From: Jelte Jansen Date: Fri, 23 May 2008 09:40:56 +0000 (+0000) Subject: changelog entries X-Git-Tag: release-1.3.0~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dbcbfc5f84a23bc561a7a753baf6896fa2a505f1;p=thirdparty%2Fldns.git changelog entries added new functions to manpage generation directives fixup in manpage generation for multiline function definitions fixup in dnssec_zone.h for manpage generation --- diff --git a/Changelog b/Changelog index e5d8b46f..d2f0e36a 100644 --- a/Changelog +++ b/Changelog @@ -1,9 +1,59 @@ 1.3 -* some ldns_buffer functions have been moved to inline, so a clean rebuild of applications relying on those is needed (otherwise you'll get linker errors) -* ldns_dname_label now returns one extra (zero) byte, so it can be seen as an fqdn. -* NSEC3 type code update for signing algorithms. -* DSA key generation of DNSKEY RRs fixed (one byte too small). + Base library: + * Added a new family of functions based around ldns_dnssec_zone, + which is a new structure that keeps a zone sorted through an + rbtree and links signatures and NSEC(3) records directly to their + RRset. These functions all start with ldns_dnssec_ + + * ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but + have been changed to internally use the new + ldns_dnssec_zone_sign(_nsec3) + + * Moved some ldns_buffer functions inline, so a clean rebuild of + applications relying on those is needed (otherwise you'll get + linker errors) + * ldns_dname_label now returns one extra (zero) + byte, so it can be seen as an fqdn. + * NSEC3 type code update for signing algorithms. + * DSA key generation of DNSKEY RRs fixed (one byte too small). + + * Added support for RSA/SHA256 and RSA/SHA512, as specified in + draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not + final, and this feature is not enabled by default. It can be + enabled at compilation time with the flag --with-sha2 + + * Added 2wire_canonical family of functions that lowercase dnames + in rdata fields in resource records of the types in the list in + rfc3597 + + * Fixed DSA RRSIG conversion when calling OpenSSL + + Drill: + + * Chase output is completely different, it shows, in ascii, the + relations in the trust hierarchy. + + Examples: + * Added ldns-verify-zone, that can verify the internal DNSSEC records + of a signed BIND-style zone file + + * ldns-keygen now takes an -a argument specifying the algorithm, + instead of -R or -D. -a list show a list of supported algorithms + + * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3 + for RSA key generation + + * ldns-signzone now has support for HSMs + * ldns-signzone uses the new ldns_dnssec_ structures and functions + which improves its speed, and output; RRSIGS are now placed + directly after their RRset, NSEC(3) records directly after the + name they handle + + Contrib: + * new contrib/ dir with user contributions + * added compilation script for solaris (thanks to Jakob Schlyter) + 28 Nov 2007 1.2.2: * Added support for HMAC-MD5 keys in generator * Added a new example tool (written by Ondrej Sury): ldns-compare-zones diff --git a/doc/doxyparse.pl b/doc/doxyparse.pl index 5ec9fef5..3e7178b3 100755 --- a/doc/doxyparse.pl +++ b/doc/doxyparse.pl @@ -95,9 +95,11 @@ mkdir "doc/man"; mkdir "doc/man/man$MAN_SECTION"; $state = 0; -while(<>) { - chomp; - if (/^\/\*\*[\t ]*$/) { +my $cur_line; +while($cur_line = <>) { + $line = $cur_line; + chomp($line); + if ($line =~ /^\/\*\*[\t ]*$/) { # /** Seen #print "Comment seen! [$_]\n"; $state = 1; @@ -105,7 +107,7 @@ while(<>) { undef $struct_description; next; } - if (/\*\// and $state == 1) { + if ($line =~ /\*\// and $state == 1) { #print "END Comment seen!\n"; $state = 2; next; @@ -113,11 +115,11 @@ while(<>) { if ($state == 1) { # inside doxygen - s/^[ \t]*\*[ \t]*//; - $description = $description . "\n" . $_; + $line =~ s/^[ \t]*\*[ \t]*//; + $description = $description . "\n" . $line; #$description = $description . "\n.br\n" . $_; } - if ($state == 2 and /const/) { + if ($state == 2 and $line =~ /const/) { # the const word exists in the function call #$const = "const"; #s/[\t ]*const[\t ]*//; @@ -125,16 +127,21 @@ while(<>) { #undef $const; } - if (/^INLINE/) { - s/^INLINE\s*//; - while (!/{/) { - $_ .= " ".<>; - $_ =~ s/\n//; + if ($line =~ /^INLINE/) { + $line =~ s/^INLINE\s*//; + while (!$line =~ /{/) { + $line .= " ".<>; + $line =~ s/\n//; } - $_ =~ s/{/;/; + $line =~ s/{/;/; } - - if (/([\w\* ]+)[\t ]+(.*?)\((.*)\)\s*;/ and $state == 2) { + + while($state == 2 and $line =~ /\(/ and $line !~ /\)/) { + $line .= <>; + $line =~ s/\s+/ /g; + } + + if ($line =~ /([\w\* ]+)[\t ]+(.*?)\((.*)\)\s*;/ and $state == 2) { # this should also end the current comment parsing $return = $1; $key = $2; @@ -161,10 +168,10 @@ while(<>) { undef $struct_description; $state = 0; } elsif ($state == 2 and ( - /^typedef\sstruct\s(\w+)\s(\w+);/ or - /^typedef\senum\s(\w+)\s(\w+);/) + $line =~ /^typedef\sstruct\s(\w+)\s(\w+);/ or + $line =~ /^typedef\senum\s(\w+)\s(\w+);/) ) { - $struct_description .= "\n.br\n" . $_; + $struct_description .= "\n.br\n" . $line; $key = $2; $struct_description =~ s/\/\*\*\s*(.*?)\s*\*\//\\fB$1:\\fR/g; $description{$key} = $struct_description; diff --git a/doc/function_manpages b/doc/function_manpages index 0c18dfaa..d068b366 100644 --- a/doc/function_manpages +++ b/doc/function_manpages @@ -65,7 +65,7 @@ ldns_verify_rrsig_dsa, ldns_verify_rrsig_rsasha1, ldns_verify_rrsig_rsamd5 | ldn # tsig ldns_pkt_tsig_verify, ldns_pkt_tsig_sign | ldns_key # verify -ldns_verify, ldns_verify_rrsig, ldns_verify_rrsig_keylist | ldns_verify_rrsig_dsa, ldns_verify_rrsig_rsasha1, ldns_verify_rrsig_rsamd5, ldns_sign_public, ldns_zone_sign, ldns_key +ldns_verify, ldns_verify_rrsig, ldns_verify_rrsig_keylist | ldns_verify_rrsig_evp | ldns_verify_rrsig_dsa, ldns_verify_rrsig_rsasha1, ldns_verify_rrsig_rsamd5, ldns_sign_public, ldns_zone_sign, ldns_key # convert ldns_key_buf2dsa, ldns_key_buf2rsa | ldns_key_rr2ds ldns_key_rr2ds | ldns_key @@ -73,9 +73,15 @@ ldns_create_nsec | ldns_sign_public # signing ldns_sign_public | ldns_sign_public_dsa, ldns_sign_public_rsamd5, ldns_sign_public_rsasha1, ldns_verify, ldns_verify_rrsig, ldns_key ldns_sign_public_dsa, ldns_sign_public_rsamd5, ldns_sign_public_rsasha1 | ldns_sign_public -ldns_zone_sign | ldns_sign_public, ldns_key, ldns_init_random +ldns_dnssec_zone_sign, ldns_dnssec_zone_sign_nsec3 | ldns_zone_sign, ldns_zone_sign_nsec3 | ldns_sign_public, ldns_key, ldns_init_random ldns_init_random | ldns_sign_public, ldns_key ldns_pkt_verify | ldns_verify, ldns_sign_public, ldns_zone_sign +# new family of dnssec functions +ldns_dnssec_zone, ldns_dnssec_name, ldns_dnssec_rrs, ldns_dnssec_rrsets | ldns_dnssec_zone_new, ldns_dnssec_name_new, ldns_dnssec_rrs_new, ldns_dnssec_rrsets_new +ldns_dnssec_zone_find_rrset, ldns_dnssec_zone_new, ldns_dnssec_zone_free, ldns_dnssec_zone_add_rr, ldns_dnssec_zone_names_print, ldns_dnssec_zone_print, ldns_dnssec_zone_add_empty_nonterminals | ldns_dnssec_zone +ldns_dnssec_name_new, ldns_dnssec_name_new_frm_rr, ldns_dnssec_name_free, ldns_dnssec_name_name, ldns_dnssec_name_set_name, ldns_dnssec_name_set_nsec, ldns_dnssec_name_cmp, ldns_dnssec_name_add_rr, ldns_dnssec_name_find_rrset, ldns_dnssec_name_print | ldns_dnssec_zone +ldns_dnssec_rrsets_new, ldns_dnssec_rrsets_free, ldns_dnssec_rrsets_type, ldns_dnssec_rrsets_set_type, ldns_dnssec_rrsets_add_rr, ldns_dnssec_rrsets_print | ldns_dnssec_zone +ldns_dnssec_rrs_new, ldns_dnssec_rrs_free, ldns_dnssec_rrs_add_rr, ldns_dnssec_rrs_print | ldns_dnssec_zone ### /dnssec.h ### dnskey.h diff --git a/ldns/dnssec_sign.h b/ldns/dnssec_sign.h index 4813c0f0..12a15955 100644 --- a/ldns/dnssec_sign.h +++ b/ldns/dnssec_sign.h @@ -59,7 +59,7 @@ ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key); * Finds the first dnssec_name node in the rbtree that has not been marked * as glue, starting at the given node * - * \param[in] node, th first node to check + * \param[in] node the first node to check * \return the first node that has not been marked as glue, or NULL * if not found (TODO: make that LDNS_RBTREE_NULL?) */ diff --git a/ldns/dnssec_zone.h b/ldns/dnssec_zone.h index 38558175..7a1ca8e0 100644 --- a/ldns/dnssec_zone.h +++ b/ldns/dnssec_zone.h @@ -91,16 +91,14 @@ typedef struct ldns_struct_dnssec_zone ldns_dnssec_zone; * Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs * \return the allocated data */ -ldns_dnssec_rrs * -ldns_dnssec_rrs_new(); +ldns_dnssec_rrs *ldns_dnssec_rrs_new(); /** * Frees the list of rrs, but *not* its data * * \param[in] rrs the data structure to free */ -void -ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs); +void ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs); /** * Adds an RR to the list of RRs. The list will remain ordered @@ -109,8 +107,7 @@ ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs); * \param[in] rr the RR to add * \return LDNS_STATUS_OK on success */ -ldns_status -ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr); +ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr); /** * Prints the given rrs to the file descriptor @@ -118,23 +115,20 @@ ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr); * \param[in] out the file descriptor to print to * \param[in] rrs the list of RRs to print */ -void -ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs); +void ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs); /** * Creates a new list (entry) of RRsets * \return the newly allocated structure */ -ldns_dnssec_rrsets * -ldns_dnssec_rrsets_new(); +ldns_dnssec_rrsets *ldns_dnssec_rrsets_new(); /** * Frees the list of rrsets and their rrs, but *not* their data * * \param[in] rrsets the data structure to free */ -void -ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets); +void ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets); /** * Returns the rr type of the rrset (that is head of the given list) @@ -142,8 +136,7 @@ ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets); * \param[in] rrsets the rrset to get the type of * \return the rr type */ -ldns_rr_type -ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets); +ldns_rr_type ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets); /** * Sets the RR type of the rrset (that is head of the given list) @@ -152,8 +145,7 @@ ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets); * \param[in] type the type to set * \return LDNS_STATUS_OK on success */ -ldns_status -ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, +ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, ldns_rr_type type); /** @@ -164,8 +156,7 @@ ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, * \param[in] rr the rr to add to the list of rrsets * \return LDNS_STATUS_OK on success */ -ldns_status -ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr); +ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr); /** * Print the given list of rrsets to the fiven file descriptor @@ -174,23 +165,22 @@ ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr); * \param[in] rrsets the list of RRsets to print * \param[in] follow if set to false, only print the first RRset */ -void -ldns_dnssec_rrsets_print(FILE *out, ldns_dnssec_rrsets *rrsets, bool follow); +void ldns_dnssec_rrsets_print(FILE *out, + ldns_dnssec_rrsets *rrsets, + bool follow); /** * Create a new data structure for a dnssec name * \return the allocated structure */ -ldns_dnssec_name * -ldns_dnssec_name_new(); +ldns_dnssec_name *ldns_dnssec_name_new(); /** * Create a new data structure for a dnssec name for the given RR * * \param[in] rr the RR to derive properties from, and to add to the name */ -ldns_dnssec_name * -ldns_dnssec_name_new_frm_rr(ldns_rr *rr); +ldns_dnssec_name *ldns_dnssec_name_new_frm_rr(ldns_rr *rr); /** * Frees the name structure and its rrs and rrsets. @@ -198,8 +188,7 @@ ldns_dnssec_name_new_frm_rr(ldns_rr *rr); * * \param[in] name the structure to free */ -void -ldns_dnssec_name_free(ldns_dnssec_name *name); +void ldns_dnssec_name_free(ldns_dnssec_name *name); /** * Returns the domain name of the given dnssec_name structure @@ -207,8 +196,7 @@ ldns_dnssec_name_free(ldns_dnssec_name *name); * \param[in] name the dnssec name to get the domain name from * \return the domain name */ -ldns_rdf * -ldns_dnssec_name_name(ldns_dnssec_name *name); +ldns_rdf *ldns_dnssec_name_name(ldns_dnssec_name *name); /** @@ -217,9 +205,8 @@ ldns_dnssec_name_name(ldns_dnssec_name *name); * \param[in] name the dnssec name to set the domain name of * \param[in] dname the domain name to set it to. This data is *not* copied. */ -void -ldns_dnssec_name_set_name(ldns_dnssec_name *name, - ldns_rdf *dname); +void ldns_dnssec_name_set_name(ldns_dnssec_name *name, + ldns_rdf *dname); /** * Sets the NSEC(3) RR of the given dnssec_name structure @@ -227,8 +214,7 @@ ldns_dnssec_name_set_name(ldns_dnssec_name *name, * \param[in] name the dnssec name to set the domain name of * \param[in] nsec the nsec rr to set it to. This data is *not* copied. */ -void -ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec); +void ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec); /** * Compares the domain names of the two arguments in their @@ -240,8 +226,7 @@ ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec); * ordening, 1 if it is the other way around, and 0 if they are * equal */ -int -ldns_dnssec_name_cmp(const void *a, const void *b); +int ldns_dnssec_name_cmp(const void *a, const void *b); /** * Inserts the given rr at the right place in the current dnssec_name @@ -251,9 +236,8 @@ ldns_dnssec_name_cmp(const void *a, const void *b); * \param[in] rr The RR to add * \return LDNS_STATUS_OK on success, error code otherwise */ -ldns_status -ldns_dnssec_name_add_rr(ldns_dnssec_name *name, - ldns_rr *rr); +ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name, + ldns_rr *rr); /** * Find the RRset with the given type in within this name structure @@ -262,9 +246,8 @@ ldns_dnssec_name_add_rr(ldns_dnssec_name *name, * \param[in] type the type of the RRset to find * \return the RRset, or NULL if not present */ -ldns_dnssec_rrsets * -ldns_dnssec_name_find_rrset(ldns_dnssec_name *name, - ldns_rr_type type); +ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(ldns_dnssec_name *name, + ldns_rr_type type); /** * Find the RRset with the given name and type in the zone @@ -274,10 +257,9 @@ ldns_dnssec_name_find_rrset(ldns_dnssec_name *name, * \param[in] type the type of the RRset to find * \return the RRset, or NULL if not present */ -ldns_dnssec_rrsets * -ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone, - ldns_rdf *dname, - ldns_rr_type type); +ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone, + ldns_rdf *dname, + ldns_rr_type type); /** * Prints the RRs in the dnssec name structure to the given @@ -286,24 +268,20 @@ ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone, * \param[in] out the file descriptor to print to * \param[in] name the name structure to print the contents of */ -void -ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name); +void ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name); /** * Creates a new dnssec_zone structure * \return the allocated structure */ -ldns_dnssec_zone * -ldns_dnssec_zone_new(); +ldns_dnssec_zone *ldns_dnssec_zone_new(); /** * Frees the given zone structure, and its rbtree of dnssec_names * Individual ldns_rr RRs within those names are *not* freed - * - * \param[in] zone the zone to free + * \param[in] *zone the zone to free */ -void -ldns_dnssec_zone_free(ldns_dnssec_zone *zone); +void ldns_dnssec_zone_free(ldns_dnssec_zone *zone); /** * Adds the given RR to the zone. @@ -315,8 +293,8 @@ ldns_dnssec_zone_free(ldns_dnssec_zone *zone); * \param[in] rr The RR to add * \return LDNS_STATUS_OK on success, an error code otherwise */ -ldns_status -ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr); +ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, + ldns_rr *rr); /** * Prints the rbtree of ldns_dnssec_name structures to the file descriptor @@ -325,8 +303,7 @@ ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr); * \param[in] tree the tree of ldns_dnssec_name structures to print * \param[in] print_soa if true, print SOA records, if false, skip them */ -void -ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa); +void ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa); /** * Prints the complete zone to the given file descriptor @@ -334,8 +311,7 @@ ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa); * \param[in] out the file descriptor to print to * \param[in] zone the dnssec_zone to print */ -void -ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone); +void ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone); /** * Adds explicit dnssec_name structures for the empty nonterminals @@ -344,7 +320,6 @@ ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone); * \param[in] zone the zone to check for empty nonterminals * return LDNS_STATUS_OK on success. */ -ldns_status -ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone); +ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone); #endif