From: Jelte Jansen <jeltejan@NLnetLabs.nl>
Date: Wed, 16 Mar 2005 14:00:52 +0000 (+0000)
Subject: additions for dnssec support (contains todos)
X-Git-Tag: release-0.50~234
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0192c0c69198665fda4e8878d0d9cfc9eade8698;p=thirdparty%2Fldns.git

additions for dnssec support (contains todos)
---

diff --git a/dnssec.c b/dnssec.c
index fcc41d73..ed7f431c 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -70,6 +70,70 @@ ldns_keytag(ldns_rr *key)
 	}
 }
 
+/**
+ * Returns an rr_list that contains the possible rrsigs for the given 
+ * rr in the given packet
+ * Allocates and copies, so don't forget to free!
+ * TODO: helper for rr copying?
+ */
+ldns_rr_list *
+ldns_pkt_get_sigs(ldns_pkt *pkt, ldns_rr *rr)
+{
+	ldns_rr_list *sigs = ldns_rr_list_new();
+	ldns_rr_list *pkt_rrs;
+	ldns_rr *cur_rr;
+	int i;
+	
+	pkt_rrs = ldns_pkt_answer(pkt);
+	if (pkt_rrs) {
+		for (i = 0; i < ldns_rr_list_rr_count(pkt_rrs); i++) {
+			cur_rr = ldns_rr_list_rr(pkt_rrs, i);
+			if (ldns_rdf_compare(ldns_rr_owner(rr),
+			                 ldns_rr_owner(cur_rr)
+			                )
+			   &&
+			   	ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG
+			   ) {
+			   	ldns_rr_list_push_rr(sigs,
+			   	                     ldns_rr_deep_clone(cur_rr));
+			}
+		}
+	}
+	pkt_rrs = ldns_pkt_authority(pkt);
+	if (pkt_rrs) {
+		for (i = 0; i < ldns_rr_list_rr_count(pkt_rrs); i++) {
+			cur_rr = ldns_rr_list_rr(pkt_rrs, i);
+			if (ldns_rdf_compare(ldns_rr_owner(rr),
+			                 ldns_rr_owner(cur_rr)
+			                )
+			   &&
+			   	ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG
+			   ) {
+			   	ldns_rr_list_push_rr(sigs,
+			   	                     ldns_rr_deep_clone(cur_rr));
+			}
+		}
+	}
+	pkt_rrs = ldns_pkt_additional(pkt);
+	if (pkt_rrs) {
+		for (i = 0; i < ldns_rr_list_rr_count(pkt_rrs); i++) {
+			cur_rr = ldns_rr_list_rr(pkt_rrs, i);
+			if (ldns_rdf_compare(ldns_rr_owner(rr),
+			                 ldns_rr_owner(cur_rr)
+			                )
+			   &&
+			   	ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG
+			   ) {
+			   	ldns_rr_list_push_rr(sigs,
+			   	                     ldns_rr_deep_clone(cur_rr));
+			}
+		}
+	}
+		
+	return sigs;
+}
+
+
 /**
  * verify an rrsig rrset
  */
@@ -81,6 +145,10 @@ ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, ldns_rr_list *keys)
 	bool result;
 
 	result = false;
+	if (!rrset || !rrsig || !keys) {
+		return false;
+	}
+	
 	for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) {
 		result = ldns_verify_rrsig(rrset, 
 				ldns_rr_list_rr(rrsig, i),
diff --git a/ldns/dnssec.h b/ldns/dnssec.h
index 869873e3..4369e6a5 100644
--- a/ldns/dnssec.h
+++ b/ldns/dnssec.h
@@ -46,4 +46,6 @@ ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *
 
 ldns_rr *ldns_key_rr2ds(ldns_rr *key);
 
+ldns_rr_list *ldns_pkt_get_sigs(ldns_pkt *pkt, ldns_rr *rr);
+
 #endif /* _DNSSEC_H_ */
diff --git a/resolver.c b/resolver.c
index c3585bd9..75b57eb4 100644
--- a/resolver.c
+++ b/resolver.c
@@ -672,6 +672,14 @@ ldns_resolver_send(ldns_resolver *r, ldns_rdf *name, ldns_rr_type type, ldns_rr_
 				ldns_resolver_edns_udp_size(r));
 	}
 
+	/* set DO bit if necessary */
+	/* TODO: macro or inline function for bit */
+	if (ldns_resolver_dnssec(r) != 0) {
+		ldns_pkt_set_edns_z(query_pkt,
+		                    ldns_pkt_edns_z(query_pkt) | 0x8000
+		                   );
+	}
+
 	if (ldns_resolver_debug(r)) {
 		ldns_pkt_print(stdout, query_pkt);
 	}