Lines Matching defs:nsec3param
426 * List of outstanding NSEC3PARAM change requests.
790 dns_rdata_nsec3param_t nsec3param;
805 * 'nsec3param' contains the parameters of the NSEC3 chain being created
808 * 'salt' is buffer space and is referenced via 'nsec3param.salt'.
1106 typedef struct nsec3param nsec3param_t;
1107 struct nsec3param {
3740 * supplied NSEC3PARAM RDATA.
3745 zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
3776 if (!nsec3ok && (nsec3param->flags & DNS_NSEC3FLAG_REMOVE) == 0) {
3792 nsec3chain->nsec3param.common.rdclass = nsec3param->common.rdclass;
3793 nsec3chain->nsec3param.common.rdtype = nsec3param->common.rdtype;
3794 nsec3chain->nsec3param.hash = nsec3param->hash;
3795 nsec3chain->nsec3param.iterations = nsec3param->iterations;
3796 nsec3chain->nsec3param.flags = nsec3param->flags;
3797 nsec3chain->nsec3param.salt_length = nsec3param->salt_length;
3798 memmove(nsec3chain->salt, nsec3param->salt, nsec3param->salt_length);
3799 nsec3chain->nsec3param.salt = nsec3chain->salt;
3805 * Log NSEC3 parameters defined by supplied NSEC3PARAM RDATA.
3807 if (nsec3param->flags == 0) {
3811 if ((nsec3param->flags & DNS_NSEC3FLAG_REMOVE) != 0) {
3814 if ((nsec3param->flags & DNS_NSEC3FLAG_INITIAL) != 0) {
3821 if ((nsec3param->flags & DNS_NSEC3FLAG_CREATE) != 0) {
3828 if ((nsec3param->flags & DNS_NSEC3FLAG_NONSEC) != 0) {
3835 if ((nsec3param->flags & DNS_NSEC3FLAG_OPTOUT) != 0) {
3843 result = dns_nsec3param_salttotext(nsec3param, saltbuf,
3847 nsec3param->hash, flags, nsec3param->iterations, saltbuf);
3850 * If the NSEC3 chain defined by the supplied NSEC3PARAM RDATA is
3858 (current->nsec3param.hash == nsec3param->hash) &&
3859 (current->nsec3param.iterations ==
3860 nsec3param->iterations) &&
3861 (current->nsec3param.salt_length ==
3862 nsec3param->salt_length) &&
3863 memcmp(current->nsec3param.salt, nsec3param->salt,
3864 nsec3param->salt_length) == 0)
3876 if ((nsec3chain->nsec3param.flags & DNS_NSEC3FLAG_CREATE) != 0) {
3924 * should be added or removed. For each such record, extract NSEC3PARAM RDATA
3935 dns_rdata_nsec3param_t nsec3param;
3988 * Try extracting NSEC3PARAM RDATA from this private-type
3990 * represent an NSEC3PARAM record, so skip it.
3997 result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
3999 if (((nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0) ||
4000 ((nsec3param.flags & DNS_NSEC3FLAG_CREATE) != 0 && nsec3ok))
4003 * Pass the NSEC3PARAM RDATA contained in this
4007 result = zone_addnsec3chain(zone, &nsec3param);
4082 dns_rdata_nsec3param_t nsec3param;
4093 "nsec3param lookup failure: %s",
4110 "nsec3param lookup failure: %s",
4121 result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
4131 nsec3param.hash == DNS_NSEC3_UNKNOWNALG && !dynamic)
4136 nsec3param.hash);
4138 } else if (!dns_nsec3_supportedhash(nsec3param.hash)) {
4143 nsec3param.hash);
4152 nsec3param.hash);
4161 if (nsec3param.iterations > dns_nsec3_maxiterations()) {
4163 "excessive NSEC3PARAM iterations %u > %u",
4164 nsec3param.iterations,
5065 * Process any queued NSEC3PARAM change requests. Only for dynamic
8032 * - remove all NSEC3PARAM records matching the relevant NSEC3 chain,
8034 * - remove all private-type records containing NSEC3PARAM RDATA matching
8039 * NSEC3PARAM record which matches the relevant NSEC3 chain and has the
8042 * - If given NSEC3 chain is being added, add an NSEC3PARAM record contained
8056 dns_rdata_nsec3param_t nsec3param;
8093 * Delete all NSEC3PARAM records which match that in nsec3chain.
8099 CHECK(dns_rdata_tostruct(&rdata, &nsec3param, NULL));
8101 if (nsec3param.hash != chain->nsec3param.hash ||
8102 (active && nsec3param.flags != 0) ||
8103 nsec3param.iterations != chain->nsec3param.iterations ||
8104 nsec3param.salt_length != chain->nsec3param.salt_length ||
8105 memcmp(nsec3param.salt, chain->nsec3param.salt,
8106 nsec3param.salt_length))
8131 * Restore any NSEC3PARAM records that we deleted to change the TTL.
8139 CHECK(dns_rdata_tostruct(&rdata, &nsec3param, NULL));
8141 if (nsec3param.hash != chain->nsec3param.hash ||
8142 (active && nsec3param.flags != 0) ||
8143 nsec3param.iterations !=
8144 chain->nsec3param.iterations ||
8145 nsec3param.salt_length !=
8146 chain->nsec3param.salt_length ||
8147 memcmp(nsec3param.salt, chain->nsec3param.salt,
8148 nsec3param.salt_length))
8191 CHECK(dns_rdata_tostruct(&rdata, &nsec3param, NULL));
8194 (nsec3param.flags & DNS_NSEC3FLAG_INITIAL) != 0) ||
8195 nsec3param.hash != chain->nsec3param.hash ||
8196 nsec3param.iterations != chain->nsec3param.iterations ||
8197 nsec3param.salt_length != chain->nsec3param.salt_length ||
8198 memcmp(nsec3param.salt, chain->nsec3param.salt,
8199 nsec3param.salt_length))
8214 if ((chain->nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0) {
8220 * Add a NSEC3PARAM record which matches that in nsec3chain but
8223 * Note: we do not clear chain->nsec3param.flags as this change
8228 dns_rdatatype_nsec3param, &chain->nsec3param,
8366 * Ignore any NSEC3PARAM removals.
8643 if (NSEC3REMOVE(nsec3chain->nsec3param.flags)) {
8714 db, version, name, &nsec3chain->nsec3param,
8839 if (!NSEC3REMOVE(nsec3chain->nsec3param.flags)) {
8848 (nsec3chain->nsec3param.flags & DNS_NSEC3FLAG_NONSEC) == 0)
8851 &nsec3chain->nsec3param,
8874 * Delete the NSEC3PARAM record matching this chain.
8893 &nsec3chain->nsec3param,
9100 * We have changed the NSEC3PARAM or private RRsets
9479 * Adding an NSEC3PARAM record can proceed without a
9494 /* Check kasp for NSEC3PARAM settings */
17359 nsec3param_t *nsec3param = NULL;
17385 * Walk nsec3param rdataset making a list of parameters (note that
17399 "looping through nsec3param data");
17400 nsec3param = isc_mem_get(zone->mctx, sizeof(nsec3param_t));
17401 ISC_LINK_INIT(nsec3param, link);
17405 * the nsec3param
17408 nsec3param->data,
17409 sizeof(nsec3param->data));
17410 nsec3param->length = private.length;
17411 ISC_LIST_APPEND(*nsec3list, nsec3param, link);
17435 "looping through nsec3param private data");
17447 * Remove any NSEC3PARAM records scheduled to be removed.
17474 nsec3param = isc_mem_get(zone->mctx, sizeof(nsec3param_t));
17475 ISC_LINK_INIT(nsec3param, link);
17481 INSIST(private.length <= sizeof(nsec3param->data));
17482 memmove(nsec3param->data, private.data, private.length);
17483 nsec3param->length = private.length;
17484 ISC_LIST_APPEND(*nsec3list, nsec3param, link);
17712 * Process any queued NSEC3PARAM change requests.
20419 * Called when a dynamic update for an NSEC3PARAM record is received.
20422 * logged. Then call zone_addnsec3chain(), passing NSEC3PARAM RDATA to it.
20425 dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
20431 result = dns_nsec3param_salttotext(nsec3param, salt, sizeof(salt));
20435 nsec3param->hash, nsec3param->iterations, salt);
20437 result = zone_addnsec3chain(zone, nsec3param);
23035 * deferred NSEC3PARAM changes.
23042 dns_rdata_nsec3param_t nsec3param;
23056 result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
23058 if (nsec3param.flags == 0) {
23062 result = zone_addnsec3chain(zone, &nsec3param);
24038 * Success because the NSEC3PARAM already exists, but
24045 "setnsec3param:lookup nsec3param -> %s",
24213 * Check if zone has NSEC3PARAM (and thus a chain) with the right parameters.
24230 dns_rdata_nsec3param_t nsec3param;
24276 result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
24281 if (nsec3param.hash != lookup->hash) {
24284 if (nsec3param.iterations != lookup->iterations) {
24287 if (nsec3param.salt_length != lookup->salt_length) {
24291 if (memcmp(nsec3param.salt, lookup->salt,
24299 param->hash = nsec3param.hash;
24300 param->flags = nsec3param.flags;
24301 param->iterations = nsec3param.iterations;
24302 param->salt_length = nsec3param.salt_length;
24303 param->salt = nsec3param.salt;
24375 * Called when an "rndc signing -nsec3param ..." command is received, or the
24381 * - if NSEC3 is to be disabled ("-nsec3param none"), only set the "nsec"
24386 * - otherwise, prepare NSEC3PARAM RDATA that will eventually be inserted at
24443 *np = (struct nsec3param){
Indexes created Wed Mar 04 15:26:31 UTC 2026