aboutsummaryrefslogtreecommitdiff
path: root/bin/dnssec
diff options
context:
space:
mode:
Diffstat (limited to 'bin/dnssec')
-rw-r--r--bin/dnssec/dnssec-dsfromkey.c8
-rw-r--r--bin/dnssec/dnssec-importkey.c4
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.c4
-rw-r--r--bin/dnssec/dnssec-keygen.88
-rw-r--r--bin/dnssec/dnssec-keygen.c12
-rw-r--r--bin/dnssec/dnssec-keygen.docbook9
-rw-r--r--bin/dnssec/dnssec-keygen.html22
-rw-r--r--bin/dnssec/dnssec-settime.88
-rw-r--r--bin/dnssec/dnssec-settime.c5
-rw-r--r--bin/dnssec/dnssec-settime.docbook9
-rw-r--r--bin/dnssec/dnssec-settime.html20
-rw-r--r--bin/dnssec/dnssec-signzone.c86
-rw-r--r--bin/dnssec/dnssec-verify.c4
-rw-r--r--bin/dnssec/dnssectool.c8
-rw-r--r--bin/dnssec/dnssectool.h4
15 files changed, 114 insertions, 97 deletions
diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
index fca7b17d3cfa..8c1bd86f16d9 100644
--- a/bin/dnssec/dnssec-dsfromkey.c
+++ b/bin/dnssec/dnssec-dsfromkey.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -61,6 +61,7 @@ static dns_fixedname_t fixed;
static dns_name_t *name = NULL;
static isc_mem_t *mctx = NULL;
static isc_uint32_t ttl;
+static isc_boolean_t emitttl = ISC_FALSE;
static isc_result_t
initname(char *setname) {
@@ -295,7 +296,7 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
isc_buffer_usedregion(&nameb, &r);
printf("%.*s ", (int)r.length, r.base);
- if (ttl != 0U)
+ if (emitttl)
printf("%u ", ttl);
isc_buffer_usedregion(&classb, &r);
@@ -415,6 +416,7 @@ main(int argc, char **argv) {
usekeyset = ISC_TRUE;
break;
case 'T':
+ emitttl = ISC_TRUE;
ttl = atol(isc_commandline_argument);
break;
case 'v':
@@ -489,7 +491,7 @@ main(int argc, char **argv) {
isc_result_totext(result));
isc_entropy_stopcallbacksources(ectx);
- setup_logging(verbose, mctx, &log);
+ setup_logging(mctx, &log);
dns_rdataset_init(&rdataset);
diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c
index f07f02ecf5b7..ff525f693faa 100644
--- a/bin/dnssec/dnssec-importkey.c
+++ b/bin/dnssec/dnssec-importkey.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2013-2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -380,7 +380,7 @@ main(int argc, char **argv) {
isc_result_totext(result));
isc_entropy_stopcallbacksources(ectx);
- setup_logging(verbose, mctx, &log);
+ setup_logging(mctx, &log);
dns_rdataset_init(&rdataset);
diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c
index 9dc9df75194d..bb26c33a7768 100644
--- a/bin/dnssec/dnssec-keyfromlabel.c
+++ b/bin/dnssec/dnssec-keyfromlabel.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2007-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -319,7 +319,7 @@ main(int argc, char **argv) {
fatal("could not initialize dst: %s",
isc_result_totext(ret));
- setup_logging(verbose, mctx, &log);
+ setup_logging(mctx, &log);
if (predecessor == NULL) {
if (label == NULL)
diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index 11d7e4f01366..2cd5d76ff516 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -136,11 +136,11 @@ Deprecated in favor of \-T KEY.
.PP
\-L \fIttl\fR
.RS 4
-Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
+Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. If this value is not set and there is no existing DNSKEY RRset, the TTL will default to the SOA TTL. Setting the default TTL to
0
or
none
-removes it.
+is the same as leaving it unset.
.RE
.PP
\-p \fIprotocol\fR
@@ -307,7 +307,7 @@ RFC 4034.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007\-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 26504410db2e..3cae29c724fb 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -476,7 +476,7 @@ main(int argc, char **argv) {
fatal("could not initialize dst: %s",
isc_result_totext(ret));
- setup_logging(verbose, mctx, &log);
+ setup_logging(mctx, &log);
if (predecessor == NULL) {
if (prepub == -1)
@@ -541,6 +541,9 @@ main(int argc, char **argv) {
options |= DST_TYPE_KEY;
}
+ if (!dst_algorithm_supported(alg))
+ fatal("unsupported algorithm: %d", alg);
+
if (use_nsec3 &&
alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
alg != DST_ALG_RSASHA256 && alg!= DST_ALG_RSASHA512 &&
@@ -708,8 +711,13 @@ main(int argc, char **argv) {
fatal("invalid DSS key size: %d", size);
break;
case DST_ALG_ECCGOST:
+ size = 256;
+ break;
case DST_ALG_ECDSA256:
+ size = 256;
+ break;
case DST_ALG_ECDSA384:
+ size = 384;
break;
case DST_ALG_HMACMD5:
options |= DST_TYPE_KEY;
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 725c4e1cbb2f..472575f0d002 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -45,6 +45,7 @@
<year>2011</year>
<year>2012</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -301,8 +302,10 @@
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
- would take precedence. Setting the default TTL to
- <literal>0</literal> or <literal>none</literal> removes it.
+ would take precedence. If this value is not set and there
+ is no existing DNSKEY RRset, the TTL will default to the
+ SOA TTL. Setting the default TTL to <literal>0</literal>
+ or <literal>none</literal> is the same as leaving it unset.
</para>
</listitem>
</varlistentry>
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index 43837abecb11..9cf62ebc7660 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543605"></a><h2>DESCRIPTION</h2>
+<a name="id2543608"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -46,7 +46,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543623"></a><h2>OPTIONS</h2>
+<a name="id2543626"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -175,8 +175,10 @@
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
- would take precedence. Setting the default TTL to
- <code class="literal">0</code> or <code class="literal">none</code> removes it.
+ would take precedence. If this value is not set and there
+ is no existing DNSKEY RRset, the TTL will default to the
+ SOA TTL. Setting the default TTL to <code class="literal">0</code>
+ or <code class="literal">none</code> is the same as leaving it unset.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
<dd><p>
@@ -260,7 +262,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544216"></a><h2>TIMING OPTIONS</h2>
+<a name="id2544220"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -334,7 +336,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544406"></a><h2>GENERATED KEYS</h2>
+<a name="id2544410"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@@ -380,7 +382,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544625"></a><h2>EXAMPLE</h2>
+<a name="id2544492"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -401,7 +403,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544668"></a><h2>SEE ALSO</h2>
+<a name="id2544604"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@@ -410,7 +412,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544699"></a><h2>AUTHOR</h2>
+<a name="id2544635"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/dnssec/dnssec-settime.8 b/bin/dnssec/dnssec-settime.8
index 87bc52dc7839..821e4db990f1 100644
--- a/bin/dnssec/dnssec-settime.8
+++ b/bin/dnssec/dnssec-settime.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -69,11 +69,11 @@ Sets the directory in which the key files are to reside.
.PP
\-L \fIttl\fR
.RS 4
-Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
+Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. If this value is not set and there is no existing DNSKEY RRset, the TTL will default to the SOA TTL. Setting the default TTL to
0
or
none
-removes it.
+removes it from the key.
.RE
.PP
\-h
@@ -176,5 +176,5 @@ RFC 5011.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009\-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009\-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index 88f8cf168331..3d18b61a6139 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -162,7 +162,7 @@ main(int argc, char **argv) {
if (result != ISC_R_SUCCESS)
fatal("Out of memory");
- setup_logging(verbose, mctx, &log);
+ setup_logging(mctx, &log);
dns_result_register();
@@ -333,7 +333,6 @@ main(int argc, char **argv) {
isc_entropy_stopcallbacksources(ectx);
if (predecessor != NULL) {
- char keystr[DST_KEY_FORMATSIZE];
int major, minor;
if (prepub == -1)
diff --git a/bin/dnssec/dnssec-settime.docbook b/bin/dnssec/dnssec-settime.docbook
index b2c6a2a2398a..942f1889cf60 100644
--- a/bin/dnssec/dnssec-settime.docbook
+++ b/bin/dnssec/dnssec-settime.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -39,6 +39,7 @@
<year>2010</year>
<year>2011</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -126,8 +127,10 @@
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
- would take precedence. Setting the default TTL to
- <literal>0</literal> or <literal>none</literal> removes it.
+ would take precedence. If this value is not set and there
+ is no existing DNSKEY RRset, the TTL will default to the
+ SOA TTL. Setting the default TTL to <literal>0</literal>
+ or <literal>none</literal> removes it from the key.
</para>
</listitem>
</varlistentry>
diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html
index 6cf3d2aab10d..0132e07ceee6 100644
--- a/bin/dnssec/dnssec-settime.html
+++ b/bin/dnssec/dnssec-settime.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543447"></a><h2>DESCRIPTION</h2>
+<a name="id2543450"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@@ -57,7 +57,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543495"></a><h2>OPTIONS</h2>
+<a name="id2543498"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@@ -80,8 +80,10 @@
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
- would take precedence. Setting the default TTL to
- <code class="literal">0</code> or <code class="literal">none</code> removes it.
+ would take precedence. If this value is not set and there
+ is no existing DNSKEY RRset, the TTL will default to the
+ SOA TTL. Setting the default TTL to <code class="literal">0</code>
+ or <code class="literal">none</code> removes it from the key.
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -103,7 +105,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543692"></a><h2>TIMING OPTIONS</h2>
+<a name="id2543697"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -182,7 +184,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543831"></a><h2>PRINTING OPTIONS</h2>
+<a name="id2543835"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@@ -208,7 +210,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543909"></a><h2>SEE ALSO</h2>
+<a name="id2543913"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -216,7 +218,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543942"></a><h2>AUTHOR</h2>
+<a name="id2543946"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index d3250d9c4c99..d791edb53fac 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -132,7 +132,7 @@ static isc_mem_t *mctx = NULL;
static isc_entropy_t *ectx = NULL;
static dns_ttl_t zone_soa_min_ttl;
static dns_ttl_t soa_ttl;
-static FILE *fp = NULL;
+static FILE *outfp = NULL;
static char *tempfile = NULL;
static const dns_master_style_t *masterstyle;
static dns_masterformat_t inputformat = dns_masterformat_text;
@@ -152,7 +152,7 @@ static dns_name_t *gorigin; /* The database origin */
static int nsec3flags = 0;
static dns_iterations_t nsec3iter = 10U;
static unsigned char saltbuf[255];
-static unsigned char *salt = saltbuf;
+static unsigned char *gsalt = saltbuf;
static size_t salt_length = 0;
static isc_task_t *master = NULL;
static unsigned int ntasks = 0;
@@ -202,7 +202,7 @@ dumpnode(dns_name_t *name, dns_dbnode_t *node) {
if (!output_dnssec_only) {
result = dns_master_dumpnodetostream(mctx, gdb, gversion, node,
- name, masterstyle, fp);
+ name, masterstyle, outfp);
check_result(result, "dns_master_dumpnodetostream");
return;
}
@@ -244,7 +244,7 @@ dumpnode(dns_name_t *name, dns_dbnode_t *node) {
check_result(result, "dns_master_rdatasettotext");
isc_buffer_usedregion(buffer, &r);
- result = isc_stdio_write(r.base, 1, r.length, fp, NULL);
+ result = isc_stdio_write(r.base, 1, r.length, outfp, NULL);
check_result(result, "isc_stdio_write");
isc_buffer_clear(buffer);
@@ -285,8 +285,6 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dst_key_t *key,
mctx, &b, &trdata);
isc_entropy_stopcallbacksources(ectx);
if (result != ISC_R_SUCCESS) {
- char keystr[DST_KEY_FORMATSIZE];
- dst_key_format(key, keystr, sizeof(keystr));
fatal("dnskey '%s' failed to sign data: %s",
keystr, isc_result_totext(result));
}
@@ -737,7 +735,7 @@ hashlist_add(hashlist_t *l, const unsigned char *hash, size_t len)
static void
hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
unsigned int hashalg, unsigned int iterations,
- const unsigned char *salt, size_t salt_length,
+ const unsigned char *salt, size_t salt_len,
isc_boolean_t speculative)
{
char nametext[DNS_NAME_FORMATSIZE];
@@ -746,7 +744,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
size_t i;
len = isc_iterated_hash(hash, hashalg, iterations,
- salt, (int)salt_length,
+ salt, (int)salt_len,
name->ndata, name->length);
if (verbose) {
dns_name_format(name, nametext, sizeof nametext);
@@ -828,7 +826,7 @@ hashlist_exists(const hashlist_t *l,
static void
addnowildcardhash(hashlist_t *l, /*const*/ dns_name_t *name,
unsigned int hashalg, unsigned int iterations,
- const unsigned char *salt, size_t salt_length)
+ const unsigned char *salt, size_t salt_len)
{
dns_fixedname_t fixed;
dns_name_t *wild;
@@ -855,7 +853,7 @@ addnowildcardhash(hashlist_t *l, /*const*/ dns_name_t *name,
fprintf(stderr, "adding no-wildcardhash for %s\n", namestr);
}
- hashlist_add_dns_name(l, wild, hashalg, iterations, salt, salt_length,
+ hashlist_add_dns_name(l, wild, hashalg, iterations, salt, salt_len,
ISC_TRUE);
}
@@ -1826,7 +1824,7 @@ nsecify(void) {
}
static void
-addnsec3param(const unsigned char *salt, size_t salt_length,
+addnsec3param(const unsigned char *salt, size_t salt_len,
dns_iterations_t iterations)
{
dns_dbnode_t *node = NULL;
@@ -1847,7 +1845,7 @@ addnsec3param(const unsigned char *salt, size_t salt_length,
nsec3param.flags = 0;
nsec3param.hash = unknownalg ? DNS_NSEC3_UNKNOWNALG : dns_hash_sha1;
nsec3param.iterations = iterations;
- nsec3param.salt_length = (unsigned char)salt_length;
+ nsec3param.salt_length = (unsigned char)salt_len;
DE_CONST(salt, nsec3param.salt);
isc_buffer_init(&b, nsec3parambuf, sizeof(nsec3parambuf));
@@ -1886,7 +1884,7 @@ addnsec3param(const unsigned char *salt, size_t salt_length,
static void
addnsec3(dns_name_t *name, dns_dbnode_t *node,
- const unsigned char *salt, size_t salt_length,
+ const unsigned char *salt, size_t salt_len,
unsigned int iterations, hashlist_t *hashlist,
dns_ttl_t ttl)
{
@@ -1900,7 +1898,7 @@ addnsec3(dns_name_t *name, dns_dbnode_t *node,
isc_result_t result;
dns_dbnode_t *nsec3node = NULL;
char namebuf[DNS_NAME_FORMATSIZE];
- size_t hash_length;
+ size_t hash_len;
dns_name_format(name, namebuf, sizeof(namebuf));
@@ -1908,16 +1906,16 @@ addnsec3(dns_name_t *name, dns_dbnode_t *node,
dns_rdataset_init(&rdataset);
dns_name_downcase(name, name, NULL);
- result = dns_nsec3_hashname(&hashname, hash, &hash_length,
+ result = dns_nsec3_hashname(&hashname, hash, &hash_len,
name, gorigin, dns_hash_sha1, iterations,
- salt, salt_length);
+ salt, salt_len);
check_result(result, "addnsec3: dns_nsec3_hashname()");
nexthash = hashlist_findnext(hashlist, hash);
result = dns_nsec3_buildrdata(gdb, gversion, node,
unknownalg ?
DNS_NSEC3_UNKNOWNALG : dns_hash_sha1,
nsec3flags, iterations,
- salt, salt_length,
+ salt, salt_len,
nexthash, ISC_SHA1_DIGESTLENGTH,
nsec3buffer, &rdata);
check_result(result, "addnsec3: dns_nsec3_buildrdata()");
@@ -1953,7 +1951,7 @@ addnsec3(dns_name_t *name, dns_dbnode_t *node,
static void
nsec3clean(dns_name_t *name, dns_dbnode_t *node,
unsigned int hashalg, unsigned int iterations,
- const unsigned char *salt, size_t salt_length, hashlist_t *hashlist)
+ const unsigned char *salt, size_t salt_len, hashlist_t *hashlist)
{
dns_label_t label;
dns_rdata_nsec3_t nsec3;
@@ -2013,8 +2011,8 @@ nsec3clean(dns_name_t *name, dns_dbnode_t *node,
check_result(result, "dns_rdata_tostruct");
if (exists && nsec3.hash == hashalg &&
nsec3.iterations == iterations &&
- nsec3.salt_length == salt_length &&
- !memcmp(nsec3.salt, salt, salt_length))
+ nsec3.salt_length == salt_len &&
+ !memcmp(nsec3.salt, salt, salt_len))
continue;
rdatalist.rdclass = rdata.rdclass;
rdatalist.type = rdata.type;
@@ -2145,7 +2143,7 @@ remove_duplicates(void) {
*/
static void
nsec3ify(unsigned int hashalg, dns_iterations_t iterations,
- const unsigned char *salt, size_t salt_length, hashlist_t *hashlist)
+ const unsigned char *salt, size_t salt_len, hashlist_t *hashlist)
{
dns_dbiterator_t *dbiter = NULL;
dns_dbnode_t *node = NULL, *nextnode = NULL;
@@ -2241,7 +2239,7 @@ nsec3ify(unsigned int hashalg, dns_iterations_t iterations,
isc_result_totext(result));
dns_name_downcase(name, name, NULL);
hashlist_add_dns_name(hashlist, name, hashalg, iterations,
- salt, salt_length, ISC_FALSE);
+ salt, salt_len, ISC_FALSE);
dns_db_detachnode(gdb, &node);
/*
* Add hashs for empty nodes. Use closest encloser logic.
@@ -2252,16 +2250,16 @@ nsec3ify(unsigned int hashalg, dns_iterations_t iterations,
dns_name_downcase(nextname, nextname, NULL);
dns_name_fullcompare(name, nextname, &order, &nlabels);
addnowildcardhash(hashlist, name, hashalg, iterations,
- salt, salt_length);
+ salt, salt_len);
count = dns_name_countlabels(nextname);
while (count > nlabels + 1) {
count--;
dns_name_split(nextname, count, NULL, nextname);
hashlist_add_dns_name(hashlist, nextname, hashalg,
- iterations, salt, salt_length,
+ iterations, salt, salt_len,
ISC_FALSE);
addnowildcardhash(hashlist, nextname, hashalg,
- iterations, salt, salt_length);
+ iterations, salt, salt_len);
}
}
dns_dbiterator_destroy(&dbiter);
@@ -2284,7 +2282,7 @@ nsec3ify(unsigned int hashalg, dns_iterations_t iterations,
zonecut = NULL;
done = ISC_FALSE;
- addnsec3param(salt, salt_length, iterations);
+ addnsec3param(salt, salt_len, iterations);
/*
* Clean out NSEC3 records which don't match this chain.
@@ -2297,7 +2295,7 @@ nsec3ify(unsigned int hashalg, dns_iterations_t iterations,
result = dns_dbiterator_next(dbiter)) {
result = dns_dbiterator_current(dbiter, &node, name);
check_dns_dbiterator_current(result);
- nsec3clean(name, node, hashalg, iterations, salt, salt_length,
+ nsec3clean(name, node, hashalg, iterations, salt, salt_len,
hashlist);
dns_db_detachnode(gdb, &node);
}
@@ -2371,7 +2369,7 @@ nsec3ify(unsigned int hashalg, dns_iterations_t iterations,
* We need to pause here to release the lock on the database.
*/
dns_dbiterator_pause(dbiter);
- addnsec3(name, node, salt, salt_length, iterations,
+ addnsec3(name, node, salt, salt_len, iterations,
hashlist, zone_soa_min_ttl);
dns_db_detachnode(gdb, &node);
/*
@@ -2382,7 +2380,7 @@ nsec3ify(unsigned int hashalg, dns_iterations_t iterations,
while (count > nlabels + 1) {
count--;
dns_name_split(nextname, count, NULL, nextname);
- addnsec3(nextname, NULL, salt, salt_length,
+ addnsec3(nextname, NULL, salt, salt_len,
iterations, hashlist, zone_soa_min_ttl);
}
}
@@ -2644,7 +2642,7 @@ warnifallksk(dns_db_t *db) {
}
static void
-set_nsec3params(isc_boolean_t update_chain, isc_boolean_t set_salt,
+set_nsec3params(isc_boolean_t update, isc_boolean_t set_salt,
isc_boolean_t set_optout, isc_boolean_t set_iter)
{
isc_result_t result;
@@ -2672,7 +2670,7 @@ set_nsec3params(isc_boolean_t update_chain, isc_boolean_t set_salt,
nsec_datatype = dns_rdatatype_nsec3;
- if (!update_chain && set_salt) {
+ if (!update && set_salt) {
if (salt_length != orig_saltlen ||
memcmp(saltbuf, orig_salt, salt_length) != 0)
fatal("An NSEC3 chain exists with a different salt. "
@@ -2680,10 +2678,10 @@ set_nsec3params(isc_boolean_t update_chain, isc_boolean_t set_salt,
} else if (!set_salt) {
salt_length = orig_saltlen;
memmove(saltbuf, orig_salt, orig_saltlen);
- salt = saltbuf;
+ gsalt = saltbuf;
}
- if (!update_chain && set_iter) {
+ if (!update && set_iter) {
if (nsec3iter != orig_iter)
fatal("An NSEC3 chain exists with different "
"iterations. Use -u to update it.");
@@ -2717,7 +2715,7 @@ set_nsec3params(isc_boolean_t update_chain, isc_boolean_t set_salt,
result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
check_result(result, "dns_rdata_tostruct");
- if (!update_chain && set_optout) {
+ if (!update && set_optout) {
if (nsec3flags != nsec3.flags)
fatal("An NSEC3 chain exists with%s OPTOUT. "
"Use -u -%s to %s it.",
@@ -3407,7 +3405,7 @@ main(int argc, char *argv[]) {
if (directory == NULL)
directory = ".";
- setup_logging(verbose, mctx, &log);
+ setup_logging(mctx, &log);
argc -= isc_commandline_index;
argv += isc_commandline_index;
@@ -3608,7 +3606,7 @@ main(int argc, char *argv[]) {
if (!nonsecify) {
if (IS_NSEC3)
- nsec3ify(dns_hash_sha1, nsec3iter, salt, salt_length,
+ nsec3ify(dns_hash_sha1, nsec3iter, gsalt, salt_length,
&hashlist);
else
nsecify();
@@ -3624,7 +3622,7 @@ main(int argc, char *argv[]) {
}
if (output_stdout) {
- fp = stdout;
+ outfp = stdout;
if (outputformatstr == NULL)
masterstyle = &dns_master_style_full;
} else {
@@ -3637,9 +3635,9 @@ main(int argc, char *argv[]) {
check_result(result, "isc_file_mktemplate");
if (outputformat == dns_masterformat_text)
- result = isc_file_openunique(tempfile, &fp);
+ result = isc_file_openunique(tempfile, &outfp);
else
- result = isc_file_bopenunique(tempfile, &fp);
+ result = isc_file_bopenunique(tempfile, &outfp);
if (result != ISC_R_SUCCESS)
fatal("failed to open temporary output file: %s",
isc_result_totext(result));
@@ -3647,8 +3645,8 @@ main(int argc, char *argv[]) {
setfatalcallback(&removetempfile);
}
- print_time(fp);
- print_version(fp);
+ print_time(outfp);
+ print_version(outfp);
result = isc_taskmgr_create(mctx, ntasks, 0, &taskmgr);
if (result != ISC_R_SUCCESS)
@@ -3718,7 +3716,7 @@ main(int argc, char *argv[]) {
}
result = dns_master_dumptostream3(mctx, gdb, gversion,
masterstyle, outputformat,
- &header, fp);
+ &header, outfp);
check_result(result, "dns_master_dumptostream3");
}
@@ -3727,7 +3725,7 @@ main(int argc, char *argv[]) {
DESTROYLOCK(&statslock);
if (!output_stdout) {
- result = isc_stdio_close(fp);
+ result = isc_stdio_close(outfp);
check_result(result, "isc_stdio_close");
removefile = ISC_FALSE;
diff --git a/bin/dnssec/dnssec-verify.c b/bin/dnssec/dnssec-verify.c
index 09e5211d47af..f68e4da5a596 100644
--- a/bin/dnssec/dnssec-verify.c
+++ b/bin/dnssec/dnssec-verify.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -272,7 +272,7 @@ main(int argc, char *argv[]) {
rdclass = strtoclass(classname);
- setup_logging(verbose, mctx, &log);
+ setup_logging(mctx, &log);
argc -= isc_commandline_index;
argv += isc_commandline_index;
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index b1d1ed664bf2..42936414abc2 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009-2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -120,8 +120,8 @@ vbprintf(int level, const char *fmt, ...) {
}
void
-version(const char *program) {
- fprintf(stderr, "%s %s\n", program, VERSION);
+version(const char *name) {
+ fprintf(stderr, "%s %s\n", name, VERSION);
exit(0);
}
@@ -149,7 +149,7 @@ sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size) {
}
void
-setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
+setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
isc_result_t result;
isc_logdestination_t destination;
isc_logconfig_t *logconfig = NULL;
diff --git a/bin/dnssec/dnssectool.h b/bin/dnssec/dnssectool.h
index f51bd0001a7b..2ad83d3d8616 100644
--- a/bin/dnssec/dnssectool.h
+++ b/bin/dnssec/dnssectool.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -57,7 +57,7 @@ sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size);
#define SIG_FORMATSIZE (DNS_NAME_FORMATSIZE + DNS_SECALG_FORMATSIZE + sizeof("65535"))
void
-setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp);
+setup_logging(isc_mem_t *mctx, isc_log_t **logp);
void
cleanup_logging(isc_log_t **logp);
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-05 21:42:56 +0000