diff options
Diffstat (limited to 'contrib/ldns/dnssec_sign.c')
-rw-r--r-- | contrib/ldns/dnssec_sign.c | 78 |
1 files changed, 56 insertions, 22 deletions
diff --git a/contrib/ldns/dnssec_sign.c b/contrib/ldns/dnssec_sign.c index abce485..4af882a 100644 --- a/contrib/ldns/dnssec_sign.c +++ b/contrib/ldns/dnssec_sign.c @@ -566,7 +566,7 @@ ldns_dnssec_addresses_on_glue_list( * when walking the tree with the ldns_dnssec_name_node_next_nonglue() * function. But watch out! Names that are partially occluded (like glue with * the same name as the delegation) will not be marked and should specifically - * be taken into account seperately. + * be taken into account separately. * * When glue_list is given (not NULL), in the process of marking the names, all * glue resource records will be pushed to that list, even glue at delegation names. @@ -659,7 +659,7 @@ ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone, * when walking the tree with the ldns_dnssec_name_node_next_nonglue() * function. But watch out! Names that are partially occluded (like glue with * the same name as the delegation) will not be marked and should specifically - * be taken into account seperately. + * be taken into account separately. * * \param[in] zone the zone in which to mark the names * \return LDNS_STATUS_OK on success, an error code otherwise @@ -771,6 +771,12 @@ ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, } #ifdef HAVE_SSL +static void +ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + LDNS_FREE(node); +} + static ldns_status ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, @@ -810,21 +816,24 @@ ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone, nsec_ttl = LDNS_DEFAULT_TTL; } - if (map) { - if ((*map = ldns_rbtree_create(ldns_dname_compare_v)) - == NULL) { - map = NULL; - }; + if (zone->hashed_names) { + ldns_traverse_postorder(zone->hashed_names, + ldns_hashed_names_node_free, NULL); + LDNS_FREE(zone->hashed_names); + } + zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v); + if (zone->hashed_names && map) { + *map = zone->hashed_names; } - nsec3_list = ldns_rr_list_new(); first_name_node = ldns_dnssec_name_node_next_nonglue( ldns_rbtree_first(zone->names)); current_name_node = first_name_node; - while (current_name_node && - current_name_node != LDNS_RBTREE_NULL) { + while (current_name_node && current_name_node != LDNS_RBTREE_NULL && + result == LDNS_STATUS_OK) { + current_name = (ldns_dnssec_name *) current_name_node->data; nsec_rr = ldns_dnssec_create_nsec3(current_name, NULL, @@ -842,28 +851,49 @@ ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone, ldns_rr_set_ttl(nsec_rr, nsec_ttl); result = ldns_dnssec_name_add_rr(current_name, nsec_rr); ldns_rr_list_push_rr(new_rrs, nsec_rr); - ldns_rr_list_push_rr(nsec3_list, nsec_rr); - if (map) { + if (ldns_rr_owner(nsec_rr)) { hashmap_node = LDNS_MALLOC(ldns_rbnode_t); - if (hashmap_node && ldns_rr_owner(nsec_rr)) { - hashmap_node->key = ldns_dname_label( - ldns_rr_owner(nsec_rr), 0); - if (hashmap_node->key) { - hashmap_node->data = current_name->name; - (void) ldns_rbtree_insert( - *map, hashmap_node); - } + if (hashmap_node == NULL) { + return LDNS_STATUS_MEM_ERR; + } + current_name->hashed_name = + ldns_dname_label(ldns_rr_owner(nsec_rr), 0); + + if (current_name->hashed_name == NULL) { + LDNS_FREE(hashmap_node); + return LDNS_STATUS_MEM_ERR; + } + hashmap_node->key = current_name->hashed_name; + hashmap_node->data = current_name; + + if (! ldns_rbtree_insert(zone->hashed_names + , hashmap_node)) { + LDNS_FREE(hashmap_node); } } current_name_node = ldns_dnssec_name_node_next_nonglue( ldns_rbtree_next(current_name_node)); } if (result != LDNS_STATUS_OK) { - ldns_rr_list_free(nsec3_list); return result; } - ldns_rr_list_sort_nsec3(nsec3_list); + /* Make sorted list of nsec3s (via zone->hashed_names) + */ + nsec3_list = ldns_rr_list_new(); + if (nsec3_list == NULL) { + return LDNS_STATUS_MEM_ERR; + } + for ( hashmap_node = ldns_rbtree_first(zone->hashed_names) + ; hashmap_node != LDNS_RBTREE_NULL + ; hashmap_node = ldns_rbtree_next(hashmap_node) + ) { + current_name = (ldns_dnssec_name *) hashmap_node->data; + nsec_rr = ((ldns_dnssec_name *) hashmap_node->data)->nsec; + if (nsec_rr) { + ldns_rr_list_push_rr(nsec3_list, nsec_rr); + } + } result = ldns_dnssec_chain_nsec3_list(nsec3_list); ldns_rr_list_free(nsec3_list); @@ -910,7 +940,9 @@ ldns_dnssec_remove_signatures( ldns_dnssec_rrs *signatures ldns_key_list_set_use(key_list, false); break; default: +#ifdef STDERR_MSGS fprintf(stderr, "[XX] unknown return value from callback\n"); +#endif break; } return NULL; @@ -962,7 +994,9 @@ ldns_dnssec_remove_signatures( ldns_dnssec_rrs *signatures LDNS_FREE(cur_rr); break; default: +#ifdef STDERR_MSGS fprintf(stderr, "[XX] unknown return value from callback\n"); +#endif break; } cur_rr = next_rr; |