov 2007 1.2.2:
* Added support for HMAC-MD5 keys in generator
* Added a new example tool (written by Ondrej Sury): ldns-compare-zones
mkdir "doc/man/man$MAN_SECTION";
$state = 0;
-while(<>) {
- chomp;
- if (/^\/\*\*[\t ]*$/) {
+my $cur_line;
+while($cur_line = <>) {
+ $line = $cur_line;
+ chomp($line);
+ if ($line =~ /^\/\*\*[\t ]*$/) {
# /** Seen
#print "Comment seen! [$_]\n";
$state = 1;
undef $struct_description;
next;
}
- if (/\*\// and $state == 1) {
+ if ($line =~ /\*\// and $state == 1) {
#print "END Comment seen!\n";
$state = 2;
next;
if ($state == 1) {
# inside doxygen
- s/^[ \t]*\*[ \t]*//;
- $description = $description . "\n" . $_;
+ $line =~ s/^[ \t]*\*[ \t]*//;
+ $description = $description . "\n" . $line;
#$description = $description . "\n.br\n" . $_;
}
- if ($state == 2 and /const/) {
+ if ($state == 2 and $line =~ /const/) {
# the const word exists in the function call
#$const = "const";
#s/[\t ]*const[\t ]*//;
#undef $const;
}
- if (/^INLINE/) {
- s/^INLINE\s*//;
- while (!/{/) {
- $_ .= " ".<>;
- $_ =~ s/\n//;
+ if ($line =~ /^INLINE/) {
+ $line =~ s/^INLINE\s*//;
+ while (!$line =~ /{/) {
+ $line .= " ".<>;
+ $line =~ s/\n//;
}
- $_ =~ s/{/;/;
+ $line =~ s/{/;/;
}
-
- if (/([\w\* ]+)[\t ]+(.*?)\((.*)\)\s*;/ and $state == 2) {
+
+ while($state == 2 and $line =~ /\(/ and $line !~ /\)/) {
+ $line .= <>;
+ $line =~ s/\s+/ /g;
+ }
+
+ if ($line =~ /([\w\* ]+)[\t ]+(.*?)\((.*)\)\s*;/ and $state == 2) {
# this should also end the current comment parsing
$return = $1;
$key = $2;
undef $struct_description;
$state = 0;
} elsif ($state == 2 and (
- /^typedef\sstruct\s(\w+)\s(\w+);/ or
- /^typedef\senum\s(\w+)\s(\w+);/)
+ $line =~ /^typedef\sstruct\s(\w+)\s(\w+);/ or
+ $line =~ /^typedef\senum\s(\w+)\s(\w+);/)
) {
- $struct_description .= "\n.br\n" . $_;
+ $struct_description .= "\n.br\n" . $line;
$key = $2;
$struct_description =~ s/\/\*\*\s*(.*?)\s*\*\//\\fB$1:\\fR/g;
$description{$key} = $struct_description;
# tsig
ldns_pkt_tsig_verify, ldns_pkt_tsig_sign | ldns_key
# verify
-ldns_verify, ldns_verify_rrsig, ldns_verify_rrsig_keylist | ldns_verify_rrsig_dsa, ldns_verify_rrsig_rsasha1, ldns_verify_rrsig_rsamd5, ldns_sign_public, ldns_zone_sign, ldns_key
+ldns_verify, ldns_verify_rrsig, ldns_verify_rrsig_keylist | ldns_verify_rrsig_evp | ldns_verify_rrsig_dsa, ldns_verify_rrsig_rsasha1, ldns_verify_rrsig_rsamd5, ldns_sign_public, ldns_zone_sign, ldns_key
# convert
ldns_key_buf2dsa, ldns_key_buf2rsa | ldns_key_rr2ds
ldns_key_rr2ds | ldns_key
# signing
ldns_sign_public | ldns_sign_public_dsa, ldns_sign_public_rsamd5, ldns_sign_public_rsasha1, ldns_verify, ldns_verify_rrsig, ldns_key
ldns_sign_public_dsa, ldns_sign_public_rsamd5, ldns_sign_public_rsasha1 | ldns_sign_public
-ldns_zone_sign | ldns_sign_public, ldns_key, ldns_init_random
+ldns_dnssec_zone_sign, ldns_dnssec_zone_sign_nsec3 | ldns_zone_sign, ldns_zone_sign_nsec3 | ldns_sign_public, ldns_key, ldns_init_random
ldns_init_random | ldns_sign_public, ldns_key
ldns_pkt_verify | ldns_verify, ldns_sign_public, ldns_zone_sign
+# new family of dnssec functions
+ldns_dnssec_zone, ldns_dnssec_name, ldns_dnssec_rrs, ldns_dnssec_rrsets | ldns_dnssec_zone_new, ldns_dnssec_name_new, ldns_dnssec_rrs_new, ldns_dnssec_rrsets_new
+ldns_dnssec_zone_find_rrset, ldns_dnssec_zone_new, ldns_dnssec_zone_free, ldns_dnssec_zone_add_rr, ldns_dnssec_zone_names_print, ldns_dnssec_zone_print, ldns_dnssec_zone_add_empty_nonterminals | ldns_dnssec_zone
+ldns_dnssec_name_new, ldns_dnssec_name_new_frm_rr, ldns_dnssec_name_free, ldns_dnssec_name_name, ldns_dnssec_name_set_name, ldns_dnssec_name_set_nsec, ldns_dnssec_name_cmp, ldns_dnssec_name_add_rr, ldns_dnssec_name_find_rrset, ldns_dnssec_name_print | ldns_dnssec_zone
+ldns_dnssec_rrsets_new, ldns_dnssec_rrsets_free, ldns_dnssec_rrsets_type, ldns_dnssec_rrsets_set_type, ldns_dnssec_rrsets_add_rr, ldns_dnssec_rrsets_print | ldns_dnssec_zone
+ldns_dnssec_rrs_new, ldns_dnssec_rrs_free, ldns_dnssec_rrs_add_rr, ldns_dnssec_rrs_print | ldns_dnssec_zone
### /dnssec.h
### dnskey.h
* Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs
* \return the allocated data
*/
-ldns_dnssec_rrs *
-ldns_dnssec_rrs_new();
+ldns_dnssec_rrs *ldns_dnssec_rrs_new();
/**
* Frees the list of rrs, but *not* its data
*
* \param[in] rrs the data structure to free
*/
-void
-ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs);
+void ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs);
/**
* Adds an RR to the list of RRs. The list will remain ordered
* \param[in] rr the RR to add
* \return LDNS_STATUS_OK on success
*/
-ldns_status
-ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr);
+ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr);
/**
* Prints the given rrs to the file descriptor
* \param[in] out the file descriptor to print to
* \param[in] rrs the list of RRs to print
*/
-void
-ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs);
+void ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs);
/**
* Creates a new list (entry) of RRsets
* \return the newly allocated structure
*/
-ldns_dnssec_rrsets *
-ldns_dnssec_rrsets_new();
+ldns_dnssec_rrsets *ldns_dnssec_rrsets_new();
/**
* Frees the list of rrsets and their rrs, but *not* their data
*
* \param[in] rrsets the data structure to free
*/
-void
-ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets);
+void ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets);
/**
* Returns the rr type of the rrset (that is head of the given list)
* \param[in] rrsets the rrset to get the type of
* \return the rr type
*/
-ldns_rr_type
-ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets);
+ldns_rr_type ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets);
/**
* Sets the RR type of the rrset (that is head of the given list)
* \param[in] type the type to set
* \return LDNS_STATUS_OK on success
*/
-ldns_status
-ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets,
+ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets,
ldns_rr_type type);
/**
* \param[in] rr the rr to add to the list of rrsets
* \return LDNS_STATUS_OK on success
*/
-ldns_status
-ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr);
+ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr);
/**
* Print the given list of rrsets to the fiven file descriptor
* \param[in] rrsets the list of RRsets to print
* \param[in] follow if set to false, only print the first RRset
*/
-void
-ldns_dnssec_rrsets_print(FILE *out, ldns_dnssec_rrsets *rrsets, bool follow);
+void ldns_dnssec_rrsets_print(FILE *out,
+ ldns_dnssec_rrsets *rrsets,
+ bool follow);
/**
* Create a new data structure for a dnssec name
* \return the allocated structure
*/
-ldns_dnssec_name *
-ldns_dnssec_name_new();
+ldns_dnssec_name *ldns_dnssec_name_new();
/**
* Create a new data structure for a dnssec name for the given RR
*
* \param[in] rr the RR to derive properties from, and to add to the name
*/
-ldns_dnssec_name *
-ldns_dnssec_name_new_frm_rr(ldns_rr *rr);
+ldns_dnssec_name *ldns_dnssec_name_new_frm_rr(ldns_rr *rr);
/**
* Frees the name structure and its rrs and rrsets.
*
* \param[in] name the structure to free
*/
-void
-ldns_dnssec_name_free(ldns_dnssec_name *name);
+void ldns_dnssec_name_free(ldns_dnssec_name *name);
/**
* Returns the domain name of the given dnssec_name structure
* \param[in] name the dnssec name to get the domain name from
* \return the domain name
*/
-ldns_rdf *
-ldns_dnssec_name_name(ldns_dnssec_name *name);
+ldns_rdf *ldns_dnssec_name_name(ldns_dnssec_name *name);
/**
* \param[in] name the dnssec name to set the domain name of
* \param[in] dname the domain name to set it to. This data is *not* copied.
*/
-void
-ldns_dnssec_name_set_name(ldns_dnssec_name *name,
- ldns_rdf *dname);
+void ldns_dnssec_name_set_name(ldns_dnssec_name *name,
+ ldns_rdf *dname);
/**
* Sets the NSEC(3) RR of the given dnssec_name structure
* \param[in] name the dnssec name to set the domain name of
* \param[in] nsec the nsec rr to set it to. This data is *not* copied.
*/
-void
-ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec);
+void ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec);
/**
* Compares the domain names of the two arguments in their
* ordening, 1 if it is the other way around, and 0 if they are
* equal
*/
-int
-ldns_dnssec_name_cmp(const void *a, const void *b);
+int ldns_dnssec_name_cmp(const void *a, const void *b);
/**
* Inserts the given rr at the right place in the current dnssec_name
* \param[in] rr The RR to add
* \return LDNS_STATUS_OK on success, error code otherwise
*/
-ldns_status
-ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
- ldns_rr *rr);
+ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
+ ldns_rr *rr);
/**
* Find the RRset with the given type in within this name structure
* \param[in] type the type of the RRset to find
* \return the RRset, or NULL if not present
*/
-ldns_dnssec_rrsets *
-ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
- ldns_rr_type type);
+ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
+ ldns_rr_type type);
/**
* Find the RRset with the given name and type in the zone
* \param[in] type the type of the RRset to find
* \return the RRset, or NULL if not present
*/
-ldns_dnssec_rrsets *
-ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
- ldns_rdf *dname,
- ldns_rr_type type);
+ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
+ ldns_rdf *dname,
+ ldns_rr_type type);
/**
* Prints the RRs in the dnssec name structure to the given
* \param[in] out the file descriptor to print to
* \param[in] name the name structure to print the contents of
*/
-void
-ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name);
+void ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name);
/**
* Creates a new dnssec_zone structure
* \return the allocated structure
*/
-ldns_dnssec_zone *
-ldns_dnssec_zone_new();
+ldns_dnssec_zone *ldns_dnssec_zone_new();
/**
* Frees the given zone structure, and its rbtree of dnssec_names
* Individual ldns_rr RRs within those names are *not* freed
- *
- * \param[in] zone the zone to free
+ * \param[in] *zone the zone to free
*/
-void
-ldns_dnssec_zone_free(ldns_dnssec_zone *zone);
+void ldns_dnssec_zone_free(ldns_dnssec_zone *zone);
/**
* Adds the given RR to the zone.
* \param[in] rr The RR to add
* \return LDNS_STATUS_OK on success, an error code otherwise
*/
-ldns_status
-ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr);
+ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone,
+ ldns_rr *rr);
/**
* Prints the rbtree of ldns_dnssec_name structures to the file descriptor
* \param[in] tree the tree of ldns_dnssec_name structures to print
* \param[in] print_soa if true, print SOA records, if false, skip them
*/
-void
-ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa);
+void ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa);
/**
* Prints the complete zone to the given file descriptor
* \param[in] out the file descriptor to print to
* \param[in] zone the dnssec_zone to print
*/
-void
-ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone);
+void ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone);
/**
* Adds explicit dnssec_name structures for the empty nonterminals
* \param[in] zone the zone to check for empty nonterminals
* return LDNS_STATUS_OK on success.
*/
-ldns_status
-ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone);
+ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone);
#endif
projects / thirdparty / ldns.git / commitdiff
