Fix signatures over wildcards.

ldns_dname_is_wildcard exported.

diff --git a/Changelog b/Changelog
index 68572292c1fcafaeda5fa9c4999abef603255774..a9e81b15134f9586bd9ada7d7d7c98166a8e93e1 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -20,6 +20,8 @@
          OpenSSL 1.0.0 is necessary (or use --disable-gost).
        * Fixed comment in rbtree.h about being first member and data ptr.
        * Fixed possibly leak in case of out of memory in ldns_native2rdf...
+       * ldns_dname_is_wildcard added.
+       * Fixed: signatures over wildcards had the wrong labelcount.
 
 1.6.4  2010-01-20
        * Imported pyldns contribution by Zdenek Vasicek and Karel Slany.

diff --git a/dname.c b/dname.c
index ae094da34e0f43dc8ebc5b96f8b61ae17766b675..5b96fcdff63f85eeec2d39fc10ff3b7a4cecf88d 100644 (file)
--- a/dname.c
+++ b/dname.c
@@ -416,7 +416,7 @@ ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2)
        return result;
 }
 
-static int
+int
 ldns_dname_is_wildcard(const ldns_rdf* dname)
 {
        return ( ldns_dname_label_count(dname) > 0 &&

diff --git a/dnssec_sign.c b/dnssec_sign.c
index a940d0d5baba3b26a80d05075976772fa946e1e8..e6e63acfba0b8d482fcd99e2a281d6e882b3237f 100644 (file)
--- a/dnssec_sign.c
+++ b/dnssec_sign.c
@@ -31,6 +31,9 @@ ldns_create_empty_rrsig(ldns_rr_list *rrset,
 
        label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset,
                                                           0)));
+        /* RFC4035 2.2: not counting the leftmost label if it is a wildcard */
+        if(ldns_dname_is_wildcard(ldns_rr_owner(ldns_rr_list_rr(rrset, 0))))
+                label_count --; 
        
        current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG);
        

diff --git a/ldns/dname.h b/ldns/dname.h
index b144b4c78cedfef90939aec198f2499ea81012dc..78560961d6547c30efd05e0c21eb869d6754c5df 100644 (file)
--- a/ldns/dname.h
+++ b/ldns/dname.h
@@ -183,4 +183,11 @@ bool ldns_dname_str_absolute(const char *dname_str);
  */
 ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos);
 
+/**
+ * Check if dname is a wildcard, starts with *.
+ * \param[in] dname: the rdf to look in
+ * \return true if a wildcard, false if not.
+ */
+int ldns_dname_is_wildcard(const ldns_rdf* dname);
+
 #endif /* LDNS_DNAME_H */

diff --git a/ldns_symbols.def b/ldns_symbols.def
index 4daa195f1547e06b5e3ae26faee72eb6f86f343f..6673f2e0cba9031768f8df8fa91b1596697d6975 100644 (file)
--- a/ldns_symbols.def
+++ b/ldns_symbols.def
@@ -47,6 +47,7 @@ ldns_dname_compare
 ldns_dname_compare_v
 ldns_dname_interval
 ldns_dname_is_subdomain
+ldns_dname_is_wildcard
 ldns_dname_label
 ldns_dname_label_count
 ldns_dname_left_chop