Lines Matching defs:nsec3
44 #include <dns/nsec3.h>
94 * fields declared above for each NSEC3 chain element:
403 const dns_rdata_nsec3_t *nsec3, isc_heap_t *chains) {
408 len = sizeof(*element) + nsec3->next_length * 2 + nsec3->salt_length;
412 element->hash = nsec3->hash;
413 element->salt_length = nsec3->salt_length;
414 element->next_length = nsec3->next_length;
415 element->iterations = nsec3->iterations;
417 memmove(cp, nsec3->salt, nsec3->salt_length);
418 cp += nsec3->salt_length;
419 memmove(cp, rawhash, nsec3->next_length);
420 cp += nsec3->next_length;
421 memmove(cp, nsec3->next, nsec3->next_length);
426 * Check whether any NSEC3 within 'rdataset' matches the parameters in
436 * Find matching NSEC3 record.
467 dns_rdata_nsec3_t nsec3;
471 result = find_nsec3_match(nsec3param, rdataset, rhsize, &nsec3);
474 zoneverify_log_error(vctx, "Missing NSEC3 record for %s",
484 if (nsec3.len != len || memcmp(cbm, nsec3.typebits, len) != 0) {
487 "Bad NSEC3 record for %s, bit map "
497 record_nsec3(vctx, rawhash, &nsec3, vctx->expected_chains);
500 * Make sure there is only one NSEC3 record with this set of
508 result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
510 if (nsec3.hash == nsec3param->hash &&
511 nsec3.iterations == nsec3param->iterations &&
512 nsec3.salt_length == nsec3param->salt_length &&
513 memcmp(nsec3.salt, nsec3param->salt, nsec3.salt_length) ==
518 "Multiple NSEC3 records with the "
535 innsec3params(const dns_rdata_nsec3_t *nsec3, dns_rdataset_t *nsec3paramset) {
547 if (nsec3param.flags == 0 && nsec3param.hash == nsec3->hash &&
548 nsec3param.iterations == nsec3->iterations &&
549 nsec3param.salt_length == nsec3->salt_length &&
550 memcmp(nsec3param.salt, nsec3->salt, nsec3->salt_length) ==
563 dns_rdata_nsec3_t nsec3;
596 result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
598 if (nsec3.next_length != isc_buffer_usedlength(&b)) {
603 * We only care about NSEC3 records that match a NSEC3PARAM
606 if (!innsec3params(&nsec3
613 record_nsec3(vctx, owner, &nsec3, vctx->found_chains);
627 dns_rdata_nsec3_t nsec3;
669 result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
671 *optout = ((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
736 * nsec3 chain and we may also be called with uncommitted data
754 zoneverify_log_error(vctx, "Missing NSEC3 record for %s (%s)",
1092 zoneverify_log_error(vctx, "Break in NSEC3 chain at: %.*s",
1161 "NSEC3 "
1187 NSEC3 "
1218 "NSEC3 chains not "
1421 zoneverify_log_error(vctx, "No valid NSEC/NSEC3 chain for "
Indexes created Sun Mar 01 05:31:48 UTC 2026