| /src/external/bsd/unbound/dist/validator/ |
| val_nsec3.h | 2 * validator/val_nsec3.h - validator NSEC3 denial of existence functions.
40 * The functions help with NSEC3 checking, the different NSEC3 proofs
43 * NSEC3
87 * The OPT-OUT bit in the NSEC3 flags field.
93 * The unknown flags in the NSEC3 flags field.
94 * They must be zero, or the NSEC3 is ignored.
98 /** The SHA1 hash algorithm for NSEC3 */
102 * Cache table for NSEC3 hashes.
111 * Determine if the set of NSEC3 records provided with a response prove NAM
263 struct ub_packed_rrset_key* nsec3; member in struct:nsec3_cached_hash
[all...] |
| /src/external/mpl/bind/dist/lib/dns/rdata/generic/ |
| nsec3_50.c | 261 dns_rdata_nsec3_t *nsec3 = source; local
265 REQUIRE(nsec3 != NULL);
266 REQUIRE(nsec3->common.rdtype == type);
267 REQUIRE(nsec3->common.rdclass == rdclass);
268 REQUIRE(nsec3->typebits != NULL || nsec3->len == 0);
269 REQUIRE(nsec3->hash == dns_hash_sha1);
274 RETERR(uint8_tobuffer(nsec3->hash, target));
275 RETERR(uint8_tobuffer(nsec3->flags, target));
276 RETERR(uint16_tobuffer(nsec3->iterations, target))
291 dns_rdata_nsec3_t *nsec3 = target; local
323 dns_rdata_nsec3_t *nsec3 = source; local
[all...] |
| /src/external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ |
| nsec3_50.c | 262 dns_rdata_nsec3_t *nsec3 = source; local
266 REQUIRE(nsec3 != NULL);
267 REQUIRE(nsec3->common.rdtype == type);
268 REQUIRE(nsec3->common.rdclass == rdclass);
269 REQUIRE(nsec3->typebits != NULL || nsec3->len == 0);
270 REQUIRE(nsec3->hash == dns_hash_sha1);
275 RETERR(uint8_tobuffer(nsec3->hash, target));
276 RETERR(uint8_tobuffer(nsec3->flags, target));
277 RETERR(uint16_tobuffer(nsec3->iterations, target))
292 dns_rdata_nsec3_t *nsec3 = target; local
343 dns_rdata_nsec3_t *nsec3 = source; local
[all...] |
| /src/external/mpl/dhcp/bind/dist/lib/isccfg/ |
| kaspconf.c | 29 #include <dns/nsec3.h>
202 /* NSEC3 cannot be used with certain key algorithms. */
216 "dnssec-policy: cannot use nsec3 with algorithm '%s'",
227 "dnssec-policy: nsec3 iterations value %u "
246 "dnssec-policy: nsec3 salt length %u too high",
263 const cfg_obj_t *nsec3 = NULL; local
384 /* Configuration: NSEC3 */
385 (void)confget(maps, "nsec3param", &nsec3);
386 if (nsec3 == NULL) {
390 result = cfg_nsec3param_fromconfig(nsec3, kasp, logctx)
[all...] |
| /src/external/apache2/mDNSResponder/dist/mDNSShared/dns_objects/objs/ |
| dns_obj_rr_nsec3.c | 31 // MARK: - DNSSEC NSEC3 Resource Record Kind Definition
36 bool last_nsec3; // If this NSEC3 record is the last one in the zone.
40 DNS_OBJECT_SUBKIND_DEFINE_FULL(rr, nsec3,
46 // MARK: - DNSSEC NSEC3 Resource Record Local Prototypes
59 // MARK: - DNSSEC NSEC3 Resource Record Public Methods
66 dns_obj_rr_nsec3_t nsec3 = NULL; local
85 nsec3 = obj;
94 return nsec3;
182 dns_obj_rr_nsec3_covers_dns_type(dns_obj_rr_nsec3_t NONNULL nsec3, const uint16_t type)
184 const uint8_t * const rdata = dns_obj_rr_get_rdata(nsec3);
[all...] |
| /src/external/bsd/unbound/dist/testcode/ |
| unitverify.c | 426 /** Test hash algo - NSEC3 hash it and compare result */
434 struct ub_packed_rrset_key* answer, *nsec3, *nsec3_region; local
442 printf("verifying NSEC3 hash:\n%s\n", s?s:"outofmemory");
446 nsec3 = find_rrset_type(rep, LDNS_RR_TYPE_NSEC3);
450 unit_assert(nsec3 && answer && qname);
452 /* Copy the nsec3 to the region, so it can stay referenced by the
454 nsec3_region = packed_rrset_copy_region(nsec3, region, 0);
474 /** Read file to test NSEC3 hash algo */
483 * The auth section NSEC3 is used to get hash parameters.
494 unit_show_func("NSEC3 hash", fname)
[all...] |
| /src/external/mpl/bind/dist/lib/dns/include/dns/ |
| kasp.h | 105 bool nsec3; member in struct:dns_kasp
808 * Return true if NSEC3 chain should be used.
819 * The number of NSEC3 iterations to use.
824 *\li 'kasp->nsec3' is true.
831 * The NSEC3 flags field value.
836 *\li 'kasp->nsec3' is true.
843 * The NSEC3 salt length.
848 *\li 'kasp->nsec3' is true.
853 dns_kasp_setnsec3(dns_kasp_t *kasp, bool nsec3);
855 * Set to use NSEC3 if 'nsec3' is 'true', otherwise policy will use NSEC
[all...] |
| /src/external/mpl/dhcp/bind/dist/lib/dns/include/dns/ |
| kasp.h | 90 bool nsec3; member in struct:dns_kasp
649 * Return true if NSEC3 chain should be used.
660 * The number of NSEC3 iterations to use.
665 *\li 'kasp->nsec3' is true.
672 * The NSEC3 flags field value.
677 *\li 'kasp->nsec3' is true.
684 * The NSEC3 salt length.
689 *\li 'kasp->nsec3' is true.
694 dns_kasp_setnsec3(dns_kasp_t *kasp, bool nsec3);
696 * Set to use NSEC3 if 'nsec3' is 'true', otherwise policy will use NSEC
[all...] |
| /src/external/mpl/bind/dist/lib/dns/ |
| rbtdb_p.h | 22 #include <dns/nsec3.h>
81 /* NSEC3 parameters */
174 dns_rbt_t *nsec3; member in struct:dns_rbtdb
418 * and contains a complete NSEC/NSEC3 chain.
|
| nsec3.c | 1 /* $NetBSD: nsec3.c,v 1.17 2026/01/29 18:37:49 christos Exp $ */
36 #include <dns/nsec3.h>
192 dns_rdata_nsec3_t nsec3; local
201 result = dns_rdata_tostruct(rdata, &nsec3, NULL);
205 for (i = 0; i < nsec3.len; i += len) {
206 INSIST(i + 2 <= nsec3.len);
207 window = nsec3.typebits[i];
208 len = nsec3.typebits[i + 1];
211 INSIST(i + len <= nsec3.len);
219 present = dns_nsec_isset(&nsec3.typebits[i]
405 dns_rdata_nsec3_t nsec3; local
542 dns_rdata_nsec3_t nsec3; local
1409 dns_rdata_nsec3_t nsec3; local
1896 dns_rdata_nsec3_t nsec3; local
[all...] |
| rbt-zonedb.c | 53 #include <dns/nsec3.h>
95 return dns__rbtdb_findnodeintree(rbtdb, rbtdb->nsec3, name, create,
630 dns_rdata_nsec3_t nsec3; local
650 result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
652 if (nsec3.hash == search->rbtversion->hash &&
653 nsec3.iterations == search->rbtversion->iterations &&
654 nsec3.salt_length == search->rbtversion->salt_length &&
655 memcmp(nsec3.salt, search->rbtversion->salt,
656 nsec3.salt_length) == 0)
666 * Find node of the NSEC/NSEC3 record that is 'name'
[all...] |
| zoneverify.c | 44 #include <dns/nsec3.h>
93 * fields declared above for each NSEC3 chain element:
402 const dns_rdata_nsec3_t *nsec3, isc_heap_t *chains) {
407 len = sizeof(*element) + nsec3->next_length * 2 + nsec3->salt_length;
411 .hash = nsec3->hash,
412 .salt_length = nsec3->salt_length,
413 .next_length = nsec3->next_length,
414 .iterations = nsec3->iterations,
417 memmove(cp, nsec3->salt, nsec3->salt_length)
467 dns_rdata_nsec3_t nsec3; local
563 dns_rdata_nsec3_t nsec3; local
627 dns_rdata_nsec3_t nsec3; local
[all...] |
| validator.c | 45 #include <dns/nsec3.h>
271 dns_rdata_nsec3_t nsec3; local
341 (void)dns_rdata_tostruct(&rdata, &nsec3, NULL);
342 if (nsec3.hash != 1) {
346 hash, nsec3.hash, nsec3.iterations, nsec3.salt,
347 nsec3.salt_length, name->ndata, name->length);
358 if ((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) == 0) {
364 scope = memcmp(owner, nsec3.next, nsec3.next_length)
[all...] |
| qpzone.c | 53 #include <dns/nsec3.h>
128 /* NSEC3 parameters */
236 dns_qpmulti_t *nsec3; /* NSEC3 nodes only */ member in struct:qpzonedb
283 dns_qp_t *nsec3; member in struct:__anon24085
339 * "regular" QP trie and the root node of the NSEC3 QP trie of the database
380 dns_qpsnap_t *nsnap; /* nsec3 tree snapshot */
383 dns_qpiter_t nsec3iter; /* - nsec3 tree iterator */
486 dns_qpmulti_destroy(&qpdb->nsec3);
614 dns_qpmulti_create(mctx, &qpmethods, qpdb, &qpdb->nsec3);
2518 dns_rdata_nsec3_t nsec3; local
3301 bool nsec3 = false; local
[all...] |
| zone.c | 68 #include <dns/nsec3.h>
801 * a NSEC3 chain only the non-NSEC3 nodes will be iterated. If we are
802 * removing a NSEC3 chain then both NSEC3 and non-NSEC3 nodes will be
805 * 'nsec3param' contains the parameters of the NSEC3 chain being created
811 * NSEC3 chain, a NSEC record is seen.
814 * of a NSEC3 chain, 'seen_nsec' is true. If 'delete_nsec' is true then we
3739 * Initiate adding/removing NSEC3 records belonging to the chain defined by th
7683 bool nsec3; member in struct:seen
8280 dns_rdata_nsec3_t nsec3; local
9425 bool nseconly = false, nsec3 = false; local
[all...] |
| /src/external/mpl/bind/dist/lib/isccfg/ |
| kaspconf.c | 32 #include <dns/nsec3.h>
424 /* NSEC3 cannot be used with certain key algorithms. */
438 "dnssec-policy: cannot use nsec3 with "
448 "dnssec-policy: nsec3 iterations value %u "
470 "dnssec-policy: nsec3 salt length %u too high",
529 const cfg_obj_t *nsec3 = NULL; local
871 /* Configuration: NSEC3 */
872 (void)confget(maps, "nsec3param", &nsec3);
873 if (nsec3 == NULL) {
884 result = cfg_nsec3param_fromconfig(nsec3, kasp, log_errors
[all...] |
| /src/external/bsd/nsd/dist/ |
| namedb.h | 49 #ifdef NSEC3
52 #endif /* NSEC3 */
55 #ifdef NSEC3
71 /* (if nsec3 chain complete) always the covering nsec3 record */
73 /* the nsec3 that covers the wildcard child of this domain. */
77 /* NSEC3 domains to prehash, prev and next on the list or cleared */
88 /* if the domain has an NSEC3 for it, use cover ptr to get it. */
93 #endif /* NSEC3 */
106 #ifdef NSEC3
107 struct nsec3_domain_data* nsec3; member in struct:domain
[all...] |
| /src/external/mpl/dhcp/bind/dist/lib/dns/ |
| nsec3.c | 1 /* $NetBSD: nsec3.c,v 1.1 2024/02/18 20:57:32 christos Exp $ */
35 #include <dns/nsec3.h>
199 dns_rdata_nsec3_t nsec3; local
208 result = dns_rdata_tostruct(rdata, &nsec3, NULL);
212 for (i = 0; i < nsec3.len; i += len) {
213 INSIST(i + 2 <= nsec3.len);
214 window = nsec3.typebits[i];
215 len = nsec3.typebits[i + 1];
218 INSIST(i + len <= nsec3.len);
226 present = dns_nsec_isset(&nsec3.typebits[i]
414 dns_rdata_nsec3_t nsec3; local
557 dns_rdata_nsec3_t nsec3; local
1406 dns_rdata_nsec3_t nsec3; local
1911 dns_rdata_nsec3_t nsec3; local
[all...] |
| zoneverify.c | 44 #include <dns/nsec3.h>
94 * fields declared above for each NSEC3 chain element:
403 const dns_rdata_nsec3_t *nsec3, isc_heap_t *chains) {
408 len = sizeof(*element) + nsec3->next_length * 2 + nsec3->salt_length;
412 element->hash = nsec3->hash;
413 element->salt_length = nsec3->salt_length;
414 element->next_length = nsec3->next_length;
415 element->iterations = nsec3->iterations;
417 memmove(cp, nsec3->salt, nsec3->salt_length)
467 dns_rdata_nsec3_t nsec3; local
563 dns_rdata_nsec3_t nsec3; local
627 dns_rdata_nsec3_t nsec3; local
[all...] |
| validator.c | 38 #include <dns/nsec3.h>
265 dns_rdata_nsec3_t nsec3; local
335 (void)dns_rdata_tostruct(&rdata, &nsec3, NULL);
336 if (nsec3.hash != 1) {
340 hash, nsec3.hash, nsec3.iterations, nsec3.salt,
341 nsec3.salt_length, name->ndata, name->length);
352 if ((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) == 0) {
358 scope = memcmp(owner, nsec3.next, nsec3.next_length)
[all...] |
| rbtdb.c | 54 #include <dns/nsec3.h>
106 uint64_t nsec3; member in struct:rbtdb_file_header
449 /* NSEC3 parameters */
548 dns_rbt_t *nsec3; member in struct:dns_rbtdb
699 * "regular" RBT ("chain" field) and the root node of the NSEC3 RBT
1127 treep = &rbtdb->nsec3;
1910 result = dns_rbt_deletenode(rbtdb->nsec3, node, false);
2421 * Do we have a valid NSEC/NSEC3 chain?
2432 * Cache the nsec3 parameters.
2913 INSIST(tree == rbtdb->tree || tree == rbtdb->nsec3);
3720 dns_rdata_nsec3_t nsec3; local
7689 dns_rbt_t *tree = NULL, *nsec = NULL, *nsec3 = NULL; local
[all...] |
| zone.c | 64 #include <dns/nsec3.h>
796 * a NSEC3 chain only the non-NSEC3 nodes will be iterated. If we are
797 * removing a NSEC3 chain then both NSEC3 and non-NSEC3 nodes will be
800 * 'nsec3param' contains the parameters of the NSEC3 chain being created
806 * NSEC3 chain, a NSEC record is seen.
809 * of a NSEC3 chain, 'seen_nsec' is true. If 'delete_nsec' is true then we
3652 * Initiate adding/removing NSEC3 records belonging to the chain defined by th
8274 dns_rdata_nsec3_t nsec3; local
20518 bool nseconly = false, nsec3 = false; local
[all...] |
| /src/external/mpl/bind/dist/bin/dnssec/ |
| dnssec-signzone.c | 80 #include <dns/nsec3.h>
1350 * NSEC3.
1630 * For NSEC3 zones the NSEC3 nodes are zone data but
1770 "to update to NSEC3.");
1775 fatal("Zone contains NSEC3 chains. Use -u "
1833 * Generate NSEC records for the zone and remove NSEC3/NSEC3PARAM records.
1854 * Remove any NSEC3 chains.
2074 * Clean out NSEC3 record and RRSIG(NSEC3) that are not in the hash list
2088 dns_rdata_nsec3_t nsec3; local
2993 dns_rdata_nsec3_t nsec3; local
[all...] |
| /src/external/bsd/unbound/dist/services/ |
| authzone.c | 77 /** bytes to use for NSEC3 hash buffer. 20 for sha1 */
2375 /** true if domain has only nsec3 */
2492 /* no direct answer from nsec3-only domains */
2836 /* skip unknown flags (dynamic signer is recalculating nsec3 chain) */
2931 /* because canonical ordering and b32 nsec3 ordering are the same.
2932 * this is a good lookup to find the nsec3 name. */
2934 /* but we may have to skip non-nsec3 nodes */
2936 * separate nsec3 tree with nsec3 nodes */
2960 /* we did not find any, perhaps because the NSEC3 hash is befor
3026 struct auth_rrset* nsec3; local
7931 struct auth_rrset* nsec3; local
[all...] |
| /src/external/mpl/bind/dist/lib/ns/ |
| query.c | 53 #include <dns/nsec3.h>
4976 dns_rdata_nsec3_t nsec3; local
5023 result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
5026 optout = ((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
5045 "expected a exact match NSEC3, got "
5053 "expected covering NSEC3, got an exact match");
9199 * Add the NSEC3 which proves the DS does not exist.
9378 * Look for a NSEC3 record if we don't have a NSEC record.
11351 * No NSEC proof available, return NSEC3 proofs instead.
11373 * Add closest (provable) encloser NSEC3
[all...] |
