+2709. [func] Added some data fields, currently unused, to the
+ private key file format, to allow implementation
+ of explicit key rollover in a future release
+ without impairing backward or forward compatibility.
+ [RT #20310]
+
2708. [func] Insecure to secure and NSEC3 parameter changes via
update are now fully supported and no longer require
defines to enable. We now no longer overload the
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-revoke.c,v 1.14 2009/10/05 17:30:49 fdupont Exp $ */
+/* $Id: dnssec-revoke.c,v 1.15 2009/10/09 06:09:21 each Exp $ */
/*! \file */
isc_commandline_errprint = ISC_FALSE;
- while ((ch = isc_commandline_parse(argc, argv, "EfK:rhv:")) != -1) {
+ while ((ch = isc_commandline_parse(argc, argv, "E:fK:rhv:")) != -1) {
switch (ch) {
case 'E':
engine = isc_commandline_argument;
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-settime.c,v 1.15 2009/10/05 17:30:49 fdupont Exp $ */
+/* $Id: dnssec-settime.c,v 1.16 2009/10/09 06:09:21 each Exp $ */
/*! \file */
isc_stdtime_get(&now);
while ((ch = isc_commandline_parse(argc, argv,
- "EfK:uhp:v:P:A:R:I:D:")) != -1) {
+ "E:fK:uhp:v:P:A:R:I:D:")) != -1) {
switch (ch) {
case 'E':
engine = isc_commandline_argument;
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-signzone.c,v 1.241 2009/10/05 17:30:49 fdupont Exp $ */
+/* $Id: dnssec-signzone.c,v 1.242 2009/10/09 06:09:21 each Exp $ */
/*! \file */
isc_boolean_t set_iter = ISC_FALSE;
#define CMDLINE_FLAGS \
- "3:AaCc:Dd:Ee:f:FghH:i:I:j:K:k:l:m:n:N:o:O:pPr:s:ST:tuUv:z"
+ "3:AaCc:Dd:E:e:f:FghH:i:I:j:K:k:l:m:n:N:o:O:pPr:s:ST:tuUv:z"
/*
* Process memory debugging argument first.
/*
* Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.34 2009/10/05 17:30:49 fdupont Exp $
+ * $Id: dst_api.c,v 1.35 2009/10/09 06:09:21 each Exp $
*/
/*! \file */
static isc_result_t algorithm_status(unsigned int alg);
-static isc_result_t addsuffix(char *filename, unsigned int len,
+static isc_result_t addsuffix(char *filename, int len,
const char *dirname, const char *ofilename,
const char *suffix);
return (ISC_R_SUCCESS);
}
+isc_result_t
+dst_key_getnum(const dst_key_t *key, int type, isc_uint32_t *valuep)
+{
+ REQUIRE(VALID_KEY(key));
+ REQUIRE(valuep != NULL);
+ REQUIRE(type <= DST_MAX_NUMERIC);
+ if (!key->numset[type])
+ return (ISC_R_NOTFOUND);
+ *valuep = key->nums[type];
+ return (ISC_R_SUCCESS);
+}
+
+void
+dst_key_setnum(dst_key_t *key, int type, isc_uint32_t value)
+{
+ REQUIRE(VALID_KEY(key));
+ REQUIRE(type <= DST_MAX_NUMERIC);
+ key->nums[type] = value;
+ key->numset[type] = ISC_TRUE;
+}
+
+void
+dst_key_unsetnum(dst_key_t *key, int type)
+{
+ REQUIRE(VALID_KEY(key));
+ REQUIRE(type <= DST_MAX_NUMERIC);
+ key->numset[type] = ISC_FALSE;
+}
+
isc_result_t
dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep) {
REQUIRE(VALID_KEY(key));
}
static isc_result_t
-addsuffix(char *filename, unsigned int len, const char *odirname,
+addsuffix(char *filename, int len, const char *odirname,
const char *ofilename, const char *suffix)
{
int olen = strlen(ofilename);
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dst_internal.h,v 1.19 2009/10/05 17:30:49 fdupont Exp $ */
+/* $Id: dst_internal.h,v 1.20 2009/10/09 06:09:21 each Exp $ */
#ifndef DST_DST_INTERNAL_H
#define DST_DST_INTERNAL_H 1
} keydata; /*%< pointer to key in crypto pkg fmt */
- isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< key timing metadata */
- isc_boolean_t timeset[DST_MAX_TIMES + 1]; /*%< metadata set? */
+ isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< timing metadata */
+ isc_boolean_t timeset[DST_MAX_TIMES + 1]; /*%< data set? */
+ isc_stdtime_t nums[DST_MAX_NUMERIC + 1]; /*%< numeric metadata */
+ isc_boolean_t numset[DST_MAX_NUMERIC + 1]; /*%< data set? */
int fmt_major; /*%< private key format, major version */
int fmt_minor; /*%< private key format, minor version */
/*%
* Principal Author: Brian Wellington
- * $Id: dst_parse.c,v 1.20 2009/09/02 06:29:01 each Exp $
+ * $Id: dst_parse.c,v 1.21 2009/10/09 06:09:21 each Exp $
*/
#include <config.h>
#define PRIVATE_KEY_STR "Private-key-format:"
#define ALGORITHM_STR "Algorithm:"
-#define METADATA_NTAGS 6
-static const char *metatags[METADATA_NTAGS] = {
+#define TIMING_NTAGS (DST_MAX_TIMES + 1)
+static const char *timetags[TIMING_NTAGS] = {
"Created:",
"Publish:",
"Activate:",
"Revoke:",
"Unpublish:",
- "Delete:"
+ "Delete:",
+ "DSPublish:"
+};
+
+#define NUMERIC_NTAGS (DST_MAX_NUMERIC + 1)
+static const char *numerictags[NUMERIC_NTAGS] = {
+ "Predecessor:",
+ "Successor:",
+ "MaxTTL:",
+ "RollPeriod:"
};
struct parse_map {
return (-1);
}
-static int
-find_metadata(const char *s) {
- int i;
-
- for (i = 0; i < METADATA_NTAGS; i++) {
- if (strcasecmp(s, metatags[i]) == 0)
- return (i);
- }
-
- return (-1);
-}
-
static const char *
find_tag(const int value) {
int i;
}
}
+static int
+find_metadata(const char *s, const char *tags[], int ntags) {
+ int i;
+
+ for (i = 0; i < ntags; i++) {
+ if (strcasecmp(s, tags[i]) == 0)
+ return (i);
+ }
+
+ return (-1);
+}
+
+static int
+find_timedata(const char *s) {
+ return (find_metadata(s, timetags, TIMING_NTAGS));
+}
+
+static int
+find_numericdata(const char *s) {
+ return (find_metadata(s, numerictags, NUMERIC_NTAGS));
+}
+
static int
check_rsa(const dst_private_t *priv) {
int i, j;
goto fail;
}
- /* Key timing metadata */
- tag = find_metadata(DST_AS_STR(token));
+ /* Numeric metadata */
+ tag = find_numericdata(DST_AS_STR(token));
if (tag >= 0) {
- INSIST(tag < METADATA_NTAGS);
+ INSIST(tag < NUMERIC_NTAGS);
+
+ NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
+ if (token.type != isc_tokentype_number) {
+ ret = DST_R_INVALIDPRIVATEKEY;
+ goto fail;
+ }
+
+ dst_key_setnum(key, tag, token.value.as_ulong);
+ goto next;
+ }
+
+ /* Timing metadata */
+ tag = find_timedata(DST_AS_STR(token));
+ if (tag >= 0) {
+ INSIST(tag < TIMING_NTAGS);
NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string) {
char buffer[MAXFIELDSIZE * 2];
isc_fsaccess_t access;
isc_stdtime_t when;
+ isc_uint32_t value;
isc_buffer_t b;
isc_region_t r;
int major, minor;
fprintf(fp, "\n");
}
- /* Add the timing metadata tags */
+ /* Add the metadata tags */
if (major > 1 || (major == 1 && minor >= 3)) {
- for (i = 0; i < METADATA_NTAGS; i++) {
+ for (i = 0; i < NUMERIC_NTAGS; i++) {
+ result = dst_key_getnum(key, i, &value);
+ if (result != ISC_R_SUCCESS)
+ continue;
+ fprintf(fp, "%s %u\n", numerictags[i], value);
+ }
+ for (i = 0; i < TIMING_NTAGS; i++) {
result = dst_key_gettime(key, i, &when);
if (result != ISC_R_SUCCESS)
continue;
isc_buffer_usedregion(&b, &r);
- fprintf(fp, "%s ", metatags[i]);
+ fprintf(fp, "%s ", timetags[i]);
fwrite(r.base, 1, r.length, fp);
fprintf(fp, "\n");
}
/*
* Principal Author: Brian Wellington
- * $Id: hmac_link.c,v 1.13 2009/09/03 23:48:12 tbox Exp $
+ * $Id: hmac_link.c,v 1.14 2009/10/09 06:09:21 each Exp $
*/
#include <config.h>
UNUSED(pub);
/* read private key file */
- result = dst__privstruct_parse(key, DST_ALG_HMACMD5, lexer, mctx, &priv);
+ result = dst__privstruct_parse(key, DST_ALG_HMACMD5, lexer, mctx,
+ &priv);
if (result != ISC_R_SUCCESS)
return (result);
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dst.h,v 1.20 2009/10/05 17:30:49 fdupont Exp $ */
+/* $Id: dst.h,v 1.21 2009/10/09 06:09:21 each Exp $ */
#ifndef DST_DST_H
#define DST_DST_H 1
#define DST_TIME_REVOKE 3
#define DST_TIME_INACTIVE 4
#define DST_TIME_DELETE 5
-#define DST_MAX_TIMES 5
+#define DST_TIME_DSPUBLISH 6
+#define DST_MAX_TIMES 6
+
+/* Numeric metadata definitions */
+#define DST_NUM_PREDECESSOR 0
+#define DST_NUM_SUCCESSOR 1
+#define DST_NUM_MAXTTL 2
+#define DST_NUM_ROLLPERIOD 3
+#define DST_MAX_NUMERIC 3
/***
*** Functions
* "key" is a valid key.
*/
+isc_result_t
+dst_key_getnum(const dst_key_t *key, int type, isc_uint32_t *valuep);
+/*%<
+ * Get a member of the numeric metadata array and place it in '*valuep'.
+ *
+ * Requires:
+ * "key" is a valid key.
+ * "type" is no larger than DST_MAX_NUMERIC
+ * "timep" is not null.
+ */
+
+void
+dst_key_setnum(dst_key_t *key, int type, isc_uint32_t value);
+/*%<
+ * Set a member of the numeric metadata array.
+ *
+ * Requires:
+ * "key" is a valid key.
+ * "type" is no larger than DST_MAX_NUMERIC
+ */
+
+void
+dst_key_unsetnum(dst_key_t *key, int type);
+/*%<
+ * Flag a member of the numeric metadata array as "not set".
+ *
+ * Requires:
+ * "key" is a valid key.
+ * "type" is no larger than DST_MAX_NUMERIC
+ */
+
isc_result_t
dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep);
/*%<
projects / thirdparty / bind9.git / commitdiff
