[libnet-ldns-perl] 02/05: Use system ldns library for compilation
Ondřej Surý
ondrej at debian.org
Tue Sep 6 13:55:33 UTC 2016
This is an automated email from the git hooks/post-receive script.
ondrej pushed a commit to branch master
in repository libnet-ldns-perl.
commit ce5878439913bf2c0c57c356c694eeaf883f6542
Author: Ondřej Surý <ondrej at sury.org>
Date: Tue Jun 28 12:36:34 2016 +0200
Use system ldns library for compilation
---
debian/control | 2 +-
...1-Use-system-ldns-library-for-compilation.patch | 86155 +++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 86157 insertions(+), 1 deletion(-)
diff --git a/debian/control b/debian/control
index 9e47b36..b3ba291 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Priority: optional
Maintainer: Ondřej Surý <ondrej at debian.org>
Build-Depends: debhelper (>= 9.20120312~),
libdevel-checklib-perl (>= 0.4),
- libldns-dev,
+ libldns-dev (>= 1.6.17-9~),
libtest-fatal-perl,
perl (>= 5.17.4)
Standards-Version: 3.9.8
diff --git a/debian/patches/0001-Use-system-ldns-library-for-compilation.patch b/debian/patches/0001-Use-system-ldns-library-for-compilation.patch
new file mode 100644
index 0000000..fe7041f
--- /dev/null
+++ b/debian/patches/0001-Use-system-ldns-library-for-compilation.patch
@@ -0,0 +1,86155 @@
+From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej at sury.org>
+Date: Tue, 28 Jun 2016 12:36:19 +0200
+Subject: Use system ldns library for compilation
+
+---
+ MANIFEST | 99 +-
+ Makefile.PL | 19 +-
+ include/ldns/buffer.h | 645 ---------
+ include/ldns/common.h | 78 --
+ include/ldns/config.h | 590 --------
+ include/ldns/dane.h | 262 ----
+ include/ldns/dname.h | 211 ---
+ include/ldns/dnssec.h | 541 --------
+ include/ldns/dnssec_sign.h | 383 ------
+ include/ldns/dnssec_verify.h | 857 ------------
+ include/ldns/dnssec_zone.h | 483 -------
+ include/ldns/duration.h | 109 --
+ include/ldns/error.h | 147 --
+ include/ldns/higher.h | 113 --
+ include/ldns/host2str.h | 891 ------------
+ include/ldns/host2wire.h | 197 ---
+ include/ldns/keys.h | 621 ---------
+ include/ldns/ldns.h | 158 ---
+ include/ldns/net.h | 207 ---
+ include/ldns/packet.h | 891 ------------
+ include/ldns/parse.h | 167 ---
+ include/ldns/radix.h | 240 ----
+ include/ldns/rbtree.h | 230 ----
+ include/ldns/rdata.h | 451 -------
+ include/ldns/resolver.h | 805 -----------
+ include/ldns/rr.h | 929 -------------
+ include/ldns/rr_functions.h | 363 -----
+ include/ldns/sha1.h | 38 -
+ include/ldns/sha2.h | 149 --
+ include/ldns/str2host.h | 319 -----
+ include/ldns/tsig.h | 101 --
+ include/ldns/update.h | 115 --
+ include/ldns/util.h | 392 ------
+ include/ldns/wire2host.h | 197 ---
+ include/ldns/zone.h | 176 ---
+ ldns/include/ldns/buffer.h | 645 +++++++++
+ ldns/include/ldns/common.h | 78 ++
+ ldns/include/ldns/config.h | 590 ++++++++
+ ldns/include/ldns/dane.h | 262 ++++
+ ldns/include/ldns/dname.h | 211 +++
+ ldns/include/ldns/dnssec.h | 541 ++++++++
+ ldns/include/ldns/dnssec_sign.h | 383 ++++++
+ ldns/include/ldns/dnssec_verify.h | 857 ++++++++++++
+ ldns/include/ldns/dnssec_zone.h | 483 +++++++
+ ldns/include/ldns/duration.h | 109 ++
+ ldns/include/ldns/error.h | 147 ++
+ ldns/include/ldns/higher.h | 113 ++
+ ldns/include/ldns/host2str.h | 891 ++++++++++++
+ ldns/include/ldns/host2wire.h | 197 +++
+ ldns/include/ldns/keys.h | 621 +++++++++
+ ldns/include/ldns/ldns.h | 158 +++
+ ldns/include/ldns/net.h | 207 +++
+ ldns/include/ldns/packet.h | 891 ++++++++++++
+ ldns/include/ldns/parse.h | 167 +++
+ ldns/include/ldns/radix.h | 240 ++++
+ ldns/include/ldns/rbtree.h | 230 ++++
+ ldns/include/ldns/rdata.h | 451 +++++++
+ ldns/include/ldns/resolver.h | 805 +++++++++++
+ ldns/include/ldns/rr.h | 929 +++++++++++++
+ ldns/include/ldns/rr_functions.h | 363 +++++
+ ldns/include/ldns/sha1.h | 38 +
+ ldns/include/ldns/sha2.h | 149 ++
+ ldns/include/ldns/str2host.h | 319 +++++
+ ldns/include/ldns/tsig.h | 101 ++
+ ldns/include/ldns/update.h | 115 ++
+ ldns/include/ldns/util.h | 392 ++++++
+ ldns/include/ldns/wire2host.h | 197 +++
+ ldns/include/ldns/zone.h | 176 +++
+ ldns/src/buffer.c | 177 +++
+ ldns/src/compat/b64_ntop.c | 185 +++
+ ldns/src/compat/b64_pton.c | 244 ++++
+ ldns/src/compat/strlcpy.c | 57 +
+ ldns/src/dane.c | 748 ++++++++++
+ ldns/src/dname.c | 598 ++++++++
+ ldns/src/dnssec.c | 1869 +++++++++++++++++++++++++
+ ldns/src/dnssec_sign.c | 1456 ++++++++++++++++++++
+ ldns/src/dnssec_verify.c | 2684 ++++++++++++++++++++++++++++++++++++
+ ldns/src/dnssec_zone.c | 1192 ++++++++++++++++
+ ldns/src/duration.c | 354 +++++
+ ldns/src/error.c | 160 +++
+ ldns/src/higher.c | 344 +++++
+ ldns/src/host2str.c | 2635 ++++++++++++++++++++++++++++++++++++
+ ldns/src/host2wire.c | 494 +++++++
+ ldns/src/keys.c | 1726 +++++++++++++++++++++++
+ ldns/src/net.c | 1002 ++++++++++++++
+ ldns/src/packet.c | 1159 ++++++++++++++++
+ ldns/src/parse.c | 434 ++++++
+ ldns/src/radix.c | 1590 ++++++++++++++++++++++
+ ldns/src/rbtree.c | 670 +++++++++
+ ldns/src/rdata.c | 757 +++++++++++
+ ldns/src/resolver.c | 1603 ++++++++++++++++++++++
+ ldns/src/rr.c | 2705 +++++++++++++++++++++++++++++++++++++
+ ldns/src/rr_functions.c | 419 ++++++
+ ldns/src/sha1.c | 177 +++
+ ldns/src/sha2.c | 991 ++++++++++++++
+ ldns/src/str2host.c | 1604 ++++++++++++++++++++++
+ ldns/src/tsig.c | 470 +++++++
+ ldns/src/update.c | 325 +++++
+ ldns/src/util.c | 773 +++++++++++
+ ldns/src/wire2host.c | 491 +++++++
+ ldns/src/zone.c | 318 +++++
+ src/ldns/buffer.c | 177 ---
+ src/ldns/compat/b64_ntop.c | 185 ---
+ src/ldns/compat/b64_pton.c | 244 ----
+ src/ldns/compat/strlcpy.c | 57 -
+ src/ldns/dane.c | 748 ----------
+ src/ldns/dname.c | 598 --------
+ src/ldns/dnssec.c | 1869 -------------------------
+ src/ldns/dnssec_sign.c | 1456 --------------------
+ src/ldns/dnssec_verify.c | 2684 ------------------------------------
+ src/ldns/dnssec_zone.c | 1192 ----------------
+ src/ldns/duration.c | 354 -----
+ src/ldns/error.c | 160 ---
+ src/ldns/higher.c | 344 -----
+ src/ldns/host2str.c | 2635 ------------------------------------
+ src/ldns/host2wire.c | 494 -------
+ src/ldns/keys.c | 1726 -----------------------
+ src/ldns/net.c | 1002 --------------
+ src/ldns/packet.c | 1159 ----------------
+ src/ldns/parse.c | 434 ------
+ src/ldns/radix.c | 1590 ----------------------
+ src/ldns/rbtree.c | 670 ---------
+ src/ldns/rdata.c | 757 -----------
+ src/ldns/resolver.c | 1603 ----------------------
+ src/ldns/rr.c | 2705 -------------------------------------
+ src/ldns/rr_functions.c | 419 ------
+ src/ldns/sha1.c | 177 ---
+ src/ldns/sha2.c | 991 --------------
+ src/ldns/str2host.c | 1604 ----------------------
+ src/ldns/tsig.c | 470 -------
+ src/ldns/update.c | 325 -----
+ src/ldns/util.c | 773 -----------
+ src/ldns/wire2host.c | 491 -------
+ src/ldns/zone.c | 318 -----
+ 134 files changed, 42518 insertions(+), 42534 deletions(-)
+ delete mode 100644 include/ldns/buffer.h
+ delete mode 100644 include/ldns/common.h
+ delete mode 100644 include/ldns/config.h
+ delete mode 100644 include/ldns/dane.h
+ delete mode 100644 include/ldns/dname.h
+ delete mode 100644 include/ldns/dnssec.h
+ delete mode 100644 include/ldns/dnssec_sign.h
+ delete mode 100644 include/ldns/dnssec_verify.h
+ delete mode 100644 include/ldns/dnssec_zone.h
+ delete mode 100644 include/ldns/duration.h
+ delete mode 100644 include/ldns/error.h
+ delete mode 100644 include/ldns/higher.h
+ delete mode 100644 include/ldns/host2str.h
+ delete mode 100644 include/ldns/host2wire.h
+ delete mode 100644 include/ldns/keys.h
+ delete mode 100644 include/ldns/ldns.h
+ delete mode 100644 include/ldns/net.h
+ delete mode 100644 include/ldns/packet.h
+ delete mode 100644 include/ldns/parse.h
+ delete mode 100644 include/ldns/radix.h
+ delete mode 100644 include/ldns/rbtree.h
+ delete mode 100644 include/ldns/rdata.h
+ delete mode 100644 include/ldns/resolver.h
+ delete mode 100644 include/ldns/rr.h
+ delete mode 100644 include/ldns/rr_functions.h
+ delete mode 100644 include/ldns/sha1.h
+ delete mode 100644 include/ldns/sha2.h
+ delete mode 100644 include/ldns/str2host.h
+ delete mode 100644 include/ldns/tsig.h
+ delete mode 100644 include/ldns/update.h
+ delete mode 100644 include/ldns/util.h
+ delete mode 100644 include/ldns/wire2host.h
+ delete mode 100644 include/ldns/zone.h
+ create mode 100644 ldns/include/ldns/buffer.h
+ create mode 100644 ldns/include/ldns/common.h
+ create mode 100644 ldns/include/ldns/config.h
+ create mode 100644 ldns/include/ldns/dane.h
+ create mode 100644 ldns/include/ldns/dname.h
+ create mode 100644 ldns/include/ldns/dnssec.h
+ create mode 100644 ldns/include/ldns/dnssec_sign.h
+ create mode 100644 ldns/include/ldns/dnssec_verify.h
+ create mode 100644 ldns/include/ldns/dnssec_zone.h
+ create mode 100644 ldns/include/ldns/duration.h
+ create mode 100644 ldns/include/ldns/error.h
+ create mode 100644 ldns/include/ldns/higher.h
+ create mode 100644 ldns/include/ldns/host2str.h
+ create mode 100644 ldns/include/ldns/host2wire.h
+ create mode 100644 ldns/include/ldns/keys.h
+ create mode 100644 ldns/include/ldns/ldns.h
+ create mode 100644 ldns/include/ldns/net.h
+ create mode 100644 ldns/include/ldns/packet.h
+ create mode 100644 ldns/include/ldns/parse.h
+ create mode 100644 ldns/include/ldns/radix.h
+ create mode 100644 ldns/include/ldns/rbtree.h
+ create mode 100644 ldns/include/ldns/rdata.h
+ create mode 100644 ldns/include/ldns/resolver.h
+ create mode 100644 ldns/include/ldns/rr.h
+ create mode 100644 ldns/include/ldns/rr_functions.h
+ create mode 100644 ldns/include/ldns/sha1.h
+ create mode 100644 ldns/include/ldns/sha2.h
+ create mode 100644 ldns/include/ldns/str2host.h
+ create mode 100644 ldns/include/ldns/tsig.h
+ create mode 100644 ldns/include/ldns/update.h
+ create mode 100644 ldns/include/ldns/util.h
+ create mode 100644 ldns/include/ldns/wire2host.h
+ create mode 100644 ldns/include/ldns/zone.h
+ create mode 100644 ldns/src/buffer.c
+ create mode 100644 ldns/src/compat/b64_ntop.c
+ create mode 100644 ldns/src/compat/b64_pton.c
+ create mode 100644 ldns/src/compat/strlcpy.c
+ create mode 100644 ldns/src/dane.c
+ create mode 100644 ldns/src/dname.c
+ create mode 100644 ldns/src/dnssec.c
+ create mode 100644 ldns/src/dnssec_sign.c
+ create mode 100644 ldns/src/dnssec_verify.c
+ create mode 100644 ldns/src/dnssec_zone.c
+ create mode 100644 ldns/src/duration.c
+ create mode 100644 ldns/src/error.c
+ create mode 100644 ldns/src/higher.c
+ create mode 100644 ldns/src/host2str.c
+ create mode 100644 ldns/src/host2wire.c
+ create mode 100644 ldns/src/keys.c
+ create mode 100644 ldns/src/net.c
+ create mode 100644 ldns/src/packet.c
+ create mode 100644 ldns/src/parse.c
+ create mode 100644 ldns/src/radix.c
+ create mode 100644 ldns/src/rbtree.c
+ create mode 100644 ldns/src/rdata.c
+ create mode 100644 ldns/src/resolver.c
+ create mode 100644 ldns/src/rr.c
+ create mode 100644 ldns/src/rr_functions.c
+ create mode 100644 ldns/src/sha1.c
+ create mode 100644 ldns/src/sha2.c
+ create mode 100644 ldns/src/str2host.c
+ create mode 100644 ldns/src/tsig.c
+ create mode 100644 ldns/src/update.c
+ create mode 100644 ldns/src/util.c
+ create mode 100644 ldns/src/wire2host.c
+ create mode 100644 ldns/src/zone.c
+ delete mode 100644 src/ldns/buffer.c
+ delete mode 100644 src/ldns/compat/b64_ntop.c
+ delete mode 100644 src/ldns/compat/b64_pton.c
+ delete mode 100644 src/ldns/compat/strlcpy.c
+ delete mode 100644 src/ldns/dane.c
+ delete mode 100644 src/ldns/dname.c
+ delete mode 100644 src/ldns/dnssec.c
+ delete mode 100644 src/ldns/dnssec_sign.c
+ delete mode 100644 src/ldns/dnssec_verify.c
+ delete mode 100644 src/ldns/dnssec_zone.c
+ delete mode 100644 src/ldns/duration.c
+ delete mode 100644 src/ldns/error.c
+ delete mode 100644 src/ldns/higher.c
+ delete mode 100644 src/ldns/host2str.c
+ delete mode 100644 src/ldns/host2wire.c
+ delete mode 100644 src/ldns/keys.c
+ delete mode 100644 src/ldns/net.c
+ delete mode 100644 src/ldns/packet.c
+ delete mode 100644 src/ldns/parse.c
+ delete mode 100644 src/ldns/radix.c
+ delete mode 100644 src/ldns/rbtree.c
+ delete mode 100644 src/ldns/rdata.c
+ delete mode 100644 src/ldns/resolver.c
+ delete mode 100644 src/ldns/rr.c
+ delete mode 100644 src/ldns/rr_functions.c
+ delete mode 100644 src/ldns/sha1.c
+ delete mode 100644 src/ldns/sha2.c
+ delete mode 100644 src/ldns/str2host.c
+ delete mode 100644 src/ldns/tsig.c
+ delete mode 100644 src/ldns/update.c
+ delete mode 100644 src/ldns/util.c
+ delete mode 100644 src/ldns/wire2host.c
+ delete mode 100644 src/ldns/zone.c
+
+diff --git a/MANIFEST b/MANIFEST
+index 580f068..a8b2463 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -9,39 +9,6 @@ inc/Module/Install/Win32.pm
+ inc/Module/Install/WriteAll.pm
+ inc/Module/Install/XSUtil.pm
+ include/LDNS.h
+-include/ldns/buffer.h
+-include/ldns/common.h
+-include/ldns/config.h
+-include/ldns/dane.h
+-include/ldns/dname.h
+-include/ldns/dnssec.h
+-include/ldns/dnssec_sign.h
+-include/ldns/dnssec_verify.h
+-include/ldns/dnssec_zone.h
+-include/ldns/duration.h
+-include/ldns/error.h
+-include/ldns/higher.h
+-include/ldns/host2str.h
+-include/ldns/host2wire.h
+-include/ldns/keys.h
+-include/ldns/ldns.h
+-include/ldns/net.h
+-include/ldns/packet.h
+-include/ldns/parse.h
+-include/ldns/radix.h
+-include/ldns/rbtree.h
+-include/ldns/rdata.h
+-include/ldns/resolver.h
+-include/ldns/rr.h
+-include/ldns/rr_functions.h
+-include/ldns/sha1.h
+-include/ldns/sha2.h
+-include/ldns/str2host.h
+-include/ldns/tsig.h
+-include/ldns/update.h
+-include/ldns/util.h
+-include/ldns/wire2host.h
+-include/ldns/zone.h
+ lib/Net/LDNS.pm
+ lib/Net/LDNS/Packet.pm
+ lib/Net/LDNS/RR.pm
+@@ -128,39 +95,6 @@ ppport.h
+ README.md
+ src/assist.c
+ src/LDNS.xs
+-src/ldns/compat/b64_ntop.c
+-src/ldns/compat/b64_pton.c
+-src/ldns/buffer.c
+-src/ldns/compat/strlcpy.c
+-src/ldns/dane.c
+-src/ldns/dname.c
+-src/ldns/dnssec.c
+-src/ldns/dnssec_sign.c
+-src/ldns/dnssec_verify.c
+-src/ldns/dnssec_zone.c
+-src/ldns/duration.c
+-src/ldns/error.c
+-src/ldns/higher.c
+-src/ldns/host2str.c
+-src/ldns/host2wire.c
+-src/ldns/keys.c
+-src/ldns/net.c
+-src/ldns/packet.c
+-src/ldns/parse.c
+-src/ldns/radix.c
+-src/ldns/rbtree.c
+-src/ldns/rdata.c
+-src/ldns/resolver.c
+-src/ldns/rr.c
+-src/ldns/rr_functions.c
+-src/ldns/sha1.c
+-src/ldns/sha2.c
+-src/ldns/str2host.c
+-src/ldns/tsig.c
+-src/ldns/update.c
+-src/ldns/util.c
+-src/ldns/wire2host.c
+-src/ldns/zone.c
+ src/typemap
+ t/axfr.t
+ t/dnssec.t
+@@ -176,3 +110,36 @@ t/rrlist.t
+ t/serialize.t
+ t/threads.t
+ t/utils.t
++ldns/src/buffer.c
++ldns/src/compat/b64_ntop.c
++ldns/src/compat/b64_pton.c
++ldns/src/compat/strlcpy.c
++ldns/src/dane.c
++ldns/src/dname.c
++ldns/src/dnssec.c
++ldns/src/dnssec_sign.c
++ldns/src/dnssec_verify.c
++ldns/src/dnssec_zone.c
++ldns/src/duration.c
++ldns/src/error.c
++ldns/src/higher.c
++ldns/src/host2str.c
++ldns/src/host2wire.c
++ldns/src/keys.c
++ldns/src/net.c
++ldns/src/packet.c
++ldns/src/parse.c
++ldns/src/radix.c
++ldns/src/rbtree.c
++ldns/src/rdata.c
++ldns/src/resolver.c
++ldns/src/rr.c
++ldns/src/rr_functions.c
++ldns/src/sha1.c
++ldns/src/sha2.c
++ldns/src/str2host.c
++ldns/src/tsig.c
++ldns/src/update.c
++ldns/src/util.c
++ldns/src/wire2host.c
++ldns/src/zone.c
+diff --git a/Makefile.PL b/Makefile.PL
+index 35596f7..5ae48a9 100644
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -75,6 +75,23 @@ else {
+
+ if (
+ check_lib(
++ lib => 'ldns',
++ header => 'ldns/ldns.h',
++ function => 'if (!ldns_resolver_clone(ldns_resolver_new())) return 1; else return 0;'
++ )
++ )
++{
++ print "Using system ldns library.\n";
++ cc_libs 'ldns';
++}
++else {
++ print "Using embedded ldns library.\n";
++ cc_include_paths 'ldns/include';
++ cc_src_paths 'ldns/src';
++}
++
++if (
++ check_lib(
+ lib => 'idn',
+ header => 'idna.h',
+ function => 'if(strcmp(IDNA_ACE_PREFIX,"xn--")==0) return 0; else return 1;'
+@@ -140,4 +157,4 @@ sub check_gost {
+ CODE
+
+ return check_lib(%args);
+-}
+\ No newline at end of file
++}
+diff --git a/include/ldns/buffer.h b/include/ldns/buffer.h
+deleted file mode 100644
+index 3b64198..0000000
+--- a/include/ldns/buffer.h
++++ /dev/null
+@@ -1,645 +0,0 @@
+-/*
+- * buffer.h -- generic memory buffer.
+- *
+- * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+- *
+- * See LICENSE for the license.
+- *
+- *
+- * The buffer module implements a generic buffer. The API is based on
+- * the java.nio.Buffer interface.
+- */
+-
+-#ifndef LDNS_BUFFER_H
+-#define LDNS_BUFFER_H
+-
+-#include <assert.h>
+-#include <stdarg.h>
+-#include <string.h>
+-
+-#include <ldns/error.h>
+-#include <ldns/common.h>
+-
+-#include "ldns/util.h"
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * number of initial bytes in buffer of
+- * which we cannot tell the size before hand
+- */
+-#define LDNS_MIN_BUFLEN 512
+-
+-/**
+- * \file buffer.h
+- *
+- * This file contains the definition of ldns_buffer, and functions to manipulate those.
+- */
+-
+-/**
+- * implementation of buffers to ease operations
+- *
+- * ldns_buffers can contain arbitrary information, per octet. You can write
+- * to the current end of a buffer, read from the current position, and
+- * access any data within it.
+- *
+- * Example use of buffers is in the source code of \ref host2str.c
+- */
+-struct ldns_struct_buffer
+-{
+- /** The current position used for reading/writing */
+- size_t _position;
+-
+- /** The read/write limit */
+- size_t _limit;
+-
+- /** The amount of data the buffer can contain */
+- size_t _capacity;
+-
+- /** The data contained in the buffer */
+- uint8_t *_data;
+-
+- /** If the buffer is fixed it cannot be resized */
+- unsigned _fixed : 1;
+-
+- /** The current state of the buffer. If writing to the buffer fails
+- * for any reason, this value is changed. This way, you can perform
+- * multiple writes in sequence and check for success afterwards. */
+- ldns_status _status;
+-};
+-typedef struct ldns_struct_buffer ldns_buffer;
+-
+-
+-#ifdef NDEBUG
+-INLINE void
+-ldns_buffer_invariant(ldns_buffer *ATTR_UNUSED(buffer))
+-{
+-}
+-#else
+-INLINE void
+-ldns_buffer_invariant(ldns_buffer *buffer)
+-{
+- assert(buffer != NULL);
+- assert(buffer->_position <= buffer->_limit);
+- assert(buffer->_limit <= buffer->_capacity);
+- assert(buffer->_data != NULL);
+-}
+-#endif
+-
+-/**
+- * creates a new buffer with the specified capacity.
+- *
+- * \param[in] capacity the size (in bytes) to allocate for the buffer
+- * \return the created buffer
+- */
+-ldns_buffer *ldns_buffer_new(size_t capacity);
+-
+-/**
+- * creates a buffer with the specified data. The data IS copied
+- * and MEMORY allocations are done. The buffer is not fixed and can
+- * be resized using buffer_reserve().
+- *
+- * \param[in] buffer pointer to the buffer to put the data in
+- * \param[in] data the data to encapsulate in the buffer
+- * \param[in] size the size of the data
+- */
+-void ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size);
+-
+-/**
+- * clears the buffer and make it ready for writing. The buffer's limit
+- * is set to the capacity and the position is set to 0.
+- * \param[in] buffer the buffer to clear
+- */
+-INLINE void ldns_buffer_clear(ldns_buffer *buffer)
+-{
+- ldns_buffer_invariant(buffer);
+-
+- /* reset status here? */
+-
+- buffer->_position = 0;
+- buffer->_limit = buffer->_capacity;
+-}
+-
+-/**
+- * makes the buffer ready for reading the data that has been written to
+- * the buffer. The buffer's limit is set to the current position and
+- * the position is set to 0.
+- *
+- * \param[in] buffer the buffer to flip
+- * \return void
+- */
+-INLINE void ldns_buffer_flip(ldns_buffer *buffer)
+-{
+- ldns_buffer_invariant(buffer);
+-
+- buffer->_limit = buffer->_position;
+- buffer->_position = 0;
+-}
+-
+-/**
+- * make the buffer ready for re-reading the data. The buffer's
+- * position is reset to 0.
+- * \param[in] buffer the buffer to rewind
+- */
+-INLINE void ldns_buffer_rewind(ldns_buffer *buffer)
+-{
+- ldns_buffer_invariant(buffer);
+-
+- buffer->_position = 0;
+-}
+-
+-/**
+- * returns the current position in the buffer (as a number of bytes)
+- * \param[in] buffer the buffer
+- * \return the current position
+- */
+-INLINE size_t
+-ldns_buffer_position(ldns_buffer *buffer)
+-{
+- return buffer->_position;
+-}
+-
+-/**
+- * sets the buffer's position to MARK. The position must be less than
+- * or equal to the buffer's limit.
+- * \param[in] buffer the buffer
+- * \param[in] mark the mark to use
+- */
+-INLINE void
+-ldns_buffer_set_position(ldns_buffer *buffer, size_t mark)
+-{
+- assert(mark <= buffer->_limit);
+- buffer->_position = mark;
+-}
+-
+-/**
+- * changes the buffer's position by COUNT bytes. The position must not
+- * be moved behind the buffer's limit or before the beginning of the
+- * buffer.
+- * \param[in] buffer the buffer
+- * \param[in] count the count to use
+- */
+-INLINE void
+-ldns_buffer_skip(ldns_buffer *buffer, ssize_t count)
+-{
+- assert(buffer->_position + count <= buffer->_limit);
+- buffer->_position += count;
+-}
+-
+-/**
+- * returns the maximum size of the buffer
+- * \param[in] buffer
+- * \return the size
+- */
+-INLINE size_t
+-ldns_buffer_limit(ldns_buffer *buffer)
+-{
+- return buffer->_limit;
+-}
+-
+-/**
+- * changes the buffer's limit. If the buffer's position is greater
+- * than the new limit the position is set to the limit.
+- * \param[in] buffer the buffer
+- * \param[in] limit the new limit
+- */
+-INLINE void
+-ldns_buffer_set_limit(ldns_buffer *buffer, size_t limit)
+-{
+- assert(limit <= buffer->_capacity);
+- buffer->_limit = limit;
+- if (buffer->_position > buffer->_limit)
+- buffer->_position = buffer->_limit;
+-}
+-
+-/**
+- * returns the number of bytes the buffer can hold.
+- * \param[in] buffer the buffer
+- * \return the number of bytes
+- */
+-INLINE size_t
+-ldns_buffer_capacity(ldns_buffer *buffer)
+-{
+- return buffer->_capacity;
+-}
+-
+-/**
+- * changes the buffer's capacity. The data is reallocated so any
+- * pointers to the data may become invalid. The buffer's limit is set
+- * to the buffer's new capacity.
+- * \param[in] buffer the buffer
+- * \param[in] capacity the capacity to use
+- * \return whether this failed or succeeded
+- */
+-bool ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity);
+-
+-/**
+- * ensures BUFFER can contain at least AMOUNT more bytes. The buffer's
+- * capacity is increased if necessary using buffer_set_capacity().
+- *
+- * The buffer's limit is always set to the (possibly increased)
+- * capacity.
+- * \param[in] buffer the buffer
+- * \param[in] amount amount to use
+- * \return whether this failed or succeeded
+- */
+-bool ldns_buffer_reserve(ldns_buffer *buffer, size_t amount);
+-
+-/**
+- * returns a pointer to the data at the indicated position.
+- * \param[in] buffer the buffer
+- * \param[in] at position
+- * \return the pointer to the data
+- */
+-INLINE uint8_t *
+-ldns_buffer_at(const ldns_buffer *buffer, size_t at)
+-{
+- assert(at <= buffer->_limit);
+- return buffer->_data + at;
+-}
+-
+-/**
+- * returns a pointer to the beginning of the buffer (the data at
+- * position 0).
+- * \param[in] buffer the buffer
+- * \return the pointer
+- */
+-INLINE uint8_t *
+-ldns_buffer_begin(const ldns_buffer *buffer)
+-{
+- return ldns_buffer_at(buffer, 0);
+-}
+-
+-/**
+- * returns a pointer to the end of the buffer (the data at the buffer's
+- * limit).
+- * \param[in] buffer the buffer
+- * \return the pointer
+- */
+-INLINE uint8_t *
+-ldns_buffer_end(ldns_buffer *buffer)
+-{
+- return ldns_buffer_at(buffer, buffer->_limit);
+-}
+-
+-/**
+- * returns a pointer to the data at the buffer's current position.
+- * \param[in] buffer the buffer
+- * \return the pointer
+- */
+-INLINE uint8_t *
+-ldns_buffer_current(ldns_buffer *buffer)
+-{
+- return ldns_buffer_at(buffer, buffer->_position);
+-}
+-
+-/**
+- * returns the number of bytes remaining between the indicated position and
+- * the limit.
+- * \param[in] buffer the buffer
+- * \param[in] at indicated position
+- * \return number of bytes
+- */
+-INLINE size_t
+-ldns_buffer_remaining_at(ldns_buffer *buffer, size_t at)
+-{
+- ldns_buffer_invariant(buffer);
+- assert(at <= buffer->_limit);
+- return buffer->_limit - at;
+-}
+-
+-/**
+- * returns the number of bytes remaining between the buffer's position and
+- * limit.
+- * \param[in] buffer the buffer
+- * \return the number of bytes
+- */
+-INLINE size_t
+-ldns_buffer_remaining(ldns_buffer *buffer)
+-{
+- return ldns_buffer_remaining_at(buffer, buffer->_position);
+-}
+-
+-/**
+- * checks if the buffer has at least COUNT more bytes available.
+- * Before reading or writing the caller needs to ensure enough space
+- * is available!
+- * \param[in] buffer the buffer
+- * \param[in] at indicated position
+- * \param[in] count how much is available
+- * \return true or false (as int?)
+- */
+-INLINE int
+-ldns_buffer_available_at(ldns_buffer *buffer, size_t at, size_t count)
+-{
+- return count <= ldns_buffer_remaining_at(buffer, at);
+-}
+-
+-/**
+- * checks if the buffer has count bytes available at the current position
+- * \param[in] buffer the buffer
+- * \param[in] count how much is available
+- * \return true or false (as int?)
+- */
+-INLINE int
+-ldns_buffer_available(ldns_buffer *buffer, size_t count)
+-{
+- return ldns_buffer_available_at(buffer, buffer->_position, count);
+-}
+-
+-/**
+- * writes the given data to the buffer at the specified position
+- * \param[in] buffer the buffer
+- * \param[in] at the position (in number of bytes) to write the data at
+- * \param[in] data pointer to the data to write to the buffer
+- * \param[in] count the number of bytes of data to write
+- */
+-INLINE void
+-ldns_buffer_write_at(ldns_buffer *buffer, size_t at, const void *data, size_t count)
+-{
+- assert(ldns_buffer_available_at(buffer, at, count));
+- memcpy(buffer->_data + at, data, count);
+-}
+-
+-/**
+- * writes count bytes of data to the current position of the buffer
+- * \param[in] buffer the buffer
+- * \param[in] data the data to write
+- * \param[in] count the lenght of the data to write
+- */
+-INLINE void
+-ldns_buffer_write(ldns_buffer *buffer, const void *data, size_t count)
+-{
+- ldns_buffer_write_at(buffer, buffer->_position, data, count);
+- buffer->_position += count;
+-}
+-
+-/**
+- * copies the given (null-delimited) string to the specified position at the buffer
+- * \param[in] buffer the buffer
+- * \param[in] at the position in the buffer
+- * \param[in] str the string to write
+- */
+-INLINE void
+-ldns_buffer_write_string_at(ldns_buffer *buffer, size_t at, const char *str)
+-{
+- ldns_buffer_write_at(buffer, at, str, strlen(str));
+-}
+-
+-/**
+- * copies the given (null-delimited) string to the current position at the buffer
+- * \param[in] buffer the buffer
+- * \param[in] str the string to write
+- */
+-INLINE void
+-ldns_buffer_write_string(ldns_buffer *buffer, const char *str)
+-{
+- ldns_buffer_write(buffer, str, strlen(str));
+-}
+-
+-/**
+- * writes the given byte of data at the given position in the buffer
+- * \param[in] buffer the buffer
+- * \param[in] at the position in the buffer
+- * \param[in] data the 8 bits to write
+- */
+-INLINE void
+-ldns_buffer_write_u8_at(ldns_buffer *buffer, size_t at, uint8_t data)
+-{
+- assert(ldns_buffer_available_at(buffer, at, sizeof(data)));
+- buffer->_data[at] = data;
+-}
+-
+-/**
+- * writes the given byte of data at the current position in the buffer
+- * \param[in] buffer the buffer
+- * \param[in] data the 8 bits to write
+- */
+-INLINE void
+-ldns_buffer_write_u8(ldns_buffer *buffer, uint8_t data)
+-{
+- ldns_buffer_write_u8_at(buffer, buffer->_position, data);
+- buffer->_position += sizeof(data);
+-}
+-
+-/**
+- * writes the given 2 byte integer at the given position in the buffer
+- * \param[in] buffer the buffer
+- * \param[in] at the position in the buffer
+- * \param[in] data the 16 bits to write
+- */
+-INLINE void
+-ldns_buffer_write_u16_at(ldns_buffer *buffer, size_t at, uint16_t data)
+-{
+- assert(ldns_buffer_available_at(buffer, at, sizeof(data)));
+- ldns_write_uint16(buffer->_data + at, data);
+-}
+-
+-/**
+- * writes the given 2 byte integer at the current position in the buffer
+- * \param[in] buffer the buffer
+- * \param[in] data the 16 bits to write
+- */
+-INLINE void
+-ldns_buffer_write_u16(ldns_buffer *buffer, uint16_t data)
+-{
+- ldns_buffer_write_u16_at(buffer, buffer->_position, data);
+- buffer->_position += sizeof(data);
+-}
+-
+-/**
+- * writes the given 4 byte integer at the given position in the buffer
+- * \param[in] buffer the buffer
+- * \param[in] at the position in the buffer
+- * \param[in] data the 32 bits to write
+- */
+-INLINE void
+-ldns_buffer_write_u32_at(ldns_buffer *buffer, size_t at, uint32_t data)
+-{
+- assert(ldns_buffer_available_at(buffer, at, sizeof(data)));
+- ldns_write_uint32(buffer->_data + at, data);
+-}
+-
+-/**
+- * writes the given 4 byte integer at the current position in the buffer
+- * \param[in] buffer the buffer
+- * \param[in] data the 32 bits to write
+- */
+-INLINE void
+-ldns_buffer_write_u32(ldns_buffer *buffer, uint32_t data)
+-{
+- ldns_buffer_write_u32_at(buffer, buffer->_position, data);
+- buffer->_position += sizeof(data);
+-}
+-
+-/**
+- * copies count bytes of data at the given position to the given data-array
+- * \param[in] buffer the buffer
+- * \param[in] at the position in the buffer to start
+- * \param[out] data buffer to copy to
+- * \param[in] count the length of the data to copy
+- */
+-INLINE void
+-ldns_buffer_read_at(ldns_buffer *buffer, size_t at, void *data, size_t count)
+-{
+- assert(ldns_buffer_available_at(buffer, at, count));
+- memcpy(data, buffer->_data + at, count);
+-}
+-
+-/**
+- * copies count bytes of data at the current position to the given data-array
+- * \param[in] buffer the buffer
+- * \param[out] data buffer to copy to
+- * \param[in] count the length of the data to copy
+- */
+-INLINE void
+-ldns_buffer_read(ldns_buffer *buffer, void *data, size_t count)
+-{
+- ldns_buffer_read_at(buffer, buffer->_position, data, count);
+- buffer->_position += count;
+-}
+-
+-/**
+- * returns the byte value at the given position in the buffer
+- * \param[in] buffer the buffer
+- * \param[in] at the position in the buffer
+- * \return 1 byte integer
+- */
+-INLINE uint8_t
+-ldns_buffer_read_u8_at(ldns_buffer *buffer, size_t at)
+-{
+- assert(ldns_buffer_available_at(buffer, at, sizeof(uint8_t)));
+- return buffer->_data[at];
+-}
+-
+-/**
+- * returns the byte value at the current position in the buffer
+- * \param[in] buffer the buffer
+- * \return 1 byte integer
+- */
+-INLINE uint8_t
+-ldns_buffer_read_u8(ldns_buffer *buffer)
+-{
+- uint8_t result = ldns_buffer_read_u8_at(buffer, buffer->_position);
+- buffer->_position += sizeof(uint8_t);
+- return result;
+-}
+-
+-/**
+- * returns the 2-byte integer value at the given position in the buffer
+- * \param[in] buffer the buffer
+- * \param[in] at position in the buffer
+- * \return 2 byte integer
+- */
+-INLINE uint16_t
+-ldns_buffer_read_u16_at(ldns_buffer *buffer, size_t at)
+-{
+- assert(ldns_buffer_available_at(buffer, at, sizeof(uint16_t)));
+- return ldns_read_uint16(buffer->_data + at);
+-}
+-
+-/**
+- * returns the 2-byte integer value at the current position in the buffer
+- * \param[in] buffer the buffer
+- * \return 2 byte integer
+- */
+-INLINE uint16_t
+-ldns_buffer_read_u16(ldns_buffer *buffer)
+-{
+- uint16_t result = ldns_buffer_read_u16_at(buffer, buffer->_position);
+- buffer->_position += sizeof(uint16_t);
+- return result;
+-}
+-
+-/**
+- * returns the 4-byte integer value at the given position in the buffer
+- * \param[in] buffer the buffer
+- * \param[in] at position in the buffer
+- * \return 4 byte integer
+- */
+-INLINE uint32_t
+-ldns_buffer_read_u32_at(ldns_buffer *buffer, size_t at)
+-{
+- assert(ldns_buffer_available_at(buffer, at, sizeof(uint32_t)));
+- return ldns_read_uint32(buffer->_data + at);
+-}
+-
+-/**
+- * returns the 4-byte integer value at the current position in the buffer
+- * \param[in] buffer the buffer
+- * \return 4 byte integer
+- */
+-INLINE uint32_t
+-ldns_buffer_read_u32(ldns_buffer *buffer)
+-{
+- uint32_t result = ldns_buffer_read_u32_at(buffer, buffer->_position);
+- buffer->_position += sizeof(uint32_t);
+- return result;
+-}
+-
+-/**
+- * returns the status of the buffer
+- * \param[in] buffer
+- * \return the status
+- */
+-INLINE ldns_status
+-ldns_buffer_status(ldns_buffer *buffer)
+-{
+- return buffer->_status;
+-}
+-
+-/**
+- * returns true if the status of the buffer is LDNS_STATUS_OK, false otherwise
+- * \param[in] buffer the buffer
+- * \return true or false
+- */
+-INLINE bool
+-ldns_buffer_status_ok(ldns_buffer *buffer)
+-{
+- if (buffer) {
+- return ldns_buffer_status(buffer) == LDNS_STATUS_OK;
+- } else {
+- return false;
+- }
+-}
+-
+-/**
+- * prints to the buffer, increasing the capacity if required using
+- * buffer_reserve(). The buffer's position is set to the terminating '\\0'
+- * Returns the number of characters written (not including the
+- * terminating '\\0') or -1 on failure.
+- */
+-int ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...);
+-/* ATTR_FORMAT(printf, 2, 3);*/
+-
+-/**
+- * frees the buffer.
+- * \param[in] *buffer the buffer to be freed
+- * \return void
+- */
+-void ldns_buffer_free(ldns_buffer *buffer);
+-
+-/**
+- * Makes the buffer fixed and returns a pointer to the data. The
+- * caller is responsible for free'ing the result.
+- * \param[in] *buffer the buffer to be exported
+- * \return void
+- */
+-void *ldns_buffer_export(ldns_buffer *buffer);
+-
+-/**
+- * Copy contents of the from buffer to the result buffer and then flips
+- * the result buffer. Data will be silently truncated if the result buffer is
+- * too small.
+- * \param[out] *result resulting buffer which is copied to.
+- * \param[in] *from what to copy to result.
+- */
+-void ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_BUFFER_H */
+diff --git a/include/ldns/common.h b/include/ldns/common.h
+deleted file mode 100644
+index 9abd9b9..0000000
+--- a/include/ldns/common.h
++++ /dev/null
+@@ -1,78 +0,0 @@
+-/**
+- * \file common.h
+- *
+- * Common definitions for LDNS
+- */
+-
+-/**
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#ifndef LDNS_COMMON_H
+-#define LDNS_COMMON_H
+-
+-/*
+- * The build configuration that is used in the distributed headers,
+- * as detected and determined by the auto configure script.
+- */
+-#define LDNS_BUILD_CONFIG_HAVE_SSL 1
+-#define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H 1
+-#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT 1
+-#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED 1
+-#define LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T 1
+-#define LDNS_BUILD_CONFIG_USE_DANE 1
+-#define LDNS_BUILD_CONFIG_HAVE_B32_PTON 0
+-#define LDNS_BUILD_CONFIG_HAVE_B32_NTOP 0
+-
+-/*
+- * HAVE_STDBOOL_H is not available when distributed as a library, but no build
+- * configuration variables may be used (like those above) because the header
+- * is sometimes only available when using special compiler flags to enable the
+- * c99 environment. Because we cannot force the usage of this flag, we have to
+- * provide a default type. Below what is suggested by the autoconf manual.
+- */
+-/*@ignore@*/
+-/* splint barfs on this construct */
+-#ifndef __bool_true_false_are_defined
+-# ifdef HAVE_STDBOOL_H
+-# include <stdbool.h>
+-# else
+-# ifndef HAVE__BOOL
+-# ifdef __cplusplus
+-typedef bool _Bool;
+-# else
+-# define _Bool signed char
+-# endif
+-# endif
+-# define bool _Bool
+-# define false 0
+-# define true 1
+-# define __bool_true_false_are_defined 1
+-# endif
+-#endif
+-/*@end@*/
+-
+-#if LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT
+-#define ATTR_FORMAT(archetype, string_index, first_to_check) \
+- __attribute__ ((format (archetype, string_index, first_to_check)))
+-#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */
+-#define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */
+-#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */
+-
+-#if defined(__cplusplus)
+-#define ATTR_UNUSED(x)
+-#elif LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED
+-#define ATTR_UNUSED(x) x __attribute__((unused))
+-#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */
+-#define ATTR_UNUSED(x) x
+-#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */
+-
+-#if !LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T
+-typedef int socklen_t;
+-#endif
+-
+-#endif /* LDNS_COMMON_H */
+diff --git a/include/ldns/config.h b/include/ldns/config.h
+deleted file mode 100644
+index d77cc7f..0000000
+--- a/include/ldns/config.h
++++ /dev/null
+@@ -1,590 +0,0 @@
+-#include "EXTERN.h"
+-#include "perl.h"
+-
+-/* Define if building universal (internal helper macro) */
+-/* #undef AC_APPLE_UNIVERSAL_BUILD */
+-
+-/* Define to 1 if you have the <arpa/inet.h> header file. */
+-#define HAVE_ARPA_INET_H 1
+-
+-/* Whether the C compiler accepts the "format" attribute */
+-#define HAVE_ATTR_FORMAT 1
+-
+-/* Whether the C compiler accepts the "unused" attribute */
+-#define HAVE_ATTR_UNUSED 1
+-
+-/* Define to 1 if you have the `b32_ntop' function. */
+-/* #undef HAVE_B32_NTOP */
+-
+-/* Define to 1 if you have the `b32_pton' function. */
+-/* #undef HAVE_B32_PTON */
+-
+-/* Define to 1 if you have the `b64_ntop' function. */
+-/* #undef HAVE_B64_NTOP */
+-
+-/* Define to 1 if you have the `b64_pton' function. */
+-/* #undef HAVE_B64_PTON */
+-
+-/* Define to 1 if you have the `bzero' function. */
+-#define HAVE_BZERO 1
+-
+-/* Define to 1 if you have the `calloc' function. */
+-#define HAVE_CALLOC 1
+-
+-/* Define to 1 if you have the `ctime_r' function. */
+-#define HAVE_CTIME_R 1
+-
+-/* Is a CAFILE given at configure time */
+-#define HAVE_DANE_CA_FILE 0
+-
+-/* Is a CAPATH given at configure time */
+-#define HAVE_DANE_CA_PATH 0
+-
+-/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
+- don't. */
+-#define HAVE_DECL_NID_SECP384R1 1
+-
+-/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0
+- if you don't. */
+-#define HAVE_DECL_NID_X9_62_PRIME256V1 1
+-
+-/* Define to 1 if you have the <dlfcn.h> header file. */
+-#define HAVE_DLFCN_H 1
+-
+-/* Define to 1 if you have the `endprotoent' function. */
+-#define HAVE_ENDPROTOENT 1
+-
+-/* Define to 1 if you have the `endservent' function. */
+-#define HAVE_ENDSERVENT 1
+-
+-/* Define to 1 if you have the `ENGINE_load_cryptodev' function. */
+-#define HAVE_ENGINE_LOAD_CRYPTODEV 1
+-
+-/* Define to 1 if you have the `EVP_sha256' function. */
+-#define HAVE_EVP_SHA256 1
+-
+-/* Define to 1 if you have the `fcntl' function. */
+-#define HAVE_FCNTL 1
+-
+-/* Define to 1 if you have the `fork' function. */
+-#define HAVE_FORK 1
+-
+-/* Whether getaddrinfo is available */
+-#define HAVE_GETADDRINFO 1
+-
+-/* Define to 1 if you have the <getopt.h> header file. */
+-#define HAVE_GETOPT_H 1
+-
+-/* Define to 1 if you have the `gmtime_r' function. */
+-#define HAVE_GMTIME_R 1
+-
+-/* If you have HMAC_CTX_init */
+-#define HAVE_HMAC_CTX_INIT 1
+-
+-/* Define to 1 if you have the `inet_aton' function. */
+-#define HAVE_INET_ATON 1
+-
+-/* Define to 1 if you have the `inet_ntop' function. */
+-#define HAVE_INET_NTOP 1
+-
+-/* Define to 1 if you have the `inet_pton' function. */
+-#define HAVE_INET_PTON 1
+-
+-/* define if you have inttypes.h */
+-#define HAVE_INTTYPES_H 1
+-
+-/* if the function 'ioctlsocket' is available */
+-/* #undef HAVE_IOCTLSOCKET */
+-
+-/* Define to 1 if you have the `isascii' function. */
+-#define HAVE_ISASCII 1
+-
+-/* Define to 1 if you have the `isblank' function. */
+-#define HAVE_ISBLANK 1
+-
+-/* Define to 1 if you have the `pcap' library (-lpcap). */
+-/* #undef HAVE_LIBPCAP */
+-
+-/* Define to 1 if you have the `localtime_r' function. */
+-#define HAVE_LOCALTIME_R 1
+-
+-/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
+- to 0 otherwise. */
+-#define HAVE_MALLOC 1
+-
+-/* Define to 1 if you have the `memmove' function. */
+-#define HAVE_MEMMOVE 1
+-
+-/* Define to 1 if you have the <memory.h> header file. */
+-#define HAVE_MEMORY_H 1
+-
+-/* Define to 1 if you have the `memset' function. */
+-#define HAVE_MEMSET 1
+-
+-/* Define to 1 if you have the <netdb.h> header file. */
+-#define HAVE_NETDB_H 1
+-
+-/* Define to 1 if you have the <netinet/if_ether.h> header file. */
+-/* #undef HAVE_NETINET_IF_ETHER_H */
+-
+-/* Define to 1 if you have the <netinet/igmp.h> header file. */
+-/* #undef HAVE_NETINET_IGMP_H */
+-
+-/* Define to 1 if you have the <netinet/in.h> header file. */
+-#define HAVE_NETINET_IN_H 1
+-
+-/* Define to 1 if you have the <netinet/in_systm.h> header file. */
+-/* #undef HAVE_NETINET_IN_SYSTM_H */
+-
+-/* Define to 1 if you have the <netinet/ip6.h> header file. */
+-/* #undef HAVE_NETINET_IP6_H */
+-
+-/* Define to 1 if you have the <netinet/ip_compat.h> header file. */
+-/* #undef HAVE_NETINET_IP_COMPAT_H */
+-
+-/* Define to 1 if you have the <netinet/ip.h> header file. */
+-/* #undef HAVE_NETINET_IP_H */
+-
+-/* Define to 1 if you have the <netinet/udp.h> header file. */
+-/* #undef HAVE_NETINET_UDP_H */
+-
+-/* Define to 1 if you have the <net/ethernet.h> header file. */
+-/* #undef HAVE_NET_ETHERNET_H */
+-
+-/* Define to 1 if you have the <net/if.h> header file. */
+-/* #undef HAVE_NET_IF_H */
+-
+-/* Define to 1 if you have the <openssl/err.h> header file. */
+-#define HAVE_OPENSSL_ERR_H 1
+-
+-/* Define to 1 if you have the <openssl/rand.h> header file. */
+-#define HAVE_OPENSSL_RAND_H 1
+-
+-/* Define to 1 if you have the <openssl/ssl.h> header file. */
+-#define HAVE_OPENSSL_SSL_H 1
+-
+-/* Define to 1 if you have the <pcap.h> header file. */
+-/* #undef HAVE_PCAP_H */
+-
+-/* Define to 1 if you have the `random' function. */
+-#define HAVE_RANDOM 1
+-
+-/* Define to 1 if your system has a GNU libc compatible `realloc' function,
+- and to 0 otherwise. */
+-#define HAVE_REALLOC 1
+-
+-/* Define to 1 if you have the `sleep' function. */
+-#define HAVE_SLEEP 1
+-
+-/* Define to 1 if you have the `snprintf' function. */
+-#define HAVE_SNPRINTF 1
+-
+-/* Define if you have the SSL libraries installed. */
+-#define HAVE_SSL /**/
+-
+-/* Define to 1 if you have the <stdarg.h> header file. */
+-#define HAVE_STDARG_H 1
+-
+-/* Define to 1 if stdbool.h conforms to C99. */
+-#define HAVE_STDBOOL_H 1
+-
+-/* Define to 1 if you have the <stdint.h> header file. */
+-#define HAVE_STDINT_H 1
+-
+-/* Define to 1 if you have the <stdlib.h> header file. */
+-#define HAVE_STDLIB_H 1
+-
+-/* Define to 1 if you have the <strings.h> header file. */
+-#define HAVE_STRINGS_H 1
+-
+-/* Define to 1 if you have the <string.h> header file. */
+-#define HAVE_STRING_H 1
+-
+-/* Define to 1 if you have the `strlcpy' function. */
+-#ifdef HAS_STRLCPY
+-#define HAVE_STRLCPY 1
+-#else
+-#undef HAVE_STRLCPY
+-#endif
+-
+-/* Define to 1 if you have the `strtoul' function. */
+-#define HAVE_STRTOUL 1
+-
+-/* Define to 1 if you have the <sys/mount.h> header file. */
+-#define HAVE_SYS_MOUNT_H 1
+-
+-/* Define to 1 if you have the <sys/param.h> header file. */
+-#define HAVE_SYS_PARAM_H 1
+-
+-/* define if you have sys/socket.h */
+-#define HAVE_SYS_SOCKET_H 1
+-
+-/* Define to 1 if you have the <sys/stat.h> header file. */
+-#define HAVE_SYS_STAT_H 1
+-
+-/* define if you have sys/types.h */
+-#define HAVE_SYS_TYPES_H 1
+-
+-/* Define to 1 if you have the `timegm' function. */
+-#define HAVE_TIMEGM 1
+-
+-/* Define to 1 if you have the <time.h> header file. */
+-#define HAVE_TIME_H 1
+-
+-/* define if you have unistd.h */
+-#define HAVE_UNISTD_H 1
+-
+-/* Define to 1 if you have the `vfork' function. */
+-#define HAVE_VFORK 1
+-
+-/* Define to 1 if you have the <vfork.h> header file. */
+-/* #undef HAVE_VFORK_H */
+-
+-/* Define to 1 if you have the <winsock2.h> header file. */
+-/* #undef HAVE_WINSOCK2_H */
+-
+-/* Define to 1 if `fork' works. */
+-#define HAVE_WORKING_FORK 1
+-
+-/* Define to 1 if `vfork' works. */
+-#define HAVE_WORKING_VFORK 1
+-
+-/* Define to 1 if you have the <ws2tcpip.h> header file. */
+-/* #undef HAVE_WS2TCPIP_H */
+-
+-/* Define to 1 if the system has the type `_Bool'. */
+-#define HAVE__BOOL 1
+-
+-/* Is a CAFILE given at configure time */
+-/* #undef LDNS_DANE_CA_FILE */
+-
+-/* Is a CAPATH given at configure time */
+-/* #undef LDNS_DANE_CA_PATH */
+-
+-/* Define to the sub-directory where libtool stores uninstalled libraries. */
+-#define LT_OBJDIR ".libs/"
+-
+-/* Define to the address where bug reports for this package should be sent. */
+-#define PACKAGE_BUGREPORT "libdns at nlnetlabs.nl"
+-
+-/* Define to the full name of this package. */
+-#define PACKAGE_NAME "ldns"
+-
+-/* Define to the full name and version of this package. */
+-#define PACKAGE_STRING "ldns 1.6.17"
+-
+-/* Define to the one symbol short name of this package. */
+-#define PACKAGE_TARNAME "libdns"
+-
+-/* Define to the home page for this package. */
+-#define PACKAGE_URL ""
+-
+-/* Define to the version of this package. */
+-#define PACKAGE_VERSION "1.6.17"
+-
+-/* Define this to enable RR type NINFO. */
+-/* #undef RRTYPE_NINFO */
+-
+-/* Define this to enable RR type OPENPGPKEY. */
+-/* #undef RRTYPE_OPENPGPKEY */
+-
+-/* Define this to enable RR type RKEY. */
+-/* #undef RRTYPE_RKEY */
+-
+-/* Define this to enable RR type TA. */
+-/* #undef RRTYPE_TA */
+-
+-/* Define this to enable RR type URI. */
+-/* #undef RRTYPE_URI */
+-
+-/* The size of `time_t', as computed by sizeof. */
+-#define SIZEOF_TIME_T 8
+-
+-/* Define to 1 if you have the ANSI C header files. */
+-#define STDC_HEADERS 1
+-
+-/* Define this to enable messages to stderr. */
+-/* #undef STDERR_MSGS */
+-
+-/* System configuration dir */
+-#define SYSCONFDIR sysconfdir
+-
+-/* Define this to enable DANE support. */
+-#define USE_DANE 1
+-
+-/* Define this to enable ECDSA support. */
+-#define USE_ECDSA 1
+-
+-/* Define this to enable GOST support. */
+-/* #define USE_GOST 1 */
+-
+-/* Define this to enable SHA256 and SHA512 support. */
+-#define USE_SHA2 1
+-
+-/* Enable extensions on AIX 3, Interix. */
+-#ifndef _ALL_SOURCE
+-# define _ALL_SOURCE 1
+-#endif
+-/* Enable GNU extensions on systems that have them. */
+-#ifndef _GNU_SOURCE
+-# define _GNU_SOURCE 1
+-#endif
+-/* Enable threading extensions on Solaris. */
+-#ifndef _POSIX_PTHREAD_SEMANTICS
+-# define _POSIX_PTHREAD_SEMANTICS 1
+-#endif
+-/* Enable extensions on HP NonStop. */
+-#ifndef _TANDEM_SOURCE
+-# define _TANDEM_SOURCE 1
+-#endif
+-/* Enable general extensions on Solaris. */
+-#ifndef __EXTENSIONS__
+-# define __EXTENSIONS__ 1
+-#endif
+-
+-
+-/* Whether the windows socket API is used */
+-/* #undef USE_WINSOCK */
+-
+-/* the version of the windows API enabled */
+-#define WINVER 0x0502
+-
+-/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+- significant byte first (like Motorola and SPARC, unlike Intel). */
+-#if defined AC_APPLE_UNIVERSAL_BUILD
+-# if defined __BIG_ENDIAN__
+-# define WORDS_BIGENDIAN 1
+-# endif
+-#else
+-# ifndef WORDS_BIGENDIAN
+-/* # undef WORDS_BIGENDIAN */
+-# endif
+-#endif
+-
+-/* Define to 1 if on MINIX. */
+-/* #undef _MINIX */
+-
+-/* Enable for compile on Minix */
+-/* #undef _NETBSD_SOURCE */
+-
+-/* Define to 2 if the system does not provide POSIX.1 features except with
+- this defined. */
+-/* #undef _POSIX_1_SOURCE */
+-
+-/* Define to 1 if you need to in order for `stat' and other things to work. */
+-/* #undef _POSIX_SOURCE */
+-
+-/* Define to empty if `const' does not conform to ANSI C. */
+-/* #undef const */
+-
+-/* in_addr_t */
+-/* #undef in_addr_t */
+-
+-/* in_port_t */
+-/* #undef in_port_t */
+-
+-/* Define to `__inline__' or `__inline' if that's what the C compiler
+- calls it, or to nothing if 'inline' is not supported under any name. */
+-#ifndef __cplusplus
+-/* #undef inline */
+-#endif
+-
+-/* Define to `short' if <sys/types.h> does not define. */
+-/* #undef int16_t */
+-
+-/* Define to `int' if <sys/types.h> does not define. */
+-/* #undef int32_t */
+-
+-/* Define to `long long' if <sys/types.h> does not define. */
+-/* #undef int64_t */
+-
+-/* Define to `char' if <sys/types.h> does not define. */
+-/* #undef int8_t */
+-
+-/* Define to `size_t' if <sys/types.h> does not define. */
+-/* #undef intptr_t */
+-
+-/* Define to rpl_malloc if the replacement function should be used. */
+-/* #undef malloc */
+-
+-/* Define to `int' if <sys/types.h> does not define. */
+-/* #undef pid_t */
+-
+-/* Define to rpl_realloc if the replacement function should be used. */
+-/* #undef realloc */
+-
+-/* Define to `unsigned int' if <sys/types.h> does not define. */
+-/* #undef size_t */
+-
+-/* Define to 'int' if not defined */
+-/* #undef socklen_t */
+-
+-/* Fallback member name for socket family in struct sockaddr_storage */
+-/* #undef ss_family */
+-
+-/* Define to `int' if <sys/types.h> does not define. */
+-/* #undef ssize_t */
+-
+-/* Define to `unsigned short' if <sys/types.h> does not define. */
+-/* #undef uint16_t */
+-
+-/* Define to `unsigned int' if <sys/types.h> does not define. */
+-/* #undef uint32_t */
+-
+-/* Define to `unsigned long long' if <sys/types.h> does not define. */
+-/* #undef uint64_t */
+-
+-/* Define to `unsigned char' if <sys/types.h> does not define. */
+-/* #undef uint8_t */
+-
+-/* Define as `fork' if `vfork' does not work. */
+-/* #undef vfork */
+-
+-
+-#include <stdio.h>
+-#include <string.h>
+-#include <unistd.h>
+-#include <assert.h>
+-
+-#ifndef LITTLE_ENDIAN
+-#define LITTLE_ENDIAN 1234
+-#endif
+-
+-#ifndef BIG_ENDIAN
+-#define BIG_ENDIAN 4321
+-#endif
+-
+-#ifndef BYTE_ORDER
+-#ifdef WORDS_BIGENDIAN
+-#define BYTE_ORDER BIG_ENDIAN
+-#else
+-#define BYTE_ORDER LITTLE_ENDIAN
+-#endif /* WORDS_BIGENDIAN */
+-#endif /* BYTE_ORDER */
+-
+-#if STDC_HEADERS
+-#include <stdlib.h>
+-#include <stddef.h>
+-#endif
+-
+-#ifdef HAVE_STDINT_H
+-#include <stdint.h>
+-#endif
+-
+-#ifdef HAVE_SYS_SOCKET_H
+-#include <sys/socket.h>
+-#endif
+-
+-#ifdef HAVE_NETINET_IN_H
+-#include <netinet/in.h>
+-#endif
+-
+-#ifdef HAVE_ARPA_INET_H
+-#include <arpa/inet.h>
+-#endif
+-
+-#ifdef HAVE_WINSOCK2_H
+-#include <winsock2.h>
+-#endif
+-
+-#ifdef HAVE_WS2TCPIP_H
+-#include <ws2tcpip.h>
+-#endif
+-
+-
+-/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
+-#ifdef HAVE_WINSOCK2_H
+-#define FD_SET_T (u_int)
+-#else
+-#define FD_SET_T
+-#endif
+-
+-
+-
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-int ldns_b64_ntop(uint8_t const *src, size_t srclength,
+- char *target, size_t targsize);
+-/**
+- * calculates the size needed to store the result of b64_ntop
+- */
+-/*@unused@*/
+-static inline size_t ldns_b64_ntop_calculate_size(size_t srcsize)
+-{
+- return ((((srcsize + 2) / 3) * 4) + 1);
+-}
+-int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
+-/**
+- * calculates the size needed to store the result of ldns_b64_pton
+- */
+-/*@unused@*/
+-static inline size_t ldns_b64_pton_calculate_size(size_t srcsize)
+-{
+- return (((((srcsize + 3) / 4) * 3)) + 1);
+-}
+-
+-/**
+- * Given in dnssec_zone.c, also used in dnssec_sign.c:w
+-
+- */
+-int ldns_dname_compare_v(const void *a, const void *b);
+-
+-#ifndef HAVE_SLEEP
+-/* use windows sleep, in millisecs, instead */
+-#define sleep(x) Sleep((x)*1000)
+-#endif
+-
+-#ifndef HAVE_RANDOM
+-#define srandom(x) srand(x)
+-#define random(x) rand(x)
+-#endif
+-
+-#ifndef HAVE_TIMEGM
+-#include <time.h>
+-time_t timegm (struct tm *tm);
+-#endif /* !TIMEGM */
+-#ifndef HAVE_GMTIME_R
+-struct tm *gmtime_r(const time_t *timep, struct tm *result);
+-#endif
+-#ifndef HAVE_LOCALTIME_R
+-struct tm *localtime_r(const time_t *timep, struct tm *result);
+-#endif
+-#ifndef HAVE_ISBLANK
+-int isblank(int c);
+-#endif /* !HAVE_ISBLANK */
+-#ifndef HAVE_ISASCII
+-int isascii(int c);
+-#endif /* !HAVE_ISASCII */
+-#ifndef HAVE_SNPRINTF
+-#include <stdarg.h>
+-int snprintf (char *str, size_t count, const char *fmt, ...);
+-int vsnprintf (char *str, size_t count, const char *fmt, va_list arg);
+-#endif /* HAVE_SNPRINTF */
+-#ifndef HAVE_INET_PTON
+-int inet_pton(int af, const char* src, void* dst);
+-#endif /* HAVE_INET_PTON */
+-#ifndef HAVE_INET_NTOP
+-const char *inet_ntop(int af, const void *src, char *dst, size_t size);
+-#endif
+-#ifndef HAVE_INET_ATON
+-int inet_aton(const char *cp, struct in_addr *addr);
+-#endif
+-#ifndef HAVE_MEMMOVE
+-void *memmove(void *dest, const void *src, size_t n);
+-#endif
+-#ifndef HAVE_STRLCPY
+-size_t strlcpy(char *dst, const char *src, size_t siz);
+-#endif
+-#ifdef __cplusplus
+-}
+-#endif
+-#ifndef HAVE_GETADDRINFO
+-#include "compat/fake-rfc2553.h"
+-#endif
+-#ifndef HAVE_STRTOUL
+-#define strtoul (unsigned long)strtol
+-#endif
+-
+diff --git a/include/ldns/dane.h b/include/ldns/dane.h
+deleted file mode 100644
+index 8234eb7..0000000
+--- a/include/ldns/dane.h
++++ /dev/null
+@@ -1,262 +0,0 @@
+-/*
+- * dane.h -- defines for the DNS-Based Authentication of Named Entities (DANE)
+- * Transport Layer Security (TLS) Protocol: TLSA
+- *
+- * Copyright (c) 2012, NLnet Labs. All rights reserved.
+- *
+- * See LICENSE for the license.
+- *
+- */
+-
+-/**
+- * \file
+- *
+- * This module contains base functions for creating and verifying TLSA RR's
+- * with PKIX certificates, certificate chains and validation stores.
+- * (See RFC6394 and RFC6698).
+- *
+- * Since those functions heavily rely op cryptographic operations,
+- * this module is dependent on openssl.
+- */
+-
+-
+-#ifndef LDNS_DANE_H
+-#define LDNS_DANE_H
+-#if LDNS_BUILD_CONFIG_USE_DANE
+-
+-#include <ldns/common.h>
+-#include <ldns/rdata.h>
+-#include <ldns/rr.h>
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-#include <openssl/ssl.h>
+-#include <openssl/err.h>
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * The different "Certificate usage" rdata field values for a TLSA RR.
+- */
+-enum ldns_enum_tlsa_certificate_usage
+-{
+- /** CA constraint */
+- LDNS_TLSA_USAGE_PKIX_TA = 0,
+- LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
+- /** Sevice certificate constraint */
+- LDNS_TLSA_USAGE_PKIX_EE = 1,
+- LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
+- /** Trust anchor assertion */
+- LDNS_TLSA_USAGE_DANE_TA = 2,
+- LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2,
+- /** Domain issued certificate */
+- LDNS_TLSA_USAGE_DANE_EE = 3,
+- LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3,
+- /** Reserved for Private Use */
+- LDNS_TLSA_USAGE_PRIVCERT = 255
+-};
+-typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage;
+-
+-/**
+- * The different "Selector" rdata field values for a TLSA RR.
+- */
+-enum ldns_enum_tlsa_selector
+-{
+- /**
+- * Full certificate: the Certificate binary structure
+- * as defined in [RFC5280]
+- */
+- LDNS_TLSA_SELECTOR_CERT = 0,
+- LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0,
+-
+- /**
+- * SubjectPublicKeyInfo: DER-encoded binary structure
+- * as defined in [RFC5280]
+- */
+- LDNS_TLSA_SELECTOR_SPKI = 1,
+- LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1,
+-
+- /** Reserved for Private Use */
+- LDNS_TLSA_SELECTOR_PRIVSEL = 255
+-};
+-typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
+-
+-/**
+- * The different "Matching type" rdata field values for a TLSA RR.
+- */
+-enum ldns_enum_tlsa_matching_type
+-{
+- /** Exact match on selected content */
+- LDNS_TLSA_MATCHING_TYPE_FULL = 0,
+- LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0,
+- /** SHA-256 hash of selected content [RFC6234] */
+- LDNS_TLSA_MATCHING_TYPE_SHA2_256 = 1,
+- LDNS_TLSA_MATCHING_TYPE_SHA256 = 1,
+- /** SHA-512 hash of selected content [RFC6234] */
+- LDNS_TLSA_MATCHING_TYPE_SHA2_512 = 2,
+- LDNS_TLSA_MATCHING_TYPE_SHA512 = 2,
+- /** Reserved for Private Use */
+- LDNS_TLSA_MATCHING_TYPE_PRIVMATCH = 255
+-};
+-typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type;
+-
+-/**
+- * Known transports to use with TLSA owner names.
+- */
+-enum ldns_enum_dane_transport
+-{
+- /** TCP */
+- LDNS_DANE_TRANSPORT_TCP = 0,
+- /** UDP */
+- LDNS_DANE_TRANSPORT_UDP = 1,
+- /** SCTP */
+- LDNS_DANE_TRANSPORT_SCTP = 2
+-};
+-typedef enum ldns_enum_dane_transport ldns_dane_transport;
+-
+-
+-/**
+- * Creates a dname consisting of the given name, prefixed by the service port
+- * and type of transport: _<EM>port</EM>._<EM>transport</EM>.<EM>name</EM>.
+- *
+- * \param[out] tlsa_owner The created dname.
+- * \param[in] name The dname that should be prefixed.
+- * \param[in] port The service port number for wich the name should be created.
+- * \param[in] transport The transport for wich the name should be created.
+- * \return LDNS_STATUS_OK on success or an error code otherwise.
+- */
+-ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
+- const ldns_rdf* name, uint16_t port,
+- ldns_dane_transport transport);
+-
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * Creates a LDNS_RDF_TYPE_HEX type rdf based on the binary data choosen by
+- * the selector and encoded using matching_type.
+- *
+- * \param[out] rdf The created created rdf of type LDNS_RDF_TYPE_HEX.
+- * \param[in] cert The certificate from which the data is selected
+- * \param[in] selector The full certificate or the public key
+- * \param[in] matching_type The full data or the SHA256 or SHA512 hash
+- * of the selected data
+- * \return LDNS_STATUS_OK on success or an error code otherwise.
+- */
+-ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
+- ldns_tlsa_selector selector,
+- ldns_tlsa_matching_type matching_type);
+-
+-
+-/**
+- * Selects the certificate from cert, extra_certs or the pkix_validation_store
+- * based on the value of cert_usage and index.
+- *
+- * \param[out] selected_cert The selected cert.
+- * \param[in] cert The certificate to validate (or not)
+- * \param[in] extra_certs Intermediate certificates that might be necessary
+- * during validation. May be NULL, except when the certificate
+- * usage is "Trust Anchor Assertion" because the trust anchor has
+- * to be provided.(otherwise choose a "Domain issued certificate!"
+- * \param[in] pkix_validation_store Used when the certificate usage is
+- * "CA constraint" or "Service Certificate Constraint" to
+- * validate the certificate and, in case of "CA constraint",
+- * select the CA.
+- * When pkix_validation_store is NULL, validation is explicitely
+- * turned off and the behaviour is then the same as for "Trust
+- * anchor assertion" and "Domain issued certificate" respectively.
+- * \param[in] cert_usage Which certificate to use and how to validate.
+- * \param[in] index Used to select the trust anchor when certificate usage
+- * is "Trust Anchor Assertion". 0 is the last certificate in the
+- * validation chain. 1 the one but last, etc. When index is -1,
+- * the last certificate is used that MUST be self-signed.
+- * This can help to make sure that the intended (self signed)
+- * trust anchor is actually present in extra_certs (which is a
+- * DANE requirement).
+- *
+- * \return LDNS_STATUS_OK on success or an error code otherwise.
+- */
+-ldns_status ldns_dane_select_certificate(X509** selected_cert,
+- X509* cert, STACK_OF(X509)* extra_certs,
+- X509_STORE* pkix_validation_store,
+- ldns_tlsa_certificate_usage cert_usage, int index);
+-
+-/**
+- * Creates a TLSA resource record from the certificate.
+- * No PKIX validation is performed! The given certificate is used as data
+- * regardless the value of certificate_usage.
+- *
+- * \param[out] tlsa The created TLSA resource record.
+- * \param[in] certificate_usage The value for the Certificate Usage field
+- * \param[in] selector The value for the Selector field
+- * \param[in] matching_type The value for the Matching Type field
+- * \param[in] cert The certificate which data will be represented
+- *
+- * \return LDNS_STATUS_OK on success or an error code otherwise.
+- */
+-ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
+- ldns_tlsa_certificate_usage certificate_usage,
+- ldns_tlsa_selector selector,
+- ldns_tlsa_matching_type matching_type,
+- X509* cert);
+-
+-/**
+- * Verify if the given TLSA resource record matches the given certificate.
+- * Reporting on a TLSA rr mismatch (LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH)
+- * is preferred over PKIX failure (LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE).
+- * So when PKIX validation is required by the TLSA Certificate usage,
+- * but the TLSA data does not match, LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
+- * is returned whether the PKIX validated or not.
+- *
+- * \param[in] tlsa_rr The resource record that specifies what and how to
+- * match the certificate. With tlsa_rr == NULL, regular PKIX
+- * validation is performed.
+- * \param[in] cert The certificate to match (and validate)
+- * \param[in] extra_certs Intermediate certificates that might be necessary
+- * creating the validation chain.
+- * \param[in] pkix_validation_store Used when the certificate usage is
+- * "CA constraint" or "Service Certificate Constraint" to
+- * validate the certificate.
+- *
+- * \return LDNS_STATUS_OK on success,
+- * LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH on TLSA data mismatch,
+- * LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when TLSA matched,
+- * but the PKIX validation failed, or other ldns_status errors.
+- */
+-ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
+- X509* cert, STACK_OF(X509)* extra_certs,
+- X509_STORE* pkix_validation_store);
+-
+-/**
+- * Verify if any of the given TLSA resource records matches the given
+- * certificate.
+- *
+- * \param[in] tlsas The resource records that specify what and how to
+- * match the certificate. One must match for this function
+- * to succeed. With tlsas == NULL or the number of TLSA records
+- * in tlsas == 0, regular PKIX validation is performed.
+- * \param[in] cert The certificate to match (and validate)
+- * \param[in] extra_certs Intermediate certificates that might be necessary
+- * creating the validation chain.
+- * \param[in] pkix_validation_store Used when the certificate usage is
+- * "CA constraint" or "Service Certificate Constraint" to
+- * validate the certificate.
+- *
+- * \return LDNS_STATUS_OK on success,
+- * LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when one of the TLSA's
+- * matched but the PKIX validation failed,
+- * LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH when none of the TLSA's matched,
+- * or other ldns_status errors.
+- */
+-ldns_status ldns_dane_verify(ldns_rr_list* tlsas,
+- X509* cert, STACK_OF(X509)* extra_certs,
+- X509_STORE* pkix_validation_store);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_BUILD_CONFIG_USE_DANE */
+-#endif /* LDNS_DANE_H */
+-
+diff --git a/include/ldns/dname.h b/include/ldns/dname.h
+deleted file mode 100644
+index 291786b..0000000
+--- a/include/ldns/dname.h
++++ /dev/null
+@@ -1,211 +0,0 @@
+-/*
+- * dname.h
+- *
+- * dname definitions
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-/**
+- * \file dname.h
+- *
+- * dname contains function to read and manipulate domain names.
+- *
+- * Example domain names are "www.nlnetlabs.nl." and "." (the root)
+- *
+- * If a domain name ends with a dot ("."), it is called a Fully Qualified
+- * Domain Name (FQDN). In certain places (for instance when reading a zone
+- * file), an origin (which is just another domain name) non-FQDNs will be
+- * placed after the current. For instance, if i have a zone file where the
+- * origin has been set to "nl.", and my file contains the name
+- * "www.nlnetlabs", it will result in "www.nlnetlabs.nl.". Internally, dnames are
+- * always absolute (the dot is added when it is missing and there is no origin).
+- *
+- * An FQDN is also
+- * known as an absolute domain name, therefore the function to check this is
+- * called \ref ldns_dname_str_absolute
+- *
+- * Domain names are stored in \ref ldns_rdf structures, with the type
+- * \ref LDNS_RDF_TYPE_DNAME
+- *
+- * This module is *NOT* about the RR type called DNAME.
+- */
+-
+-
+-#ifndef LDNS_DNAME_H
+-#define LDNS_DNAME_H
+-
+-#include <ldns/common.h>
+-#include <ldns/rdata.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-#define LDNS_DNAME_NORMALIZE tolower
+-
+-/**
+- * concatenates two dnames together
+- * \param[in] rd1 the leftside
+- * \param[in] rd2 the rightside
+- * \return a new rdf with leftside/rightside
+- */
+-ldns_rdf *ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2);
+-
+-/**
+- * concatenates rd2 after rd1 (rd2 is copied, rd1 is modified)
+- * \param[in] rd1 the leftside
+- * \param[in] rd2 the rightside
+- * \return LDNS_STATUS_OK on success
+- */
+-ldns_status ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2);
+-
+-/**
+- * Returns a clone of the given dname with the labels
+- * reversed
+- * \param[in] d the dname to reverse
+- * \return clone of the dname with the labels reversed.
+- */
+-ldns_rdf *ldns_dname_reverse(const ldns_rdf *d);
+-
+-/**
+- * Clones the given dname from the nth label on
+- * \param[in] d The dname to clone
+- * \param[in] n the label nr to clone from, if this is 0, the complete
+- * dname is cloned
+- * \return A newly allocated *rdf structure, containing the cloned dname,
+- * or NULL if either d was NULL, not a dname, or if n >=
+- * label_count
+- */
+-ldns_rdf *
+-ldns_dname_clone_from(const ldns_rdf *d, uint16_t n);
+-
+-/**
+- * chop one label off the left side of a dname. so
+- * wwww.nlnetlabs.nl, becomes nlnetlabs.nl
+- * This new name is a clone and must be freed with ldns_deep_free()
+- * \param[in] d the dname to chop
+- * \return the remaining dname
+- */
+-ldns_rdf *ldns_dname_left_chop(const ldns_rdf *d);
+-
+-/**
+- * count the number of labels inside a LDNS_RDF_DNAME type rdf.
+- * \param[in] *r the rdf
+- * \return the number of labels
+- */
+-uint8_t ldns_dname_label_count(const ldns_rdf *r);
+-
+-/**
+- * creates a new dname rdf from a string.
+- * \param[in] str string to use
+- * \return ldns_rdf* or NULL in case of an error
+- */
+-ldns_rdf *ldns_dname_new_frm_str(const char *str);
+-
+-/**
+- * Create a new dname rdf from a string
+- * \param[in] s the size of the new dname
+- * \param[in] *data pointer to the actual data
+- *
+- * \return ldns_rdf*
+- */
+-ldns_rdf *ldns_dname_new(uint16_t s, void *data);
+-
+-/**
+- * Create a new dname rdf from data (the data is copied)
+- * \param[in] size the size of the data
+- * \param[in] *data pointer to the actual data
+- *
+- * \return ldns_rdf*
+- */
+-ldns_rdf *ldns_dname_new_frm_data(uint16_t size, const void *data);
+-
+-/**
+- * Put a dname into canonical fmt - ie. lowercase it
+- * \param[in] rdf the dname to lowercase
+- * \return void
+- */
+-void ldns_dname2canonical(const ldns_rdf *rdf);
+-
+-/**
+- * test wether the name sub falls under parent (i.e. is a subdomain
+- * of parent). This function will return false if the given dnames are
+- * equal.
+- * \param[in] sub the name to test
+- * \param[in] parent the parent's name
+- * \return true if sub falls under parent, otherwise false
+- */
+-bool ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent);
+-
+-/**
+- * Compares the two dname rdf's according to the algorithm for ordering
+- * in RFC4034 Section 6.
+- * \param[in] dname1 First dname rdf to compare
+- * \param[in] dname2 Second dname rdf to compare
+- * \return -1 if dname1 comes before dname2, 1 if dname1 comes after dname2, and 0 if they are equal.
+- */
+-int ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2);
+-int ldns_dname_compare_v(const void *, const void *);
+-
+-/**
+- * Checks whether the dname matches the given wildcard
+- * \param[in] dname The dname to check
+- * \param[in] wildcard The wildcard to check with
+- * \return 1 If the wildcard matches, OR if 'wildcard' is not a wildcard and
+- * the names are *exactly* the same
+- * 0 If the wildcard does not match, or if it is not a wildcard and
+- * the names are not the same
+- */
+-int ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard);
+-
+-/**
+- * check if middle lays in the interval defined by prev and next
+- * prev <= middle < next. This is usefull for nsec checking
+- * \param[in] prev the previous dname
+- * \param[in] middle the dname to check
+- * \param[in] next the next dname
+- * return 0 on error or unknown, -1 when middle is in the interval, +1 when not
+- */
+-int ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, const ldns_rdf *next);
+-
+-/**
+- * Checks whether the given dname string is absolute (i.e. ends with a '.')
+- * \param[in] *dname_str a string representing the dname
+- * \return true or false
+- */
+-bool ldns_dname_str_absolute(const char *dname_str);
+-
+-/**
+- * Checks whether the given dname is absolute (i.e. ends with a '.')
+- * \param[in] *dname a rdf representing the dname
+- * \return true or false
+- */
+-bool ldns_dname_absolute(const ldns_rdf *dname);
+-
+-/**
+- * look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME
+- * try and retrieve a specific label. The labels are numbered
+- * starting from 0 (left most).
+- * \param[in] rdf the rdf to look in
+- * \param[in] labelpos return the label with this number
+- * \return a ldns_rdf* with the label as name or NULL on error
+- */
+-ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos);
+-
+-/**
+- * Check if dname is a wildcard, starts with *.
+- * \param[in] dname: the rdf to look in
+- * \return true if a wildcard, false if not.
+- */
+-int ldns_dname_is_wildcard(const ldns_rdf* dname);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_DNAME_H */
+diff --git a/include/ldns/dnssec.h b/include/ldns/dnssec.h
+deleted file mode 100644
+index f4cdafb..0000000
+--- a/include/ldns/dnssec.h
++++ /dev/null
+@@ -1,541 +0,0 @@
+-/*
+- * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC)
+- *
+- * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+- *
+- * See LICENSE for the license.
+- *
+- * A bunch of defines that are used in the DNS
+- */
+-
+-/**
+- * \file dnssec.h
+- *
+- * This module contains base functions for DNSSEC operations
+- * (RFC4033 t/m RFC4035).
+- *
+- * Since those functions heavily rely op cryptographic operations,
+- * this module is dependent on openssl.
+- *
+- */
+-
+-
+-#ifndef LDNS_DNSSEC_H
+-#define LDNS_DNSSEC_H
+-
+-#include <ldns/common.h>
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-#include <openssl/ssl.h>
+-#include <openssl/evp.h>
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-#include <ldns/packet.h>
+-#include <ldns/keys.h>
+-#include <ldns/zone.h>
+-#include <ldns/resolver.h>
+-#include <ldns/dnssec_zone.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-#define LDNS_MAX_KEYLEN 2048
+-#define LDNS_DNSSEC_KEYPROTO 3
+-/* default time before sigs expire */
+-#define LDNS_DEFAULT_EXP_TIME 2419200 /* 4 weeks */
+-
+-/** return values for the old-signature callback */
+-#define LDNS_SIGNATURE_LEAVE_ADD_NEW 0
+-#define LDNS_SIGNATURE_LEAVE_NO_ADD 1
+-#define LDNS_SIGNATURE_REMOVE_ADD_NEW 2
+-#define LDNS_SIGNATURE_REMOVE_NO_ADD 3
+-
+-/**
+- * Returns the first RRSIG rr that corresponds to the rrset
+- * with the given name and type
+- *
+- * \param[in] name The dname of the RRset covered by the RRSIG to find
+- * \param[in] type The type of the RRset covered by the RRSIG to find
+- * \param[in] rrs List of rrs to search in
+- * \returns Pointer to the first RRsig ldns_rr found, or NULL if it is
+- * not present
+- */
+-ldns_rr *ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name,
+- const ldns_rr_type type,
+- const ldns_rr_list *rrs);
+-
+-/**
+- * Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if
+- * any
+- *
+- * \param[in] rrsig The rrsig to find the DNSKEY for
+- * \param[in] rrs The rr list to find the key in
+- * \return The DNSKEY that corresponds to the given RRSIG, or NULL if it was
+- * not found.
+- */
+-ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs);
+-
+-/**
+- * Returns the rdata field that contains the bitmap of the covered types of
+- * the given NSEC record
+- *
+- * \param[in] nsec The nsec to get the covered type bitmap of
+- * \return An ldns_rdf containing the bitmap, or NULL on error
+- */
+-ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec);
+-
+-
+-#define LDNS_NSEC3_MAX_ITERATIONS 65535
+-
+-/**
+- * Returns the dname of the closest (provable) encloser
+- */
+-ldns_rdf *
+-ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
+- ldns_rr_type qtype,
+- ldns_rr_list *nsec3s);
+-
+-/**
+- * Checks whether the packet contains rrsigs
+- */
+-bool
+-ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt);
+-
+-/**
+- * Returns a ldns_rr_list containing the signatures covering the given name
+- * and type
+- */
+-ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type);
+-
+-/**
+- * Returns a ldns_rr_list containing the signatures covering the given type
+- */
+-ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type);
+-
+-/**
+- * calculates a keytag of a key for use in DNSSEC.
+- *
+- * \param[in] key the key as an RR to use for the calc.
+- * \return the keytag
+- */
+-uint16_t ldns_calc_keytag(const ldns_rr *key);
+-
+-/**
+- * Calculates keytag of DNSSEC key, operates on wireformat rdata.
+- * \param[in] key the key as uncompressed wireformat rdata.
+- * \param[in] keysize length of key data.
+- * \return the keytag
+- */
+-uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize);
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * converts a buffer holding key material to a DSA key in openssl.
+- *
+- * \param[in] key the key to convert
+- * \return a DSA * structure with the key material
+- */
+-DSA *ldns_key_buf2dsa(ldns_buffer *key);
+-/**
+- * Like ldns_key_buf2dsa, but uses raw buffer.
+- * \param[in] key the uncompressed wireformat of the key.
+- * \param[in] len length of key data
+- * \return a DSA * structure with the key material
+- */
+-DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len);
+-
+-/**
+- * Utility function to calculate hash using generic EVP_MD pointer.
+- * \param[in] data the data to hash.
+- * \param[in] len length of data.
+- * \param[out] dest the destination of the hash, must be large enough.
+- * \param[in] md the message digest to use.
+- * \return true if worked, false on failure.
+- */
+-int ldns_digest_evp(unsigned char* data, unsigned int len,
+- unsigned char* dest, const EVP_MD* md);
+-
+-/**
+- * Converts a holding buffer with key material to EVP PKEY in openssl.
+- * Only available if ldns was compiled with GOST.
+- * \param[in] key data to convert
+- * \param[in] keylen length of the key data
+- * \return the key or NULL on error.
+- */
+-EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen);
+-
+-/**
+- * Converts a holding buffer with key material to EVP PKEY in openssl.
+- * Only available if ldns was compiled with ECDSA.
+- * \param[in] key data to convert
+- * \param[in] keylen length of the key data
+- * \param[in] algo precise algorithm to initialize ECC group values.
+- * \return the key or NULL on error.
+- */
+-EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
+-
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * converts a buffer holding key material to a RSA key in openssl.
+- *
+- * \param[in] key the key to convert
+- * \return a RSA * structure with the key material
+- */
+-RSA *ldns_key_buf2rsa(ldns_buffer *key);
+-
+-/**
+- * Like ldns_key_buf2rsa, but uses raw buffer.
+- * \param[in] key the uncompressed wireformat of the key.
+- * \param[in] len length of key data
+- * \return a RSA * structure with the key material
+- */
+-RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-/**
+- * returns a new DS rr that represents the given key rr.
+- *
+- * \param[in] *key the key to convert
+- * \param[in] h the hash to use LDNS_SHA1/LDNS_SHA256
+- *
+- * \return ldns_rr* a new rr pointer to a DS
+- */
+-ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);
+-
+-/**
+- * Create the type bitmap for an NSEC(3) record
+- */
+-ldns_rdf *
+-ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
+- size_t size,
+- ldns_rr_type nsec_type);
+-
+-/**
+- * returns whether a rrset of the given type is found in the rrsets.
+- *
+- * \param[in] rrsets the rrsets to be tested
+- * \param[in] type the type to test for
+- * \return int 1 if the type was found, 0 otherwise.
+- */
+-int
+-ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type);
+-
+-/**
+- * Creates NSEC
+- */
+-ldns_rr *
+-ldns_dnssec_create_nsec(ldns_dnssec_name *from,
+- ldns_dnssec_name *to,
+- ldns_rr_type nsec_type);
+-
+-
+-/**
+- * Creates NSEC3
+- */
+-ldns_rr *
+-ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
+- ldns_dnssec_name *to,
+- ldns_rdf *zone_name,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt);
+-
+-/**
+- * Create a NSEC record
+- * \param[in] cur_owner the current owner which should be taken as the starting point
+- * \param[in] next_owner the rrlist which the nsec rr should point to
+- * \param[in] rrs all rrs from the zone, to find all RR types of cur_owner in
+- * \return a ldns_rr with the nsec record in it
+- */
+-ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs);
+-
+-/**
+- * Calculates the hashed name using the given parameters
+- * \param[in] *name The owner name to calculate the hash for
+- * \param[in] algorithm The hash algorithm to use
+- * \param[in] iterations The number of hash iterations to use
+- * \param[in] salt_length The length of the salt in bytes
+- * \param[in] salt The salt to use
+- * \return The hashed owner name rdf, without the domain name
+- */
+-ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
+-
+-/**
+- * Sets all the NSEC3 options. The rr to set them in must be initialized with _new() and
+- * type LDNS_RR_TYPE_NSEC3
+- * \param[in] *rr The RR to set the values in
+- * \param[in] algorithm The NSEC3 hash algorithm
+- * \param[in] flags The flags field
+- * \param[in] iterations The number of hash iterations
+- * \param[in] salt_length The length of the salt in bytes
+- * \param[in] salt The salt bytes
+- */
+-void ldns_nsec3_add_param_rdfs(ldns_rr *rr,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt);
+-
+-/* this will NOT return the NSEC3 completed, you will have to run the
+- finalize function on the rrlist later! */
+-ldns_rr *
+-ldns_create_nsec3(ldns_rdf *cur_owner,
+- ldns_rdf *cur_zone,
+- ldns_rr_list *rrs,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt,
+- bool emptynonterminal);
+-
+-/**
+- * Returns the hash algorithm used in the given NSEC3 RR
+- * \param[in] *nsec3_rr The RR to read from
+- * \return The algorithm identifier, or 0 on error
+- */
+-uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr);
+-
+-/**
+- * Returns flags field
+- */
+-uint8_t
+-ldns_nsec3_flags(const ldns_rr *nsec3_rr);
+-
+-/**
+- * Returns true if the opt-out flag has been set in the given NSEC3 RR
+- * \param[in] *nsec3_rr The RR to read from
+- * \return true if the RR has type NSEC3 and the opt-out bit has been set, false otherwise
+- */
+-bool ldns_nsec3_optout(const ldns_rr *nsec3_rr);
+-
+-/**
+- * Returns the number of hash iterations used in the given NSEC3 RR
+- * \param[in] *nsec3_rr The RR to read from
+- * \return The number of iterations
+- */
+-uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr);
+-
+-/**
+- * Returns the salt used in the given NSEC3 RR
+- * \param[in] *nsec3_rr The RR to read from
+- * \return The salt rdf, or NULL on error
+- */
+-ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr);
+-
+-/**
+- * Returns the length of the salt used in the given NSEC3 RR
+- * \param[in] *nsec3_rr The RR to read from
+- * \return The length of the salt in bytes
+- */
+-uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr);
+-
+-/**
+- * Returns the salt bytes used in the given NSEC3 RR
+- * \param[in] *nsec3_rr The RR to read from
+- * \return The salt in bytes, this is alloced, so you need to free it
+- */
+-uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr);
+-
+-/**
+- * Returns the first label of the next ownername in the NSEC3 chain (ie. without the domain)
+- * \param[in] nsec3_rr The RR to read from
+- * \return The first label of the next owner name in the NSEC3 chain, or NULL on error
+- */
+-ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr);
+-
+-/**
+- * Returns the bitmap specifying the covered types of the given NSEC3 RR
+- * \param[in] *nsec3_rr The RR to read from
+- * \return The covered type bitmap rdf
+- */
+-ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr);
+-
+-/**
+- * Calculates the hashed name using the parameters of the given NSEC3 RR
+- * \param[in] *nsec The RR to use the parameters from
+- * \param[in] *name The owner name to calculate the hash for
+- * \return The hashed owner name rdf, without the domain name
+- */
+-ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name);
+-
+-/**
+- * Check if RR type t is enumerated and set in the RR type bitmap rdf.
+- * \param[in] bitmap the RR type bitmap rdf to look in
+- * \param[in] type the type to check for
+- * \return true when t is found and set, otherwise return false
+- */
+-bool ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type);
+-
+-/**
+- * Checks if RR type t is enumerated in the type bitmap rdf and sets the bit.
+- * \param[in] bitmap the RR type bitmap rdf to look in
+- * \param[in] type the type to for which the bit to set
+- * \return LDNS_STATUS_OK on success. LDNS_STATUS_TYPE_NOT_IN_BITMAP is
+- * returned when the bitmap does not contain the bit to set.
+- */
+-ldns_status ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type);
+-
+-/**
+- * Checks if RR type t is enumerated in the type bitmap rdf and clears the bit.
+- * \param[in] bitmap the RR type bitmap rdf to look in
+- * \param[in] type the type to for which the bit to clear
+- * \return LDNS_STATUS_OK on success. LDNS_STATUS_TYPE_NOT_IN_BITMAP is
+- * returned when the bitmap does not contain the bit to clear.
+- */
+-ldns_status ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type);
+-
+-/**
+- * Checks coverage of NSEC(3) RR name span
+- * Remember that nsec and name must both be in canonical form (ie use
+- * \ref ldns_rr2canonical and \ref ldns_dname2canonical prior to calling this
+- * function)
+- *
+- * \param[in] nsec The NSEC RR to check
+- * \param[in] name The owner dname to check, if the nsec record is a NSEC3 record, this should be the hashed name
+- * \return true if the NSEC RR covers the owner name
+- */
+-bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name);
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * verify a packet
+- * \param[in] p the packet
+- * \param[in] t the rr set type to check
+- * \param[in] o the rr set name to check
+- * \param[in] k list of keys
+- * \param[in] s list of sigs (may be null)
+- * \param[out] good_keys keys which validated the packet
+- * \return status
+- *
+- */
+-ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys);
+-
+-/**
+- * verify a packet
+- * \param[in] p the packet
+- * \param[in] t the rr set type to check
+- * \param[in] o the rr set name to check
+- * \param[in] k list of keys
+- * \param[in] s list of sigs (may be null)
+- * \param[in] check_time the time for which the validation is performed
+- * \param[out] good_keys keys which validated the packet
+- * \return status
+- *
+- */
+-ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys);
+-
+-#endif
+-
+-/**
+- * chains nsec3 list
+- */
+-ldns_status
+-ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs);
+-
+-/**
+- * compare for nsec3 sort
+- */
+-int
+-qsort_rr_compare_nsec3(const void *a, const void *b);
+-
+-/**
+- * sort nsec3 list
+- */
+-void
+-ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted);
+-
+-/**
+- * Default callback function to always leave present signatures, and
+- * add new ones
+- * \param[in] sig The signature to check for removal (unused)
+- * \param[in] n Optional argument (unused)
+- * \return LDNS_SIGNATURE_LEAVE_ADD_NEW
+- */
+-int ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n);
+-/**
+- * Default callback function to always leave present signatures, and
+- * add no new ones for the keys of these signatures
+- * \param[in] sig The signature to check for removal (unused)
+- * \param[in] n Optional argument (unused)
+- * \return LDNS_SIGNATURE_LEAVE_NO_ADD
+- */
+-int ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n);
+-/**
+- * Default callback function to always remove present signatures, but
+- * add no new ones
+- * \param[in] sig The signature to check for removal (unused)
+- * \param[in] n Optional argument (unused)
+- * \return LDNS_SIGNATURE_REMOVE_NO_ADD
+- */
+-int ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n);
+-/**
+- * Default callback function to always leave present signatures, and
+- * add new ones
+- * \param[in] sig The signature to check for removal (unused)
+- * \param[in] n Optional argument (unused)
+- * \return LDNS_SIGNATURE_REMOVE_ADD_NEW
+- */
+-int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n);
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * Converts the DSA signature from ASN1 representation (RFC2459, as
+- * used by OpenSSL) to raw signature data as used in DNS (rfc2536)
+- *
+- * \param[in] sig The signature in RFC2459 format
+- * \param[in] sig_len The length of the signature
+- * \return a new rdf with the signature
+- */
+-ldns_rdf *
+-ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
+- const long sig_len);
+-
+-/**
+- * Converts the RRSIG signature RDF (in rfc2536 format) to a buffer
+- * with the signature in rfc2459 format
+- *
+- * \param[out] target_buffer buffer to place the signature data
+- * \param[in] sig_rdf The signature rdf to convert
+- * \return LDNS_STATUS_OK on success, error code otherwise
+- */
+-ldns_status
+-ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
+- const ldns_rdf *sig_rdf);
+-
+-/**
+- * Converts the ECDSA signature from ASN1 representation (as
+- * used by OpenSSL) to raw signature data as used in DNS
+- * This routine is only present if ldns is compiled with ecdsa support.
+- *
+- * \param[in] sig The signature in ASN1 format
+- * \param[in] sig_len The length of the signature
+- * \return a new rdf with the signature
+- */
+-ldns_rdf *
+-ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len);
+-
+-/**
+- * Converts the RRSIG signature RDF (from DNS) to a buffer with the
+- * signature in ASN1 format as openssl uses it.
+- * This routine is only present if ldns is compiled with ecdsa support.
+- *
+- * \param[out] target_buffer buffer to place the signature data in ASN1.
+- * \param[in] sig_rdf The signature rdf to convert
+- * \return LDNS_STATUS_OK on success, error code otherwise
+- */
+-ldns_status
+-ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
+- const ldns_rdf *sig_rdf);
+-
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_DNSSEC_H */
+diff --git a/include/ldns/dnssec_sign.h b/include/ldns/dnssec_sign.h
+deleted file mode 100644
+index f51c7fb..0000000
+--- a/include/ldns/dnssec_sign.h
++++ /dev/null
+@@ -1,383 +0,0 @@
+-/** dnssec_verify */
+-
+-#ifndef LDNS_DNSSEC_SIGN_H
+-#define LDNS_DNSSEC_SIGN_H
+-
+-#include <ldns/dnssec.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/* sign functions */
+-
+-/** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/
+-#define LDNS_SIGN_DNSKEY_WITH_ZSK 1
+-
+-/**
+- * Create an empty RRSIG RR (i.e. without the actual signature data)
+- * \param[in] rrset The RRset to create the signature for
+- * \param[in] key The key that will create the signature
+- * \return signature rr
+- */
+-ldns_rr *
+-ldns_create_empty_rrsig(ldns_rr_list *rrset,
+- ldns_key *key);
+-
+-/**
+- * Sign the buffer which contains the wiredata of an rrset, and the
+- * corresponding empty rrsig rr with the given key
+- * \param[in] sign_buf the buffer with data to sign
+- * \param[in] key the key to sign with
+- * \return an rdata field with the signature data
+- */
+-ldns_rdf *
+-ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key);
+-
+-/**
+- * Sign an rrset
+- * \param[in] rrset the rrset
+- * \param[in] keys the keys to use
+- * \return a rr_list with the signatures
+- */
+-ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys);
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * Sign a buffer with the DSA key (hash with SHA1)
+- * \param[in] to_sign buffer with the data
+- * \param[in] key the key to use
+- * \return a ldns_rdf with the signed data
+- */
+-ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
+-
+-/**
+- * Sign data with EVP (general method for different algorithms)
+- *
+- * \param[in] to_sign The ldns_buffer containing raw data that is
+- * to be signed
+- * \param[in] key The EVP_PKEY key structure to sign with
+- * \param[in] digest_type The digest algorithm to use in the creation of
+- * the signature
+- * \return ldns_rdf for the RRSIG ldns_rr
+- */
+-ldns_rdf *ldns_sign_public_evp(ldns_buffer *to_sign,
+- EVP_PKEY *key,
+- const EVP_MD *digest_type);
+-
+-/**
+- * Sign a buffer with the RSA key (hash with SHA1)
+- * \param[in] to_sign buffer with the data
+- * \param[in] key the key to use
+- * \return a ldns_rdf with the signed data
+- */
+-ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key);
+-
+-/**
+- * Sign a buffer with the RSA key (hash with MD5)
+- * \param[in] to_sign buffer with the data
+- * \param[in] key the key to use
+- * \return a ldns_rdf with the signed data
+- */
+-ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-/**
+- * Marks the names in the zone that are occluded. Those names will be skipped
+- * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
+- * function. But watch out! Names that are partially occluded (like glue with
+- * the same name as the delegation) will not be marked and should specifically
+- * be taken into account separately.
+- *
+- * When glue_list is given (not NULL), in the process of marking the names, all
+- * glue resource records will be pushed to that list, even glue at the delegation name.
+- *
+- * \param[in] zone the zone in which to mark the names
+- * \param[in] glue_list the list to which to push the glue rrs
+- * \return LDNS_STATUS_OK on success, an error code otherwise
+- */
+-ldns_status
+-ldns_dnssec_zone_mark_and_get_glue(
+- ldns_dnssec_zone *zone, ldns_rr_list *glue_list);
+-
+-/**
+- * Marks the names in the zone that are occluded. Those names will be skipped
+- * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
+- * function. But watch out! Names that are partially occluded (like glue with
+- * the same name as the delegation) will not be marked and should specifically
+- * be taken into account separately.
+- *
+- * \param[in] zone the zone in which to mark the names
+- * \return LDNS_STATUS_OK on succesful completion
+- */
+-ldns_status
+-ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone);
+-
+-/**
+- * Finds the first dnssec_name node in the rbtree that is not occluded.
+- * It *does* return names that are partially occluded.
+- *
+- * \param[in] node the first node to check
+- * \return the first node that has not been marked as glue, or NULL
+- * if not found (TODO: make that LDNS_RBTREE_NULL?)
+- */
+-ldns_rbnode_t *ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node);
+-
+-/**
+- * Adds NSEC records to the given dnssec_zone
+- *
+- * \param[in] zone the zone to add the records to
+- * \param[in] new_rrs ldns_rr's created by this function are
+- * added to this rr list, so the caller can free them later
+- * \return LDNS_STATUS_OK on success, an error code otherwise
+- */
+-ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs);
+-
+-/**
+- * Adds NSEC3 records to the zone
+- */
+-ldns_status
+-ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt);
+-
+-/**
+- * remove signatures if callback function tells to
+- *
+- * \param[in] signatures list of signatures to check, and
+- * possibly remove, depending on the value of the
+- * callback
+- * \param[in] key_list these are marked to be used or not,
+- * on the return value of the callback
+- * \param[in] func this function is called to specify what to
+- * do with each signature (and corresponding key)
+- * \param[in] arg Optional argument for the callback function
+- * \returns pointer to the new signatures rrs (the original
+- * passed to this function may have been removed)
+- */
+-ldns_dnssec_rrs *ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg);
+-
+-/**
+- * Adds signatures to the zone
+- *
+- * \param[in] zone the zone to add RRSIG Resource Records to
+- * \param[in] new_rrs the RRSIG RRs that are created are also
+- * added to this list, so the caller can free them
+- * later
+- * \param[in] key_list list of keys to sign with.
+- * \param[in] func Callback function to decide what keys to
+- * use and what to do with old signatures
+- * \param[in] arg Optional argument for the callback function
+- * \param[in] flags option flags for signing process. 0 makes DNSKEY
+- * RRset signed with the minimal key set, that is only SEP keys are used
+- * for signing. If there are no SEP keys available, non-SEP keys will
+- * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all
+- * keys. 0 is the default.
+- * \return LDNS_STATUS_OK on success, error otherwise
+- */
+-ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void*),
+- void *arg,
+- int flags);
+-
+-/**
+- * Adds signatures to the zone
+- *
+- * \param[in] zone the zone to add RRSIG Resource Records to
+- * \param[in] new_rrs the RRSIG RRs that are created are also
+- * added to this list, so the caller can free them
+- * later
+- * \param[in] key_list list of keys to sign with.
+- * \param[in] func Callback function to decide what keys to
+- * use and what to do with old signatures
+- * \param[in] arg Optional argument for the callback function
+- * \return LDNS_STATUS_OK on success, error otherwise
+- */
+-ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void*),
+- void *arg);
+-
+-/**
+- * signs the given zone with the given keys
+- *
+- * \param[in] zone the zone to sign
+- * \param[in] key_list the list of keys to sign the zone with
+- * \param[in] new_rrs newly created resource records are added to this list, to free them later
+- * \param[in] func callback function that decides what to do with old signatures
+- * This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values:
+- * LDNS_SIGNATURE_LEAVE_ADD_NEW:
+- * leave the signature and add a new one for the corresponding key
+- * LDNS_SIGNATURE_REMOVE_ADD_NEW:
+- * remove the signature and replace is with a new one from the same key
+- * LDNS_SIGNATURE_LEAVE_NO_ADD:
+- * leave the signature and do not add a new one with the corresponding key
+- * LDNS_SIGNATURE_REMOVE_NO_ADD:
+- * remove the signature and do not replace
+- *
+- * \param[in] arg optional argument for the callback function
+- * \param[in] flags option flags for signing process. 0 makes DNSKEY
+- * RRset signed with the minimal key set, that is only SEP keys are used
+- * for signing. If there are no SEP keys available, non-SEP keys will
+- * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all
+- * keys. 0 is the default.
+- * \return LDNS_STATUS_OK on success, an error code otherwise
+- */
+-ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg,
+- int flags);
+-
+-/**
+- * signs the given zone with the given new zone, with NSEC3
+- *
+- * \param[in] zone the zone to sign
+- * \param[in] key_list the list of keys to sign the zone with
+- * \param[in] new_rrs newly created resource records are added to this list, to free them later
+- * \param[in] func callback function that decides what to do with old signatures
+- * \param[in] arg optional argument for the callback function
+- * \param[in] algorithm the NSEC3 hashing algorithm to use
+- * \param[in] flags NSEC3 flags
+- * \param[in] iterations the number of NSEC3 hash iterations to use
+- * \param[in] salt_length the length (in octets) of the NSEC3 salt
+- * \param[in] salt the NSEC3 salt data
+- * \param[in] signflags option flags for signing process. 0 is the default.
+- * \return LDNS_STATUS_OK on success, an error code otherwise
+- */
+-ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt,
+- int signflags);
+-
+-/**
+- * signs the given zone with the given new zone, with NSEC3
+- *
+- * \param[in] zone the zone to sign
+- * \param[in] key_list the list of keys to sign the zone with
+- * \param[in] new_rrs newly created resource records are added to this list, to free them later
+- * \param[in] func callback function that decides what to do with old signatures
+- * \param[in] arg optional argument for the callback function
+- * \param[in] algorithm the NSEC3 hashing algorithm to use
+- * \param[in] flags NSEC3 flags
+- * \param[in] iterations the number of NSEC3 hash iterations to use
+- * \param[in] salt_length the length (in octets) of the NSEC3 salt
+- * \param[in] salt the NSEC3 salt data
+- * \param[in] signflags option flags for signing process. 0 is the default.
+- * \param[out] map a referenced rbtree pointer variable. The newly created
+- * rbtree will contain mappings from hashed owner names to the
+- * unhashed name.
+- * \return LDNS_STATUS_OK on success, an error code otherwise
+- */
+-ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt,
+- int signflags,
+- ldns_rbtree_t **map
+- );
+-
+-
+-/**
+- * signs the given zone with the given keys
+- *
+- * \param[in] zone the zone to sign
+- * \param[in] key_list the list of keys to sign the zone with
+- * \param[in] new_rrs newly created resource records are added to this list, to free them later
+- * \param[in] func callback function that decides what to do with old signatures
+- * This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values:
+- * LDNS_SIGNATURE_LEAVE_ADD_NEW:
+- * leave the signature and add a new one for the corresponding key
+- * LDNS_SIGNATURE_REMOVE_ADD_NEW:
+- * remove the signature and replace is with a new one from the same key
+- * LDNS_SIGNATURE_LEAVE_NO_ADD:
+- * leave the signature and do not add a new one with the corresponding key
+- * LDNS_SIGNATURE_REMOVE_NO_ADD:
+- * remove the signature and do not replace
+- *
+- * \param[in] arg optional argument for the callback function
+- * \return LDNS_STATUS_OK on success, an error code otherwise
+- */
+-ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg);
+-
+-/**
+- * signs the given zone with the given new zone, with NSEC3
+- *
+- * \param[in] zone the zone to sign
+- * \param[in] key_list the list of keys to sign the zone with
+- * \param[in] new_rrs newly created resource records are added to this list, to free them later
+- * \param[in] func callback function that decides what to do with old signatures
+- * \param[in] arg optional argument for the callback function
+- * \param[in] algorithm the NSEC3 hashing algorithm to use
+- * \param[in] flags NSEC3 flags
+- * \param[in] iterations the number of NSEC3 hash iterations to use
+- * \param[in] salt_length the length (in octets) of the NSEC3 salt
+- * \param[in] salt the NSEC3 salt data
+- * \return LDNS_STATUS_OK on success, an error code otherwise
+- */
+-ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt);
+-
+-/**
+- * Signs the zone, and returns a newly allocated signed zone
+- * \param[in] zone the zone to sign
+- * \param[in] key_list list of keys to sign with
+- * \return signed zone
+- */
+-ldns_zone *ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list);
+-
+-/**
+- * Signs the zone with NSEC3, and returns a newly allocated signed zone
+- * \param[in] zone the zone to sign
+- * \param[in] key_list list of keys to sign with
+- * \param[in] algorithm the NSEC3 hashing algorithm to use
+- * \param[in] flags NSEC3 flags
+- * \param[in] iterations the number of NSEC3 hash iterations to use
+- * \param[in] salt_length the length (in octets) of the NSEC3 salt
+- * \param[in] salt the NSEC3 salt data
+- * \return signed zone
+- */
+-ldns_zone *ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif
+diff --git a/include/ldns/dnssec_verify.h b/include/ldns/dnssec_verify.h
+deleted file mode 100644
+index e8b1a91..0000000
+--- a/include/ldns/dnssec_verify.h
++++ /dev/null
+@@ -1,857 +0,0 @@
+-/** dnssec_verify */
+-
+-#ifndef LDNS_DNSSEC_VERIFY_H
+-#define LDNS_DNSSEC_VERIFY_H
+-
+-#define LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS 10
+-
+-#include <ldns/dnssec.h>
+-#include <ldns/host2str.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * Chain structure that contains all DNSSEC data needed to
+- * verify an rrset
+- */
+-typedef struct ldns_dnssec_data_chain_struct ldns_dnssec_data_chain;
+-struct ldns_dnssec_data_chain_struct
+-{
+- ldns_rr_list *rrset;
+- ldns_rr_list *signatures;
+- ldns_rr_type parent_type;
+- ldns_dnssec_data_chain *parent;
+- ldns_pkt_rcode packet_rcode;
+- ldns_rr_type packet_qtype;
+- bool packet_nodata;
+-};
+-
+-/**
+- * Creates a new dnssec_chain structure
+- * \return ldns_dnssec_data_chain *
+- */
+-ldns_dnssec_data_chain *ldns_dnssec_data_chain_new(void);
+-
+-/**
+- * Frees a dnssec_data_chain structure
+- *
+- * \param[in] *chain The chain to free
+- */
+-void ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain);
+-
+-/**
+- * Frees a dnssec_data_chain structure, and all data
+- * contained therein
+- *
+- * \param[in] *chain The dnssec_data_chain to free
+- */
+-void ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain);
+-
+-/**
+- * Prints the dnssec_data_chain to the given file stream
+- *
+- * \param[in] *out The file stream to print to
+- * \param[in] *chain The dnssec_data_chain to print
+- */
+-void ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain);
+-
+-/**
+- * Prints the dnssec_data_chain to the given file stream
+- *
+- * \param[in] *out The file stream to print to
+- * \param[in] *fmt The format of the textual representation
+- * \param[in] *chain The dnssec_data_chain to print
+- */
+-void ldns_dnssec_data_chain_print_fmt(FILE *out,
+- const ldns_output_format *fmt,
+- const ldns_dnssec_data_chain *chain);
+-
+-/**
+- * Build an ldns_dnssec_data_chain, which contains all
+- * DNSSEC data that is needed to derive the trust tree later
+- *
+- * The data_set will be cloned
+- *
+- * \param[in] *res resolver structure for further needed queries
+- * \param[in] qflags resolution flags
+- * \param[in] *data_set The original rrset where the chain ends
+- * \param[in] *pkt optional, can contain the original packet
+- * (and hence the sigs and maybe the key)
+- * \param[in] *orig_rr The original Resource Record
+- *
+- * \return the DNSSEC data chain
+- */
+-ldns_dnssec_data_chain *ldns_dnssec_build_data_chain(ldns_resolver *res,
+- const uint16_t qflags,
+- const ldns_rr_list *data_set,
+- const ldns_pkt *pkt,
+- ldns_rr *orig_rr);
+-
+-/**
+- * Tree structure that contains the relation of DNSSEC data,
+- * and their cryptographic status.
+- *
+- * This tree is derived from a data_chain, and can be used
+- * to look whether there is a connection between an RRSET
+- * and a trusted key. The tree only contains pointers to the
+- * data_chain, and therefore one should *never* free() the
+- * data_chain when there is still a trust tree derived from
+- * that chain.
+- *
+- * Example tree:
+- * key key key
+- * \ | /
+- * \ | /
+- * \ | /
+- * ds
+- * |
+- * key
+- * |
+- * key
+- * |
+- * rr
+- *
+- * For each signature there is a parent; if the parent
+- * pointer is null, it couldn't be found and there was no
+- * denial; otherwise is a tree which contains either a
+- * DNSKEY, a DS, or a NSEC rr
+- */
+-typedef struct ldns_dnssec_trust_tree_struct ldns_dnssec_trust_tree;
+-struct ldns_dnssec_trust_tree_struct
+-{
+- ldns_rr *rr;
+- /* the complete rrset this rr was in */
+- ldns_rr_list *rrset;
+- ldns_dnssec_trust_tree *parents[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
+- ldns_status parent_status[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
+- /** for debugging, add signatures too (you might want
+- those if they contain errors) */
+- ldns_rr *parent_signature[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
+- size_t parent_count;
+-};
+-
+-/**
+- * Creates a new (empty) dnssec_trust_tree structure
+- *
+- * \return ldns_dnssec_trust_tree *
+- */
+-ldns_dnssec_trust_tree *ldns_dnssec_trust_tree_new(void);
+-
+-/**
+- * Frees the dnssec_trust_tree recursively
+- *
+- * There is no deep free; all data in the trust tree
+- * consists of pointers to a data_chain
+- *
+- * \param[in] tree The tree to free
+- */
+-void ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree);
+-
+-/**
+- * returns the depth of the trust tree
+- *
+- * \param[in] tree tree to calculate the depth of
+- * \return The depth of the tree
+- */
+-size_t ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree);
+-
+-/**
+- * Prints the dnssec_trust_tree structure to the given file
+- * stream.
+- *
+- * If a link status is not LDNS_STATUS_OK; the status and
+- * relevant signatures are printed too
+- *
+- * \param[in] *out The file stream to print to
+- * \param[in] tree The trust tree to print
+- * \param[in] tabs Prepend each line with tabs*2 spaces
+- * \param[in] extended If true, add little explanation lines to the output
+- */
+-void ldns_dnssec_trust_tree_print(FILE *out,
+- ldns_dnssec_trust_tree *tree,
+- size_t tabs,
+- bool extended);
+-
+-/**
+- * Prints the dnssec_trust_tree structure to the given file
+- * stream.
+- *
+- * If a link status is not LDNS_STATUS_OK; the status and
+- * relevant signatures are printed too
+- *
+- * \param[in] *out The file stream to print to
+- * \param[in] *fmt The format of the textual representation
+- * \param[in] tree The trust tree to print
+- * \param[in] tabs Prepend each line with tabs*2 spaces
+- * \param[in] extended If true, add little explanation lines to the output
+- */
+-void ldns_dnssec_trust_tree_print_fmt(FILE *out,
+- const ldns_output_format *fmt,
+- ldns_dnssec_trust_tree *tree,
+- size_t tabs,
+- bool extended);
+-
+-/**
+- * Adds a trust tree as a parent for the given trust tree
+- *
+- * \param[in] *tree The tree to add the parent to
+- * \param[in] *parent The parent tree to add
+- * \param[in] *parent_signature The RRSIG relevant to this parent/child
+- * connection
+- * \param[in] parent_status The DNSSEC status for this parent, child and RRSIG
+- * \return LDNS_STATUS_OK if the addition succeeds, error otherwise
+- */
+-ldns_status ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree,
+- const ldns_dnssec_trust_tree *parent,
+- const ldns_rr *parent_signature,
+- const ldns_status parent_status);
+-
+-/**
+- * Generates a dnssec_trust_tree for the given rr from the
+- * given data_chain
+- *
+- * This does not clone the actual data; Don't free the
+- * data_chain before you are done with this tree
+- *
+- * \param[in] *data_chain The chain to derive the trust tree from
+- * \param[in] *rr The RR this tree will be about
+- * \return ldns_dnssec_trust_tree *
+- */
+-ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree(
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *rr);
+-
+-/**
+- * Generates a dnssec_trust_tree for the given rr from the
+- * given data_chain
+- *
+- * This does not clone the actual data; Don't free the
+- * data_chain before you are done with this tree
+- *
+- * \param[in] *data_chain The chain to derive the trust tree from
+- * \param[in] *rr The RR this tree will be about
+- * \param[in] check_time the time for which the validation is performed
+- * \return ldns_dnssec_trust_tree *
+- */
+-ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree_time(
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *rr, time_t check_time);
+-
+-/**
+- * Sub function for derive_trust_tree that is used for a 'normal' rrset
+- *
+- * \param[in] new_tree The trust tree that we are building
+- * \param[in] data_chain The data chain containing the data for the trust tree
+- * \param[in] cur_sig_rr The currently relevant signature
+- */
+-void ldns_dnssec_derive_trust_tree_normal_rrset(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_sig_rr);
+-
+-/**
+- * Sub function for derive_trust_tree that is used for a 'normal' rrset
+- *
+- * \param[in] new_tree The trust tree that we are building
+- * \param[in] data_chain The data chain containing the data for the trust tree
+- * \param[in] cur_sig_rr The currently relevant signature
+- * \param[in] check_time the time for which the validation is performed
+- */
+-void ldns_dnssec_derive_trust_tree_normal_rrset_time(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_sig_rr, time_t check_time);
+-
+-
+-/**
+- * Sub function for derive_trust_tree that is used for DNSKEY rrsets
+- *
+- * \param[in] new_tree The trust tree that we are building
+- * \param[in] data_chain The data chain containing the data for the trust tree
+- * \param[in] cur_rr The currently relevant DNSKEY RR
+- * \param[in] cur_sig_rr The currently relevant signature
+- */
+-void ldns_dnssec_derive_trust_tree_dnskey_rrset(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_rr,
+- ldns_rr *cur_sig_rr);
+-
+-/**
+- * Sub function for derive_trust_tree that is used for DNSKEY rrsets
+- *
+- * \param[in] new_tree The trust tree that we are building
+- * \param[in] data_chain The data chain containing the data for the trust tree
+- * \param[in] cur_rr The currently relevant DNSKEY RR
+- * \param[in] cur_sig_rr The currently relevant signature
+- * \param[in] check_time the time for which the validation is performed
+- */
+-void ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_rr, ldns_rr *cur_sig_rr,
+- time_t check_time);
+-
+-/**
+- * Sub function for derive_trust_tree that is used for DS rrsets
+- *
+- * \param[in] new_tree The trust tree that we are building
+- * \param[in] data_chain The data chain containing the data for the trust tree
+- * \param[in] cur_rr The currently relevant DS RR
+- */
+-void ldns_dnssec_derive_trust_tree_ds_rrset(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_rr);
+-
+-/**
+- * Sub function for derive_trust_tree that is used for DS rrsets
+- *
+- * \param[in] new_tree The trust tree that we are building
+- * \param[in] data_chain The data chain containing the data for the trust tree
+- * \param[in] cur_rr The currently relevant DS RR
+- * \param[in] check_time the time for which the validation is performed
+- */
+-void ldns_dnssec_derive_trust_tree_ds_rrset_time(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_rr, time_t check_time);
+-
+-/**
+- * Sub function for derive_trust_tree that is used when there are no
+- * signatures
+- *
+- * \param[in] new_tree The trust tree that we are building
+- * \param[in] data_chain The data chain containing the data for the trust tree
+- */
+-void ldns_dnssec_derive_trust_tree_no_sig(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain);
+-
+-/**
+- * Sub function for derive_trust_tree that is used when there are no
+- * signatures
+- *
+- * \param[in] new_tree The trust tree that we are building
+- * \param[in] data_chain The data chain containing the data for the trust tree
+- * \param[in] check_time the time for which the validation is performed
+- */
+-void ldns_dnssec_derive_trust_tree_no_sig_time(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- time_t check_time);
+-
+-
+-/**
+- * Returns OK if there is a trusted path in the tree to one of
+- * the DNSKEY or DS RRs in the given list
+- *
+- * \param *tree The trust tree so search
+- * \param *keys A ldns_rr_list of DNSKEY and DS rrs to look for
+- *
+- * \return LDNS_STATUS_OK if there is a trusted path to one of
+- * the keys, or the *first* error encountered
+- * if there were no paths
+- */
+-ldns_status ldns_dnssec_trust_tree_contains_keys(
+- ldns_dnssec_trust_tree *tree,
+- ldns_rr_list *keys);
+-
+-/**
+- * Verifies a list of signatures for one rrset.
+- *
+- * \param[in] rrset the rrset to verify
+- * \param[in] rrsig a list of signatures to check
+- * \param[in] keys a list of keys to check with
+- * \param[out] good_keys if this is a (initialized) list, the pointer to keys
+- * from keys that validate one of the signatures
+- * are added to it
+- * \return status LDNS_STATUS_OK if there is at least one correct key
+- */
+-ldns_status ldns_verify(ldns_rr_list *rrset,
+- ldns_rr_list *rrsig,
+- const ldns_rr_list *keys,
+- ldns_rr_list *good_keys);
+-
+-/**
+- * Verifies a list of signatures for one rrset.
+- *
+- * \param[in] rrset the rrset to verify
+- * \param[in] rrsig a list of signatures to check
+- * \param[in] keys a list of keys to check with
+- * \param[in] check_time the time for which the validation is performed
+- * \param[out] good_keys if this is a (initialized) list, the pointer to keys
+- * from keys that validate one of the signatures
+- * are added to it
+- * \return status LDNS_STATUS_OK if there is at least one correct key
+- */
+-ldns_status ldns_verify_time(ldns_rr_list *rrset,
+- ldns_rr_list *rrsig,
+- const ldns_rr_list *keys,
+- time_t check_time,
+- ldns_rr_list *good_keys);
+-
+-
+-/**
+- * Verifies a list of signatures for one rrset, but disregard the time.
+- * Inception and Expiration are not checked.
+- *
+- * \param[in] rrset the rrset to verify
+- * \param[in] rrsig a list of signatures to check
+- * \param[in] keys a list of keys to check with
+- * \param[out] good_keys if this is a (initialized) list, the pointer to keys
+- * from keys that validate one of the signatures
+- * are added to it
+- * \return status LDNS_STATUS_OK if there is at least one correct key
+- */
+-ldns_status ldns_verify_notime(ldns_rr_list *rrset,
+- ldns_rr_list *rrsig,
+- const ldns_rr_list *keys,
+- ldns_rr_list *good_keys);
+-
+-/**
+- * Tries to build an authentication chain from the given
+- * keys down to the queried domain.
+- *
+- * If we find a valid trust path, return the valid keys for the domain.
+- *
+- * \param[in] res the current resolver
+- * \param[in] domain the domain we want valid keys for
+- * \param[in] keys the current set of trusted keys
+- * \param[out] status pointer to the status variable where the result
+- * code will be stored
+- * \return the set of trusted keys for the domain, or NULL if no
+- * trust path could be built.
+- */
+-ldns_rr_list *ldns_fetch_valid_domain_keys(const ldns_resolver * res,
+- const ldns_rdf * domain,
+- const ldns_rr_list * keys,
+- ldns_status *status);
+-
+-/**
+- * Tries to build an authentication chain from the given
+- * keys down to the queried domain.
+- *
+- * If we find a valid trust path, return the valid keys for the domain.
+- *
+- * \param[in] res the current resolver
+- * \param[in] domain the domain we want valid keys for
+- * \param[in] keys the current set of trusted keys
+- * \param[in] check_time the time for which the validation is performed
+- * \param[out] status pointer to the status variable where the result
+- * code will be stored
+- * \return the set of trusted keys for the domain, or NULL if no
+- * trust path could be built.
+- */
+-ldns_rr_list *ldns_fetch_valid_domain_keys_time(const ldns_resolver * res,
+- const ldns_rdf * domain, const ldns_rr_list * keys,
+- time_t check_time, ldns_status *status);
+-
+-
+-/**
+- * Validates the DNSKEY RRset for the given domain using the provided
+- * trusted keys.
+- *
+- * \param[in] res the current resolver
+- * \param[in] domain the domain we want valid keys for
+- * \param[in] keys the current set of trusted keys
+- * \return the set of trusted keys for the domain, or NULL if the RRSET
+- * could not be validated
+- */
+-ldns_rr_list *ldns_validate_domain_dnskey (const ldns_resolver *res,
+- const ldns_rdf *domain,
+- const ldns_rr_list *keys);
+-
+-/**
+- * Validates the DNSKEY RRset for the given domain using the provided
+- * trusted keys.
+- *
+- * \param[in] res the current resolver
+- * \param[in] domain the domain we want valid keys for
+- * \param[in] keys the current set of trusted keys
+- * \param[in] check_time the time for which the validation is performed
+- * \return the set of trusted keys for the domain, or NULL if the RRSET
+- * could not be validated
+- */
+-ldns_rr_list *ldns_validate_domain_dnskey_time(
+- const ldns_resolver *res, const ldns_rdf *domain,
+- const ldns_rr_list *keys, time_t check_time);
+-
+-
+-/**
+- * Validates the DS RRset for the given domain using the provided trusted keys.
+- *
+- * \param[in] res the current resolver
+- * \param[in] domain the domain we want valid keys for
+- * \param[in] keys the current set of trusted keys
+- * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated
+- */
+-ldns_rr_list *ldns_validate_domain_ds(const ldns_resolver *res,
+- const ldns_rdf *
+- domain,
+- const ldns_rr_list * keys);
+-
+-/**
+- * Validates the DS RRset for the given domain using the provided trusted keys.
+- *
+- * \param[in] res the current resolver
+- * \param[in] domain the domain we want valid keys for
+- * \param[in] keys the current set of trusted keys
+- * \param[in] check_time the time for which the validation is performed
+- * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated
+- */
+-ldns_rr_list *ldns_validate_domain_ds_time(
+- const ldns_resolver *res, const ldns_rdf *domain,
+- const ldns_rr_list * keys, time_t check_time);
+-
+-
+-/**
+- * Verifies a list of signatures for one RRset using a valid trust path.
+- *
+- * \param[in] res the current resolver
+- * \param[in] rrset the rrset to verify
+- * \param[in] rrsigs a list of signatures to check
+- * \param[out] validating_keys if this is a (initialized) list, the
+- * keys from keys that validate one of
+- * the signatures are added to it
+- * \return status LDNS_STATUS_OK if there is at least one correct key
+- */
+-ldns_status ldns_verify_trusted(ldns_resolver *res,
+- ldns_rr_list *rrset,
+- ldns_rr_list *rrsigs,
+- ldns_rr_list *validating_keys);
+-
+-/**
+- * Verifies a list of signatures for one RRset using a valid trust path.
+- *
+- * \param[in] res the current resolver
+- * \param[in] rrset the rrset to verify
+- * \param[in] rrsigs a list of signatures to check
+- * \param[in] check_time the time for which the validation is performed
+- * \param[out] validating_keys if this is a (initialized) list, the
+- * keys from keys that validate one of
+- * the signatures are added to it
+- * \return status LDNS_STATUS_OK if there is at least one correct key
+- */
+-ldns_status ldns_verify_trusted_time(
+- ldns_resolver *res, ldns_rr_list *rrset,
+- ldns_rr_list *rrsigs, time_t check_time,
+- ldns_rr_list *validating_keys);
+-
+-
+-/**
+- * denial is not just a river in egypt
+- *
+- * \param[in] rr The (query) RR to check the denial of existence for
+- * \param[in] nsecs The list of NSEC RRs that are supposed to deny the
+- * existence of the RR
+- * \param[in] rrsigs The RRSIG RR covering the NSEC RRs
+- * \return LDNS_STATUS_OK if the NSEC RRs deny the existence, error code
+- * containing the reason they do not otherwise
+- */
+-ldns_status ldns_dnssec_verify_denial(ldns_rr *rr,
+- ldns_rr_list *nsecs,
+- ldns_rr_list *rrsigs);
+-
+-/**
+- * Denial of existence using NSEC3 records
+- * Since NSEC3 is a bit more complicated than normal denial, some
+- * context arguments are needed
+- *
+- * \param[in] rr The (query) RR to check the denial of existence for
+- * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the
+- * existence of the RR
+- * \param[in] rrsigs The RRSIG rr covering the NSEC RRs
+- * \param[in] packet_rcode The RCODE value of the packet that provided the
+- * NSEC3 RRs
+- * \param[in] packet_qtype The original query RR type
+- * \param[in] packet_nodata True if the providing packet had an empty ANSWER
+- * section
+- * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code
+- * containing the reason they do not otherwise
+- */
+-ldns_status ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
+- ldns_rr_list *nsecs,
+- ldns_rr_list *rrsigs,
+- ldns_pkt_rcode packet_rcode,
+- ldns_rr_type packet_qtype,
+- bool packet_nodata);
+-
+-/**
+- * Same as ldns_status ldns_dnssec_verify_denial_nsec3 but also returns
+- * the nsec rr that matched.
+- *
+- * \param[in] rr The (query) RR to check the denial of existence for
+- * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the
+- * existence of the RR
+- * \param[in] rrsigs The RRSIG rr covering the NSEC RRs
+- * \param[in] packet_rcode The RCODE value of the packet that provided the
+- * NSEC3 RRs
+- * \param[in] packet_qtype The original query RR type
+- * \param[in] packet_nodata True if the providing packet had an empty ANSWER
+- * section
+- * \param[in] match On match, the given (reference to a) pointer will be set
+- * to point to the matching nsec resource record.
+- * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code
+- * containing the reason they do not otherwise
+- */
+-ldns_status ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr,
+- ldns_rr_list *nsecs,
+- ldns_rr_list *rrsigs,
+- ldns_pkt_rcode packet_rcode,
+- ldns_rr_type packet_qtype,
+- bool packet_nodata,
+- ldns_rr **match);
+-/**
+- * Verifies the already processed data in the buffers
+- * This function should probably not be used directly.
+- *
+- * \param[in] rawsig_buf Buffer containing signature data to use
+- * \param[in] verify_buf Buffer containing data to verify
+- * \param[in] key_buf Buffer containing key data to use
+- * \param[in] algo Signing algorithm
+- * \return status LDNS_STATUS_OK if the data verifies. Error if not.
+- */
+-ldns_status ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf,
+- ldns_buffer *verify_buf,
+- ldns_buffer *key_buf,
+- uint8_t algo);
+-
+-/**
+- * Like ldns_verify_rrsig_buffers, but uses raw data.
+- *
+- * \param[in] sig signature data to use
+- * \param[in] siglen length of signature data to use
+- * \param[in] verify_buf Buffer containing data to verify
+- * \param[in] key key data to use
+- * \param[in] keylen length of key data to use
+- * \param[in] algo Signing algorithm
+- * \return status LDNS_STATUS_OK if the data verifies. Error if not.
+- */
+-ldns_status ldns_verify_rrsig_buffers_raw(unsigned char* sig,
+- size_t siglen,
+- ldns_buffer *verify_buf,
+- unsigned char* key,
+- size_t keylen,
+- uint8_t algo);
+-
+-/**
+- * Verifies an rrsig. All keys in the keyset are tried.
+- * \param[in] rrset the rrset to check
+- * \param[in] rrsig the signature of the rrset
+- * \param[in] keys the keys to try
+- * \param[out] good_keys if this is a (initialized) list, the pointer to keys
+- * from keys that validate one of the signatures
+- * are added to it
+- * \return a list of keys which validate the rrsig + rrset. Returns
+- * status LDNS_STATUS_OK if at least one key matched. Else an error.
+- */
+-ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset,
+- ldns_rr *rrsig,
+- const ldns_rr_list *keys,
+- ldns_rr_list *good_keys);
+-
+-/**
+- * Verifies an rrsig. All keys in the keyset are tried.
+- * \param[in] rrset the rrset to check
+- * \param[in] rrsig the signature of the rrset
+- * \param[in] keys the keys to try
+- * \param[in] check_time the time for which the validation is performed
+- * \param[out] good_keys if this is a (initialized) list, the pointer to keys
+- * from keys that validate one of the signatures
+- * are added to it
+- * \return a list of keys which validate the rrsig + rrset. Returns
+- * status LDNS_STATUS_OK if at least one key matched. Else an error.
+- */
+-ldns_status ldns_verify_rrsig_keylist_time(
+- ldns_rr_list *rrset, ldns_rr *rrsig,
+- const ldns_rr_list *keys, time_t check_time,
+- ldns_rr_list *good_keys);
+-
+-
+-/**
+- * Verifies an rrsig. All keys in the keyset are tried. Time is not checked.
+- * \param[in] rrset the rrset to check
+- * \param[in] rrsig the signature of the rrset
+- * \param[in] keys the keys to try
+- * \param[out] good_keys if this is a (initialized) list, the pointer to keys
+- * from keys that validate one of the signatures
+- * are added to it
+- * \return a list of keys which validate the rrsig + rrset. Returns
+- * status LDNS_STATUS_OK if at least one key matched. Else an error.
+- */
+-ldns_status ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset,
+- ldns_rr *rrsig,
+- const ldns_rr_list *keys,
+- ldns_rr_list *good_keys);
+-
+-/**
+- * verify an rrsig with 1 key
+- * \param[in] rrset the rrset
+- * \param[in] rrsig the rrsig to verify
+- * \param[in] key the key to use
+- * \return status message wether verification succeeded.
+- */
+-ldns_status ldns_verify_rrsig(ldns_rr_list *rrset,
+- ldns_rr *rrsig,
+- ldns_rr *key);
+-
+-
+-/**
+- * verify an rrsig with 1 key
+- * \param[in] rrset the rrset
+- * \param[in] rrsig the rrsig to verify
+- * \param[in] key the key to use
+- * \param[in] check_time the time for which the validation is performed
+- * \return status message wether verification succeeded.
+- */
+-ldns_status ldns_verify_rrsig_time(
+- ldns_rr_list *rrset, ldns_rr *rrsig,
+- ldns_rr *key, time_t check_time);
+-
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * verifies a buffer with signature data for a buffer with rrset data
+- * with an EVP_PKEY
+- *
+- * \param[in] sig the signature data
+- * \param[in] rrset the rrset data, sorted and processed for verification
+- * \param[in] key the EVP key structure
+- * \param[in] digest_type The digest type of the signature
+- */
+-ldns_status ldns_verify_rrsig_evp(ldns_buffer *sig,
+- ldns_buffer *rrset,
+- EVP_PKEY *key,
+- const EVP_MD *digest_type);
+-
+-/**
+- * Like ldns_verify_rrsig_evp, but uses raw signature data.
+- * \param[in] sig the signature data, wireformat uncompressed
+- * \param[in] siglen length of the signature data
+- * \param[in] rrset the rrset data, sorted and processed for verification
+- * \param[in] key the EVP key structure
+- * \param[in] digest_type The digest type of the signature
+- */
+-ldns_status ldns_verify_rrsig_evp_raw(unsigned char *sig,
+- size_t siglen,
+- ldns_buffer *rrset,
+- EVP_PKEY *key,
+- const EVP_MD *digest_type);
+-#endif
+-
+-/**
+- * verifies a buffer with signature data (DSA) for a buffer with rrset data
+- * with a buffer with key data.
+- *
+- * \param[in] sig the signature data
+- * \param[in] rrset the rrset data, sorted and processed for verification
+- * \param[in] key the key data
+- */
+-ldns_status ldns_verify_rrsig_dsa(ldns_buffer *sig,
+- ldns_buffer *rrset,
+- ldns_buffer *key);
+-
+-/**
+- * verifies a buffer with signature data (RSASHA1) for a buffer with rrset data
+- * with a buffer with key data.
+- *
+- * \param[in] sig the signature data
+- * \param[in] rrset the rrset data, sorted and processed for verification
+- * \param[in] key the key data
+- */
+-ldns_status ldns_verify_rrsig_rsasha1(ldns_buffer *sig,
+- ldns_buffer *rrset,
+- ldns_buffer *key);
+-
+-/**
+- * verifies a buffer with signature data (RSAMD5) for a buffer with rrset data
+- * with a buffer with key data.
+- *
+- * \param[in] sig the signature data
+- * \param[in] rrset the rrset data, sorted and processed for verification
+- * \param[in] key the key data
+- */
+-ldns_status ldns_verify_rrsig_rsamd5(ldns_buffer *sig,
+- ldns_buffer *rrset,
+- ldns_buffer *key);
+-
+-/**
+- * Like ldns_verify_rrsig_dsa, but uses raw signature and key data.
+- * \param[in] sig raw uncompressed wireformat signature data
+- * \param[in] siglen length of signature data
+- * \param[in] rrset ldns buffer with prepared rrset data.
+- * \param[in] key raw uncompressed wireformat key data
+- * \param[in] keylen length of key data
+- */
+-ldns_status ldns_verify_rrsig_dsa_raw(unsigned char* sig,
+- size_t siglen,
+- ldns_buffer* rrset,
+- unsigned char* key,
+- size_t keylen);
+-
+-/**
+- * Like ldns_verify_rrsig_rsasha1, but uses raw signature and key data.
+- * \param[in] sig raw uncompressed wireformat signature data
+- * \param[in] siglen length of signature data
+- * \param[in] rrset ldns buffer with prepared rrset data.
+- * \param[in] key raw uncompressed wireformat key data
+- * \param[in] keylen length of key data
+- */
+-ldns_status ldns_verify_rrsig_rsasha1_raw(unsigned char* sig,
+- size_t siglen,
+- ldns_buffer* rrset,
+- unsigned char* key,
+- size_t keylen);
+-
+-/**
+- * Like ldns_verify_rrsig_rsasha256, but uses raw signature and key data.
+- * \param[in] sig raw uncompressed wireformat signature data
+- * \param[in] siglen length of signature data
+- * \param[in] rrset ldns buffer with prepared rrset data.
+- * \param[in] key raw uncompressed wireformat key data
+- * \param[in] keylen length of key data
+- */
+-
+-ldns_status ldns_verify_rrsig_rsasha256_raw(unsigned char* sig,
+- size_t siglen,
+- ldns_buffer* rrset,
+- unsigned char* key,
+- size_t keylen);
+-
+-/**
+- * Like ldns_verify_rrsig_rsasha512, but uses raw signature and key data.
+- * \param[in] sig raw uncompressed wireformat signature data
+- * \param[in] siglen length of signature data
+- * \param[in] rrset ldns buffer with prepared rrset data.
+- * \param[in] key raw uncompressed wireformat key data
+- * \param[in] keylen length of key data
+- */
+-ldns_status ldns_verify_rrsig_rsasha512_raw(unsigned char* sig,
+- size_t siglen,
+- ldns_buffer* rrset,
+- unsigned char* key,
+- size_t keylen);
+-
+-/**
+- * Like ldns_verify_rrsig_rsamd5, but uses raw signature and key data.
+- * \param[in] sig raw uncompressed wireformat signature data
+- * \param[in] siglen length of signature data
+- * \param[in] rrset ldns buffer with prepared rrset data.
+- * \param[in] key raw uncompressed wireformat key data
+- * \param[in] keylen length of key data
+- */
+-ldns_status ldns_verify_rrsig_rsamd5_raw(unsigned char* sig,
+- size_t siglen,
+- ldns_buffer* rrset,
+- unsigned char* key,
+- size_t keylen);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif
+-
+diff --git a/include/ldns/dnssec_zone.h b/include/ldns/dnssec_zone.h
+deleted file mode 100644
+index b794f94..0000000
+--- a/include/ldns/dnssec_zone.h
++++ /dev/null
+@@ -1,483 +0,0 @@
+-/*
+- * special zone file structures and functions for better dnssec handling
+- *
+- * A zone contains a SOA dnssec_zone_rrset, and an AVL tree of 'normal'
+- * dnssec_zone_rrsets, indexed by name and type
+- */
+-
+-#ifndef LDNS_DNSSEC_ZONE_H
+-#define LDNS_DNSSEC_ZONE_H
+-
+-#include <ldns/rbtree.h>
+-#include <ldns/host2str.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * Singly linked list of rrs
+- */
+-typedef struct ldns_struct_dnssec_rrs ldns_dnssec_rrs;
+-struct ldns_struct_dnssec_rrs
+-{
+- ldns_rr *rr;
+- ldns_dnssec_rrs *next;
+-};
+-
+-/**
+- * Singly linked list of RRsets
+- */
+-typedef struct ldns_struct_dnssec_rrsets ldns_dnssec_rrsets;
+-struct ldns_struct_dnssec_rrsets
+-{
+- ldns_dnssec_rrs *rrs;
+- ldns_rr_type type;
+- ldns_dnssec_rrs *signatures;
+- ldns_dnssec_rrsets *next;
+-};
+-
+-/**
+- * Structure containing all resource records for a domain name
+- * Including the derived NSEC3, if present
+- */
+-typedef struct ldns_struct_dnssec_name ldns_dnssec_name;
+-struct ldns_struct_dnssec_name
+-{
+- /**
+- * pointer to a dname containing the name.
+- * Usually points to the owner name of the first RR of the first RRset
+- */
+- ldns_rdf *name;
+- /**
+- * Usually, the name is a pointer to the owner name of the first rr for
+- * this name, but sometimes there is no actual data to point to,
+- * for instance in
+- * names representing empty nonterminals. If so, set alloced to true to
+- * indicate that this data must also be freed when the name is freed
+- */
+- bool name_alloced;
+- /**
+- * The rrsets for this name
+- */
+- ldns_dnssec_rrsets *rrsets;
+- /**
+- * NSEC pointing to the next name (or NSEC3 pointing to the next NSEC3)
+- */
+- ldns_rr *nsec;
+- /**
+- * signatures for the NSEC record
+- */
+- ldns_dnssec_rrs *nsec_signatures;
+- /**
+- * Unlike what the name is_glue suggests, this field is set to true by
+- * ldns_dnssec_zone_mark_glue() or ldns_dnssec_zone_mark_and_get_glue()
+- * when the name, this dnssec_name struct represents, is occluded.
+- * Names that contain other occluded rrsets and records with glue on
+- * the delegation point will NOT have this bool set to true.
+- * This field should NOT be read directly, but only via the
+- * ldns_dnssec_name_is_glue() function!
+- */
+- bool is_glue;
+- /**
+- * pointer to store the hashed name (only used when in an NSEC3 zone
+- */
+- ldns_rdf *hashed_name;
+-};
+-
+-/**
+- * Structure containing a dnssec zone
+- */
+-struct ldns_struct_dnssec_zone {
+- /** points to the name containing the SOA RR */
+- ldns_dnssec_name *soa;
+- /** tree of ldns_dnssec_names */
+- ldns_rbtree_t *names;
+- /** tree of ldns_dnssec_names by nsec3 hashes (when applicible) */
+- ldns_rbtree_t *hashed_names;
+- /** points to the first added NSEC3 rr whose parameters will be
+- * assumed for all subsequent NSEC3 rr's and which will be used
+- * to calculate hashed names
+- */
+- ldns_rr *_nsec3params;
+-};
+-typedef struct ldns_struct_dnssec_zone ldns_dnssec_zone;
+-
+-/**
+- * Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs
+- * \return the allocated data
+- */
+-ldns_dnssec_rrs *ldns_dnssec_rrs_new(void);
+-
+-/**
+- * Frees the list of rrs, but *not* the individual ldns_rr records
+- * contained in the list
+- *
+- * \param[in] rrs the data structure to free
+- */
+-void ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs);
+-
+-/**
+- * Frees the list of rrs, and the individual ldns_rr records
+- * contained in the list
+- *
+- * \param[in] rrs the data structure to free
+- */
+-void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs);
+-
+-/**
+- * Adds an RR to the list of RRs. The list will remain ordered.
+- * If an equal RR already exists, this RR will not be added.
+- *
+- * \param[in] rrs the list to add to
+- * \param[in] rr the RR to add
+- * \return LDNS_STATUS_OK on success
+- */
+-ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr);
+-
+-/**
+- * Prints the given rrs to the file descriptor
+- *
+- * \param[in] out the file descriptor to print to
+- * \param[in] rrs the list of RRs to print
+- */
+-void ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs);
+-
+-/**
+- * Prints the given rrs to the file descriptor
+- *
+- * \param[in] out the file descriptor to print to
+- * \param[in] fmt the format of the textual representation
+- * \param[in] rrs the list of RRs to print
+- */
+-void ldns_dnssec_rrs_print_fmt(FILE *out,
+- const ldns_output_format *fmt, ldns_dnssec_rrs *rrs);
+-
+-/**
+- * Creates a new list (entry) of RRsets
+- * \return the newly allocated structure
+- */
+-ldns_dnssec_rrsets *ldns_dnssec_rrsets_new(void);
+-
+-/**
+- * Frees the list of rrsets and their rrs, but *not* the ldns_rr
+- * records in the sets
+- *
+- * \param[in] rrsets the data structure to free
+- */
+-void ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets);
+-
+-/**
+- * Frees the list of rrsets and their rrs, and the ldns_rr
+- * records in the sets
+- *
+- * \param[in] rrsets the data structure to free
+- */
+-void ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets);
+-
+-/**
+- * Returns the rr type of the rrset (that is head of the given list)
+- *
+- * \param[in] rrsets the rrset to get the type of
+- * \return the rr type
+- */
+-ldns_rr_type ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets);
+-
+-/**
+- * Sets the RR type of the rrset (that is head of the given list)
+- *
+- * \param[in] rrsets the rrset to set the type of
+- * \param[in] type the type to set
+- * \return LDNS_STATUS_OK on success
+- */
+-ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets,
+- ldns_rr_type type);
+-
+-/**
+- * Add an ldns_rr to the corresponding RRset in the given list of RRsets.
+- * If it is not present, add it as a new RRset with 1 record.
+- *
+- * \param[in] rrsets the list of rrsets to add the RR to
+- * \param[in] rr the rr to add to the list of rrsets
+- * \return LDNS_STATUS_OK on success
+- */
+-ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr);
+-
+-/**
+- * Print the given list of rrsets to the fiven file descriptor
+- *
+- * \param[in] out the file descriptor to print to
+- * \param[in] rrsets the list of RRsets to print
+- * \param[in] follow if set to false, only print the first RRset
+- */
+-void ldns_dnssec_rrsets_print(FILE *out,
+- ldns_dnssec_rrsets *rrsets,
+- bool follow);
+-
+-/**
+- * Print the given list of rrsets to the fiven file descriptor
+- *
+- * \param[in] out the file descriptor to print to
+- * \param[in] fmt the format of the textual representation
+- * \param[in] rrsets the list of RRsets to print
+- * \param[in] follow if set to false, only print the first RRset
+- */
+-void ldns_dnssec_rrsets_print_fmt(FILE *out,
+- const ldns_output_format *fmt,
+- ldns_dnssec_rrsets *rrsets,
+- bool follow);
+-
+-
+-/**
+- * Create a new data structure for a dnssec name
+- * \return the allocated structure
+- */
+-ldns_dnssec_name *ldns_dnssec_name_new(void);
+-
+-/**
+- * Create a new data structure for a dnssec name for the given RR
+- *
+- * \param[in] rr the RR to derive properties from, and to add to the name
+- */
+-ldns_dnssec_name *ldns_dnssec_name_new_frm_rr(ldns_rr *rr);
+-
+-/**
+- * Frees the name structure and its rrs and rrsets.
+- * Individual ldns_rr records therein are not freed
+- *
+- * \param[in] name the structure to free
+- */
+-void ldns_dnssec_name_free(ldns_dnssec_name *name);
+-
+-/**
+- * Frees the name structure and its rrs and rrsets.
+- * Individual ldns_rr records contained in the name are also freed
+- *
+- * \param[in] name the structure to free
+- */
+-void ldns_dnssec_name_deep_free(ldns_dnssec_name *name);
+-
+-/**
+- * Returns the domain name of the given dnssec_name structure
+- *
+- * \param[in] name the dnssec name to get the domain name from
+- * \return the domain name
+- */
+-ldns_rdf *ldns_dnssec_name_name(ldns_dnssec_name *name);
+-
+-
+-/**
+- * Sets the domain name of the given dnssec_name structure
+- *
+- * \param[in] name the dnssec name to set the domain name of
+- * \param[in] dname the domain name to set it to. This data is *not* copied.
+- */
+-void ldns_dnssec_name_set_name(ldns_dnssec_name *name,
+- ldns_rdf *dname);
+-/**
+- * Returns if dnssec_name structure is marked as glue.
+- * The ldns_dnssec_zone_mark_glue() function has to be called on a zone before
+- * using this function.
+- * Only names that have only glue rrsets will be marked.
+- * Names that have other occluded rrsets and names containing glue on the
+- * delegation point will NOT be marked!
+- *
+- * \param[in] name the dnssec name to get the domain name from
+- * \return true if the structure is marked as glue, false otherwise.
+- */
+-bool ldns_dnssec_name_is_glue(ldns_dnssec_name *name);
+-
+-/**
+- * Sets the NSEC(3) RR of the given dnssec_name structure
+- *
+- * \param[in] name the dnssec name to set the domain name of
+- * \param[in] nsec the nsec rr to set it to. This data is *not* copied.
+- */
+-void ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec);
+-
+-/**
+- * Compares the domain names of the two arguments in their
+- * canonical ordening.
+- *
+- * \param[in] a The first dnssec_name to compare
+- * \param[in] b The second dnssec_name to compare
+- * \return -1 if the domain name of a comes before that of b in canonical
+- * ordening, 1 if it is the other way around, and 0 if they are
+- * equal
+- */
+-int ldns_dnssec_name_cmp(const void *a, const void *b);
+-
+-/**
+- * Inserts the given rr at the right place in the current dnssec_name
+- * No checking is done whether the name matches
+- *
+- * \param[in] name The ldns_dnssec_name to add the RR to
+- * \param[in] rr The RR to add
+- * \return LDNS_STATUS_OK on success, error code otherwise
+- */
+-ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
+- ldns_rr *rr);
+-
+-/**
+- * Find the RRset with the given type in within this name structure
+- *
+- * \param[in] name the name to find the RRset in
+- * \param[in] type the type of the RRset to find
+- * \return the RRset, or NULL if not present
+- */
+-ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
+- ldns_rr_type type);
+-
+-/**
+- * Find the RRset with the given name and type in the zone
+- *
+- * \param[in] zone the zone structure to find the RRset in
+- * \param[in] dname the domain name of the RRset to find
+- * \param[in] type the type of the RRset to find
+- * \return the RRset, or NULL if not present
+- */
+-ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
+- ldns_rdf *dname,
+- ldns_rr_type type);
+-
+-/**
+- * Prints the RRs in the dnssec name structure to the given
+- * file descriptor
+- *
+- * \param[in] out the file descriptor to print to
+- * \param[in] name the name structure to print the contents of
+- */
+-void ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name);
+-
+-/**
+- * Prints the RRs in the dnssec name structure to the given
+- * file descriptor
+- *
+- * \param[in] out the file descriptor to print to
+- * \param[in] fmt the format of the textual representation
+- * \param[in] name the name structure to print the contents of
+- */
+-void ldns_dnssec_name_print_fmt(FILE *out,
+- const ldns_output_format *fmt, ldns_dnssec_name *name);
+-
+-/**
+- * Creates a new dnssec_zone structure
+- * \return the allocated structure
+- */
+-ldns_dnssec_zone *ldns_dnssec_zone_new(void);
+-
+-/**
+- * Create a new dnssec zone from a file.
+- * \param[out] z the new zone
+- * \param[in] *fp the filepointer to use
+- * \param[in] *origin the zones' origin
+- * \param[in] c default class to use (IN)
+- * \param[in] ttl default ttl to use
+- *
+- * \return ldns_status mesg with an error or LDNS_STATUS_OK
+- */
+-ldns_status ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp,
+- ldns_rdf* origin, uint32_t ttl, ldns_rr_class c);
+-
+-/**
+- * Create a new dnssec zone from a file, keep track of the line numbering
+- * \param[out] z the new zone
+- * \param[in] *fp the filepointer to use
+- * \param[in] *origin the zones' origin
+- * \param[in] ttl default ttl to use
+- * \param[in] c default class to use (IN)
+- * \param[out] line_nr used for error msg, to get to the line number
+- *
+- * \return ldns_status mesg with an error or LDNS_STATUS_OK
+- */
+-ldns_status ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp,
+- ldns_rdf* origin, uint32_t ttl, ldns_rr_class c, int* line_nr);
+-
+-/**
+- * Frees the given zone structure, and its rbtree of dnssec_names
+- * Individual ldns_rr RRs within those names are *not* freed
+- * \param[in] *zone the zone to free
+- */
+-void ldns_dnssec_zone_free(ldns_dnssec_zone *zone);
+-
+-/**
+- * Frees the given zone structure, and its rbtree of dnssec_names
+- * Individual ldns_rr RRs within those names are also freed
+- * \param[in] *zone the zone to free
+- */
+-void ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone);
+-
+-/**
+- * Adds the given RR to the zone.
+- * It find whether there is a dnssec_name with that name present.
+- * If so, add it to that, if not create a new one.
+- * Special handling of NSEC and RRSIG provided
+- *
+- * \param[in] zone the zone to add the RR to
+- * \param[in] rr The RR to add
+- * \return LDNS_STATUS_OK on success, an error code otherwise
+- */
+-ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone,
+- ldns_rr *rr);
+-
+-/**
+- * Prints the rbtree of ldns_dnssec_name structures to the file descriptor
+- *
+- * \param[in] out the file descriptor to print the names to
+- * \param[in] tree the tree of ldns_dnssec_name structures to print
+- * \param[in] print_soa if true, print SOA records, if false, skip them
+- */
+-void ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa);
+-
+-/**
+- * Prints the rbtree of ldns_dnssec_name structures to the file descriptor
+- *
+- * \param[in] out the file descriptor to print the names to
+- * \param[in] fmt the format of the textual representation
+- * \param[in] tree the tree of ldns_dnssec_name structures to print
+- * \param[in] print_soa if true, print SOA records, if false, skip them
+- */
+-void ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt,
+- ldns_rbtree_t *tree, bool print_soa);
+-
+-/**
+- * Prints the complete zone to the given file descriptor
+- *
+- * \param[in] out the file descriptor to print to
+- * \param[in] zone the dnssec_zone to print
+- */
+-void ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone);
+-
+-/**
+- * Prints the complete zone to the given file descriptor
+- *
+- * \param[in] out the file descriptor to print to
+- * \param[in] fmt the format of the textual representation
+- * \param[in] zone the dnssec_zone to print
+- */
+-void ldns_dnssec_zone_print_fmt(FILE *out,
+- const ldns_output_format *fmt, ldns_dnssec_zone *zone);
+-
+-/**
+- * Adds explicit dnssec_name structures for the empty nonterminals
+- * in this zone. (this is needed for NSEC3 generation)
+- *
+- * \param[in] zone the zone to check for empty nonterminals
+- * return LDNS_STATUS_OK on success.
+- */
+-ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone);
+-
+-/**
+- * If a NSEC3PARAM is available in the apex, walks the zone and returns true
+- * on the first optout nsec3.
+- *
+- * \param[in] zone the zone to check for nsec3 optout records
+- * return true when the zone has at least one nsec3 optout record.
+- */
+-bool ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif
+diff --git a/include/ldns/duration.h b/include/ldns/duration.h
+deleted file mode 100644
+index f12edc4..0000000
+--- a/include/ldns/duration.h
++++ /dev/null
+@@ -1,109 +0,0 @@
+-/*
+- * $Id: duration.h 4341 2011-01-31 15:21:09Z matthijs $
+- *
+- * Copyright (c) 2009 NLNet Labs. All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+- * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+- * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+- * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+- *
+- */
+-
+-/**
+- *
+- * This file is copied from the OpenDNSSEC source repository
+- * and only slightly adapted to make it fit.
+- */
+-
+-/**
+- *
+- * Durations.
+- */
+-
+-#ifndef LDNS_DURATION_H
+-#define LDNS_DURATION_H
+-
+-#include <stdint.h>
+-#include <time.h>
+-
+-/**
+- * Duration.
+- *
+- */
+-typedef struct ldns_duration_struct ldns_duration_type;
+-struct ldns_duration_struct
+-{
+- time_t years;
+- time_t months;
+- time_t weeks;
+- time_t days;
+- time_t hours;
+- time_t minutes;
+- time_t seconds;
+-};
+-
+-/**
+- * Create a new 'instant' duration.
+- * \return ldns_duration_type* created duration
+- *
+- */
+-ldns_duration_type* ldns_duration_create(void);
+-
+-/**
+- * Compare durations.
+- * \param[in] d1 one duration
+- * \param[in] d2 another duration
+- * \return int 0 if equal, -1 if d1 < d2, 1 if d2 < d1
+- *
+- */
+-int ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2);
+-
+-/**
+- * Create a duration from string.
+- * \param[in] str string-format duration
+- * \return ldns_duration_type* created duration
+- *
+- */
+-ldns_duration_type* ldns_duration_create_from_string(const char* str);
+-
+-/**
+- * Convert a duration to a string.
+- * \param[in] duration duration to be converted
+- * \return char* string-format duration
+- *
+- */
+-char* ldns_duration2string(ldns_duration_type* duration);
+-
+-/**
+- * Convert a duration to a time.
+- * \param[in] duration duration to be converted
+- * \return time_t time-format duration
+- *
+- */
+-time_t ldns_duration2time(ldns_duration_type* duration);
+-
+-/**
+- * Clean up duration.
+- * \param[in] duration duration to be cleaned up
+- *
+- */
+-void ldns_duration_cleanup(ldns_duration_type* duration);
+-
+-#endif /* LDNS_DURATION_H */
+diff --git a/include/ldns/error.h b/include/ldns/error.h
+deleted file mode 100644
+index cc11958..0000000
+--- a/include/ldns/error.h
++++ /dev/null
+@@ -1,147 +0,0 @@
+-/**
+- * \file error.h
+- *
+- * Defines error numbers and functions to translate those to a readable string.
+- *
+- */
+-
+-/**
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#ifndef LDNS_ERROR_H
+-#define LDNS_ERROR_H
+-
+-#include <ldns/util.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-enum ldns_enum_status {
+- LDNS_STATUS_OK,
+- LDNS_STATUS_EMPTY_LABEL,
+- LDNS_STATUS_LABEL_OVERFLOW,
+- LDNS_STATUS_DOMAINNAME_OVERFLOW,
+- LDNS_STATUS_DOMAINNAME_UNDERFLOW,
+- LDNS_STATUS_DDD_OVERFLOW,
+- LDNS_STATUS_PACKET_OVERFLOW,
+- LDNS_STATUS_INVALID_POINTER,
+- LDNS_STATUS_MEM_ERR,
+- LDNS_STATUS_INTERNAL_ERR,
+- LDNS_STATUS_SSL_ERR,
+- LDNS_STATUS_ERR,
+- LDNS_STATUS_INVALID_INT,
+- LDNS_STATUS_INVALID_IP4,
+- LDNS_STATUS_INVALID_IP6,
+- LDNS_STATUS_INVALID_STR,
+- LDNS_STATUS_INVALID_B32_EXT,
+- LDNS_STATUS_INVALID_B64,
+- LDNS_STATUS_INVALID_HEX,
+- LDNS_STATUS_INVALID_TIME,
+- LDNS_STATUS_NETWORK_ERR,
+- LDNS_STATUS_ADDRESS_ERR,
+- LDNS_STATUS_FILE_ERR,
+- LDNS_STATUS_UNKNOWN_INET,
+- LDNS_STATUS_NOT_IMPL,
+- LDNS_STATUS_NULL,
+- LDNS_STATUS_CRYPTO_UNKNOWN_ALGO,
+- LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL,
+- LDNS_STATUS_CRYPTO_NO_RRSIG,
+- LDNS_STATUS_CRYPTO_NO_DNSKEY,
+- LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY,
+- LDNS_STATUS_CRYPTO_NO_DS,
+- LDNS_STATUS_CRYPTO_NO_TRUSTED_DS,
+- LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY,
+- LDNS_STATUS_CRYPTO_VALIDATED,
+- LDNS_STATUS_CRYPTO_BOGUS,
+- LDNS_STATUS_CRYPTO_SIG_EXPIRED,
+- LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED,
+- LDNS_STATUS_CRYPTO_TSIG_BOGUS,
+- LDNS_STATUS_CRYPTO_TSIG_ERR,
+- LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION,
+- LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR,
+- LDNS_STATUS_ENGINE_KEY_NOT_LOADED,
+- LDNS_STATUS_NSEC3_ERR,
+- LDNS_STATUS_RES_NO_NS,
+- LDNS_STATUS_RES_QUERY,
+- LDNS_STATUS_WIRE_INCOMPLETE_HEADER,
+- LDNS_STATUS_WIRE_INCOMPLETE_QUESTION,
+- LDNS_STATUS_WIRE_INCOMPLETE_ANSWER,
+- LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY,
+- LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL,
+- LDNS_STATUS_NO_DATA,
+- LDNS_STATUS_CERT_BAD_ALGORITHM,
+- LDNS_STATUS_SYNTAX_TYPE_ERR,
+- LDNS_STATUS_SYNTAX_CLASS_ERR,
+- LDNS_STATUS_SYNTAX_TTL_ERR,
+- LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL,
+- LDNS_STATUS_SYNTAX_RDATA_ERR,
+- LDNS_STATUS_SYNTAX_DNAME_ERR,
+- LDNS_STATUS_SYNTAX_VERSION_ERR,
+- LDNS_STATUS_SYNTAX_ALG_ERR,
+- LDNS_STATUS_SYNTAX_KEYWORD_ERR,
+- LDNS_STATUS_SYNTAX_TTL,
+- LDNS_STATUS_SYNTAX_ORIGIN,
+- LDNS_STATUS_SYNTAX_INCLUDE,
+- LDNS_STATUS_SYNTAX_EMPTY,
+- LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW,
+- LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR,
+- LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW,
+- LDNS_STATUS_SYNTAX_BAD_ESCAPE,
+- LDNS_STATUS_SOCKET_ERROR,
+- LDNS_STATUS_SYNTAX_ERR,
+- LDNS_STATUS_DNSSEC_EXISTENCE_DENIED,
+- LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED,
+- LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED,
+- LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND,
+- LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG,
+- LDNS_STATUS_MISSING_RDATA_FIELDS_KEY,
+- LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN,
+- LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN,
+- LDNS_STATUS_DANE_STATUS_MESSAGES,
+- LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE,
+- LDNS_STATUS_DANE_UNKNOWN_SELECTOR,
+- LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE,
+- LDNS_STATUS_DANE_UNKNOWN_PROTOCOL,
+- LDNS_STATUS_DANE_UNKNOWN_TRANSPORT,
+- LDNS_STATUS_DANE_MISSING_EXTRA_CERTS,
+- LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED,
+- LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE,
+- LDNS_STATUS_DANE_INSECURE,
+- LDNS_STATUS_DANE_BOGUS,
+- LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
+- LDNS_STATUS_DANE_NON_CA_CERTIFICATE,
+- LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE,
+- LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR,
+- LDNS_STATUS_EXISTS_ERR,
+- LDNS_STATUS_INVALID_ILNP64,
+- LDNS_STATUS_INVALID_EUI48,
+- LDNS_STATUS_INVALID_EUI64,
+- LDNS_STATUS_WIRE_RDATA_ERR,
+- LDNS_STATUS_INVALID_TAG,
+- LDNS_STATUS_TYPE_NOT_IN_BITMAP,
+- LDNS_STATUS_INVALID_RDF_TYPE,
+- LDNS_STATUS_RDATA_OVERFLOW
+-};
+-typedef enum ldns_enum_status ldns_status;
+-
+-extern ldns_lookup_table ldns_error_str[];
+-
+-/**
+- * look up a descriptive text by each error. This function
+- * could use a better name
+- * \param[in] err ldns_status number
+- * \return the string for that error
+- */
+-const char *ldns_get_errorstr_by_id(ldns_status err);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_ERROR_H */
+diff --git a/include/ldns/higher.h b/include/ldns/higher.h
+deleted file mode 100644
+index 597e134..0000000
+--- a/include/ldns/higher.h
++++ /dev/null
+@@ -1,113 +0,0 @@
+-/**
+- * \file higher.h
+- *
+- * Specifies some higher level functions that could
+- * be useful for certain applications
+- */
+-
+-/*
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#ifndef LDNS_HIGHER_H
+-#define LDNS_HIGHER_H
+-
+-#include <ldns/resolver.h>
+-#include <ldns/rdata.h>
+-#include <ldns/rr.h>
+-#include <ldns/host2str.h>
+-#include <ldns/tsig.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * Ask the resolver about name
+- * and return all address records
+- * \param[in] r the resolver to use
+- * \param[in] name the name to look for
+- * \param[in] c the class to use
+- * \param[in] flags give some optional flags to the query
+- */
+-ldns_rr_list *ldns_get_rr_list_addr_by_name(ldns_resolver *r, ldns_rdf *name, ldns_rr_class c, uint16_t flags);
+-
+-/**
+- * ask the resolver about the address
+- * and return the name
+- * \param[in] r the resolver to use
+- * \param[in] addr the addr to look for
+- * \param[in] c the class to use
+- * \param[in] flags give some optional flags to the query
+- */
+-ldns_rr_list *ldns_get_rr_list_name_by_addr(ldns_resolver *r, ldns_rdf *addr, ldns_rr_class c, uint16_t flags);
+-
+-/**
+- * wade through fp (a /etc/hosts like file)
+- * and return a rr_list containing all the
+- * defined hosts in there
+- * \param[in] fp the file pointer to use
+- * \return ldns_rr_list * with the names
+- */
+-ldns_rr_list *ldns_get_rr_list_hosts_frm_fp(FILE *fp);
+-
+-/**
+- * wade through fp (a /etc/hosts like file)
+- * and return a rr_list containing all the
+- * defined hosts in there
+- * \param[in] fp the file pointer to use
+- * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+- * \return ldns_rr_list * with the names
+- */
+-ldns_rr_list *ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr);
+-
+-/**
+- * wade through fp (a /etc/hosts like file)
+- * and return a rr_list containing all the
+- * defined hosts in there
+- * \param[in] filename the filename to use (NULL for /etc/hosts)
+- * \return ldns_rr_list * with the names
+- */
+-ldns_rr_list *ldns_get_rr_list_hosts_frm_file(char *filename);
+-
+-/**
+- * This function is a wrapper function for ldns_get_rr_list_name_by_addr
+- * and ldns_get_rr_list_addr_by_name. It's name is from the getaddrinfo()
+- * library call. It tries to mimic that call, but without the lowlevel
+- * stuff.
+- * \param[in] res The resolver. If this value is NULL then a resolver will
+- * be created by ldns_getaddrinfo.
+- * \param[in] node the name or ip address to look up
+- * \param[in] c the class to look in
+- * \param[out] list put the found RR's in this list
+- * \return the number of RR found.
+- */
+-uint16_t ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, ldns_rr_list **list);
+-
+-/**
+- * Check if t is enumerated in the nsec type rdata
+- * \param[in] nsec the NSEC Record to look in
+- * \param[in] t the type to check for
+- * \return true when t is found, otherwise return false
+- */
+-bool ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t);
+-
+-/**
+- * Print a number of rdf's of the RR. The rdfnum-list must
+- * be ended by -1, otherwise unpredictable things might happen.
+- * rdfs may be printed multiple times
+- * \param[in] fp FILE * to write to
+- * \param[in] r RR to write
+- * \param[in] rdfnum a list of rdf to print.
+- */
+-void ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_HIGHER_H */
+diff --git a/include/ldns/host2str.h b/include/ldns/host2str.h
+deleted file mode 100644
+index e69389e..0000000
+--- a/include/ldns/host2str.h
++++ /dev/null
+@@ -1,891 +0,0 @@
+-/**
+- * host2str.h - txt presentation of RRs
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-/**
+- * \file
+- *
+- * Contains functions to translate the main structures to their text
+- * representation, as well as functions to print them.
+- */
+-
+-#ifndef LDNS_HOST2STR_H
+-#define LDNS_HOST2STR_H
+-
+-#include <ldns/common.h>
+-#include <ldns/error.h>
+-#include <ldns/rr.h>
+-#include <ldns/rdata.h>
+-#include <ldns/packet.h>
+-#include <ldns/buffer.h>
+-#include <ldns/resolver.h>
+-#include <ldns/zone.h>
+-#include <ctype.h>
+-
+-#include "ldns/util.h"
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-#define LDNS_APL_IP4 1
+-#define LDNS_APL_IP6 2
+-#define LDNS_APL_MASK 0x7f
+-#define LDNS_APL_NEGATION 0x80
+-
+-/**
+- * Represent a NULL pointer (instead of a pointer to a ldns_rr as "; (null)"
+- * as opposed to outputting nothing at all in such a case.
+- */
+-/* Flag Name Flag Nr. Has data associated
+- ---------------------------------------------------------------------*/
+-#define LDNS_COMMENT_NULLS (1 << 0)
+-/** Show key id with DNSKEY RR's as comment */
+-#define LDNS_COMMENT_KEY_ID (1 << 1)
+-/** Show if a DNSKEY is a ZSK or KSK as comment */
+-#define LDNS_COMMENT_KEY_TYPE (1 << 2)
+-/** Show DNSKEY key size as comment */
+-#define LDNS_COMMENT_KEY_SIZE (1 << 3)
+-/** Provide bubblebabble representation for DS RR's as comment */
+-#define LDNS_COMMENT_BUBBLEBABBLE (1 << 4)
+-/** Show when a NSEC3 RR has the optout flag set as comment */
+-#define LDNS_COMMENT_FLAGS (1 << 5)
+-/** Show the unhashed owner and next owner names for NSEC3 RR's as comment */
+-#define LDNS_COMMENT_NSEC3_CHAIN (1 << 6) /* yes */
+-/** Print mark up */
+-#define LDNS_COMMENT_LAYOUT (1 << 7)
+-/** Also comment KEY_ID with RRSIGS **/
+-#define LDNS_COMMENT_RRSIGS (1 << 8)
+-#define LDNS_FMT_ZEROIZE_RRSIGS (1 << 9)
+-#define LDNS_FMT_PAD_SOA_SERIAL (1 << 10)
+-#define LDNS_FMT_RFC3597 (1 << 11) /* yes */
+-
+-#define LDNS_FMT_FLAGS_WITH_DATA 2
+-
+-/** Show key id, type and size as comment for DNSKEY RR's */
+-#define LDNS_COMMENT_KEY (LDNS_COMMENT_KEY_ID \
+- |LDNS_COMMENT_KEY_TYPE\
+- |LDNS_COMMENT_KEY_SIZE)
+-
+-/**
+- * Output format specifier
+- *
+- * Determines how Packets, Resource Records and Resource record data fiels are
+- * formatted when printing or converting to string.
+- * Currently it is only used to specify what aspects of a Resource Record are
+- * annotated in the comment section of the textual representation the record.
+- * This is speciefed with flags and potential exra data (such as for example
+- * a lookup map of hashes to real names for annotation NSEC3 records).
+- */
+-struct ldns_struct_output_format
+-{
+- /** Specification of how RR's should be formatted in text */
+- int flags;
+- /** Potential extra data to be used with formatting RR's in text */
+- void *data;
+-};
+-typedef struct ldns_struct_output_format ldns_output_format;
+-
+-/**
+- * Output format struct with additional data for flags that use them.
+- * This struct may not be initialized directly. Use ldns_output_format_init
+- * to initialize.
+- */
+-struct ldns_struct_output_format_storage
+-{ int flags;
+- ldns_rbtree_t* hashmap; /* for LDNS_COMMENT_NSEC3_CHAIN */
+- ldns_rdf* bitmap; /* for LDNS_FMT_RFC3597 */
+-};
+-typedef struct ldns_struct_output_format_storage ldns_output_format_storage;
+-
+-/**
+- * Standard output format record that disables commenting in the textual
+- * representation of Resource Records completely.
+- */
+-extern const ldns_output_format *ldns_output_format_nocomments;
+-/**
+- * Standard output format record that annotated only DNSKEY RR's with commenti
+- * text.
+- */
+-extern const ldns_output_format *ldns_output_format_onlykeyids;
+-/**
+- * The default output format record. Same as ldns_output_format_onlykeyids.
+- */
+-extern const ldns_output_format *ldns_output_format_default;
+-/**
+- * Standard output format record that shows all DNSKEY related information in
+- * the comment text, plus the optout flag when set with NSEC3's, plus the
+- * bubblebabble representation of DS RR's.
+- */
+-extern const ldns_output_format *ldns_output_format_bubblebabble;
+-
+-/**
+- * Initialize output format storage to the default value.
+- * \param[in] fmt A reference to an output_format_ storage struct
+- * \return The initialized storage struct typecasted to ldns_output_format
+- */
+-INLINE
+-ldns_output_format* ldns_output_format_init(ldns_output_format_storage* fmt) {
+- fmt->flags = ldns_output_format_default->flags;
+- fmt->hashmap = NULL;
+- fmt->bitmap = NULL;
+- return (ldns_output_format*)fmt;
+-}
+-
+-/**
+- * Set an ouput format flag.
+- */
+-INLINE void ldns_output_format_set(ldns_output_format* fmt, int flag) {
+- fmt->flags |= flag;
+-}
+-
+-/**
+- * Clear an ouput format flag.
+- */
+-INLINE void ldns_output_format_clear(ldns_output_format* fmt, int flag) {
+- fmt->flags &= !flag;
+-}
+-
+-/**
+- * Makes sure the LDNS_FMT_RFC3597 is set in the output format.
+- * Marks the type to be printed in RFC3597 format.
+- * /param[in] fmt the output format to update
+- * /param[in] the type to be printed in RFC3597 format
+- * /return LDNS_STATUS_OK on success
+- */
+-ldns_status
+-ldns_output_format_set_type(ldns_output_format* fmt, ldns_rr_type type);
+-
+-/**
+- * Makes sure the LDNS_FMT_RFC3597 is set in the output format.
+- * Marks the type to not be printed in RFC3597 format. When no other types
+- * have been marked before, all known types (except the given one) will be
+- * marked for printing in RFC3597 format.
+- * /param[in] fmt the output format to update
+- * /param[in] the type not to be printed in RFC3597 format
+- * /return LDNS_STATUS_OK on success
+- */
+-ldns_status
+-ldns_output_format_clear_type(ldns_output_format* fmt, ldns_rr_type type);
+-
+-/**
+- * Converts an ldns packet opcode value to its mnemonic, and adds that
+- * to the output buffer
+- * \param[in] *output the buffer to add the data to
+- * \param[in] opcode to find the string representation of
+- * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
+- */
+-ldns_status
+-ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode);
+-
+-/**
+- * Converts an ldns packet rcode value to its mnemonic, and adds that
+- * to the output buffer
+- * \param[in] *output the buffer to add the data to
+- * \param[in] rcode to find the string representation of
+- * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
+- */
+-ldns_status
+-ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode);
+-
+-/**
+- * Converts an ldns algorithm type to its mnemonic, and adds that
+- * to the output buffer
+- * \param[in] *output the buffer to add the data to
+- * \param[in] algorithm to find the string representation of
+- * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
+- */
+-ldns_status
+-ldns_algorithm2buffer_str(ldns_buffer *output,
+- ldns_algorithm algorithm);
+-
+-/**
+- * Converts an ldns certificate algorithm type to its mnemonic,
+- * and adds that to the output buffer
+- * \param[in] *output the buffer to add the data to
+- * \param[in] cert_algorithm to find the string representation of
+- * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
+- */
+-ldns_status
+-ldns_cert_algorithm2buffer_str(ldns_buffer *output,
+- ldns_cert_algorithm cert_algorithm);
+-
+-
+-/**
+- * Converts a packet opcode to its mnemonic and returns that as
+- * an allocated null-terminated string.
+- * Remember to free it.
+- *
+- * \param[in] opcode the opcode to convert to text
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_pkt_opcode2str(ldns_pkt_opcode opcode);
+-
+-/**
+- * Converts a packet rcode to its mnemonic and returns that as
+- * an allocated null-terminated string.
+- * Remember to free it.
+- *
+- * \param[in] rcode the rcode to convert to text
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_pkt_rcode2str(ldns_pkt_rcode rcode);
+-
+-/**
+- * Converts a signing algorithms to its mnemonic and returns that as
+- * an allocated null-terminated string.
+- * Remember to free it.
+- *
+- * \param[in] algorithm the algorithm to convert to text
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_pkt_algorithm2str(ldns_algorithm algorithm);
+-
+-/**
+- * Converts a cert algorithm to its mnemonic and returns that as
+- * an allocated null-terminated string.
+- * Remember to free it.
+- *
+- * \param[in] cert_algorithm to convert to text
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_A rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_AAAA rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_STR rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_B64 rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_B32_EXT rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_b32_ext(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_HEX rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_TYPE rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_CLASS rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_ALG rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an ldns_rr_type value to its string representation,
+- * and places it in the given buffer
+- * \param[in] *output The buffer to add the data to
+- * \param[in] type the ldns_rr_type to convert
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rr_type2buffer_str(ldns_buffer *output,
+- const ldns_rr_type type);
+-
+-/**
+- * Converts an ldns_rr_type value to its string representation,
+- * and returns that string. For unknown types, the string
+- * "TYPE<id>" is returned. This function allocates data that must be
+- * freed by the caller
+- * \param[in] type the ldns_rr_type to convert
+- * \return a newly allocated string
+- */
+-char *ldns_rr_type2str(const ldns_rr_type type);
+-
+-/**
+- * Converts an ldns_rr_class value to its string representation,
+- * and places it in the given buffer
+- * \param[in] *output The buffer to add the data to
+- * \param[in] klass the ldns_rr_class to convert
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rr_class2buffer_str(ldns_buffer *output,
+- const ldns_rr_class klass);
+-
+-/**
+- * Converts an ldns_rr_class value to its string representation,
+- * and returns that string. For unknown types, the string
+- * "CLASS<id>" is returned. This function allocates data that must be
+- * freed by the caller
+- * \param[in] klass the ldns_rr_class to convert
+- * \return a newly allocated string
+- */
+-char *ldns_rr_class2str(const ldns_rr_class klass);
+-
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_CERT rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_LOC rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_UNKNOWN rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_NSAP rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_ATMA rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_atma(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_WKS rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_NSEC rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_PERIOD rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_TSIGTIME rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_tsigtime(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_APL rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_INT16_DATA rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_IPSECKEY rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts the data in the rdata field to presentation
+- * format (as char *) and appends it to the given buffer
+- *
+- * \param[in] output pointer to the buffer to append the data to
+- * \param[in] rdf the pointer to the rdafa field containing the data
+- * \return status
+- */
+-ldns_status ldns_rdf2buffer_str(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts the data in the resource record to presentation
+- * format (as char *) and appends it to the given buffer.
+- * The presentation format of DNSKEY record is annotated with comments giving
+- * the id, type and size of the key.
+- *
+- * \param[in] output pointer to the buffer to append the data to
+- * \param[in] rr the pointer to the rr field to convert
+- * \return status
+- */
+-ldns_status ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr);
+-
+-/**
+- * Converts the data in the resource record to presentation
+- * format (as char *) and appends it to the given buffer.
+- * The presentation format is annotated with comments giving
+- * additional information on the record.
+- *
+- * \param[in] output pointer to the buffer to append the data to
+- * \param[in] fmt how to format the textual representation of the
+- * resource record.
+- * \param[in] rr the pointer to the rr field to convert
+- * \return status
+- */
+-ldns_status ldns_rr2buffer_str_fmt(ldns_buffer *output,
+- const ldns_output_format *fmt, const ldns_rr *rr);
+-
+-/**
+- * Converts the data in the DNS packet to presentation
+- * format (as char *) and appends it to the given buffer
+- *
+- * \param[in] output pointer to the buffer to append the data to
+- * \param[in] pkt the pointer to the packet to convert
+- * \return status
+- */
+-ldns_status ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt);
+-
+-/**
+- * Converts the data in the DNS packet to presentation
+- * format (as char *) and appends it to the given buffer
+- *
+- * \param[in] output pointer to the buffer to append the data to
+- * \param[in] fmt how to format the textual representation of the packet
+- * \param[in] pkt the pointer to the packet to convert
+- * \return status
+- */
+-ldns_status ldns_pkt2buffer_str_fmt(ldns_buffer *output,
+- const ldns_output_format *fmt, const ldns_pkt *pkt);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_NSEC3_SALT rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-
+-/**
+- * Converts the data in the DNS packet to presentation
+- * format (as char *) and appends it to the given buffer
+- *
+- * \param[in] output pointer to the buffer to append the data to
+- * \param[in] k the pointer to the private key to convert
+- * \return status
+- */
+-ldns_status ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_INT8 rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_int8(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_INT16 rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_INT32 rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_TIME rdata element to string format and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_ILNP64 rdata element to 4 hexadecimal numbers
+- * separated by colons and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_ilnp64(ldns_buffer *output,
+- const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_EUI48 rdata element to 6 hexadecimal numbers
+- * separated by dashes and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_eui48(ldns_buffer *output,
+- const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_EUI64 rdata element to 8 hexadecimal numbers
+- * separated by dashes and adds it to the output buffer
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_eui64(ldns_buffer *output,
+- const ldns_rdf *rdf);
+-
+-/**
+- * Adds the LDNS_RDF_TYPE_TAG rdata to the output buffer,
+- * provided it contains only alphanumeric characters.
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_tag(ldns_buffer *output,
+- const ldns_rdf *rdf);
+-
+-/**
+- * Adds the LDNS_RDF_TYPE_LONG_STR rdata to the output buffer, in-between
+- * double quotes and all non printable characters properly escaped.
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_long_str(ldns_buffer *output,
+- const ldns_rdf *rdf);
+-
+-/**
+- * Converts an LDNS_RDF_TYPE_HIP rdata element to presentation format for
+- * the algorithm, HIT and Public Key and adds it the output buffer .
+- * \param[in] *rdf The rdata to convert
+- * \param[in] *output The buffer to add the data to
+- * \return LDNS_STATUS_OK on success, and error status on failure
+- */
+-ldns_status ldns_rdf2buffer_str_hip(ldns_buffer *output,
+- const ldns_rdf *rdf);
+-
+-/**
+- * Converts the data in the rdata field to presentation format and
+- * returns that as a char *.
+- * Remember to free it.
+- *
+- * \param[in] rdf The rdata field to convert
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_rdf2str(const ldns_rdf *rdf);
+-
+-/**
+- * Converts the data in the resource record to presentation format and
+- * returns that as a char *.
+- * Remember to free it.
+- *
+- * \param[in] rr The rdata field to convert
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_rr2str(const ldns_rr *rr);
+-
+-/**
+- * Converts the data in the resource record to presentation format and
+- * returns that as a char *.
+- * Remember to free it.
+- *
+- * \param[in] fmt how to format the resource record
+- * \param[in] rr The rdata field to convert
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_rr2str_fmt(const ldns_output_format *fmt, const ldns_rr *rr);
+-
+-/**
+- * Converts the data in the DNS packet to presentation format and
+- * returns that as a char *.
+- * Remember to free it.
+- *
+- * \param[in] pkt The rdata field to convert
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_pkt2str(const ldns_pkt *pkt);
+-
+-/**
+- * Converts the data in the DNS packet to presentation format and
+- * returns that as a char *.
+- * Remember to free it.
+- *
+- * \param[in] fmt how to format the packet
+- * \param[in] pkt The rdata field to convert
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_pkt2str_fmt(const ldns_output_format *fmt, const ldns_pkt *pkt);
+-
+-/**
+- * Converts a private key to the test presentation fmt and
+- * returns that as a char *.
+- * Remember to free it.
+- *
+- * \param[in] k the key to convert to text
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_key2str(const ldns_key *k);
+-
+-/**
+- * Converts a list of resource records to presentation format
+- * and returns that as a char *.
+- * Remember to free it.
+- *
+- * \param[in] rr_list the rr_list to convert to text
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_rr_list2str(const ldns_rr_list *rr_list);
+-
+-/**
+- * Converts a list of resource records to presentation format
+- * and returns that as a char *.
+- * Remember to free it.
+- *
+- * \param[in] fmt how to format the list of resource records
+- * \param[in] rr_list the rr_list to convert to text
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_rr_list2str_fmt(
+- const ldns_output_format *fmt, const ldns_rr_list *rr_list);
+-
+-/**
+- * Returns a copy of the data in the buffer as a null terminated
+- * char * string. The returned string must be freed by the caller.
+- * The buffer must be in write modus and may thus not have been flipped.
+- *
+- * \param[in] buffer buffer containing char * data
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_buffer2str(ldns_buffer *buffer);
+-
+-/**
+- * Exports and returns the data in the buffer as a null terminated
+- * char * string. The returned string must be freed by the caller.
+- * The buffer must be in write modus and may thus not have been flipped.
+- * The buffer is fixed after this function returns.
+- *
+- * \param[in] buffer buffer containing char * data
+- * \return null terminated char * data, or NULL on error
+- */
+-char *ldns_buffer_export2str(ldns_buffer *buffer);
+-
+-/**
+- * Prints the data in the rdata field to the given file stream
+- * (in presentation format)
+- *
+- * \param[in] output the file stream to print to
+- * \param[in] rdf the rdata field to print
+- * \return void
+- */
+-void ldns_rdf_print(FILE *output, const ldns_rdf *rdf);
+-
+-/**
+- * Prints the data in the resource record to the given file stream
+- * (in presentation format)
+- *
+- * \param[in] output the file stream to print to
+- * \param[in] rr the resource record to print
+- * \return void
+- */
+-void ldns_rr_print(FILE *output, const ldns_rr *rr);
+-
+-/**
+- * Prints the data in the resource record to the given file stream
+- * (in presentation format)
+- *
+- * \param[in] output the file stream to print to
+- * \param[in] fmt format of the textual representation
+- * \param[in] rr the resource record to print
+- * \return void
+- */
+-void ldns_rr_print_fmt(FILE *output,
+- const ldns_output_format *fmt, const ldns_rr *rr);
+-
+-/**
+- * Prints the data in the DNS packet to the given file stream
+- * (in presentation format)
+- *
+- * \param[in] output the file stream to print to
+- * \param[in] pkt the packet to print
+- * \return void
+- */
+-void ldns_pkt_print(FILE *output, const ldns_pkt *pkt);
+-
+-/**
+- * Prints the data in the DNS packet to the given file stream
+- * (in presentation format)
+- *
+- * \param[in] output the file stream to print to
+- * \param[in] fmt format of the textual representation
+- * \param[in] pkt the packet to print
+- * \return void
+- */
+-void ldns_pkt_print_fmt(FILE *output,
+- const ldns_output_format *fmt, const ldns_pkt *pkt);
+-
+-/**
+- * Converts a rr_list to presentation format and appends it to
+- * the output buffer
+- * \param[in] output the buffer to append output to
+- * \param[in] list the ldns_rr_list to print
+- * \return ldns_status
+- */
+-ldns_status ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list);
+-
+-/**
+- * Converts a rr_list to presentation format and appends it to
+- * the output buffer
+- * \param[in] output the buffer to append output to
+- * \param[in] fmt format of the textual representation
+- * \param[in] list the ldns_rr_list to print
+- * \return ldns_status
+- */
+-ldns_status ldns_rr_list2buffer_str_fmt(ldns_buffer *output,
+- const ldns_output_format *fmt, const ldns_rr_list *list);
+-
+-/**
+- * Converts the header of a packet to presentation format and appends it to
+- * the output buffer
+- * \param[in] output the buffer to append output to
+- * \param[in] pkt the packet to convert the header of
+- * \return ldns_status
+- */
+-ldns_status ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt);
+-
+-/**
+- * print a rr_list to output
+- * \param[in] output the fd to print to
+- * \param[in] list the rr_list to print
+- */
+-void ldns_rr_list_print(FILE *output, const ldns_rr_list *list);
+-
+-/**
+- * print a rr_list to output
+- * \param[in] output the fd to print to
+- * \param[in] fmt format of the textual representation
+- * \param[in] list the rr_list to print
+- */
+-void ldns_rr_list_print_fmt(FILE *output,
+- const ldns_output_format *fmt, const ldns_rr_list *list);
+-
+-/**
+- * Print a resolver (in sofar that is possible) state
+- * to output.
+- * \param[in] output the fd to print to
+- * \param[in] r the resolver to print
+- */
+-void ldns_resolver_print(FILE *output, const ldns_resolver *r);
+-
+-/**
+- * Print a resolver (in sofar that is possible) state
+- * to output.
+- * \param[in] output the fd to print to
+- * \param[in] fmt format of the textual representation
+- * \param[in] r the resolver to print
+- */
+-void ldns_resolver_print_fmt(FILE *output,
+- const ldns_output_format *fmt, const ldns_resolver *r);
+-
+-/**
+- * Print a zone structure * to output. Note the SOA record
+- * is included in this output
+- * \param[in] output the fd to print to
+- * \param[in] z the zone to print
+- */
+-void ldns_zone_print(FILE *output, const ldns_zone *z);
+-
+-/**
+- * Print a zone structure * to output. Note the SOA record
+- * is included in this output
+- * \param[in] output the fd to print to
+- * \param[in] fmt format of the textual representation
+- * \param[in] z the zone to print
+- */
+-void ldns_zone_print_fmt(FILE *output,
+- const ldns_output_format *fmt, const ldns_zone *z);
+-
+-/**
+- * Print the ldns_rdf containing a dname to the buffer
+- * \param[in] output the buffer to print to
+- * \param[in] dname the dname to print
+- * \return ldns_status message if the printing succeeded
+- */
+-ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_HOST2STR_H */
+diff --git a/include/ldns/host2wire.h b/include/ldns/host2wire.h
+deleted file mode 100644
+index 94693cd..0000000
+--- a/include/ldns/host2wire.h
++++ /dev/null
+@@ -1,197 +0,0 @@
+-/*
+- * host2wire.h - 2wire conversion routines
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-/**
+- * \file
+- *
+- * Contains all functions to translate the main structures to wire format
+- */
+-
+-#ifndef LDNS_HOST2WIRE_H
+-#define LDNS_HOST2WIRE_H
+-
+-#include <ldns/common.h>
+-#include <ldns/error.h>
+-#include <ldns/rr.h>
+-#include <ldns/rdata.h>
+-#include <ldns/packet.h>
+-#include <ldns/buffer.h>
+-#include <ctype.h>
+-
+-#include "ldns/util.h"
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * Copies the dname data to the buffer in wire format
+- * \param[out] *buffer buffer to append the result to
+- * \param[in] *name rdata dname to convert
+- * \return ldns_status
+- */
+-ldns_status ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name);
+-
+-/**
+- * Copies the dname data to the buffer in wire format
+- * \param[out] *buffer buffer to append the result to
+- * \param[in] *name rdata dname to convert
+- * \param[out] *compression_data data structure holding state for compression
+- * \return ldns_status
+- */
+-ldns_status ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_rbtree_t *compression_data);
+-
+-/**
+- * Copies the rdata data to the buffer in wire format
+- * \param[out] *output buffer to append the result to
+- * \param[in] *rdf rdata to convert
+- * \return ldns_status
+- */
+-ldns_status ldns_rdf2buffer_wire(ldns_buffer *output, const ldns_rdf *rdf);
+-
+-/**
+- * Copies the rdata data to the buffer in wire format
+- * \param[out] *output buffer to append the result to
+- * \param[in] *rdf rdata to convert
+- * \param[out] *compression_data data structure holding state for compression
+- * \return ldns_status
+- */
+-ldns_status ldns_rdf2buffer_wire_compress(ldns_buffer *output, const ldns_rdf *rdf, ldns_rbtree_t *compression_data);
+-
+-/**
+- * Copies the rdata data to the buffer in wire format
+- * If the rdata is a dname, the letters will be lowercased
+- * during the conversion
+- * \param[out] *output buffer to append the result to
+- * \param[in] *rdf rdata to convert
+- * \return ldns_status
+- */
+-ldns_status ldns_rdf2buffer_wire_canonical(ldns_buffer *output,
+- const ldns_rdf *rdf);
+-
+-/**
+- * Copies the rr data to the buffer in wire format
+- * \param[out] *output buffer to append the result to
+- * \param[in] *rr resource record to convert
+- * \param[in] section the section in the packet this rr is supposed to be in
+- * (to determine whether to add rdata or not)
+- * \return ldns_status
+- */
+-ldns_status ldns_rr2buffer_wire(ldns_buffer *output,
+- const ldns_rr *rr,
+- int section);
+-
+-/**
+- * Copies the rr data to the buffer in wire format while doing DNAME compression
+- * \param[out] *output buffer to append the result to
+- * \param[in] *rr resource record to convert
+- * \param[in] section the section in the packet this rr is supposed to be in
+- * (to determine whether to add rdata or not)
+- * \param[out] *compression_data data structure holding state information for compression
+- * \return ldns_status
+- */
+-ldns_status ldns_rr2buffer_wire_compress(ldns_buffer *output,
+- const ldns_rr *rr,
+- int section,
+- ldns_rbtree_t *compression_data);
+-
+-/**
+- * Copies the rr data to the buffer in wire format, in canonical format
+- * according to RFC3597 (every dname in rdata fields of RR's mentioned in
+- * that RFC will be lowercased)
+- * \param[out] *output buffer to append the result to
+- * \param[in] *rr resource record to convert
+- * \param[in] section the section in the packet this rr is supposed to be in
+- * (to determine whether to add rdata or not)
+- * \return ldns_status
+- */
+-ldns_status ldns_rr2buffer_wire_canonical(ldns_buffer *output,
+- const ldns_rr *rr,
+- int section);
+-
+-
+-/**
+- * Converts a rrsig to wireformat BUT EXCLUDE the rrsig rdata
+- * This is needed in DNSSEC verification
+- * \param[out] output buffer to append the result to
+- * \param[in] sigrr signature rr to operate on
+- * \return ldns_status
+- */
+-ldns_status ldns_rrsig2buffer_wire(ldns_buffer *output, const ldns_rr *sigrr);
+-
+-/**
+- * Converts an rr's rdata to wireformat, while excluding
+- * the ownername and all the stuff before the rdata.
+- * This is needed in DNSSEC keytag calculation, the ds
+- * calcalution from the key and maybe elsewhere.
+- *
+- * \param[out] *output buffer where to put the result
+- * \param[in] *rr rr to operate on
+- * \return ldns_status
+- */
+-ldns_status ldns_rr_rdata2buffer_wire(ldns_buffer *output, const ldns_rr *rr);
+-
+-/**
+- * Copies the packet data to the buffer in wire format
+- * \param[out] *output buffer to append the result to
+- * \param[in] *pkt packet to convert
+- * \return ldns_status
+- */
+-ldns_status ldns_pkt2buffer_wire(ldns_buffer *output, const ldns_pkt *pkt);
+-
+-/**
+- * Copies the rr_list data to the buffer in wire format
+- * \param[out] *output buffer to append the result to
+- * \param[in] *rrlist rr_list to to convert
+- * \return ldns_status
+- */
+-ldns_status ldns_rr_list2buffer_wire(ldns_buffer *output, const ldns_rr_list *rrlist);
+-
+-/**
+- * Allocates an array of uint8_t at dest, and puts the wireformat of the
+- * given rdf in that array. The result_size value contains the
+- * length of the array, if it succeeds, and 0 otherwise (in which case
+- * the function also returns NULL)
+- *
+- * \param[out] dest pointer to the array of bytes to be created
+- * \param[in] rdf the rdata field to convert
+- * \param[out] size the size of the converted result
+- */
+-ldns_status ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *size);
+-
+-/**
+- * Allocates an array of uint8_t at dest, and puts the wireformat of the
+- * given rr in that array. The result_size value contains the
+- * length of the array, if it succeeds, and 0 otherwise (in which case
+- * the function also returns NULL)
+- *
+- * If the section argument is LDNS_SECTION_QUESTION, data like ttl and rdata
+- * are not put into the result
+- *
+- * \param[out] dest pointer to the array of bytes to be created
+- * \param[in] rr the rr to convert
+- * \param[in] section the rr section, determines how the rr is written.
+- * \param[out] size the size of the converted result
+- */
+-ldns_status ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *size);
+-
+-/**
+- * Allocates an array of uint8_t at dest, and puts the wireformat of the
+- * given packet in that array. The result_size value contains the
+- * length of the array, if it succeeds, and 0 otherwise (in which case
+- * the function also returns NULL)
+- */
+-ldns_status ldns_pkt2wire(uint8_t **dest, const ldns_pkt *p, size_t *size);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_HOST2WIRE_H */
+diff --git a/include/ldns/keys.h b/include/ldns/keys.h
+deleted file mode 100644
+index d3b4873..0000000
+--- a/include/ldns/keys.h
++++ /dev/null
+@@ -1,621 +0,0 @@
+-/*
+- *
+- * keys.h
+- *
+- * priv key definitions
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-/**
+- * \file
+- *
+- * Addendum to \ref dnssec.h, this module contains key and algorithm definitions and functions.
+- */
+-
+-
+-#ifndef LDNS_KEYS_H
+-#define LDNS_KEYS_H
+-
+-#include <ldns/common.h>
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-#include <openssl/ssl.h>
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-#include <ldns/util.h>
+-#include <errno.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-extern ldns_lookup_table ldns_signing_algorithms[];
+-
+-#define LDNS_KEY_ZONE_KEY 0x0100 /* rfc 4034 */
+-#define LDNS_KEY_SEP_KEY 0x0001 /* rfc 4034 */
+-#define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */
+-
+-/**
+- * Algorithms used in dns
+- */
+-enum ldns_enum_algorithm
+-{
+- LDNS_RSAMD5 = 1, /* RFC 4034,4035 */
+- LDNS_DH = 2,
+- LDNS_DSA = 3,
+- LDNS_ECC = 4,
+- LDNS_RSASHA1 = 5,
+- LDNS_DSA_NSEC3 = 6,
+- LDNS_RSASHA1_NSEC3 = 7,
+- LDNS_RSASHA256 = 8, /* RFC 5702 */
+- LDNS_RSASHA512 = 10, /* RFC 5702 */
+- LDNS_ECC_GOST = 12, /* RFC 5933 */
+- LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */
+- LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */
+- LDNS_INDIRECT = 252,
+- LDNS_PRIVATEDNS = 253,
+- LDNS_PRIVATEOID = 254
+-};
+-typedef enum ldns_enum_algorithm ldns_algorithm;
+-
+-/**
+- * Hashing algorithms used in the DS record
+- */
+-enum ldns_enum_hash
+-{
+- LDNS_SHA1 = 1, /* RFC 4034 */
+- LDNS_SHA256 = 2, /* RFC 4509 */
+- LDNS_HASH_GOST = 3, /* RFC 5933 */
+- LDNS_SHA384 = 4 /* RFC 6605 */
+-};
+-typedef enum ldns_enum_hash ldns_hash;
+-
+-/**
+- * Algorithms used in dns for signing
+- */
+-enum ldns_enum_signing_algorithm
+-{
+- LDNS_SIGN_RSAMD5 = LDNS_RSAMD5,
+- LDNS_SIGN_RSASHA1 = LDNS_RSASHA1,
+- LDNS_SIGN_DSA = LDNS_DSA,
+- LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3,
+- LDNS_SIGN_RSASHA256 = LDNS_RSASHA256,
+- LDNS_SIGN_RSASHA512 = LDNS_RSASHA512,
+- LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3,
+- LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST,
+- LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
+- LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
+- LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */
+- LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */
+- LDNS_SIGN_HMACSHA256 = 159 /* ditto */
+-};
+-typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm;
+-
+-/**
+- * General key structure, can contain all types of keys that
+- * are used in DNSSEC. Mostly used to store private keys, since
+- * public keys can also be stored in a \ref ldns_rr with type
+- * \ref LDNS_RR_TYPE_DNSKEY.
+- *
+- * This structure can also store some variables that influence the
+- * signatures generated by signing with this key, for instance the
+- * inception date.
+- */
+-struct ldns_struct_key {
+- ldns_signing_algorithm _alg;
+- /** Whether to use this key when signing */
+- bool _use;
+- /** Storage pointers for the types of keys supported */
+- /* TODO remove unions? */
+- struct {
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-#ifndef S_SPLINT_S
+- /* The key can be an OpenSSL EVP Key
+- */
+- EVP_PKEY *key;
+-#endif
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+- /**
+- * The key can be an HMAC key
+- */
+- struct {
+- unsigned char *key;
+- size_t size;
+- } hmac;
+- /** the key structure can also just point to some external
+- * key data
+- */
+- void *external_key;
+- } _key;
+- /** Depending on the key we can have extra data */
+- union {
+- /** Some values that influence generated signatures */
+- struct {
+- /** The TTL of the rrset that is currently signed */
+- uint32_t orig_ttl;
+- /** The inception date of signatures made with this key. */
+- uint32_t inception;
+- /** The expiration date of signatures made with this key. */
+- uint32_t expiration;
+- /** The keytag of this key. */
+- uint16_t keytag;
+- /** The dnssec key flags as specified in RFC4035, like ZSK and KSK */
+- uint16_t flags;
+- } dnssec;
+- } _extra;
+- /** Owner name of the key */
+- ldns_rdf *_pubkey_owner;
+-};
+-typedef struct ldns_struct_key ldns_key;
+-
+-/**
+- * Same as rr_list, but now for keys
+- */
+-struct ldns_struct_key_list
+-{
+- size_t _key_count;
+- ldns_key **_keys;
+-};
+-typedef struct ldns_struct_key_list ldns_key_list;
+-
+-
+-/**
+- * Creates a new empty key list
+- * \return a new ldns_key_list structure pointer
+- */
+-ldns_key_list *ldns_key_list_new(void);
+-
+-/**
+- * Creates a new empty key structure
+- * \return a new ldns_key * structure
+- */
+-ldns_key *ldns_key_new(void);
+-
+-/**
+- * Creates a new key based on the algorithm
+- *
+- * \param[in] a The algorithm to use
+- * \param[in] size the number of bytes for the keysize
+- * \return a new ldns_key structure with the key
+- */
+-ldns_key *ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size);
+-
+-/**
+- * Creates a new priv key based on the
+- * contents of the file pointed by fp.
+- *
+- * The file should be in Private-key-format v1.x.
+- *
+- * \param[out] k the new ldns_key structure
+- * \param[in] fp the file pointer to use
+- * \return an error or LDNS_STATUS_OK
+- */
+-ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp);
+-
+-/**
+- * Creates a new private key based on the
+- * contents of the file pointed by fp
+- *
+- * The file should be in Private-key-format v1.x.
+- *
+- * \param[out] k the new ldns_key structure
+- * \param[in] fp the file pointer to use
+- * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+- * \return an error or LDNS_STATUS_OK
+- */
+-ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr);
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * Read the key with the given id from the given engine and store it
+- * in the given ldns_key structure. The algorithm type is set
+- */
+-ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm);
+-
+-
+-/**
+- * frm_fp helper function. This function parses the
+- * remainder of the (RSA) priv. key file generated from bind9
+- * \param[in] fp the file to parse
+- * \return NULL on failure otherwise a RSA structure
+- */
+-RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * frm_fp helper function. This function parses the
+- * remainder of the (RSA) priv. key file generated from bind9
+- * \param[in] fp the file to parse
+- * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+- * \return NULL on failure otherwise a RSA structure
+- */
+-RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * frm_fp helper function. This function parses the
+- * remainder of the (DSA) priv. key file
+- * \param[in] fp the file to parse
+- * \return NULL on failure otherwise a RSA structure
+- */
+-DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * frm_fp helper function. This function parses the
+- * remainder of the (DSA) priv. key file
+- * \param[in] fp the file to parse
+- * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+- * \return NULL on failure otherwise a RSA structure
+- */
+-DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * frm_fp helper function. This function parses the
+- * remainder of the (HMAC-MD5) key file
+- * This function allocated a buffer that needs to be freed
+- * \param[in] fp the file to parse
+- * \param[out] hmac_size the number of bits in the resulting buffer
+- * \return NULL on failure otherwise a newly allocated char buffer
+- */
+-unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size);
+-#endif
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * frm_fp helper function. This function parses the
+- * remainder of the (HMAC-MD5) key file
+- * This function allocated a buffer that needs to be freed
+- * \param[in] fp the file to parse
+- * \param[in] line_nr pointer to an integer containing the current line number (for error reporting purposes)
+- * \param[out] hmac_size the number of bits in the resulting buffer
+- * \return NULL on failure otherwise a newly allocated char buffer
+- */
+-unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-/* acces write functions */
+-/**
+- * Set the key's algorithm
+- * \param[in] k the key
+- * \param[in] l the algorithm
+- */
+-void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l);
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * Set the key's evp key
+- * \param[in] k the key
+- * \param[in] e the evp key
+- */
+-void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e);
+-
+-/**
+- * Set the key's rsa data.
+- * The rsa data should be freed by the user.
+- * \param[in] k the key
+- * \param[in] r the rsa data
+- */
+-void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
+-
+-/**
+- * Set the key's dsa data
+- * The dsa data should be freed by the user.
+- * \param[in] k the key
+- * \param[in] d the dsa data
+- */
+-void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
+-
+-/**
+- * Assign the key's rsa data
+- * The rsa data will be freed automatically when the key is freed.
+- * \param[in] k the key
+- * \param[in] r the rsa data
+- */
+-void ldns_key_assign_rsa_key(ldns_key *k, RSA *r);
+-
+-/**
+- * Assign the key's dsa data
+- * The dsa data will be freed automatically when the key is freed.
+- * \param[in] k the key
+- * \param[in] d the dsa data
+- */
+-void ldns_key_assign_dsa_key(ldns_key *k, DSA *d);
+-
+-/**
+- * Get the PKEY id for GOST, loads GOST into openssl as a side effect.
+- * Only available if GOST is compiled into the library and openssl.
+- * \return the gost id for EVP_CTX creation.
+- */
+-int ldns_key_EVP_load_gost_id(void);
+-
+-/** Release the engine reference held for the GOST engine. */
+-void ldns_key_EVP_unload_gost(void);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-/**
+- * Set the key's hmac data
+- * \param[in] k the key
+- * \param[in] hmac the raw key data
+- */
+-void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac);
+-
+-/**
+- * Set the key id data. This is used if the key points to
+- * some externally stored key data
+- *
+- * Only the pointer is set, the data there is not copied,
+- * and must be freed manually; ldns_key_deep_free() does
+- * *not* free this data
+- * \param[in] key the key
+- * \param[in] external_key key id data
+- */
+-void ldns_key_set_external_key(ldns_key *key, void *external_key);
+-
+-/**
+- * Set the key's hmac size
+- * \param[in] k the key
+- * \param[in] hmac_size the size of the hmac data
+- */
+-void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size);
+-/**
+- * Set the key's original ttl
+- * \param[in] k the key
+- * \param[in] t the ttl
+- */
+-void ldns_key_set_origttl(ldns_key *k, uint32_t t);
+-/**
+- * Set the key's inception date (seconds after epoch)
+- * \param[in] k the key
+- * \param[in] i the inception
+- */
+-void ldns_key_set_inception(ldns_key *k, uint32_t i);
+-/**
+- * Set the key's expiration date (seconds after epoch)
+- * \param[in] k the key
+- * \param[in] e the expiration
+- */
+-void ldns_key_set_expiration(ldns_key *k, uint32_t e);
+-/**
+- * Set the key's pubkey owner
+- * \param[in] k the key
+- * \param[in] r the owner
+- */
+-void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r);
+-/**
+- * Set the key's key tag
+- * \param[in] k the key
+- * \param[in] tag the keytag
+- */
+-void ldns_key_set_keytag(ldns_key *k, uint16_t tag);
+-/**
+- * Set the key's flags
+- * \param[in] k the key
+- * \param[in] flags the flags
+- */
+-void ldns_key_set_flags(ldns_key *k, uint16_t flags);
+-/**
+- * Set the keylist's key count to count
+- * \param[in] key the key
+- * \param[in] count the cuont
+- */
+-void ldns_key_list_set_key_count(ldns_key_list *key, size_t count);
+-
+-/**
+- * pushes a key to a keylist
+- * \param[in] key_list the key_list to push to
+- * \param[in] key the key to push
+- * \return false on error, otherwise true
+- */
+-bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key);
+-
+-/**
+- * returns the number of keys in the key list
+- * \param[in] key_list the key_list
+- * \return the numbers of keys in the list
+- */
+-size_t ldns_key_list_key_count(const ldns_key_list *key_list);
+-
+-/**
+- * returns a pointer to the key in the list at the given position
+- * \param[in] key the key
+- * \param[in] nr the position in the list
+- * \return the key
+- */
+-ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr);
+-
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-/**
+- * returns the (openssl) RSA struct contained in the key
+- * \param[in] k the key to look in
+- * \return the RSA * structure in the key
+- */
+-RSA *ldns_key_rsa_key(const ldns_key *k);
+-/**
+- * returns the (openssl) EVP struct contained in the key
+- * \param[in] k the key to look in
+- * \return the RSA * structure in the key
+- */
+-EVP_PKEY *ldns_key_evp_key(const ldns_key *k);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-/**
+- * returns the (openssl) DSA struct contained in the key
+- */
+-#if LDNS_BUILD_CONFIG_HAVE_SSL
+-DSA *ldns_key_dsa_key(const ldns_key *k);
+-#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
+-
+-/**
+- * return the signing alg of the key
+- * \param[in] k the key
+- * \return the algorithm
+- */
+-ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k);
+-/**
+- * set the use flag
+- * \param[in] k the key
+- * \param[in] v the boolean value to set the _use field to
+- */
+-void ldns_key_set_use(ldns_key *k, bool v);
+-/**
+- * return the use flag
+- * \param[in] k the key
+- * \return the boolean value of the _use field
+- */
+-bool ldns_key_use(const ldns_key *k);
+-/**
+- * return the hmac key data
+- * \param[in] k the key
+- * \return the hmac key data
+- */
+-unsigned char *ldns_key_hmac_key(const ldns_key *k);
+-/**
+- * return the key id key data
+- * \param[in] k the key
+- * \return the key id data
+- */
+-void *ldns_key_external_key(const ldns_key *k);
+-/**
+- * return the hmac key size
+- * \param[in] k the key
+- * \return the hmac key size
+- */
+-size_t ldns_key_hmac_size(const ldns_key *k);
+-/**
+- * return the original ttl of the key
+- * \param[in] k the key
+- * \return the original ttl
+- */
+-uint32_t ldns_key_origttl(const ldns_key *k);
+-/**
+- * return the key's inception date
+- * \param[in] k the key
+- * \return the inception date
+- */
+-uint32_t ldns_key_inception(const ldns_key *k);
+-/**
+- * return the key's expiration date
+- * \param[in] k the key
+- * \return the experiration date
+- */
+-uint32_t ldns_key_expiration(const ldns_key *k);
+-/**
+- * return the keytag
+- * \param[in] k the key
+- * \return the keytag
+- */
+-uint16_t ldns_key_keytag(const ldns_key *k);
+-/**
+- * return the public key's owner
+- * \param[in] k the key
+- * \return the owner
+- */
+-ldns_rdf *ldns_key_pubkey_owner(const ldns_key *k);
+-/**
+- * Set the 'use' flag for all keys in the list
+- * \param[in] keys The key_list
+- * \param[in] v The value to set the use flags to
+- */
+-void
+-ldns_key_list_set_use(ldns_key_list *keys, bool v);
+-
+-/**
+- * return the flag of the key
+- * \param[in] k the key
+- * \return the flag
+- */
+-uint16_t ldns_key_flags(const ldns_key *k);
+-
+-/**
+- * pops the last rr from a keylist
+- * \param[in] key_list the rr_list to pop from
+- * \return NULL if nothing to pop. Otherwise the popped RR
+- */
+-ldns_key *ldns_key_list_pop_key(ldns_key_list *key_list);
+-
+-/**
+- * converts a ldns_key to a public key rr
+- * If the key data exists at an external point, the corresponding
+- * rdata field must still be added with ldns_rr_rdf_push() to the
+- * result rr of this function
+- *
+- * \param[in] k the ldns_key to convert
+- * \return ldns_rr representation of the key
+- */
+-ldns_rr *ldns_key2rr(const ldns_key *k);
+-
+-/**
+- * print a private key to the file ouput
+- *
+- * \param[in] output the FILE descriptor where to print to
+- * \param[in] k the ldns_key to print
+- */
+-void ldns_key_print(FILE *output, const ldns_key *k);
+-
+-/**
+- * frees a key structure, but not its internal data structures
+- *
+- * \param[in] key the key object to free
+- */
+-void ldns_key_free(ldns_key *key);
+-
+-/**
+- * frees a key structure and all its internal data structures, except
+- * the data set by ldns_key_set_external_key()
+- *
+- * \param[in] key the key object to free
+- */
+-void ldns_key_deep_free(ldns_key *key);
+-
+-/**
+- * Frees a key list structure
+- * \param[in] key_list the key list object to free
+- */
+-void ldns_key_list_free(ldns_key_list *key_list);
+-
+-/**
+- * Instantiates a DNSKEY or DS RR from file.
+- * \param[in] filename the file to read the record from
+- * \return the corresponding RR, or NULL if the parsing failed
+- */
+-ldns_rr * ldns_read_anchor_file(const char *filename);
+-
+-/**
+- * Returns the 'default base name' for key files;
+- * IE. K\<zone\>+\<alg\>+\<keytag\>
+- * (without the .key or .private)
+- * The memory for this is allocated by this function,
+- * and should be freed by the caller
+- *
+- * \param[in] key the key to get the file name from
+- * \returns A string containing the file base name
+- */
+-char *ldns_key_get_file_base_name(ldns_key *key);
+-
+-/**
+- * See if a key algorithm is supported
+- * \param[in] algo the signing algorithm number.
+- * \returns true if supported.
+- */
+-int ldns_key_algo_supported(int algo);
+-
+-/**
+- * Get signing algorithm by name. Comparison is case insensitive.
+- * \param[in] name string with the name.
+- * \returns 0 on parse failure or the algorithm number.
+- */
+-ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_KEYS_H */
+diff --git a/include/ldns/ldns.h b/include/ldns/ldns.h
+deleted file mode 100644
+index 60663ef..0000000
+--- a/include/ldns/ldns.h
++++ /dev/null
+@@ -1,158 +0,0 @@
+-/*
+- * dns.h -- defines for the Domain Name System
+- *
+- * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+- *
+- * See LICENSE for the license.
+- *
+- * This library was created by:
+- * Jelte Jansen, Erik Rozendaal and Miek Gieben
+- *
+- * A bunch of defines that are used in the DNS.
+- */
+-
+-
+-/**
+-\mainpage LDNS Documentation
+-
+-\section introduction Introduction
+-
+-The goal of ldns is to simplify DNS programming, it supports recent RFCs
+-like the DNSSEC documents, and allow developers to easily create software
+-conforming to current RFCs, and experimental software for current Internet
+-drafts. A secondary benefit of using ldns is speed, because ldns is written
+-in C, and although it is not optimized for performance, it should be a lot
+-faster than Perl.
+-
+-The first main tool to use ldns is Drill, from which part of the library was
+-derived. From version 1.0.0 on, drill is included in the ldns release
+-and will not be distributed separately anymore. The library also includes some
+-other examples and tools to show how it can be used. These can be found in the
+-examples/ directory in the tarball.
+-
+-ldns depends on OpenSSL for it's cryptographic functions.
+-Feature list
+-
+- - Transparent IPv4 and IPv6 support (overridable if necessary),
+- - TSIG support,
+- - DNSSEC support; signing and verification,
+- - small size,
+- - online documentation as well as manual pages.
+-
+-If you want to send us patches please use the code from git.
+-
+-\section using_ldns Using ldns
+-
+-Almost all interaction between an application and ldns goes through the ldns
+-data structures (\ref ldns_rr, \ref ldns_pkt, etc.). These are input or
+-output to the functions of ldns. For example, \ref ldns_zone_new_frm_fp
+-reads a zone from a \c FILE pointer, and returns an \ref ldns_zone
+-structure.
+-
+-
+-Let's use Drill as an example. Drill is a tool much like dig, whose most
+-basic function is to send 1 query to a nameserver and print the response.
+-
+-To be able to do this, drill uses the resolver module of ldns, which acts as
+-a stub resolver. The resolver module uses the net module to actually send
+-the query that drill requested. It then uses the wire2host module to
+-translate the response and place it in ldns' internal structures. These are
+-passed back to drill, which then uses the host2str module to print the
+-response in presentation format.
+-
+-\section gettingstarted Getting Started
+-
+-See the \ref design page for a very high level description of the design
+-choices made for ldns.
+-
+-For an overview of the functions and types ldns provides, you can check out
+-the \ref ldns ldns header file descriptions.
+-
+-If you want to see some libdns action, you can read our tutorials:
+- - \ref tutorial1_mx
+- - \ref tutorial2_zone
+- - \ref tutorial3_signzone
+-
+-Or you can just use the menu above to browse through the API docs.
+-
+-<div style="visibility:hidden;">
+-\image html LogoInGradientBar2-y100.png
+-</div>
+-*/
+-
+-/**
+- * \file ldns.h
+- *
+- * Including this file will include all ldns files, and define some lookup tables.
+- */
+-
+-#ifndef LDNS_DNS_H
+-#define LDNS_DNS_H
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-
+-#include <ldns/util.h>
+-#include <ldns/buffer.h>
+-#include <ldns/common.h>
+-#include <ldns/dane.h>
+-#include <ldns/dname.h>
+-#include <ldns/dnssec.h>
+-#include <ldns/dnssec_verify.h>
+-#include <ldns/dnssec_sign.h>
+-#include <ldns/duration.h>
+-#include <ldns/error.h>
+-#include <ldns/higher.h>
+-#include <ldns/host2str.h>
+-#include <ldns/host2wire.h>
+-#include <ldns/net.h>
+-#include <ldns/packet.h>
+-#include <ldns/rdata.h>
+-#include <ldns/resolver.h>
+-#include <ldns/rr.h>
+-#include <ldns/str2host.h>
+-#include <ldns/tsig.h>
+-#include <ldns/update.h>
+-#include <ldns/wire2host.h>
+-#include <ldns/rr_functions.h>
+-#include <ldns/keys.h>
+-#include <ldns/parse.h>
+-#include <ldns/zone.h>
+-#include <ldns/dnssec_zone.h>
+-#include <ldns/radix.h>
+-#include <ldns/rbtree.h>
+-#include <ldns/sha1.h>
+-#include <ldns/sha2.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-#define LDNS_IP4ADDRLEN (32/8)
+-#define LDNS_IP6ADDRLEN (128/8)
+-#define LDNS_PORT 53
+-#define LDNS_ROOT_LABEL_STR "."
+-#define LDNS_DEFAULT_TTL 3600
+-
+-/* lookup tables for standard DNS stuff */
+-
+-/** Taken from RFC 2538, section 2.1. */
+-extern ldns_lookup_table ldns_certificate_types[];
+-/** Taken from RFC 2535, section 7. */
+-extern ldns_lookup_table ldns_algorithms[];
+-/** Taken from RFC 2538. */
+-extern ldns_lookup_table ldns_cert_algorithms[];
+-/** rr types */
+-extern ldns_lookup_table ldns_rr_classes[];
+-/** Response codes */
+-extern ldns_lookup_table ldns_rcodes[];
+-/** Operation codes */
+-extern ldns_lookup_table ldns_opcodes[];
+-/** EDNS flags */
+-extern ldns_lookup_table ldns_edns_flags[];
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_DNS_H */
+diff --git a/include/ldns/net.h b/include/ldns/net.h
+deleted file mode 100644
+index 692a9fb..0000000
+--- a/include/ldns/net.h
++++ /dev/null
+@@ -1,207 +0,0 @@
+-/*
+- * net.h
+- *
+- * DNS Resolver definitions
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#ifndef LDNS_NET_H
+-#define LDNS_NET_H
+-
+-#include <ldns/ldns.h>
+-#include <sys/socket.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-#define LDNS_DEFAULT_TIMEOUT_SEC 5
+-#define LDNS_DEFAULT_TIMEOUT_USEC 0
+-
+-/**
+- * \file
+- *
+- * Contains functions to send and receive packets over a network.
+- */
+-
+-/**
+- * Sends a buffer to an ip using udp and return the respons as a ldns_pkt
+- * \param[in] qbin the ldns_buffer to be send
+- * \param[in] to the ip addr to send to
+- * \param[in] tolen length of the ip addr
+- * \param[in] timeout the timeout value for the network
+- * \param[out] answersize size of the packet
+- * \param[out] result packet with the answer
+- * \return status
+- */
+-ldns_status ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize);
+-
+-/**
+- * Send an udp query and don't wait for an answer but return
+- * the socket
+- * \param[in] qbin the ldns_buffer to be send
+- * \param[in] to the ip addr to send to
+- * \param[in] tolen length of the ip addr
+- * \param[in] timeout *unused*, was the timeout value for the network
+- * \return the socket used
+- */
+-int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
+-
+-/**
+- * Send an tcp query and don't wait for an answer but return
+- * the socket
+- * \param[in] qbin the ldns_buffer to be send
+- * \param[in] to the ip addr to send to
+- * \param[in] tolen length of the ip addr
+- * \param[in] timeout the timeout value for the connect attempt
+- * \return the socket used
+- */
+-int ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
+-
+-/**
+- * Sends a buffer to an ip using tcp and return the respons as a ldns_pkt
+- * \param[in] qbin the ldns_buffer to be send
+- * \param[in] qbin the ldns_buffer to be send
+- * \param[in] to the ip addr to send to
+- * \param[in] tolen length of the ip addr
+- * \param[in] timeout the timeout value for the network
+- * \param[out] answersize size of the packet
+- * \param[out] result packet with the answer
+- * \return status
+- */
+-ldns_status ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize);
+-
+-/**
+- * Sends ptk to the nameserver at the resolver object. Returns the data
+- * as a ldns_pkt
+- *
+- * \param[out] pkt packet received from the nameserver
+- * \param[in] r the resolver to use
+- * \param[in] query_pkt the query to send
+- * \return status
+- */
+-ldns_status ldns_send(ldns_pkt **pkt, ldns_resolver *r, const ldns_pkt *query_pkt);
+-
+-/**
+- * Sends and ldns_buffer (presumably containing a packet to the nameserver at the resolver object. Returns the data
+- * as a ldns_pkt
+- *
+- * \param[out] pkt packet received from the nameserver
+- * \param[in] r the resolver to use
+- * \param[in] qb the buffer to send
+- * \param[in] tsig_mac the tsig MAC to authenticate the response with (NULL to do no TSIG authentication)
+- * \return status
+- */
+-ldns_status ldns_send_buffer(ldns_pkt **pkt, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac);
+-
+-/**
+- * Create a tcp socket to the specified address
+- * \param[in] to ip and family
+- * \param[in] tolen length of to
+- * \param[in] timeout timeout for the connect attempt
+- * \return a socket descriptor
+- */
+-int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
+-
+-/**
+- * Create a udp socket to the specified address
+- * \param[in] to ip and family
+- * \param[in] timeout *unused*, was timeout for the socket
+- * \return a socket descriptor
+- */
+-int ldns_udp_connect(const struct sockaddr_storage *to, struct timeval timeout);
+-
+-/**
+- * send a query via tcp to a server. Don't want for the answer
+- *
+- * \param[in] qbin the buffer to send
+- * \param[in] sockfd the socket to use
+- * \param[in] to which ip to send it
+- * \param[in] tolen socketlen
+- * \return number of bytes sent
+- */
+-ssize_t ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen);
+-
+-/**
+- * send a query via udp to a server. Don;t want for the answer
+- *
+- * \param[in] qbin the buffer to send
+- * \param[in] sockfd the socket to use
+- * \param[in] to which ip to send it
+- * \param[in] tolen socketlen
+- * \return number of bytes sent
+- */
+-ssize_t ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen);
+-
+-/**
+- * Gives back a raw packet from the wire and reads the header data from the given
+- * socket. Allocates the data (of size size) itself, so don't forget to free
+- *
+- * \param[in] sockfd the socket to read from
+- * \param[out] size the number of bytes that are read
+- * \param[in] timeout the time allowed between packets.
+- * \return the data read
+- */
+-uint8_t *ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout);
+-
+-/**
+- * This routine may block. Use ldns_tcp_read_wire_timeout, it checks timeouts.
+- * Gives back a raw packet from the wire and reads the header data from the given
+- * socket. Allocates the data (of size size) itself, so don't forget to free
+- *
+- * \param[in] sockfd the socket to read from
+- * \param[out] size the number of bytes that are read
+- * \return the data read
+- */
+-uint8_t *ldns_tcp_read_wire(int sockfd, size_t *size);
+-
+-/**
+- * Gives back a raw packet from the wire and reads the header data from the given
+- * socket. Allocates the data (of size size) itself, so don't forget to free
+- *
+- * \param[in] sockfd the socket to read from
+- * \param[in] fr the address of the client (if applicable)
+- * \param[in] *frlen the lenght of the client's addr (if applicable)
+- * \param[out] size the number of bytes that are read
+- * \return the data read
+- */
+-uint8_t *ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *fr, socklen_t *frlen);
+-
+-/**
+- * returns the native sockaddr representation from the rdf.
+- * \param[in] rd the ldns_rdf to operate on
+- * \param[in] port what port to use. 0 means; use default (53)
+- * \param[out] size what is the size of the sockaddr_storage
+- * \return struct sockaddr* the address in the format so other
+- * functions can use it (sendto)
+- */
+-struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, uint16_t port, size_t *size);
+-
+-/**
+- * returns an rdf with the sockaddr info. works for ip4 and ip6
+- * \param[in] sock the struct sockaddr_storage to convert
+- * \param[in] port what port was used. When NULL this is not set
+- * \return ldns_rdf* wth the address
+- */
+-ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port);
+-
+-/**
+- * Prepares the resolver for an axfr query
+- * The query is sent and the answers can be read with ldns_axfr_next
+- * \param[in] resolver the resolver to use
+- * \param[in] domain the domain to exfr
+- * \param[in] c the class to use
+- * \return ldns_status the status of the transfer
+- */
+-ldns_status ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class c);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_NET_H */
+diff --git a/include/ldns/packet.h b/include/ldns/packet.h
+deleted file mode 100644
+index e66aa34..0000000
+--- a/include/ldns/packet.h
++++ /dev/null
+@@ -1,891 +0,0 @@
+-/*
+- * packet.h
+- *
+- * DNS packet definitions
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-/**
+- * \file
+- *
+- * Contains the definition of ldns_pkt and its parts, as well
+- * as functions to manipulate those.
+- */
+-
+-
+-#ifndef LDNS_PACKET_H
+-#define LDNS_PACKET_H
+-
+-#define LDNS_MAX_PACKETLEN 65535
+-
+-/* allow flags to be given to mk_query */
+-#define LDNS_QR 1 /* QueRy - query flag */
+-#define LDNS_AA 2 /* Authoritative Answer - server flag */
+-#define LDNS_TC 4 /* TrunCated - server flag */
+-#define LDNS_RD 8 /* Recursion Desired - query flag */
+-#define LDNS_CD 16 /* Checking Disabled - query flag */
+-#define LDNS_RA 32 /* Recursion Available - server flag */
+-#define LDNS_AD 64 /* Authenticated Data - server flag */
+-
+-#include <ldns/error.h>
+-#include <ldns/common.h>
+-#include <ldns/rr.h>
+-#include <sys/time.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/* opcodes for pkt's */
+-enum ldns_enum_pkt_opcode {
+- LDNS_PACKET_QUERY = 0,
+- LDNS_PACKET_IQUERY = 1,
+- LDNS_PACKET_STATUS = 2, /* there is no 3?? DNS is weird */
+- LDNS_PACKET_NOTIFY = 4,
+- LDNS_PACKET_UPDATE = 5
+-};
+-typedef enum ldns_enum_pkt_opcode ldns_pkt_opcode;
+-
+-/* rcodes for pkts */
+-enum ldns_enum_pkt_rcode {
+- LDNS_RCODE_NOERROR = 0,
+- LDNS_RCODE_FORMERR = 1,
+- LDNS_RCODE_SERVFAIL = 2,
+- LDNS_RCODE_NXDOMAIN = 3,
+- LDNS_RCODE_NOTIMPL = 4,
+- LDNS_RCODE_REFUSED = 5,
+- LDNS_RCODE_YXDOMAIN = 6,
+- LDNS_RCODE_YXRRSET = 7,
+- LDNS_RCODE_NXRRSET = 8,
+- LDNS_RCODE_NOTAUTH = 9,
+- LDNS_RCODE_NOTZONE = 10
+-};
+-typedef enum ldns_enum_pkt_rcode ldns_pkt_rcode;
+-
+-/**
+- * Header of a dns packet
+- *
+- * Contains the information about the packet itself, as specified in RFC1035
+-<pre>
+-4.1.1. Header section format
+-
+-The header contains the following fields:
+-
+- 1 1 1 1 1 1
+- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- | ID |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- | QDCOUNT |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- | ANCOUNT |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- | NSCOUNT |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- | ARCOUNT |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+-
+-where:
+-
+-ID A 16 bit identifier assigned by the program that
+- generates any kind of query. This identifier is copied
+- the corresponding reply and can be used by the requester
+- to match up replies to outstanding queries.
+-
+-QR A one bit field that specifies whether this message is a
+- query (0), or a response (1).
+-
+-OPCODE A four bit field that specifies kind of query in this
+- message. This value is set by the originator of a query
+- and copied into the response. The values are:
+-
+- 0 a standard query (QUERY)
+-
+- 1 an inverse query (IQUERY)
+-
+- 2 a server status request (STATUS)
+-
+- 3-15 reserved for future use
+-
+-AA Authoritative Answer - this bit is valid in responses,
+- and specifies that the responding name server is an
+- authority for the domain name in question section.
+-
+- Note that the contents of the answer section may have
+- multiple owner names because of aliases. The AA bit
+-
+- corresponds to the name which matches the query name, or
+- the first owner name in the answer section.
+-
+-TC TrunCation - specifies that this message was truncated
+- due to length greater than that permitted on the
+- transmission channel.
+-
+-RD Recursion Desired - this bit may be set in a query and
+- is copied into the response. If RD is set, it directs
+- the name server to pursue the query recursively.
+- Recursive query support is optional.
+-
+-RA Recursion Available - this be is set or cleared in a
+- response, and denotes whether recursive query support is
+- available in the name server.
+-
+-Z Reserved for future use. Must be zero in all queries
+- and responses.
+-
+-RCODE Response code - this 4 bit field is set as part of
+- responses. The values have the following
+- interpretation:
+-
+- 0 No error condition
+-
+- 1 Format error - The name server was
+- unable to interpret the query.
+-
+- 2 Server failure - The name server was
+- unable to process this query due to a
+- problem with the name server.
+-
+- 3 Name Error - Meaningful only for
+- responses from an authoritative name
+- server, this code signifies that the
+- domain name referenced in the query does
+- not exist.
+-
+- 4 Not Implemented - The name server does
+- not support the requested kind of query.
+-
+- 5 Refused - The name server refuses to
+- perform the specified operation for
+- policy reasons. For example, a name
+- server may not wish to provide the
+- information to the particular requester,
+- or a name server may not wish to perform
+- a particular operation (e.g., zone
+-
+- transfer) for particular data.
+-
+- 6-15 Reserved for future use.
+-
+-QDCOUNT an unsigned 16 bit integer specifying the number of
+- entries in the question section.
+-
+-ANCOUNT an unsigned 16 bit integer specifying the number of
+- resource records in the answer section.
+-
+-NSCOUNT an unsigned 16 bit integer specifying the number of name
+- server resource records in the authority records
+- section.
+-
+-ARCOUNT an unsigned 16 bit integer specifying the number of
+- resource records in the additional records section.
+-
+-</pre>
+- */
+-struct ldns_struct_hdr
+-{
+- /** Id of a packet */
+- uint16_t _id;
+- /** Query bit (0=query, 1=answer) */
+- bool _qr;
+- /** Authoritative answer */
+- bool _aa;
+- /** Packet truncated */
+- bool _tc;
+- /** Recursion desired */
+- bool _rd;
+- /** Checking disabled */
+- bool _cd;
+- /** Recursion available */
+- bool _ra;
+- /** Authentic data */
+- bool _ad;
+- /** Query type */
+- ldns_pkt_opcode _opcode; /* XXX 8 bits? */
+- /** Response code */
+- uint8_t _rcode;
+- /** question sec */
+- uint16_t _qdcount;
+- /** answer sec */
+- uint16_t _ancount;
+- /** auth sec */
+- uint16_t _nscount;
+- /** add sec */
+- uint16_t _arcount;
+-};
+-typedef struct ldns_struct_hdr ldns_hdr;
+-
+-/**
+- * DNS packet
+- *
+- * This structure contains a complete DNS packet (either a query or an answer)
+- *
+- * It is the complete representation of what you actually send to a
+- * nameserver, and what it sends back (assuming you are the client here).
+- */
+-struct ldns_struct_pkt
+-{
+- /** Header section */
+- ldns_hdr *_header;
+- /* extra items needed in a packet */
+- /** The size of the wire format of the packet in octets */
+- ldns_rdf *_answerfrom;
+- /** Timestamp of the time the packet was sent or created */
+- struct timeval timestamp;
+- /** The duration of the query this packet is an answer to */
+- uint32_t _querytime;
+- /** The size of the wire format of the packet in octets */
+- size_t _size;
+- /** Optional tsig rr */
+- ldns_rr *_tsig_rr;
+- /** EDNS0 available buffer size, see RFC2671 */
+- uint16_t _edns_udp_size;
+- /** EDNS0 Extended rcode */
+- uint8_t _edns_extended_rcode;
+- /** EDNS Version */
+- uint8_t _edns_version;
+- /* OPT pseudo-RR presence flag */
+- uint8_t _edns_present;
+- /** Reserved EDNS data bits */
+- uint16_t _edns_z;
+- /** Arbitrary EDNS rdata */
+- ldns_rdf *_edns_data;
+- /** Question section */
+- ldns_rr_list *_question;
+- /** Answer section */
+- ldns_rr_list *_answer;
+- /** Authority section */
+- ldns_rr_list *_authority;
+- /** Additional section */
+- ldns_rr_list *_additional;
+-};
+-typedef struct ldns_struct_pkt ldns_pkt;
+-
+-/**
+- * The sections of a packet
+- */
+-enum ldns_enum_pkt_section {
+- LDNS_SECTION_QUESTION = 0,
+- LDNS_SECTION_ANSWER = 1,
+- LDNS_SECTION_AUTHORITY = 2,
+- LDNS_SECTION_ADDITIONAL = 3,
+- /** bogus section, if not interested */
+- LDNS_SECTION_ANY = 4,
+- /** used to get all non-question rrs from a packet */
+- LDNS_SECTION_ANY_NOQUESTION = 5
+-};
+-typedef enum ldns_enum_pkt_section ldns_pkt_section;
+-
+-/**
+- * The different types of packets
+- */
+-enum ldns_enum_pkt_type {
+- LDNS_PACKET_QUESTION,
+- LDNS_PACKET_REFERRAL,
+- LDNS_PACKET_ANSWER,
+- LDNS_PACKET_NXDOMAIN,
+- LDNS_PACKET_NODATA,
+- LDNS_PACKET_UNKNOWN
+-};
+-typedef enum ldns_enum_pkt_type ldns_pkt_type;
+-
+-/* prototypes */
+-
+-/* read */
+-
+-/**
+- * Read the packet id
+- * \param[in] p the packet
+- * \return the packet id
+- */
+-uint16_t ldns_pkt_id(const ldns_pkt *p);
+-/**
+- * Read the packet's qr bit
+- * \param[in] p the packet
+- * \return value of the bit
+- */
+-bool ldns_pkt_qr(const ldns_pkt *p);
+-/**
+- * Read the packet's aa bit
+- * \param[in] p the packet
+- * \return value of the bit
+- */
+-bool ldns_pkt_aa(const ldns_pkt *p);
+-/**
+- * Read the packet's tc bit
+- * \param[in] p the packet
+- * \return value of the bit
+- */
+-bool ldns_pkt_tc(const ldns_pkt *p);
+-/**
+- * Read the packet's rd bit
+- * \param[in] p the packet
+- * \return value of the bit
+- */
+-bool ldns_pkt_rd(const ldns_pkt *p);
+-/**
+- * Read the packet's cd bit
+- * \param[in] p the packet
+- * \return value of the bit
+- */
+-bool ldns_pkt_cd(const ldns_pkt *p);
+-/**
+- * Read the packet's ra bit
+- * \param[in] p the packet
+- * \return value of the bit
+- */
+-bool ldns_pkt_ra(const ldns_pkt *p);
+-/**
+- * Read the packet's ad bit
+- * \param[in] p the packet
+- * \return value of the bit
+- */
+-bool ldns_pkt_ad(const ldns_pkt *p);
+-/**
+- * Read the packet's code
+- * \param[in] p the packet
+- * \return the opcode
+- */
+-ldns_pkt_opcode ldns_pkt_get_opcode(const ldns_pkt *p);
+-/**
+- * Return the packet's respons code
+- * \param[in] p the packet
+- * \return the respons code
+- */
+-ldns_pkt_rcode ldns_pkt_get_rcode(const ldns_pkt *p);
+-/**
+- * Return the packet's qd count
+- * \param[in] p the packet
+- * \return the qd count
+- */
+-uint16_t ldns_pkt_qdcount(const ldns_pkt *p);
+-/**
+- * Return the packet's an count
+- * \param[in] p the packet
+- * \return the an count
+- */
+-uint16_t ldns_pkt_ancount(const ldns_pkt *p);
+-/**
+- * Return the packet's ns count
+- * \param[in] p the packet
+- * \return the ns count
+- */
+-uint16_t ldns_pkt_nscount(const ldns_pkt *p);
+-/**
+- * Return the packet's ar count
+- * \param[in] p the packet
+- * \return the ar count
+- */
+-uint16_t ldns_pkt_arcount(const ldns_pkt *p);
+-
+-/**
+- * Return the packet's answerfrom
+- * \param[in] p packet
+- * \return the name of the server
+- */
+-ldns_rdf *ldns_pkt_answerfrom(const ldns_pkt *p);
+-
+-/**
+- * Return the packet's timestamp
+- * \param[in] p the packet
+- * \return the timestamp
+- */
+-struct timeval ldns_pkt_timestamp(const ldns_pkt *p);
+-/**
+- * Return the packet's querytime
+- * \param[in] p the packet
+- * \return the querytime
+- */
+-uint32_t ldns_pkt_querytime(const ldns_pkt *p);
+-
+-/**
+- * Return the packet's size in bytes
+- * \param[in] p the packet
+- * \return the size
+- */
+-size_t ldns_pkt_size(const ldns_pkt *p);
+-
+-/**
+- * Return the number of RRs in the given section.
+- * Returns the sum of all RRs when LDNS_SECTION_ANY is given.
+- * Returns the sum of all non-question RRs when LDNS_SECTION_ANY_NOQUESTION
+- * is given.
+- * \param[in] p the packet
+- * \param[in] s the section
+- * \return the number of RRs in the given section
+- */
+-uint16_t ldns_pkt_section_count(const ldns_pkt *p, ldns_pkt_section s);
+-
+-/**
+- * Return the packet's tsig pseudo rr's
+- * \param[in] p the packet
+- * \return the tsig rr
+- */
+-ldns_rr *ldns_pkt_tsig(const ldns_pkt *p);
+-
+-/**
+- * Return the packet's question section
+- * \param[in] p the packet
+- * \return the section
+- */
+-ldns_rr_list *ldns_pkt_question(const ldns_pkt *p);
+-/**
+- * Return the packet's answer section
+- * \param[in] p the packet
+- * \return the section
+- */
+-ldns_rr_list *ldns_pkt_answer(const ldns_pkt *p);
+-/**
+- * Return the packet's authority section
+- * \param[in] p the packet
+- * \return the section
+- */
+-ldns_rr_list *ldns_pkt_authority(const ldns_pkt *p);
+-/**
+- * Return the packet's additional section
+- * \param[in] p the packet
+- * \return the section
+- */
+-ldns_rr_list *ldns_pkt_additional(const ldns_pkt *p);
+-/**
+- * Return the packet's question, answer, authority and additional sections
+- * concatenated, in a new rr_list clone.
+- * \param[in] p the packet
+- * \return the rrs
+- */
+-ldns_rr_list *ldns_pkt_all(const ldns_pkt *p);
+-/**
+- * Return the packet's answer, authority and additional sections concatenated,
+- * in a new rr_list clone. Like ldns_pkt_all but without the questions.
+- * \param[in] p the packet
+- * \return the rrs except the question rrs
+- */
+-ldns_rr_list *ldns_pkt_all_noquestion(const ldns_pkt *p);
+-
+-/**
+- * return all the rr_list's in the packet. Clone the lists, instead
+- * of returning pointers.
+- * \param[in] p the packet to look in
+- * \param[in] s what section(s) to return
+- * \return ldns_rr_list with the rr's or NULL if none were found
+- */
+-ldns_rr_list *ldns_pkt_get_section_clone(const ldns_pkt *p, ldns_pkt_section s);
+-
+-/**
+- * return all the rr with a specific name from a packet. Optionally
+- * specify from which section in the packet
+- * \param[in] p the packet
+- * \param[in] r the name
+- * \param[in] s the packet's section
+- * \return a list with the rr's or NULL if none were found
+- */
+-ldns_rr_list *ldns_pkt_rr_list_by_name(ldns_pkt *p, ldns_rdf *r, ldns_pkt_section s);
+-/**
+- * return all the rr with a specific type from a packet. Optionally
+- * specify from which section in the packet
+- * \param[in] p the packet
+- * \param[in] t the type
+- * \param[in] s the packet's section
+- * \return a list with the rr's or NULL if none were found
+- */
+-ldns_rr_list *ldns_pkt_rr_list_by_type(const ldns_pkt *p, ldns_rr_type t, ldns_pkt_section s);
+-/**
+- * return all the rr with a specific type and type from a packet. Optionally
+- * specify from which section in the packet
+- * \param[in] packet the packet
+- * \param[in] ownername the name
+- * \param[in] type the type
+- * \param[in] sec the packet's section
+- * \return a list with the rr's or NULL if none were found
+- */
+-ldns_rr_list *ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, const ldns_rdf *ownername, ldns_rr_type type, ldns_pkt_section sec);
+-
+-
+-/**
+- * check to see if an rr exist in the packet
+- * \param[in] pkt the packet to examine
+- * \param[in] sec in which section to look
+- * \param[in] rr the rr to look for
+- */
+-bool ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr);
+-
+-
+-/**
+- * sets the flags in a packet.
+- * \param[in] pkt the packet to operate on
+- * \param[in] flags ORed values: LDNS_QR| LDNS_AR for instance
+- * \return true on success otherwise false
+- */
+-bool ldns_pkt_set_flags(ldns_pkt *pkt, uint16_t flags);
+-
+-/**
+- * Set the packet's id
+- * \param[in] p the packet
+- * \param[in] id the id to set
+- */
+-void ldns_pkt_set_id(ldns_pkt *p, uint16_t id);
+-/**
+- * Set the packet's id to a random value
+- * \param[in] p the packet
+- */
+-void ldns_pkt_set_random_id(ldns_pkt *p);
+-/**
+- * Set the packet's qr bit
+- * \param[in] p the packet
+- * \param[in] b the value to set (boolean)
+- */
+-void ldns_pkt_set_qr(ldns_pkt *p, bool b);
+-/**
+- * Set the packet's aa bit
+- * \param[in] p the packet
+- * \param[in] b the value to set (boolean)
+- */
+-void ldns_pkt_set_aa(ldns_pkt *p, bool b);
+-/**
+- * Set the packet's tc bit
+- * \param[in] p the packet
+- * \param[in] b the value to set (boolean)
+- */
+-void ldns_pkt_set_tc(ldns_pkt *p, bool b);
+-/**
+- * Set the packet's rd bit
+- * \param[in] p the packet
+- * \param[in] b the value to set (boolean)
+- */
+-void ldns_pkt_set_rd(ldns_pkt *p, bool b);
+-/**
+- * Set the packet's cd bit
+- * \param[in] p the packet
+- * \param[in] b the value to set (boolean)
+- */
+-void ldns_pkt_set_cd(ldns_pkt *p, bool b);
+-/**
+- * Set the packet's ra bit
+- * \param[in] p the packet
+- * \param[in] b the value to set (boolean)
+- */
+-void ldns_pkt_set_ra(ldns_pkt *p, bool b);
+-/**
+- * Set the packet's ad bit
+- * \param[in] p the packet
+- * \param[in] b the value to set (boolean)
+- */
+-void ldns_pkt_set_ad(ldns_pkt *p, bool b);
+-
+-/**
+- * Set the packet's opcode
+- * \param[in] p the packet
+- * \param[in] c the opcode
+- */
+-void ldns_pkt_set_opcode(ldns_pkt *p, ldns_pkt_opcode c);
+-/**
+- * Set the packet's respons code
+- * \param[in] p the packet
+- * \param[in] c the rcode
+- */
+-void ldns_pkt_set_rcode(ldns_pkt *p, uint8_t c);
+-/**
+- * Set the packet's qd count
+- * \param[in] p the packet
+- * \param[in] c the count
+- */
+-void ldns_pkt_set_qdcount(ldns_pkt *p, uint16_t c);
+-/**
+- * Set the packet's an count
+- * \param[in] p the packet
+- * \param[in] c the count
+- */
+-void ldns_pkt_set_ancount(ldns_pkt *p, uint16_t c);
+-/**
+- * Set the packet's ns count
+- * \param[in] p the packet
+- * \param[in] c the count
+- */
+-void ldns_pkt_set_nscount(ldns_pkt *p, uint16_t c);
+-/**
+- * Set the packet's arcount
+- * \param[in] p the packet
+- * \param[in] c the count
+- */
+-void ldns_pkt_set_arcount(ldns_pkt *p, uint16_t c);
+-/**
+- * Set the packet's answering server
+- * \param[in] p the packet
+- * \param[in] r the address
+- */
+-void ldns_pkt_set_answerfrom(ldns_pkt *p, ldns_rdf *r);
+-/**
+- * Set the packet's query time
+- * \param[in] p the packet
+- * \param[in] t the querytime in msec
+- */
+-void ldns_pkt_set_querytime(ldns_pkt *p, uint32_t t);
+-/**
+- * Set the packet's size
+- * \param[in] p the packet
+- * \param[in] s the size
+- */
+-void ldns_pkt_set_size(ldns_pkt *p, size_t s);
+-
+-/**
+- * Set the packet's timestamp
+- * \param[in] p the packet
+- * \param[in] timeval the timestamp
+- */
+-void ldns_pkt_set_timestamp(ldns_pkt *p, struct timeval timeval);
+-/**
+- * Set a packet's section count to x
+- * \param[in] p the packet
+- * \param[in] s the section
+- * \param[in] x the section count
+- */
+-void ldns_pkt_set_section_count(ldns_pkt *p, ldns_pkt_section s, uint16_t x);
+-/**
+- * Set the packet's tsig rr
+- * \param[in] p the packet
+- * \param[in] t the tsig rr
+- */
+-void ldns_pkt_set_tsig(ldns_pkt *p, ldns_rr *t);
+-
+-/**
+- * looks inside the packet to determine
+- * what kind of packet it is, AUTH, NXDOMAIN, REFERRAL, etc.
+- * \param[in] p the packet to examine
+- * \return the type of packet
+- */
+-ldns_pkt_type ldns_pkt_reply_type(ldns_pkt *p);
+-
+-/**
+- * return the packet's edns udp size
+- * \param[in] packet the packet
+- * \return the size
+- */
+-uint16_t ldns_pkt_edns_udp_size(const ldns_pkt *packet);
+-/**
+- * return the packet's edns extended rcode
+- * \param[in] packet the packet
+- * \return the rcode
+- */
+-uint8_t ldns_pkt_edns_extended_rcode(const ldns_pkt *packet);
+-/**
+- * return the packet's edns version
+- * \param[in] packet the packet
+- * \return the version
+- */
+-uint8_t ldns_pkt_edns_version(const ldns_pkt *packet);
+-/**
+- * return the packet's edns z value
+- * \param[in] packet the packet
+- * \return the z value
+- */
+-uint16_t ldns_pkt_edns_z(const ldns_pkt *packet);
+-/**
+- * return the packet's edns data
+- * \param[in] packet the packet
+- * \return the data
+- */
+-ldns_rdf *ldns_pkt_edns_data(const ldns_pkt *packet);
+-
+-/**
+- * return the packet's edns do bit
+- * \param[in] packet the packet
+- * \return the bit's value
+- */
+-bool ldns_pkt_edns_do(const ldns_pkt *packet);
+-/**
+- * Set the packet's edns do bit
+- * \param[in] packet the packet
+- * \param[in] value the bit's new value
+- */
+-void ldns_pkt_set_edns_do(ldns_pkt *packet, bool value);
+-
+-/**
+- * returns true if this packet needs and EDNS rr to be sent.
+- * At the moment the only reason is an expected packet
+- * size larger than 512 bytes, but for instance dnssec would
+- * be a good reason too.
+- *
+- * \param[in] packet the packet to check
+- * \return true if packet needs edns rr
+- */
+-bool ldns_pkt_edns(const ldns_pkt *packet);
+-
+-/**
+- * Set the packet's edns udp size
+- * \param[in] packet the packet
+- * \param[in] s the size
+- */
+-void ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s);
+-/**
+- * Set the packet's edns extended rcode
+- * \param[in] packet the packet
+- * \param[in] c the code
+- */
+-void ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c);
+-/**
+- * Set the packet's edns version
+- * \param[in] packet the packet
+- * \param[in] v the version
+- */
+-void ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v);
+-/**
+- * Set the packet's edns z value
+- * \param[in] packet the packet
+- * \param[in] z the value
+- */
+-void ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z);
+-/**
+- * Set the packet's edns data
+- * \param[in] packet the packet
+- * \param[in] data the data
+- */
+-void ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data);
+-
+-/**
+- * allocates and initializes a ldns_pkt structure.
+- * \return pointer to the new packet
+- */
+-ldns_pkt *ldns_pkt_new(void);
+-
+-/**
+- * frees the packet structure and all data that it contains.
+- * \param[in] packet The packet structure to free
+- * \return void
+- */
+-void ldns_pkt_free(ldns_pkt *packet);
+-
+-/**
+- * creates a query packet for the given name, type, class.
+- * \param[out] p the packet to be returned
+- * \param[in] rr_name the name to query for (as string)
+- * \param[in] rr_type the type to query for
+- * \param[in] rr_class the class to query for
+- * \param[in] flags packet flags
+- * \return LDNS_STATUS_OK or a ldns_status mesg with the error
+- */
+-ldns_status ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class , uint16_t flags);
+-
+-/**
+- * creates an IXFR request packet for the given name, class.
+- * adds the SOA record to the authority section.
+- * \param[out] p the packet to be returned
+- * \param[in] rr_name the name to query for (as string)
+- * \param[in] rr_class the class to query for
+- * \param[in] flags packet flags
+- * \param[in] soa soa record to be added to the authority section
+- * \return LDNS_STATUS_OK or a ldns_status mesg with the error
+- */
+-ldns_status ldns_pkt_ixfr_request_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_class rr_class, uint16_t flags, ldns_rr* soa);
+-
+-/**
+- * creates a packet with a query in it for the given name, type and class.
+- * \param[in] rr_name the name to query for
+- * \param[in] rr_type the type to query for
+- * \param[in] rr_class the class to query for
+- * \param[in] flags packet flags
+- * \return ldns_pkt* a pointer to the new pkt
+- */
+-ldns_pkt *ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags);
+-
+-/**
+- * creates an IXFR request packet for the given name, type and class.
+- * adds the SOA record to the authority section.
+- * \param[in] rr_name the name to query for
+- * \param[in] rr_class the class to query for
+- * \param[in] flags packet flags
+- * \param[in] soa soa record to be added to the authority section
+- * \return ldns_pkt* a pointer to the new pkt
+- */
+-ldns_pkt *ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class, uint16_t flags, ldns_rr* soa);
+-
+-/**
+- * clones the given packet, creating a fully allocated copy
+- *
+- * \param[in] pkt the packet to clone
+- * \return ldns_pkt* pointer to the new packet
+- */
+-ldns_pkt *ldns_pkt_clone(const ldns_pkt *pkt);
+-
+-/**
+- * directly set the additional section
+- * \param[in] p packet to operate on
+- * \param[in] rr rrlist to set
+- */
+-void ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr);
+-
+-/**
+- * directly set the answer section
+- * \param[in] p packet to operate on
+- * \param[in] rr rrlist to set
+- */
+-void ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr);
+-
+-/**
+- * directly set the question section
+- * \param[in] p packet to operate on
+- * \param[in] rr rrlist to set
+- */
+-void ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr);
+-
+-/**
+- * directly set the auhority section
+- * \param[in] p packet to operate on
+- * \param[in] rr rrlist to set
+- */
+-void ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr);
+-
+-/**
+- * push an rr on a packet
+- * \param[in] packet packet to operate on
+- * \param[in] section where to put it
+- * \param[in] rr rr to push
+- * \return a boolean which is true when the rr was added
+- */
+-bool ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr);
+-
+-/**
+- * push an rr on a packet, provided the RR is not there.
+- * \param[in] pkt packet to operate on
+- * \param[in] sec where to put it
+- * \param[in] rr rr to push
+- * \return a boolean which is true when the rr was added
+- */
+-bool ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr);
+-
+-/**
+- * push a rr_list on a packet
+- * \param[in] packet packet to operate on
+- * \param[in] section where to put it
+- * \param[in] list the rr_list to push
+- * \return a boolean which is true when the rr was added
+- */
+-bool ldns_pkt_push_rr_list(ldns_pkt *packet, ldns_pkt_section section, ldns_rr_list *list);
+-
+-/**
+- * push an rr_list to a packet, provided the RRs are not already there.
+- * \param[in] pkt packet to operate on
+- * \param[in] sec where to put it
+- * \param[in] list the rr_list to push
+- * \return a boolean which is true when the rr was added
+- */
+-bool ldns_pkt_safe_push_rr_list(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr_list *list);
+-
+-/**
+- * check if a packet is empty
+- * \param[in] p packet
+- * \return true: empty, false: not empty
+- */
+-bool ldns_pkt_empty(ldns_pkt *p);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_PACKET_H */
+diff --git a/include/ldns/parse.h b/include/ldns/parse.h
+deleted file mode 100644
+index 0e9034c..0000000
+--- a/include/ldns/parse.h
++++ /dev/null
+@@ -1,167 +0,0 @@
+-/*
+- * parse.h
+- *
+- * a Net::DNS like library for C
+- * LibDNS Team @ NLnet Labs
+- * (c) NLnet Labs, 2005-2006
+- * See the file LICENSE for the license
+- */
+-
+-#ifndef LDNS_PARSE_H
+-#define LDNS_PARSE_H
+-
+-#include <ldns/common.h>
+-#include <ldns/buffer.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-#define LDNS_PARSE_SKIP_SPACE "\f\n\r\v"
+-#define LDNS_PARSE_NORMAL " \f\n\r\t\v"
+-#define LDNS_PARSE_NO_NL " \t"
+-#define LDNS_MAX_LINELEN 10230
+-#define LDNS_MAX_KEYWORDLEN 32
+-
+-
+-/**
+- * \file
+- *
+- * Contains some low-level parsing functions, mostly used in the _frm_str
+- * family of functions.
+- */
+-
+-/**
+- * different type of directives in zone files
+- * We now deal with $TTL, $ORIGIN and $INCLUDE.
+- * The latter is not implemented in ldns (yet)
+- */
+-enum ldns_enum_directive
+-{
+- LDNS_DIR_TTL,
+- LDNS_DIR_ORIGIN,
+- LDNS_DIR_INCLUDE
+-};
+-typedef enum ldns_enum_directive ldns_directive;
+-
+-/**
+- * returns a token/char from the stream F.
+- * This function deals with ( and ) in the stream,
+- * and ignores them when encountered
+- * \param[in] *f the file to read from
+- * \param[out] *token the read token is put here
+- * \param[in] *delim chars at which the parsing should stop
+- * \param[in] *limit how much to read. If 0 the builtin maximum is used
+- * \return 0 on error of EOF of the stream F. Otherwise return the length of what is read
+- */
+-ssize_t ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit);
+-
+-/**
+- * returns a token/char from the stream F.
+- * This function deals with ( and ) in the stream,
+- * and ignores when it finds them.
+- * \param[in] *f the file to read from
+- * \param[out] *token the token is put here
+- * \param[in] *delim chars at which the parsing should stop
+- * \param[in] *limit how much to read. If 0 use builtin maximum
+- * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+- * \return 0 on error of EOF of F otherwise return the length of what is read
+- */
+-ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr);
+-
+-/**
+- * returns a token/char from the buffer b.
+- * This function deals with ( and ) in the buffer,
+- * and ignores when it finds them.
+- * \param[in] *b the buffer to read from
+- * \param[out] *token the token is put here
+- * \param[in] *delim chars at which the parsing should stop
+- * \param[in] *limit how much to read. If 0 the builtin maximum is used
+- * \returns 0 on error of EOF of b. Otherwise return the length of what is read
+- */
+-ssize_t ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit);
+-
+-/*
+- * searches for keyword and delim in a file. Gives everything back
+- * after the keyword + k_del until we hit d_del
+- * \param[in] f file pointer to read from
+- * \param[in] keyword keyword to look for
+- * \param[in] k_del keyword delimeter
+- * \param[out] data the data found
+- * \param[in] d_del the data delimeter
+- * \param[in] data_limit maximum size the the data buffer
+- * \return the number of character read
+- */
+-ssize_t ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit);
+-
+-/*
+- * searches for keyword and delim. Gives everything back
+- * after the keyword + k_del until we hit d_del
+- * \param[in] f file pointer to read from
+- * \param[in] keyword keyword to look for
+- * \param[in] k_del keyword delimeter
+- * \param[out] data the data found
+- * \param[in] d_del the data delimeter
+- * \param[in] data_limit maximum size the the data buffer
+- * \param[in] line_nr pointer to an integer containing the current line number (for
+-debugging purposes)
+- * \return the number of character read
+- */
+-ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr);
+-
+-/*
+- * searches for keyword and delim in a buffer. Gives everything back
+- * after the keyword + k_del until we hit d_del
+- * \param[in] b buffer pointer to read from
+- * \param[in] keyword keyword to look for
+- * \param[in] k_del keyword delimeter
+- * \param[out] data the data found
+- * \param[in] d_del the data delimeter
+- * \param[in] data_limit maximum size the the data buffer
+- * \return the number of character read
+- */
+-ssize_t ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit);
+-
+-/**
+- * returns the next character from a buffer. Advances the position pointer with 1.
+- * When end of buffer is reached returns EOF. This is the buffer's equivalent
+- * for getc().
+- * \param[in] *buffer buffer to read from
+- * \return EOF on failure otherwise return the character
+- */
+-int ldns_bgetc(ldns_buffer *buffer);
+-
+-/**
+- * skips all of the characters in the given string in the buffer, moving
+- * the position to the first character that is not in *s.
+- * \param[in] *buffer buffer to use
+- * \param[in] *s characters to skip
+- * \return void
+- */
+-void ldns_bskipcs(ldns_buffer *buffer, const char *s);
+-
+-/**
+- * skips all of the characters in the given string in the fp, moving
+- * the position to the first character that is not in *s.
+- * \param[in] *fp file to use
+- * \param[in] *s characters to skip
+- * \return void
+- */
+-void ldns_fskipcs(FILE *fp, const char *s);
+-
+-
+-/**
+- * skips all of the characters in the given string in the fp, moving
+- * the position to the first character that is not in *s.
+- * \param[in] *fp file to use
+- * \param[in] *s characters to skip
+- * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+- * \return void
+- */
+-void ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_PARSE_H */
+diff --git a/include/ldns/radix.h b/include/ldns/radix.h
+deleted file mode 100644
+index 1885959..0000000
+--- a/include/ldns/radix.h
++++ /dev/null
+@@ -1,240 +0,0 @@
+-/*
+- * radix.h -- generic radix tree
+- *
+- * Copyright (c) 2012, NLnet Labs. All rights reserved.
+- *
+- * This software is open source.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- *
+- * Redistributions of source code must retain the above copyright notice,
+- * this list of conditions and the following disclaimer.
+- *
+- * Redistributions in binary form must reproduce the above copyright notice,
+- * this list of conditions and the following disclaimer in the documentation
+- * and/or other materials provided with the distribution.
+- *
+- * Neither the name of the NLNET LABS nor the names of its contributors may
+- * be used to endorse or promote products derived from this software without
+- * specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+- *
+- */
+-
+-/**
+- * \file
+- * Radix tree. Implementation taken from NSD 4, adjusted for use in ldns.
+- *
+- */
+-
+-#ifndef LDNS_RADIX_H_
+-#define LDNS_RADIX_H_
+-
+-#include <ldns/error.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-typedef uint16_t radix_strlen_t;
+-typedef struct ldns_radix_array_t ldns_radix_array_t;
+-typedef struct ldns_radix_node_t ldns_radix_node_t;
+-typedef struct ldns_radix_t ldns_radix_t;
+-
+-/** Radix node select edge array */
+-struct ldns_radix_array_t {
+- /** Additional string after the selection byte for this edge. */
+- uint8_t* str;
+- /** Length of additional string for this edge. */
+- radix_strlen_t len;
+- /** Node that deals with byte+str. */
+- ldns_radix_node_t* edge;
+-};
+-
+-/** A node in a radix tree */
+-struct ldns_radix_node_t {
+- /** Key corresponding to this node. */
+- uint8_t* key;
+- /** Key length corresponding to this node. */
+- radix_strlen_t klen;
+- /** Data corresponding to this node. */
+- void* data;
+- /** Parent node. */
+- ldns_radix_node_t* parent;
+- /** Index in the the parent node select edge array. */
+- uint8_t parent_index;
+- /** Length of the array. */
+- uint16_t len;
+- /** Offset of the array. */
+- uint16_t offset;
+- /** Capacity of the array. */
+- uint16_t capacity;
+- /** Select edge array. */
+- ldns_radix_array_t* array;
+-};
+-
+-/** An entire radix tree */
+-struct ldns_radix_t {
+- /** Root. */
+- ldns_radix_node_t* root;
+- /** Number of nodes in tree. */
+- size_t count;
+-};
+-
+-/**
+- * Create a new radix tree.
+- * @return: new radix tree.
+- *
+- */
+-ldns_radix_t* ldns_radix_create(void);
+-
+-/**
+- * Initialize radix tree.
+- * @param tree: uninitialized radix tree.
+- *
+- */
+-void ldns_radix_init(ldns_radix_t* tree);
+-
+-/**
+- * Free the radix tree.
+- * @param tree: radix tree.
+- *
+- */
+-void ldns_radix_free(ldns_radix_t* tree);
+-
+-/**
+- * Insert data into the tree.
+- * @param tree: tree to insert to.
+- * @param key: key.
+- * @param len: length of key.
+- * @param data: data.
+- * @return: status.
+- *
+- */
+-ldns_status ldns_radix_insert(ldns_radix_t* tree, uint8_t* key,
+- radix_strlen_t len, void* data);
+-
+-/**
+- * Delete data from the tree.
+- * @param tree: tree to insert to.
+- * @param key: key.
+- * @param len: length of key.
+- * @return: unlinked data or NULL if not present.
+- *
+- */
+-void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len);
+-
+-/**
+- * Search data in the tree.
+- * @param tree: tree to insert to.
+- * @param key: key.
+- * @param len: length of key.
+- * @return: the radix node or NULL if not found.
+- *
+- */
+-ldns_radix_node_t* ldns_radix_search(ldns_radix_t* tree, uint8_t* key,
+- radix_strlen_t len);
+-
+-/**
+- * Search data in the tree, and if not found, find the closest smaller
+- * element in the tree.
+- * @param tree: tree to insert to.
+- * @param key: key.
+- * @param len: length of key.
+- * @param result: the radix node with the exact or closest match. NULL if
+- * the key is smaller than the smallest key in the tree.
+- * @return 1 if exact match, 0 otherwise.
+- *
+- */
+-int ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key,
+- radix_strlen_t len, ldns_radix_node_t** result);
+-
+-/**
+- * Get the first element in the tree.
+- * @param tree: tree.
+- * @return: the radix node with the first element.
+- *
+- */
+-ldns_radix_node_t* ldns_radix_first(ldns_radix_t* tree);
+-
+-/**
+- * Get the last element in the tree.
+- * @param tree: tree.
+- * @return: the radix node with the last element.
+- *
+- */
+-ldns_radix_node_t* ldns_radix_last(ldns_radix_t* tree);
+-
+-/**
+- * Next element.
+- * @param node: node.
+- * @return: node with next element.
+- *
+- */
+-ldns_radix_node_t* ldns_radix_next(ldns_radix_node_t* node);
+-
+-/**
+- * Previous element.
+- * @param node: node.
+- * @return: node with previous element.
+- *
+- */
+-ldns_radix_node_t* ldns_radix_prev(ldns_radix_node_t* node);
+-
+-/**
+- * Split radix tree intwo.
+- * @param tree1: one tree.
+- * @param num: number of elements to split off.
+- * @param tree2: another tree.
+- * @return: status.
+- *
+- */
+-ldns_status ldns_radix_split(ldns_radix_t* tree1, size_t num,
+- ldns_radix_t** tree2);
+-
+-/**
+- * Join two radix trees.
+- * @param tree1: one tree.
+- * @param tree2: another tree.
+- * @return: status.
+- *
+- */
+-ldns_status ldns_radix_join(ldns_radix_t* tree1, ldns_radix_t* tree2);
+-
+-/**
+- * Call function for all nodes in the tree, such that leaf nodes are
+- * called before parent nodes.
+- * @param node: start node.
+- * @param func: function.
+- * @param arg: user argument.
+- *
+- */
+-void ldns_radix_traverse_postorder(ldns_radix_node_t* node,
+- void (*func)(ldns_radix_node_t*, void*), void* arg);
+-
+-/**
+- * Print radix tree (for debugging purposes).
+- * @param fd: file descriptor.
+- * @param tree: tree.
+- *
+- */
+-void ldns_radix_printf(FILE* fd, ldns_radix_t* tree);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_RADIX_H_ */
+diff --git a/include/ldns/rbtree.h b/include/ldns/rbtree.h
+deleted file mode 100644
+index c891934..0000000
+--- a/include/ldns/rbtree.h
++++ /dev/null
+@@ -1,230 +0,0 @@
+-/*
+- * rbtree.h -- generic red-black tree
+- *
+- * Copyright (c) 2001-2008, NLnet Labs. All rights reserved.
+- *
+- * This software is open source.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- *
+- * Redistributions of source code must retain the above copyright notice,
+- * this list of conditions and the following disclaimer.
+- *
+- * Redistributions in binary form must reproduce the above copyright notice,
+- * this list of conditions and the following disclaimer in the documentation
+- * and/or other materials provided with the distribution.
+- *
+- * Neither the name of the NLNET LABS nor the names of its contributors may
+- * be used to endorse or promote products derived from this software without
+- * specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+- *
+- */
+-
+-/**
+- * \file
+- * Red black tree. Implementation taken from NSD 3.0.5, adjusted for use
+- * in unbound (memory allocation, logging and so on).
+- */
+-
+-#ifndef LDNS_RBTREE_H_
+-#define LDNS_RBTREE_H_
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * This structure must be the first member of the data structure in
+- * the rbtree. This allows easy casting between an rbnode_t and the
+- * user data (poor man's inheritance).
+- * Or you can use the data pointer member to get to your data item.
+- */
+-typedef struct ldns_rbnode_t ldns_rbnode_t;
+-/**
+- * The rbnode_t struct definition.
+- */
+-struct ldns_rbnode_t {
+- /** parent in rbtree, RBTREE_NULL for root */
+- ldns_rbnode_t *parent;
+- /** left node (smaller items) */
+- ldns_rbnode_t *left;
+- /** right node (larger items) */
+- ldns_rbnode_t *right;
+- /** pointer to sorting key */
+- const void *key;
+- /** pointer to data */
+- const void *data;
+- /** colour of this node */
+- uint8_t color;
+-};
+-
+-/** The nullpointer, points to empty node */
+-#define LDNS_RBTREE_NULL &ldns_rbtree_null_node
+-/** the global empty node */
+-extern ldns_rbnode_t ldns_rbtree_null_node;
+-
+-/** An entire red black tree */
+-typedef struct ldns_rbtree_t ldns_rbtree_t;
+-/** definition for tree struct */
+-struct ldns_rbtree_t {
+- /** The root of the red-black tree */
+- ldns_rbnode_t *root;
+-
+- /** The number of the nodes in the tree */
+- size_t count;
+-
+- /**
+- * Key compare function. <0,0,>0 like strcmp.
+- * Return 0 on two NULL ptrs.
+- */
+- int (*cmp) (const void *, const void *);
+-};
+-
+-/**
+- * Create new tree (malloced) with given key compare function.
+- * @param cmpf: compare function (like strcmp) takes pointers to two keys.
+- * @return: new tree, empty.
+- */
+-ldns_rbtree_t *ldns_rbtree_create(int (*cmpf)(const void *, const void *));
+-
+-/**
+- * Free the complete tree (but not its keys)
+- * @param rbtree The tree to free
+- */
+-void ldns_rbtree_free(ldns_rbtree_t *rbtree);
+-
+-/**
+- * Init a new tree (malloced by caller) with given key compare function.
+- * @param rbtree: uninitialised memory for new tree, returned empty.
+- * @param cmpf: compare function (like strcmp) takes pointers to two keys.
+- */
+-void ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *));
+-
+-/**
+- * Insert data into the tree.
+- * @param rbtree: tree to insert to.
+- * @param data: element to insert.
+- * @return: data ptr or NULL if key already present.
+- */
+-ldns_rbnode_t *ldns_rbtree_insert(ldns_rbtree_t *rbtree, ldns_rbnode_t *data);
+-
+-/**
+- * Insert data into the tree (reversed arguments, for use as callback)
+- * \param[in] data element to insert
+- * \param[out] rbtree tree to insert in to
+- * \return data ptr or NULL if key is already present
+- */
+-void ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree);
+-
+-/**
+- * Delete element from tree.
+- * @param rbtree: tree to delete from.
+- * @param key: key of item to delete.
+- * @return: node that is now unlinked from the tree. User to delete it.
+- * returns 0 if node not present
+- */
+-ldns_rbnode_t *ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key);
+-
+-/**
+- * Find key in tree. Returns NULL if not found.
+- * @param rbtree: tree to find in.
+- * @param key: key that must match.
+- * @return: node that fits or NULL.
+- */
+-ldns_rbnode_t *ldns_rbtree_search(ldns_rbtree_t *rbtree, const void *key);
+-
+-/**
+- * Find, but match does not have to be exact.
+- * @param rbtree: tree to find in.
+- * @param key: key to find position of.
+- * @param result: set to the exact node if present, otherwise to element that
+- * precedes the position of key in the tree. NULL if no smaller element.
+- * @return: true if exact match in result. Else result points to <= element,
+- * or NULL if key is smaller than the smallest key.
+- */
+-int ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key,
+- ldns_rbnode_t **result);
+-
+-/**
+- * Returns first (smallest) node in the tree
+- * @param rbtree: tree
+- * @return: smallest element or NULL if tree empty.
+- */
+-ldns_rbnode_t *ldns_rbtree_first(ldns_rbtree_t *rbtree);
+-
+-/**
+- * Returns last (largest) node in the tree
+- * @param rbtree: tree
+- * @return: largest element or NULL if tree empty.
+- */
+-ldns_rbnode_t *ldns_rbtree_last(ldns_rbtree_t *rbtree);
+-
+-/**
+- * Returns next larger node in the tree
+- * @param rbtree: tree
+- * @return: next larger element or NULL if no larger in tree.
+- */
+-ldns_rbnode_t *ldns_rbtree_next(ldns_rbnode_t *rbtree);
+-
+-/**
+- * Returns previous smaller node in the tree
+- * @param rbtree: tree
+- * @return: previous smaller element or NULL if no previous in tree.
+- */
+-ldns_rbnode_t *ldns_rbtree_previous(ldns_rbnode_t *rbtree);
+-
+-/**
+- * split off 'elements' number of elements from the start
+- * of the name tree and return a new tree containing those
+- * elements
+- */
+-ldns_rbtree_t *ldns_rbtree_split(ldns_rbtree_t *tree, size_t elements);
+-
+-/**
+- * add all node from the second tree to the first (removing them from the
+- * second), and fix up nsec(3)s if present
+- */
+-void ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2);
+-
+-/**
+- * Call with node=variable of struct* with rbnode_t as first element.
+- * with type is the type of a pointer to that struct.
+- */
+-#define LDNS_RBTREE_FOR(node, type, rbtree) \
+- for(node=(type)ldns_rbtree_first(rbtree); \
+- (ldns_rbnode_t*)node != LDNS_RBTREE_NULL; \
+- node = (type)ldns_rbtree_next((ldns_rbnode_t*)node))
+-
+-/**
+- * Call function for all elements in the redblack tree, such that
+- * leaf elements are called before parent elements. So that all
+- * elements can be safely free()d.
+- * Note that your function must not remove the nodes from the tree.
+- * Since that may trigger rebalances of the rbtree.
+- * @param tree: the tree
+- * @param func: function called with element and user arg.
+- * The function must not alter the rbtree.
+- * @param arg: user argument.
+- */
+-void ldns_traverse_postorder(ldns_rbtree_t* tree,
+- void (*func)(ldns_rbnode_t*, void*), void* arg);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* UTIL_RBTREE_H_ */
+diff --git a/include/ldns/rdata.h b/include/ldns/rdata.h
+deleted file mode 100644
+index 22665b1..0000000
+--- a/include/ldns/rdata.h
++++ /dev/null
+@@ -1,451 +0,0 @@
+-/*
+- * rdata.h
+- *
+- * rdata definitions
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-
+-/**
+- * \file
+- *
+- * Defines ldns_rdf and functions to manipulate those.
+- */
+-
+-
+-#ifndef LDNS_RDATA_H
+-#define LDNS_RDATA_H
+-
+-#include <ldns/common.h>
+-#include <ldns/error.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-#define LDNS_MAX_RDFLEN 65535
+-
+-#define LDNS_RDF_SIZE_BYTE 1
+-#define LDNS_RDF_SIZE_WORD 2
+-#define LDNS_RDF_SIZE_DOUBLEWORD 4
+-#define LDNS_RDF_SIZE_6BYTES 6
+-#define LDNS_RDF_SIZE_8BYTES 8
+-#define LDNS_RDF_SIZE_16BYTES 16
+-
+-#define LDNS_NSEC3_VARS_OPTOUT_MASK 0x01
+-
+-/**
+- * The different types of RDATA fields.
+- */
+-enum ldns_enum_rdf_type
+-{
+- /** none */
+- LDNS_RDF_TYPE_NONE,
+- /** domain name */
+- LDNS_RDF_TYPE_DNAME,
+- /** 8 bits */
+- LDNS_RDF_TYPE_INT8,
+- /** 16 bits */
+- LDNS_RDF_TYPE_INT16,
+- /** 32 bits */
+- LDNS_RDF_TYPE_INT32,
+- /** A record */
+- LDNS_RDF_TYPE_A,
+- /** AAAA record */
+- LDNS_RDF_TYPE_AAAA,
+- /** txt string */
+- LDNS_RDF_TYPE_STR,
+- /** apl data */
+- LDNS_RDF_TYPE_APL,
+- /** b32 string */
+- LDNS_RDF_TYPE_B32_EXT,
+- /** b64 string */
+- LDNS_RDF_TYPE_B64,
+- /** hex string */
+- LDNS_RDF_TYPE_HEX,
+- /** nsec type codes */
+- LDNS_RDF_TYPE_NSEC,
+- /** a RR type */
+- LDNS_RDF_TYPE_TYPE,
+- /** a class */
+- LDNS_RDF_TYPE_CLASS,
+- /** certificate algorithm */
+- LDNS_RDF_TYPE_CERT_ALG,
+- /** a key algorithm */
+- LDNS_RDF_TYPE_ALG,
+- /** unknown types */
+- LDNS_RDF_TYPE_UNKNOWN,
+- /** time (32 bits) */
+- LDNS_RDF_TYPE_TIME,
+- /** period */
+- LDNS_RDF_TYPE_PERIOD,
+- /** tsig time 48 bits */
+- LDNS_RDF_TYPE_TSIGTIME,
+- /** Represents the Public Key Algorithm, HIT and Public Key fields
+- for the HIP RR types. A HIP specific rdf type is used because of
+- the unusual layout in wireformat (see RFC 5205 Section 5) */
+- LDNS_RDF_TYPE_HIP,
+- /** variable length any type rdata where the length
+- is specified by the first 2 bytes */
+- LDNS_RDF_TYPE_INT16_DATA,
+- /** protocol and port bitmaps */
+- LDNS_RDF_TYPE_SERVICE,
+- /** location data */
+- LDNS_RDF_TYPE_LOC,
+- /** well known services */
+- LDNS_RDF_TYPE_WKS,
+- /** NSAP */
+- LDNS_RDF_TYPE_NSAP,
+- /** ATMA */
+- LDNS_RDF_TYPE_ATMA,
+- /** IPSECKEY */
+- LDNS_RDF_TYPE_IPSECKEY,
+- /** nsec3 hash salt */
+- LDNS_RDF_TYPE_NSEC3_SALT,
+- /** nsec3 base32 string (with length byte on wire */
+- LDNS_RDF_TYPE_NSEC3_NEXT_OWNER,
+-
+- /** 4 shorts represented as 4 * 16 bit hex numbers
+- * separated by colons. For NID and L64.
+- */
+- LDNS_RDF_TYPE_ILNP64,
+-
+- /** 6 * 8 bit hex numbers separated by dashes. For EUI48. */
+- LDNS_RDF_TYPE_EUI48,
+- /** 8 * 8 bit hex numbers separated by dashes. For EUI64. */
+- LDNS_RDF_TYPE_EUI64,
+-
+- /** A non-zero sequence of US-ASCII letters and numbers in lower case.
+- * For CAA.
+- */
+- LDNS_RDF_TYPE_TAG,
+-
+- /** A <character-string> encoding of the value field as specified
+- * [RFC1035], Section 5.1., encoded as remaining rdata.
+- * For CAA.
+- */
+- LDNS_RDF_TYPE_LONG_STR,
+-
+- /** Since RFC7218 TLSA records can be given with mnemonics,
+- * hence these rdata field types. But as with DNSKEYs, the output
+- * is always numeric.
+- */
+- LDNS_RDF_TYPE_CERTIFICATE_USAGE,
+- LDNS_RDF_TYPE_SELECTOR,
+- LDNS_RDF_TYPE_MATCHING_TYPE,
+-
+- /* Aliases */
+- LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC
+-};
+-typedef enum ldns_enum_rdf_type ldns_rdf_type;
+-
+-/**
+- * algorithms used in CERT rrs
+- */
+-enum ldns_enum_cert_algorithm
+-{
+- LDNS_CERT_PKIX = 1,
+- LDNS_CERT_SPKI = 2,
+- LDNS_CERT_PGP = 3,
+- LDNS_CERT_IPKIX = 4,
+- LDNS_CERT_ISPKI = 5,
+- LDNS_CERT_IPGP = 6,
+- LDNS_CERT_ACPKIX = 7,
+- LDNS_CERT_IACPKIX = 8,
+- LDNS_CERT_URI = 253,
+- LDNS_CERT_OID = 254
+-};
+-typedef enum ldns_enum_cert_algorithm ldns_cert_algorithm;
+-
+-
+-
+-/**
+- * Resource record data field.
+- *
+- * The data is a network ordered array of bytes, which size is specified by
+- * the (16-bit) size field. To correctly parse it, use the type
+- * specified in the (16-bit) type field with a value from \ref ldns_rdf_type.
+- */
+-struct ldns_struct_rdf
+-{
+- /** The size of the data (in octets) */
+- size_t _size;
+- /** The type of the data */
+- ldns_rdf_type _type;
+- /** Pointer to the data (raw octets) */
+- void *_data;
+-};
+-typedef struct ldns_struct_rdf ldns_rdf;
+-
+-/* prototypes */
+-
+-/* write access functions */
+-
+-/**
+- * sets the size of the rdf.
+- * \param[in] *rd the rdf to operate on
+- * \param[in] size the new size
+- * \return void
+- */
+-void ldns_rdf_set_size(ldns_rdf *rd, size_t size);
+-
+-/**
+- * sets the size of the rdf.
+- * \param[in] *rd the rdf to operate on
+- * \param[in] type the new type
+- * \return void
+- */
+-void ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type);
+-
+-/**
+- * sets the size of the rdf.
+- * \param[in] *rd the rdf to operate on
+- * \param[in] *data pointer to the new data
+- * \return void
+- */
+-void ldns_rdf_set_data(ldns_rdf *rd, void *data);
+-
+-/* read access */
+-
+-/**
+- * returns the size of the rdf.
+- * \param[in] *rd the rdf to read from
+- * \return uint16_t with the size
+- */
+-size_t ldns_rdf_size(const ldns_rdf *rd);
+-
+-/**
+- * returns the type of the rdf. We need to insert _get_
+- * here to prevent conflict the the rdf_type TYPE.
+- * \param[in] *rd the rdf to read from
+- * \return ldns_rdf_type with the type
+- */
+-ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd);
+-
+-/**
+- * returns the data of the rdf.
+- * \param[in] *rd the rdf to read from
+- *
+- * \return uint8_t* pointer to the rdf's data
+- */
+-uint8_t *ldns_rdf_data(const ldns_rdf *rd);
+-
+-/* creator functions */
+-
+-/**
+- * allocates a new rdf structure and fills it.
+- * This function DOES NOT copy the contents from
+- * the buffer, unlinke ldns_rdf_new_frm_data()
+- * \param[in] type type of the rdf
+- * \param[in] size size of the buffer
+- * \param[in] data pointer to the buffer to be copied
+- * \return the new rdf structure or NULL on failure
+- */
+-ldns_rdf *ldns_rdf_new(ldns_rdf_type type, size_t size, void *data);
+-
+-/**
+- * allocates a new rdf structure and fills it.
+- * This function _does_ copy the contents from
+- * the buffer, unlinke ldns_rdf_new()
+- * \param[in] type type of the rdf
+- * \param[in] size size of the buffer
+- * \param[in] data pointer to the buffer to be copied
+- * \return the new rdf structure or NULL on failure
+- */
+-ldns_rdf *ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data);
+-
+-/**
+- * creates a new rdf from a string.
+- * \param[in] type type to use
+- * \param[in] str string to use
+- * \return ldns_rdf* or NULL in case of an error
+- */
+-ldns_rdf *ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str);
+-
+-/**
+- * creates a new rdf from a file containing a string.
+- * \param[out] r the new rdf
+- * \param[in] type type to use
+- * \param[in] fp the file pointer to use
+- * \return LDNS_STATUS_OK or the error
+- */
+-ldns_status ldns_rdf_new_frm_fp(ldns_rdf **r, ldns_rdf_type type, FILE *fp);
+-
+-/**
+- * creates a new rdf from a file containing a string.
+- * \param[out] r the new rdf
+- * \param[in] type type to use
+- * \param[in] fp the file pointer to use
+- * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+- * \return LDNS_STATUS_OK or the error
+- */
+-ldns_status ldns_rdf_new_frm_fp_l(ldns_rdf **r, ldns_rdf_type type, FILE *fp, int *line_nr);
+-
+-/* destroy functions */
+-
+-/**
+- * frees a rdf structure, leaving the
+- * data pointer intact.
+- * \param[in] rd the pointer to be freed
+- * \return void
+- */
+-void ldns_rdf_free(ldns_rdf *rd);
+-
+-/**
+- * frees a rdf structure _and_ frees the
+- * data. rdf should be created with _new_frm_data
+- * \param[in] rd the rdf structure to be freed
+- * \return void
+- */
+-void ldns_rdf_deep_free(ldns_rdf *rd);
+-
+-/* conversion functions */
+-
+-/**
+- * returns the rdf containing the native uint8_t repr.
+- * \param[in] type the ldns_rdf type to use
+- * \param[in] value the uint8_t to use
+- * \return ldns_rdf* with the converted value
+- */
+-ldns_rdf *ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value);
+-
+-/**
+- * returns the rdf containing the native uint16_t representation.
+- * \param[in] type the ldns_rdf type to use
+- * \param[in] value the uint16_t to use
+- * \return ldns_rdf* with the converted value
+- */
+-ldns_rdf *ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value);
+-
+-/**
+- * returns an rdf that contains the given int32 value.
+- *
+- * Because multiple rdf types can contain an int32, the
+- * type must be specified
+- * \param[in] type the ldns_rdf type to use
+- * \param[in] value the uint32_t to use
+- * \return ldns_rdf* with the converted value
+- */
+-ldns_rdf *ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value);
+-
+-/**
+- * returns an int16_data rdf that contains the data in the
+- * given array, preceded by an int16 specifying the length.
+- *
+- * The memory is copied, and an LDNS_RDF_TYPE_INT16DATA is returned
+- * \param[in] size the size of the data
+- * \param[in] *data pointer to the actual data
+- *
+- * \return ldns_rd* the rdf with the data
+- */
+-ldns_rdf *ldns_native2rdf_int16_data(size_t size, uint8_t *data);
+-
+-/**
+- * reverses an rdf, only actually useful for AAAA and A records.
+- * The returned rdf has the type LDNS_RDF_TYPE_DNAME!
+- * \param[in] *rd rdf to be reversed
+- * \return the reversed rdf (a newly created rdf)
+- */
+-ldns_rdf *ldns_rdf_address_reverse(ldns_rdf *rd);
+-
+-/**
+- * returns the native uint8_t representation from the rdf.
+- * \param[in] rd the ldns_rdf to operate on
+- * \return uint8_t the value extracted
+- */
+-uint8_t ldns_rdf2native_int8(const ldns_rdf *rd);
+-
+-/**
+- * returns the native uint16_t representation from the rdf.
+- * \param[in] rd the ldns_rdf to operate on
+- * \return uint16_t the value extracted
+- */
+-uint16_t ldns_rdf2native_int16(const ldns_rdf *rd);
+-
+-/**
+- * returns the native uint32_t representation from the rdf.
+- * \param[in] rd the ldns_rdf to operate on
+- * \return uint32_t the value extracted
+- */
+-uint32_t ldns_rdf2native_int32(const ldns_rdf *rd);
+-
+-/**
+- * returns the native time_t representation from the rdf.
+- * \param[in] rd the ldns_rdf to operate on
+- * \return time_t the value extracted (32 bits currently)
+- */
+-time_t ldns_rdf2native_time_t(const ldns_rdf *rd);
+-
+-/**
+- * converts a ttl value (like 5d2h) to a long.
+- * \param[in] nptr the start of the string
+- * \param[out] endptr points to the last char in case of error
+- * \return the convert duration value
+- */
+-uint32_t ldns_str2period(const char *nptr, const char **endptr);
+-
+-/**
+- * removes \\DDD, \\[space] and other escapes from the input.
+- * See RFC 1035, section 5.1.
+- * \param[in] word what to check
+- * \param[in] length the string
+- * \return ldns_status mesg
+- */
+-ldns_status ldns_octet(char *word, size_t *length);
+-
+-/**
+- * clones a rdf structure. The data is copied.
+- * \param[in] rd rdf to be copied
+- * \return a new rdf structure
+- */
+-ldns_rdf *ldns_rdf_clone(const ldns_rdf *rd);
+-
+-/**
+- * compares two rdf's on their wire formats.
+- * (To order dnames according to rfc4034, use ldns_dname_compare)
+- * \param[in] rd1 the first one
+- * \param[in] rd2 the second one
+- * \return 0 if equal
+- * \return -1 if rd1 comes before rd2
+- * \return +1 if rd2 comes before rd1
+- */
+-int ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2);
+-
+-/**
+- * Gets the algorithm value, the HIT and Public Key data from the rdf with
+- * type LDNS_RDF_TYPE_HIP.
+- * \param[in] rdf the rdf with type LDNS_RDF_TYPE_HIP
+- * \param[out] alg the algorithm
+- * \param[out] hit_size the size of the HIT data
+- * \param[out] hit the hit data
+- * \param[out] pk_size the size of the Public Key data
+- * \param[out] pk the Public Key data
+- * \return LDNS_STATUS_OK on success, and the error otherwise
+- */
+-ldns_status ldns_rdf_hip_get_alg_hit_pk(ldns_rdf *rdf, uint8_t* alg,
+- uint8_t *hit_size, uint8_t** hit,
+- uint16_t *pk_size, uint8_t** pk);
+-
+-/**
+- * Creates a new LDNS_RDF_TYPE_HIP rdf from given data.
+- * \param[out] rdf the newly created LDNS_RDF_TYPE_HIP rdf
+- * \param[in] alg the algorithm
+- * \param[in] hit_size the size of the HIT data
+- * \param[in] hit the hit data
+- * \param[in] pk_size the size of the Public Key data
+- * \param[in] pk the Public Key data
+- * \return LDNS_STATUS_OK on success, and the error otherwise
+- */
+-ldns_status ldns_rdf_hip_new_frm_alg_hit_pk(ldns_rdf** rdf, uint8_t alg,
+- uint8_t hit_size, uint8_t *hit, uint16_t pk_size, uint8_t *pk);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_RDATA_H */
+diff --git a/include/ldns/resolver.h b/include/ldns/resolver.h
+deleted file mode 100644
+index 228485c..0000000
+--- a/include/ldns/resolver.h
++++ /dev/null
+@@ -1,805 +0,0 @@
+-/*
+- * resolver.h
+- *
+- * DNS Resolver definitions
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-/**
+- * \file
+- *
+- * Defines the ldns_resolver structure, a stub resolver that can send queries and parse answers.
+- *
+- */
+-
+-#ifndef LDNS_RESOLVER_H
+-#define LDNS_RESOLVER_H
+-
+-#include <ldns/error.h>
+-#include <ldns/common.h>
+-#include <ldns/rr.h>
+-#include <ldns/tsig.h>
+-#include <ldns/rdata.h>
+-#include <ldns/packet.h>
+-#include <sys/time.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/** Default location of the resolv.conf file */
+-#define LDNS_RESOLV_CONF "/etc/resolv.conf"
+-/** Default location of the hosts file */
+-#define LDNS_RESOLV_HOSTS "/etc/hosts"
+-
+-#define LDNS_RESOLV_KEYWORD -1
+-#define LDNS_RESOLV_DEFDOMAIN 0
+-#define LDNS_RESOLV_NAMESERVER 1
+-#define LDNS_RESOLV_SEARCH 2
+-#define LDNS_RESOLV_SORTLIST 3
+-#define LDNS_RESOLV_OPTIONS 4
+-#define LDNS_RESOLV_ANCHOR 5
+-#define LDNS_RESOLV_KEYWORDS 6
+-
+-#define LDNS_RESOLV_INETANY 0
+-#define LDNS_RESOLV_INET 1
+-#define LDNS_RESOLV_INET6 2
+-
+-#define LDNS_RESOLV_RTT_INF 0 /* infinity */
+-#define LDNS_RESOLV_RTT_MIN 1 /* reachable */
+-
+-/**
+- * DNS stub resolver structure
+- */
+-struct ldns_struct_resolver
+-{
+- /** Port to send queries to */
+- uint16_t _port;
+-
+- /** Array of nameservers to query (IP addresses or dnames) */
+- ldns_rdf **_nameservers;
+- /** Number of nameservers in \c _nameservers */
+- size_t _nameserver_count; /* how many do we have */
+-
+- /** Round trip time; 0 -> infinity. Unit: ms? */
+- size_t *_rtt;
+-
+- /** Whether or not to be recursive */
+- bool _recursive;
+-
+- /** Print debug information */
+- bool _debug;
+-
+- /** Default domain to add to non fully qualified domain names */
+- ldns_rdf *_domain;
+-
+- /** Searchlist array, add the names in this array if a query cannot be found */
+- ldns_rdf **_searchlist;
+-
+- /** Number of entries in the searchlist array */
+- size_t _searchlist_count;
+-
+- /** Number of times to retry before giving up */
+- uint8_t _retry;
+- /** Time to wait before retrying */
+- uint8_t _retrans;
+- /** Use new fallback mechanism (try EDNS, then do TCP) */
+- bool _fallback;
+-
+- /** Whether to do DNSSEC */
+- bool _dnssec;
+- /** Whether to set the CD bit on DNSSEC requests */
+- bool _dnssec_cd;
+- /** Optional trust anchors for complete DNSSEC validation */
+- ldns_rr_list * _dnssec_anchors;
+- /** Whether to use tcp or udp (tcp if the value is true)*/
+- bool _usevc;
+- /** Whether to ignore the tc bit */
+- bool _igntc;
+- /** Whether to use ip6: 0->does not matter, 1 is IPv4, 2 is IPv6 */
+- uint8_t _ip6;
+- /** If true append the default domain */
+- bool _defnames;
+- /** If true apply the search list */
+- bool _dnsrch;
+- /** Timeout for socket connections */
+- struct timeval _timeout;
+- /** Only try the first nameserver, and return with an error directly if it fails */
+- bool _fail;
+- /** Randomly choose a nameserver */
+- bool _random;
+- /** Keep some things to make AXFR possible */
+- int _socket;
+- /** Count the number of LDNS_RR_TYPE_SOA RRs we have seen so far
+- * (the second one signifies the end of the AXFR)
+- */
+- int _axfr_soa_count;
+- /* when axfring we get complete packets from the server
+- but we want to give the caller 1 rr at a time, so
+- keep the current pkt */
+- /** Packet currently handled when doing part of an AXFR */
+- ldns_pkt *_cur_axfr_pkt;
+- /** Counter for within the AXFR packets */
+- uint16_t _axfr_i;
+- /* EDNS0 available buffer size */
+- uint16_t _edns_udp_size;
+- /* serial for IXFR */
+- uint32_t _serial;
+-
+- /* Optional tsig key for signing queries,
+- outgoing messages are signed if and only if both are set
+- */
+- /** Name of the key to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */
+- char *_tsig_keyname;
+- /** Secret key data to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */
+- char *_tsig_keydata;
+- /** TSIG signing algorithm */
+- char *_tsig_algorithm;
+-
+- /** Source address to query from */
+- ldns_rdf *_source;
+-};
+-typedef struct ldns_struct_resolver ldns_resolver;
+-
+-/* prototypes */
+-/* read access functions */
+-
+-/**
+- * Get the port the resolver should use
+- * \param[in] r the resolver
+- * \return the port number
+- */
+-uint16_t ldns_resolver_port(const ldns_resolver *r);
+-
+-/**
+- * Get the source address the resolver should use
+- * \param[in] r the resolver
+- * \return the source rdf
+- */
+-ldns_rdf *ldns_resolver_source(const ldns_resolver *r);
+-
+-/**
+- * Is the resolver set to recurse
+- * \param[in] r the resolver
+- * \return true if so, otherwise false
+- */
+-bool ldns_resolver_recursive(const ldns_resolver *r);
+-
+-/**
+- * Get the debug status of the resolver
+- * \param[in] r the resolver
+- * \return true if so, otherwise false
+- */
+-bool ldns_resolver_debug(const ldns_resolver *r);
+-
+-/**
+- * Get the number of retries
+- * \param[in] r the resolver
+- * \return the number of retries
+- */
+-uint8_t ldns_resolver_retry(const ldns_resolver *r);
+-
+-/**
+- * Get the retransmit interval
+- * \param[in] r the resolver
+- * \return the retransmit interval
+- */
+-uint8_t ldns_resolver_retrans(const ldns_resolver *r);
+-
+-/**
+- * Get the truncation fallback status
+- * \param[in] r the resolver
+- * \return whether the truncation fallback mechanism is used
+- */
+-bool ldns_resolver_fallback(const ldns_resolver *r);
+-
+-/**
+- * Does the resolver use ip6 or ip4
+- * \param[in] r the resolver
+- * \return 0: both, 1: ip4, 2:ip6
+- */
+-uint8_t ldns_resolver_ip6(const ldns_resolver *r);
+-
+-/**
+- * Get the resolver's udp size
+- * \param[in] r the resolver
+- * \return the udp mesg size
+- */
+-uint16_t ldns_resolver_edns_udp_size(const ldns_resolver *r);
+-/**
+- * Does the resolver use tcp or udp
+- * \param[in] r the resolver
+- * \return true: tcp, false: udp
+- */
+-bool ldns_resolver_usevc(const ldns_resolver *r);
+-/**
+- * Does the resolver only try the first nameserver
+- * \param[in] r the resolver
+- * \return true: yes, fail, false: no, try the others
+- */
+-bool ldns_resolver_fail(const ldns_resolver *r);
+-/**
+- * Does the resolver apply default domain name
+- * \param[in] r the resolver
+- * \return true: yes, false: no
+- */
+-bool ldns_resolver_defnames(const ldns_resolver *r);
+-/**
+- * Does the resolver apply search list
+- * \param[in] r the resolver
+- * \return true: yes, false: no
+- */
+-bool ldns_resolver_dnsrch(const ldns_resolver *r);
+-/**
+- * Does the resolver do DNSSEC
+- * \param[in] r the resolver
+- * \return true: yes, false: no
+- */
+-bool ldns_resolver_dnssec(const ldns_resolver *r);
+-/**
+- * Does the resolver set the CD bit
+- * \param[in] r the resolver
+- * \return true: yes, false: no
+- */
+-bool ldns_resolver_dnssec_cd(const ldns_resolver *r);
+-/**
+- * Get the resolver's DNSSEC anchors
+- * \param[in] r the resolver
+- * \return an rr_list containg trusted DNSSEC anchors
+- */
+-ldns_rr_list * ldns_resolver_dnssec_anchors(const ldns_resolver *r);
+-/**
+- * Does the resolver ignore the TC bit (truncated)
+- * \param[in] r the resolver
+- * \return true: yes, false: no
+- */
+-bool ldns_resolver_igntc(const ldns_resolver *r);
+-/**
+- * Does the resolver randomize the nameserver before usage
+- * \param[in] r the resolver
+- * \return true: yes, false: no
+- */
+-bool ldns_resolver_random(const ldns_resolver *r);
+-/**
+- * How many nameserver are configured in the resolver
+- * \param[in] r the resolver
+- * \return number of nameservers
+- */
+-size_t ldns_resolver_nameserver_count(const ldns_resolver *r);
+-/**
+- * What is the default dname to add to relative queries
+- * \param[in] r the resolver
+- * \return the dname which is added
+- */
+-ldns_rdf *ldns_resolver_domain(const ldns_resolver *r);
+-/**
+- * What is the timeout on socket connections
+- * \param[in] r the resolver
+- * \return the timeout as struct timeval
+- */
+-struct timeval ldns_resolver_timeout(const ldns_resolver *r);
+-/**
+- * What is the searchlist as used by the resolver
+- * \param[in] r the resolver
+- * \return a ldns_rdf pointer to a list of the addresses
+- */
+-ldns_rdf** ldns_resolver_searchlist(const ldns_resolver *r);
+-/**
+- * Return the configured nameserver ip address
+- * \param[in] r the resolver
+- * \return a ldns_rdf pointer to a list of the addresses
+- */
+-ldns_rdf** ldns_resolver_nameservers(const ldns_resolver *r);
+-/**
+- * Return the used round trip times for the nameservers
+- * \param[in] r the resolver
+- * \return a size_t* pointer to the list.
+- * yet)
+- */
+-size_t * ldns_resolver_rtt(const ldns_resolver *r);
+-/**
+- * Return the used round trip time for a specific nameserver
+- * \param[in] r the resolver
+- * \param[in] pos the index to the nameserver
+- * \return the rrt, 0: infinite, >0: undefined (as of * yet)
+- */
+-size_t ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos);
+-/**
+- * Return the tsig keyname as used by the nameserver
+- * \param[in] r the resolver
+- * \return the name used.
+- */
+-char *ldns_resolver_tsig_keyname(const ldns_resolver *r);
+-/**
+- * Return the tsig algorithm as used by the nameserver
+- * \param[in] r the resolver
+- * \return the algorithm used.
+- */
+-char *ldns_resolver_tsig_algorithm(const ldns_resolver *r);
+-/**
+- * Return the tsig keydata as used by the nameserver
+- * \param[in] r the resolver
+- * \return the keydata used.
+- */
+-char *ldns_resolver_tsig_keydata(const ldns_resolver *r);
+-/**
+- * pop the last nameserver from the resolver.
+- * \param[in] r the resolver
+- * \return the popped address or NULL if empty
+- */
+-ldns_rdf* ldns_resolver_pop_nameserver(ldns_resolver *r);
+-
+-/**
+- * Return the resolver's searchlist count
+- * \param[in] r the resolver
+- * \return the searchlist count
+- */
+-size_t ldns_resolver_searchlist_count(const ldns_resolver *r);
+-
+-/* write access function */
+-/**
+- * Set the port the resolver should use
+- * \param[in] r the resolver
+- * \param[in] p the port number
+- */
+-void ldns_resolver_set_port(ldns_resolver *r, uint16_t p);
+-
+-/**
+- * Set the source rdf (address) the resolver should use
+- * \param[in] r the resolver
+- * \param[in] s the source address
+- */
+-void ldns_resolver_set_source(ldns_resolver *r, ldns_rdf *s);
+-
+-/**
+- * Set the resolver recursion
+- * \param[in] r the resolver
+- * \param[in] b true: set to recurse, false: unset
+- */
+-void ldns_resolver_set_recursive(ldns_resolver *r, bool b);
+-
+-/**
+- * Set the resolver debugging
+- * \param[in] r the resolver
+- * \param[in] b true: debug on: false debug off
+- */
+-void ldns_resolver_set_debug(ldns_resolver *r, bool b);
+-
+-/**
+- * Incremental the resolver's nameserver count.
+- * \param[in] r the resolver
+- */
+-void ldns_resolver_incr_nameserver_count(ldns_resolver *r);
+-
+-/**
+- * Decrement the resolver's nameserver count.
+- * \param[in] r the resolver
+- */
+-void ldns_resolver_dec_nameserver_count(ldns_resolver *r);
+-
+-/**
+- * Set the resolver's nameserver count directly.
+- * \param[in] r the resolver
+- * \param[in] c the nameserver count
+- */
+-void ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c);
+-
+-/**
+- * Set the resolver's nameserver count directly by using an rdf list
+- * \param[in] r the resolver
+- * \param[in] rd the resolver addresses
+- */
+-void ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **rd);
+-
+-/**
+- * Set the resolver's default domain. This gets appended when no
+- * absolute name is given
+- * \param[in] r the resolver
+- * \param[in] rd the name to append
+- */
+-void ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *rd);
+-
+-/**
+- * Set the resolver's socket time out when talking to remote hosts
+- * \param[in] r the resolver
+- * \param[in] timeout the timeout to use
+- */
+-void ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout);
+-
+-/**
+- * Push a new rd to the resolver's searchlist
+- * \param[in] r the resolver
+- * \param[in] rd to push
+- */
+-void ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *rd);
+-
+-/**
+- * Whether the resolver uses the name set with _set_domain
+- * \param[in] r the resolver
+- * \param[in] b true: use the defaults, false: don't use them
+- */
+-void ldns_resolver_set_defnames(ldns_resolver *r, bool b);
+-
+-/**
+- * Whether the resolver uses a virtual circuit (TCP)
+- * \param[in] r the resolver
+- * \param[in] b true: use TCP, false: don't use TCP
+- */
+-void ldns_resolver_set_usevc(ldns_resolver *r, bool b);
+-
+-/**
+- * Whether the resolver uses the searchlist
+- * \param[in] r the resolver
+- * \param[in] b true: use the list, false: don't use the list
+- */
+-void ldns_resolver_set_dnsrch(ldns_resolver *r, bool b);
+-
+-/**
+- * Whether the resolver uses DNSSEC
+- * \param[in] r the resolver
+- * \param[in] b true: use DNSSEC, false: don't use DNSSEC
+- */
+-void ldns_resolver_set_dnssec(ldns_resolver *r, bool b);
+-
+-/**
+- * Whether the resolver uses the checking disable bit
+- * \param[in] r the resolver
+- * \param[in] b true: enable , false: don't use TCP
+- */
+-void ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool b);
+-/**
+- * Set the resolver's DNSSEC anchor list directly. RRs should be of type DS or DNSKEY.
+- * \param[in] r the resolver
+- * \param[in] l the list of RRs to use as trust anchors
+- */
+-void ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l);
+-
+-/**
+- * Push a new trust anchor to the resolver. It must be a DS or DNSKEY rr
+- * \param[in] r the resolver.
+- * \param[in] rr the RR to add as a trust anchor.
+- * \return a status
+- */
+-ldns_status ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr);
+-
+-/**
+- * Set the resolver retrans timeout (in seconds)
+- * \param[in] r the resolver
+- * \param[in] re the retransmission interval in seconds
+- */
+-void ldns_resolver_set_retrans(ldns_resolver *r, uint8_t re);
+-
+-/**
+- * Set whether the resolvers truncation fallback mechanism is used
+- * when ldns_resolver_query() is called.
+- * \param[in] r the resolver
+- * \param[in] fallback whether to use the fallback mechanism
+- */
+-void ldns_resolver_set_fallback(ldns_resolver *r, bool fallback);
+-
+-/**
+- * Set the number of times a resolver should retry a nameserver before the
+- * next one is tried.
+- * \param[in] r the resolver
+- * \param[in] re the number of retries
+- */
+-void ldns_resolver_set_retry(ldns_resolver *r, uint8_t re);
+-
+-/**
+- * Whether the resolver uses ip6
+- * \param[in] r the resolver
+- * \param[in] i 0: no pref, 1: ip4, 2: ip6
+- */
+-void ldns_resolver_set_ip6(ldns_resolver *r, uint8_t i);
+-
+-/**
+- * Whether or not to fail after one failed query
+- * \param[in] r the resolver
+- * \param[in] b true: yes fail, false: continue with next nameserver
+- */
+-void ldns_resolver_set_fail(ldns_resolver *r, bool b);
+-
+-/**
+- * Whether or not to ignore the TC bit
+- * \param[in] r the resolver
+- * \param[in] b true: yes ignore, false: don't ignore
+- */
+-void ldns_resolver_set_igntc(ldns_resolver *r, bool b);
+-
+-/**
+- * Set maximum udp size
+- * \param[in] r the resolver
+- * \param[in] s the udp max size
+- */
+-void ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s);
+-
+-/**
+- * Set the tsig key name
+- * \param[in] r the resolver
+- * \param[in] tsig_keyname the tsig key name
+- */
+-void ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname);
+-
+-/**
+- * Set the tsig algorithm
+- * \param[in] r the resolver
+- * \param[in] tsig_algorithm the tsig algorithm
+- */
+-void ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm);
+-
+-/**
+- * Set the tsig key data
+- * \param[in] r the resolver
+- * \param[in] tsig_keydata the key data
+- */
+-void ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata);
+-
+-/**
+- * Set round trip time for all nameservers. Note this currently
+- * differentiates between: unreachable and reachable.
+- * \param[in] r the resolver
+- * \param[in] rtt a list with the times
+- */
+-void ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt);
+-
+-/**
+- * Set round trip time for a specific nameserver. Note this
+- * currently differentiates between: unreachable and reachable.
+- * \param[in] r the resolver
+- * \param[in] pos the nameserver position
+- * \param[in] value the rtt
+- */
+-void ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value);
+-
+-/**
+- * Should the nameserver list be randomized before each use
+- * \param[in] r the resolver
+- * \param[in] b: true: randomize, false: don't
+- */
+-void ldns_resolver_set_random(ldns_resolver *r, bool b);
+-
+-/**
+- * Push a new nameserver to the resolver. It must be an IP
+- * address v4 or v6.
+- * \param[in] r the resolver
+- * \param[in] n the ip address
+- * \return ldns_status a status
+- */
+-ldns_status ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n);
+-
+-/**
+- * Push a new nameserver to the resolver. It must be an
+- * A or AAAA RR record type
+- * \param[in] r the resolver
+- * \param[in] rr the resource record
+- * \return ldns_status a status
+- */
+-ldns_status ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr);
+-
+-/**
+- * Push a new nameserver rr_list to the resolver.
+- * \param[in] r the resolver
+- * \param[in] rrlist the rr_list to push
+- * \return ldns_status a status
+- */
+-ldns_status ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist);
+-
+-/**
+- * Send the query for using the resolver and take the search list into account
+- * The search algorithm is as follows:
+- * If the name is absolute, try it as-is, otherwise apply the search list
+- * \param[in] *r operate using this resolver
+- * \param[in] *rdf query for this name
+- * \param[in] t query for this type (may be 0, defaults to A)
+- * \param[in] c query for this class (may be 0, default to IN)
+- * \param[in] flags the query flags
+- *
+- * \return ldns_pkt* a packet with the reply from the nameserver
+- */
+-ldns_pkt* ldns_resolver_search(const ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
+-
+-
+-/**
+- * Send the query for using the resolver and take the search list into account
+- * The search algorithm is as follows:
+- * If the name is absolute, try it as-is, otherwise apply the search list
+- * \param[out] pkt a packet with the reply from the nameserver
+- * \param[in] *r operate using this resolver
+- * \param[in] *rdf query for this name
+- * \param[in] t query for this type (may be 0, defaults to A)
+- * \param[in] c query for this class (may be 0, default to IN)
+- * \param[in] flags the query flags
+- *
+- * \return ldns_status LDNS_STATUS_OK on success
+- */
+-ldns_status ldns_resolver_search_status(ldns_pkt** pkt, ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
+-
+-/**
+- * Form a query packet from a resolver and name/type/class combo
+- * \param[out] **q a pointer to a ldns_pkt pointer (initialized by this function)
+- * \param[in] *r operate using this resolver
+- * \param[in] *name query for this name
+- * \param[in] t query for this type (may be 0, defaults to A)
+- * \param[in] c query for this class (may be 0, default to IN)
+- * \param[in] f the query flags
+- *
+- * \return ldns_pkt* a packet with the reply from the nameserver
+- */
+-ldns_status ldns_resolver_prepare_query_pkt(ldns_pkt **q, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t f);
+-
+-/**
+- * Send the query for name as-is
+- * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function)
+- * \param[in] *r operate using this resolver
+- * \param[in] *name query for this name
+- * \param[in] t query for this type (may be 0, defaults to A)
+- * \param[in] c query for this class (may be 0, default to IN)
+- * \param[in] flags the query flags
+- *
+- * \return ldns_pkt* a packet with the reply from the nameserver
+- */
+-ldns_status ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
+-
+-/**
+- * Send the given packet to a nameserver
+- * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function)
+- * \param[in] *r operate using this resolver
+- * \param[in] *query_pkt query
+- */
+-ldns_status ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r, ldns_pkt *query_pkt);
+-
+-/**
+- * Send a query to a nameserver
+- * \param[out] pkt a packet with the reply from the nameserver
+- * \param[in] *r operate using this resolver
+- * \param[in] *name query for this name
+- * \param[in] *t query for this type (may be 0, defaults to A)
+- * \param[in] *c query for this class (may be 0, default to IN)
+- * \param[in] flags the query flags
+- *
+- * \return ldns_status LDNS_STATUS_OK on success
+- * if _defnames is true the default domain will be added
+- */
+-ldns_status ldns_resolver_query_status(ldns_pkt** pkt, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
+-
+-
+-/**
+- * Send a query to a nameserver
+- * \param[in] *r operate using this resolver
+- * (despite the const in the declaration,
+- * the struct is altered as a side-effect)
+- * \param[in] *name query for this name
+- * \param[in] *t query for this type (may be 0, defaults to A)
+- * \param[in] *c query for this class (may be 0, default to IN)
+- * \param[in] flags the query flags
+- *
+- * \return ldns_pkt* a packet with the reply from the nameserver
+- * if _defnames is true the default domain will be added
+- */
+-ldns_pkt* ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
+-
+-
+-/**
+- * Create a new resolver structure
+- * \return ldns_resolver* pointer to new structure
+- */
+-ldns_resolver* ldns_resolver_new(void);
+-
+-/**
+- * Clone a resolver
+- * \param[in] r the resolver to clone
+- * \return ldns_resolver* pointer to new structure
+- */
+-ldns_resolver* ldns_resolver_clone(ldns_resolver *r);
+-
+-/**
+- * Create a resolver structure from a file like /etc/resolv.conf
+- * \param[out] r the new resolver
+- * \param[in] fp file pointer to create new resolver from
+- * if NULL use /etc/resolv.conf
+- * \return LDNS_STATUS_OK or the error
+- */
+-ldns_status ldns_resolver_new_frm_fp(ldns_resolver **r, FILE *fp);
+-
+-/**
+- * Create a resolver structure from a file like /etc/resolv.conf
+- * \param[out] r the new resolver
+- * \param[in] fp file pointer to create new resolver from
+- * if NULL use /etc/resolv.conf
+- * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+- * \return LDNS_STATUS_OK or the error
+- */
+-ldns_status ldns_resolver_new_frm_fp_l(ldns_resolver **r, FILE *fp, int *line_nr);
+-
+-/**
+- * Configure a resolver by means of a resolv.conf file
+- * The file may be NULL in which case there will be
+- * looked the RESOLV_CONF (defaults to /etc/resolv.conf
+- * \param[out] r the new resolver
+- * \param[in] filename the filename to use
+- * \return LDNS_STATUS_OK or the error
+- */
+-ldns_status ldns_resolver_new_frm_file(ldns_resolver **r, const char *filename);
+-
+-/**
+- * Frees the allocated space for this resolver. Only frees the resolver pionter! You should probably be using _deep_free.
+- * \param res resolver to free
+- */
+-void ldns_resolver_free(ldns_resolver *res);
+-
+-/**
+- * Frees the allocated space for this resolver and all it's data
+- * \param res resolver to free
+- */
+-void ldns_resolver_deep_free(ldns_resolver *res);
+-
+-/**
+- * Get the next stream of RRs in a AXFR
+- * \param[in] resolver the resolver to use. First ldns_axfr_start() must be
+- * called
+- * \return ldns_rr the next RR from the AXFR stream
+- * After you get this returned RR (not NULL: on error), then check if
+- * ldns_axfr_complete() is true to see if the zone transfer has completed.
+- */
+-ldns_rr* ldns_axfr_next(ldns_resolver *resolver);
+-
+-/**
+- * Abort a transfer that is in progress
+- * \param[in] resolver the resolver that is used
+- */
+-void ldns_axfr_abort(ldns_resolver *resolver);
+-
+-/**
+- * Returns true if the axfr transfer has completed (i.e. 2 SOA RRs and no errors were encountered
+- * \param[in] resolver the resolver that is used
+- * \return bool true if axfr transfer was completed without error
+- */
+-bool ldns_axfr_complete(const ldns_resolver *resolver);
+-
+-/**
+- * Returns a pointer to the last ldns_pkt that was sent by the server in the AXFR transfer
+- * uasable for instance to get the error code on failure
+- * \param[in] res the resolver that was used in the axfr transfer
+- * \return ldns_pkt the last packet sent
+- */
+-ldns_pkt *ldns_axfr_last_pkt(const ldns_resolver *res);
+-
+-/**
+- * Get the serial for requesting IXFR.
+- * \param[in] r the resolver
+- * \param[in] serial serial
+- */
+-void ldns_resolver_set_ixfr_serial(ldns_resolver *r, uint32_t serial);
+-
+-/**
+- * Get the serial for requesting IXFR.
+- * \param[in] res the resolver
+- * \return uint32_t serial
+- */
+-uint32_t ldns_resolver_get_ixfr_serial(const ldns_resolver *res);
+-
+-/**
+- * Randomize the nameserver list in the resolver
+- * \param[in] r the resolver
+- */
+-void ldns_resolver_nameservers_randomize(ldns_resolver *r);
+-
+-/**
+- * Returns true if at least one of the provided keys is a trust anchor
+- * \param[in] r the current resolver
+- * \param[in] keys the keyset to check
+- * \param[out] trusted_keys the subset of trusted keys in the 'keys' rrset
+- * \return true if at least one of the provided keys is a configured trust anchor
+- */
+-bool ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_RESOLVER_H */
+diff --git a/include/ldns/rr.h b/include/ldns/rr.h
+deleted file mode 100644
+index 75ac352..0000000
+--- a/include/ldns/rr.h
++++ /dev/null
+@@ -1,929 +0,0 @@
+-/*
+- * rr.h - resource record definitions
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-/**
+- * \file
+- *
+- * Contains the definition of ldns_rr and functions to manipulate those.
+- */
+-
+-
+-#ifndef LDNS_RR_H
+-#define LDNS_RR_H
+-
+-#include <ldns/common.h>
+-#include <ldns/rdata.h>
+-#include <ldns/buffer.h>
+-#include <ldns/error.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/** Maximum length of a dname label */
+-#define LDNS_MAX_LABELLEN 63
+-/** Maximum length of a complete dname */
+-#define LDNS_MAX_DOMAINLEN 255
+-/** Maximum number of pointers in 1 dname */
+-#define LDNS_MAX_POINTERS 65535
+-/** The bytes TTL, CLASS and length use up in an rr */
+-#define LDNS_RR_OVERHEAD 10
+-
+-/* The first fields are contiguous and can be referenced instantly */
+-#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 258
+-
+-
+-
+-/**
+- * The different RR classes.
+- */
+-enum ldns_enum_rr_class
+-{
+- /** the Internet */
+- LDNS_RR_CLASS_IN = 1,
+- /** Chaos class */
+- LDNS_RR_CLASS_CH = 3,
+- /** Hesiod (Dyer 87) */
+- LDNS_RR_CLASS_HS = 4,
+- /** None class, dynamic update */
+- LDNS_RR_CLASS_NONE = 254,
+- /** Any class */
+- LDNS_RR_CLASS_ANY = 255,
+-
+- LDNS_RR_CLASS_FIRST = 0,
+- LDNS_RR_CLASS_LAST = 65535,
+- LDNS_RR_CLASS_COUNT = LDNS_RR_CLASS_LAST - LDNS_RR_CLASS_FIRST + 1
+-};
+-typedef enum ldns_enum_rr_class ldns_rr_class;
+-
+-/**
+- * Used to specify whether compression is allowed.
+- */
+-enum ldns_enum_rr_compress
+-{
+- /** compression is allowed */
+- LDNS_RR_COMPRESS,
+- LDNS_RR_NO_COMPRESS
+-};
+-typedef enum ldns_enum_rr_compress ldns_rr_compress;
+-
+-/**
+- * The different RR types.
+- */
+-enum ldns_enum_rr_type
+-{
+- /** a host address */
+- LDNS_RR_TYPE_A = 1,
+- /** an authoritative name server */
+- LDNS_RR_TYPE_NS = 2,
+- /** a mail destination (Obsolete - use MX) */
+- LDNS_RR_TYPE_MD = 3,
+- /** a mail forwarder (Obsolete - use MX) */
+- LDNS_RR_TYPE_MF = 4,
+- /** the canonical name for an alias */
+- LDNS_RR_TYPE_CNAME = 5,
+- /** marks the start of a zone of authority */
+- LDNS_RR_TYPE_SOA = 6,
+- /** a mailbox domain name (EXPERIMENTAL) */
+- LDNS_RR_TYPE_MB = 7,
+- /** a mail group member (EXPERIMENTAL) */
+- LDNS_RR_TYPE_MG = 8,
+- /** a mail rename domain name (EXPERIMENTAL) */
+- LDNS_RR_TYPE_MR = 9,
+- /** a null RR (EXPERIMENTAL) */
+- LDNS_RR_TYPE_NULL = 10,
+- /** a well known service description */
+- LDNS_RR_TYPE_WKS = 11,
+- /** a domain name pointer */
+- LDNS_RR_TYPE_PTR = 12,
+- /** host information */
+- LDNS_RR_TYPE_HINFO = 13,
+- /** mailbox or mail list information */
+- LDNS_RR_TYPE_MINFO = 14,
+- /** mail exchange */
+- LDNS_RR_TYPE_MX = 15,
+- /** text strings */
+- LDNS_RR_TYPE_TXT = 16,
+- /** RFC1183 */
+- LDNS_RR_TYPE_RP = 17,
+- /** RFC1183 */
+- LDNS_RR_TYPE_AFSDB = 18,
+- /** RFC1183 */
+- LDNS_RR_TYPE_X25 = 19,
+- /** RFC1183 */
+- LDNS_RR_TYPE_ISDN = 20,
+- /** RFC1183 */
+- LDNS_RR_TYPE_RT = 21,
+- /** RFC1706 */
+- LDNS_RR_TYPE_NSAP = 22,
+- /** RFC1348 */
+- LDNS_RR_TYPE_NSAP_PTR = 23,
+- /** 2535typecode */
+- LDNS_RR_TYPE_SIG = 24,
+- /** 2535typecode */
+- LDNS_RR_TYPE_KEY = 25,
+- /** RFC2163 */
+- LDNS_RR_TYPE_PX = 26,
+- /** RFC1712 */
+- LDNS_RR_TYPE_GPOS = 27,
+- /** ipv6 address */
+- LDNS_RR_TYPE_AAAA = 28,
+- /** LOC record RFC1876 */
+- LDNS_RR_TYPE_LOC = 29,
+- /** 2535typecode */
+- LDNS_RR_TYPE_NXT = 30,
+- /** draft-ietf-nimrod-dns-01.txt */
+- LDNS_RR_TYPE_EID = 31,
+- /** draft-ietf-nimrod-dns-01.txt */
+- LDNS_RR_TYPE_NIMLOC = 32,
+- /** SRV record RFC2782 */
+- LDNS_RR_TYPE_SRV = 33,
+- /** http://www.jhsoft.com/rfc/af-saa-0069.000.rtf */
+- LDNS_RR_TYPE_ATMA = 34,
+- /** RFC2915 */
+- LDNS_RR_TYPE_NAPTR = 35,
+- /** RFC2230 */
+- LDNS_RR_TYPE_KX = 36,
+- /** RFC2538 */
+- LDNS_RR_TYPE_CERT = 37,
+- /** RFC2874 */
+- LDNS_RR_TYPE_A6 = 38,
+- /** RFC2672 */
+- LDNS_RR_TYPE_DNAME = 39,
+- /** dnsind-kitchen-sink-02.txt */
+- LDNS_RR_TYPE_SINK = 40,
+- /** Pseudo OPT record... */
+- LDNS_RR_TYPE_OPT = 41,
+- /** RFC3123 */
+- LDNS_RR_TYPE_APL = 42,
+- /** RFC4034, RFC3658 */
+- LDNS_RR_TYPE_DS = 43,
+- /** SSH Key Fingerprint */
+- LDNS_RR_TYPE_SSHFP = 44, /* RFC 4255 */
+- /** IPsec Key */
+- LDNS_RR_TYPE_IPSECKEY = 45, /* RFC 4025 */
+- /** DNSSEC */
+- LDNS_RR_TYPE_RRSIG = 46, /* RFC 4034 */
+- LDNS_RR_TYPE_NSEC = 47, /* RFC 4034 */
+- LDNS_RR_TYPE_DNSKEY = 48, /* RFC 4034 */
+-
+- LDNS_RR_TYPE_DHCID = 49, /* RFC 4701 */
+- /* NSEC3 */
+- LDNS_RR_TYPE_NSEC3 = 50, /* RFC 5155 */
+- LDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */
+- LDNS_RR_TYPE_NSEC3PARAMS = 51,
+- LDNS_RR_TYPE_TLSA = 52, /* RFC 6698 */
+-
+- LDNS_RR_TYPE_HIP = 55, /* RFC 5205 */
+-
+- /** draft-reid-dnsext-zs */
+- LDNS_RR_TYPE_NINFO = 56,
+- /** draft-reid-dnsext-rkey */
+- LDNS_RR_TYPE_RKEY = 57,
+- /** draft-ietf-dnsop-trust-history */
+- LDNS_RR_TYPE_TALINK = 58,
+- LDNS_RR_TYPE_CDS = 59, /* RFC 7344 */
+- LDNS_RR_TYPE_CDNSKEY = 60, /* RFC 7344 */
+- /** draft-ietf-dane-openpgpkey */
+- LDNS_RR_TYPE_OPENPGPKEY = 61,
+-
+- LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
+-
+- LDNS_RR_TYPE_UINFO = 100,
+- LDNS_RR_TYPE_UID = 101,
+- LDNS_RR_TYPE_GID = 102,
+- LDNS_RR_TYPE_UNSPEC = 103,
+-
+- LDNS_RR_TYPE_NID = 104, /* RFC 6742 */
+- LDNS_RR_TYPE_L32 = 105, /* RFC 6742 */
+- LDNS_RR_TYPE_L64 = 106, /* RFC 6742 */
+- LDNS_RR_TYPE_LP = 107, /* RFC 6742 */
+-
+- LDNS_RR_TYPE_EUI48 = 108, /* RFC 7043 */
+- LDNS_RR_TYPE_EUI64 = 109, /* RFC 7043 */
+-
+- LDNS_RR_TYPE_TKEY = 249, /* RFC 2930 */
+- LDNS_RR_TYPE_TSIG = 250,
+- LDNS_RR_TYPE_IXFR = 251,
+- LDNS_RR_TYPE_AXFR = 252,
+- /** A request for mailbox-related records (MB, MG or MR) */
+- LDNS_RR_TYPE_MAILB = 253,
+- /** A request for mail agent RRs (Obsolete - see MX) */
+- LDNS_RR_TYPE_MAILA = 254,
+- /** any type (wildcard) */
+- LDNS_RR_TYPE_ANY = 255,
+- /** draft-faltstrom-uri-06 */
+- LDNS_RR_TYPE_URI = 256,
+- LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */
+-
+- /** DNSSEC Trust Authorities */
+- LDNS_RR_TYPE_TA = 32768,
+- /* RFC 4431, 5074, DNSSEC Lookaside Validation */
+- LDNS_RR_TYPE_DLV = 32769,
+-
+- /* type codes from nsec3 experimental phase
+- LDNS_RR_TYPE_NSEC3 = 65324,
+- LDNS_RR_TYPE_NSEC3PARAMS = 65325, */
+- LDNS_RR_TYPE_FIRST = 0,
+- LDNS_RR_TYPE_LAST = 65535,
+- LDNS_RR_TYPE_COUNT = LDNS_RR_TYPE_LAST - LDNS_RR_TYPE_FIRST + 1
+-};
+-typedef enum ldns_enum_rr_type ldns_rr_type;
+-
+-/**
+- * Resource Record
+- *
+- * This is the basic DNS element that contains actual data
+- *
+- * From RFC1035:
+- * <pre>
+-3.2.1. Format
+-
+-All RRs have the same top level format shown below:
+-
+- 1 1 1 1 1 1
+- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- | |
+- / /
+- / NAME /
+- | |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- | TYPE |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- | CLASS |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- | TTL |
+- | |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- | RDLENGTH |
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+- / RDATA /
+- / /
+- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+-
+-where:
+-
+-NAME an owner name, i.e., the name of the node to which this
+- resource record pertains.
+-
+-TYPE two octets containing one of the RR TYPE codes.
+-
+-CLASS two octets containing one of the RR CLASS codes.
+-
+-TTL a 32 bit signed integer that specifies the time interval
+- that the resource record may be cached before the source
+- of the information should again be consulted. Zero
+- values are interpreted to mean that the RR can only be
+- used for the transaction in progress, and should not be
+- cached. For example, SOA records are always distributed
+- with a zero TTL to prohibit caching. Zero values can
+- also be used for extremely volatile data.
+-
+-RDLENGTH an unsigned 16 bit integer that specifies the length in
+- octets of the RDATA field.
+-
+-RDATA a variable length string of octets that describes the
+- resource. The format of this information varies
+- according to the TYPE and CLASS of the resource record.
+- * </pre>
+- *
+- * The actual amount and type of rdata fields depend on the RR type of the
+- * RR, and can be found by using \ref ldns_rr_descriptor functions.
+- */
+-struct ldns_struct_rr
+-{
+- /** Owner name, uncompressed */
+- ldns_rdf *_owner;
+- /** Time to live */
+- uint32_t _ttl;
+- /** Number of data fields */
+- size_t _rd_count;
+- /** the type of the RR. A, MX etc. */
+- ldns_rr_type _rr_type;
+- /** Class of the resource record. */
+- ldns_rr_class _rr_class;
+- /* everything in the rdata is in network order */
+- /** The array of rdata's */
+- ldns_rdf **_rdata_fields;
+- /** question rr [it would be nicer if thous is after _rd_count]
+- ABI change: Fix this in next major release
+- */
+- bool _rr_question;
+-};
+-typedef struct ldns_struct_rr ldns_rr;
+-
+-/**
+- * List or Set of Resource Records
+- *
+- * Contains a list of rr's <br>
+- * No official RFC-like checks are made
+- */
+-struct ldns_struct_rr_list
+-{
+- size_t _rr_count;
+- size_t _rr_capacity;
+- ldns_rr **_rrs;
+-};
+-typedef struct ldns_struct_rr_list ldns_rr_list;
+-
+-/**
+- * Contains all information about resource record types.
+- *
+- * This structure contains, for all rr types, the rdata fields that are defined.
+- */
+-struct ldns_struct_rr_descriptor
+-{
+- /** Type of the RR that is described here */
+- ldns_rr_type _type;
+- /** Textual name of the RR type. */
+- const char *_name;
+- /** Minimum number of rdata fields in the RRs of this type. */
+- uint8_t _minimum;
+- /** Maximum number of rdata fields in the RRs of this type. */
+- uint8_t _maximum;
+- /** Wireformat specification for the rr, i.e. the types of rdata fields in their respective order. */
+- const ldns_rdf_type *_wireformat;
+- /** Special rdf types */
+- ldns_rdf_type _variable;
+- /** Specifies whether compression can be used for dnames in this RR type. */
+- ldns_rr_compress _compress;
+- /** The number of DNAMEs in the _wireformat string, for parsing. */
+- uint8_t _dname_count;
+-};
+-typedef struct ldns_struct_rr_descriptor ldns_rr_descriptor;
+-
+-
+-/**
+- * Create a rr type bitmap rdf providing enough space to set all
+- * known (to ldns) rr types.
+- * \param[out] rdf the constructed rdf
+- * \return LDNS_STATUS_OK if all went well.
+- */
+-ldns_status ldns_rdf_bitmap_known_rr_types_space(ldns_rdf** rdf);
+-
+-/**
+- * Create a rr type bitmap rdf with at least all known (to ldns) rr types set.
+- * \param[out] rdf the constructed rdf
+- * \return LDNS_STATUS_OK if all went well.
+- */
+-ldns_status ldns_rdf_bitmap_known_rr_types(ldns_rdf** rdf);
+-
+-
+-/**
+- * creates a new rr structure.
+- * \return ldns_rr *
+- */
+-ldns_rr* ldns_rr_new(void);
+-
+-/**
+- * creates a new rr structure, based on the given type.
+- * alloc enough space to hold all the rdf's
+- */
+-ldns_rr* ldns_rr_new_frm_type(ldns_rr_type t);
+-
+-/**
+- * frees an RR structure
+- * \param[in] *rr the RR to be freed
+- * \return void
+- */
+-void ldns_rr_free(ldns_rr *rr);
+-
+-/**
+- * creates an rr from a string.
+- * The string should be a fully filled-in rr, like
+- * ownername <space> TTL <space> CLASS <space>
+- * TYPE <space> RDATA.
+- * \param[out] n the rr to return
+- * \param[in] str the string to convert
+- * \param[in] default_ttl default ttl value for the rr.
+- * If 0 DEF_TTL will be used
+- * \param[in] origin when the owner is relative add this.
+- * The caller must ldns_rdf_deep_free it.
+- * \param[out] prev the previous ownername. if this value is not NULL,
+- * the function overwrites this with the ownername found in this
+- * string. The caller must then ldns_rdf_deep_free it.
+- * \return a status msg describing an error or LDNS_STATUS_OK
+- */
+-ldns_status ldns_rr_new_frm_str(ldns_rr **n, const char *str,
+- uint32_t default_ttl, ldns_rdf *origin,
+- ldns_rdf **prev);
+-
+-/**
+- * creates an rr for the question section from a string, i.e.
+- * without RDATA fields
+- * Origin and previous RR functionality are the same as in
+- * ldns_rr_new_frm_str()
+- * \param[out] n the rr to return
+- * \param[in] str the string to convert
+- * \param[in] origin when the owner is relative add this.
+- * The caller must ldns_rdf_deep_free it.
+- * \param prev the previous ownername. the function overwrite this with
+- * the current found ownername. The caller must ldns_rdf_deep_free it.
+- * \return a status msg describing an error or LDNS_STATUS_OK
+- */
+-ldns_status ldns_rr_new_question_frm_str(ldns_rr **n, const char *str,
+- ldns_rdf *origin, ldns_rdf **prev);
+-
+-/**
+- * creates a new rr from a file containing a string.
+- * \param[out] rr the new rr
+- * \param[in] fp the file pointer to use
+- * \param[in] default_ttl pointer to a default ttl for the rr. If NULL DEF_TTL will be used
+- * the pointer will be updated if the file contains a $TTL directive
+- * \param[in] origin when the owner is relative add this
+- * the pointer will be updated if the file contains a $ORIGIN directive
+- * The caller must ldns_rdf_deep_free it.
+- * \param[in] prev when the owner is whitespaces use this as the * ownername
+- * the pointer will be updated after the call
+- * The caller must ldns_rdf_deep_free it.
+- * \return a ldns_status with an error or LDNS_STATUS_OK
+- */
+-ldns_status ldns_rr_new_frm_fp(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev);
+-
+-/**
+- * creates a new rr from a file containing a string.
+- * \param[out] rr the new rr
+- * \param[in] fp the file pointer to use
+- * \param[in] default_ttl a default ttl for the rr. If NULL DEF_TTL will be used
+- * the pointer will be updated if the file contains a $TTL directive
+- * \param[in] origin when the owner is relative add this
+- * the pointer will be updated if the file contains a $ORIGIN directive
+- * The caller must ldns_rdf_deep_free it.
+- * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
+- * \param[in] prev when the owner is whitespaces use this as the * ownername
+- * the pointer will be updated after the call
+- * The caller must ldns_rdf_deep_free it.
+- * \return a ldns_status with an error or LDNS_STATUS_OK
+- */
+-ldns_status ldns_rr_new_frm_fp_l(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr);
+-
+-/**
+- * sets the owner in the rr structure.
+- * \param[in] *rr rr to operate on
+- * \param[in] *owner set to this owner
+- * \return void
+- */
+-void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner);
+-
+-/**
+- * sets the question flag in the rr structure.
+- * \param[in] *rr rr to operate on
+- * \param[in] question question flag
+- * \return void
+- */
+-void ldns_rr_set_question(ldns_rr *rr, bool question);
+-
+-/**
+- * sets the ttl in the rr structure.
+- * \param[in] *rr rr to operate on
+- * \param[in] ttl set to this ttl
+- * \return void
+- */
+-void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl);
+-
+-/**
+- * sets the rd_count in the rr.
+- * \param[in] *rr rr to operate on
+- * \param[in] count set to this count
+- * \return void
+- */
+-void ldns_rr_set_rd_count(ldns_rr *rr, size_t count);
+-
+-/**
+- * sets the type in the rr.
+- * \param[in] *rr rr to operate on
+- * \param[in] rr_type set to this type
+- * \return void
+- */
+-void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type);
+-
+-/**
+- * sets the class in the rr.
+- * \param[in] *rr rr to operate on
+- * \param[in] rr_class set to this class
+- * \return void
+- */
+-void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class);
+-
+-/**
+- * sets a rdf member, it will be set on the
+- * position given. The old value is returned, like pop.
+- * \param[in] *rr the rr to operate on
+- * \param[in] *f the rdf to set
+- * \param[in] position the position the set the rdf
+- * \return the old value in the rr, NULL on failyre
+- */
+-ldns_rdf* ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position);
+-
+-/**
+- * sets rd_field member, it will be
+- * placed in the next available spot.
+- * \param[in] *rr rr to operate on
+- * \param[in] *f the data field member to set
+- * \return bool
+- */
+-bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f);
+-
+-/**
+- * removes a rd_field member, it will be
+- * popped from the last position.
+- * \param[in] *rr rr to operate on
+- * \return rdf which was popped (null if nothing)
+- */
+-ldns_rdf* ldns_rr_pop_rdf(ldns_rr *rr);
+-
+-/**
+- * returns the rdata field member counter.
+- * \param[in] *rr rr to operate on
+- * \param[in] nr the number of the rdf to return
+- * \return ldns_rdf *
+- */
+-ldns_rdf* ldns_rr_rdf(const ldns_rr *rr, size_t nr);
+-
+-/**
+- * returns the owner name of an rr structure.
+- * \param[in] *rr rr to operate on
+- * \return ldns_rdf *
+- */
+-ldns_rdf* ldns_rr_owner(const ldns_rr *rr);
+-
+-/**
+- * returns the question flag of an rr structure.
+- * \param[in] *rr rr to operate on
+- * \return bool true if question
+- */
+-bool ldns_rr_is_question(const ldns_rr *rr);
+-
+-/**
+- * returns the ttl of an rr structure.
+- * \param[in] *rr the rr to read from
+- * \return the ttl of the rr
+- */
+-uint32_t ldns_rr_ttl(const ldns_rr *rr);
+-
+-/**
+- * returns the rd_count of an rr structure.
+- * \param[in] *rr the rr to read from
+- * \return the rd count of the rr
+- */
+-size_t ldns_rr_rd_count(const ldns_rr *rr);
+-
+-/**
+- * returns the type of the rr.
+- * \param[in] *rr the rr to read from
+- * \return the type of the rr
+- */
+-ldns_rr_type ldns_rr_get_type(const ldns_rr *rr);
+-
+-/**
+- * returns the class of the rr.
+- * \param[in] *rr the rr to read from
+- * \return the class of the rr
+- */
+-ldns_rr_class ldns_rr_get_class(const ldns_rr *rr);
+-
+-/* rr_lists */
+-
+-/**
+- * returns the number of rr's in an rr_list.
+- * \param[in] rr_list the rr_list to read from
+- * \return the number of rr's
+- */
+-size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list);
+-
+-/**
+- * sets the number of rr's in an rr_list.
+- * \param[in] rr_list the rr_list to set the count on
+- * \param[in] count the number of rr in this list
+- * \return void
+- */
+-void ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count);
+-
+-/**
+- * set a rr on a specific index in a ldns_rr_list
+- * \param[in] rr_list the rr_list to use
+- * \param[in] r the rr to set
+- * \param[in] count index into the rr_list
+- * \return the old rr which was stored in the rr_list, or
+- * NULL is the index was too large
+- * set a specific rr */
+-ldns_rr * ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count);
+-
+-/**
+- * returns a specific rr of an rrlist.
+- * \param[in] rr_list the rr_list to read from
+- * \param[in] nr return this rr
+- * \return the rr at position nr
+- */
+-ldns_rr* ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr);
+-
+-/**
+- * creates a new rr_list structure.
+- * \return a new rr_list structure
+- */
+-ldns_rr_list* ldns_rr_list_new(void);
+-
+-/**
+- * frees an rr_list structure.
+- * \param[in] rr_list the list to free
+- */
+-void ldns_rr_list_free(ldns_rr_list *rr_list);
+-
+-/**
+- * frees an rr_list structure and all rrs contained therein.
+- * \param[in] rr_list the list to free
+- */
+-void ldns_rr_list_deep_free(ldns_rr_list *rr_list);
+-
+-/**
+- * concatenates two ldns_rr_lists together. This modifies
+- * *left (to extend it and add the pointers from *right).
+- * \param[in] left the leftside
+- * \param[in] right the rightside
+- * \return a left with right concatenated to it
+- */
+-bool ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right);
+-
+-/**
+- * concatenates two ldns_rr_lists together, but makes clones of the rr's
+- * (instead of pointer copying).
+- * \param[in] left the leftside
+- * \param[in] right the rightside
+- * \return a new rr_list with leftside/rightside concatenated
+- */
+-ldns_rr_list* ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right);
+-
+-/**
+- * pushes an rr to an rrlist.
+- * \param[in] rr_list the rr_list to push to
+- * \param[in] rr the rr to push
+- * \return false on error, otherwise true
+- */
+-bool ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr);
+-
+-/**
+- * pushes an rr_list to an rrlist.
+- * \param[in] rr_list the rr_list to push to
+- * \param[in] push_list the rr_list to push
+- * \return false on error, otherwise true
+- */
+-bool ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list);
+-
+-/**
+- * pops the last rr from an rrlist.
+- * \param[in] rr_list the rr_list to pop from
+- * \return NULL if nothing to pop. Otherwise the popped RR
+- */
+-ldns_rr* ldns_rr_list_pop_rr(ldns_rr_list *rr_list);
+-
+-/**
+- * pops an rr_list of size s from an rrlist.
+- * \param[in] rr_list the rr_list to pop from
+- * \param[in] size the number of rr's to pop
+- * \return NULL if nothing to pop. Otherwise the popped rr_list
+- */
+-ldns_rr_list* ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t size);
+-
+-/**
+- * returns true if the given rr is one of the rrs in the
+- * list, or if it is equal to one
+- * \param[in] rr_list the rr_list to check
+- * \param[in] rr the rr to check
+- * \return true if rr_list contains rr, false otherwise
+- */
+-bool ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr);
+-
+-/**
+- * checks if an rr_list is a rrset.
+- * \param[in] rr_list the rr_list to check
+- * \return true if it is an rrset otherwise false
+- */
+-bool ldns_is_rrset(ldns_rr_list *rr_list);
+-
+-/**
+- * pushes an rr to an rrset (which really are rr_list's).
+- * \param[in] *rr_list the rrset to push the rr to
+- * \param[in] *rr the rr to push
+- * \return true if the push succeeded otherwise false
+- */
+-bool ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr);
+-
+-/**
+- * pops the last rr from an rrset. This function is there only
+- * for the symmetry.
+- * \param[in] rr_list the rr_list to pop from
+- * \return NULL if nothing to pop. Otherwise the popped RR
+- *
+- */
+-ldns_rr* ldns_rr_set_pop_rr(ldns_rr_list *rr_list);
+-
+-/**
+- * pops the first rrset from the list,
+- * the list must be sorted, so that all rr's from each rrset
+- * are next to each other
+- */
+-ldns_rr_list *ldns_rr_list_pop_rrset(ldns_rr_list *rr_list);
+-
+-
+-/**
+- * retrieves a rrtype by looking up its name.
+- * \param[in] name a string with the name
+- * \return the type which corresponds with the name
+- */
+-ldns_rr_type ldns_get_rr_type_by_name(const char *name);
+-
+-/**
+- * retrieves a class by looking up its name.
+- * \param[in] name string with the name
+- * \return the cass which corresponds with the name
+- */
+-ldns_rr_class ldns_get_rr_class_by_name(const char *name);
+-
+-/**
+- * clones a rr and all its data
+- * \param[in] rr the rr to clone
+- * \return the new rr or NULL on failure
+- */
+-ldns_rr* ldns_rr_clone(const ldns_rr *rr);
+-
+-/**
+- * clones an rrlist.
+- * \param[in] rrlist the rrlist to clone
+- * \return the cloned rr list
+- */
+-ldns_rr_list* ldns_rr_list_clone(const ldns_rr_list *rrlist);
+-
+-/**
+- * sorts an rr_list (canonical wire format). the sorting is done inband.
+- * \param[in] unsorted the rr_list to be sorted
+- * \return void
+- */
+-void ldns_rr_list_sort(ldns_rr_list *unsorted);
+-
+-/**
+- * compares two rrs. The TTL is not looked at.
+- * \param[in] rr1 the first one
+- * \param[in] rr2 the second one
+- * \return 0 if equal
+- * -1 if rr1 comes before rr2
+- * +1 if rr2 comes before rr1
+- */
+-int ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2);
+-
+-/**
+- * compares two rrs, up to the rdata.
+- * \param[in] rr1 the first one
+- * \param[in] rr2 the second one
+- * \return 0 if equal
+- * -1 if rr1 comes before rr2
+- * +1 if rr2 comes before rr1
+- */
+-int ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2);
+-
+-/**
+- * compares the wireformat of two rrs, contained in the given buffers.
+- * \param[in] rr1_buf the first one
+- * \param[in] rr2_buf the second one
+- * \return 0 if equal
+- * -1 if rr1_buf comes before rr2_buf
+- * +1 if rr2_buf comes before rr1_buf
+- */
+-int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf);
+-
+-/**
+- * returns true of the given rr's are equal.
+- * Also returns true if one record is a DS that represents the
+- * same DNSKEY record as the other record
+- * \param[in] rr1 the first rr
+- * \param[in] rr2 the second rr
+- * \return true if equal otherwise false
+- */
+-bool ldns_rr_compare_ds(const ldns_rr *rr1, const ldns_rr *rr2);
+-
+-/**
+- * compares two rr listss.
+- * \param[in] rrl1 the first one
+- * \param[in] rrl2 the second one
+- * \return 0 if equal
+- * -1 if rrl1 comes before rrl2
+- * +1 if rrl2 comes before rrl1
+- */
+-int ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2);
+-
+-/**
+- * calculates the uncompressed size of an RR.
+- * \param[in] r the rr to operate on
+- * \return size of the rr
+- */
+-size_t ldns_rr_uncompressed_size(const ldns_rr *r);
+-
+-/**
+- * converts each dname in a rr to its canonical form.
+- * \param[in] rr the rr to work on
+- * \return void
+- */
+-void ldns_rr2canonical(ldns_rr *rr);
+-
+-/**
+- * converts each dname in each rr in a rr_list to its canonical form.
+- * \param[in] rr_list the rr_list to work on
+- * \return void
+- */
+-void ldns_rr_list2canonical(ldns_rr_list *rr_list);
+-
+-/**
+- * counts the number of labels of the ownername.
+- * \param[in] rr count the labels of this rr
+- * \return the number of labels
+- */
+-uint8_t ldns_rr_label_count(ldns_rr *rr);
+-
+-/**
+- * returns the resource record descriptor for the given rr type.
+- *
+- * \param[in] type the type value of the rr type
+- *\return the ldns_rr_descriptor for this type
+- */
+-const ldns_rr_descriptor *ldns_rr_descript(uint16_t type);
+-
+-/**
+- * returns the minimum number of rdata fields of the rr type this descriptor describes.
+- *
+- * \param[in] descriptor for an rr type
+- * \return the minimum number of rdata fields
+- */
+-size_t ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor);
+-
+-/**
+- * returns the maximum number of rdata fields of the rr type this descriptor describes.
+- *
+- * \param[in] descriptor for an rr type
+- * \return the maximum number of rdata fields
+- */
+-size_t ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor);
+-
+-/**
+- * returns the rdf type for the given rdata field number of the rr type for the given descriptor.
+- *
+- * \param[in] descriptor for an rr type
+- * \param[in] field the field number
+- * \return the rdf type for the field
+- */
+-ldns_rdf_type ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, size_t field);
+-
+-/**
+- * Return the rr_list which matches the rdf at position field. Think
+- * type-covered stuff for RRSIG
+- *
+- * \param[in] l the rr_list to look in
+- * \param[in] r the rdf to use for the comparison
+- * \param[in] pos at which position can we find the rdf
+- *
+- * \return a new rr list with only the RRs that match
+- *
+- */
+-ldns_rr_list *ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos);
+-
+-/**
+- * convert an rdf of type LDNS_RDF_TYPE_TYPE to an actual
+- * LDNS_RR_TYPE. This is usefull in the case when inspecting
+- * the rrtype covered field of an RRSIG.
+- * \param[in] rd the rdf to look at
+- * \return a ldns_rr_type with equivalent LDNS_RR_TYPE
+- *
+- */
+-ldns_rr_type ldns_rdf2rr_type(const ldns_rdf *rd);
+-
+-/**
+- * Returns the type of the first element of the RR
+- * If there are no elements present, 0 is returned
+- *
+- * \param[in] rr_list The rr list
+- * \return rr_type of the first element, or 0 if the list is empty
+- */
+-ldns_rr_type
+-ldns_rr_list_type(const ldns_rr_list *rr_list);
+-
+-/**
+- * Returns the owner domain name rdf of the first element of the RR
+- * If there are no elements present, NULL is returned
+- *
+- * \param[in] rr_list The rr list
+- * \return dname of the first element, or NULL if the list is empty
+- */
+-ldns_rdf *
+-ldns_rr_list_owner(const ldns_rr_list *rr_list);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_RR_H */
+diff --git a/include/ldns/rr_functions.h b/include/ldns/rr_functions.h
+deleted file mode 100644
+index 09a28dd..0000000
+--- a/include/ldns/rr_functions.h
++++ /dev/null
+@@ -1,363 +0,0 @@
+-/*
+- * rr_functions.h
+- *
+- * the .h file with defs for the per rr
+- * functions
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-#ifndef LDNS_RR_FUNCTIONS_H
+-#define LDNS_RR_FUNCTIONS_H
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * \file
+- *
+- * Defines some extra convenience functions for ldns_rr structures
+- */
+-
+-/* A / AAAA */
+-/**
+- * returns the address of a LDNS_RR_TYPE_A rr
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the address or NULL on failure
+- */
+-ldns_rdf* ldns_rr_a_address(const ldns_rr *r);
+-
+-/**
+- * sets the address of a LDNS_RR_TYPE_A rr
+- * \param[in] r the rr to use
+- * \param[in] f the address to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f);
+-
+-/* NS */
+-/**
+- * returns the name of a LDNS_RR_TYPE_NS rr
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the name or NULL on failure
+- */
+-ldns_rdf* ldns_rr_ns_nsdname(const ldns_rr *r);
+-
+-/* MX */
+-/**
+- * returns the mx pref. of a LDNS_RR_TYPE_MX rr
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the preference or NULL on failure
+- */
+-ldns_rdf* ldns_rr_mx_preference(const ldns_rr *r);
+-/**
+- * returns the mx host of a LDNS_RR_TYPE_MX rr
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the name of the MX host or NULL on failure
+- */
+-ldns_rdf* ldns_rr_mx_exchange(const ldns_rr *r);
+-
+-/* RRSIG */
+-/**
+- * returns the type covered of a LDNS_RR_TYPE_RRSIG rr
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the type covered or NULL on failure
+- */
+-ldns_rdf* ldns_rr_rrsig_typecovered(const ldns_rr *r);
+-/**
+- * sets the typecovered of a LDNS_RR_TYPE_RRSIG rr
+- * \param[in] r the rr to use
+- * \param[in] f the typecovered to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the algorithm of a LDNS_RR_TYPE_RRSIG RR
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the algorithm or NULL on failure
+- */
+-ldns_rdf* ldns_rr_rrsig_algorithm(const ldns_rr *r);
+-/**
+- * sets the algorithm of a LDNS_RR_TYPE_RRSIG rr
+- * \param[in] r the rr to use
+- * \param[in] f the algorithm to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the number of labels of a LDNS_RR_TYPE_RRSIG RR
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the number of labels or NULL on failure
+- */
+-ldns_rdf *ldns_rr_rrsig_labels(const ldns_rr *r);
+-/**
+- * sets the number of labels of a LDNS_RR_TYPE_RRSIG rr
+- * \param[in] r the rr to use
+- * \param[in] f the number of labels to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the original TTL of a LDNS_RR_TYPE_RRSIG RR
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the original TTL or NULL on failure
+- */
+-ldns_rdf* ldns_rr_rrsig_origttl(const ldns_rr *r);
+-/**
+- * sets the original TTL of a LDNS_RR_TYPE_RRSIG rr
+- * \param[in] r the rr to use
+- * \param[in] f the original TTL to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the expiration time of a LDNS_RR_TYPE_RRSIG RR
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the expiration time or NULL on failure
+- */
+-ldns_rdf* ldns_rr_rrsig_expiration(const ldns_rr *r);
+-/**
+- * sets the expireation date of a LDNS_RR_TYPE_RRSIG rr
+- * \param[in] r the rr to use
+- * \param[in] f the expireation date to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the inception time of a LDNS_RR_TYPE_RRSIG RR
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the inception time or NULL on failure
+- */
+-ldns_rdf* ldns_rr_rrsig_inception(const ldns_rr *r);
+-/**
+- * sets the inception date of a LDNS_RR_TYPE_RRSIG rr
+- * \param[in] r the rr to use
+- * \param[in] f the inception date to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the keytag of a LDNS_RR_TYPE_RRSIG RR
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the keytag or NULL on failure
+- */
+-ldns_rdf* ldns_rr_rrsig_keytag(const ldns_rr *r);
+-/**
+- * sets the keytag of a LDNS_RR_TYPE_RRSIG rr
+- * \param[in] r the rr to use
+- * \param[in] f the keytag to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the signers name of a LDNS_RR_TYPE_RRSIG RR
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the signers name or NULL on failure
+- */
+-ldns_rdf* ldns_rr_rrsig_signame(const ldns_rr *r);
+-/**
+- * sets the signers name of a LDNS_RR_TYPE_RRSIG rr
+- * \param[in] r the rr to use
+- * \param[in] f the signers name to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the signature data of a LDNS_RR_TYPE_RRSIG RR
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the signature data or NULL on failure
+- */
+-ldns_rdf* ldns_rr_rrsig_sig(const ldns_rr *r);
+-/**
+- * sets the signature data of a LDNS_RR_TYPE_RRSIG rr
+- * \param[in] r the rr to use
+- * \param[in] f the signature data to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f);
+-
+-/* DNSKEY */
+-/**
+- * returns the flags of a LDNS_RR_TYPE_DNSKEY rr
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the flags or NULL on failure
+- */
+-ldns_rdf* ldns_rr_dnskey_flags(const ldns_rr *r);
+-/**
+- * sets the flags of a LDNS_RR_TYPE_DNSKEY rr
+- * \param[in] r the rr to use
+- * \param[in] f the flags to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the protocol of a LDNS_RR_TYPE_DNSKEY rr
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the protocol or NULL on failure
+- */
+-ldns_rdf* ldns_rr_dnskey_protocol(const ldns_rr *r);
+-/**
+- * sets the protocol of a LDNS_RR_TYPE_DNSKEY rr
+- * \param[in] r the rr to use
+- * \param[in] f the protocol to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the algorithm of a LDNS_RR_TYPE_DNSKEY rr
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the algorithm or NULL on failure
+- */
+-ldns_rdf* ldns_rr_dnskey_algorithm(const ldns_rr *r);
+-/**
+- * sets the algorithm of a LDNS_RR_TYPE_DNSKEY rr
+- * \param[in] r the rr to use
+- * \param[in] f the algorithm to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f);
+-/**
+- * returns the key data of a LDNS_RR_TYPE_DNSKEY rr
+- * \param[in] r the resource record
+- * \return a ldns_rdf* with the key data or NULL on failure
+- */
+-ldns_rdf* ldns_rr_dnskey_key(const ldns_rr *r);
+-/**
+- * sets the key data of a LDNS_RR_TYPE_DNSKEY rr
+- * \param[in] r the rr to use
+- * \param[in] f the key data to set
+- * \return true on success, false otherwise
+- */
+-bool ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f);
+-
+-/**
+- * get the length of the keydata in bits
+- * \param[in] keydata the raw key data
+- * \param[in] len the length of the keydata
+- * \param[in] alg the cryptographic algorithm this is a key for
+- * \return the keysize in bits, or 0 on error
+- */
+-size_t ldns_rr_dnskey_key_size_raw(const unsigned char *keydata,
+- const size_t len,
+- const ldns_algorithm alg);
+-
+-/**
+- * get the length of the keydata in bits
+- * \param[in] key the key rr to use
+- * \return the keysize in bits
+- */
+-size_t ldns_rr_dnskey_key_size(const ldns_rr *key);
+-
+-/**
+- * The type of function to be passed to ldns_rr_soa_increment_func,
+- * ldns_rr_soa_increment_func_data or ldns_rr_soa_increment_int.
+- * The function will be called with as the first argument the current serial
+- * number of the SOA RR to be updated, and as the second argument a value
+- * given when calling ldns_rr_soa_increment_func_data or
+- * ldns_rr_soa_increment_int. With ldns_rr_soa_increment_int the pointer
+- * value holds the integer value passed to ldns_rr_soa_increment_int,
+- * and it should be cast to intptr_t to be used as an integer by the
+- * serial modifying function.
+- */
+-typedef uint32_t (*ldns_soa_serial_increment_func_t)(uint32_t, void*);
+-
+-/**
+- * Function to be used with dns_rr_soa_increment_func_int, to set the soa
+- * serial number.
+- * \param[in] unused the (unused) current serial number.
+- * \param[in] data the serial number to be set.
+- */
+-uint32_t ldns_soa_serial_identity(uint32_t unused, void *data);
+-
+-/**
+- * Function to be used with dns_rr_soa_increment_func, to increment the soa
+- * serial number with one.
+- * \param[in] s the current serial number.
+- * \param[in] unused unused.
+- */
+-uint32_t ldns_soa_serial_increment(uint32_t s, void *unused);
+-
+-/**
+- * Function to be used with dns_rr_soa_increment_func_int, to increment the soa
+- * serial number with a certain amount.
+- * \param[in] s the current serial number.
+- * \param[in] data the amount to add to the current serial number.
+- */
+-uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data);
+-
+-/**
+- * Function to be used with ldns_rr_soa_increment_func or
+- * ldns_rr_soa_increment_func_int to set the soa serial to the number of
+- * seconds since unix epoch (1-1-1970 00:00).
+- * When data is given (i.e. the function is called via
+- * ldns_rr_soa_increment_func_int), it is used as the current time.
+- * When the resulting serial number is smaller than the current serial number,
+- * the current serial number is increased by one.
+- * \param[in] s the current serial number.
+- * \param[in] data the time in seconds since 1-1-1970 00:00
+- */
+-uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data);
+-
+-/**
+- * Function to be used with ldns_rr_soa_increment_func or
+- * ldns_rr_soa_increment_func_int to set the soa serial to the current date
+- * succeeded by a two digit iteration (datecounter).
+- * When data is given (i.e. the function is called via
+- * ldns_rr_soa_increment_func_int), it is used as the current time.
+- * When the resulting serial number is smaller than the current serial number,
+- * the current serial number is increased by one.
+- * \param[in] s the current serial number.
+- * \param[in] data the time in seconds since 1-1-1970 00:00
+- */
+-uint32_t ldns_soa_serial_datecounter(uint32_t s, void *data);
+-
+-/**
+- * Increment the serial number of the given SOA by one.
+- * \param[in] soa The soa rr to be incremented
+- */
+-void ldns_rr_soa_increment(
+- ldns_rr *soa);
+-
+-/**
+- * Increment the serial number of the given SOA with the given function.
+- * Included functions to be used here are: ldns_rr_soa_increment,
+- * ldns_soa_serial_unixtime and ldns_soa_serial_datecounter.
+- * \param[in] soa The soa rr to be incremented
+- * \param[in] f the function to use to increment the soa rr.
+- */
+-void ldns_rr_soa_increment_func(
+- ldns_rr *soa, ldns_soa_serial_increment_func_t f);
+-
+-/**
+- * Increment the serial number of the given SOA with the given function
+- * passing it the given data argument.
+- * \param[in] soa The soa rr to be incremented
+- * \param[in] f the function to use to increment the soa rr.
+- * \param[in] data this argument will be passed to f as the second argument.
+- */
+-void ldns_rr_soa_increment_func_data(
+- ldns_rr *soa, ldns_soa_serial_increment_func_t f, void *data);
+-
+-/**
+- * Increment the serial number of the given SOA with the given function
+- * using data as an argument for the function.
+- * Included functions to be used here are: ldns_soa_serial_identity,
+- * ldns_rr_soa_increment_by, ldns_soa_serial_unixtime and
+- * ldns_soa_serial_datecounter.
+- * \param[in] soa The soa rr to be incremented
+- * \param[in] f the function to use to increment the soa rr.
+- * \param[in] data this argument will be passed to f as the second argument
+- * (by casting it to void*).
+- */
+-void ldns_rr_soa_increment_func_int(
+- ldns_rr *soa, ldns_soa_serial_increment_func_t f, int data);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_RR_FUNCTIONS_H */
+diff --git a/include/ldns/sha1.h b/include/ldns/sha1.h
+deleted file mode 100644
+index d5b1082..0000000
+--- a/include/ldns/sha1.h
++++ /dev/null
+@@ -1,38 +0,0 @@
+-#ifndef LDNS_SHA1_H
+-#define LDNS_SHA1_H
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-#define LDNS_SHA1_BLOCK_LENGTH 64
+-#define LDNS_SHA1_DIGEST_LENGTH 20
+-
+-typedef struct {
+- uint32_t state[5];
+- uint64_t count;
+- unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH];
+-} ldns_sha1_ctx;
+-
+-void ldns_sha1_init(ldns_sha1_ctx * context);
+-void ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]);
+-void ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len);
+-void ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context);
+-
+-/**
+- * Convenience function to digest a fixed block of data at once.
+- *
+- * \param[in] data the data to digest
+- * \param[in] data_len the length of data in bytes
+- * \param[out] digest the length of data in bytes
+- * This pointer MUST have LDNS_SHA1_DIGEST_LENGTH bytes
+- * available
+- * \return the SHA1 digest of the given data
+- */
+-unsigned char *ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_SHA1_H */
+diff --git a/include/ldns/sha2.h b/include/ldns/sha2.h
+deleted file mode 100644
+index 238767a..0000000
+--- a/include/ldns/sha2.h
++++ /dev/null
+@@ -1,149 +0,0 @@
+-/*
+- * FILE: sha2.h
+- * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/
+- *
+- * Copyright (c) 2000-2001, Aaron D. Gifford
+- * All rights reserved.
+- *
+- * Modified by Jelte Jansen to fit in ldns, and not clash with any
+- * system-defined SHA code.
+- * Changes:
+- * - Renamed (external) functions and constants to fit ldns style
+- * - Removed uintXX vs. u_intXX smartness, since ldns needs uintXX
+- * anyway
+- * - BYTE ORDER check replaced by simple ifdef as defined or not by
+- * configure.ac
+- * - Removed _End and _Data functions
+- * - Added ldns_shaX(data, len, digest) functions
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- * 3. Neither the name of the copyright holder nor the names of contributors
+- * may be used to endorse or promote products derived from this software
+- * without specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- *
+- * $Id: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
+- */
+-
+-#ifndef __LDNS_SHA2_H__
+-#define __LDNS_SHA2_H__
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-
+-/*
+- * Import u_intXX_t size_t type definitions from system headers. You
+- * may need to change this, or define these things yourself in this
+- * file.
+- */
+-#include <sys/types.h>
+-
+-#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H
+-
+-#include <inttypes.h>
+-
+-#endif /* LDNS_BUILD_CONFIG_HAVE_INTTYPES_H */
+-
+-
+-/*** SHA-256/384/512 Various Length Definitions ***********************/
+-#define LDNS_SHA256_BLOCK_LENGTH 64
+-#define LDNS_SHA256_DIGEST_LENGTH 32
+-#define LDNS_SHA256_DIGEST_STRING_LENGTH (LDNS_SHA256_DIGEST_LENGTH * 2 + 1)
+-#define LDNS_SHA384_BLOCK_LENGTH 128
+-#define LDNS_SHA384_DIGEST_LENGTH 48
+-#define LDNS_SHA384_DIGEST_STRING_LENGTH (LDNS_SHA384_DIGEST_LENGTH * 2 + 1)
+-#define LDNS_SHA512_BLOCK_LENGTH 128
+-#define LDNS_SHA512_DIGEST_LENGTH 64
+-#define LDNS_SHA512_DIGEST_STRING_LENGTH (LDNS_SHA512_DIGEST_LENGTH * 2 + 1)
+-
+-
+-/*** SHA-256/384/512 Context Structures *******************************/
+-
+-typedef struct _ldns_sha256_CTX {
+- uint32_t state[8];
+- uint64_t bitcount;
+- uint8_t buffer[LDNS_SHA256_BLOCK_LENGTH];
+-} ldns_sha256_CTX;
+-typedef struct _ldns_sha512_CTX {
+- uint64_t state[8];
+- uint64_t bitcount[2];
+- uint8_t buffer[LDNS_SHA512_BLOCK_LENGTH];
+-} ldns_sha512_CTX;
+-
+-typedef ldns_sha512_CTX ldns_sha384_CTX;
+-
+-
+-/*** SHA-256/384/512 Function Prototypes ******************************/
+-void ldns_sha256_init(ldns_sha256_CTX *);
+-void ldns_sha256_update(ldns_sha256_CTX*, const uint8_t*, size_t);
+-void ldns_sha256_final(uint8_t[LDNS_SHA256_DIGEST_LENGTH], ldns_sha256_CTX*);
+-
+-void ldns_sha384_init(ldns_sha384_CTX*);
+-void ldns_sha384_update(ldns_sha384_CTX*, const uint8_t*, size_t);
+-void ldns_sha384_final(uint8_t[LDNS_SHA384_DIGEST_LENGTH], ldns_sha384_CTX*);
+-
+-void ldns_sha512_init(ldns_sha512_CTX*);
+-void ldns_sha512_update(ldns_sha512_CTX*, const uint8_t*, size_t);
+-void ldns_sha512_final(uint8_t[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_CTX*);
+-
+-/**
+- * Convenience function to digest a fixed block of data at once.
+- *
+- * \param[in] data the data to digest
+- * \param[in] data_len the length of data in bytes
+- * \param[out] digest the length of data in bytes
+- * This pointer MUST have LDNS_SHA256_DIGEST_LENGTH bytes
+- * available
+- * \return the SHA1 digest of the given data
+- */
+-unsigned char *ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest);
+-
+-/**
+- * Convenience function to digest a fixed block of data at once.
+- *
+- * \param[in] data the data to digest
+- * \param[in] data_len the length of data in bytes
+- * \param[out] digest the length of data in bytes
+- * This pointer MUST have LDNS_SHA384_DIGEST_LENGTH bytes
+- * available
+- * \return the SHA1 digest of the given data
+- */
+-unsigned char *ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest);
+-
+-/**
+- * Convenience function to digest a fixed block of data at once.
+- *
+- * \param[in] data the data to digest
+- * \param[in] data_len the length of data in bytes
+- * \param[out] digest the length of data in bytes
+- * This pointer MUST have LDNS_SHA512_DIGEST_LENGTH bytes
+- * available
+- * \return the SHA1 digest of the given data
+- */
+-unsigned char *ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest);
+-
+-#ifdef __cplusplus
+-}
+-#endif /* __cplusplus */
+-
+-#endif /* __LDNS_SHA2_H__ */
+diff --git a/include/ldns/str2host.h b/include/ldns/str2host.h
+deleted file mode 100644
+index d639970..0000000
+--- a/include/ldns/str2host.h
++++ /dev/null
+@@ -1,319 +0,0 @@
+-/**
+- * str2host.h - conversion from str to the host fmt
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#ifndef LDNS_2HOST_H
+-#define LDNS_2HOST_H
+-
+-#include <ldns/common.h>
+-#include <ldns/error.h>
+-#include <ldns/rr.h>
+-#include <ldns/rdata.h>
+-#include <ldns/packet.h>
+-#include <ldns/buffer.h>
+-#include <ctype.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * \file
+- *
+- * Defines functions to convert dns data in presentation format or text files
+- * to internal structures.
+- */
+-
+-/**
+- * convert a byte into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] bytestr the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr);
+-
+-/**
+- * convert a string to a int16 in wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] shortstr the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr);
+-
+-/**
+- * convert a strings into a 4 byte int in wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] longstr the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr);
+-
+-/**
+- * convert a time string to a time value in wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] time the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_time(ldns_rdf **rd, const char *time);
+-
+-/* convert string with NSEC3 salt to wireformat)
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * return ldns_status
+- */
+-ldns_status ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *nsec3_salt);
+-
+-/* convert a time period (think TTL's) to wireformat)
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * return ldns_status
+- */
+-ldns_status ldns_str2rdf_period(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert str with an A record into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_a(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert the str with an AAAA record into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a string into wireformat (think txt record)
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted (NULL terminated)
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_str(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert str with the apl record into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_apl(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert the string with the b64 data into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert the string with the b32 ext hex data into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a hex value into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_hex(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert string with nsec into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_nsec(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a rrtype into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_type(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert string with a classname into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_class(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert an certificate algorithm value into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert an algorithm value into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_alg(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a tlsa certificate usage value into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a tlsa selector value into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_selector(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a tlsa matching type value into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a string with a unknown RR into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_unknown(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert string with a protocol service into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_service(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a string with a LOC RR into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_loc(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert string with a WKS RR into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_wks(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a str with a NSAP RR into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_nsap(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a str with a ATMA RR into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_atma(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a str with a IPSECKEY RR into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert a dname string into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_dname(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert 4 * 16bit hex separated by colons into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_ilnp64(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert 6 hex bytes separated by dashes into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_eui48(ldns_rdf **rd, const char *str);
+-
+-/**
+- * convert 8 hex bytes separated by dashes into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_eui64(ldns_rdf **rd, const char *str);
+-
+-/**
+- * Convert a non-zero sequence of US-ASCII letters and numbers into wireformat
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_tag(ldns_rdf **rd, const char *str);
+-
+-/**
+- * Convert a <character-string> encoding of the value field as specified
+- * [RFC1035], Section 5.1., encoded as one bug chunk of data.
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_long_str(ldns_rdf **rd, const char *str);
+-
+-/**
+- * Convert a "<algorithm> <hit> <pk>" encoding of the value field as specified
+- * in Section 6. of [RFC5205], encoded as wireformat as specified in Section 5.
+- * of [RFC5205].
+- * \param[in] rd the rdf where to put the data
+- * \param[in] str the string to be converted
+- * \return ldns_status
+- */
+-ldns_status ldns_str2rdf_hip(ldns_rdf **rd, const char *str);
+-
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_2HOST_H */
+diff --git a/include/ldns/tsig.h b/include/ldns/tsig.h
+deleted file mode 100644
+index 676045f..0000000
+--- a/include/ldns/tsig.h
++++ /dev/null
+@@ -1,101 +0,0 @@
+-/*
+- * tsig.h -- defines for TSIG [RFC2845]
+- *
+- * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+- *
+- * See LICENSE for the license.
+- */
+-
+-#ifndef LDNS_TSIG_H
+-#define LDNS_TSIG_H
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * \file
+- *
+- * Defines functions for TSIG usage
+- */
+-
+-
+-/**
+- * Contains credentials for TSIG
+-*/
+-typedef struct ldns_tsig_credentials_struct
+-{
+- char *algorithm;
+- char *keyname;
+- char *keydata;
+- /* XXX More eventually. */
+-} ldns_tsig_credentials;
+-
+-char *ldns_tsig_algorithm(ldns_tsig_credentials *);
+-char *ldns_tsig_keyname(ldns_tsig_credentials *);
+-char *ldns_tsig_keydata(ldns_tsig_credentials *);
+-char *ldns_tsig_keyname_clone(ldns_tsig_credentials *);
+-char *ldns_tsig_keydata_clone(ldns_tsig_credentials *);
+-
+-/**
+- * verifies the tsig rr for the given packet and key.
+- * The wire must be given too because tsig does not sign normalized packets.
+- * \param[in] pkt the packet to verify
+- * \param[in] wire needed to verify the mac
+- * \param[in] wire_size size of wire
+- * \param[in] key_name the name of the shared key
+- * \param[in] key_data the key in base 64 format
+- * \param[in] mac original mac
+- * \return true if tsig is correct, false if not, or if tsig is not set
+- */
+-bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac);
+-
+-/**
+- * verifies the tsig rr for the given packet and key.
+- * The wire must be given too because tsig does not sign normalized packets.
+- * \param[in] pkt the packet to verify
+- * \param[in] wire needed to verify the mac
+- * \param[in] wire_size size of wire
+- * \param[in] key_name the name of the shared key
+- * \param[in] key_data the key in base 64 format
+- * \param[in] mac original mac
+- * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
+- components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac.
+- * \return true if tsig is correct, false if not, or if tsig is not set
+- */
+-bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac,
+- int tsig_timers_only);
+-
+-/**
+- * creates a tsig rr for the given packet and key.
+- * \param[in] pkt the packet to sign
+- * \param[in] key_name the name of the shared key
+- * \param[in] key_data the key in base 64 format
+- * \param[in] fudge seconds of error permitted in time signed
+- * \param[in] algorithm_name the name of the algorithm used
+- * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
+- * \return status (OK if success)
+- */
+-ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
+- const char *algorithm_name, ldns_rdf *query_mac);
+-
+-/**
+- * creates a tsig rr for the given packet and key.
+- * \param[in] pkt the packet to sign
+- * \param[in] key_name the name of the shared key
+- * \param[in] key_data the key in base 64 format
+- * \param[in] fudge seconds of error permitted in time signed
+- * \param[in] algorithm_name the name of the algorithm used
+- * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
+- * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
+- components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac.
+- * \return status (OK if success)
+- */
+-ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
+- const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_TSIG_H */
+diff --git a/include/ldns/update.h b/include/ldns/update.h
+deleted file mode 100644
+index d3459d3..0000000
+--- a/include/ldns/update.h
++++ /dev/null
+@@ -1,115 +0,0 @@
+-/*
+- * update.h
+- *
+- * Functions for RFC 2136 Dynamic Update
+- *
+- * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+- *
+- * See LICENSE for the license.
+- */
+-
+-/**
+- * \file
+- *
+- * Defines functions to perform UPDATE queries
+- */
+-
+-
+-#ifndef LDNS_UPDATE_H
+-#define LDNS_UPDATE_H
+-
+-#include <ldns/resolver.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * create an update packet from zone name, class and the rr lists
+- * \param[in] zone_rdf name of the zone
+- * \param[in] clas zone class
+- * \param[in] pr_rrlist list of Prerequisite Section RRs
+- * \param[in] up_rrlist list of Updates Section RRs
+- * \param[in] ad_rrlist list of Additional Data Section RRs (currently unused)
+- * \return the new packet
+- */
+-ldns_pkt *ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class clas, ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist);
+-
+-/**
+- * add tsig credentials to
+- * a packet from a resolver
+- * \param[in] p packet to copy to
+- * \param[in] r resolver to copy from
+- *
+- * \return status wether successfull or not
+- */
+-ldns_status ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r);
+-
+-/* access functions */
+-
+-/**
+- * Get the zo count
+- * \param[in] p the packet
+- * \return the zo count
+- */
+-uint16_t ldns_update_zocount(const ldns_pkt *p);
+-/**
+- * Get the zo count
+- * \param[in] p the packet
+- * \return the pr count
+- */
+-uint16_t ldns_update_prcount(const ldns_pkt *p);
+-/**
+- * Get the zo count
+- * \param[in] p the packet
+- * \return the up count
+- */
+-uint16_t ldns_update_upcount(const ldns_pkt *p);
+-/**
+- * Get the zo count
+- * \param[in] p the packet
+- * \return the ad count
+- */
+-uint16_t ldns_update_ad(const ldns_pkt *p);
+-/**
+- * Set the zo count
+- * \param[in] p the packet
+- * \param[in] c the zo count to set
+- */
+-void ldns_update_set_zo(ldns_pkt *p, uint16_t c);
+-/**
+- * Set the pr count
+- * \param[in] p the packet
+- * \param[in] c the pr count to set
+- */
+-void ldns_update_set_prcount(ldns_pkt *p, uint16_t c);
+-/**
+- * Set the up count
+- * \param[in] p the packet
+- * \param[in] c the up count to set
+- */
+-void ldns_update_set_upcount(ldns_pkt *p, uint16_t c);
+-/**
+- * Set the ad count
+- * \param[in] p the packet
+- * \param[in] c the ad count to set
+- */
+-void ldns_update_set_adcount(ldns_pkt *p, uint16_t c);
+-
+-/* soa functions that need to be configured */
+-/*
+- * Not sure if we want to keep these like this, therefore
+- * not documented
+- */
+-ldns_status ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, ldns_rr_class c, ldns_rdf **mname);
+-/*
+- * Not sure if we want to keep these like this, therefore
+- * not documented
+- */
+-ldns_status ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_UPDATE_H */
+diff --git a/include/ldns/util.h b/include/ldns/util.h
+deleted file mode 100644
+index 86848eb..0000000
+--- a/include/ldns/util.h
++++ /dev/null
+@@ -1,392 +0,0 @@
+-/*
+- * util.h
+- *
+- * helper function header file
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#ifndef _UTIL_H
+-#define _UTIL_H
+-
+-#include "EXTERN.h"
+-#include "perl.h"
+-#include <ldns/common.h>
+-#include <time.h>
+-#include <stdio.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-#define dprintf(X,Y) fprintf(stderr, (X), (Y))
+-/* #define dprintf(X, Y) */
+-
+-#define LDNS_VERSION "1.6.18"
+-#define LDNS_REVISION ((1<<16)|(6<<8)|(18))
+-
+-/**
+- * splint static inline workaround
+- */
+-#ifdef S_SPLINT_S
+-# define INLINE
+-#else
+-# ifdef SWIG
+-# define INLINE static
+-# else
+-# define INLINE static inline
+-# endif
+-#endif
+-
+-/**
+- * Memory management macros
+- */
+-#define LDNS_MALLOC(type) LDNS_XMALLOC(type, 1)
+-
+-#define LDNS_XMALLOC(type, count) ((type *) malloc((count) * sizeof(type)))
+-
+-#define LDNS_CALLOC(type, count) ((type *) calloc((count), sizeof(type)))
+-
+-#define LDNS_REALLOC(ptr, type) LDNS_XREALLOC((ptr), type, 1)
+-
+-#define LDNS_XREALLOC(ptr, type, count) \
+- ((type *) realloc((ptr), (count) * sizeof(type)))
+-
+-#define LDNS_FREE(ptr) \
+- do { free((ptr)); (ptr) = NULL; } while (0)
+-
+-#define LDNS_DEP printf("DEPRECATED FUNCTION!\n");
+-
+-/*
+- * Copy data allowing for unaligned accesses in network byte order
+- * (big endian).
+- */
+-INLINE uint16_t
+-ldns_read_uint16(const void *src)
+-{
+-#ifdef ALLOW_UNALIGNED_ACCESSES
+- return ntohs(*(const uint16_t *) src);
+-#else
+- const uint8_t *p = (const uint8_t *) src;
+- return ((uint16_t) p[0] << 8) | (uint16_t) p[1];
+-#endif
+-}
+-
+-INLINE uint32_t
+-ldns_read_uint32(const void *src)
+-{
+-#ifdef ALLOW_UNALIGNED_ACCESSES
+- return ntohl(*(const uint32_t *) src);
+-#else
+- const uint8_t *p = (const uint8_t *) src;
+- return ( ((uint32_t) p[0] << 24)
+- | ((uint32_t) p[1] << 16)
+- | ((uint32_t) p[2] << 8)
+- | (uint32_t) p[3]);
+-#endif
+-}
+-
+-/*
+- * Copy data allowing for unaligned accesses in network byte order
+- * (big endian).
+- */
+-INLINE void
+-ldns_write_uint16(void *dst, uint16_t data)
+-{
+-#ifdef ALLOW_UNALIGNED_ACCESSES
+- * (uint16_t *) dst = htons(data);
+-#else
+- uint8_t *p = (uint8_t *) dst;
+- p[0] = (uint8_t) ((data >> 8) & 0xff);
+- p[1] = (uint8_t) (data & 0xff);
+-#endif
+-}
+-
+-INLINE void
+-ldns_write_uint32(void *dst, uint32_t data)
+-{
+-#ifdef ALLOW_UNALIGNED_ACCESSES
+- * (uint32_t *) dst = htonl(data);
+-#else
+- uint8_t *p = (uint8_t *) dst;
+- p[0] = (uint8_t) ((data >> 24) & 0xff);
+- p[1] = (uint8_t) ((data >> 16) & 0xff);
+- p[2] = (uint8_t) ((data >> 8) & 0xff);
+- p[3] = (uint8_t) (data & 0xff);
+-#endif
+-}
+-
+-/* warning. */
+-INLINE void
+-ldns_write_uint64_as_uint48(void *dst, uint64_t data)
+-{
+- uint8_t *p = (uint8_t *) dst;
+- p[0] = (uint8_t) ((data >> 40) & 0xff);
+- p[1] = (uint8_t) ((data >> 32) & 0xff);
+- p[2] = (uint8_t) ((data >> 24) & 0xff);
+- p[3] = (uint8_t) ((data >> 16) & 0xff);
+- p[4] = (uint8_t) ((data >> 8) & 0xff);
+- p[5] = (uint8_t) (data & 0xff);
+-}
+-
+-
+-/**
+- * Structure to do a Schwartzian-like transformation, for instance when
+- * sorting. If you need a transformation on the objects that are sorted,
+- * you can sue this to store the transformed values, so you do not
+- * need to do the transformation again for each comparison
+- */
+-struct ldns_schwartzian_compare_struct {
+- void *original_object;
+- void *transformed_object;
+-};
+-
+-/** A general purpose lookup table
+- *
+- * Lookup tables are arrays of (id, name) pairs,
+- * So you can for instance lookup the RCODE 3, which is "NXDOMAIN",
+- * and vice versa. The lookup tables themselves are defined wherever needed,
+- * for instance in \ref host2str.c
+- */
+-struct ldns_struct_lookup_table {
+- int id;
+- const char *name;
+-};
+-typedef struct ldns_struct_lookup_table ldns_lookup_table;
+-
+-/**
+- * Looks up the table entry by name, returns NULL if not found.
+- * \param[in] table the lookup table to search in
+- * \param[in] name what to search for
+- * \return the item found
+- */
+-ldns_lookup_table *ldns_lookup_by_name(ldns_lookup_table table[],
+- const char *name);
+-
+-/**
+- * Looks up the table entry by id, returns NULL if not found.
+- * \param[in] table the lookup table to search in
+- * \param[in] id what to search for
+- * \return the item found
+- */
+-ldns_lookup_table *ldns_lookup_by_id(ldns_lookup_table table[], int id);
+-
+-/**
+- * Returns the value of the specified bit
+- * The bits are counted from left to right, so bit #0 is the
+- * left most bit.
+- * \param[in] bits array holding the bits
+- * \param[in] index to the wanted bit
+- * \return
+- */
+-int ldns_get_bit(uint8_t bits[], size_t index);
+-
+-
+-/**
+- * Returns the value of the specified bit
+- * The bits are counted from right to left, so bit #0 is the
+- * right most bit.
+- * \param[in] bits array holding the bits
+- * \param[in] index to the wanted bit
+- * \return 1 or 0 depending no the bit state
+- */
+-int ldns_get_bit_r(uint8_t bits[], size_t index);
+-
+-/**
+- * sets the specified bit in the specified byte to
+- * 1 if value is true, 0 if false
+- * The bits are counted from right to left, so bit #0 is the
+- * right most bit.
+- * \param[in] byte the bit to set the bit in
+- * \param[in] bit_nr the bit to set (0 <= n <= 7)
+- * \param[in] value whether to set the bit to 1 or 0
+- * \return 1 or 0 depending no the bit state
+- */
+-void ldns_set_bit(uint8_t *byte, int bit_nr, bool value);
+-
+-/**
+- * Returns the value of a to the power of b
+- * (or 1 of b < 1)
+- */
+-/*@unused@*/
+-INLINE long
+-ldns_power(long a, long b) {
+- long result = 1;
+- while (b > 0) {
+- if (b & 1) {
+- result *= a;
+- if (b == 1) {
+- return result;
+- }
+- }
+- a *= a;
+- b /= 2;
+- }
+- return result;
+-}
+-
+-/**
+- * Returns the int value of the given (hex) digit
+- * \param[in] ch the hex char to convert
+- * \return the converted decimal value
+- */
+-int ldns_hexdigit_to_int(char ch);
+-
+-/**
+- * Returns the char (hex) representation of the given int
+- * \param[in] ch the int to convert
+- * \return the converted hex char
+- */
+-char ldns_int_to_hexdigit(int ch);
+-
+-/**
+- * Converts a hex string to binary data
+- *
+- * \param[out] data The binary result is placed here.
+- * At least strlen(str)/2 bytes should be allocated
+- * \param[in] str The hex string to convert.
+- * This string should not contain spaces
+- * \return The number of bytes of converted data, or -1 if one of the arguments * is NULL, or -2 if the string length is not an even number
+- */
+-int
+-ldns_hexstring_to_data(uint8_t *data, const char *str);
+-
+-/**
+- * Show the internal library version
+- * \return a string with the version in it
+- */
+-const char * ldns_version(void);
+-
+-/**
+- * Convert TM to seconds since epoch (midnight, January 1st, 1970).
+- * Like timegm(3), which is not always available.
+- * \param[in] tm a struct tm* with the date
+- * \return the seconds since epoch
+- */
+-time_t ldns_mktime_from_utc(const struct tm *tm);
+-
+-time_t mktime_from_utc(const struct tm *tm);
+-
+-/**
+- * The function interprets time as the number of seconds since epoch
+- * with respect to now using serial arithmitics (rfc1982).
+- * That number of seconds is then converted to broken-out time information.
+- * This is especially usefull when converting the inception and expiration
+- * fields of RRSIG records.
+- *
+- * \param[in] time number of seconds since epoch (midnight, January 1st, 1970)
+- * to be intepreted as a serial arithmitics number relative to now.
+- * \param[in] now number of seconds since epoch (midnight, January 1st, 1970)
+- * to which the time value is compared to determine the final value.
+- * \param[out] result the struct with the broken-out time information
+- * \return result on success or NULL on error
+- */
+-struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result);
+-
+-/**
+- * Seed the random function.
+- * If the file descriptor is specified, the random generator is seeded with
+- * data from that file. If not, /dev/urandom is used.
+- *
+- * applications should call this if they need entropy data within ldns
+- * If openSSL is available, it is automatically seeded from /dev/urandom
+- * or /dev/random.
+- *
+- * If you need more entropy, or have no openssl available, this function
+- * MUST be called at the start of the program
+- *
+- * If openssl *is* available, this function just adds more entropy
+- *
+- * \param[in] fd a file providing entropy data for the seed
+- * \param[in] size the number of bytes to use as entropy data. If this is 0,
+- * only the minimal amount is taken (usually 4 bytes)
+- * \return 0 if seeding succeeds, 1 if it fails
+- */
+-int ldns_init_random(FILE *fd, unsigned int size);
+-
+-/**
+- * Get random number.
+- * \return random number.
+- *
+- */
+-uint16_t ldns_get_random(void);
+-
+-/**
+- * Encode data as BubbleBabble
+- *
+- * \param[in] data a pointer to data to be encoded
+- * \param[in] len size the number of bytes of data
+- * \return a string of BubbleBabble
+- */
+-char *ldns_bubblebabble(uint8_t *data, size_t len);
+-
+-
+-INLINE time_t ldns_time(time_t *t) { return time(t); }
+-
+-
+-/**
+- * calculates the size needed to store the result of b32_ntop
+- */
+-/*@unused@*/
+-INLINE size_t ldns_b32_ntop_calculate_size(size_t src_data_length)
+-{
+- return src_data_length == 0 ? 0 : ((src_data_length - 1) / 5 + 1) * 8;
+-}
+-
+-INLINE size_t ldns_b32_ntop_calculate_size_no_padding(size_t src_data_length)
+-{
+- return ((src_data_length + 3) * 8 / 5) - 4;
+-}
+-
+-int ldns_b32_ntop(const uint8_t* src_data, size_t src_data_length,
+- char* target_text_buffer, size_t target_text_buffer_size);
+-
+-int ldns_b32_ntop_extended_hex(const uint8_t* src_data, size_t src_data_length,
+- char* target_text_buffer, size_t target_text_buffer_size);
+-
+-#if ! LDNS_BUILD_CONFIG_HAVE_B32_NTOP
+-
+-int b32_ntop(const uint8_t* src_data, size_t src_data_length,
+- char* target_text_buffer, size_t target_text_buffer_size);
+-
+-int b32_ntop_extended_hex(const uint8_t* src_data, size_t src_data_length,
+- char* target_text_buffer, size_t target_text_buffer_size);
+-
+-#endif /* ! LDNS_BUILD_CONFIG_HAVE_B32_NTOP */
+-
+-
+-/**
+- * calculates the size needed to store the result of b32_pton
+- */
+-/*@unused@*/
+-INLINE size_t ldns_b32_pton_calculate_size(size_t src_text_length)
+-{
+- return src_text_length * 5 / 8;
+-}
+-
+-int ldns_b32_pton(const char* src_text, size_t src_text_length,
+- uint8_t* target_data_buffer, size_t target_data_buffer_size);
+-
+-int ldns_b32_pton_extended_hex(const char* src_text, size_t src_text_length,
+- uint8_t* target_data_buffer, size_t target_data_buffer_size);
+-
+-#if ! LDNS_BUILD_CONFIG_HAVE_B32_PTON
+-
+-int b32_pton(const char* src_text, size_t src_text_length,
+- uint8_t* target_data_buffer, size_t target_data_buffer_size);
+-
+-int b32_pton_extended_hex(const char* src_text, size_t src_text_length,
+- uint8_t* target_data_buffer, size_t target_data_buffer_size);
+-
+-#endif /* ! LDNS_BUILD_CONFIG_HAVE_B32_PTON */
+-
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* !_UTIL_H */
+diff --git a/include/ldns/wire2host.h b/include/ldns/wire2host.h
+deleted file mode 100644
+index 53155b3..0000000
+--- a/include/ldns/wire2host.h
++++ /dev/null
+@@ -1,197 +0,0 @@
+-/*
+- * wire2host.h - from wire conversion routines
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-/**
+- * \file
+- *
+- * Contains functions that translate dns data from the wire format (as sent
+- * by servers and clients) to the internal structures.
+- */
+-
+-#ifndef LDNS_WIRE2HOST_H
+-#define LDNS_WIRE2HOST_H
+-
+-#include <ldns/rdata.h>
+-#include <ldns/common.h>
+-#include <ldns/error.h>
+-#include <ldns/rr.h>
+-#include <ldns/packet.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/* The length of the header */
+-#define LDNS_HEADER_SIZE 12
+-
+-/* First octet of flags */
+-#define LDNS_RD_MASK 0x01U
+-#define LDNS_RD_SHIFT 0
+-#define LDNS_RD_WIRE(wirebuf) (*(wirebuf+2) & LDNS_RD_MASK)
+-#define LDNS_RD_SET(wirebuf) (*(wirebuf+2) |= LDNS_RD_MASK)
+-#define LDNS_RD_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_RD_MASK)
+-
+-#define LDNS_TC_MASK 0x02U
+-#define LDNS_TC_SHIFT 1
+-#define LDNS_TC_WIRE(wirebuf) (*(wirebuf+2) & LDNS_TC_MASK)
+-#define LDNS_TC_SET(wirebuf) (*(wirebuf+2) |= LDNS_TC_MASK)
+-#define LDNS_TC_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_TC_MASK)
+-
+-#define LDNS_AA_MASK 0x04U
+-#define LDNS_AA_SHIFT 2
+-#define LDNS_AA_WIRE(wirebuf) (*(wirebuf+2) & LDNS_AA_MASK)
+-#define LDNS_AA_SET(wirebuf) (*(wirebuf+2) |= LDNS_AA_MASK)
+-#define LDNS_AA_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_AA_MASK)
+-
+-#define LDNS_OPCODE_MASK 0x78U
+-#define LDNS_OPCODE_SHIFT 3
+-#define LDNS_OPCODE_WIRE(wirebuf) ((*(wirebuf+2) & LDNS_OPCODE_MASK) >> LDNS_OPCODE_SHIFT)
+-#define LDNS_OPCODE_SET(wirebuf, opcode) \
+- (*(wirebuf+2) = ((*(wirebuf+2)) & ~LDNS_OPCODE_MASK) | ((opcode) << LDNS_OPCODE_SHIFT))
+-
+-#define LDNS_QR_MASK 0x80U
+-#define LDNS_QR_SHIFT 7
+-#define LDNS_QR_WIRE(wirebuf) (*(wirebuf+2) & LDNS_QR_MASK)
+-#define LDNS_QR_SET(wirebuf) (*(wirebuf+2) |= LDNS_QR_MASK)
+-#define LDNS_QR_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_QR_MASK)
+-
+-/* Second octet of flags */
+-#define LDNS_RCODE_MASK 0x0fU
+-#define LDNS_RCODE_SHIFT 0
+-#define LDNS_RCODE_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RCODE_MASK)
+-#define LDNS_RCODE_SET(wirebuf, rcode) \
+- (*(wirebuf+3) = ((*(wirebuf+3)) & ~LDNS_RCODE_MASK) | (rcode))
+-
+-#define LDNS_CD_MASK 0x10U
+-#define LDNS_CD_SHIFT 4
+-#define LDNS_CD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_CD_MASK)
+-#define LDNS_CD_SET(wirebuf) (*(wirebuf+3) |= LDNS_CD_MASK)
+-#define LDNS_CD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_CD_MASK)
+-
+-#define LDNS_AD_MASK 0x20U
+-#define LDNS_AD_SHIFT 5
+-#define LDNS_AD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_AD_MASK)
+-#define LDNS_AD_SET(wirebuf) (*(wirebuf+3) |= LDNS_AD_MASK)
+-#define LDNS_AD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_AD_MASK)
+-
+-#define LDNS_Z_MASK 0x40U
+-#define LDNS_Z_SHIFT 6
+-#define LDNS_Z_WIRE(wirebuf) (*(wirebuf+3) & LDNS_Z_MASK)
+-#define LDNS_Z_SET(wirebuf) (*(wirebuf+3) |= LDNS_Z_MASK)
+-#define LDNS_Z_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_Z_MASK)
+-
+-#define LDNS_RA_MASK 0x80U
+-#define LDNS_RA_SHIFT 7
+-#define LDNS_RA_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RA_MASK)
+-#define LDNS_RA_SET(wirebuf) (*(wirebuf+3) |= LDNS_RA_MASK)
+-#define LDNS_RA_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_RA_MASK)
+-
+-/* Query ID */
+-#define LDNS_ID_WIRE(wirebuf) (ldns_read_uint16(wirebuf))
+-#define LDNS_ID_SET(wirebuf, id) (ldns_write_uint16(wirebuf, id))
+-
+-/* Counter of the question section */
+-#define LDNS_QDCOUNT_OFF 4
+-/*
+-#define QDCOUNT(wirebuf) (ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF)))
+-*/
+-#define LDNS_QDCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_QDCOUNT_OFF))
+-
+-/* Counter of the answer section */
+-#define LDNS_ANCOUNT_OFF 6
+-#define LDNS_ANCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_ANCOUNT_OFF))
+-
+-/* Counter of the authority section */
+-#define LDNS_NSCOUNT_OFF 8
+-#define LDNS_NSCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_NSCOUNT_OFF))
+-
+-/* Counter of the additional section */
+-#define LDNS_ARCOUNT_OFF 10
+-#define LDNS_ARCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_ARCOUNT_OFF))
+-
+-/**
+- * converts the data on the uint8_t bytearray (in wire format) to a DNS packet.
+- * This function will initialize and allocate memory space for the packet
+- * structure.
+- *
+- * \param[in] packet pointer to the structure to hold the packet
+- * \param[in] data pointer to the buffer with the data
+- * \param[in] len the length of the data buffer (in bytes)
+- * \return LDNS_STATUS_OK if everything succeeds, error otherwise
+- */
+-ldns_status ldns_wire2pkt(ldns_pkt **packet, const uint8_t *data, size_t len);
+-
+-/**
+- * converts the data on the uint8_t bytearray (in wire format) to a DNS packet.
+- * This function will initialize and allocate memory space for the packet
+- * structure.
+- *
+- * \param[in] packet pointer to the structure to hold the packet
+- * \param[in] buffer the buffer with the data
+- * \return LDNS_STATUS_OK if everything succeeds, error otherwise
+- */
+-ldns_status ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer);
+-
+-/**
+- * converts the data on the uint8_t bytearray (in wire format) to a DNS
+- * dname rdata field. This function will initialize and allocate memory
+- * space for the dname structure. The length of the wiredata of this rdf
+- * is added to the *pos value.
+- *
+- * \param[in] dname pointer to the structure to hold the rdata value
+- * \param[in] wire pointer to the buffer with the data
+- * \param[in] max the length of the data buffer (in bytes)
+- * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes
+- * from the start of the buffer)
+- * \return LDNS_STATUS_OK if everything succeeds, error otherwise
+- */
+-ldns_status ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos);
+-
+-/**
+- * converts the data on the uint8_t bytearray (in wire format) to DNS
+- * rdata fields, and adds them to the list of rdfs of the given rr.
+- * This function will initialize and allocate memory space for the dname
+- * structures.
+- * The length of the wiredata of these rdfs is added to the *pos value.
+- *
+- * All rdfs belonging to the RR are read; the rr should have no rdfs
+- * yet. An error is returned if the format cannot be parsed.
+- *
+- * \param[in] rr pointer to the ldns_rr structure to hold the rdata value
+- * \param[in] wire pointer to the buffer with the data
+- * \param[in] max the length of the data buffer (in bytes)
+- * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes
+- * from the start of the buffer)
+- * \return LDNS_STATUS_OK if everything succeeds, error otherwise
+- */
+-ldns_status ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos);
+-
+-/**
+- * converts the data on the uint8_t bytearray (in wire format) to a DNS
+- * resource record.
+- * This function will initialize and allocate memory space for the rr
+- * structure.
+- * The length of the wiredata of this rr is added to the *pos value.
+- *
+- * \param[in] rr pointer to the structure to hold the rdata value
+- * \param[in] wire pointer to the buffer with the data
+- * \param[in] max the length of the data buffer (in bytes)
+- * \param[in] pos the position of the rr in the buffer (ie. the number of bytes
+- * from the start of the buffer)
+- * \param[in] section the section in the packet the rr is meant for
+- * \return LDNS_STATUS_OK if everything succeeds, error otherwise
+- */
+-ldns_status ldns_wire2rr(ldns_rr **rr, const uint8_t *wire, size_t max, size_t *pos, ldns_pkt_section section);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_WIRE2HOST_H */
+diff --git a/include/ldns/zone.h b/include/ldns/zone.h
+deleted file mode 100644
+index 0d129a0..0000000
+--- a/include/ldns/zone.h
++++ /dev/null
+@@ -1,176 +0,0 @@
+-/**
+- * zone.h
+- *
+- * zone definitions
+- * - what is it
+- * - get_glue function
+- * - search etc
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-/**
+- * \file
+- *
+- * Defines the ldns_zone structure and functions to manipulate it.
+- */
+-
+-
+-#ifndef LDNS_ZONE_H
+-#define LDNS_ZONE_H
+-
+-#include <ldns/common.h>
+-#include <ldns/rdata.h>
+-#include <ldns/rr.h>
+-#include <ldns/error.h>
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/**
+- * DNS Zone
+- *
+- * A list of RR's with some
+- * extra information which comes from the SOA RR
+- * Note: nothing has been done to make this efficient (yet).
+- */
+-struct ldns_struct_zone
+-{
+- /** the soa defines a zone */
+- ldns_rr *_soa;
+- /* basicly a zone is a list of rr's */
+- ldns_rr_list *_rrs;
+- /* we could change this to be a b-tree etc etc todo */
+-};
+-typedef struct ldns_struct_zone ldns_zone;
+-
+-/**
+- * create a new ldns_zone structure
+- * \return a pointer to a ldns_zone structure
+- */
+-ldns_zone * ldns_zone_new(void);
+-
+-/**
+- * Return the soa record of a zone
+- * \param[in] z the zone to read from
+- * \return the soa record in the zone
+- */
+-ldns_rr * ldns_zone_soa(const ldns_zone *z);
+-
+-/**
+- * Returns the number of resource records in the zone, NOT counting the SOA record
+- * \param[in] z the zone to read from
+- * \return the number of rr's in the zone
+- */
+-size_t ldns_zone_rr_count(const ldns_zone *z);
+-
+-/**
+- * Set the zone's soa record
+- * \param[in] z the zone to put the new soa in
+- * \param[in] soa the soa to set
+- */
+-void ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa);
+-
+-/**
+- * Get a list of a zone's content. Note that the SOA
+- * isn't included in this list. You need to get the
+- * with ldns_zone_soa.
+- * \param[in] z the zone to read from
+- * \return the rrs from this zone
+- */
+-ldns_rr_list * ldns_zone_rrs(const ldns_zone *z);
+-
+-/**
+- * Set the zone's contents
+- * \param[in] z the zone to put the new soa in
+- * \param[in] rrlist the rrlist to use
+- */
+-void ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist);
+-
+-/**
+- * push an rrlist to a zone structure. This function use pointer
+- * copying, so the rr_list structure inside z is modified!
+- * \param[in] z the zone to add to
+- * \param[in] list the list to add
+- * \return a true on succes otherwise falsed
+- */
+-bool ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list);
+-
+-/**
+- * push an single rr to a zone structure. This function use pointer
+- * copying, so the rr_list structure inside z is modified!
+- * \param[in] z the zone to add to
+- * \param[in] rr the rr to add
+- * \return a true on succes otherwise falsed
+- */
+-bool ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr);
+-
+-/**
+- * Retrieve all resource records from the zone that are glue
+- * records. The resulting list does are pointer references
+- * to the zone's data.
+- *
+- * Due to the current zone implementation (as a list of rr's), this
+- * function is extremely slow. Another (probably better) way to do this
+- * is to use an ldns_dnssec_zone structure and the
+- * ldns_dnssec_mark_and_get_glue() function.
+- *
+- * \param[in] z the zone to look for glue
+- * \return the rr_list with the glue
+- */
+-ldns_rr_list *ldns_zone_glue_rr_list(const ldns_zone *z);
+-
+-/**
+- * Create a new zone from a file
+- * \param[out] z the new zone
+- * \param[in] *fp the filepointer to use
+- * \param[in] *origin the zones' origin
+- * \param[in] ttl default ttl to use
+- * \param[in] c default class to use (IN)
+- *
+- * \return ldns_status mesg with an error or LDNS_STATUS_OK
+- */
+-ldns_status ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c);
+-
+-/**
+- * Create a new zone from a file, keep track of the line numbering
+- * \param[out] z the new zone
+- * \param[in] *fp the filepointer to use
+- * \param[in] *origin the zones' origin
+- * \param[in] ttl default ttl to use
+- * \param[in] c default class to use (IN)
+- * \param[out] line_nr used for error msg, to get to the line number
+- *
+- * \return ldns_status mesg with an error or LDNS_STATUS_OK
+- */
+-ldns_status ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c, int *line_nr);
+-
+-/**
+- * Frees the allocated memory for the zone, and the rr_list structure in it
+- * \param[in] zone the zone to free
+- */
+-void ldns_zone_free(ldns_zone *zone);
+-
+-/**
+- * Frees the allocated memory for the zone, the soa rr in it,
+- * and the rr_list structure in it, including the rr's in that. etc.
+- * \param[in] zone the zone to free
+- */
+-void ldns_zone_deep_free(ldns_zone *zone);
+-
+-/**
+- * Sort the rrs in a zone, with the current impl. this is slow
+- * \param[in] zone the zone to sort
+- */
+-void ldns_zone_sort(ldns_zone *zone);
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* LDNS_ZONE_H */
+diff --git a/ldns/include/ldns/buffer.h b/ldns/include/ldns/buffer.h
+new file mode 100644
+index 0000000..3b64198
+--- /dev/null
++++ b/ldns/include/ldns/buffer.h
+@@ -0,0 +1,645 @@
++/*
++ * buffer.h -- generic memory buffer.
++ *
++ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
++ *
++ * See LICENSE for the license.
++ *
++ *
++ * The buffer module implements a generic buffer. The API is based on
++ * the java.nio.Buffer interface.
++ */
++
++#ifndef LDNS_BUFFER_H
++#define LDNS_BUFFER_H
++
++#include <assert.h>
++#include <stdarg.h>
++#include <string.h>
++
++#include <ldns/error.h>
++#include <ldns/common.h>
++
++#include "ldns/util.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * number of initial bytes in buffer of
++ * which we cannot tell the size before hand
++ */
++#define LDNS_MIN_BUFLEN 512
++
++/**
++ * \file buffer.h
++ *
++ * This file contains the definition of ldns_buffer, and functions to manipulate those.
++ */
++
++/**
++ * implementation of buffers to ease operations
++ *
++ * ldns_buffers can contain arbitrary information, per octet. You can write
++ * to the current end of a buffer, read from the current position, and
++ * access any data within it.
++ *
++ * Example use of buffers is in the source code of \ref host2str.c
++ */
++struct ldns_struct_buffer
++{
++ /** The current position used for reading/writing */
++ size_t _position;
++
++ /** The read/write limit */
++ size_t _limit;
++
++ /** The amount of data the buffer can contain */
++ size_t _capacity;
++
++ /** The data contained in the buffer */
++ uint8_t *_data;
++
++ /** If the buffer is fixed it cannot be resized */
++ unsigned _fixed : 1;
++
++ /** The current state of the buffer. If writing to the buffer fails
++ * for any reason, this value is changed. This way, you can perform
++ * multiple writes in sequence and check for success afterwards. */
++ ldns_status _status;
++};
++typedef struct ldns_struct_buffer ldns_buffer;
++
++
++#ifdef NDEBUG
++INLINE void
++ldns_buffer_invariant(ldns_buffer *ATTR_UNUSED(buffer))
++{
++}
++#else
++INLINE void
++ldns_buffer_invariant(ldns_buffer *buffer)
++{
++ assert(buffer != NULL);
++ assert(buffer->_position <= buffer->_limit);
++ assert(buffer->_limit <= buffer->_capacity);
++ assert(buffer->_data != NULL);
++}
++#endif
++
++/**
++ * creates a new buffer with the specified capacity.
++ *
++ * \param[in] capacity the size (in bytes) to allocate for the buffer
++ * \return the created buffer
++ */
++ldns_buffer *ldns_buffer_new(size_t capacity);
++
++/**
++ * creates a buffer with the specified data. The data IS copied
++ * and MEMORY allocations are done. The buffer is not fixed and can
++ * be resized using buffer_reserve().
++ *
++ * \param[in] buffer pointer to the buffer to put the data in
++ * \param[in] data the data to encapsulate in the buffer
++ * \param[in] size the size of the data
++ */
++void ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size);
++
++/**
++ * clears the buffer and make it ready for writing. The buffer's limit
++ * is set to the capacity and the position is set to 0.
++ * \param[in] buffer the buffer to clear
++ */
++INLINE void ldns_buffer_clear(ldns_buffer *buffer)
++{
++ ldns_buffer_invariant(buffer);
++
++ /* reset status here? */
++
++ buffer->_position = 0;
++ buffer->_limit = buffer->_capacity;
++}
++
++/**
++ * makes the buffer ready for reading the data that has been written to
++ * the buffer. The buffer's limit is set to the current position and
++ * the position is set to 0.
++ *
++ * \param[in] buffer the buffer to flip
++ * \return void
++ */
++INLINE void ldns_buffer_flip(ldns_buffer *buffer)
++{
++ ldns_buffer_invariant(buffer);
++
++ buffer->_limit = buffer->_position;
++ buffer->_position = 0;
++}
++
++/**
++ * make the buffer ready for re-reading the data. The buffer's
++ * position is reset to 0.
++ * \param[in] buffer the buffer to rewind
++ */
++INLINE void ldns_buffer_rewind(ldns_buffer *buffer)
++{
++ ldns_buffer_invariant(buffer);
++
++ buffer->_position = 0;
++}
++
++/**
++ * returns the current position in the buffer (as a number of bytes)
++ * \param[in] buffer the buffer
++ * \return the current position
++ */
++INLINE size_t
++ldns_buffer_position(ldns_buffer *buffer)
++{
++ return buffer->_position;
++}
++
++/**
++ * sets the buffer's position to MARK. The position must be less than
++ * or equal to the buffer's limit.
++ * \param[in] buffer the buffer
++ * \param[in] mark the mark to use
++ */
++INLINE void
++ldns_buffer_set_position(ldns_buffer *buffer, size_t mark)
++{
++ assert(mark <= buffer->_limit);
++ buffer->_position = mark;
++}
++
++/**
++ * changes the buffer's position by COUNT bytes. The position must not
++ * be moved behind the buffer's limit or before the beginning of the
++ * buffer.
++ * \param[in] buffer the buffer
++ * \param[in] count the count to use
++ */
++INLINE void
++ldns_buffer_skip(ldns_buffer *buffer, ssize_t count)
++{
++ assert(buffer->_position + count <= buffer->_limit);
++ buffer->_position += count;
++}
++
++/**
++ * returns the maximum size of the buffer
++ * \param[in] buffer
++ * \return the size
++ */
++INLINE size_t
++ldns_buffer_limit(ldns_buffer *buffer)
++{
++ return buffer->_limit;
++}
++
++/**
++ * changes the buffer's limit. If the buffer's position is greater
++ * than the new limit the position is set to the limit.
++ * \param[in] buffer the buffer
++ * \param[in] limit the new limit
++ */
++INLINE void
++ldns_buffer_set_limit(ldns_buffer *buffer, size_t limit)
++{
++ assert(limit <= buffer->_capacity);
++ buffer->_limit = limit;
++ if (buffer->_position > buffer->_limit)
++ buffer->_position = buffer->_limit;
++}
++
++/**
++ * returns the number of bytes the buffer can hold.
++ * \param[in] buffer the buffer
++ * \return the number of bytes
++ */
++INLINE size_t
++ldns_buffer_capacity(ldns_buffer *buffer)
++{
++ return buffer->_capacity;
++}
++
++/**
++ * changes the buffer's capacity. The data is reallocated so any
++ * pointers to the data may become invalid. The buffer's limit is set
++ * to the buffer's new capacity.
++ * \param[in] buffer the buffer
++ * \param[in] capacity the capacity to use
++ * \return whether this failed or succeeded
++ */
++bool ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity);
++
++/**
++ * ensures BUFFER can contain at least AMOUNT more bytes. The buffer's
++ * capacity is increased if necessary using buffer_set_capacity().
++ *
++ * The buffer's limit is always set to the (possibly increased)
++ * capacity.
++ * \param[in] buffer the buffer
++ * \param[in] amount amount to use
++ * \return whether this failed or succeeded
++ */
++bool ldns_buffer_reserve(ldns_buffer *buffer, size_t amount);
++
++/**
++ * returns a pointer to the data at the indicated position.
++ * \param[in] buffer the buffer
++ * \param[in] at position
++ * \return the pointer to the data
++ */
++INLINE uint8_t *
++ldns_buffer_at(const ldns_buffer *buffer, size_t at)
++{
++ assert(at <= buffer->_limit);
++ return buffer->_data + at;
++}
++
++/**
++ * returns a pointer to the beginning of the buffer (the data at
++ * position 0).
++ * \param[in] buffer the buffer
++ * \return the pointer
++ */
++INLINE uint8_t *
++ldns_buffer_begin(const ldns_buffer *buffer)
++{
++ return ldns_buffer_at(buffer, 0);
++}
++
++/**
++ * returns a pointer to the end of the buffer (the data at the buffer's
++ * limit).
++ * \param[in] buffer the buffer
++ * \return the pointer
++ */
++INLINE uint8_t *
++ldns_buffer_end(ldns_buffer *buffer)
++{
++ return ldns_buffer_at(buffer, buffer->_limit);
++}
++
++/**
++ * returns a pointer to the data at the buffer's current position.
++ * \param[in] buffer the buffer
++ * \return the pointer
++ */
++INLINE uint8_t *
++ldns_buffer_current(ldns_buffer *buffer)
++{
++ return ldns_buffer_at(buffer, buffer->_position);
++}
++
++/**
++ * returns the number of bytes remaining between the indicated position and
++ * the limit.
++ * \param[in] buffer the buffer
++ * \param[in] at indicated position
++ * \return number of bytes
++ */
++INLINE size_t
++ldns_buffer_remaining_at(ldns_buffer *buffer, size_t at)
++{
++ ldns_buffer_invariant(buffer);
++ assert(at <= buffer->_limit);
++ return buffer->_limit - at;
++}
++
++/**
++ * returns the number of bytes remaining between the buffer's position and
++ * limit.
++ * \param[in] buffer the buffer
++ * \return the number of bytes
++ */
++INLINE size_t
++ldns_buffer_remaining(ldns_buffer *buffer)
++{
++ return ldns_buffer_remaining_at(buffer, buffer->_position);
++}
++
++/**
++ * checks if the buffer has at least COUNT more bytes available.
++ * Before reading or writing the caller needs to ensure enough space
++ * is available!
++ * \param[in] buffer the buffer
++ * \param[in] at indicated position
++ * \param[in] count how much is available
++ * \return true or false (as int?)
++ */
++INLINE int
++ldns_buffer_available_at(ldns_buffer *buffer, size_t at, size_t count)
++{
++ return count <= ldns_buffer_remaining_at(buffer, at);
++}
++
++/**
++ * checks if the buffer has count bytes available at the current position
++ * \param[in] buffer the buffer
++ * \param[in] count how much is available
++ * \return true or false (as int?)
++ */
++INLINE int
++ldns_buffer_available(ldns_buffer *buffer, size_t count)
++{
++ return ldns_buffer_available_at(buffer, buffer->_position, count);
++}
++
++/**
++ * writes the given data to the buffer at the specified position
++ * \param[in] buffer the buffer
++ * \param[in] at the position (in number of bytes) to write the data at
++ * \param[in] data pointer to the data to write to the buffer
++ * \param[in] count the number of bytes of data to write
++ */
++INLINE void
++ldns_buffer_write_at(ldns_buffer *buffer, size_t at, const void *data, size_t count)
++{
++ assert(ldns_buffer_available_at(buffer, at, count));
++ memcpy(buffer->_data + at, data, count);
++}
++
++/**
++ * writes count bytes of data to the current position of the buffer
++ * \param[in] buffer the buffer
++ * \param[in] data the data to write
++ * \param[in] count the lenght of the data to write
++ */
++INLINE void
++ldns_buffer_write(ldns_buffer *buffer, const void *data, size_t count)
++{
++ ldns_buffer_write_at(buffer, buffer->_position, data, count);
++ buffer->_position += count;
++}
++
++/**
++ * copies the given (null-delimited) string to the specified position at the buffer
++ * \param[in] buffer the buffer
++ * \param[in] at the position in the buffer
++ * \param[in] str the string to write
++ */
++INLINE void
++ldns_buffer_write_string_at(ldns_buffer *buffer, size_t at, const char *str)
++{
++ ldns_buffer_write_at(buffer, at, str, strlen(str));
++}
++
++/**
++ * copies the given (null-delimited) string to the current position at the buffer
++ * \param[in] buffer the buffer
++ * \param[in] str the string to write
++ */
++INLINE void
++ldns_buffer_write_string(ldns_buffer *buffer, const char *str)
++{
++ ldns_buffer_write(buffer, str, strlen(str));
++}
++
++/**
++ * writes the given byte of data at the given position in the buffer
++ * \param[in] buffer the buffer
++ * \param[in] at the position in the buffer
++ * \param[in] data the 8 bits to write
++ */
++INLINE void
++ldns_buffer_write_u8_at(ldns_buffer *buffer, size_t at, uint8_t data)
++{
++ assert(ldns_buffer_available_at(buffer, at, sizeof(data)));
++ buffer->_data[at] = data;
++}
++
++/**
++ * writes the given byte of data at the current position in the buffer
++ * \param[in] buffer the buffer
++ * \param[in] data the 8 bits to write
++ */
++INLINE void
++ldns_buffer_write_u8(ldns_buffer *buffer, uint8_t data)
++{
++ ldns_buffer_write_u8_at(buffer, buffer->_position, data);
++ buffer->_position += sizeof(data);
++}
++
++/**
++ * writes the given 2 byte integer at the given position in the buffer
++ * \param[in] buffer the buffer
++ * \param[in] at the position in the buffer
++ * \param[in] data the 16 bits to write
++ */
++INLINE void
++ldns_buffer_write_u16_at(ldns_buffer *buffer, size_t at, uint16_t data)
++{
++ assert(ldns_buffer_available_at(buffer, at, sizeof(data)));
++ ldns_write_uint16(buffer->_data + at, data);
++}
++
++/**
++ * writes the given 2 byte integer at the current position in the buffer
++ * \param[in] buffer the buffer
++ * \param[in] data the 16 bits to write
++ */
++INLINE void
++ldns_buffer_write_u16(ldns_buffer *buffer, uint16_t data)
++{
++ ldns_buffer_write_u16_at(buffer, buffer->_position, data);
++ buffer->_position += sizeof(data);
++}
++
++/**
++ * writes the given 4 byte integer at the given position in the buffer
++ * \param[in] buffer the buffer
++ * \param[in] at the position in the buffer
++ * \param[in] data the 32 bits to write
++ */
++INLINE void
++ldns_buffer_write_u32_at(ldns_buffer *buffer, size_t at, uint32_t data)
++{
++ assert(ldns_buffer_available_at(buffer, at, sizeof(data)));
++ ldns_write_uint32(buffer->_data + at, data);
++}
++
++/**
++ * writes the given 4 byte integer at the current position in the buffer
++ * \param[in] buffer the buffer
++ * \param[in] data the 32 bits to write
++ */
++INLINE void
++ldns_buffer_write_u32(ldns_buffer *buffer, uint32_t data)
++{
++ ldns_buffer_write_u32_at(buffer, buffer->_position, data);
++ buffer->_position += sizeof(data);
++}
++
++/**
++ * copies count bytes of data at the given position to the given data-array
++ * \param[in] buffer the buffer
++ * \param[in] at the position in the buffer to start
++ * \param[out] data buffer to copy to
++ * \param[in] count the length of the data to copy
++ */
++INLINE void
++ldns_buffer_read_at(ldns_buffer *buffer, size_t at, void *data, size_t count)
++{
++ assert(ldns_buffer_available_at(buffer, at, count));
++ memcpy(data, buffer->_data + at, count);
++}
++
++/**
++ * copies count bytes of data at the current position to the given data-array
++ * \param[in] buffer the buffer
++ * \param[out] data buffer to copy to
++ * \param[in] count the length of the data to copy
++ */
++INLINE void
++ldns_buffer_read(ldns_buffer *buffer, void *data, size_t count)
++{
++ ldns_buffer_read_at(buffer, buffer->_position, data, count);
++ buffer->_position += count;
++}
++
++/**
++ * returns the byte value at the given position in the buffer
++ * \param[in] buffer the buffer
++ * \param[in] at the position in the buffer
++ * \return 1 byte integer
++ */
++INLINE uint8_t
++ldns_buffer_read_u8_at(ldns_buffer *buffer, size_t at)
++{
++ assert(ldns_buffer_available_at(buffer, at, sizeof(uint8_t)));
++ return buffer->_data[at];
++}
++
++/**
++ * returns the byte value at the current position in the buffer
++ * \param[in] buffer the buffer
++ * \return 1 byte integer
++ */
++INLINE uint8_t
++ldns_buffer_read_u8(ldns_buffer *buffer)
++{
++ uint8_t result = ldns_buffer_read_u8_at(buffer, buffer->_position);
++ buffer->_position += sizeof(uint8_t);
++ return result;
++}
++
++/**
++ * returns the 2-byte integer value at the given position in the buffer
++ * \param[in] buffer the buffer
++ * \param[in] at position in the buffer
++ * \return 2 byte integer
++ */
++INLINE uint16_t
++ldns_buffer_read_u16_at(ldns_buffer *buffer, size_t at)
++{
++ assert(ldns_buffer_available_at(buffer, at, sizeof(uint16_t)));
++ return ldns_read_uint16(buffer->_data + at);
++}
++
++/**
++ * returns the 2-byte integer value at the current position in the buffer
++ * \param[in] buffer the buffer
++ * \return 2 byte integer
++ */
++INLINE uint16_t
++ldns_buffer_read_u16(ldns_buffer *buffer)
++{
++ uint16_t result = ldns_buffer_read_u16_at(buffer, buffer->_position);
++ buffer->_position += sizeof(uint16_t);
++ return result;
++}
++
++/**
++ * returns the 4-byte integer value at the given position in the buffer
++ * \param[in] buffer the buffer
++ * \param[in] at position in the buffer
++ * \return 4 byte integer
++ */
++INLINE uint32_t
++ldns_buffer_read_u32_at(ldns_buffer *buffer, size_t at)
++{
++ assert(ldns_buffer_available_at(buffer, at, sizeof(uint32_t)));
++ return ldns_read_uint32(buffer->_data + at);
++}
++
++/**
++ * returns the 4-byte integer value at the current position in the buffer
++ * \param[in] buffer the buffer
++ * \return 4 byte integer
++ */
++INLINE uint32_t
++ldns_buffer_read_u32(ldns_buffer *buffer)
++{
++ uint32_t result = ldns_buffer_read_u32_at(buffer, buffer->_position);
++ buffer->_position += sizeof(uint32_t);
++ return result;
++}
++
++/**
++ * returns the status of the buffer
++ * \param[in] buffer
++ * \return the status
++ */
++INLINE ldns_status
++ldns_buffer_status(ldns_buffer *buffer)
++{
++ return buffer->_status;
++}
++
++/**
++ * returns true if the status of the buffer is LDNS_STATUS_OK, false otherwise
++ * \param[in] buffer the buffer
++ * \return true or false
++ */
++INLINE bool
++ldns_buffer_status_ok(ldns_buffer *buffer)
++{
++ if (buffer) {
++ return ldns_buffer_status(buffer) == LDNS_STATUS_OK;
++ } else {
++ return false;
++ }
++}
++
++/**
++ * prints to the buffer, increasing the capacity if required using
++ * buffer_reserve(). The buffer's position is set to the terminating '\\0'
++ * Returns the number of characters written (not including the
++ * terminating '\\0') or -1 on failure.
++ */
++int ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...);
++/* ATTR_FORMAT(printf, 2, 3);*/
++
++/**
++ * frees the buffer.
++ * \param[in] *buffer the buffer to be freed
++ * \return void
++ */
++void ldns_buffer_free(ldns_buffer *buffer);
++
++/**
++ * Makes the buffer fixed and returns a pointer to the data. The
++ * caller is responsible for free'ing the result.
++ * \param[in] *buffer the buffer to be exported
++ * \return void
++ */
++void *ldns_buffer_export(ldns_buffer *buffer);
++
++/**
++ * Copy contents of the from buffer to the result buffer and then flips
++ * the result buffer. Data will be silently truncated if the result buffer is
++ * too small.
++ * \param[out] *result resulting buffer which is copied to.
++ * \param[in] *from what to copy to result.
++ */
++void ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_BUFFER_H */
+diff --git a/ldns/include/ldns/common.h b/ldns/include/ldns/common.h
+new file mode 100644
+index 0000000..9abd9b9
+--- /dev/null
++++ b/ldns/include/ldns/common.h
+@@ -0,0 +1,78 @@
++/**
++ * \file common.h
++ *
++ * Common definitions for LDNS
++ */
++
++/**
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#ifndef LDNS_COMMON_H
++#define LDNS_COMMON_H
++
++/*
++ * The build configuration that is used in the distributed headers,
++ * as detected and determined by the auto configure script.
++ */
++#define LDNS_BUILD_CONFIG_HAVE_SSL 1
++#define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H 1
++#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT 1
++#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED 1
++#define LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T 1
++#define LDNS_BUILD_CONFIG_USE_DANE 1
++#define LDNS_BUILD_CONFIG_HAVE_B32_PTON 0
++#define LDNS_BUILD_CONFIG_HAVE_B32_NTOP 0
++
++/*
++ * HAVE_STDBOOL_H is not available when distributed as a library, but no build
++ * configuration variables may be used (like those above) because the header
++ * is sometimes only available when using special compiler flags to enable the
++ * c99 environment. Because we cannot force the usage of this flag, we have to
++ * provide a default type. Below what is suggested by the autoconf manual.
++ */
++/*@ignore@*/
++/* splint barfs on this construct */
++#ifndef __bool_true_false_are_defined
++# ifdef HAVE_STDBOOL_H
++# include <stdbool.h>
++# else
++# ifndef HAVE__BOOL
++# ifdef __cplusplus
++typedef bool _Bool;
++# else
++# define _Bool signed char
++# endif
++# endif
++# define bool _Bool
++# define false 0
++# define true 1
++# define __bool_true_false_are_defined 1
++# endif
++#endif
++/*@end@*/
++
++#if LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT
++#define ATTR_FORMAT(archetype, string_index, first_to_check) \
++ __attribute__ ((format (archetype, string_index, first_to_check)))
++#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */
++#define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */
++#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */
++
++#if defined(__cplusplus)
++#define ATTR_UNUSED(x)
++#elif LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED
++#define ATTR_UNUSED(x) x __attribute__((unused))
++#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */
++#define ATTR_UNUSED(x) x
++#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */
++
++#if !LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T
++typedef int socklen_t;
++#endif
++
++#endif /* LDNS_COMMON_H */
+diff --git a/ldns/include/ldns/config.h b/ldns/include/ldns/config.h
+new file mode 100644
+index 0000000..d77cc7f
+--- /dev/null
++++ b/ldns/include/ldns/config.h
+@@ -0,0 +1,590 @@
++#include "EXTERN.h"
++#include "perl.h"
++
++/* Define if building universal (internal helper macro) */
++/* #undef AC_APPLE_UNIVERSAL_BUILD */
++
++/* Define to 1 if you have the <arpa/inet.h> header file. */
++#define HAVE_ARPA_INET_H 1
++
++/* Whether the C compiler accepts the "format" attribute */
++#define HAVE_ATTR_FORMAT 1
++
++/* Whether the C compiler accepts the "unused" attribute */
++#define HAVE_ATTR_UNUSED 1
++
++/* Define to 1 if you have the `b32_ntop' function. */
++/* #undef HAVE_B32_NTOP */
++
++/* Define to 1 if you have the `b32_pton' function. */
++/* #undef HAVE_B32_PTON */
++
++/* Define to 1 if you have the `b64_ntop' function. */
++/* #undef HAVE_B64_NTOP */
++
++/* Define to 1 if you have the `b64_pton' function. */
++/* #undef HAVE_B64_PTON */
++
++/* Define to 1 if you have the `bzero' function. */
++#define HAVE_BZERO 1
++
++/* Define to 1 if you have the `calloc' function. */
++#define HAVE_CALLOC 1
++
++/* Define to 1 if you have the `ctime_r' function. */
++#define HAVE_CTIME_R 1
++
++/* Is a CAFILE given at configure time */
++#define HAVE_DANE_CA_FILE 0
++
++/* Is a CAPATH given at configure time */
++#define HAVE_DANE_CA_PATH 0
++
++/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
++ don't. */
++#define HAVE_DECL_NID_SECP384R1 1
++
++/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0
++ if you don't. */
++#define HAVE_DECL_NID_X9_62_PRIME256V1 1
++
++/* Define to 1 if you have the <dlfcn.h> header file. */
++#define HAVE_DLFCN_H 1
++
++/* Define to 1 if you have the `endprotoent' function. */
++#define HAVE_ENDPROTOENT 1
++
++/* Define to 1 if you have the `endservent' function. */
++#define HAVE_ENDSERVENT 1
++
++/* Define to 1 if you have the `ENGINE_load_cryptodev' function. */
++#define HAVE_ENGINE_LOAD_CRYPTODEV 1
++
++/* Define to 1 if you have the `EVP_sha256' function. */
++#define HAVE_EVP_SHA256 1
++
++/* Define to 1 if you have the `fcntl' function. */
++#define HAVE_FCNTL 1
++
++/* Define to 1 if you have the `fork' function. */
++#define HAVE_FORK 1
++
++/* Whether getaddrinfo is available */
++#define HAVE_GETADDRINFO 1
++
++/* Define to 1 if you have the <getopt.h> header file. */
++#define HAVE_GETOPT_H 1
++
++/* Define to 1 if you have the `gmtime_r' function. */
++#define HAVE_GMTIME_R 1
++
++/* If you have HMAC_CTX_init */
++#define HAVE_HMAC_CTX_INIT 1
++
++/* Define to 1 if you have the `inet_aton' function. */
++#define HAVE_INET_ATON 1
++
++/* Define to 1 if you have the `inet_ntop' function. */
++#define HAVE_INET_NTOP 1
++
++/* Define to 1 if you have the `inet_pton' function. */
++#define HAVE_INET_PTON 1
++
++/* define if you have inttypes.h */
++#define HAVE_INTTYPES_H 1
++
++/* if the function 'ioctlsocket' is available */
++/* #undef HAVE_IOCTLSOCKET */
++
++/* Define to 1 if you have the `isascii' function. */
++#define HAVE_ISASCII 1
++
++/* Define to 1 if you have the `isblank' function. */
++#define HAVE_ISBLANK 1
++
++/* Define to 1 if you have the `pcap' library (-lpcap). */
++/* #undef HAVE_LIBPCAP */
++
++/* Define to 1 if you have the `localtime_r' function. */
++#define HAVE_LOCALTIME_R 1
++
++/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
++ to 0 otherwise. */
++#define HAVE_MALLOC 1
++
++/* Define to 1 if you have the `memmove' function. */
++#define HAVE_MEMMOVE 1
++
++/* Define to 1 if you have the <memory.h> header file. */
++#define HAVE_MEMORY_H 1
++
++/* Define to 1 if you have the `memset' function. */
++#define HAVE_MEMSET 1
++
++/* Define to 1 if you have the <netdb.h> header file. */
++#define HAVE_NETDB_H 1
++
++/* Define to 1 if you have the <netinet/if_ether.h> header file. */
++/* #undef HAVE_NETINET_IF_ETHER_H */
++
++/* Define to 1 if you have the <netinet/igmp.h> header file. */
++/* #undef HAVE_NETINET_IGMP_H */
++
++/* Define to 1 if you have the <netinet/in.h> header file. */
++#define HAVE_NETINET_IN_H 1
++
++/* Define to 1 if you have the <netinet/in_systm.h> header file. */
++/* #undef HAVE_NETINET_IN_SYSTM_H */
++
++/* Define to 1 if you have the <netinet/ip6.h> header file. */
++/* #undef HAVE_NETINET_IP6_H */
++
++/* Define to 1 if you have the <netinet/ip_compat.h> header file. */
++/* #undef HAVE_NETINET_IP_COMPAT_H */
++
++/* Define to 1 if you have the <netinet/ip.h> header file. */
++/* #undef HAVE_NETINET_IP_H */
++
++/* Define to 1 if you have the <netinet/udp.h> header file. */
++/* #undef HAVE_NETINET_UDP_H */
++
++/* Define to 1 if you have the <net/ethernet.h> header file. */
++/* #undef HAVE_NET_ETHERNET_H */
++
++/* Define to 1 if you have the <net/if.h> header file. */
++/* #undef HAVE_NET_IF_H */
++
++/* Define to 1 if you have the <openssl/err.h> header file. */
++#define HAVE_OPENSSL_ERR_H 1
++
++/* Define to 1 if you have the <openssl/rand.h> header file. */
++#define HAVE_OPENSSL_RAND_H 1
++
++/* Define to 1 if you have the <openssl/ssl.h> header file. */
++#define HAVE_OPENSSL_SSL_H 1
++
++/* Define to 1 if you have the <pcap.h> header file. */
++/* #undef HAVE_PCAP_H */
++
++/* Define to 1 if you have the `random' function. */
++#define HAVE_RANDOM 1
++
++/* Define to 1 if your system has a GNU libc compatible `realloc' function,
++ and to 0 otherwise. */
++#define HAVE_REALLOC 1
++
++/* Define to 1 if you have the `sleep' function. */
++#define HAVE_SLEEP 1
++
++/* Define to 1 if you have the `snprintf' function. */
++#define HAVE_SNPRINTF 1
++
++/* Define if you have the SSL libraries installed. */
++#define HAVE_SSL /**/
++
++/* Define to 1 if you have the <stdarg.h> header file. */
++#define HAVE_STDARG_H 1
++
++/* Define to 1 if stdbool.h conforms to C99. */
++#define HAVE_STDBOOL_H 1
++
++/* Define to 1 if you have the <stdint.h> header file. */
++#define HAVE_STDINT_H 1
++
++/* Define to 1 if you have the <stdlib.h> header file. */
++#define HAVE_STDLIB_H 1
++
++/* Define to 1 if you have the <strings.h> header file. */
++#define HAVE_STRINGS_H 1
++
++/* Define to 1 if you have the <string.h> header file. */
++#define HAVE_STRING_H 1
++
++/* Define to 1 if you have the `strlcpy' function. */
++#ifdef HAS_STRLCPY
++#define HAVE_STRLCPY 1
++#else
++#undef HAVE_STRLCPY
++#endif
++
++/* Define to 1 if you have the `strtoul' function. */
++#define HAVE_STRTOUL 1
++
++/* Define to 1 if you have the <sys/mount.h> header file. */
++#define HAVE_SYS_MOUNT_H 1
++
++/* Define to 1 if you have the <sys/param.h> header file. */
++#define HAVE_SYS_PARAM_H 1
++
++/* define if you have sys/socket.h */
++#define HAVE_SYS_SOCKET_H 1
++
++/* Define to 1 if you have the <sys/stat.h> header file. */
++#define HAVE_SYS_STAT_H 1
++
++/* define if you have sys/types.h */
++#define HAVE_SYS_TYPES_H 1
++
++/* Define to 1 if you have the `timegm' function. */
++#define HAVE_TIMEGM 1
++
++/* Define to 1 if you have the <time.h> header file. */
++#define HAVE_TIME_H 1
++
++/* define if you have unistd.h */
++#define HAVE_UNISTD_H 1
++
++/* Define to 1 if you have the `vfork' function. */
++#define HAVE_VFORK 1
++
++/* Define to 1 if you have the <vfork.h> header file. */
++/* #undef HAVE_VFORK_H */
++
++/* Define to 1 if you have the <winsock2.h> header file. */
++/* #undef HAVE_WINSOCK2_H */
++
++/* Define to 1 if `fork' works. */
++#define HAVE_WORKING_FORK 1
++
++/* Define to 1 if `vfork' works. */
++#define HAVE_WORKING_VFORK 1
++
++/* Define to 1 if you have the <ws2tcpip.h> header file. */
++/* #undef HAVE_WS2TCPIP_H */
++
++/* Define to 1 if the system has the type `_Bool'. */
++#define HAVE__BOOL 1
++
++/* Is a CAFILE given at configure time */
++/* #undef LDNS_DANE_CA_FILE */
++
++/* Is a CAPATH given at configure time */
++/* #undef LDNS_DANE_CA_PATH */
++
++/* Define to the sub-directory where libtool stores uninstalled libraries. */
++#define LT_OBJDIR ".libs/"
++
++/* Define to the address where bug reports for this package should be sent. */
++#define PACKAGE_BUGREPORT "libdns at nlnetlabs.nl"
++
++/* Define to the full name of this package. */
++#define PACKAGE_NAME "ldns"
++
++/* Define to the full name and version of this package. */
++#define PACKAGE_STRING "ldns 1.6.17"
++
++/* Define to the one symbol short name of this package. */
++#define PACKAGE_TARNAME "libdns"
++
++/* Define to the home page for this package. */
++#define PACKAGE_URL ""
++
++/* Define to the version of this package. */
++#define PACKAGE_VERSION "1.6.17"
++
++/* Define this to enable RR type NINFO. */
++/* #undef RRTYPE_NINFO */
++
++/* Define this to enable RR type OPENPGPKEY. */
++/* #undef RRTYPE_OPENPGPKEY */
++
++/* Define this to enable RR type RKEY. */
++/* #undef RRTYPE_RKEY */
++
++/* Define this to enable RR type TA. */
++/* #undef RRTYPE_TA */
++
++/* Define this to enable RR type URI. */
++/* #undef RRTYPE_URI */
++
++/* The size of `time_t', as computed by sizeof. */
++#define SIZEOF_TIME_T 8
++
++/* Define to 1 if you have the ANSI C header files. */
++#define STDC_HEADERS 1
++
++/* Define this to enable messages to stderr. */
++/* #undef STDERR_MSGS */
++
++/* System configuration dir */
++#define SYSCONFDIR sysconfdir
++
++/* Define this to enable DANE support. */
++#define USE_DANE 1
++
++/* Define this to enable ECDSA support. */
++#define USE_ECDSA 1
++
++/* Define this to enable GOST support. */
++/* #define USE_GOST 1 */
++
++/* Define this to enable SHA256 and SHA512 support. */
++#define USE_SHA2 1
++
++/* Enable extensions on AIX 3, Interix. */
++#ifndef _ALL_SOURCE
++# define _ALL_SOURCE 1
++#endif
++/* Enable GNU extensions on systems that have them. */
++#ifndef _GNU_SOURCE
++# define _GNU_SOURCE 1
++#endif
++/* Enable threading extensions on Solaris. */
++#ifndef _POSIX_PTHREAD_SEMANTICS
++# define _POSIX_PTHREAD_SEMANTICS 1
++#endif
++/* Enable extensions on HP NonStop. */
++#ifndef _TANDEM_SOURCE
++# define _TANDEM_SOURCE 1
++#endif
++/* Enable general extensions on Solaris. */
++#ifndef __EXTENSIONS__
++# define __EXTENSIONS__ 1
++#endif
++
++
++/* Whether the windows socket API is used */
++/* #undef USE_WINSOCK */
++
++/* the version of the windows API enabled */
++#define WINVER 0x0502
++
++/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
++ significant byte first (like Motorola and SPARC, unlike Intel). */
++#if defined AC_APPLE_UNIVERSAL_BUILD
++# if defined __BIG_ENDIAN__
++# define WORDS_BIGENDIAN 1
++# endif
++#else
++# ifndef WORDS_BIGENDIAN
++/* # undef WORDS_BIGENDIAN */
++# endif
++#endif
++
++/* Define to 1 if on MINIX. */
++/* #undef _MINIX */
++
++/* Enable for compile on Minix */
++/* #undef _NETBSD_SOURCE */
++
++/* Define to 2 if the system does not provide POSIX.1 features except with
++ this defined. */
++/* #undef _POSIX_1_SOURCE */
++
++/* Define to 1 if you need to in order for `stat' and other things to work. */
++/* #undef _POSIX_SOURCE */
++
++/* Define to empty if `const' does not conform to ANSI C. */
++/* #undef const */
++
++/* in_addr_t */
++/* #undef in_addr_t */
++
++/* in_port_t */
++/* #undef in_port_t */
++
++/* Define to `__inline__' or `__inline' if that's what the C compiler
++ calls it, or to nothing if 'inline' is not supported under any name. */
++#ifndef __cplusplus
++/* #undef inline */
++#endif
++
++/* Define to `short' if <sys/types.h> does not define. */
++/* #undef int16_t */
++
++/* Define to `int' if <sys/types.h> does not define. */
++/* #undef int32_t */
++
++/* Define to `long long' if <sys/types.h> does not define. */
++/* #undef int64_t */
++
++/* Define to `char' if <sys/types.h> does not define. */
++/* #undef int8_t */
++
++/* Define to `size_t' if <sys/types.h> does not define. */
++/* #undef intptr_t */
++
++/* Define to rpl_malloc if the replacement function should be used. */
++/* #undef malloc */
++
++/* Define to `int' if <sys/types.h> does not define. */
++/* #undef pid_t */
++
++/* Define to rpl_realloc if the replacement function should be used. */
++/* #undef realloc */
++
++/* Define to `unsigned int' if <sys/types.h> does not define. */
++/* #undef size_t */
++
++/* Define to 'int' if not defined */
++/* #undef socklen_t */
++
++/* Fallback member name for socket family in struct sockaddr_storage */
++/* #undef ss_family */
++
++/* Define to `int' if <sys/types.h> does not define. */
++/* #undef ssize_t */
++
++/* Define to `unsigned short' if <sys/types.h> does not define. */
++/* #undef uint16_t */
++
++/* Define to `unsigned int' if <sys/types.h> does not define. */
++/* #undef uint32_t */
++
++/* Define to `unsigned long long' if <sys/types.h> does not define. */
++/* #undef uint64_t */
++
++/* Define to `unsigned char' if <sys/types.h> does not define. */
++/* #undef uint8_t */
++
++/* Define as `fork' if `vfork' does not work. */
++/* #undef vfork */
++
++
++#include <stdio.h>
++#include <string.h>
++#include <unistd.h>
++#include <assert.h>
++
++#ifndef LITTLE_ENDIAN
++#define LITTLE_ENDIAN 1234
++#endif
++
++#ifndef BIG_ENDIAN
++#define BIG_ENDIAN 4321
++#endif
++
++#ifndef BYTE_ORDER
++#ifdef WORDS_BIGENDIAN
++#define BYTE_ORDER BIG_ENDIAN
++#else
++#define BYTE_ORDER LITTLE_ENDIAN
++#endif /* WORDS_BIGENDIAN */
++#endif /* BYTE_ORDER */
++
++#if STDC_HEADERS
++#include <stdlib.h>
++#include <stddef.h>
++#endif
++
++#ifdef HAVE_STDINT_H
++#include <stdint.h>
++#endif
++
++#ifdef HAVE_SYS_SOCKET_H
++#include <sys/socket.h>
++#endif
++
++#ifdef HAVE_NETINET_IN_H
++#include <netinet/in.h>
++#endif
++
++#ifdef HAVE_ARPA_INET_H
++#include <arpa/inet.h>
++#endif
++
++#ifdef HAVE_WINSOCK2_H
++#include <winsock2.h>
++#endif
++
++#ifdef HAVE_WS2TCPIP_H
++#include <ws2tcpip.h>
++#endif
++
++
++/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
++#ifdef HAVE_WINSOCK2_H
++#define FD_SET_T (u_int)
++#else
++#define FD_SET_T
++#endif
++
++
++
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++int ldns_b64_ntop(uint8_t const *src, size_t srclength,
++ char *target, size_t targsize);
++/**
++ * calculates the size needed to store the result of b64_ntop
++ */
++/*@unused@*/
++static inline size_t ldns_b64_ntop_calculate_size(size_t srcsize)
++{
++ return ((((srcsize + 2) / 3) * 4) + 1);
++}
++int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
++/**
++ * calculates the size needed to store the result of ldns_b64_pton
++ */
++/*@unused@*/
++static inline size_t ldns_b64_pton_calculate_size(size_t srcsize)
++{
++ return (((((srcsize + 3) / 4) * 3)) + 1);
++}
++
++/**
++ * Given in dnssec_zone.c, also used in dnssec_sign.c:w
++
++ */
++int ldns_dname_compare_v(const void *a, const void *b);
++
++#ifndef HAVE_SLEEP
++/* use windows sleep, in millisecs, instead */
++#define sleep(x) Sleep((x)*1000)
++#endif
++
++#ifndef HAVE_RANDOM
++#define srandom(x) srand(x)
++#define random(x) rand(x)
++#endif
++
++#ifndef HAVE_TIMEGM
++#include <time.h>
++time_t timegm (struct tm *tm);
++#endif /* !TIMEGM */
++#ifndef HAVE_GMTIME_R
++struct tm *gmtime_r(const time_t *timep, struct tm *result);
++#endif
++#ifndef HAVE_LOCALTIME_R
++struct tm *localtime_r(const time_t *timep, struct tm *result);
++#endif
++#ifndef HAVE_ISBLANK
++int isblank(int c);
++#endif /* !HAVE_ISBLANK */
++#ifndef HAVE_ISASCII
++int isascii(int c);
++#endif /* !HAVE_ISASCII */
++#ifndef HAVE_SNPRINTF
++#include <stdarg.h>
++int snprintf (char *str, size_t count, const char *fmt, ...);
++int vsnprintf (char *str, size_t count, const char *fmt, va_list arg);
++#endif /* HAVE_SNPRINTF */
++#ifndef HAVE_INET_PTON
++int inet_pton(int af, const char* src, void* dst);
++#endif /* HAVE_INET_PTON */
++#ifndef HAVE_INET_NTOP
++const char *inet_ntop(int af, const void *src, char *dst, size_t size);
++#endif
++#ifndef HAVE_INET_ATON
++int inet_aton(const char *cp, struct in_addr *addr);
++#endif
++#ifndef HAVE_MEMMOVE
++void *memmove(void *dest, const void *src, size_t n);
++#endif
++#ifndef HAVE_STRLCPY
++size_t strlcpy(char *dst, const char *src, size_t siz);
++#endif
++#ifdef __cplusplus
++}
++#endif
++#ifndef HAVE_GETADDRINFO
++#include "compat/fake-rfc2553.h"
++#endif
++#ifndef HAVE_STRTOUL
++#define strtoul (unsigned long)strtol
++#endif
++
+diff --git a/ldns/include/ldns/dane.h b/ldns/include/ldns/dane.h
+new file mode 100644
+index 0000000..8234eb7
+--- /dev/null
++++ b/ldns/include/ldns/dane.h
+@@ -0,0 +1,262 @@
++/*
++ * dane.h -- defines for the DNS-Based Authentication of Named Entities (DANE)
++ * Transport Layer Security (TLS) Protocol: TLSA
++ *
++ * Copyright (c) 2012, NLnet Labs. All rights reserved.
++ *
++ * See LICENSE for the license.
++ *
++ */
++
++/**
++ * \file
++ *
++ * This module contains base functions for creating and verifying TLSA RR's
++ * with PKIX certificates, certificate chains and validation stores.
++ * (See RFC6394 and RFC6698).
++ *
++ * Since those functions heavily rely op cryptographic operations,
++ * this module is dependent on openssl.
++ */
++
++
++#ifndef LDNS_DANE_H
++#define LDNS_DANE_H
++#if LDNS_BUILD_CONFIG_USE_DANE
++
++#include <ldns/common.h>
++#include <ldns/rdata.h>
++#include <ldns/rr.h>
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++#include <openssl/ssl.h>
++#include <openssl/err.h>
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * The different "Certificate usage" rdata field values for a TLSA RR.
++ */
++enum ldns_enum_tlsa_certificate_usage
++{
++ /** CA constraint */
++ LDNS_TLSA_USAGE_PKIX_TA = 0,
++ LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
++ /** Sevice certificate constraint */
++ LDNS_TLSA_USAGE_PKIX_EE = 1,
++ LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
++ /** Trust anchor assertion */
++ LDNS_TLSA_USAGE_DANE_TA = 2,
++ LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2,
++ /** Domain issued certificate */
++ LDNS_TLSA_USAGE_DANE_EE = 3,
++ LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3,
++ /** Reserved for Private Use */
++ LDNS_TLSA_USAGE_PRIVCERT = 255
++};
++typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage;
++
++/**
++ * The different "Selector" rdata field values for a TLSA RR.
++ */
++enum ldns_enum_tlsa_selector
++{
++ /**
++ * Full certificate: the Certificate binary structure
++ * as defined in [RFC5280]
++ */
++ LDNS_TLSA_SELECTOR_CERT = 0,
++ LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0,
++
++ /**
++ * SubjectPublicKeyInfo: DER-encoded binary structure
++ * as defined in [RFC5280]
++ */
++ LDNS_TLSA_SELECTOR_SPKI = 1,
++ LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1,
++
++ /** Reserved for Private Use */
++ LDNS_TLSA_SELECTOR_PRIVSEL = 255
++};
++typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
++
++/**
++ * The different "Matching type" rdata field values for a TLSA RR.
++ */
++enum ldns_enum_tlsa_matching_type
++{
++ /** Exact match on selected content */
++ LDNS_TLSA_MATCHING_TYPE_FULL = 0,
++ LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0,
++ /** SHA-256 hash of selected content [RFC6234] */
++ LDNS_TLSA_MATCHING_TYPE_SHA2_256 = 1,
++ LDNS_TLSA_MATCHING_TYPE_SHA256 = 1,
++ /** SHA-512 hash of selected content [RFC6234] */
++ LDNS_TLSA_MATCHING_TYPE_SHA2_512 = 2,
++ LDNS_TLSA_MATCHING_TYPE_SHA512 = 2,
++ /** Reserved for Private Use */
++ LDNS_TLSA_MATCHING_TYPE_PRIVMATCH = 255
++};
++typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type;
++
++/**
++ * Known transports to use with TLSA owner names.
++ */
++enum ldns_enum_dane_transport
++{
++ /** TCP */
++ LDNS_DANE_TRANSPORT_TCP = 0,
++ /** UDP */
++ LDNS_DANE_TRANSPORT_UDP = 1,
++ /** SCTP */
++ LDNS_DANE_TRANSPORT_SCTP = 2
++};
++typedef enum ldns_enum_dane_transport ldns_dane_transport;
++
++
++/**
++ * Creates a dname consisting of the given name, prefixed by the service port
++ * and type of transport: _<EM>port</EM>._<EM>transport</EM>.<EM>name</EM>.
++ *
++ * \param[out] tlsa_owner The created dname.
++ * \param[in] name The dname that should be prefixed.
++ * \param[in] port The service port number for wich the name should be created.
++ * \param[in] transport The transport for wich the name should be created.
++ * \return LDNS_STATUS_OK on success or an error code otherwise.
++ */
++ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
++ const ldns_rdf* name, uint16_t port,
++ ldns_dane_transport transport);
++
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * Creates a LDNS_RDF_TYPE_HEX type rdf based on the binary data choosen by
++ * the selector and encoded using matching_type.
++ *
++ * \param[out] rdf The created created rdf of type LDNS_RDF_TYPE_HEX.
++ * \param[in] cert The certificate from which the data is selected
++ * \param[in] selector The full certificate or the public key
++ * \param[in] matching_type The full data or the SHA256 or SHA512 hash
++ * of the selected data
++ * \return LDNS_STATUS_OK on success or an error code otherwise.
++ */
++ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
++ ldns_tlsa_selector selector,
++ ldns_tlsa_matching_type matching_type);
++
++
++/**
++ * Selects the certificate from cert, extra_certs or the pkix_validation_store
++ * based on the value of cert_usage and index.
++ *
++ * \param[out] selected_cert The selected cert.
++ * \param[in] cert The certificate to validate (or not)
++ * \param[in] extra_certs Intermediate certificates that might be necessary
++ * during validation. May be NULL, except when the certificate
++ * usage is "Trust Anchor Assertion" because the trust anchor has
++ * to be provided.(otherwise choose a "Domain issued certificate!"
++ * \param[in] pkix_validation_store Used when the certificate usage is
++ * "CA constraint" or "Service Certificate Constraint" to
++ * validate the certificate and, in case of "CA constraint",
++ * select the CA.
++ * When pkix_validation_store is NULL, validation is explicitely
++ * turned off and the behaviour is then the same as for "Trust
++ * anchor assertion" and "Domain issued certificate" respectively.
++ * \param[in] cert_usage Which certificate to use and how to validate.
++ * \param[in] index Used to select the trust anchor when certificate usage
++ * is "Trust Anchor Assertion". 0 is the last certificate in the
++ * validation chain. 1 the one but last, etc. When index is -1,
++ * the last certificate is used that MUST be self-signed.
++ * This can help to make sure that the intended (self signed)
++ * trust anchor is actually present in extra_certs (which is a
++ * DANE requirement).
++ *
++ * \return LDNS_STATUS_OK on success or an error code otherwise.
++ */
++ldns_status ldns_dane_select_certificate(X509** selected_cert,
++ X509* cert, STACK_OF(X509)* extra_certs,
++ X509_STORE* pkix_validation_store,
++ ldns_tlsa_certificate_usage cert_usage, int index);
++
++/**
++ * Creates a TLSA resource record from the certificate.
++ * No PKIX validation is performed! The given certificate is used as data
++ * regardless the value of certificate_usage.
++ *
++ * \param[out] tlsa The created TLSA resource record.
++ * \param[in] certificate_usage The value for the Certificate Usage field
++ * \param[in] selector The value for the Selector field
++ * \param[in] matching_type The value for the Matching Type field
++ * \param[in] cert The certificate which data will be represented
++ *
++ * \return LDNS_STATUS_OK on success or an error code otherwise.
++ */
++ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
++ ldns_tlsa_certificate_usage certificate_usage,
++ ldns_tlsa_selector selector,
++ ldns_tlsa_matching_type matching_type,
++ X509* cert);
++
++/**
++ * Verify if the given TLSA resource record matches the given certificate.
++ * Reporting on a TLSA rr mismatch (LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH)
++ * is preferred over PKIX failure (LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE).
++ * So when PKIX validation is required by the TLSA Certificate usage,
++ * but the TLSA data does not match, LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
++ * is returned whether the PKIX validated or not.
++ *
++ * \param[in] tlsa_rr The resource record that specifies what and how to
++ * match the certificate. With tlsa_rr == NULL, regular PKIX
++ * validation is performed.
++ * \param[in] cert The certificate to match (and validate)
++ * \param[in] extra_certs Intermediate certificates that might be necessary
++ * creating the validation chain.
++ * \param[in] pkix_validation_store Used when the certificate usage is
++ * "CA constraint" or "Service Certificate Constraint" to
++ * validate the certificate.
++ *
++ * \return LDNS_STATUS_OK on success,
++ * LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH on TLSA data mismatch,
++ * LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when TLSA matched,
++ * but the PKIX validation failed, or other ldns_status errors.
++ */
++ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
++ X509* cert, STACK_OF(X509)* extra_certs,
++ X509_STORE* pkix_validation_store);
++
++/**
++ * Verify if any of the given TLSA resource records matches the given
++ * certificate.
++ *
++ * \param[in] tlsas The resource records that specify what and how to
++ * match the certificate. One must match for this function
++ * to succeed. With tlsas == NULL or the number of TLSA records
++ * in tlsas == 0, regular PKIX validation is performed.
++ * \param[in] cert The certificate to match (and validate)
++ * \param[in] extra_certs Intermediate certificates that might be necessary
++ * creating the validation chain.
++ * \param[in] pkix_validation_store Used when the certificate usage is
++ * "CA constraint" or "Service Certificate Constraint" to
++ * validate the certificate.
++ *
++ * \return LDNS_STATUS_OK on success,
++ * LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when one of the TLSA's
++ * matched but the PKIX validation failed,
++ * LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH when none of the TLSA's matched,
++ * or other ldns_status errors.
++ */
++ldns_status ldns_dane_verify(ldns_rr_list* tlsas,
++ X509* cert, STACK_OF(X509)* extra_certs,
++ X509_STORE* pkix_validation_store);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_BUILD_CONFIG_USE_DANE */
++#endif /* LDNS_DANE_H */
++
+diff --git a/ldns/include/ldns/dname.h b/ldns/include/ldns/dname.h
+new file mode 100644
+index 0000000..291786b
+--- /dev/null
++++ b/ldns/include/ldns/dname.h
+@@ -0,0 +1,211 @@
++/*
++ * dname.h
++ *
++ * dname definitions
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++/**
++ * \file dname.h
++ *
++ * dname contains function to read and manipulate domain names.
++ *
++ * Example domain names are "www.nlnetlabs.nl." and "." (the root)
++ *
++ * If a domain name ends with a dot ("."), it is called a Fully Qualified
++ * Domain Name (FQDN). In certain places (for instance when reading a zone
++ * file), an origin (which is just another domain name) non-FQDNs will be
++ * placed after the current. For instance, if i have a zone file where the
++ * origin has been set to "nl.", and my file contains the name
++ * "www.nlnetlabs", it will result in "www.nlnetlabs.nl.". Internally, dnames are
++ * always absolute (the dot is added when it is missing and there is no origin).
++ *
++ * An FQDN is also
++ * known as an absolute domain name, therefore the function to check this is
++ * called \ref ldns_dname_str_absolute
++ *
++ * Domain names are stored in \ref ldns_rdf structures, with the type
++ * \ref LDNS_RDF_TYPE_DNAME
++ *
++ * This module is *NOT* about the RR type called DNAME.
++ */
++
++
++#ifndef LDNS_DNAME_H
++#define LDNS_DNAME_H
++
++#include <ldns/common.h>
++#include <ldns/rdata.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define LDNS_DNAME_NORMALIZE tolower
++
++/**
++ * concatenates two dnames together
++ * \param[in] rd1 the leftside
++ * \param[in] rd2 the rightside
++ * \return a new rdf with leftside/rightside
++ */
++ldns_rdf *ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2);
++
++/**
++ * concatenates rd2 after rd1 (rd2 is copied, rd1 is modified)
++ * \param[in] rd1 the leftside
++ * \param[in] rd2 the rightside
++ * \return LDNS_STATUS_OK on success
++ */
++ldns_status ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2);
++
++/**
++ * Returns a clone of the given dname with the labels
++ * reversed
++ * \param[in] d the dname to reverse
++ * \return clone of the dname with the labels reversed.
++ */
++ldns_rdf *ldns_dname_reverse(const ldns_rdf *d);
++
++/**
++ * Clones the given dname from the nth label on
++ * \param[in] d The dname to clone
++ * \param[in] n the label nr to clone from, if this is 0, the complete
++ * dname is cloned
++ * \return A newly allocated *rdf structure, containing the cloned dname,
++ * or NULL if either d was NULL, not a dname, or if n >=
++ * label_count
++ */
++ldns_rdf *
++ldns_dname_clone_from(const ldns_rdf *d, uint16_t n);
++
++/**
++ * chop one label off the left side of a dname. so
++ * wwww.nlnetlabs.nl, becomes nlnetlabs.nl
++ * This new name is a clone and must be freed with ldns_deep_free()
++ * \param[in] d the dname to chop
++ * \return the remaining dname
++ */
++ldns_rdf *ldns_dname_left_chop(const ldns_rdf *d);
++
++/**
++ * count the number of labels inside a LDNS_RDF_DNAME type rdf.
++ * \param[in] *r the rdf
++ * \return the number of labels
++ */
++uint8_t ldns_dname_label_count(const ldns_rdf *r);
++
++/**
++ * creates a new dname rdf from a string.
++ * \param[in] str string to use
++ * \return ldns_rdf* or NULL in case of an error
++ */
++ldns_rdf *ldns_dname_new_frm_str(const char *str);
++
++/**
++ * Create a new dname rdf from a string
++ * \param[in] s the size of the new dname
++ * \param[in] *data pointer to the actual data
++ *
++ * \return ldns_rdf*
++ */
++ldns_rdf *ldns_dname_new(uint16_t s, void *data);
++
++/**
++ * Create a new dname rdf from data (the data is copied)
++ * \param[in] size the size of the data
++ * \param[in] *data pointer to the actual data
++ *
++ * \return ldns_rdf*
++ */
++ldns_rdf *ldns_dname_new_frm_data(uint16_t size, const void *data);
++
++/**
++ * Put a dname into canonical fmt - ie. lowercase it
++ * \param[in] rdf the dname to lowercase
++ * \return void
++ */
++void ldns_dname2canonical(const ldns_rdf *rdf);
++
++/**
++ * test wether the name sub falls under parent (i.e. is a subdomain
++ * of parent). This function will return false if the given dnames are
++ * equal.
++ * \param[in] sub the name to test
++ * \param[in] parent the parent's name
++ * \return true if sub falls under parent, otherwise false
++ */
++bool ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent);
++
++/**
++ * Compares the two dname rdf's according to the algorithm for ordering
++ * in RFC4034 Section 6.
++ * \param[in] dname1 First dname rdf to compare
++ * \param[in] dname2 Second dname rdf to compare
++ * \return -1 if dname1 comes before dname2, 1 if dname1 comes after dname2, and 0 if they are equal.
++ */
++int ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2);
++int ldns_dname_compare_v(const void *, const void *);
++
++/**
++ * Checks whether the dname matches the given wildcard
++ * \param[in] dname The dname to check
++ * \param[in] wildcard The wildcard to check with
++ * \return 1 If the wildcard matches, OR if 'wildcard' is not a wildcard and
++ * the names are *exactly* the same
++ * 0 If the wildcard does not match, or if it is not a wildcard and
++ * the names are not the same
++ */
++int ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard);
++
++/**
++ * check if middle lays in the interval defined by prev and next
++ * prev <= middle < next. This is usefull for nsec checking
++ * \param[in] prev the previous dname
++ * \param[in] middle the dname to check
++ * \param[in] next the next dname
++ * return 0 on error or unknown, -1 when middle is in the interval, +1 when not
++ */
++int ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, const ldns_rdf *next);
++
++/**
++ * Checks whether the given dname string is absolute (i.e. ends with a '.')
++ * \param[in] *dname_str a string representing the dname
++ * \return true or false
++ */
++bool ldns_dname_str_absolute(const char *dname_str);
++
++/**
++ * Checks whether the given dname is absolute (i.e. ends with a '.')
++ * \param[in] *dname a rdf representing the dname
++ * \return true or false
++ */
++bool ldns_dname_absolute(const ldns_rdf *dname);
++
++/**
++ * look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME
++ * try and retrieve a specific label. The labels are numbered
++ * starting from 0 (left most).
++ * \param[in] rdf the rdf to look in
++ * \param[in] labelpos return the label with this number
++ * \return a ldns_rdf* with the label as name or NULL on error
++ */
++ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos);
++
++/**
++ * Check if dname is a wildcard, starts with *.
++ * \param[in] dname: the rdf to look in
++ * \return true if a wildcard, false if not.
++ */
++int ldns_dname_is_wildcard(const ldns_rdf* dname);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_DNAME_H */
+diff --git a/ldns/include/ldns/dnssec.h b/ldns/include/ldns/dnssec.h
+new file mode 100644
+index 0000000..f4cdafb
+--- /dev/null
++++ b/ldns/include/ldns/dnssec.h
+@@ -0,0 +1,541 @@
++/*
++ * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC)
++ *
++ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
++ *
++ * See LICENSE for the license.
++ *
++ * A bunch of defines that are used in the DNS
++ */
++
++/**
++ * \file dnssec.h
++ *
++ * This module contains base functions for DNSSEC operations
++ * (RFC4033 t/m RFC4035).
++ *
++ * Since those functions heavily rely op cryptographic operations,
++ * this module is dependent on openssl.
++ *
++ */
++
++
++#ifndef LDNS_DNSSEC_H
++#define LDNS_DNSSEC_H
++
++#include <ldns/common.h>
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++#include <openssl/ssl.h>
++#include <openssl/evp.h>
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++#include <ldns/packet.h>
++#include <ldns/keys.h>
++#include <ldns/zone.h>
++#include <ldns/resolver.h>
++#include <ldns/dnssec_zone.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define LDNS_MAX_KEYLEN 2048
++#define LDNS_DNSSEC_KEYPROTO 3
++/* default time before sigs expire */
++#define LDNS_DEFAULT_EXP_TIME 2419200 /* 4 weeks */
++
++/** return values for the old-signature callback */
++#define LDNS_SIGNATURE_LEAVE_ADD_NEW 0
++#define LDNS_SIGNATURE_LEAVE_NO_ADD 1
++#define LDNS_SIGNATURE_REMOVE_ADD_NEW 2
++#define LDNS_SIGNATURE_REMOVE_NO_ADD 3
++
++/**
++ * Returns the first RRSIG rr that corresponds to the rrset
++ * with the given name and type
++ *
++ * \param[in] name The dname of the RRset covered by the RRSIG to find
++ * \param[in] type The type of the RRset covered by the RRSIG to find
++ * \param[in] rrs List of rrs to search in
++ * \returns Pointer to the first RRsig ldns_rr found, or NULL if it is
++ * not present
++ */
++ldns_rr *ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name,
++ const ldns_rr_type type,
++ const ldns_rr_list *rrs);
++
++/**
++ * Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if
++ * any
++ *
++ * \param[in] rrsig The rrsig to find the DNSKEY for
++ * \param[in] rrs The rr list to find the key in
++ * \return The DNSKEY that corresponds to the given RRSIG, or NULL if it was
++ * not found.
++ */
++ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs);
++
++/**
++ * Returns the rdata field that contains the bitmap of the covered types of
++ * the given NSEC record
++ *
++ * \param[in] nsec The nsec to get the covered type bitmap of
++ * \return An ldns_rdf containing the bitmap, or NULL on error
++ */
++ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec);
++
++
++#define LDNS_NSEC3_MAX_ITERATIONS 65535
++
++/**
++ * Returns the dname of the closest (provable) encloser
++ */
++ldns_rdf *
++ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
++ ldns_rr_type qtype,
++ ldns_rr_list *nsec3s);
++
++/**
++ * Checks whether the packet contains rrsigs
++ */
++bool
++ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt);
++
++/**
++ * Returns a ldns_rr_list containing the signatures covering the given name
++ * and type
++ */
++ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type);
++
++/**
++ * Returns a ldns_rr_list containing the signatures covering the given type
++ */
++ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type);
++
++/**
++ * calculates a keytag of a key for use in DNSSEC.
++ *
++ * \param[in] key the key as an RR to use for the calc.
++ * \return the keytag
++ */
++uint16_t ldns_calc_keytag(const ldns_rr *key);
++
++/**
++ * Calculates keytag of DNSSEC key, operates on wireformat rdata.
++ * \param[in] key the key as uncompressed wireformat rdata.
++ * \param[in] keysize length of key data.
++ * \return the keytag
++ */
++uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize);
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * converts a buffer holding key material to a DSA key in openssl.
++ *
++ * \param[in] key the key to convert
++ * \return a DSA * structure with the key material
++ */
++DSA *ldns_key_buf2dsa(ldns_buffer *key);
++/**
++ * Like ldns_key_buf2dsa, but uses raw buffer.
++ * \param[in] key the uncompressed wireformat of the key.
++ * \param[in] len length of key data
++ * \return a DSA * structure with the key material
++ */
++DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len);
++
++/**
++ * Utility function to calculate hash using generic EVP_MD pointer.
++ * \param[in] data the data to hash.
++ * \param[in] len length of data.
++ * \param[out] dest the destination of the hash, must be large enough.
++ * \param[in] md the message digest to use.
++ * \return true if worked, false on failure.
++ */
++int ldns_digest_evp(unsigned char* data, unsigned int len,
++ unsigned char* dest, const EVP_MD* md);
++
++/**
++ * Converts a holding buffer with key material to EVP PKEY in openssl.
++ * Only available if ldns was compiled with GOST.
++ * \param[in] key data to convert
++ * \param[in] keylen length of the key data
++ * \return the key or NULL on error.
++ */
++EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen);
++
++/**
++ * Converts a holding buffer with key material to EVP PKEY in openssl.
++ * Only available if ldns was compiled with ECDSA.
++ * \param[in] key data to convert
++ * \param[in] keylen length of the key data
++ * \param[in] algo precise algorithm to initialize ECC group values.
++ * \return the key or NULL on error.
++ */
++EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
++
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * converts a buffer holding key material to a RSA key in openssl.
++ *
++ * \param[in] key the key to convert
++ * \return a RSA * structure with the key material
++ */
++RSA *ldns_key_buf2rsa(ldns_buffer *key);
++
++/**
++ * Like ldns_key_buf2rsa, but uses raw buffer.
++ * \param[in] key the uncompressed wireformat of the key.
++ * \param[in] len length of key data
++ * \return a RSA * structure with the key material
++ */
++RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++/**
++ * returns a new DS rr that represents the given key rr.
++ *
++ * \param[in] *key the key to convert
++ * \param[in] h the hash to use LDNS_SHA1/LDNS_SHA256
++ *
++ * \return ldns_rr* a new rr pointer to a DS
++ */
++ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);
++
++/**
++ * Create the type bitmap for an NSEC(3) record
++ */
++ldns_rdf *
++ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
++ size_t size,
++ ldns_rr_type nsec_type);
++
++/**
++ * returns whether a rrset of the given type is found in the rrsets.
++ *
++ * \param[in] rrsets the rrsets to be tested
++ * \param[in] type the type to test for
++ * \return int 1 if the type was found, 0 otherwise.
++ */
++int
++ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type);
++
++/**
++ * Creates NSEC
++ */
++ldns_rr *
++ldns_dnssec_create_nsec(ldns_dnssec_name *from,
++ ldns_dnssec_name *to,
++ ldns_rr_type nsec_type);
++
++
++/**
++ * Creates NSEC3
++ */
++ldns_rr *
++ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
++ ldns_dnssec_name *to,
++ ldns_rdf *zone_name,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt);
++
++/**
++ * Create a NSEC record
++ * \param[in] cur_owner the current owner which should be taken as the starting point
++ * \param[in] next_owner the rrlist which the nsec rr should point to
++ * \param[in] rrs all rrs from the zone, to find all RR types of cur_owner in
++ * \return a ldns_rr with the nsec record in it
++ */
++ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs);
++
++/**
++ * Calculates the hashed name using the given parameters
++ * \param[in] *name The owner name to calculate the hash for
++ * \param[in] algorithm The hash algorithm to use
++ * \param[in] iterations The number of hash iterations to use
++ * \param[in] salt_length The length of the salt in bytes
++ * \param[in] salt The salt to use
++ * \return The hashed owner name rdf, without the domain name
++ */
++ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
++
++/**
++ * Sets all the NSEC3 options. The rr to set them in must be initialized with _new() and
++ * type LDNS_RR_TYPE_NSEC3
++ * \param[in] *rr The RR to set the values in
++ * \param[in] algorithm The NSEC3 hash algorithm
++ * \param[in] flags The flags field
++ * \param[in] iterations The number of hash iterations
++ * \param[in] salt_length The length of the salt in bytes
++ * \param[in] salt The salt bytes
++ */
++void ldns_nsec3_add_param_rdfs(ldns_rr *rr,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt);
++
++/* this will NOT return the NSEC3 completed, you will have to run the
++ finalize function on the rrlist later! */
++ldns_rr *
++ldns_create_nsec3(ldns_rdf *cur_owner,
++ ldns_rdf *cur_zone,
++ ldns_rr_list *rrs,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt,
++ bool emptynonterminal);
++
++/**
++ * Returns the hash algorithm used in the given NSEC3 RR
++ * \param[in] *nsec3_rr The RR to read from
++ * \return The algorithm identifier, or 0 on error
++ */
++uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr);
++
++/**
++ * Returns flags field
++ */
++uint8_t
++ldns_nsec3_flags(const ldns_rr *nsec3_rr);
++
++/**
++ * Returns true if the opt-out flag has been set in the given NSEC3 RR
++ * \param[in] *nsec3_rr The RR to read from
++ * \return true if the RR has type NSEC3 and the opt-out bit has been set, false otherwise
++ */
++bool ldns_nsec3_optout(const ldns_rr *nsec3_rr);
++
++/**
++ * Returns the number of hash iterations used in the given NSEC3 RR
++ * \param[in] *nsec3_rr The RR to read from
++ * \return The number of iterations
++ */
++uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr);
++
++/**
++ * Returns the salt used in the given NSEC3 RR
++ * \param[in] *nsec3_rr The RR to read from
++ * \return The salt rdf, or NULL on error
++ */
++ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr);
++
++/**
++ * Returns the length of the salt used in the given NSEC3 RR
++ * \param[in] *nsec3_rr The RR to read from
++ * \return The length of the salt in bytes
++ */
++uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr);
++
++/**
++ * Returns the salt bytes used in the given NSEC3 RR
++ * \param[in] *nsec3_rr The RR to read from
++ * \return The salt in bytes, this is alloced, so you need to free it
++ */
++uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr);
++
++/**
++ * Returns the first label of the next ownername in the NSEC3 chain (ie. without the domain)
++ * \param[in] nsec3_rr The RR to read from
++ * \return The first label of the next owner name in the NSEC3 chain, or NULL on error
++ */
++ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr);
++
++/**
++ * Returns the bitmap specifying the covered types of the given NSEC3 RR
++ * \param[in] *nsec3_rr The RR to read from
++ * \return The covered type bitmap rdf
++ */
++ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr);
++
++/**
++ * Calculates the hashed name using the parameters of the given NSEC3 RR
++ * \param[in] *nsec The RR to use the parameters from
++ * \param[in] *name The owner name to calculate the hash for
++ * \return The hashed owner name rdf, without the domain name
++ */
++ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name);
++
++/**
++ * Check if RR type t is enumerated and set in the RR type bitmap rdf.
++ * \param[in] bitmap the RR type bitmap rdf to look in
++ * \param[in] type the type to check for
++ * \return true when t is found and set, otherwise return false
++ */
++bool ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type);
++
++/**
++ * Checks if RR type t is enumerated in the type bitmap rdf and sets the bit.
++ * \param[in] bitmap the RR type bitmap rdf to look in
++ * \param[in] type the type to for which the bit to set
++ * \return LDNS_STATUS_OK on success. LDNS_STATUS_TYPE_NOT_IN_BITMAP is
++ * returned when the bitmap does not contain the bit to set.
++ */
++ldns_status ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type);
++
++/**
++ * Checks if RR type t is enumerated in the type bitmap rdf and clears the bit.
++ * \param[in] bitmap the RR type bitmap rdf to look in
++ * \param[in] type the type to for which the bit to clear
++ * \return LDNS_STATUS_OK on success. LDNS_STATUS_TYPE_NOT_IN_BITMAP is
++ * returned when the bitmap does not contain the bit to clear.
++ */
++ldns_status ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type);
++
++/**
++ * Checks coverage of NSEC(3) RR name span
++ * Remember that nsec and name must both be in canonical form (ie use
++ * \ref ldns_rr2canonical and \ref ldns_dname2canonical prior to calling this
++ * function)
++ *
++ * \param[in] nsec The NSEC RR to check
++ * \param[in] name The owner dname to check, if the nsec record is a NSEC3 record, this should be the hashed name
++ * \return true if the NSEC RR covers the owner name
++ */
++bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name);
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * verify a packet
++ * \param[in] p the packet
++ * \param[in] t the rr set type to check
++ * \param[in] o the rr set name to check
++ * \param[in] k list of keys
++ * \param[in] s list of sigs (may be null)
++ * \param[out] good_keys keys which validated the packet
++ * \return status
++ *
++ */
++ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys);
++
++/**
++ * verify a packet
++ * \param[in] p the packet
++ * \param[in] t the rr set type to check
++ * \param[in] o the rr set name to check
++ * \param[in] k list of keys
++ * \param[in] s list of sigs (may be null)
++ * \param[in] check_time the time for which the validation is performed
++ * \param[out] good_keys keys which validated the packet
++ * \return status
++ *
++ */
++ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys);
++
++#endif
++
++/**
++ * chains nsec3 list
++ */
++ldns_status
++ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs);
++
++/**
++ * compare for nsec3 sort
++ */
++int
++qsort_rr_compare_nsec3(const void *a, const void *b);
++
++/**
++ * sort nsec3 list
++ */
++void
++ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted);
++
++/**
++ * Default callback function to always leave present signatures, and
++ * add new ones
++ * \param[in] sig The signature to check for removal (unused)
++ * \param[in] n Optional argument (unused)
++ * \return LDNS_SIGNATURE_LEAVE_ADD_NEW
++ */
++int ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n);
++/**
++ * Default callback function to always leave present signatures, and
++ * add no new ones for the keys of these signatures
++ * \param[in] sig The signature to check for removal (unused)
++ * \param[in] n Optional argument (unused)
++ * \return LDNS_SIGNATURE_LEAVE_NO_ADD
++ */
++int ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n);
++/**
++ * Default callback function to always remove present signatures, but
++ * add no new ones
++ * \param[in] sig The signature to check for removal (unused)
++ * \param[in] n Optional argument (unused)
++ * \return LDNS_SIGNATURE_REMOVE_NO_ADD
++ */
++int ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n);
++/**
++ * Default callback function to always leave present signatures, and
++ * add new ones
++ * \param[in] sig The signature to check for removal (unused)
++ * \param[in] n Optional argument (unused)
++ * \return LDNS_SIGNATURE_REMOVE_ADD_NEW
++ */
++int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n);
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * Converts the DSA signature from ASN1 representation (RFC2459, as
++ * used by OpenSSL) to raw signature data as used in DNS (rfc2536)
++ *
++ * \param[in] sig The signature in RFC2459 format
++ * \param[in] sig_len The length of the signature
++ * \return a new rdf with the signature
++ */
++ldns_rdf *
++ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
++ const long sig_len);
++
++/**
++ * Converts the RRSIG signature RDF (in rfc2536 format) to a buffer
++ * with the signature in rfc2459 format
++ *
++ * \param[out] target_buffer buffer to place the signature data
++ * \param[in] sig_rdf The signature rdf to convert
++ * \return LDNS_STATUS_OK on success, error code otherwise
++ */
++ldns_status
++ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
++ const ldns_rdf *sig_rdf);
++
++/**
++ * Converts the ECDSA signature from ASN1 representation (as
++ * used by OpenSSL) to raw signature data as used in DNS
++ * This routine is only present if ldns is compiled with ecdsa support.
++ *
++ * \param[in] sig The signature in ASN1 format
++ * \param[in] sig_len The length of the signature
++ * \return a new rdf with the signature
++ */
++ldns_rdf *
++ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len);
++
++/**
++ * Converts the RRSIG signature RDF (from DNS) to a buffer with the
++ * signature in ASN1 format as openssl uses it.
++ * This routine is only present if ldns is compiled with ecdsa support.
++ *
++ * \param[out] target_buffer buffer to place the signature data in ASN1.
++ * \param[in] sig_rdf The signature rdf to convert
++ * \return LDNS_STATUS_OK on success, error code otherwise
++ */
++ldns_status
++ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
++ const ldns_rdf *sig_rdf);
++
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_DNSSEC_H */
+diff --git a/ldns/include/ldns/dnssec_sign.h b/ldns/include/ldns/dnssec_sign.h
+new file mode 100644
+index 0000000..f51c7fb
+--- /dev/null
++++ b/ldns/include/ldns/dnssec_sign.h
+@@ -0,0 +1,383 @@
++/** dnssec_verify */
++
++#ifndef LDNS_DNSSEC_SIGN_H
++#define LDNS_DNSSEC_SIGN_H
++
++#include <ldns/dnssec.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/* sign functions */
++
++/** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/
++#define LDNS_SIGN_DNSKEY_WITH_ZSK 1
++
++/**
++ * Create an empty RRSIG RR (i.e. without the actual signature data)
++ * \param[in] rrset The RRset to create the signature for
++ * \param[in] key The key that will create the signature
++ * \return signature rr
++ */
++ldns_rr *
++ldns_create_empty_rrsig(ldns_rr_list *rrset,
++ ldns_key *key);
++
++/**
++ * Sign the buffer which contains the wiredata of an rrset, and the
++ * corresponding empty rrsig rr with the given key
++ * \param[in] sign_buf the buffer with data to sign
++ * \param[in] key the key to sign with
++ * \return an rdata field with the signature data
++ */
++ldns_rdf *
++ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key);
++
++/**
++ * Sign an rrset
++ * \param[in] rrset the rrset
++ * \param[in] keys the keys to use
++ * \return a rr_list with the signatures
++ */
++ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys);
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * Sign a buffer with the DSA key (hash with SHA1)
++ * \param[in] to_sign buffer with the data
++ * \param[in] key the key to use
++ * \return a ldns_rdf with the signed data
++ */
++ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
++
++/**
++ * Sign data with EVP (general method for different algorithms)
++ *
++ * \param[in] to_sign The ldns_buffer containing raw data that is
++ * to be signed
++ * \param[in] key The EVP_PKEY key structure to sign with
++ * \param[in] digest_type The digest algorithm to use in the creation of
++ * the signature
++ * \return ldns_rdf for the RRSIG ldns_rr
++ */
++ldns_rdf *ldns_sign_public_evp(ldns_buffer *to_sign,
++ EVP_PKEY *key,
++ const EVP_MD *digest_type);
++
++/**
++ * Sign a buffer with the RSA key (hash with SHA1)
++ * \param[in] to_sign buffer with the data
++ * \param[in] key the key to use
++ * \return a ldns_rdf with the signed data
++ */
++ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key);
++
++/**
++ * Sign a buffer with the RSA key (hash with MD5)
++ * \param[in] to_sign buffer with the data
++ * \param[in] key the key to use
++ * \return a ldns_rdf with the signed data
++ */
++ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++/**
++ * Marks the names in the zone that are occluded. Those names will be skipped
++ * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
++ * function. But watch out! Names that are partially occluded (like glue with
++ * the same name as the delegation) will not be marked and should specifically
++ * be taken into account separately.
++ *
++ * When glue_list is given (not NULL), in the process of marking the names, all
++ * glue resource records will be pushed to that list, even glue at the delegation name.
++ *
++ * \param[in] zone the zone in which to mark the names
++ * \param[in] glue_list the list to which to push the glue rrs
++ * \return LDNS_STATUS_OK on success, an error code otherwise
++ */
++ldns_status
++ldns_dnssec_zone_mark_and_get_glue(
++ ldns_dnssec_zone *zone, ldns_rr_list *glue_list);
++
++/**
++ * Marks the names in the zone that are occluded. Those names will be skipped
++ * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
++ * function. But watch out! Names that are partially occluded (like glue with
++ * the same name as the delegation) will not be marked and should specifically
++ * be taken into account separately.
++ *
++ * \param[in] zone the zone in which to mark the names
++ * \return LDNS_STATUS_OK on succesful completion
++ */
++ldns_status
++ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone);
++
++/**
++ * Finds the first dnssec_name node in the rbtree that is not occluded.
++ * It *does* return names that are partially occluded.
++ *
++ * \param[in] node the first node to check
++ * \return the first node that has not been marked as glue, or NULL
++ * if not found (TODO: make that LDNS_RBTREE_NULL?)
++ */
++ldns_rbnode_t *ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node);
++
++/**
++ * Adds NSEC records to the given dnssec_zone
++ *
++ * \param[in] zone the zone to add the records to
++ * \param[in] new_rrs ldns_rr's created by this function are
++ * added to this rr list, so the caller can free them later
++ * \return LDNS_STATUS_OK on success, an error code otherwise
++ */
++ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs);
++
++/**
++ * Adds NSEC3 records to the zone
++ */
++ldns_status
++ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt);
++
++/**
++ * remove signatures if callback function tells to
++ *
++ * \param[in] signatures list of signatures to check, and
++ * possibly remove, depending on the value of the
++ * callback
++ * \param[in] key_list these are marked to be used or not,
++ * on the return value of the callback
++ * \param[in] func this function is called to specify what to
++ * do with each signature (and corresponding key)
++ * \param[in] arg Optional argument for the callback function
++ * \returns pointer to the new signatures rrs (the original
++ * passed to this function may have been removed)
++ */
++ldns_dnssec_rrs *ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg);
++
++/**
++ * Adds signatures to the zone
++ *
++ * \param[in] zone the zone to add RRSIG Resource Records to
++ * \param[in] new_rrs the RRSIG RRs that are created are also
++ * added to this list, so the caller can free them
++ * later
++ * \param[in] key_list list of keys to sign with.
++ * \param[in] func Callback function to decide what keys to
++ * use and what to do with old signatures
++ * \param[in] arg Optional argument for the callback function
++ * \param[in] flags option flags for signing process. 0 makes DNSKEY
++ * RRset signed with the minimal key set, that is only SEP keys are used
++ * for signing. If there are no SEP keys available, non-SEP keys will
++ * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all
++ * keys. 0 is the default.
++ * \return LDNS_STATUS_OK on success, error otherwise
++ */
++ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void*),
++ void *arg,
++ int flags);
++
++/**
++ * Adds signatures to the zone
++ *
++ * \param[in] zone the zone to add RRSIG Resource Records to
++ * \param[in] new_rrs the RRSIG RRs that are created are also
++ * added to this list, so the caller can free them
++ * later
++ * \param[in] key_list list of keys to sign with.
++ * \param[in] func Callback function to decide what keys to
++ * use and what to do with old signatures
++ * \param[in] arg Optional argument for the callback function
++ * \return LDNS_STATUS_OK on success, error otherwise
++ */
++ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void*),
++ void *arg);
++
++/**
++ * signs the given zone with the given keys
++ *
++ * \param[in] zone the zone to sign
++ * \param[in] key_list the list of keys to sign the zone with
++ * \param[in] new_rrs newly created resource records are added to this list, to free them later
++ * \param[in] func callback function that decides what to do with old signatures
++ * This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values:
++ * LDNS_SIGNATURE_LEAVE_ADD_NEW:
++ * leave the signature and add a new one for the corresponding key
++ * LDNS_SIGNATURE_REMOVE_ADD_NEW:
++ * remove the signature and replace is with a new one from the same key
++ * LDNS_SIGNATURE_LEAVE_NO_ADD:
++ * leave the signature and do not add a new one with the corresponding key
++ * LDNS_SIGNATURE_REMOVE_NO_ADD:
++ * remove the signature and do not replace
++ *
++ * \param[in] arg optional argument for the callback function
++ * \param[in] flags option flags for signing process. 0 makes DNSKEY
++ * RRset signed with the minimal key set, that is only SEP keys are used
++ * for signing. If there are no SEP keys available, non-SEP keys will
++ * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all
++ * keys. 0 is the default.
++ * \return LDNS_STATUS_OK on success, an error code otherwise
++ */
++ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg,
++ int flags);
++
++/**
++ * signs the given zone with the given new zone, with NSEC3
++ *
++ * \param[in] zone the zone to sign
++ * \param[in] key_list the list of keys to sign the zone with
++ * \param[in] new_rrs newly created resource records are added to this list, to free them later
++ * \param[in] func callback function that decides what to do with old signatures
++ * \param[in] arg optional argument for the callback function
++ * \param[in] algorithm the NSEC3 hashing algorithm to use
++ * \param[in] flags NSEC3 flags
++ * \param[in] iterations the number of NSEC3 hash iterations to use
++ * \param[in] salt_length the length (in octets) of the NSEC3 salt
++ * \param[in] salt the NSEC3 salt data
++ * \param[in] signflags option flags for signing process. 0 is the default.
++ * \return LDNS_STATUS_OK on success, an error code otherwise
++ */
++ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt,
++ int signflags);
++
++/**
++ * signs the given zone with the given new zone, with NSEC3
++ *
++ * \param[in] zone the zone to sign
++ * \param[in] key_list the list of keys to sign the zone with
++ * \param[in] new_rrs newly created resource records are added to this list, to free them later
++ * \param[in] func callback function that decides what to do with old signatures
++ * \param[in] arg optional argument for the callback function
++ * \param[in] algorithm the NSEC3 hashing algorithm to use
++ * \param[in] flags NSEC3 flags
++ * \param[in] iterations the number of NSEC3 hash iterations to use
++ * \param[in] salt_length the length (in octets) of the NSEC3 salt
++ * \param[in] salt the NSEC3 salt data
++ * \param[in] signflags option flags for signing process. 0 is the default.
++ * \param[out] map a referenced rbtree pointer variable. The newly created
++ * rbtree will contain mappings from hashed owner names to the
++ * unhashed name.
++ * \return LDNS_STATUS_OK on success, an error code otherwise
++ */
++ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt,
++ int signflags,
++ ldns_rbtree_t **map
++ );
++
++
++/**
++ * signs the given zone with the given keys
++ *
++ * \param[in] zone the zone to sign
++ * \param[in] key_list the list of keys to sign the zone with
++ * \param[in] new_rrs newly created resource records are added to this list, to free them later
++ * \param[in] func callback function that decides what to do with old signatures
++ * This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values:
++ * LDNS_SIGNATURE_LEAVE_ADD_NEW:
++ * leave the signature and add a new one for the corresponding key
++ * LDNS_SIGNATURE_REMOVE_ADD_NEW:
++ * remove the signature and replace is with a new one from the same key
++ * LDNS_SIGNATURE_LEAVE_NO_ADD:
++ * leave the signature and do not add a new one with the corresponding key
++ * LDNS_SIGNATURE_REMOVE_NO_ADD:
++ * remove the signature and do not replace
++ *
++ * \param[in] arg optional argument for the callback function
++ * \return LDNS_STATUS_OK on success, an error code otherwise
++ */
++ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg);
++
++/**
++ * signs the given zone with the given new zone, with NSEC3
++ *
++ * \param[in] zone the zone to sign
++ * \param[in] key_list the list of keys to sign the zone with
++ * \param[in] new_rrs newly created resource records are added to this list, to free them later
++ * \param[in] func callback function that decides what to do with old signatures
++ * \param[in] arg optional argument for the callback function
++ * \param[in] algorithm the NSEC3 hashing algorithm to use
++ * \param[in] flags NSEC3 flags
++ * \param[in] iterations the number of NSEC3 hash iterations to use
++ * \param[in] salt_length the length (in octets) of the NSEC3 salt
++ * \param[in] salt the NSEC3 salt data
++ * \return LDNS_STATUS_OK on success, an error code otherwise
++ */
++ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt);
++
++/**
++ * Signs the zone, and returns a newly allocated signed zone
++ * \param[in] zone the zone to sign
++ * \param[in] key_list list of keys to sign with
++ * \return signed zone
++ */
++ldns_zone *ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list);
++
++/**
++ * Signs the zone with NSEC3, and returns a newly allocated signed zone
++ * \param[in] zone the zone to sign
++ * \param[in] key_list list of keys to sign with
++ * \param[in] algorithm the NSEC3 hashing algorithm to use
++ * \param[in] flags NSEC3 flags
++ * \param[in] iterations the number of NSEC3 hash iterations to use
++ * \param[in] salt_length the length (in octets) of the NSEC3 salt
++ * \param[in] salt the NSEC3 salt data
++ * \return signed zone
++ */
++ldns_zone *ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif
+diff --git a/ldns/include/ldns/dnssec_verify.h b/ldns/include/ldns/dnssec_verify.h
+new file mode 100644
+index 0000000..e8b1a91
+--- /dev/null
++++ b/ldns/include/ldns/dnssec_verify.h
+@@ -0,0 +1,857 @@
++/** dnssec_verify */
++
++#ifndef LDNS_DNSSEC_VERIFY_H
++#define LDNS_DNSSEC_VERIFY_H
++
++#define LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS 10
++
++#include <ldns/dnssec.h>
++#include <ldns/host2str.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * Chain structure that contains all DNSSEC data needed to
++ * verify an rrset
++ */
++typedef struct ldns_dnssec_data_chain_struct ldns_dnssec_data_chain;
++struct ldns_dnssec_data_chain_struct
++{
++ ldns_rr_list *rrset;
++ ldns_rr_list *signatures;
++ ldns_rr_type parent_type;
++ ldns_dnssec_data_chain *parent;
++ ldns_pkt_rcode packet_rcode;
++ ldns_rr_type packet_qtype;
++ bool packet_nodata;
++};
++
++/**
++ * Creates a new dnssec_chain structure
++ * \return ldns_dnssec_data_chain *
++ */
++ldns_dnssec_data_chain *ldns_dnssec_data_chain_new(void);
++
++/**
++ * Frees a dnssec_data_chain structure
++ *
++ * \param[in] *chain The chain to free
++ */
++void ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain);
++
++/**
++ * Frees a dnssec_data_chain structure, and all data
++ * contained therein
++ *
++ * \param[in] *chain The dnssec_data_chain to free
++ */
++void ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain);
++
++/**
++ * Prints the dnssec_data_chain to the given file stream
++ *
++ * \param[in] *out The file stream to print to
++ * \param[in] *chain The dnssec_data_chain to print
++ */
++void ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain);
++
++/**
++ * Prints the dnssec_data_chain to the given file stream
++ *
++ * \param[in] *out The file stream to print to
++ * \param[in] *fmt The format of the textual representation
++ * \param[in] *chain The dnssec_data_chain to print
++ */
++void ldns_dnssec_data_chain_print_fmt(FILE *out,
++ const ldns_output_format *fmt,
++ const ldns_dnssec_data_chain *chain);
++
++/**
++ * Build an ldns_dnssec_data_chain, which contains all
++ * DNSSEC data that is needed to derive the trust tree later
++ *
++ * The data_set will be cloned
++ *
++ * \param[in] *res resolver structure for further needed queries
++ * \param[in] qflags resolution flags
++ * \param[in] *data_set The original rrset where the chain ends
++ * \param[in] *pkt optional, can contain the original packet
++ * (and hence the sigs and maybe the key)
++ * \param[in] *orig_rr The original Resource Record
++ *
++ * \return the DNSSEC data chain
++ */
++ldns_dnssec_data_chain *ldns_dnssec_build_data_chain(ldns_resolver *res,
++ const uint16_t qflags,
++ const ldns_rr_list *data_set,
++ const ldns_pkt *pkt,
++ ldns_rr *orig_rr);
++
++/**
++ * Tree structure that contains the relation of DNSSEC data,
++ * and their cryptographic status.
++ *
++ * This tree is derived from a data_chain, and can be used
++ * to look whether there is a connection between an RRSET
++ * and a trusted key. The tree only contains pointers to the
++ * data_chain, and therefore one should *never* free() the
++ * data_chain when there is still a trust tree derived from
++ * that chain.
++ *
++ * Example tree:
++ * key key key
++ * \ | /
++ * \ | /
++ * \ | /
++ * ds
++ * |
++ * key
++ * |
++ * key
++ * |
++ * rr
++ *
++ * For each signature there is a parent; if the parent
++ * pointer is null, it couldn't be found and there was no
++ * denial; otherwise is a tree which contains either a
++ * DNSKEY, a DS, or a NSEC rr
++ */
++typedef struct ldns_dnssec_trust_tree_struct ldns_dnssec_trust_tree;
++struct ldns_dnssec_trust_tree_struct
++{
++ ldns_rr *rr;
++ /* the complete rrset this rr was in */
++ ldns_rr_list *rrset;
++ ldns_dnssec_trust_tree *parents[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
++ ldns_status parent_status[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
++ /** for debugging, add signatures too (you might want
++ those if they contain errors) */
++ ldns_rr *parent_signature[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
++ size_t parent_count;
++};
++
++/**
++ * Creates a new (empty) dnssec_trust_tree structure
++ *
++ * \return ldns_dnssec_trust_tree *
++ */
++ldns_dnssec_trust_tree *ldns_dnssec_trust_tree_new(void);
++
++/**
++ * Frees the dnssec_trust_tree recursively
++ *
++ * There is no deep free; all data in the trust tree
++ * consists of pointers to a data_chain
++ *
++ * \param[in] tree The tree to free
++ */
++void ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree);
++
++/**
++ * returns the depth of the trust tree
++ *
++ * \param[in] tree tree to calculate the depth of
++ * \return The depth of the tree
++ */
++size_t ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree);
++
++/**
++ * Prints the dnssec_trust_tree structure to the given file
++ * stream.
++ *
++ * If a link status is not LDNS_STATUS_OK; the status and
++ * relevant signatures are printed too
++ *
++ * \param[in] *out The file stream to print to
++ * \param[in] tree The trust tree to print
++ * \param[in] tabs Prepend each line with tabs*2 spaces
++ * \param[in] extended If true, add little explanation lines to the output
++ */
++void ldns_dnssec_trust_tree_print(FILE *out,
++ ldns_dnssec_trust_tree *tree,
++ size_t tabs,
++ bool extended);
++
++/**
++ * Prints the dnssec_trust_tree structure to the given file
++ * stream.
++ *
++ * If a link status is not LDNS_STATUS_OK; the status and
++ * relevant signatures are printed too
++ *
++ * \param[in] *out The file stream to print to
++ * \param[in] *fmt The format of the textual representation
++ * \param[in] tree The trust tree to print
++ * \param[in] tabs Prepend each line with tabs*2 spaces
++ * \param[in] extended If true, add little explanation lines to the output
++ */
++void ldns_dnssec_trust_tree_print_fmt(FILE *out,
++ const ldns_output_format *fmt,
++ ldns_dnssec_trust_tree *tree,
++ size_t tabs,
++ bool extended);
++
++/**
++ * Adds a trust tree as a parent for the given trust tree
++ *
++ * \param[in] *tree The tree to add the parent to
++ * \param[in] *parent The parent tree to add
++ * \param[in] *parent_signature The RRSIG relevant to this parent/child
++ * connection
++ * \param[in] parent_status The DNSSEC status for this parent, child and RRSIG
++ * \return LDNS_STATUS_OK if the addition succeeds, error otherwise
++ */
++ldns_status ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree,
++ const ldns_dnssec_trust_tree *parent,
++ const ldns_rr *parent_signature,
++ const ldns_status parent_status);
++
++/**
++ * Generates a dnssec_trust_tree for the given rr from the
++ * given data_chain
++ *
++ * This does not clone the actual data; Don't free the
++ * data_chain before you are done with this tree
++ *
++ * \param[in] *data_chain The chain to derive the trust tree from
++ * \param[in] *rr The RR this tree will be about
++ * \return ldns_dnssec_trust_tree *
++ */
++ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree(
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *rr);
++
++/**
++ * Generates a dnssec_trust_tree for the given rr from the
++ * given data_chain
++ *
++ * This does not clone the actual data; Don't free the
++ * data_chain before you are done with this tree
++ *
++ * \param[in] *data_chain The chain to derive the trust tree from
++ * \param[in] *rr The RR this tree will be about
++ * \param[in] check_time the time for which the validation is performed
++ * \return ldns_dnssec_trust_tree *
++ */
++ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree_time(
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *rr, time_t check_time);
++
++/**
++ * Sub function for derive_trust_tree that is used for a 'normal' rrset
++ *
++ * \param[in] new_tree The trust tree that we are building
++ * \param[in] data_chain The data chain containing the data for the trust tree
++ * \param[in] cur_sig_rr The currently relevant signature
++ */
++void ldns_dnssec_derive_trust_tree_normal_rrset(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_sig_rr);
++
++/**
++ * Sub function for derive_trust_tree that is used for a 'normal' rrset
++ *
++ * \param[in] new_tree The trust tree that we are building
++ * \param[in] data_chain The data chain containing the data for the trust tree
++ * \param[in] cur_sig_rr The currently relevant signature
++ * \param[in] check_time the time for which the validation is performed
++ */
++void ldns_dnssec_derive_trust_tree_normal_rrset_time(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_sig_rr, time_t check_time);
++
++
++/**
++ * Sub function for derive_trust_tree that is used for DNSKEY rrsets
++ *
++ * \param[in] new_tree The trust tree that we are building
++ * \param[in] data_chain The data chain containing the data for the trust tree
++ * \param[in] cur_rr The currently relevant DNSKEY RR
++ * \param[in] cur_sig_rr The currently relevant signature
++ */
++void ldns_dnssec_derive_trust_tree_dnskey_rrset(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_rr,
++ ldns_rr *cur_sig_rr);
++
++/**
++ * Sub function for derive_trust_tree that is used for DNSKEY rrsets
++ *
++ * \param[in] new_tree The trust tree that we are building
++ * \param[in] data_chain The data chain containing the data for the trust tree
++ * \param[in] cur_rr The currently relevant DNSKEY RR
++ * \param[in] cur_sig_rr The currently relevant signature
++ * \param[in] check_time the time for which the validation is performed
++ */
++void ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_rr, ldns_rr *cur_sig_rr,
++ time_t check_time);
++
++/**
++ * Sub function for derive_trust_tree that is used for DS rrsets
++ *
++ * \param[in] new_tree The trust tree that we are building
++ * \param[in] data_chain The data chain containing the data for the trust tree
++ * \param[in] cur_rr The currently relevant DS RR
++ */
++void ldns_dnssec_derive_trust_tree_ds_rrset(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_rr);
++
++/**
++ * Sub function for derive_trust_tree that is used for DS rrsets
++ *
++ * \param[in] new_tree The trust tree that we are building
++ * \param[in] data_chain The data chain containing the data for the trust tree
++ * \param[in] cur_rr The currently relevant DS RR
++ * \param[in] check_time the time for which the validation is performed
++ */
++void ldns_dnssec_derive_trust_tree_ds_rrset_time(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_rr, time_t check_time);
++
++/**
++ * Sub function for derive_trust_tree that is used when there are no
++ * signatures
++ *
++ * \param[in] new_tree The trust tree that we are building
++ * \param[in] data_chain The data chain containing the data for the trust tree
++ */
++void ldns_dnssec_derive_trust_tree_no_sig(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain);
++
++/**
++ * Sub function for derive_trust_tree that is used when there are no
++ * signatures
++ *
++ * \param[in] new_tree The trust tree that we are building
++ * \param[in] data_chain The data chain containing the data for the trust tree
++ * \param[in] check_time the time for which the validation is performed
++ */
++void ldns_dnssec_derive_trust_tree_no_sig_time(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ time_t check_time);
++
++
++/**
++ * Returns OK if there is a trusted path in the tree to one of
++ * the DNSKEY or DS RRs in the given list
++ *
++ * \param *tree The trust tree so search
++ * \param *keys A ldns_rr_list of DNSKEY and DS rrs to look for
++ *
++ * \return LDNS_STATUS_OK if there is a trusted path to one of
++ * the keys, or the *first* error encountered
++ * if there were no paths
++ */
++ldns_status ldns_dnssec_trust_tree_contains_keys(
++ ldns_dnssec_trust_tree *tree,
++ ldns_rr_list *keys);
++
++/**
++ * Verifies a list of signatures for one rrset.
++ *
++ * \param[in] rrset the rrset to verify
++ * \param[in] rrsig a list of signatures to check
++ * \param[in] keys a list of keys to check with
++ * \param[out] good_keys if this is a (initialized) list, the pointer to keys
++ * from keys that validate one of the signatures
++ * are added to it
++ * \return status LDNS_STATUS_OK if there is at least one correct key
++ */
++ldns_status ldns_verify(ldns_rr_list *rrset,
++ ldns_rr_list *rrsig,
++ const ldns_rr_list *keys,
++ ldns_rr_list *good_keys);
++
++/**
++ * Verifies a list of signatures for one rrset.
++ *
++ * \param[in] rrset the rrset to verify
++ * \param[in] rrsig a list of signatures to check
++ * \param[in] keys a list of keys to check with
++ * \param[in] check_time the time for which the validation is performed
++ * \param[out] good_keys if this is a (initialized) list, the pointer to keys
++ * from keys that validate one of the signatures
++ * are added to it
++ * \return status LDNS_STATUS_OK if there is at least one correct key
++ */
++ldns_status ldns_verify_time(ldns_rr_list *rrset,
++ ldns_rr_list *rrsig,
++ const ldns_rr_list *keys,
++ time_t check_time,
++ ldns_rr_list *good_keys);
++
++
++/**
++ * Verifies a list of signatures for one rrset, but disregard the time.
++ * Inception and Expiration are not checked.
++ *
++ * \param[in] rrset the rrset to verify
++ * \param[in] rrsig a list of signatures to check
++ * \param[in] keys a list of keys to check with
++ * \param[out] good_keys if this is a (initialized) list, the pointer to keys
++ * from keys that validate one of the signatures
++ * are added to it
++ * \return status LDNS_STATUS_OK if there is at least one correct key
++ */
++ldns_status ldns_verify_notime(ldns_rr_list *rrset,
++ ldns_rr_list *rrsig,
++ const ldns_rr_list *keys,
++ ldns_rr_list *good_keys);
++
++/**
++ * Tries to build an authentication chain from the given
++ * keys down to the queried domain.
++ *
++ * If we find a valid trust path, return the valid keys for the domain.
++ *
++ * \param[in] res the current resolver
++ * \param[in] domain the domain we want valid keys for
++ * \param[in] keys the current set of trusted keys
++ * \param[out] status pointer to the status variable where the result
++ * code will be stored
++ * \return the set of trusted keys for the domain, or NULL if no
++ * trust path could be built.
++ */
++ldns_rr_list *ldns_fetch_valid_domain_keys(const ldns_resolver * res,
++ const ldns_rdf * domain,
++ const ldns_rr_list * keys,
++ ldns_status *status);
++
++/**
++ * Tries to build an authentication chain from the given
++ * keys down to the queried domain.
++ *
++ * If we find a valid trust path, return the valid keys for the domain.
++ *
++ * \param[in] res the current resolver
++ * \param[in] domain the domain we want valid keys for
++ * \param[in] keys the current set of trusted keys
++ * \param[in] check_time the time for which the validation is performed
++ * \param[out] status pointer to the status variable where the result
++ * code will be stored
++ * \return the set of trusted keys for the domain, or NULL if no
++ * trust path could be built.
++ */
++ldns_rr_list *ldns_fetch_valid_domain_keys_time(const ldns_resolver * res,
++ const ldns_rdf * domain, const ldns_rr_list * keys,
++ time_t check_time, ldns_status *status);
++
++
++/**
++ * Validates the DNSKEY RRset for the given domain using the provided
++ * trusted keys.
++ *
++ * \param[in] res the current resolver
++ * \param[in] domain the domain we want valid keys for
++ * \param[in] keys the current set of trusted keys
++ * \return the set of trusted keys for the domain, or NULL if the RRSET
++ * could not be validated
++ */
++ldns_rr_list *ldns_validate_domain_dnskey (const ldns_resolver *res,
++ const ldns_rdf *domain,
++ const ldns_rr_list *keys);
++
++/**
++ * Validates the DNSKEY RRset for the given domain using the provided
++ * trusted keys.
++ *
++ * \param[in] res the current resolver
++ * \param[in] domain the domain we want valid keys for
++ * \param[in] keys the current set of trusted keys
++ * \param[in] check_time the time for which the validation is performed
++ * \return the set of trusted keys for the domain, or NULL if the RRSET
++ * could not be validated
++ */
++ldns_rr_list *ldns_validate_domain_dnskey_time(
++ const ldns_resolver *res, const ldns_rdf *domain,
++ const ldns_rr_list *keys, time_t check_time);
++
++
++/**
++ * Validates the DS RRset for the given domain using the provided trusted keys.
++ *
++ * \param[in] res the current resolver
++ * \param[in] domain the domain we want valid keys for
++ * \param[in] keys the current set of trusted keys
++ * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated
++ */
++ldns_rr_list *ldns_validate_domain_ds(const ldns_resolver *res,
++ const ldns_rdf *
++ domain,
++ const ldns_rr_list * keys);
++
++/**
++ * Validates the DS RRset for the given domain using the provided trusted keys.
++ *
++ * \param[in] res the current resolver
++ * \param[in] domain the domain we want valid keys for
++ * \param[in] keys the current set of trusted keys
++ * \param[in] check_time the time for which the validation is performed
++ * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated
++ */
++ldns_rr_list *ldns_validate_domain_ds_time(
++ const ldns_resolver *res, const ldns_rdf *domain,
++ const ldns_rr_list * keys, time_t check_time);
++
++
++/**
++ * Verifies a list of signatures for one RRset using a valid trust path.
++ *
++ * \param[in] res the current resolver
++ * \param[in] rrset the rrset to verify
++ * \param[in] rrsigs a list of signatures to check
++ * \param[out] validating_keys if this is a (initialized) list, the
++ * keys from keys that validate one of
++ * the signatures are added to it
++ * \return status LDNS_STATUS_OK if there is at least one correct key
++ */
++ldns_status ldns_verify_trusted(ldns_resolver *res,
++ ldns_rr_list *rrset,
++ ldns_rr_list *rrsigs,
++ ldns_rr_list *validating_keys);
++
++/**
++ * Verifies a list of signatures for one RRset using a valid trust path.
++ *
++ * \param[in] res the current resolver
++ * \param[in] rrset the rrset to verify
++ * \param[in] rrsigs a list of signatures to check
++ * \param[in] check_time the time for which the validation is performed
++ * \param[out] validating_keys if this is a (initialized) list, the
++ * keys from keys that validate one of
++ * the signatures are added to it
++ * \return status LDNS_STATUS_OK if there is at least one correct key
++ */
++ldns_status ldns_verify_trusted_time(
++ ldns_resolver *res, ldns_rr_list *rrset,
++ ldns_rr_list *rrsigs, time_t check_time,
++ ldns_rr_list *validating_keys);
++
++
++/**
++ * denial is not just a river in egypt
++ *
++ * \param[in] rr The (query) RR to check the denial of existence for
++ * \param[in] nsecs The list of NSEC RRs that are supposed to deny the
++ * existence of the RR
++ * \param[in] rrsigs The RRSIG RR covering the NSEC RRs
++ * \return LDNS_STATUS_OK if the NSEC RRs deny the existence, error code
++ * containing the reason they do not otherwise
++ */
++ldns_status ldns_dnssec_verify_denial(ldns_rr *rr,
++ ldns_rr_list *nsecs,
++ ldns_rr_list *rrsigs);
++
++/**
++ * Denial of existence using NSEC3 records
++ * Since NSEC3 is a bit more complicated than normal denial, some
++ * context arguments are needed
++ *
++ * \param[in] rr The (query) RR to check the denial of existence for
++ * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the
++ * existence of the RR
++ * \param[in] rrsigs The RRSIG rr covering the NSEC RRs
++ * \param[in] packet_rcode The RCODE value of the packet that provided the
++ * NSEC3 RRs
++ * \param[in] packet_qtype The original query RR type
++ * \param[in] packet_nodata True if the providing packet had an empty ANSWER
++ * section
++ * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code
++ * containing the reason they do not otherwise
++ */
++ldns_status ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
++ ldns_rr_list *nsecs,
++ ldns_rr_list *rrsigs,
++ ldns_pkt_rcode packet_rcode,
++ ldns_rr_type packet_qtype,
++ bool packet_nodata);
++
++/**
++ * Same as ldns_status ldns_dnssec_verify_denial_nsec3 but also returns
++ * the nsec rr that matched.
++ *
++ * \param[in] rr The (query) RR to check the denial of existence for
++ * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the
++ * existence of the RR
++ * \param[in] rrsigs The RRSIG rr covering the NSEC RRs
++ * \param[in] packet_rcode The RCODE value of the packet that provided the
++ * NSEC3 RRs
++ * \param[in] packet_qtype The original query RR type
++ * \param[in] packet_nodata True if the providing packet had an empty ANSWER
++ * section
++ * \param[in] match On match, the given (reference to a) pointer will be set
++ * to point to the matching nsec resource record.
++ * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code
++ * containing the reason they do not otherwise
++ */
++ldns_status ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr,
++ ldns_rr_list *nsecs,
++ ldns_rr_list *rrsigs,
++ ldns_pkt_rcode packet_rcode,
++ ldns_rr_type packet_qtype,
++ bool packet_nodata,
++ ldns_rr **match);
++/**
++ * Verifies the already processed data in the buffers
++ * This function should probably not be used directly.
++ *
++ * \param[in] rawsig_buf Buffer containing signature data to use
++ * \param[in] verify_buf Buffer containing data to verify
++ * \param[in] key_buf Buffer containing key data to use
++ * \param[in] algo Signing algorithm
++ * \return status LDNS_STATUS_OK if the data verifies. Error if not.
++ */
++ldns_status ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf,
++ ldns_buffer *verify_buf,
++ ldns_buffer *key_buf,
++ uint8_t algo);
++
++/**
++ * Like ldns_verify_rrsig_buffers, but uses raw data.
++ *
++ * \param[in] sig signature data to use
++ * \param[in] siglen length of signature data to use
++ * \param[in] verify_buf Buffer containing data to verify
++ * \param[in] key key data to use
++ * \param[in] keylen length of key data to use
++ * \param[in] algo Signing algorithm
++ * \return status LDNS_STATUS_OK if the data verifies. Error if not.
++ */
++ldns_status ldns_verify_rrsig_buffers_raw(unsigned char* sig,
++ size_t siglen,
++ ldns_buffer *verify_buf,
++ unsigned char* key,
++ size_t keylen,
++ uint8_t algo);
++
++/**
++ * Verifies an rrsig. All keys in the keyset are tried.
++ * \param[in] rrset the rrset to check
++ * \param[in] rrsig the signature of the rrset
++ * \param[in] keys the keys to try
++ * \param[out] good_keys if this is a (initialized) list, the pointer to keys
++ * from keys that validate one of the signatures
++ * are added to it
++ * \return a list of keys which validate the rrsig + rrset. Returns
++ * status LDNS_STATUS_OK if at least one key matched. Else an error.
++ */
++ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset,
++ ldns_rr *rrsig,
++ const ldns_rr_list *keys,
++ ldns_rr_list *good_keys);
++
++/**
++ * Verifies an rrsig. All keys in the keyset are tried.
++ * \param[in] rrset the rrset to check
++ * \param[in] rrsig the signature of the rrset
++ * \param[in] keys the keys to try
++ * \param[in] check_time the time for which the validation is performed
++ * \param[out] good_keys if this is a (initialized) list, the pointer to keys
++ * from keys that validate one of the signatures
++ * are added to it
++ * \return a list of keys which validate the rrsig + rrset. Returns
++ * status LDNS_STATUS_OK if at least one key matched. Else an error.
++ */
++ldns_status ldns_verify_rrsig_keylist_time(
++ ldns_rr_list *rrset, ldns_rr *rrsig,
++ const ldns_rr_list *keys, time_t check_time,
++ ldns_rr_list *good_keys);
++
++
++/**
++ * Verifies an rrsig. All keys in the keyset are tried. Time is not checked.
++ * \param[in] rrset the rrset to check
++ * \param[in] rrsig the signature of the rrset
++ * \param[in] keys the keys to try
++ * \param[out] good_keys if this is a (initialized) list, the pointer to keys
++ * from keys that validate one of the signatures
++ * are added to it
++ * \return a list of keys which validate the rrsig + rrset. Returns
++ * status LDNS_STATUS_OK if at least one key matched. Else an error.
++ */
++ldns_status ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset,
++ ldns_rr *rrsig,
++ const ldns_rr_list *keys,
++ ldns_rr_list *good_keys);
++
++/**
++ * verify an rrsig with 1 key
++ * \param[in] rrset the rrset
++ * \param[in] rrsig the rrsig to verify
++ * \param[in] key the key to use
++ * \return status message wether verification succeeded.
++ */
++ldns_status ldns_verify_rrsig(ldns_rr_list *rrset,
++ ldns_rr *rrsig,
++ ldns_rr *key);
++
++
++/**
++ * verify an rrsig with 1 key
++ * \param[in] rrset the rrset
++ * \param[in] rrsig the rrsig to verify
++ * \param[in] key the key to use
++ * \param[in] check_time the time for which the validation is performed
++ * \return status message wether verification succeeded.
++ */
++ldns_status ldns_verify_rrsig_time(
++ ldns_rr_list *rrset, ldns_rr *rrsig,
++ ldns_rr *key, time_t check_time);
++
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * verifies a buffer with signature data for a buffer with rrset data
++ * with an EVP_PKEY
++ *
++ * \param[in] sig the signature data
++ * \param[in] rrset the rrset data, sorted and processed for verification
++ * \param[in] key the EVP key structure
++ * \param[in] digest_type The digest type of the signature
++ */
++ldns_status ldns_verify_rrsig_evp(ldns_buffer *sig,
++ ldns_buffer *rrset,
++ EVP_PKEY *key,
++ const EVP_MD *digest_type);
++
++/**
++ * Like ldns_verify_rrsig_evp, but uses raw signature data.
++ * \param[in] sig the signature data, wireformat uncompressed
++ * \param[in] siglen length of the signature data
++ * \param[in] rrset the rrset data, sorted and processed for verification
++ * \param[in] key the EVP key structure
++ * \param[in] digest_type The digest type of the signature
++ */
++ldns_status ldns_verify_rrsig_evp_raw(unsigned char *sig,
++ size_t siglen,
++ ldns_buffer *rrset,
++ EVP_PKEY *key,
++ const EVP_MD *digest_type);
++#endif
++
++/**
++ * verifies a buffer with signature data (DSA) for a buffer with rrset data
++ * with a buffer with key data.
++ *
++ * \param[in] sig the signature data
++ * \param[in] rrset the rrset data, sorted and processed for verification
++ * \param[in] key the key data
++ */
++ldns_status ldns_verify_rrsig_dsa(ldns_buffer *sig,
++ ldns_buffer *rrset,
++ ldns_buffer *key);
++
++/**
++ * verifies a buffer with signature data (RSASHA1) for a buffer with rrset data
++ * with a buffer with key data.
++ *
++ * \param[in] sig the signature data
++ * \param[in] rrset the rrset data, sorted and processed for verification
++ * \param[in] key the key data
++ */
++ldns_status ldns_verify_rrsig_rsasha1(ldns_buffer *sig,
++ ldns_buffer *rrset,
++ ldns_buffer *key);
++
++/**
++ * verifies a buffer with signature data (RSAMD5) for a buffer with rrset data
++ * with a buffer with key data.
++ *
++ * \param[in] sig the signature data
++ * \param[in] rrset the rrset data, sorted and processed for verification
++ * \param[in] key the key data
++ */
++ldns_status ldns_verify_rrsig_rsamd5(ldns_buffer *sig,
++ ldns_buffer *rrset,
++ ldns_buffer *key);
++
++/**
++ * Like ldns_verify_rrsig_dsa, but uses raw signature and key data.
++ * \param[in] sig raw uncompressed wireformat signature data
++ * \param[in] siglen length of signature data
++ * \param[in] rrset ldns buffer with prepared rrset data.
++ * \param[in] key raw uncompressed wireformat key data
++ * \param[in] keylen length of key data
++ */
++ldns_status ldns_verify_rrsig_dsa_raw(unsigned char* sig,
++ size_t siglen,
++ ldns_buffer* rrset,
++ unsigned char* key,
++ size_t keylen);
++
++/**
++ * Like ldns_verify_rrsig_rsasha1, but uses raw signature and key data.
++ * \param[in] sig raw uncompressed wireformat signature data
++ * \param[in] siglen length of signature data
++ * \param[in] rrset ldns buffer with prepared rrset data.
++ * \param[in] key raw uncompressed wireformat key data
++ * \param[in] keylen length of key data
++ */
++ldns_status ldns_verify_rrsig_rsasha1_raw(unsigned char* sig,
++ size_t siglen,
++ ldns_buffer* rrset,
++ unsigned char* key,
++ size_t keylen);
++
++/**
++ * Like ldns_verify_rrsig_rsasha256, but uses raw signature and key data.
++ * \param[in] sig raw uncompressed wireformat signature data
++ * \param[in] siglen length of signature data
++ * \param[in] rrset ldns buffer with prepared rrset data.
++ * \param[in] key raw uncompressed wireformat key data
++ * \param[in] keylen length of key data
++ */
++
++ldns_status ldns_verify_rrsig_rsasha256_raw(unsigned char* sig,
++ size_t siglen,
++ ldns_buffer* rrset,
++ unsigned char* key,
++ size_t keylen);
++
++/**
++ * Like ldns_verify_rrsig_rsasha512, but uses raw signature and key data.
++ * \param[in] sig raw uncompressed wireformat signature data
++ * \param[in] siglen length of signature data
++ * \param[in] rrset ldns buffer with prepared rrset data.
++ * \param[in] key raw uncompressed wireformat key data
++ * \param[in] keylen length of key data
++ */
++ldns_status ldns_verify_rrsig_rsasha512_raw(unsigned char* sig,
++ size_t siglen,
++ ldns_buffer* rrset,
++ unsigned char* key,
++ size_t keylen);
++
++/**
++ * Like ldns_verify_rrsig_rsamd5, but uses raw signature and key data.
++ * \param[in] sig raw uncompressed wireformat signature data
++ * \param[in] siglen length of signature data
++ * \param[in] rrset ldns buffer with prepared rrset data.
++ * \param[in] key raw uncompressed wireformat key data
++ * \param[in] keylen length of key data
++ */
++ldns_status ldns_verify_rrsig_rsamd5_raw(unsigned char* sig,
++ size_t siglen,
++ ldns_buffer* rrset,
++ unsigned char* key,
++ size_t keylen);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif
++
+diff --git a/ldns/include/ldns/dnssec_zone.h b/ldns/include/ldns/dnssec_zone.h
+new file mode 100644
+index 0000000..b794f94
+--- /dev/null
++++ b/ldns/include/ldns/dnssec_zone.h
+@@ -0,0 +1,483 @@
++/*
++ * special zone file structures and functions for better dnssec handling
++ *
++ * A zone contains a SOA dnssec_zone_rrset, and an AVL tree of 'normal'
++ * dnssec_zone_rrsets, indexed by name and type
++ */
++
++#ifndef LDNS_DNSSEC_ZONE_H
++#define LDNS_DNSSEC_ZONE_H
++
++#include <ldns/rbtree.h>
++#include <ldns/host2str.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * Singly linked list of rrs
++ */
++typedef struct ldns_struct_dnssec_rrs ldns_dnssec_rrs;
++struct ldns_struct_dnssec_rrs
++{
++ ldns_rr *rr;
++ ldns_dnssec_rrs *next;
++};
++
++/**
++ * Singly linked list of RRsets
++ */
++typedef struct ldns_struct_dnssec_rrsets ldns_dnssec_rrsets;
++struct ldns_struct_dnssec_rrsets
++{
++ ldns_dnssec_rrs *rrs;
++ ldns_rr_type type;
++ ldns_dnssec_rrs *signatures;
++ ldns_dnssec_rrsets *next;
++};
++
++/**
++ * Structure containing all resource records for a domain name
++ * Including the derived NSEC3, if present
++ */
++typedef struct ldns_struct_dnssec_name ldns_dnssec_name;
++struct ldns_struct_dnssec_name
++{
++ /**
++ * pointer to a dname containing the name.
++ * Usually points to the owner name of the first RR of the first RRset
++ */
++ ldns_rdf *name;
++ /**
++ * Usually, the name is a pointer to the owner name of the first rr for
++ * this name, but sometimes there is no actual data to point to,
++ * for instance in
++ * names representing empty nonterminals. If so, set alloced to true to
++ * indicate that this data must also be freed when the name is freed
++ */
++ bool name_alloced;
++ /**
++ * The rrsets for this name
++ */
++ ldns_dnssec_rrsets *rrsets;
++ /**
++ * NSEC pointing to the next name (or NSEC3 pointing to the next NSEC3)
++ */
++ ldns_rr *nsec;
++ /**
++ * signatures for the NSEC record
++ */
++ ldns_dnssec_rrs *nsec_signatures;
++ /**
++ * Unlike what the name is_glue suggests, this field is set to true by
++ * ldns_dnssec_zone_mark_glue() or ldns_dnssec_zone_mark_and_get_glue()
++ * when the name, this dnssec_name struct represents, is occluded.
++ * Names that contain other occluded rrsets and records with glue on
++ * the delegation point will NOT have this bool set to true.
++ * This field should NOT be read directly, but only via the
++ * ldns_dnssec_name_is_glue() function!
++ */
++ bool is_glue;
++ /**
++ * pointer to store the hashed name (only used when in an NSEC3 zone
++ */
++ ldns_rdf *hashed_name;
++};
++
++/**
++ * Structure containing a dnssec zone
++ */
++struct ldns_struct_dnssec_zone {
++ /** points to the name containing the SOA RR */
++ ldns_dnssec_name *soa;
++ /** tree of ldns_dnssec_names */
++ ldns_rbtree_t *names;
++ /** tree of ldns_dnssec_names by nsec3 hashes (when applicible) */
++ ldns_rbtree_t *hashed_names;
++ /** points to the first added NSEC3 rr whose parameters will be
++ * assumed for all subsequent NSEC3 rr's and which will be used
++ * to calculate hashed names
++ */
++ ldns_rr *_nsec3params;
++};
++typedef struct ldns_struct_dnssec_zone ldns_dnssec_zone;
++
++/**
++ * Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs
++ * \return the allocated data
++ */
++ldns_dnssec_rrs *ldns_dnssec_rrs_new(void);
++
++/**
++ * Frees the list of rrs, but *not* the individual ldns_rr records
++ * contained in the list
++ *
++ * \param[in] rrs the data structure to free
++ */
++void ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs);
++
++/**
++ * Frees the list of rrs, and the individual ldns_rr records
++ * contained in the list
++ *
++ * \param[in] rrs the data structure to free
++ */
++void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs);
++
++/**
++ * Adds an RR to the list of RRs. The list will remain ordered.
++ * If an equal RR already exists, this RR will not be added.
++ *
++ * \param[in] rrs the list to add to
++ * \param[in] rr the RR to add
++ * \return LDNS_STATUS_OK on success
++ */
++ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr);
++
++/**
++ * Prints the given rrs to the file descriptor
++ *
++ * \param[in] out the file descriptor to print to
++ * \param[in] rrs the list of RRs to print
++ */
++void ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs);
++
++/**
++ * Prints the given rrs to the file descriptor
++ *
++ * \param[in] out the file descriptor to print to
++ * \param[in] fmt the format of the textual representation
++ * \param[in] rrs the list of RRs to print
++ */
++void ldns_dnssec_rrs_print_fmt(FILE *out,
++ const ldns_output_format *fmt, ldns_dnssec_rrs *rrs);
++
++/**
++ * Creates a new list (entry) of RRsets
++ * \return the newly allocated structure
++ */
++ldns_dnssec_rrsets *ldns_dnssec_rrsets_new(void);
++
++/**
++ * Frees the list of rrsets and their rrs, but *not* the ldns_rr
++ * records in the sets
++ *
++ * \param[in] rrsets the data structure to free
++ */
++void ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets);
++
++/**
++ * Frees the list of rrsets and their rrs, and the ldns_rr
++ * records in the sets
++ *
++ * \param[in] rrsets the data structure to free
++ */
++void ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets);
++
++/**
++ * Returns the rr type of the rrset (that is head of the given list)
++ *
++ * \param[in] rrsets the rrset to get the type of
++ * \return the rr type
++ */
++ldns_rr_type ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets);
++
++/**
++ * Sets the RR type of the rrset (that is head of the given list)
++ *
++ * \param[in] rrsets the rrset to set the type of
++ * \param[in] type the type to set
++ * \return LDNS_STATUS_OK on success
++ */
++ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets,
++ ldns_rr_type type);
++
++/**
++ * Add an ldns_rr to the corresponding RRset in the given list of RRsets.
++ * If it is not present, add it as a new RRset with 1 record.
++ *
++ * \param[in] rrsets the list of rrsets to add the RR to
++ * \param[in] rr the rr to add to the list of rrsets
++ * \return LDNS_STATUS_OK on success
++ */
++ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr);
++
++/**
++ * Print the given list of rrsets to the fiven file descriptor
++ *
++ * \param[in] out the file descriptor to print to
++ * \param[in] rrsets the list of RRsets to print
++ * \param[in] follow if set to false, only print the first RRset
++ */
++void ldns_dnssec_rrsets_print(FILE *out,
++ ldns_dnssec_rrsets *rrsets,
++ bool follow);
++
++/**
++ * Print the given list of rrsets to the fiven file descriptor
++ *
++ * \param[in] out the file descriptor to print to
++ * \param[in] fmt the format of the textual representation
++ * \param[in] rrsets the list of RRsets to print
++ * \param[in] follow if set to false, only print the first RRset
++ */
++void ldns_dnssec_rrsets_print_fmt(FILE *out,
++ const ldns_output_format *fmt,
++ ldns_dnssec_rrsets *rrsets,
++ bool follow);
++
++
++/**
++ * Create a new data structure for a dnssec name
++ * \return the allocated structure
++ */
++ldns_dnssec_name *ldns_dnssec_name_new(void);
++
++/**
++ * Create a new data structure for a dnssec name for the given RR
++ *
++ * \param[in] rr the RR to derive properties from, and to add to the name
++ */
++ldns_dnssec_name *ldns_dnssec_name_new_frm_rr(ldns_rr *rr);
++
++/**
++ * Frees the name structure and its rrs and rrsets.
++ * Individual ldns_rr records therein are not freed
++ *
++ * \param[in] name the structure to free
++ */
++void ldns_dnssec_name_free(ldns_dnssec_name *name);
++
++/**
++ * Frees the name structure and its rrs and rrsets.
++ * Individual ldns_rr records contained in the name are also freed
++ *
++ * \param[in] name the structure to free
++ */
++void ldns_dnssec_name_deep_free(ldns_dnssec_name *name);
++
++/**
++ * Returns the domain name of the given dnssec_name structure
++ *
++ * \param[in] name the dnssec name to get the domain name from
++ * \return the domain name
++ */
++ldns_rdf *ldns_dnssec_name_name(ldns_dnssec_name *name);
++
++
++/**
++ * Sets the domain name of the given dnssec_name structure
++ *
++ * \param[in] name the dnssec name to set the domain name of
++ * \param[in] dname the domain name to set it to. This data is *not* copied.
++ */
++void ldns_dnssec_name_set_name(ldns_dnssec_name *name,
++ ldns_rdf *dname);
++/**
++ * Returns if dnssec_name structure is marked as glue.
++ * The ldns_dnssec_zone_mark_glue() function has to be called on a zone before
++ * using this function.
++ * Only names that have only glue rrsets will be marked.
++ * Names that have other occluded rrsets and names containing glue on the
++ * delegation point will NOT be marked!
++ *
++ * \param[in] name the dnssec name to get the domain name from
++ * \return true if the structure is marked as glue, false otherwise.
++ */
++bool ldns_dnssec_name_is_glue(ldns_dnssec_name *name);
++
++/**
++ * Sets the NSEC(3) RR of the given dnssec_name structure
++ *
++ * \param[in] name the dnssec name to set the domain name of
++ * \param[in] nsec the nsec rr to set it to. This data is *not* copied.
++ */
++void ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec);
++
++/**
++ * Compares the domain names of the two arguments in their
++ * canonical ordening.
++ *
++ * \param[in] a The first dnssec_name to compare
++ * \param[in] b The second dnssec_name to compare
++ * \return -1 if the domain name of a comes before that of b in canonical
++ * ordening, 1 if it is the other way around, and 0 if they are
++ * equal
++ */
++int ldns_dnssec_name_cmp(const void *a, const void *b);
++
++/**
++ * Inserts the given rr at the right place in the current dnssec_name
++ * No checking is done whether the name matches
++ *
++ * \param[in] name The ldns_dnssec_name to add the RR to
++ * \param[in] rr The RR to add
++ * \return LDNS_STATUS_OK on success, error code otherwise
++ */
++ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
++ ldns_rr *rr);
++
++/**
++ * Find the RRset with the given type in within this name structure
++ *
++ * \param[in] name the name to find the RRset in
++ * \param[in] type the type of the RRset to find
++ * \return the RRset, or NULL if not present
++ */
++ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
++ ldns_rr_type type);
++
++/**
++ * Find the RRset with the given name and type in the zone
++ *
++ * \param[in] zone the zone structure to find the RRset in
++ * \param[in] dname the domain name of the RRset to find
++ * \param[in] type the type of the RRset to find
++ * \return the RRset, or NULL if not present
++ */
++ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
++ ldns_rdf *dname,
++ ldns_rr_type type);
++
++/**
++ * Prints the RRs in the dnssec name structure to the given
++ * file descriptor
++ *
++ * \param[in] out the file descriptor to print to
++ * \param[in] name the name structure to print the contents of
++ */
++void ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name);
++
++/**
++ * Prints the RRs in the dnssec name structure to the given
++ * file descriptor
++ *
++ * \param[in] out the file descriptor to print to
++ * \param[in] fmt the format of the textual representation
++ * \param[in] name the name structure to print the contents of
++ */
++void ldns_dnssec_name_print_fmt(FILE *out,
++ const ldns_output_format *fmt, ldns_dnssec_name *name);
++
++/**
++ * Creates a new dnssec_zone structure
++ * \return the allocated structure
++ */
++ldns_dnssec_zone *ldns_dnssec_zone_new(void);
++
++/**
++ * Create a new dnssec zone from a file.
++ * \param[out] z the new zone
++ * \param[in] *fp the filepointer to use
++ * \param[in] *origin the zones' origin
++ * \param[in] c default class to use (IN)
++ * \param[in] ttl default ttl to use
++ *
++ * \return ldns_status mesg with an error or LDNS_STATUS_OK
++ */
++ldns_status ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp,
++ ldns_rdf* origin, uint32_t ttl, ldns_rr_class c);
++
++/**
++ * Create a new dnssec zone from a file, keep track of the line numbering
++ * \param[out] z the new zone
++ * \param[in] *fp the filepointer to use
++ * \param[in] *origin the zones' origin
++ * \param[in] ttl default ttl to use
++ * \param[in] c default class to use (IN)
++ * \param[out] line_nr used for error msg, to get to the line number
++ *
++ * \return ldns_status mesg with an error or LDNS_STATUS_OK
++ */
++ldns_status ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp,
++ ldns_rdf* origin, uint32_t ttl, ldns_rr_class c, int* line_nr);
++
++/**
++ * Frees the given zone structure, and its rbtree of dnssec_names
++ * Individual ldns_rr RRs within those names are *not* freed
++ * \param[in] *zone the zone to free
++ */
++void ldns_dnssec_zone_free(ldns_dnssec_zone *zone);
++
++/**
++ * Frees the given zone structure, and its rbtree of dnssec_names
++ * Individual ldns_rr RRs within those names are also freed
++ * \param[in] *zone the zone to free
++ */
++void ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone);
++
++/**
++ * Adds the given RR to the zone.
++ * It find whether there is a dnssec_name with that name present.
++ * If so, add it to that, if not create a new one.
++ * Special handling of NSEC and RRSIG provided
++ *
++ * \param[in] zone the zone to add the RR to
++ * \param[in] rr The RR to add
++ * \return LDNS_STATUS_OK on success, an error code otherwise
++ */
++ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone,
++ ldns_rr *rr);
++
++/**
++ * Prints the rbtree of ldns_dnssec_name structures to the file descriptor
++ *
++ * \param[in] out the file descriptor to print the names to
++ * \param[in] tree the tree of ldns_dnssec_name structures to print
++ * \param[in] print_soa if true, print SOA records, if false, skip them
++ */
++void ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa);
++
++/**
++ * Prints the rbtree of ldns_dnssec_name structures to the file descriptor
++ *
++ * \param[in] out the file descriptor to print the names to
++ * \param[in] fmt the format of the textual representation
++ * \param[in] tree the tree of ldns_dnssec_name structures to print
++ * \param[in] print_soa if true, print SOA records, if false, skip them
++ */
++void ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt,
++ ldns_rbtree_t *tree, bool print_soa);
++
++/**
++ * Prints the complete zone to the given file descriptor
++ *
++ * \param[in] out the file descriptor to print to
++ * \param[in] zone the dnssec_zone to print
++ */
++void ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone);
++
++/**
++ * Prints the complete zone to the given file descriptor
++ *
++ * \param[in] out the file descriptor to print to
++ * \param[in] fmt the format of the textual representation
++ * \param[in] zone the dnssec_zone to print
++ */
++void ldns_dnssec_zone_print_fmt(FILE *out,
++ const ldns_output_format *fmt, ldns_dnssec_zone *zone);
++
++/**
++ * Adds explicit dnssec_name structures for the empty nonterminals
++ * in this zone. (this is needed for NSEC3 generation)
++ *
++ * \param[in] zone the zone to check for empty nonterminals
++ * return LDNS_STATUS_OK on success.
++ */
++ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone);
++
++/**
++ * If a NSEC3PARAM is available in the apex, walks the zone and returns true
++ * on the first optout nsec3.
++ *
++ * \param[in] zone the zone to check for nsec3 optout records
++ * return true when the zone has at least one nsec3 optout record.
++ */
++bool ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif
+diff --git a/ldns/include/ldns/duration.h b/ldns/include/ldns/duration.h
+new file mode 100644
+index 0000000..f12edc4
+--- /dev/null
++++ b/ldns/include/ldns/duration.h
+@@ -0,0 +1,109 @@
++/*
++ * $Id: duration.h 4341 2011-01-31 15:21:09Z matthijs $
++ *
++ * Copyright (c) 2009 NLNet Labs. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
++ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
++ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
++ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
++ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
++ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
++ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++/**
++ *
++ * This file is copied from the OpenDNSSEC source repository
++ * and only slightly adapted to make it fit.
++ */
++
++/**
++ *
++ * Durations.
++ */
++
++#ifndef LDNS_DURATION_H
++#define LDNS_DURATION_H
++
++#include <stdint.h>
++#include <time.h>
++
++/**
++ * Duration.
++ *
++ */
++typedef struct ldns_duration_struct ldns_duration_type;
++struct ldns_duration_struct
++{
++ time_t years;
++ time_t months;
++ time_t weeks;
++ time_t days;
++ time_t hours;
++ time_t minutes;
++ time_t seconds;
++};
++
++/**
++ * Create a new 'instant' duration.
++ * \return ldns_duration_type* created duration
++ *
++ */
++ldns_duration_type* ldns_duration_create(void);
++
++/**
++ * Compare durations.
++ * \param[in] d1 one duration
++ * \param[in] d2 another duration
++ * \return int 0 if equal, -1 if d1 < d2, 1 if d2 < d1
++ *
++ */
++int ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2);
++
++/**
++ * Create a duration from string.
++ * \param[in] str string-format duration
++ * \return ldns_duration_type* created duration
++ *
++ */
++ldns_duration_type* ldns_duration_create_from_string(const char* str);
++
++/**
++ * Convert a duration to a string.
++ * \param[in] duration duration to be converted
++ * \return char* string-format duration
++ *
++ */
++char* ldns_duration2string(ldns_duration_type* duration);
++
++/**
++ * Convert a duration to a time.
++ * \param[in] duration duration to be converted
++ * \return time_t time-format duration
++ *
++ */
++time_t ldns_duration2time(ldns_duration_type* duration);
++
++/**
++ * Clean up duration.
++ * \param[in] duration duration to be cleaned up
++ *
++ */
++void ldns_duration_cleanup(ldns_duration_type* duration);
++
++#endif /* LDNS_DURATION_H */
+diff --git a/ldns/include/ldns/error.h b/ldns/include/ldns/error.h
+new file mode 100644
+index 0000000..cc11958
+--- /dev/null
++++ b/ldns/include/ldns/error.h
+@@ -0,0 +1,147 @@
++/**
++ * \file error.h
++ *
++ * Defines error numbers and functions to translate those to a readable string.
++ *
++ */
++
++/**
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#ifndef LDNS_ERROR_H
++#define LDNS_ERROR_H
++
++#include <ldns/util.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++enum ldns_enum_status {
++ LDNS_STATUS_OK,
++ LDNS_STATUS_EMPTY_LABEL,
++ LDNS_STATUS_LABEL_OVERFLOW,
++ LDNS_STATUS_DOMAINNAME_OVERFLOW,
++ LDNS_STATUS_DOMAINNAME_UNDERFLOW,
++ LDNS_STATUS_DDD_OVERFLOW,
++ LDNS_STATUS_PACKET_OVERFLOW,
++ LDNS_STATUS_INVALID_POINTER,
++ LDNS_STATUS_MEM_ERR,
++ LDNS_STATUS_INTERNAL_ERR,
++ LDNS_STATUS_SSL_ERR,
++ LDNS_STATUS_ERR,
++ LDNS_STATUS_INVALID_INT,
++ LDNS_STATUS_INVALID_IP4,
++ LDNS_STATUS_INVALID_IP6,
++ LDNS_STATUS_INVALID_STR,
++ LDNS_STATUS_INVALID_B32_EXT,
++ LDNS_STATUS_INVALID_B64,
++ LDNS_STATUS_INVALID_HEX,
++ LDNS_STATUS_INVALID_TIME,
++ LDNS_STATUS_NETWORK_ERR,
++ LDNS_STATUS_ADDRESS_ERR,
++ LDNS_STATUS_FILE_ERR,
++ LDNS_STATUS_UNKNOWN_INET,
++ LDNS_STATUS_NOT_IMPL,
++ LDNS_STATUS_NULL,
++ LDNS_STATUS_CRYPTO_UNKNOWN_ALGO,
++ LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL,
++ LDNS_STATUS_CRYPTO_NO_RRSIG,
++ LDNS_STATUS_CRYPTO_NO_DNSKEY,
++ LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY,
++ LDNS_STATUS_CRYPTO_NO_DS,
++ LDNS_STATUS_CRYPTO_NO_TRUSTED_DS,
++ LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY,
++ LDNS_STATUS_CRYPTO_VALIDATED,
++ LDNS_STATUS_CRYPTO_BOGUS,
++ LDNS_STATUS_CRYPTO_SIG_EXPIRED,
++ LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED,
++ LDNS_STATUS_CRYPTO_TSIG_BOGUS,
++ LDNS_STATUS_CRYPTO_TSIG_ERR,
++ LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION,
++ LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR,
++ LDNS_STATUS_ENGINE_KEY_NOT_LOADED,
++ LDNS_STATUS_NSEC3_ERR,
++ LDNS_STATUS_RES_NO_NS,
++ LDNS_STATUS_RES_QUERY,
++ LDNS_STATUS_WIRE_INCOMPLETE_HEADER,
++ LDNS_STATUS_WIRE_INCOMPLETE_QUESTION,
++ LDNS_STATUS_WIRE_INCOMPLETE_ANSWER,
++ LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY,
++ LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL,
++ LDNS_STATUS_NO_DATA,
++ LDNS_STATUS_CERT_BAD_ALGORITHM,
++ LDNS_STATUS_SYNTAX_TYPE_ERR,
++ LDNS_STATUS_SYNTAX_CLASS_ERR,
++ LDNS_STATUS_SYNTAX_TTL_ERR,
++ LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL,
++ LDNS_STATUS_SYNTAX_RDATA_ERR,
++ LDNS_STATUS_SYNTAX_DNAME_ERR,
++ LDNS_STATUS_SYNTAX_VERSION_ERR,
++ LDNS_STATUS_SYNTAX_ALG_ERR,
++ LDNS_STATUS_SYNTAX_KEYWORD_ERR,
++ LDNS_STATUS_SYNTAX_TTL,
++ LDNS_STATUS_SYNTAX_ORIGIN,
++ LDNS_STATUS_SYNTAX_INCLUDE,
++ LDNS_STATUS_SYNTAX_EMPTY,
++ LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW,
++ LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR,
++ LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW,
++ LDNS_STATUS_SYNTAX_BAD_ESCAPE,
++ LDNS_STATUS_SOCKET_ERROR,
++ LDNS_STATUS_SYNTAX_ERR,
++ LDNS_STATUS_DNSSEC_EXISTENCE_DENIED,
++ LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED,
++ LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED,
++ LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND,
++ LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG,
++ LDNS_STATUS_MISSING_RDATA_FIELDS_KEY,
++ LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN,
++ LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN,
++ LDNS_STATUS_DANE_STATUS_MESSAGES,
++ LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE,
++ LDNS_STATUS_DANE_UNKNOWN_SELECTOR,
++ LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE,
++ LDNS_STATUS_DANE_UNKNOWN_PROTOCOL,
++ LDNS_STATUS_DANE_UNKNOWN_TRANSPORT,
++ LDNS_STATUS_DANE_MISSING_EXTRA_CERTS,
++ LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED,
++ LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE,
++ LDNS_STATUS_DANE_INSECURE,
++ LDNS_STATUS_DANE_BOGUS,
++ LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
++ LDNS_STATUS_DANE_NON_CA_CERTIFICATE,
++ LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE,
++ LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR,
++ LDNS_STATUS_EXISTS_ERR,
++ LDNS_STATUS_INVALID_ILNP64,
++ LDNS_STATUS_INVALID_EUI48,
++ LDNS_STATUS_INVALID_EUI64,
++ LDNS_STATUS_WIRE_RDATA_ERR,
++ LDNS_STATUS_INVALID_TAG,
++ LDNS_STATUS_TYPE_NOT_IN_BITMAP,
++ LDNS_STATUS_INVALID_RDF_TYPE,
++ LDNS_STATUS_RDATA_OVERFLOW
++};
++typedef enum ldns_enum_status ldns_status;
++
++extern ldns_lookup_table ldns_error_str[];
++
++/**
++ * look up a descriptive text by each error. This function
++ * could use a better name
++ * \param[in] err ldns_status number
++ * \return the string for that error
++ */
++const char *ldns_get_errorstr_by_id(ldns_status err);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_ERROR_H */
+diff --git a/ldns/include/ldns/higher.h b/ldns/include/ldns/higher.h
+new file mode 100644
+index 0000000..597e134
+--- /dev/null
++++ b/ldns/include/ldns/higher.h
+@@ -0,0 +1,113 @@
++/**
++ * \file higher.h
++ *
++ * Specifies some higher level functions that could
++ * be useful for certain applications
++ */
++
++/*
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#ifndef LDNS_HIGHER_H
++#define LDNS_HIGHER_H
++
++#include <ldns/resolver.h>
++#include <ldns/rdata.h>
++#include <ldns/rr.h>
++#include <ldns/host2str.h>
++#include <ldns/tsig.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * Ask the resolver about name
++ * and return all address records
++ * \param[in] r the resolver to use
++ * \param[in] name the name to look for
++ * \param[in] c the class to use
++ * \param[in] flags give some optional flags to the query
++ */
++ldns_rr_list *ldns_get_rr_list_addr_by_name(ldns_resolver *r, ldns_rdf *name, ldns_rr_class c, uint16_t flags);
++
++/**
++ * ask the resolver about the address
++ * and return the name
++ * \param[in] r the resolver to use
++ * \param[in] addr the addr to look for
++ * \param[in] c the class to use
++ * \param[in] flags give some optional flags to the query
++ */
++ldns_rr_list *ldns_get_rr_list_name_by_addr(ldns_resolver *r, ldns_rdf *addr, ldns_rr_class c, uint16_t flags);
++
++/**
++ * wade through fp (a /etc/hosts like file)
++ * and return a rr_list containing all the
++ * defined hosts in there
++ * \param[in] fp the file pointer to use
++ * \return ldns_rr_list * with the names
++ */
++ldns_rr_list *ldns_get_rr_list_hosts_frm_fp(FILE *fp);
++
++/**
++ * wade through fp (a /etc/hosts like file)
++ * and return a rr_list containing all the
++ * defined hosts in there
++ * \param[in] fp the file pointer to use
++ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
++ * \return ldns_rr_list * with the names
++ */
++ldns_rr_list *ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr);
++
++/**
++ * wade through fp (a /etc/hosts like file)
++ * and return a rr_list containing all the
++ * defined hosts in there
++ * \param[in] filename the filename to use (NULL for /etc/hosts)
++ * \return ldns_rr_list * with the names
++ */
++ldns_rr_list *ldns_get_rr_list_hosts_frm_file(char *filename);
++
++/**
++ * This function is a wrapper function for ldns_get_rr_list_name_by_addr
++ * and ldns_get_rr_list_addr_by_name. It's name is from the getaddrinfo()
++ * library call. It tries to mimic that call, but without the lowlevel
++ * stuff.
++ * \param[in] res The resolver. If this value is NULL then a resolver will
++ * be created by ldns_getaddrinfo.
++ * \param[in] node the name or ip address to look up
++ * \param[in] c the class to look in
++ * \param[out] list put the found RR's in this list
++ * \return the number of RR found.
++ */
++uint16_t ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, ldns_rr_list **list);
++
++/**
++ * Check if t is enumerated in the nsec type rdata
++ * \param[in] nsec the NSEC Record to look in
++ * \param[in] t the type to check for
++ * \return true when t is found, otherwise return false
++ */
++bool ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t);
++
++/**
++ * Print a number of rdf's of the RR. The rdfnum-list must
++ * be ended by -1, otherwise unpredictable things might happen.
++ * rdfs may be printed multiple times
++ * \param[in] fp FILE * to write to
++ * \param[in] r RR to write
++ * \param[in] rdfnum a list of rdf to print.
++ */
++void ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_HIGHER_H */
+diff --git a/ldns/include/ldns/host2str.h b/ldns/include/ldns/host2str.h
+new file mode 100644
+index 0000000..e69389e
+--- /dev/null
++++ b/ldns/include/ldns/host2str.h
+@@ -0,0 +1,891 @@
++/**
++ * host2str.h - txt presentation of RRs
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++/**
++ * \file
++ *
++ * Contains functions to translate the main structures to their text
++ * representation, as well as functions to print them.
++ */
++
++#ifndef LDNS_HOST2STR_H
++#define LDNS_HOST2STR_H
++
++#include <ldns/common.h>
++#include <ldns/error.h>
++#include <ldns/rr.h>
++#include <ldns/rdata.h>
++#include <ldns/packet.h>
++#include <ldns/buffer.h>
++#include <ldns/resolver.h>
++#include <ldns/zone.h>
++#include <ctype.h>
++
++#include "ldns/util.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define LDNS_APL_IP4 1
++#define LDNS_APL_IP6 2
++#define LDNS_APL_MASK 0x7f
++#define LDNS_APL_NEGATION 0x80
++
++/**
++ * Represent a NULL pointer (instead of a pointer to a ldns_rr as "; (null)"
++ * as opposed to outputting nothing at all in such a case.
++ */
++/* Flag Name Flag Nr. Has data associated
++ ---------------------------------------------------------------------*/
++#define LDNS_COMMENT_NULLS (1 << 0)
++/** Show key id with DNSKEY RR's as comment */
++#define LDNS_COMMENT_KEY_ID (1 << 1)
++/** Show if a DNSKEY is a ZSK or KSK as comment */
++#define LDNS_COMMENT_KEY_TYPE (1 << 2)
++/** Show DNSKEY key size as comment */
++#define LDNS_COMMENT_KEY_SIZE (1 << 3)
++/** Provide bubblebabble representation for DS RR's as comment */
++#define LDNS_COMMENT_BUBBLEBABBLE (1 << 4)
++/** Show when a NSEC3 RR has the optout flag set as comment */
++#define LDNS_COMMENT_FLAGS (1 << 5)
++/** Show the unhashed owner and next owner names for NSEC3 RR's as comment */
++#define LDNS_COMMENT_NSEC3_CHAIN (1 << 6) /* yes */
++/** Print mark up */
++#define LDNS_COMMENT_LAYOUT (1 << 7)
++/** Also comment KEY_ID with RRSIGS **/
++#define LDNS_COMMENT_RRSIGS (1 << 8)
++#define LDNS_FMT_ZEROIZE_RRSIGS (1 << 9)
++#define LDNS_FMT_PAD_SOA_SERIAL (1 << 10)
++#define LDNS_FMT_RFC3597 (1 << 11) /* yes */
++
++#define LDNS_FMT_FLAGS_WITH_DATA 2
++
++/** Show key id, type and size as comment for DNSKEY RR's */
++#define LDNS_COMMENT_KEY (LDNS_COMMENT_KEY_ID \
++ |LDNS_COMMENT_KEY_TYPE\
++ |LDNS_COMMENT_KEY_SIZE)
++
++/**
++ * Output format specifier
++ *
++ * Determines how Packets, Resource Records and Resource record data fiels are
++ * formatted when printing or converting to string.
++ * Currently it is only used to specify what aspects of a Resource Record are
++ * annotated in the comment section of the textual representation the record.
++ * This is speciefed with flags and potential exra data (such as for example
++ * a lookup map of hashes to real names for annotation NSEC3 records).
++ */
++struct ldns_struct_output_format
++{
++ /** Specification of how RR's should be formatted in text */
++ int flags;
++ /** Potential extra data to be used with formatting RR's in text */
++ void *data;
++};
++typedef struct ldns_struct_output_format ldns_output_format;
++
++/**
++ * Output format struct with additional data for flags that use them.
++ * This struct may not be initialized directly. Use ldns_output_format_init
++ * to initialize.
++ */
++struct ldns_struct_output_format_storage
++{ int flags;
++ ldns_rbtree_t* hashmap; /* for LDNS_COMMENT_NSEC3_CHAIN */
++ ldns_rdf* bitmap; /* for LDNS_FMT_RFC3597 */
++};
++typedef struct ldns_struct_output_format_storage ldns_output_format_storage;
++
++/**
++ * Standard output format record that disables commenting in the textual
++ * representation of Resource Records completely.
++ */
++extern const ldns_output_format *ldns_output_format_nocomments;
++/**
++ * Standard output format record that annotated only DNSKEY RR's with commenti
++ * text.
++ */
++extern const ldns_output_format *ldns_output_format_onlykeyids;
++/**
++ * The default output format record. Same as ldns_output_format_onlykeyids.
++ */
++extern const ldns_output_format *ldns_output_format_default;
++/**
++ * Standard output format record that shows all DNSKEY related information in
++ * the comment text, plus the optout flag when set with NSEC3's, plus the
++ * bubblebabble representation of DS RR's.
++ */
++extern const ldns_output_format *ldns_output_format_bubblebabble;
++
++/**
++ * Initialize output format storage to the default value.
++ * \param[in] fmt A reference to an output_format_ storage struct
++ * \return The initialized storage struct typecasted to ldns_output_format
++ */
++INLINE
++ldns_output_format* ldns_output_format_init(ldns_output_format_storage* fmt) {
++ fmt->flags = ldns_output_format_default->flags;
++ fmt->hashmap = NULL;
++ fmt->bitmap = NULL;
++ return (ldns_output_format*)fmt;
++}
++
++/**
++ * Set an ouput format flag.
++ */
++INLINE void ldns_output_format_set(ldns_output_format* fmt, int flag) {
++ fmt->flags |= flag;
++}
++
++/**
++ * Clear an ouput format flag.
++ */
++INLINE void ldns_output_format_clear(ldns_output_format* fmt, int flag) {
++ fmt->flags &= !flag;
++}
++
++/**
++ * Makes sure the LDNS_FMT_RFC3597 is set in the output format.
++ * Marks the type to be printed in RFC3597 format.
++ * /param[in] fmt the output format to update
++ * /param[in] the type to be printed in RFC3597 format
++ * /return LDNS_STATUS_OK on success
++ */
++ldns_status
++ldns_output_format_set_type(ldns_output_format* fmt, ldns_rr_type type);
++
++/**
++ * Makes sure the LDNS_FMT_RFC3597 is set in the output format.
++ * Marks the type to not be printed in RFC3597 format. When no other types
++ * have been marked before, all known types (except the given one) will be
++ * marked for printing in RFC3597 format.
++ * /param[in] fmt the output format to update
++ * /param[in] the type not to be printed in RFC3597 format
++ * /return LDNS_STATUS_OK on success
++ */
++ldns_status
++ldns_output_format_clear_type(ldns_output_format* fmt, ldns_rr_type type);
++
++/**
++ * Converts an ldns packet opcode value to its mnemonic, and adds that
++ * to the output buffer
++ * \param[in] *output the buffer to add the data to
++ * \param[in] opcode to find the string representation of
++ * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
++ */
++ldns_status
++ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode);
++
++/**
++ * Converts an ldns packet rcode value to its mnemonic, and adds that
++ * to the output buffer
++ * \param[in] *output the buffer to add the data to
++ * \param[in] rcode to find the string representation of
++ * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
++ */
++ldns_status
++ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode);
++
++/**
++ * Converts an ldns algorithm type to its mnemonic, and adds that
++ * to the output buffer
++ * \param[in] *output the buffer to add the data to
++ * \param[in] algorithm to find the string representation of
++ * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
++ */
++ldns_status
++ldns_algorithm2buffer_str(ldns_buffer *output,
++ ldns_algorithm algorithm);
++
++/**
++ * Converts an ldns certificate algorithm type to its mnemonic,
++ * and adds that to the output buffer
++ * \param[in] *output the buffer to add the data to
++ * \param[in] cert_algorithm to find the string representation of
++ * \return LDNS_STATUS_OK on success, or a buffer failure mode on error
++ */
++ldns_status
++ldns_cert_algorithm2buffer_str(ldns_buffer *output,
++ ldns_cert_algorithm cert_algorithm);
++
++
++/**
++ * Converts a packet opcode to its mnemonic and returns that as
++ * an allocated null-terminated string.
++ * Remember to free it.
++ *
++ * \param[in] opcode the opcode to convert to text
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_pkt_opcode2str(ldns_pkt_opcode opcode);
++
++/**
++ * Converts a packet rcode to its mnemonic and returns that as
++ * an allocated null-terminated string.
++ * Remember to free it.
++ *
++ * \param[in] rcode the rcode to convert to text
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_pkt_rcode2str(ldns_pkt_rcode rcode);
++
++/**
++ * Converts a signing algorithms to its mnemonic and returns that as
++ * an allocated null-terminated string.
++ * Remember to free it.
++ *
++ * \param[in] algorithm the algorithm to convert to text
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_pkt_algorithm2str(ldns_algorithm algorithm);
++
++/**
++ * Converts a cert algorithm to its mnemonic and returns that as
++ * an allocated null-terminated string.
++ * Remember to free it.
++ *
++ * \param[in] cert_algorithm to convert to text
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm);
++
++/**
++ * Converts an LDNS_RDF_TYPE_A rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_AAAA rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_STR rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_B64 rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_B32_EXT rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_b32_ext(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_HEX rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_TYPE rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_CLASS rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_ALG rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an ldns_rr_type value to its string representation,
++ * and places it in the given buffer
++ * \param[in] *output The buffer to add the data to
++ * \param[in] type the ldns_rr_type to convert
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rr_type2buffer_str(ldns_buffer *output,
++ const ldns_rr_type type);
++
++/**
++ * Converts an ldns_rr_type value to its string representation,
++ * and returns that string. For unknown types, the string
++ * "TYPE<id>" is returned. This function allocates data that must be
++ * freed by the caller
++ * \param[in] type the ldns_rr_type to convert
++ * \return a newly allocated string
++ */
++char *ldns_rr_type2str(const ldns_rr_type type);
++
++/**
++ * Converts an ldns_rr_class value to its string representation,
++ * and places it in the given buffer
++ * \param[in] *output The buffer to add the data to
++ * \param[in] klass the ldns_rr_class to convert
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rr_class2buffer_str(ldns_buffer *output,
++ const ldns_rr_class klass);
++
++/**
++ * Converts an ldns_rr_class value to its string representation,
++ * and returns that string. For unknown types, the string
++ * "CLASS<id>" is returned. This function allocates data that must be
++ * freed by the caller
++ * \param[in] klass the ldns_rr_class to convert
++ * \return a newly allocated string
++ */
++char *ldns_rr_class2str(const ldns_rr_class klass);
++
++
++/**
++ * Converts an LDNS_RDF_TYPE_CERT rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_LOC rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_UNKNOWN rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_NSAP rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_ATMA rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_atma(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_WKS rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_NSEC rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_PERIOD rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_TSIGTIME rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_tsigtime(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_APL rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_INT16_DATA rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_IPSECKEY rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts the data in the rdata field to presentation
++ * format (as char *) and appends it to the given buffer
++ *
++ * \param[in] output pointer to the buffer to append the data to
++ * \param[in] rdf the pointer to the rdafa field containing the data
++ * \return status
++ */
++ldns_status ldns_rdf2buffer_str(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts the data in the resource record to presentation
++ * format (as char *) and appends it to the given buffer.
++ * The presentation format of DNSKEY record is annotated with comments giving
++ * the id, type and size of the key.
++ *
++ * \param[in] output pointer to the buffer to append the data to
++ * \param[in] rr the pointer to the rr field to convert
++ * \return status
++ */
++ldns_status ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr);
++
++/**
++ * Converts the data in the resource record to presentation
++ * format (as char *) and appends it to the given buffer.
++ * The presentation format is annotated with comments giving
++ * additional information on the record.
++ *
++ * \param[in] output pointer to the buffer to append the data to
++ * \param[in] fmt how to format the textual representation of the
++ * resource record.
++ * \param[in] rr the pointer to the rr field to convert
++ * \return status
++ */
++ldns_status ldns_rr2buffer_str_fmt(ldns_buffer *output,
++ const ldns_output_format *fmt, const ldns_rr *rr);
++
++/**
++ * Converts the data in the DNS packet to presentation
++ * format (as char *) and appends it to the given buffer
++ *
++ * \param[in] output pointer to the buffer to append the data to
++ * \param[in] pkt the pointer to the packet to convert
++ * \return status
++ */
++ldns_status ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt);
++
++/**
++ * Converts the data in the DNS packet to presentation
++ * format (as char *) and appends it to the given buffer
++ *
++ * \param[in] output pointer to the buffer to append the data to
++ * \param[in] fmt how to format the textual representation of the packet
++ * \param[in] pkt the pointer to the packet to convert
++ * \return status
++ */
++ldns_status ldns_pkt2buffer_str_fmt(ldns_buffer *output,
++ const ldns_output_format *fmt, const ldns_pkt *pkt);
++
++/**
++ * Converts an LDNS_RDF_TYPE_NSEC3_SALT rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf);
++
++
++/**
++ * Converts the data in the DNS packet to presentation
++ * format (as char *) and appends it to the given buffer
++ *
++ * \param[in] output pointer to the buffer to append the data to
++ * \param[in] k the pointer to the private key to convert
++ * \return status
++ */
++ldns_status ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k);
++
++/**
++ * Converts an LDNS_RDF_TYPE_INT8 rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_int8(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_INT16 rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_INT32 rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_TIME rdata element to string format and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_ILNP64 rdata element to 4 hexadecimal numbers
++ * separated by colons and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_ilnp64(ldns_buffer *output,
++ const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_EUI48 rdata element to 6 hexadecimal numbers
++ * separated by dashes and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_eui48(ldns_buffer *output,
++ const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_EUI64 rdata element to 8 hexadecimal numbers
++ * separated by dashes and adds it to the output buffer
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_eui64(ldns_buffer *output,
++ const ldns_rdf *rdf);
++
++/**
++ * Adds the LDNS_RDF_TYPE_TAG rdata to the output buffer,
++ * provided it contains only alphanumeric characters.
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_tag(ldns_buffer *output,
++ const ldns_rdf *rdf);
++
++/**
++ * Adds the LDNS_RDF_TYPE_LONG_STR rdata to the output buffer, in-between
++ * double quotes and all non printable characters properly escaped.
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_long_str(ldns_buffer *output,
++ const ldns_rdf *rdf);
++
++/**
++ * Converts an LDNS_RDF_TYPE_HIP rdata element to presentation format for
++ * the algorithm, HIT and Public Key and adds it the output buffer .
++ * \param[in] *rdf The rdata to convert
++ * \param[in] *output The buffer to add the data to
++ * \return LDNS_STATUS_OK on success, and error status on failure
++ */
++ldns_status ldns_rdf2buffer_str_hip(ldns_buffer *output,
++ const ldns_rdf *rdf);
++
++/**
++ * Converts the data in the rdata field to presentation format and
++ * returns that as a char *.
++ * Remember to free it.
++ *
++ * \param[in] rdf The rdata field to convert
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_rdf2str(const ldns_rdf *rdf);
++
++/**
++ * Converts the data in the resource record to presentation format and
++ * returns that as a char *.
++ * Remember to free it.
++ *
++ * \param[in] rr The rdata field to convert
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_rr2str(const ldns_rr *rr);
++
++/**
++ * Converts the data in the resource record to presentation format and
++ * returns that as a char *.
++ * Remember to free it.
++ *
++ * \param[in] fmt how to format the resource record
++ * \param[in] rr The rdata field to convert
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_rr2str_fmt(const ldns_output_format *fmt, const ldns_rr *rr);
++
++/**
++ * Converts the data in the DNS packet to presentation format and
++ * returns that as a char *.
++ * Remember to free it.
++ *
++ * \param[in] pkt The rdata field to convert
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_pkt2str(const ldns_pkt *pkt);
++
++/**
++ * Converts the data in the DNS packet to presentation format and
++ * returns that as a char *.
++ * Remember to free it.
++ *
++ * \param[in] fmt how to format the packet
++ * \param[in] pkt The rdata field to convert
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_pkt2str_fmt(const ldns_output_format *fmt, const ldns_pkt *pkt);
++
++/**
++ * Converts a private key to the test presentation fmt and
++ * returns that as a char *.
++ * Remember to free it.
++ *
++ * \param[in] k the key to convert to text
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_key2str(const ldns_key *k);
++
++/**
++ * Converts a list of resource records to presentation format
++ * and returns that as a char *.
++ * Remember to free it.
++ *
++ * \param[in] rr_list the rr_list to convert to text
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_rr_list2str(const ldns_rr_list *rr_list);
++
++/**
++ * Converts a list of resource records to presentation format
++ * and returns that as a char *.
++ * Remember to free it.
++ *
++ * \param[in] fmt how to format the list of resource records
++ * \param[in] rr_list the rr_list to convert to text
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_rr_list2str_fmt(
++ const ldns_output_format *fmt, const ldns_rr_list *rr_list);
++
++/**
++ * Returns a copy of the data in the buffer as a null terminated
++ * char * string. The returned string must be freed by the caller.
++ * The buffer must be in write modus and may thus not have been flipped.
++ *
++ * \param[in] buffer buffer containing char * data
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_buffer2str(ldns_buffer *buffer);
++
++/**
++ * Exports and returns the data in the buffer as a null terminated
++ * char * string. The returned string must be freed by the caller.
++ * The buffer must be in write modus and may thus not have been flipped.
++ * The buffer is fixed after this function returns.
++ *
++ * \param[in] buffer buffer containing char * data
++ * \return null terminated char * data, or NULL on error
++ */
++char *ldns_buffer_export2str(ldns_buffer *buffer);
++
++/**
++ * Prints the data in the rdata field to the given file stream
++ * (in presentation format)
++ *
++ * \param[in] output the file stream to print to
++ * \param[in] rdf the rdata field to print
++ * \return void
++ */
++void ldns_rdf_print(FILE *output, const ldns_rdf *rdf);
++
++/**
++ * Prints the data in the resource record to the given file stream
++ * (in presentation format)
++ *
++ * \param[in] output the file stream to print to
++ * \param[in] rr the resource record to print
++ * \return void
++ */
++void ldns_rr_print(FILE *output, const ldns_rr *rr);
++
++/**
++ * Prints the data in the resource record to the given file stream
++ * (in presentation format)
++ *
++ * \param[in] output the file stream to print to
++ * \param[in] fmt format of the textual representation
++ * \param[in] rr the resource record to print
++ * \return void
++ */
++void ldns_rr_print_fmt(FILE *output,
++ const ldns_output_format *fmt, const ldns_rr *rr);
++
++/**
++ * Prints the data in the DNS packet to the given file stream
++ * (in presentation format)
++ *
++ * \param[in] output the file stream to print to
++ * \param[in] pkt the packet to print
++ * \return void
++ */
++void ldns_pkt_print(FILE *output, const ldns_pkt *pkt);
++
++/**
++ * Prints the data in the DNS packet to the given file stream
++ * (in presentation format)
++ *
++ * \param[in] output the file stream to print to
++ * \param[in] fmt format of the textual representation
++ * \param[in] pkt the packet to print
++ * \return void
++ */
++void ldns_pkt_print_fmt(FILE *output,
++ const ldns_output_format *fmt, const ldns_pkt *pkt);
++
++/**
++ * Converts a rr_list to presentation format and appends it to
++ * the output buffer
++ * \param[in] output the buffer to append output to
++ * \param[in] list the ldns_rr_list to print
++ * \return ldns_status
++ */
++ldns_status ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list);
++
++/**
++ * Converts a rr_list to presentation format and appends it to
++ * the output buffer
++ * \param[in] output the buffer to append output to
++ * \param[in] fmt format of the textual representation
++ * \param[in] list the ldns_rr_list to print
++ * \return ldns_status
++ */
++ldns_status ldns_rr_list2buffer_str_fmt(ldns_buffer *output,
++ const ldns_output_format *fmt, const ldns_rr_list *list);
++
++/**
++ * Converts the header of a packet to presentation format and appends it to
++ * the output buffer
++ * \param[in] output the buffer to append output to
++ * \param[in] pkt the packet to convert the header of
++ * \return ldns_status
++ */
++ldns_status ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt);
++
++/**
++ * print a rr_list to output
++ * \param[in] output the fd to print to
++ * \param[in] list the rr_list to print
++ */
++void ldns_rr_list_print(FILE *output, const ldns_rr_list *list);
++
++/**
++ * print a rr_list to output
++ * \param[in] output the fd to print to
++ * \param[in] fmt format of the textual representation
++ * \param[in] list the rr_list to print
++ */
++void ldns_rr_list_print_fmt(FILE *output,
++ const ldns_output_format *fmt, const ldns_rr_list *list);
++
++/**
++ * Print a resolver (in sofar that is possible) state
++ * to output.
++ * \param[in] output the fd to print to
++ * \param[in] r the resolver to print
++ */
++void ldns_resolver_print(FILE *output, const ldns_resolver *r);
++
++/**
++ * Print a resolver (in sofar that is possible) state
++ * to output.
++ * \param[in] output the fd to print to
++ * \param[in] fmt format of the textual representation
++ * \param[in] r the resolver to print
++ */
++void ldns_resolver_print_fmt(FILE *output,
++ const ldns_output_format *fmt, const ldns_resolver *r);
++
++/**
++ * Print a zone structure * to output. Note the SOA record
++ * is included in this output
++ * \param[in] output the fd to print to
++ * \param[in] z the zone to print
++ */
++void ldns_zone_print(FILE *output, const ldns_zone *z);
++
++/**
++ * Print a zone structure * to output. Note the SOA record
++ * is included in this output
++ * \param[in] output the fd to print to
++ * \param[in] fmt format of the textual representation
++ * \param[in] z the zone to print
++ */
++void ldns_zone_print_fmt(FILE *output,
++ const ldns_output_format *fmt, const ldns_zone *z);
++
++/**
++ * Print the ldns_rdf containing a dname to the buffer
++ * \param[in] output the buffer to print to
++ * \param[in] dname the dname to print
++ * \return ldns_status message if the printing succeeded
++ */
++ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_HOST2STR_H */
+diff --git a/ldns/include/ldns/host2wire.h b/ldns/include/ldns/host2wire.h
+new file mode 100644
+index 0000000..94693cd
+--- /dev/null
++++ b/ldns/include/ldns/host2wire.h
+@@ -0,0 +1,197 @@
++/*
++ * host2wire.h - 2wire conversion routines
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++/**
++ * \file
++ *
++ * Contains all functions to translate the main structures to wire format
++ */
++
++#ifndef LDNS_HOST2WIRE_H
++#define LDNS_HOST2WIRE_H
++
++#include <ldns/common.h>
++#include <ldns/error.h>
++#include <ldns/rr.h>
++#include <ldns/rdata.h>
++#include <ldns/packet.h>
++#include <ldns/buffer.h>
++#include <ctype.h>
++
++#include "ldns/util.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * Copies the dname data to the buffer in wire format
++ * \param[out] *buffer buffer to append the result to
++ * \param[in] *name rdata dname to convert
++ * \return ldns_status
++ */
++ldns_status ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name);
++
++/**
++ * Copies the dname data to the buffer in wire format
++ * \param[out] *buffer buffer to append the result to
++ * \param[in] *name rdata dname to convert
++ * \param[out] *compression_data data structure holding state for compression
++ * \return ldns_status
++ */
++ldns_status ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_rbtree_t *compression_data);
++
++/**
++ * Copies the rdata data to the buffer in wire format
++ * \param[out] *output buffer to append the result to
++ * \param[in] *rdf rdata to convert
++ * \return ldns_status
++ */
++ldns_status ldns_rdf2buffer_wire(ldns_buffer *output, const ldns_rdf *rdf);
++
++/**
++ * Copies the rdata data to the buffer in wire format
++ * \param[out] *output buffer to append the result to
++ * \param[in] *rdf rdata to convert
++ * \param[out] *compression_data data structure holding state for compression
++ * \return ldns_status
++ */
++ldns_status ldns_rdf2buffer_wire_compress(ldns_buffer *output, const ldns_rdf *rdf, ldns_rbtree_t *compression_data);
++
++/**
++ * Copies the rdata data to the buffer in wire format
++ * If the rdata is a dname, the letters will be lowercased
++ * during the conversion
++ * \param[out] *output buffer to append the result to
++ * \param[in] *rdf rdata to convert
++ * \return ldns_status
++ */
++ldns_status ldns_rdf2buffer_wire_canonical(ldns_buffer *output,
++ const ldns_rdf *rdf);
++
++/**
++ * Copies the rr data to the buffer in wire format
++ * \param[out] *output buffer to append the result to
++ * \param[in] *rr resource record to convert
++ * \param[in] section the section in the packet this rr is supposed to be in
++ * (to determine whether to add rdata or not)
++ * \return ldns_status
++ */
++ldns_status ldns_rr2buffer_wire(ldns_buffer *output,
++ const ldns_rr *rr,
++ int section);
++
++/**
++ * Copies the rr data to the buffer in wire format while doing DNAME compression
++ * \param[out] *output buffer to append the result to
++ * \param[in] *rr resource record to convert
++ * \param[in] section the section in the packet this rr is supposed to be in
++ * (to determine whether to add rdata or not)
++ * \param[out] *compression_data data structure holding state information for compression
++ * \return ldns_status
++ */
++ldns_status ldns_rr2buffer_wire_compress(ldns_buffer *output,
++ const ldns_rr *rr,
++ int section,
++ ldns_rbtree_t *compression_data);
++
++/**
++ * Copies the rr data to the buffer in wire format, in canonical format
++ * according to RFC3597 (every dname in rdata fields of RR's mentioned in
++ * that RFC will be lowercased)
++ * \param[out] *output buffer to append the result to
++ * \param[in] *rr resource record to convert
++ * \param[in] section the section in the packet this rr is supposed to be in
++ * (to determine whether to add rdata or not)
++ * \return ldns_status
++ */
++ldns_status ldns_rr2buffer_wire_canonical(ldns_buffer *output,
++ const ldns_rr *rr,
++ int section);
++
++
++/**
++ * Converts a rrsig to wireformat BUT EXCLUDE the rrsig rdata
++ * This is needed in DNSSEC verification
++ * \param[out] output buffer to append the result to
++ * \param[in] sigrr signature rr to operate on
++ * \return ldns_status
++ */
++ldns_status ldns_rrsig2buffer_wire(ldns_buffer *output, const ldns_rr *sigrr);
++
++/**
++ * Converts an rr's rdata to wireformat, while excluding
++ * the ownername and all the stuff before the rdata.
++ * This is needed in DNSSEC keytag calculation, the ds
++ * calcalution from the key and maybe elsewhere.
++ *
++ * \param[out] *output buffer where to put the result
++ * \param[in] *rr rr to operate on
++ * \return ldns_status
++ */
++ldns_status ldns_rr_rdata2buffer_wire(ldns_buffer *output, const ldns_rr *rr);
++
++/**
++ * Copies the packet data to the buffer in wire format
++ * \param[out] *output buffer to append the result to
++ * \param[in] *pkt packet to convert
++ * \return ldns_status
++ */
++ldns_status ldns_pkt2buffer_wire(ldns_buffer *output, const ldns_pkt *pkt);
++
++/**
++ * Copies the rr_list data to the buffer in wire format
++ * \param[out] *output buffer to append the result to
++ * \param[in] *rrlist rr_list to to convert
++ * \return ldns_status
++ */
++ldns_status ldns_rr_list2buffer_wire(ldns_buffer *output, const ldns_rr_list *rrlist);
++
++/**
++ * Allocates an array of uint8_t at dest, and puts the wireformat of the
++ * given rdf in that array. The result_size value contains the
++ * length of the array, if it succeeds, and 0 otherwise (in which case
++ * the function also returns NULL)
++ *
++ * \param[out] dest pointer to the array of bytes to be created
++ * \param[in] rdf the rdata field to convert
++ * \param[out] size the size of the converted result
++ */
++ldns_status ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *size);
++
++/**
++ * Allocates an array of uint8_t at dest, and puts the wireformat of the
++ * given rr in that array. The result_size value contains the
++ * length of the array, if it succeeds, and 0 otherwise (in which case
++ * the function also returns NULL)
++ *
++ * If the section argument is LDNS_SECTION_QUESTION, data like ttl and rdata
++ * are not put into the result
++ *
++ * \param[out] dest pointer to the array of bytes to be created
++ * \param[in] rr the rr to convert
++ * \param[in] section the rr section, determines how the rr is written.
++ * \param[out] size the size of the converted result
++ */
++ldns_status ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *size);
++
++/**
++ * Allocates an array of uint8_t at dest, and puts the wireformat of the
++ * given packet in that array. The result_size value contains the
++ * length of the array, if it succeeds, and 0 otherwise (in which case
++ * the function also returns NULL)
++ */
++ldns_status ldns_pkt2wire(uint8_t **dest, const ldns_pkt *p, size_t *size);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_HOST2WIRE_H */
+diff --git a/ldns/include/ldns/keys.h b/ldns/include/ldns/keys.h
+new file mode 100644
+index 0000000..d3b4873
+--- /dev/null
++++ b/ldns/include/ldns/keys.h
+@@ -0,0 +1,621 @@
++/*
++ *
++ * keys.h
++ *
++ * priv key definitions
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++/**
++ * \file
++ *
++ * Addendum to \ref dnssec.h, this module contains key and algorithm definitions and functions.
++ */
++
++
++#ifndef LDNS_KEYS_H
++#define LDNS_KEYS_H
++
++#include <ldns/common.h>
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++#include <openssl/ssl.h>
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++#include <ldns/util.h>
++#include <errno.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++extern ldns_lookup_table ldns_signing_algorithms[];
++
++#define LDNS_KEY_ZONE_KEY 0x0100 /* rfc 4034 */
++#define LDNS_KEY_SEP_KEY 0x0001 /* rfc 4034 */
++#define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */
++
++/**
++ * Algorithms used in dns
++ */
++enum ldns_enum_algorithm
++{
++ LDNS_RSAMD5 = 1, /* RFC 4034,4035 */
++ LDNS_DH = 2,
++ LDNS_DSA = 3,
++ LDNS_ECC = 4,
++ LDNS_RSASHA1 = 5,
++ LDNS_DSA_NSEC3 = 6,
++ LDNS_RSASHA1_NSEC3 = 7,
++ LDNS_RSASHA256 = 8, /* RFC 5702 */
++ LDNS_RSASHA512 = 10, /* RFC 5702 */
++ LDNS_ECC_GOST = 12, /* RFC 5933 */
++ LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */
++ LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */
++ LDNS_INDIRECT = 252,
++ LDNS_PRIVATEDNS = 253,
++ LDNS_PRIVATEOID = 254
++};
++typedef enum ldns_enum_algorithm ldns_algorithm;
++
++/**
++ * Hashing algorithms used in the DS record
++ */
++enum ldns_enum_hash
++{
++ LDNS_SHA1 = 1, /* RFC 4034 */
++ LDNS_SHA256 = 2, /* RFC 4509 */
++ LDNS_HASH_GOST = 3, /* RFC 5933 */
++ LDNS_SHA384 = 4 /* RFC 6605 */
++};
++typedef enum ldns_enum_hash ldns_hash;
++
++/**
++ * Algorithms used in dns for signing
++ */
++enum ldns_enum_signing_algorithm
++{
++ LDNS_SIGN_RSAMD5 = LDNS_RSAMD5,
++ LDNS_SIGN_RSASHA1 = LDNS_RSASHA1,
++ LDNS_SIGN_DSA = LDNS_DSA,
++ LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3,
++ LDNS_SIGN_RSASHA256 = LDNS_RSASHA256,
++ LDNS_SIGN_RSASHA512 = LDNS_RSASHA512,
++ LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3,
++ LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST,
++ LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
++ LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
++ LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */
++ LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */
++ LDNS_SIGN_HMACSHA256 = 159 /* ditto */
++};
++typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm;
++
++/**
++ * General key structure, can contain all types of keys that
++ * are used in DNSSEC. Mostly used to store private keys, since
++ * public keys can also be stored in a \ref ldns_rr with type
++ * \ref LDNS_RR_TYPE_DNSKEY.
++ *
++ * This structure can also store some variables that influence the
++ * signatures generated by signing with this key, for instance the
++ * inception date.
++ */
++struct ldns_struct_key {
++ ldns_signing_algorithm _alg;
++ /** Whether to use this key when signing */
++ bool _use;
++ /** Storage pointers for the types of keys supported */
++ /* TODO remove unions? */
++ struct {
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++#ifndef S_SPLINT_S
++ /* The key can be an OpenSSL EVP Key
++ */
++ EVP_PKEY *key;
++#endif
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++ /**
++ * The key can be an HMAC key
++ */
++ struct {
++ unsigned char *key;
++ size_t size;
++ } hmac;
++ /** the key structure can also just point to some external
++ * key data
++ */
++ void *external_key;
++ } _key;
++ /** Depending on the key we can have extra data */
++ union {
++ /** Some values that influence generated signatures */
++ struct {
++ /** The TTL of the rrset that is currently signed */
++ uint32_t orig_ttl;
++ /** The inception date of signatures made with this key. */
++ uint32_t inception;
++ /** The expiration date of signatures made with this key. */
++ uint32_t expiration;
++ /** The keytag of this key. */
++ uint16_t keytag;
++ /** The dnssec key flags as specified in RFC4035, like ZSK and KSK */
++ uint16_t flags;
++ } dnssec;
++ } _extra;
++ /** Owner name of the key */
++ ldns_rdf *_pubkey_owner;
++};
++typedef struct ldns_struct_key ldns_key;
++
++/**
++ * Same as rr_list, but now for keys
++ */
++struct ldns_struct_key_list
++{
++ size_t _key_count;
++ ldns_key **_keys;
++};
++typedef struct ldns_struct_key_list ldns_key_list;
++
++
++/**
++ * Creates a new empty key list
++ * \return a new ldns_key_list structure pointer
++ */
++ldns_key_list *ldns_key_list_new(void);
++
++/**
++ * Creates a new empty key structure
++ * \return a new ldns_key * structure
++ */
++ldns_key *ldns_key_new(void);
++
++/**
++ * Creates a new key based on the algorithm
++ *
++ * \param[in] a The algorithm to use
++ * \param[in] size the number of bytes for the keysize
++ * \return a new ldns_key structure with the key
++ */
++ldns_key *ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size);
++
++/**
++ * Creates a new priv key based on the
++ * contents of the file pointed by fp.
++ *
++ * The file should be in Private-key-format v1.x.
++ *
++ * \param[out] k the new ldns_key structure
++ * \param[in] fp the file pointer to use
++ * \return an error or LDNS_STATUS_OK
++ */
++ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp);
++
++/**
++ * Creates a new private key based on the
++ * contents of the file pointed by fp
++ *
++ * The file should be in Private-key-format v1.x.
++ *
++ * \param[out] k the new ldns_key structure
++ * \param[in] fp the file pointer to use
++ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
++ * \return an error or LDNS_STATUS_OK
++ */
++ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr);
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * Read the key with the given id from the given engine and store it
++ * in the given ldns_key structure. The algorithm type is set
++ */
++ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm);
++
++
++/**
++ * frm_fp helper function. This function parses the
++ * remainder of the (RSA) priv. key file generated from bind9
++ * \param[in] fp the file to parse
++ * \return NULL on failure otherwise a RSA structure
++ */
++RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * frm_fp helper function. This function parses the
++ * remainder of the (RSA) priv. key file generated from bind9
++ * \param[in] fp the file to parse
++ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
++ * \return NULL on failure otherwise a RSA structure
++ */
++RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * frm_fp helper function. This function parses the
++ * remainder of the (DSA) priv. key file
++ * \param[in] fp the file to parse
++ * \return NULL on failure otherwise a RSA structure
++ */
++DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * frm_fp helper function. This function parses the
++ * remainder of the (DSA) priv. key file
++ * \param[in] fp the file to parse
++ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
++ * \return NULL on failure otherwise a RSA structure
++ */
++DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * frm_fp helper function. This function parses the
++ * remainder of the (HMAC-MD5) key file
++ * This function allocated a buffer that needs to be freed
++ * \param[in] fp the file to parse
++ * \param[out] hmac_size the number of bits in the resulting buffer
++ * \return NULL on failure otherwise a newly allocated char buffer
++ */
++unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size);
++#endif
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * frm_fp helper function. This function parses the
++ * remainder of the (HMAC-MD5) key file
++ * This function allocated a buffer that needs to be freed
++ * \param[in] fp the file to parse
++ * \param[in] line_nr pointer to an integer containing the current line number (for error reporting purposes)
++ * \param[out] hmac_size the number of bits in the resulting buffer
++ * \return NULL on failure otherwise a newly allocated char buffer
++ */
++unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++/* acces write functions */
++/**
++ * Set the key's algorithm
++ * \param[in] k the key
++ * \param[in] l the algorithm
++ */
++void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l);
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * Set the key's evp key
++ * \param[in] k the key
++ * \param[in] e the evp key
++ */
++void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e);
++
++/**
++ * Set the key's rsa data.
++ * The rsa data should be freed by the user.
++ * \param[in] k the key
++ * \param[in] r the rsa data
++ */
++void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
++
++/**
++ * Set the key's dsa data
++ * The dsa data should be freed by the user.
++ * \param[in] k the key
++ * \param[in] d the dsa data
++ */
++void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
++
++/**
++ * Assign the key's rsa data
++ * The rsa data will be freed automatically when the key is freed.
++ * \param[in] k the key
++ * \param[in] r the rsa data
++ */
++void ldns_key_assign_rsa_key(ldns_key *k, RSA *r);
++
++/**
++ * Assign the key's dsa data
++ * The dsa data will be freed automatically when the key is freed.
++ * \param[in] k the key
++ * \param[in] d the dsa data
++ */
++void ldns_key_assign_dsa_key(ldns_key *k, DSA *d);
++
++/**
++ * Get the PKEY id for GOST, loads GOST into openssl as a side effect.
++ * Only available if GOST is compiled into the library and openssl.
++ * \return the gost id for EVP_CTX creation.
++ */
++int ldns_key_EVP_load_gost_id(void);
++
++/** Release the engine reference held for the GOST engine. */
++void ldns_key_EVP_unload_gost(void);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++/**
++ * Set the key's hmac data
++ * \param[in] k the key
++ * \param[in] hmac the raw key data
++ */
++void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac);
++
++/**
++ * Set the key id data. This is used if the key points to
++ * some externally stored key data
++ *
++ * Only the pointer is set, the data there is not copied,
++ * and must be freed manually; ldns_key_deep_free() does
++ * *not* free this data
++ * \param[in] key the key
++ * \param[in] external_key key id data
++ */
++void ldns_key_set_external_key(ldns_key *key, void *external_key);
++
++/**
++ * Set the key's hmac size
++ * \param[in] k the key
++ * \param[in] hmac_size the size of the hmac data
++ */
++void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size);
++/**
++ * Set the key's original ttl
++ * \param[in] k the key
++ * \param[in] t the ttl
++ */
++void ldns_key_set_origttl(ldns_key *k, uint32_t t);
++/**
++ * Set the key's inception date (seconds after epoch)
++ * \param[in] k the key
++ * \param[in] i the inception
++ */
++void ldns_key_set_inception(ldns_key *k, uint32_t i);
++/**
++ * Set the key's expiration date (seconds after epoch)
++ * \param[in] k the key
++ * \param[in] e the expiration
++ */
++void ldns_key_set_expiration(ldns_key *k, uint32_t e);
++/**
++ * Set the key's pubkey owner
++ * \param[in] k the key
++ * \param[in] r the owner
++ */
++void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r);
++/**
++ * Set the key's key tag
++ * \param[in] k the key
++ * \param[in] tag the keytag
++ */
++void ldns_key_set_keytag(ldns_key *k, uint16_t tag);
++/**
++ * Set the key's flags
++ * \param[in] k the key
++ * \param[in] flags the flags
++ */
++void ldns_key_set_flags(ldns_key *k, uint16_t flags);
++/**
++ * Set the keylist's key count to count
++ * \param[in] key the key
++ * \param[in] count the cuont
++ */
++void ldns_key_list_set_key_count(ldns_key_list *key, size_t count);
++
++/**
++ * pushes a key to a keylist
++ * \param[in] key_list the key_list to push to
++ * \param[in] key the key to push
++ * \return false on error, otherwise true
++ */
++bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key);
++
++/**
++ * returns the number of keys in the key list
++ * \param[in] key_list the key_list
++ * \return the numbers of keys in the list
++ */
++size_t ldns_key_list_key_count(const ldns_key_list *key_list);
++
++/**
++ * returns a pointer to the key in the list at the given position
++ * \param[in] key the key
++ * \param[in] nr the position in the list
++ * \return the key
++ */
++ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr);
++
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++/**
++ * returns the (openssl) RSA struct contained in the key
++ * \param[in] k the key to look in
++ * \return the RSA * structure in the key
++ */
++RSA *ldns_key_rsa_key(const ldns_key *k);
++/**
++ * returns the (openssl) EVP struct contained in the key
++ * \param[in] k the key to look in
++ * \return the RSA * structure in the key
++ */
++EVP_PKEY *ldns_key_evp_key(const ldns_key *k);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++/**
++ * returns the (openssl) DSA struct contained in the key
++ */
++#if LDNS_BUILD_CONFIG_HAVE_SSL
++DSA *ldns_key_dsa_key(const ldns_key *k);
++#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
++
++/**
++ * return the signing alg of the key
++ * \param[in] k the key
++ * \return the algorithm
++ */
++ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k);
++/**
++ * set the use flag
++ * \param[in] k the key
++ * \param[in] v the boolean value to set the _use field to
++ */
++void ldns_key_set_use(ldns_key *k, bool v);
++/**
++ * return the use flag
++ * \param[in] k the key
++ * \return the boolean value of the _use field
++ */
++bool ldns_key_use(const ldns_key *k);
++/**
++ * return the hmac key data
++ * \param[in] k the key
++ * \return the hmac key data
++ */
++unsigned char *ldns_key_hmac_key(const ldns_key *k);
++/**
++ * return the key id key data
++ * \param[in] k the key
++ * \return the key id data
++ */
++void *ldns_key_external_key(const ldns_key *k);
++/**
++ * return the hmac key size
++ * \param[in] k the key
++ * \return the hmac key size
++ */
++size_t ldns_key_hmac_size(const ldns_key *k);
++/**
++ * return the original ttl of the key
++ * \param[in] k the key
++ * \return the original ttl
++ */
++uint32_t ldns_key_origttl(const ldns_key *k);
++/**
++ * return the key's inception date
++ * \param[in] k the key
++ * \return the inception date
++ */
++uint32_t ldns_key_inception(const ldns_key *k);
++/**
++ * return the key's expiration date
++ * \param[in] k the key
++ * \return the experiration date
++ */
++uint32_t ldns_key_expiration(const ldns_key *k);
++/**
++ * return the keytag
++ * \param[in] k the key
++ * \return the keytag
++ */
++uint16_t ldns_key_keytag(const ldns_key *k);
++/**
++ * return the public key's owner
++ * \param[in] k the key
++ * \return the owner
++ */
++ldns_rdf *ldns_key_pubkey_owner(const ldns_key *k);
++/**
++ * Set the 'use' flag for all keys in the list
++ * \param[in] keys The key_list
++ * \param[in] v The value to set the use flags to
++ */
++void
++ldns_key_list_set_use(ldns_key_list *keys, bool v);
++
++/**
++ * return the flag of the key
++ * \param[in] k the key
++ * \return the flag
++ */
++uint16_t ldns_key_flags(const ldns_key *k);
++
++/**
++ * pops the last rr from a keylist
++ * \param[in] key_list the rr_list to pop from
++ * \return NULL if nothing to pop. Otherwise the popped RR
++ */
++ldns_key *ldns_key_list_pop_key(ldns_key_list *key_list);
++
++/**
++ * converts a ldns_key to a public key rr
++ * If the key data exists at an external point, the corresponding
++ * rdata field must still be added with ldns_rr_rdf_push() to the
++ * result rr of this function
++ *
++ * \param[in] k the ldns_key to convert
++ * \return ldns_rr representation of the key
++ */
++ldns_rr *ldns_key2rr(const ldns_key *k);
++
++/**
++ * print a private key to the file ouput
++ *
++ * \param[in] output the FILE descriptor where to print to
++ * \param[in] k the ldns_key to print
++ */
++void ldns_key_print(FILE *output, const ldns_key *k);
++
++/**
++ * frees a key structure, but not its internal data structures
++ *
++ * \param[in] key the key object to free
++ */
++void ldns_key_free(ldns_key *key);
++
++/**
++ * frees a key structure and all its internal data structures, except
++ * the data set by ldns_key_set_external_key()
++ *
++ * \param[in] key the key object to free
++ */
++void ldns_key_deep_free(ldns_key *key);
++
++/**
++ * Frees a key list structure
++ * \param[in] key_list the key list object to free
++ */
++void ldns_key_list_free(ldns_key_list *key_list);
++
++/**
++ * Instantiates a DNSKEY or DS RR from file.
++ * \param[in] filename the file to read the record from
++ * \return the corresponding RR, or NULL if the parsing failed
++ */
++ldns_rr * ldns_read_anchor_file(const char *filename);
++
++/**
++ * Returns the 'default base name' for key files;
++ * IE. K\<zone\>+\<alg\>+\<keytag\>
++ * (without the .key or .private)
++ * The memory for this is allocated by this function,
++ * and should be freed by the caller
++ *
++ * \param[in] key the key to get the file name from
++ * \returns A string containing the file base name
++ */
++char *ldns_key_get_file_base_name(ldns_key *key);
++
++/**
++ * See if a key algorithm is supported
++ * \param[in] algo the signing algorithm number.
++ * \returns true if supported.
++ */
++int ldns_key_algo_supported(int algo);
++
++/**
++ * Get signing algorithm by name. Comparison is case insensitive.
++ * \param[in] name string with the name.
++ * \returns 0 on parse failure or the algorithm number.
++ */
++ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_KEYS_H */
+diff --git a/ldns/include/ldns/ldns.h b/ldns/include/ldns/ldns.h
+new file mode 100644
+index 0000000..60663ef
+--- /dev/null
++++ b/ldns/include/ldns/ldns.h
+@@ -0,0 +1,158 @@
++/*
++ * dns.h -- defines for the Domain Name System
++ *
++ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
++ *
++ * See LICENSE for the license.
++ *
++ * This library was created by:
++ * Jelte Jansen, Erik Rozendaal and Miek Gieben
++ *
++ * A bunch of defines that are used in the DNS.
++ */
++
++
++/**
++\mainpage LDNS Documentation
++
++\section introduction Introduction
++
++The goal of ldns is to simplify DNS programming, it supports recent RFCs
++like the DNSSEC documents, and allow developers to easily create software
++conforming to current RFCs, and experimental software for current Internet
++drafts. A secondary benefit of using ldns is speed, because ldns is written
++in C, and although it is not optimized for performance, it should be a lot
++faster than Perl.
++
++The first main tool to use ldns is Drill, from which part of the library was
++derived. From version 1.0.0 on, drill is included in the ldns release
++and will not be distributed separately anymore. The library also includes some
++other examples and tools to show how it can be used. These can be found in the
++examples/ directory in the tarball.
++
++ldns depends on OpenSSL for it's cryptographic functions.
++Feature list
++
++ - Transparent IPv4 and IPv6 support (overridable if necessary),
++ - TSIG support,
++ - DNSSEC support; signing and verification,
++ - small size,
++ - online documentation as well as manual pages.
++
++If you want to send us patches please use the code from git.
++
++\section using_ldns Using ldns
++
++Almost all interaction between an application and ldns goes through the ldns
++data structures (\ref ldns_rr, \ref ldns_pkt, etc.). These are input or
++output to the functions of ldns. For example, \ref ldns_zone_new_frm_fp
++reads a zone from a \c FILE pointer, and returns an \ref ldns_zone
++structure.
++
++
++Let's use Drill as an example. Drill is a tool much like dig, whose most
++basic function is to send 1 query to a nameserver and print the response.
++
++To be able to do this, drill uses the resolver module of ldns, which acts as
++a stub resolver. The resolver module uses the net module to actually send
++the query that drill requested. It then uses the wire2host module to
++translate the response and place it in ldns' internal structures. These are
++passed back to drill, which then uses the host2str module to print the
++response in presentation format.
++
++\section gettingstarted Getting Started
++
++See the \ref design page for a very high level description of the design
++choices made for ldns.
++
++For an overview of the functions and types ldns provides, you can check out
++the \ref ldns ldns header file descriptions.
++
++If you want to see some libdns action, you can read our tutorials:
++ - \ref tutorial1_mx
++ - \ref tutorial2_zone
++ - \ref tutorial3_signzone
++
++Or you can just use the menu above to browse through the API docs.
++
++<div style="visibility:hidden;">
++\image html LogoInGradientBar2-y100.png
++</div>
++*/
++
++/**
++ * \file ldns.h
++ *
++ * Including this file will include all ldns files, and define some lookup tables.
++ */
++
++#ifndef LDNS_DNS_H
++#define LDNS_DNS_H
++
++#include <stdio.h>
++#include <stdlib.h>
++
++#include <ldns/util.h>
++#include <ldns/buffer.h>
++#include <ldns/common.h>
++#include <ldns/dane.h>
++#include <ldns/dname.h>
++#include <ldns/dnssec.h>
++#include <ldns/dnssec_verify.h>
++#include <ldns/dnssec_sign.h>
++#include <ldns/duration.h>
++#include <ldns/error.h>
++#include <ldns/higher.h>
++#include <ldns/host2str.h>
++#include <ldns/host2wire.h>
++#include <ldns/net.h>
++#include <ldns/packet.h>
++#include <ldns/rdata.h>
++#include <ldns/resolver.h>
++#include <ldns/rr.h>
++#include <ldns/str2host.h>
++#include <ldns/tsig.h>
++#include <ldns/update.h>
++#include <ldns/wire2host.h>
++#include <ldns/rr_functions.h>
++#include <ldns/keys.h>
++#include <ldns/parse.h>
++#include <ldns/zone.h>
++#include <ldns/dnssec_zone.h>
++#include <ldns/radix.h>
++#include <ldns/rbtree.h>
++#include <ldns/sha1.h>
++#include <ldns/sha2.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define LDNS_IP4ADDRLEN (32/8)
++#define LDNS_IP6ADDRLEN (128/8)
++#define LDNS_PORT 53
++#define LDNS_ROOT_LABEL_STR "."
++#define LDNS_DEFAULT_TTL 3600
++
++/* lookup tables for standard DNS stuff */
++
++/** Taken from RFC 2538, section 2.1. */
++extern ldns_lookup_table ldns_certificate_types[];
++/** Taken from RFC 2535, section 7. */
++extern ldns_lookup_table ldns_algorithms[];
++/** Taken from RFC 2538. */
++extern ldns_lookup_table ldns_cert_algorithms[];
++/** rr types */
++extern ldns_lookup_table ldns_rr_classes[];
++/** Response codes */
++extern ldns_lookup_table ldns_rcodes[];
++/** Operation codes */
++extern ldns_lookup_table ldns_opcodes[];
++/** EDNS flags */
++extern ldns_lookup_table ldns_edns_flags[];
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_DNS_H */
+diff --git a/ldns/include/ldns/net.h b/ldns/include/ldns/net.h
+new file mode 100644
+index 0000000..692a9fb
+--- /dev/null
++++ b/ldns/include/ldns/net.h
+@@ -0,0 +1,207 @@
++/*
++ * net.h
++ *
++ * DNS Resolver definitions
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#ifndef LDNS_NET_H
++#define LDNS_NET_H
++
++#include <ldns/ldns.h>
++#include <sys/socket.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define LDNS_DEFAULT_TIMEOUT_SEC 5
++#define LDNS_DEFAULT_TIMEOUT_USEC 0
++
++/**
++ * \file
++ *
++ * Contains functions to send and receive packets over a network.
++ */
++
++/**
++ * Sends a buffer to an ip using udp and return the respons as a ldns_pkt
++ * \param[in] qbin the ldns_buffer to be send
++ * \param[in] to the ip addr to send to
++ * \param[in] tolen length of the ip addr
++ * \param[in] timeout the timeout value for the network
++ * \param[out] answersize size of the packet
++ * \param[out] result packet with the answer
++ * \return status
++ */
++ldns_status ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize);
++
++/**
++ * Send an udp query and don't wait for an answer but return
++ * the socket
++ * \param[in] qbin the ldns_buffer to be send
++ * \param[in] to the ip addr to send to
++ * \param[in] tolen length of the ip addr
++ * \param[in] timeout *unused*, was the timeout value for the network
++ * \return the socket used
++ */
++int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
++
++/**
++ * Send an tcp query and don't wait for an answer but return
++ * the socket
++ * \param[in] qbin the ldns_buffer to be send
++ * \param[in] to the ip addr to send to
++ * \param[in] tolen length of the ip addr
++ * \param[in] timeout the timeout value for the connect attempt
++ * \return the socket used
++ */
++int ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
++
++/**
++ * Sends a buffer to an ip using tcp and return the respons as a ldns_pkt
++ * \param[in] qbin the ldns_buffer to be send
++ * \param[in] qbin the ldns_buffer to be send
++ * \param[in] to the ip addr to send to
++ * \param[in] tolen length of the ip addr
++ * \param[in] timeout the timeout value for the network
++ * \param[out] answersize size of the packet
++ * \param[out] result packet with the answer
++ * \return status
++ */
++ldns_status ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize);
++
++/**
++ * Sends ptk to the nameserver at the resolver object. Returns the data
++ * as a ldns_pkt
++ *
++ * \param[out] pkt packet received from the nameserver
++ * \param[in] r the resolver to use
++ * \param[in] query_pkt the query to send
++ * \return status
++ */
++ldns_status ldns_send(ldns_pkt **pkt, ldns_resolver *r, const ldns_pkt *query_pkt);
++
++/**
++ * Sends and ldns_buffer (presumably containing a packet to the nameserver at the resolver object. Returns the data
++ * as a ldns_pkt
++ *
++ * \param[out] pkt packet received from the nameserver
++ * \param[in] r the resolver to use
++ * \param[in] qb the buffer to send
++ * \param[in] tsig_mac the tsig MAC to authenticate the response with (NULL to do no TSIG authentication)
++ * \return status
++ */
++ldns_status ldns_send_buffer(ldns_pkt **pkt, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac);
++
++/**
++ * Create a tcp socket to the specified address
++ * \param[in] to ip and family
++ * \param[in] tolen length of to
++ * \param[in] timeout timeout for the connect attempt
++ * \return a socket descriptor
++ */
++int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout);
++
++/**
++ * Create a udp socket to the specified address
++ * \param[in] to ip and family
++ * \param[in] timeout *unused*, was timeout for the socket
++ * \return a socket descriptor
++ */
++int ldns_udp_connect(const struct sockaddr_storage *to, struct timeval timeout);
++
++/**
++ * send a query via tcp to a server. Don't want for the answer
++ *
++ * \param[in] qbin the buffer to send
++ * \param[in] sockfd the socket to use
++ * \param[in] to which ip to send it
++ * \param[in] tolen socketlen
++ * \return number of bytes sent
++ */
++ssize_t ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen);
++
++/**
++ * send a query via udp to a server. Don;t want for the answer
++ *
++ * \param[in] qbin the buffer to send
++ * \param[in] sockfd the socket to use
++ * \param[in] to which ip to send it
++ * \param[in] tolen socketlen
++ * \return number of bytes sent
++ */
++ssize_t ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen);
++
++/**
++ * Gives back a raw packet from the wire and reads the header data from the given
++ * socket. Allocates the data (of size size) itself, so don't forget to free
++ *
++ * \param[in] sockfd the socket to read from
++ * \param[out] size the number of bytes that are read
++ * \param[in] timeout the time allowed between packets.
++ * \return the data read
++ */
++uint8_t *ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout);
++
++/**
++ * This routine may block. Use ldns_tcp_read_wire_timeout, it checks timeouts.
++ * Gives back a raw packet from the wire and reads the header data from the given
++ * socket. Allocates the data (of size size) itself, so don't forget to free
++ *
++ * \param[in] sockfd the socket to read from
++ * \param[out] size the number of bytes that are read
++ * \return the data read
++ */
++uint8_t *ldns_tcp_read_wire(int sockfd, size_t *size);
++
++/**
++ * Gives back a raw packet from the wire and reads the header data from the given
++ * socket. Allocates the data (of size size) itself, so don't forget to free
++ *
++ * \param[in] sockfd the socket to read from
++ * \param[in] fr the address of the client (if applicable)
++ * \param[in] *frlen the lenght of the client's addr (if applicable)
++ * \param[out] size the number of bytes that are read
++ * \return the data read
++ */
++uint8_t *ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *fr, socklen_t *frlen);
++
++/**
++ * returns the native sockaddr representation from the rdf.
++ * \param[in] rd the ldns_rdf to operate on
++ * \param[in] port what port to use. 0 means; use default (53)
++ * \param[out] size what is the size of the sockaddr_storage
++ * \return struct sockaddr* the address in the format so other
++ * functions can use it (sendto)
++ */
++struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, uint16_t port, size_t *size);
++
++/**
++ * returns an rdf with the sockaddr info. works for ip4 and ip6
++ * \param[in] sock the struct sockaddr_storage to convert
++ * \param[in] port what port was used. When NULL this is not set
++ * \return ldns_rdf* wth the address
++ */
++ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port);
++
++/**
++ * Prepares the resolver for an axfr query
++ * The query is sent and the answers can be read with ldns_axfr_next
++ * \param[in] resolver the resolver to use
++ * \param[in] domain the domain to exfr
++ * \param[in] c the class to use
++ * \return ldns_status the status of the transfer
++ */
++ldns_status ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class c);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_NET_H */
+diff --git a/ldns/include/ldns/packet.h b/ldns/include/ldns/packet.h
+new file mode 100644
+index 0000000..e66aa34
+--- /dev/null
++++ b/ldns/include/ldns/packet.h
+@@ -0,0 +1,891 @@
++/*
++ * packet.h
++ *
++ * DNS packet definitions
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++/**
++ * \file
++ *
++ * Contains the definition of ldns_pkt and its parts, as well
++ * as functions to manipulate those.
++ */
++
++
++#ifndef LDNS_PACKET_H
++#define LDNS_PACKET_H
++
++#define LDNS_MAX_PACKETLEN 65535
++
++/* allow flags to be given to mk_query */
++#define LDNS_QR 1 /* QueRy - query flag */
++#define LDNS_AA 2 /* Authoritative Answer - server flag */
++#define LDNS_TC 4 /* TrunCated - server flag */
++#define LDNS_RD 8 /* Recursion Desired - query flag */
++#define LDNS_CD 16 /* Checking Disabled - query flag */
++#define LDNS_RA 32 /* Recursion Available - server flag */
++#define LDNS_AD 64 /* Authenticated Data - server flag */
++
++#include <ldns/error.h>
++#include <ldns/common.h>
++#include <ldns/rr.h>
++#include <sys/time.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/* opcodes for pkt's */
++enum ldns_enum_pkt_opcode {
++ LDNS_PACKET_QUERY = 0,
++ LDNS_PACKET_IQUERY = 1,
++ LDNS_PACKET_STATUS = 2, /* there is no 3?? DNS is weird */
++ LDNS_PACKET_NOTIFY = 4,
++ LDNS_PACKET_UPDATE = 5
++};
++typedef enum ldns_enum_pkt_opcode ldns_pkt_opcode;
++
++/* rcodes for pkts */
++enum ldns_enum_pkt_rcode {
++ LDNS_RCODE_NOERROR = 0,
++ LDNS_RCODE_FORMERR = 1,
++ LDNS_RCODE_SERVFAIL = 2,
++ LDNS_RCODE_NXDOMAIN = 3,
++ LDNS_RCODE_NOTIMPL = 4,
++ LDNS_RCODE_REFUSED = 5,
++ LDNS_RCODE_YXDOMAIN = 6,
++ LDNS_RCODE_YXRRSET = 7,
++ LDNS_RCODE_NXRRSET = 8,
++ LDNS_RCODE_NOTAUTH = 9,
++ LDNS_RCODE_NOTZONE = 10
++};
++typedef enum ldns_enum_pkt_rcode ldns_pkt_rcode;
++
++/**
++ * Header of a dns packet
++ *
++ * Contains the information about the packet itself, as specified in RFC1035
++<pre>
++4.1.1. Header section format
++
++The header contains the following fields:
++
++ 1 1 1 1 1 1
++ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ | ID |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ | QDCOUNT |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ | ANCOUNT |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ | NSCOUNT |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ | ARCOUNT |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++
++where:
++
++ID A 16 bit identifier assigned by the program that
++ generates any kind of query. This identifier is copied
++ the corresponding reply and can be used by the requester
++ to match up replies to outstanding queries.
++
++QR A one bit field that specifies whether this message is a
++ query (0), or a response (1).
++
++OPCODE A four bit field that specifies kind of query in this
++ message. This value is set by the originator of a query
++ and copied into the response. The values are:
++
++ 0 a standard query (QUERY)
++
++ 1 an inverse query (IQUERY)
++
++ 2 a server status request (STATUS)
++
++ 3-15 reserved for future use
++
++AA Authoritative Answer - this bit is valid in responses,
++ and specifies that the responding name server is an
++ authority for the domain name in question section.
++
++ Note that the contents of the answer section may have
++ multiple owner names because of aliases. The AA bit
++
++ corresponds to the name which matches the query name, or
++ the first owner name in the answer section.
++
++TC TrunCation - specifies that this message was truncated
++ due to length greater than that permitted on the
++ transmission channel.
++
++RD Recursion Desired - this bit may be set in a query and
++ is copied into the response. If RD is set, it directs
++ the name server to pursue the query recursively.
++ Recursive query support is optional.
++
++RA Recursion Available - this be is set or cleared in a
++ response, and denotes whether recursive query support is
++ available in the name server.
++
++Z Reserved for future use. Must be zero in all queries
++ and responses.
++
++RCODE Response code - this 4 bit field is set as part of
++ responses. The values have the following
++ interpretation:
++
++ 0 No error condition
++
++ 1 Format error - The name server was
++ unable to interpret the query.
++
++ 2 Server failure - The name server was
++ unable to process this query due to a
++ problem with the name server.
++
++ 3 Name Error - Meaningful only for
++ responses from an authoritative name
++ server, this code signifies that the
++ domain name referenced in the query does
++ not exist.
++
++ 4 Not Implemented - The name server does
++ not support the requested kind of query.
++
++ 5 Refused - The name server refuses to
++ perform the specified operation for
++ policy reasons. For example, a name
++ server may not wish to provide the
++ information to the particular requester,
++ or a name server may not wish to perform
++ a particular operation (e.g., zone
++
++ transfer) for particular data.
++
++ 6-15 Reserved for future use.
++
++QDCOUNT an unsigned 16 bit integer specifying the number of
++ entries in the question section.
++
++ANCOUNT an unsigned 16 bit integer specifying the number of
++ resource records in the answer section.
++
++NSCOUNT an unsigned 16 bit integer specifying the number of name
++ server resource records in the authority records
++ section.
++
++ARCOUNT an unsigned 16 bit integer specifying the number of
++ resource records in the additional records section.
++
++</pre>
++ */
++struct ldns_struct_hdr
++{
++ /** Id of a packet */
++ uint16_t _id;
++ /** Query bit (0=query, 1=answer) */
++ bool _qr;
++ /** Authoritative answer */
++ bool _aa;
++ /** Packet truncated */
++ bool _tc;
++ /** Recursion desired */
++ bool _rd;
++ /** Checking disabled */
++ bool _cd;
++ /** Recursion available */
++ bool _ra;
++ /** Authentic data */
++ bool _ad;
++ /** Query type */
++ ldns_pkt_opcode _opcode; /* XXX 8 bits? */
++ /** Response code */
++ uint8_t _rcode;
++ /** question sec */
++ uint16_t _qdcount;
++ /** answer sec */
++ uint16_t _ancount;
++ /** auth sec */
++ uint16_t _nscount;
++ /** add sec */
++ uint16_t _arcount;
++};
++typedef struct ldns_struct_hdr ldns_hdr;
++
++/**
++ * DNS packet
++ *
++ * This structure contains a complete DNS packet (either a query or an answer)
++ *
++ * It is the complete representation of what you actually send to a
++ * nameserver, and what it sends back (assuming you are the client here).
++ */
++struct ldns_struct_pkt
++{
++ /** Header section */
++ ldns_hdr *_header;
++ /* extra items needed in a packet */
++ /** The size of the wire format of the packet in octets */
++ ldns_rdf *_answerfrom;
++ /** Timestamp of the time the packet was sent or created */
++ struct timeval timestamp;
++ /** The duration of the query this packet is an answer to */
++ uint32_t _querytime;
++ /** The size of the wire format of the packet in octets */
++ size_t _size;
++ /** Optional tsig rr */
++ ldns_rr *_tsig_rr;
++ /** EDNS0 available buffer size, see RFC2671 */
++ uint16_t _edns_udp_size;
++ /** EDNS0 Extended rcode */
++ uint8_t _edns_extended_rcode;
++ /** EDNS Version */
++ uint8_t _edns_version;
++ /* OPT pseudo-RR presence flag */
++ uint8_t _edns_present;
++ /** Reserved EDNS data bits */
++ uint16_t _edns_z;
++ /** Arbitrary EDNS rdata */
++ ldns_rdf *_edns_data;
++ /** Question section */
++ ldns_rr_list *_question;
++ /** Answer section */
++ ldns_rr_list *_answer;
++ /** Authority section */
++ ldns_rr_list *_authority;
++ /** Additional section */
++ ldns_rr_list *_additional;
++};
++typedef struct ldns_struct_pkt ldns_pkt;
++
++/**
++ * The sections of a packet
++ */
++enum ldns_enum_pkt_section {
++ LDNS_SECTION_QUESTION = 0,
++ LDNS_SECTION_ANSWER = 1,
++ LDNS_SECTION_AUTHORITY = 2,
++ LDNS_SECTION_ADDITIONAL = 3,
++ /** bogus section, if not interested */
++ LDNS_SECTION_ANY = 4,
++ /** used to get all non-question rrs from a packet */
++ LDNS_SECTION_ANY_NOQUESTION = 5
++};
++typedef enum ldns_enum_pkt_section ldns_pkt_section;
++
++/**
++ * The different types of packets
++ */
++enum ldns_enum_pkt_type {
++ LDNS_PACKET_QUESTION,
++ LDNS_PACKET_REFERRAL,
++ LDNS_PACKET_ANSWER,
++ LDNS_PACKET_NXDOMAIN,
++ LDNS_PACKET_NODATA,
++ LDNS_PACKET_UNKNOWN
++};
++typedef enum ldns_enum_pkt_type ldns_pkt_type;
++
++/* prototypes */
++
++/* read */
++
++/**
++ * Read the packet id
++ * \param[in] p the packet
++ * \return the packet id
++ */
++uint16_t ldns_pkt_id(const ldns_pkt *p);
++/**
++ * Read the packet's qr bit
++ * \param[in] p the packet
++ * \return value of the bit
++ */
++bool ldns_pkt_qr(const ldns_pkt *p);
++/**
++ * Read the packet's aa bit
++ * \param[in] p the packet
++ * \return value of the bit
++ */
++bool ldns_pkt_aa(const ldns_pkt *p);
++/**
++ * Read the packet's tc bit
++ * \param[in] p the packet
++ * \return value of the bit
++ */
++bool ldns_pkt_tc(const ldns_pkt *p);
++/**
++ * Read the packet's rd bit
++ * \param[in] p the packet
++ * \return value of the bit
++ */
++bool ldns_pkt_rd(const ldns_pkt *p);
++/**
++ * Read the packet's cd bit
++ * \param[in] p the packet
++ * \return value of the bit
++ */
++bool ldns_pkt_cd(const ldns_pkt *p);
++/**
++ * Read the packet's ra bit
++ * \param[in] p the packet
++ * \return value of the bit
++ */
++bool ldns_pkt_ra(const ldns_pkt *p);
++/**
++ * Read the packet's ad bit
++ * \param[in] p the packet
++ * \return value of the bit
++ */
++bool ldns_pkt_ad(const ldns_pkt *p);
++/**
++ * Read the packet's code
++ * \param[in] p the packet
++ * \return the opcode
++ */
++ldns_pkt_opcode ldns_pkt_get_opcode(const ldns_pkt *p);
++/**
++ * Return the packet's respons code
++ * \param[in] p the packet
++ * \return the respons code
++ */
++ldns_pkt_rcode ldns_pkt_get_rcode(const ldns_pkt *p);
++/**
++ * Return the packet's qd count
++ * \param[in] p the packet
++ * \return the qd count
++ */
++uint16_t ldns_pkt_qdcount(const ldns_pkt *p);
++/**
++ * Return the packet's an count
++ * \param[in] p the packet
++ * \return the an count
++ */
++uint16_t ldns_pkt_ancount(const ldns_pkt *p);
++/**
++ * Return the packet's ns count
++ * \param[in] p the packet
++ * \return the ns count
++ */
++uint16_t ldns_pkt_nscount(const ldns_pkt *p);
++/**
++ * Return the packet's ar count
++ * \param[in] p the packet
++ * \return the ar count
++ */
++uint16_t ldns_pkt_arcount(const ldns_pkt *p);
++
++/**
++ * Return the packet's answerfrom
++ * \param[in] p packet
++ * \return the name of the server
++ */
++ldns_rdf *ldns_pkt_answerfrom(const ldns_pkt *p);
++
++/**
++ * Return the packet's timestamp
++ * \param[in] p the packet
++ * \return the timestamp
++ */
++struct timeval ldns_pkt_timestamp(const ldns_pkt *p);
++/**
++ * Return the packet's querytime
++ * \param[in] p the packet
++ * \return the querytime
++ */
++uint32_t ldns_pkt_querytime(const ldns_pkt *p);
++
++/**
++ * Return the packet's size in bytes
++ * \param[in] p the packet
++ * \return the size
++ */
++size_t ldns_pkt_size(const ldns_pkt *p);
++
++/**
++ * Return the number of RRs in the given section.
++ * Returns the sum of all RRs when LDNS_SECTION_ANY is given.
++ * Returns the sum of all non-question RRs when LDNS_SECTION_ANY_NOQUESTION
++ * is given.
++ * \param[in] p the packet
++ * \param[in] s the section
++ * \return the number of RRs in the given section
++ */
++uint16_t ldns_pkt_section_count(const ldns_pkt *p, ldns_pkt_section s);
++
++/**
++ * Return the packet's tsig pseudo rr's
++ * \param[in] p the packet
++ * \return the tsig rr
++ */
++ldns_rr *ldns_pkt_tsig(const ldns_pkt *p);
++
++/**
++ * Return the packet's question section
++ * \param[in] p the packet
++ * \return the section
++ */
++ldns_rr_list *ldns_pkt_question(const ldns_pkt *p);
++/**
++ * Return the packet's answer section
++ * \param[in] p the packet
++ * \return the section
++ */
++ldns_rr_list *ldns_pkt_answer(const ldns_pkt *p);
++/**
++ * Return the packet's authority section
++ * \param[in] p the packet
++ * \return the section
++ */
++ldns_rr_list *ldns_pkt_authority(const ldns_pkt *p);
++/**
++ * Return the packet's additional section
++ * \param[in] p the packet
++ * \return the section
++ */
++ldns_rr_list *ldns_pkt_additional(const ldns_pkt *p);
++/**
++ * Return the packet's question, answer, authority and additional sections
++ * concatenated, in a new rr_list clone.
++ * \param[in] p the packet
++ * \return the rrs
++ */
++ldns_rr_list *ldns_pkt_all(const ldns_pkt *p);
++/**
++ * Return the packet's answer, authority and additional sections concatenated,
++ * in a new rr_list clone. Like ldns_pkt_all but without the questions.
++ * \param[in] p the packet
++ * \return the rrs except the question rrs
++ */
++ldns_rr_list *ldns_pkt_all_noquestion(const ldns_pkt *p);
++
++/**
++ * return all the rr_list's in the packet. Clone the lists, instead
++ * of returning pointers.
++ * \param[in] p the packet to look in
++ * \param[in] s what section(s) to return
++ * \return ldns_rr_list with the rr's or NULL if none were found
++ */
++ldns_rr_list *ldns_pkt_get_section_clone(const ldns_pkt *p, ldns_pkt_section s);
++
++/**
++ * return all the rr with a specific name from a packet. Optionally
++ * specify from which section in the packet
++ * \param[in] p the packet
++ * \param[in] r the name
++ * \param[in] s the packet's section
++ * \return a list with the rr's or NULL if none were found
++ */
++ldns_rr_list *ldns_pkt_rr_list_by_name(ldns_pkt *p, ldns_rdf *r, ldns_pkt_section s);
++/**
++ * return all the rr with a specific type from a packet. Optionally
++ * specify from which section in the packet
++ * \param[in] p the packet
++ * \param[in] t the type
++ * \param[in] s the packet's section
++ * \return a list with the rr's or NULL if none were found
++ */
++ldns_rr_list *ldns_pkt_rr_list_by_type(const ldns_pkt *p, ldns_rr_type t, ldns_pkt_section s);
++/**
++ * return all the rr with a specific type and type from a packet. Optionally
++ * specify from which section in the packet
++ * \param[in] packet the packet
++ * \param[in] ownername the name
++ * \param[in] type the type
++ * \param[in] sec the packet's section
++ * \return a list with the rr's or NULL if none were found
++ */
++ldns_rr_list *ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, const ldns_rdf *ownername, ldns_rr_type type, ldns_pkt_section sec);
++
++
++/**
++ * check to see if an rr exist in the packet
++ * \param[in] pkt the packet to examine
++ * \param[in] sec in which section to look
++ * \param[in] rr the rr to look for
++ */
++bool ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr);
++
++
++/**
++ * sets the flags in a packet.
++ * \param[in] pkt the packet to operate on
++ * \param[in] flags ORed values: LDNS_QR| LDNS_AR for instance
++ * \return true on success otherwise false
++ */
++bool ldns_pkt_set_flags(ldns_pkt *pkt, uint16_t flags);
++
++/**
++ * Set the packet's id
++ * \param[in] p the packet
++ * \param[in] id the id to set
++ */
++void ldns_pkt_set_id(ldns_pkt *p, uint16_t id);
++/**
++ * Set the packet's id to a random value
++ * \param[in] p the packet
++ */
++void ldns_pkt_set_random_id(ldns_pkt *p);
++/**
++ * Set the packet's qr bit
++ * \param[in] p the packet
++ * \param[in] b the value to set (boolean)
++ */
++void ldns_pkt_set_qr(ldns_pkt *p, bool b);
++/**
++ * Set the packet's aa bit
++ * \param[in] p the packet
++ * \param[in] b the value to set (boolean)
++ */
++void ldns_pkt_set_aa(ldns_pkt *p, bool b);
++/**
++ * Set the packet's tc bit
++ * \param[in] p the packet
++ * \param[in] b the value to set (boolean)
++ */
++void ldns_pkt_set_tc(ldns_pkt *p, bool b);
++/**
++ * Set the packet's rd bit
++ * \param[in] p the packet
++ * \param[in] b the value to set (boolean)
++ */
++void ldns_pkt_set_rd(ldns_pkt *p, bool b);
++/**
++ * Set the packet's cd bit
++ * \param[in] p the packet
++ * \param[in] b the value to set (boolean)
++ */
++void ldns_pkt_set_cd(ldns_pkt *p, bool b);
++/**
++ * Set the packet's ra bit
++ * \param[in] p the packet
++ * \param[in] b the value to set (boolean)
++ */
++void ldns_pkt_set_ra(ldns_pkt *p, bool b);
++/**
++ * Set the packet's ad bit
++ * \param[in] p the packet
++ * \param[in] b the value to set (boolean)
++ */
++void ldns_pkt_set_ad(ldns_pkt *p, bool b);
++
++/**
++ * Set the packet's opcode
++ * \param[in] p the packet
++ * \param[in] c the opcode
++ */
++void ldns_pkt_set_opcode(ldns_pkt *p, ldns_pkt_opcode c);
++/**
++ * Set the packet's respons code
++ * \param[in] p the packet
++ * \param[in] c the rcode
++ */
++void ldns_pkt_set_rcode(ldns_pkt *p, uint8_t c);
++/**
++ * Set the packet's qd count
++ * \param[in] p the packet
++ * \param[in] c the count
++ */
++void ldns_pkt_set_qdcount(ldns_pkt *p, uint16_t c);
++/**
++ * Set the packet's an count
++ * \param[in] p the packet
++ * \param[in] c the count
++ */
++void ldns_pkt_set_ancount(ldns_pkt *p, uint16_t c);
++/**
++ * Set the packet's ns count
++ * \param[in] p the packet
++ * \param[in] c the count
++ */
++void ldns_pkt_set_nscount(ldns_pkt *p, uint16_t c);
++/**
++ * Set the packet's arcount
++ * \param[in] p the packet
++ * \param[in] c the count
++ */
++void ldns_pkt_set_arcount(ldns_pkt *p, uint16_t c);
++/**
++ * Set the packet's answering server
++ * \param[in] p the packet
++ * \param[in] r the address
++ */
++void ldns_pkt_set_answerfrom(ldns_pkt *p, ldns_rdf *r);
++/**
++ * Set the packet's query time
++ * \param[in] p the packet
++ * \param[in] t the querytime in msec
++ */
++void ldns_pkt_set_querytime(ldns_pkt *p, uint32_t t);
++/**
++ * Set the packet's size
++ * \param[in] p the packet
++ * \param[in] s the size
++ */
++void ldns_pkt_set_size(ldns_pkt *p, size_t s);
++
++/**
++ * Set the packet's timestamp
++ * \param[in] p the packet
++ * \param[in] timeval the timestamp
++ */
++void ldns_pkt_set_timestamp(ldns_pkt *p, struct timeval timeval);
++/**
++ * Set a packet's section count to x
++ * \param[in] p the packet
++ * \param[in] s the section
++ * \param[in] x the section count
++ */
++void ldns_pkt_set_section_count(ldns_pkt *p, ldns_pkt_section s, uint16_t x);
++/**
++ * Set the packet's tsig rr
++ * \param[in] p the packet
++ * \param[in] t the tsig rr
++ */
++void ldns_pkt_set_tsig(ldns_pkt *p, ldns_rr *t);
++
++/**
++ * looks inside the packet to determine
++ * what kind of packet it is, AUTH, NXDOMAIN, REFERRAL, etc.
++ * \param[in] p the packet to examine
++ * \return the type of packet
++ */
++ldns_pkt_type ldns_pkt_reply_type(ldns_pkt *p);
++
++/**
++ * return the packet's edns udp size
++ * \param[in] packet the packet
++ * \return the size
++ */
++uint16_t ldns_pkt_edns_udp_size(const ldns_pkt *packet);
++/**
++ * return the packet's edns extended rcode
++ * \param[in] packet the packet
++ * \return the rcode
++ */
++uint8_t ldns_pkt_edns_extended_rcode(const ldns_pkt *packet);
++/**
++ * return the packet's edns version
++ * \param[in] packet the packet
++ * \return the version
++ */
++uint8_t ldns_pkt_edns_version(const ldns_pkt *packet);
++/**
++ * return the packet's edns z value
++ * \param[in] packet the packet
++ * \return the z value
++ */
++uint16_t ldns_pkt_edns_z(const ldns_pkt *packet);
++/**
++ * return the packet's edns data
++ * \param[in] packet the packet
++ * \return the data
++ */
++ldns_rdf *ldns_pkt_edns_data(const ldns_pkt *packet);
++
++/**
++ * return the packet's edns do bit
++ * \param[in] packet the packet
++ * \return the bit's value
++ */
++bool ldns_pkt_edns_do(const ldns_pkt *packet);
++/**
++ * Set the packet's edns do bit
++ * \param[in] packet the packet
++ * \param[in] value the bit's new value
++ */
++void ldns_pkt_set_edns_do(ldns_pkt *packet, bool value);
++
++/**
++ * returns true if this packet needs and EDNS rr to be sent.
++ * At the moment the only reason is an expected packet
++ * size larger than 512 bytes, but for instance dnssec would
++ * be a good reason too.
++ *
++ * \param[in] packet the packet to check
++ * \return true if packet needs edns rr
++ */
++bool ldns_pkt_edns(const ldns_pkt *packet);
++
++/**
++ * Set the packet's edns udp size
++ * \param[in] packet the packet
++ * \param[in] s the size
++ */
++void ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s);
++/**
++ * Set the packet's edns extended rcode
++ * \param[in] packet the packet
++ * \param[in] c the code
++ */
++void ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c);
++/**
++ * Set the packet's edns version
++ * \param[in] packet the packet
++ * \param[in] v the version
++ */
++void ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v);
++/**
++ * Set the packet's edns z value
++ * \param[in] packet the packet
++ * \param[in] z the value
++ */
++void ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z);
++/**
++ * Set the packet's edns data
++ * \param[in] packet the packet
++ * \param[in] data the data
++ */
++void ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data);
++
++/**
++ * allocates and initializes a ldns_pkt structure.
++ * \return pointer to the new packet
++ */
++ldns_pkt *ldns_pkt_new(void);
++
++/**
++ * frees the packet structure and all data that it contains.
++ * \param[in] packet The packet structure to free
++ * \return void
++ */
++void ldns_pkt_free(ldns_pkt *packet);
++
++/**
++ * creates a query packet for the given name, type, class.
++ * \param[out] p the packet to be returned
++ * \param[in] rr_name the name to query for (as string)
++ * \param[in] rr_type the type to query for
++ * \param[in] rr_class the class to query for
++ * \param[in] flags packet flags
++ * \return LDNS_STATUS_OK or a ldns_status mesg with the error
++ */
++ldns_status ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class , uint16_t flags);
++
++/**
++ * creates an IXFR request packet for the given name, class.
++ * adds the SOA record to the authority section.
++ * \param[out] p the packet to be returned
++ * \param[in] rr_name the name to query for (as string)
++ * \param[in] rr_class the class to query for
++ * \param[in] flags packet flags
++ * \param[in] soa soa record to be added to the authority section
++ * \return LDNS_STATUS_OK or a ldns_status mesg with the error
++ */
++ldns_status ldns_pkt_ixfr_request_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_class rr_class, uint16_t flags, ldns_rr* soa);
++
++/**
++ * creates a packet with a query in it for the given name, type and class.
++ * \param[in] rr_name the name to query for
++ * \param[in] rr_type the type to query for
++ * \param[in] rr_class the class to query for
++ * \param[in] flags packet flags
++ * \return ldns_pkt* a pointer to the new pkt
++ */
++ldns_pkt *ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags);
++
++/**
++ * creates an IXFR request packet for the given name, type and class.
++ * adds the SOA record to the authority section.
++ * \param[in] rr_name the name to query for
++ * \param[in] rr_class the class to query for
++ * \param[in] flags packet flags
++ * \param[in] soa soa record to be added to the authority section
++ * \return ldns_pkt* a pointer to the new pkt
++ */
++ldns_pkt *ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class, uint16_t flags, ldns_rr* soa);
++
++/**
++ * clones the given packet, creating a fully allocated copy
++ *
++ * \param[in] pkt the packet to clone
++ * \return ldns_pkt* pointer to the new packet
++ */
++ldns_pkt *ldns_pkt_clone(const ldns_pkt *pkt);
++
++/**
++ * directly set the additional section
++ * \param[in] p packet to operate on
++ * \param[in] rr rrlist to set
++ */
++void ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr);
++
++/**
++ * directly set the answer section
++ * \param[in] p packet to operate on
++ * \param[in] rr rrlist to set
++ */
++void ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr);
++
++/**
++ * directly set the question section
++ * \param[in] p packet to operate on
++ * \param[in] rr rrlist to set
++ */
++void ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr);
++
++/**
++ * directly set the auhority section
++ * \param[in] p packet to operate on
++ * \param[in] rr rrlist to set
++ */
++void ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr);
++
++/**
++ * push an rr on a packet
++ * \param[in] packet packet to operate on
++ * \param[in] section where to put it
++ * \param[in] rr rr to push
++ * \return a boolean which is true when the rr was added
++ */
++bool ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr);
++
++/**
++ * push an rr on a packet, provided the RR is not there.
++ * \param[in] pkt packet to operate on
++ * \param[in] sec where to put it
++ * \param[in] rr rr to push
++ * \return a boolean which is true when the rr was added
++ */
++bool ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr);
++
++/**
++ * push a rr_list on a packet
++ * \param[in] packet packet to operate on
++ * \param[in] section where to put it
++ * \param[in] list the rr_list to push
++ * \return a boolean which is true when the rr was added
++ */
++bool ldns_pkt_push_rr_list(ldns_pkt *packet, ldns_pkt_section section, ldns_rr_list *list);
++
++/**
++ * push an rr_list to a packet, provided the RRs are not already there.
++ * \param[in] pkt packet to operate on
++ * \param[in] sec where to put it
++ * \param[in] list the rr_list to push
++ * \return a boolean which is true when the rr was added
++ */
++bool ldns_pkt_safe_push_rr_list(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr_list *list);
++
++/**
++ * check if a packet is empty
++ * \param[in] p packet
++ * \return true: empty, false: not empty
++ */
++bool ldns_pkt_empty(ldns_pkt *p);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_PACKET_H */
+diff --git a/ldns/include/ldns/parse.h b/ldns/include/ldns/parse.h
+new file mode 100644
+index 0000000..0e9034c
+--- /dev/null
++++ b/ldns/include/ldns/parse.h
+@@ -0,0 +1,167 @@
++/*
++ * parse.h
++ *
++ * a Net::DNS like library for C
++ * LibDNS Team @ NLnet Labs
++ * (c) NLnet Labs, 2005-2006
++ * See the file LICENSE for the license
++ */
++
++#ifndef LDNS_PARSE_H
++#define LDNS_PARSE_H
++
++#include <ldns/common.h>
++#include <ldns/buffer.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define LDNS_PARSE_SKIP_SPACE "\f\n\r\v"
++#define LDNS_PARSE_NORMAL " \f\n\r\t\v"
++#define LDNS_PARSE_NO_NL " \t"
++#define LDNS_MAX_LINELEN 10230
++#define LDNS_MAX_KEYWORDLEN 32
++
++
++/**
++ * \file
++ *
++ * Contains some low-level parsing functions, mostly used in the _frm_str
++ * family of functions.
++ */
++
++/**
++ * different type of directives in zone files
++ * We now deal with $TTL, $ORIGIN and $INCLUDE.
++ * The latter is not implemented in ldns (yet)
++ */
++enum ldns_enum_directive
++{
++ LDNS_DIR_TTL,
++ LDNS_DIR_ORIGIN,
++ LDNS_DIR_INCLUDE
++};
++typedef enum ldns_enum_directive ldns_directive;
++
++/**
++ * returns a token/char from the stream F.
++ * This function deals with ( and ) in the stream,
++ * and ignores them when encountered
++ * \param[in] *f the file to read from
++ * \param[out] *token the read token is put here
++ * \param[in] *delim chars at which the parsing should stop
++ * \param[in] *limit how much to read. If 0 the builtin maximum is used
++ * \return 0 on error of EOF of the stream F. Otherwise return the length of what is read
++ */
++ssize_t ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit);
++
++/**
++ * returns a token/char from the stream F.
++ * This function deals with ( and ) in the stream,
++ * and ignores when it finds them.
++ * \param[in] *f the file to read from
++ * \param[out] *token the token is put here
++ * \param[in] *delim chars at which the parsing should stop
++ * \param[in] *limit how much to read. If 0 use builtin maximum
++ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
++ * \return 0 on error of EOF of F otherwise return the length of what is read
++ */
++ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr);
++
++/**
++ * returns a token/char from the buffer b.
++ * This function deals with ( and ) in the buffer,
++ * and ignores when it finds them.
++ * \param[in] *b the buffer to read from
++ * \param[out] *token the token is put here
++ * \param[in] *delim chars at which the parsing should stop
++ * \param[in] *limit how much to read. If 0 the builtin maximum is used
++ * \returns 0 on error of EOF of b. Otherwise return the length of what is read
++ */
++ssize_t ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit);
++
++/*
++ * searches for keyword and delim in a file. Gives everything back
++ * after the keyword + k_del until we hit d_del
++ * \param[in] f file pointer to read from
++ * \param[in] keyword keyword to look for
++ * \param[in] k_del keyword delimeter
++ * \param[out] data the data found
++ * \param[in] d_del the data delimeter
++ * \param[in] data_limit maximum size the the data buffer
++ * \return the number of character read
++ */
++ssize_t ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit);
++
++/*
++ * searches for keyword and delim. Gives everything back
++ * after the keyword + k_del until we hit d_del
++ * \param[in] f file pointer to read from
++ * \param[in] keyword keyword to look for
++ * \param[in] k_del keyword delimeter
++ * \param[out] data the data found
++ * \param[in] d_del the data delimeter
++ * \param[in] data_limit maximum size the the data buffer
++ * \param[in] line_nr pointer to an integer containing the current line number (for
++debugging purposes)
++ * \return the number of character read
++ */
++ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr);
++
++/*
++ * searches for keyword and delim in a buffer. Gives everything back
++ * after the keyword + k_del until we hit d_del
++ * \param[in] b buffer pointer to read from
++ * \param[in] keyword keyword to look for
++ * \param[in] k_del keyword delimeter
++ * \param[out] data the data found
++ * \param[in] d_del the data delimeter
++ * \param[in] data_limit maximum size the the data buffer
++ * \return the number of character read
++ */
++ssize_t ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit);
++
++/**
++ * returns the next character from a buffer. Advances the position pointer with 1.
++ * When end of buffer is reached returns EOF. This is the buffer's equivalent
++ * for getc().
++ * \param[in] *buffer buffer to read from
++ * \return EOF on failure otherwise return the character
++ */
++int ldns_bgetc(ldns_buffer *buffer);
++
++/**
++ * skips all of the characters in the given string in the buffer, moving
++ * the position to the first character that is not in *s.
++ * \param[in] *buffer buffer to use
++ * \param[in] *s characters to skip
++ * \return void
++ */
++void ldns_bskipcs(ldns_buffer *buffer, const char *s);
++
++/**
++ * skips all of the characters in the given string in the fp, moving
++ * the position to the first character that is not in *s.
++ * \param[in] *fp file to use
++ * \param[in] *s characters to skip
++ * \return void
++ */
++void ldns_fskipcs(FILE *fp, const char *s);
++
++
++/**
++ * skips all of the characters in the given string in the fp, moving
++ * the position to the first character that is not in *s.
++ * \param[in] *fp file to use
++ * \param[in] *s characters to skip
++ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
++ * \return void
++ */
++void ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_PARSE_H */
+diff --git a/ldns/include/ldns/radix.h b/ldns/include/ldns/radix.h
+new file mode 100644
+index 0000000..1885959
+--- /dev/null
++++ b/ldns/include/ldns/radix.h
+@@ -0,0 +1,240 @@
++/*
++ * radix.h -- generic radix tree
++ *
++ * Copyright (c) 2012, NLnet Labs. All rights reserved.
++ *
++ * This software is open source.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * Redistributions of source code must retain the above copyright notice,
++ * this list of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice,
++ * this list of conditions and the following disclaimer in the documentation
++ * and/or other materials provided with the distribution.
++ *
++ * Neither the name of the NLNET LABS nor the names of its contributors may
++ * be used to endorse or promote products derived from this software without
++ * specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
++ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
++ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
++ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++/**
++ * \file
++ * Radix tree. Implementation taken from NSD 4, adjusted for use in ldns.
++ *
++ */
++
++#ifndef LDNS_RADIX_H_
++#define LDNS_RADIX_H_
++
++#include <ldns/error.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++typedef uint16_t radix_strlen_t;
++typedef struct ldns_radix_array_t ldns_radix_array_t;
++typedef struct ldns_radix_node_t ldns_radix_node_t;
++typedef struct ldns_radix_t ldns_radix_t;
++
++/** Radix node select edge array */
++struct ldns_radix_array_t {
++ /** Additional string after the selection byte for this edge. */
++ uint8_t* str;
++ /** Length of additional string for this edge. */
++ radix_strlen_t len;
++ /** Node that deals with byte+str. */
++ ldns_radix_node_t* edge;
++};
++
++/** A node in a radix tree */
++struct ldns_radix_node_t {
++ /** Key corresponding to this node. */
++ uint8_t* key;
++ /** Key length corresponding to this node. */
++ radix_strlen_t klen;
++ /** Data corresponding to this node. */
++ void* data;
++ /** Parent node. */
++ ldns_radix_node_t* parent;
++ /** Index in the the parent node select edge array. */
++ uint8_t parent_index;
++ /** Length of the array. */
++ uint16_t len;
++ /** Offset of the array. */
++ uint16_t offset;
++ /** Capacity of the array. */
++ uint16_t capacity;
++ /** Select edge array. */
++ ldns_radix_array_t* array;
++};
++
++/** An entire radix tree */
++struct ldns_radix_t {
++ /** Root. */
++ ldns_radix_node_t* root;
++ /** Number of nodes in tree. */
++ size_t count;
++};
++
++/**
++ * Create a new radix tree.
++ * @return: new radix tree.
++ *
++ */
++ldns_radix_t* ldns_radix_create(void);
++
++/**
++ * Initialize radix tree.
++ * @param tree: uninitialized radix tree.
++ *
++ */
++void ldns_radix_init(ldns_radix_t* tree);
++
++/**
++ * Free the radix tree.
++ * @param tree: radix tree.
++ *
++ */
++void ldns_radix_free(ldns_radix_t* tree);
++
++/**
++ * Insert data into the tree.
++ * @param tree: tree to insert to.
++ * @param key: key.
++ * @param len: length of key.
++ * @param data: data.
++ * @return: status.
++ *
++ */
++ldns_status ldns_radix_insert(ldns_radix_t* tree, uint8_t* key,
++ radix_strlen_t len, void* data);
++
++/**
++ * Delete data from the tree.
++ * @param tree: tree to insert to.
++ * @param key: key.
++ * @param len: length of key.
++ * @return: unlinked data or NULL if not present.
++ *
++ */
++void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len);
++
++/**
++ * Search data in the tree.
++ * @param tree: tree to insert to.
++ * @param key: key.
++ * @param len: length of key.
++ * @return: the radix node or NULL if not found.
++ *
++ */
++ldns_radix_node_t* ldns_radix_search(ldns_radix_t* tree, uint8_t* key,
++ radix_strlen_t len);
++
++/**
++ * Search data in the tree, and if not found, find the closest smaller
++ * element in the tree.
++ * @param tree: tree to insert to.
++ * @param key: key.
++ * @param len: length of key.
++ * @param result: the radix node with the exact or closest match. NULL if
++ * the key is smaller than the smallest key in the tree.
++ * @return 1 if exact match, 0 otherwise.
++ *
++ */
++int ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key,
++ radix_strlen_t len, ldns_radix_node_t** result);
++
++/**
++ * Get the first element in the tree.
++ * @param tree: tree.
++ * @return: the radix node with the first element.
++ *
++ */
++ldns_radix_node_t* ldns_radix_first(ldns_radix_t* tree);
++
++/**
++ * Get the last element in the tree.
++ * @param tree: tree.
++ * @return: the radix node with the last element.
++ *
++ */
++ldns_radix_node_t* ldns_radix_last(ldns_radix_t* tree);
++
++/**
++ * Next element.
++ * @param node: node.
++ * @return: node with next element.
++ *
++ */
++ldns_radix_node_t* ldns_radix_next(ldns_radix_node_t* node);
++
++/**
++ * Previous element.
++ * @param node: node.
++ * @return: node with previous element.
++ *
++ */
++ldns_radix_node_t* ldns_radix_prev(ldns_radix_node_t* node);
++
++/**
++ * Split radix tree intwo.
++ * @param tree1: one tree.
++ * @param num: number of elements to split off.
++ * @param tree2: another tree.
++ * @return: status.
++ *
++ */
++ldns_status ldns_radix_split(ldns_radix_t* tree1, size_t num,
++ ldns_radix_t** tree2);
++
++/**
++ * Join two radix trees.
++ * @param tree1: one tree.
++ * @param tree2: another tree.
++ * @return: status.
++ *
++ */
++ldns_status ldns_radix_join(ldns_radix_t* tree1, ldns_radix_t* tree2);
++
++/**
++ * Call function for all nodes in the tree, such that leaf nodes are
++ * called before parent nodes.
++ * @param node: start node.
++ * @param func: function.
++ * @param arg: user argument.
++ *
++ */
++void ldns_radix_traverse_postorder(ldns_radix_node_t* node,
++ void (*func)(ldns_radix_node_t*, void*), void* arg);
++
++/**
++ * Print radix tree (for debugging purposes).
++ * @param fd: file descriptor.
++ * @param tree: tree.
++ *
++ */
++void ldns_radix_printf(FILE* fd, ldns_radix_t* tree);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_RADIX_H_ */
+diff --git a/ldns/include/ldns/rbtree.h b/ldns/include/ldns/rbtree.h
+new file mode 100644
+index 0000000..c891934
+--- /dev/null
++++ b/ldns/include/ldns/rbtree.h
+@@ -0,0 +1,230 @@
++/*
++ * rbtree.h -- generic red-black tree
++ *
++ * Copyright (c) 2001-2008, NLnet Labs. All rights reserved.
++ *
++ * This software is open source.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * Redistributions of source code must retain the above copyright notice,
++ * this list of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice,
++ * this list of conditions and the following disclaimer in the documentation
++ * and/or other materials provided with the distribution.
++ *
++ * Neither the name of the NLNET LABS nor the names of its contributors may
++ * be used to endorse or promote products derived from this software without
++ * specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
++ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
++ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
++ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++/**
++ * \file
++ * Red black tree. Implementation taken from NSD 3.0.5, adjusted for use
++ * in unbound (memory allocation, logging and so on).
++ */
++
++#ifndef LDNS_RBTREE_H_
++#define LDNS_RBTREE_H_
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * This structure must be the first member of the data structure in
++ * the rbtree. This allows easy casting between an rbnode_t and the
++ * user data (poor man's inheritance).
++ * Or you can use the data pointer member to get to your data item.
++ */
++typedef struct ldns_rbnode_t ldns_rbnode_t;
++/**
++ * The rbnode_t struct definition.
++ */
++struct ldns_rbnode_t {
++ /** parent in rbtree, RBTREE_NULL for root */
++ ldns_rbnode_t *parent;
++ /** left node (smaller items) */
++ ldns_rbnode_t *left;
++ /** right node (larger items) */
++ ldns_rbnode_t *right;
++ /** pointer to sorting key */
++ const void *key;
++ /** pointer to data */
++ const void *data;
++ /** colour of this node */
++ uint8_t color;
++};
++
++/** The nullpointer, points to empty node */
++#define LDNS_RBTREE_NULL &ldns_rbtree_null_node
++/** the global empty node */
++extern ldns_rbnode_t ldns_rbtree_null_node;
++
++/** An entire red black tree */
++typedef struct ldns_rbtree_t ldns_rbtree_t;
++/** definition for tree struct */
++struct ldns_rbtree_t {
++ /** The root of the red-black tree */
++ ldns_rbnode_t *root;
++
++ /** The number of the nodes in the tree */
++ size_t count;
++
++ /**
++ * Key compare function. <0,0,>0 like strcmp.
++ * Return 0 on two NULL ptrs.
++ */
++ int (*cmp) (const void *, const void *);
++};
++
++/**
++ * Create new tree (malloced) with given key compare function.
++ * @param cmpf: compare function (like strcmp) takes pointers to two keys.
++ * @return: new tree, empty.
++ */
++ldns_rbtree_t *ldns_rbtree_create(int (*cmpf)(const void *, const void *));
++
++/**
++ * Free the complete tree (but not its keys)
++ * @param rbtree The tree to free
++ */
++void ldns_rbtree_free(ldns_rbtree_t *rbtree);
++
++/**
++ * Init a new tree (malloced by caller) with given key compare function.
++ * @param rbtree: uninitialised memory for new tree, returned empty.
++ * @param cmpf: compare function (like strcmp) takes pointers to two keys.
++ */
++void ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *));
++
++/**
++ * Insert data into the tree.
++ * @param rbtree: tree to insert to.
++ * @param data: element to insert.
++ * @return: data ptr or NULL if key already present.
++ */
++ldns_rbnode_t *ldns_rbtree_insert(ldns_rbtree_t *rbtree, ldns_rbnode_t *data);
++
++/**
++ * Insert data into the tree (reversed arguments, for use as callback)
++ * \param[in] data element to insert
++ * \param[out] rbtree tree to insert in to
++ * \return data ptr or NULL if key is already present
++ */
++void ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree);
++
++/**
++ * Delete element from tree.
++ * @param rbtree: tree to delete from.
++ * @param key: key of item to delete.
++ * @return: node that is now unlinked from the tree. User to delete it.
++ * returns 0 if node not present
++ */
++ldns_rbnode_t *ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key);
++
++/**
++ * Find key in tree. Returns NULL if not found.
++ * @param rbtree: tree to find in.
++ * @param key: key that must match.
++ * @return: node that fits or NULL.
++ */
++ldns_rbnode_t *ldns_rbtree_search(ldns_rbtree_t *rbtree, const void *key);
++
++/**
++ * Find, but match does not have to be exact.
++ * @param rbtree: tree to find in.
++ * @param key: key to find position of.
++ * @param result: set to the exact node if present, otherwise to element that
++ * precedes the position of key in the tree. NULL if no smaller element.
++ * @return: true if exact match in result. Else result points to <= element,
++ * or NULL if key is smaller than the smallest key.
++ */
++int ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key,
++ ldns_rbnode_t **result);
++
++/**
++ * Returns first (smallest) node in the tree
++ * @param rbtree: tree
++ * @return: smallest element or NULL if tree empty.
++ */
++ldns_rbnode_t *ldns_rbtree_first(ldns_rbtree_t *rbtree);
++
++/**
++ * Returns last (largest) node in the tree
++ * @param rbtree: tree
++ * @return: largest element or NULL if tree empty.
++ */
++ldns_rbnode_t *ldns_rbtree_last(ldns_rbtree_t *rbtree);
++
++/**
++ * Returns next larger node in the tree
++ * @param rbtree: tree
++ * @return: next larger element or NULL if no larger in tree.
++ */
++ldns_rbnode_t *ldns_rbtree_next(ldns_rbnode_t *rbtree);
++
++/**
++ * Returns previous smaller node in the tree
++ * @param rbtree: tree
++ * @return: previous smaller element or NULL if no previous in tree.
++ */
++ldns_rbnode_t *ldns_rbtree_previous(ldns_rbnode_t *rbtree);
++
++/**
++ * split off 'elements' number of elements from the start
++ * of the name tree and return a new tree containing those
++ * elements
++ */
++ldns_rbtree_t *ldns_rbtree_split(ldns_rbtree_t *tree, size_t elements);
++
++/**
++ * add all node from the second tree to the first (removing them from the
++ * second), and fix up nsec(3)s if present
++ */
++void ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2);
++
++/**
++ * Call with node=variable of struct* with rbnode_t as first element.
++ * with type is the type of a pointer to that struct.
++ */
++#define LDNS_RBTREE_FOR(node, type, rbtree) \
++ for(node=(type)ldns_rbtree_first(rbtree); \
++ (ldns_rbnode_t*)node != LDNS_RBTREE_NULL; \
++ node = (type)ldns_rbtree_next((ldns_rbnode_t*)node))
++
++/**
++ * Call function for all elements in the redblack tree, such that
++ * leaf elements are called before parent elements. So that all
++ * elements can be safely free()d.
++ * Note that your function must not remove the nodes from the tree.
++ * Since that may trigger rebalances of the rbtree.
++ * @param tree: the tree
++ * @param func: function called with element and user arg.
++ * The function must not alter the rbtree.
++ * @param arg: user argument.
++ */
++void ldns_traverse_postorder(ldns_rbtree_t* tree,
++ void (*func)(ldns_rbnode_t*, void*), void* arg);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* UTIL_RBTREE_H_ */
+diff --git a/ldns/include/ldns/rdata.h b/ldns/include/ldns/rdata.h
+new file mode 100644
+index 0000000..22665b1
+--- /dev/null
++++ b/ldns/include/ldns/rdata.h
+@@ -0,0 +1,451 @@
++/*
++ * rdata.h
++ *
++ * rdata definitions
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++
++/**
++ * \file
++ *
++ * Defines ldns_rdf and functions to manipulate those.
++ */
++
++
++#ifndef LDNS_RDATA_H
++#define LDNS_RDATA_H
++
++#include <ldns/common.h>
++#include <ldns/error.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define LDNS_MAX_RDFLEN 65535
++
++#define LDNS_RDF_SIZE_BYTE 1
++#define LDNS_RDF_SIZE_WORD 2
++#define LDNS_RDF_SIZE_DOUBLEWORD 4
++#define LDNS_RDF_SIZE_6BYTES 6
++#define LDNS_RDF_SIZE_8BYTES 8
++#define LDNS_RDF_SIZE_16BYTES 16
++
++#define LDNS_NSEC3_VARS_OPTOUT_MASK 0x01
++
++/**
++ * The different types of RDATA fields.
++ */
++enum ldns_enum_rdf_type
++{
++ /** none */
++ LDNS_RDF_TYPE_NONE,
++ /** domain name */
++ LDNS_RDF_TYPE_DNAME,
++ /** 8 bits */
++ LDNS_RDF_TYPE_INT8,
++ /** 16 bits */
++ LDNS_RDF_TYPE_INT16,
++ /** 32 bits */
++ LDNS_RDF_TYPE_INT32,
++ /** A record */
++ LDNS_RDF_TYPE_A,
++ /** AAAA record */
++ LDNS_RDF_TYPE_AAAA,
++ /** txt string */
++ LDNS_RDF_TYPE_STR,
++ /** apl data */
++ LDNS_RDF_TYPE_APL,
++ /** b32 string */
++ LDNS_RDF_TYPE_B32_EXT,
++ /** b64 string */
++ LDNS_RDF_TYPE_B64,
++ /** hex string */
++ LDNS_RDF_TYPE_HEX,
++ /** nsec type codes */
++ LDNS_RDF_TYPE_NSEC,
++ /** a RR type */
++ LDNS_RDF_TYPE_TYPE,
++ /** a class */
++ LDNS_RDF_TYPE_CLASS,
++ /** certificate algorithm */
++ LDNS_RDF_TYPE_CERT_ALG,
++ /** a key algorithm */
++ LDNS_RDF_TYPE_ALG,
++ /** unknown types */
++ LDNS_RDF_TYPE_UNKNOWN,
++ /** time (32 bits) */
++ LDNS_RDF_TYPE_TIME,
++ /** period */
++ LDNS_RDF_TYPE_PERIOD,
++ /** tsig time 48 bits */
++ LDNS_RDF_TYPE_TSIGTIME,
++ /** Represents the Public Key Algorithm, HIT and Public Key fields
++ for the HIP RR types. A HIP specific rdf type is used because of
++ the unusual layout in wireformat (see RFC 5205 Section 5) */
++ LDNS_RDF_TYPE_HIP,
++ /** variable length any type rdata where the length
++ is specified by the first 2 bytes */
++ LDNS_RDF_TYPE_INT16_DATA,
++ /** protocol and port bitmaps */
++ LDNS_RDF_TYPE_SERVICE,
++ /** location data */
++ LDNS_RDF_TYPE_LOC,
++ /** well known services */
++ LDNS_RDF_TYPE_WKS,
++ /** NSAP */
++ LDNS_RDF_TYPE_NSAP,
++ /** ATMA */
++ LDNS_RDF_TYPE_ATMA,
++ /** IPSECKEY */
++ LDNS_RDF_TYPE_IPSECKEY,
++ /** nsec3 hash salt */
++ LDNS_RDF_TYPE_NSEC3_SALT,
++ /** nsec3 base32 string (with length byte on wire */
++ LDNS_RDF_TYPE_NSEC3_NEXT_OWNER,
++
++ /** 4 shorts represented as 4 * 16 bit hex numbers
++ * separated by colons. For NID and L64.
++ */
++ LDNS_RDF_TYPE_ILNP64,
++
++ /** 6 * 8 bit hex numbers separated by dashes. For EUI48. */
++ LDNS_RDF_TYPE_EUI48,
++ /** 8 * 8 bit hex numbers separated by dashes. For EUI64. */
++ LDNS_RDF_TYPE_EUI64,
++
++ /** A non-zero sequence of US-ASCII letters and numbers in lower case.
++ * For CAA.
++ */
++ LDNS_RDF_TYPE_TAG,
++
++ /** A <character-string> encoding of the value field as specified
++ * [RFC1035], Section 5.1., encoded as remaining rdata.
++ * For CAA.
++ */
++ LDNS_RDF_TYPE_LONG_STR,
++
++ /** Since RFC7218 TLSA records can be given with mnemonics,
++ * hence these rdata field types. But as with DNSKEYs, the output
++ * is always numeric.
++ */
++ LDNS_RDF_TYPE_CERTIFICATE_USAGE,
++ LDNS_RDF_TYPE_SELECTOR,
++ LDNS_RDF_TYPE_MATCHING_TYPE,
++
++ /* Aliases */
++ LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC
++};
++typedef enum ldns_enum_rdf_type ldns_rdf_type;
++
++/**
++ * algorithms used in CERT rrs
++ */
++enum ldns_enum_cert_algorithm
++{
++ LDNS_CERT_PKIX = 1,
++ LDNS_CERT_SPKI = 2,
++ LDNS_CERT_PGP = 3,
++ LDNS_CERT_IPKIX = 4,
++ LDNS_CERT_ISPKI = 5,
++ LDNS_CERT_IPGP = 6,
++ LDNS_CERT_ACPKIX = 7,
++ LDNS_CERT_IACPKIX = 8,
++ LDNS_CERT_URI = 253,
++ LDNS_CERT_OID = 254
++};
++typedef enum ldns_enum_cert_algorithm ldns_cert_algorithm;
++
++
++
++/**
++ * Resource record data field.
++ *
++ * The data is a network ordered array of bytes, which size is specified by
++ * the (16-bit) size field. To correctly parse it, use the type
++ * specified in the (16-bit) type field with a value from \ref ldns_rdf_type.
++ */
++struct ldns_struct_rdf
++{
++ /** The size of the data (in octets) */
++ size_t _size;
++ /** The type of the data */
++ ldns_rdf_type _type;
++ /** Pointer to the data (raw octets) */
++ void *_data;
++};
++typedef struct ldns_struct_rdf ldns_rdf;
++
++/* prototypes */
++
++/* write access functions */
++
++/**
++ * sets the size of the rdf.
++ * \param[in] *rd the rdf to operate on
++ * \param[in] size the new size
++ * \return void
++ */
++void ldns_rdf_set_size(ldns_rdf *rd, size_t size);
++
++/**
++ * sets the size of the rdf.
++ * \param[in] *rd the rdf to operate on
++ * \param[in] type the new type
++ * \return void
++ */
++void ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type);
++
++/**
++ * sets the size of the rdf.
++ * \param[in] *rd the rdf to operate on
++ * \param[in] *data pointer to the new data
++ * \return void
++ */
++void ldns_rdf_set_data(ldns_rdf *rd, void *data);
++
++/* read access */
++
++/**
++ * returns the size of the rdf.
++ * \param[in] *rd the rdf to read from
++ * \return uint16_t with the size
++ */
++size_t ldns_rdf_size(const ldns_rdf *rd);
++
++/**
++ * returns the type of the rdf. We need to insert _get_
++ * here to prevent conflict the the rdf_type TYPE.
++ * \param[in] *rd the rdf to read from
++ * \return ldns_rdf_type with the type
++ */
++ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd);
++
++/**
++ * returns the data of the rdf.
++ * \param[in] *rd the rdf to read from
++ *
++ * \return uint8_t* pointer to the rdf's data
++ */
++uint8_t *ldns_rdf_data(const ldns_rdf *rd);
++
++/* creator functions */
++
++/**
++ * allocates a new rdf structure and fills it.
++ * This function DOES NOT copy the contents from
++ * the buffer, unlinke ldns_rdf_new_frm_data()
++ * \param[in] type type of the rdf
++ * \param[in] size size of the buffer
++ * \param[in] data pointer to the buffer to be copied
++ * \return the new rdf structure or NULL on failure
++ */
++ldns_rdf *ldns_rdf_new(ldns_rdf_type type, size_t size, void *data);
++
++/**
++ * allocates a new rdf structure and fills it.
++ * This function _does_ copy the contents from
++ * the buffer, unlinke ldns_rdf_new()
++ * \param[in] type type of the rdf
++ * \param[in] size size of the buffer
++ * \param[in] data pointer to the buffer to be copied
++ * \return the new rdf structure or NULL on failure
++ */
++ldns_rdf *ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data);
++
++/**
++ * creates a new rdf from a string.
++ * \param[in] type type to use
++ * \param[in] str string to use
++ * \return ldns_rdf* or NULL in case of an error
++ */
++ldns_rdf *ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str);
++
++/**
++ * creates a new rdf from a file containing a string.
++ * \param[out] r the new rdf
++ * \param[in] type type to use
++ * \param[in] fp the file pointer to use
++ * \return LDNS_STATUS_OK or the error
++ */
++ldns_status ldns_rdf_new_frm_fp(ldns_rdf **r, ldns_rdf_type type, FILE *fp);
++
++/**
++ * creates a new rdf from a file containing a string.
++ * \param[out] r the new rdf
++ * \param[in] type type to use
++ * \param[in] fp the file pointer to use
++ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
++ * \return LDNS_STATUS_OK or the error
++ */
++ldns_status ldns_rdf_new_frm_fp_l(ldns_rdf **r, ldns_rdf_type type, FILE *fp, int *line_nr);
++
++/* destroy functions */
++
++/**
++ * frees a rdf structure, leaving the
++ * data pointer intact.
++ * \param[in] rd the pointer to be freed
++ * \return void
++ */
++void ldns_rdf_free(ldns_rdf *rd);
++
++/**
++ * frees a rdf structure _and_ frees the
++ * data. rdf should be created with _new_frm_data
++ * \param[in] rd the rdf structure to be freed
++ * \return void
++ */
++void ldns_rdf_deep_free(ldns_rdf *rd);
++
++/* conversion functions */
++
++/**
++ * returns the rdf containing the native uint8_t repr.
++ * \param[in] type the ldns_rdf type to use
++ * \param[in] value the uint8_t to use
++ * \return ldns_rdf* with the converted value
++ */
++ldns_rdf *ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value);
++
++/**
++ * returns the rdf containing the native uint16_t representation.
++ * \param[in] type the ldns_rdf type to use
++ * \param[in] value the uint16_t to use
++ * \return ldns_rdf* with the converted value
++ */
++ldns_rdf *ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value);
++
++/**
++ * returns an rdf that contains the given int32 value.
++ *
++ * Because multiple rdf types can contain an int32, the
++ * type must be specified
++ * \param[in] type the ldns_rdf type to use
++ * \param[in] value the uint32_t to use
++ * \return ldns_rdf* with the converted value
++ */
++ldns_rdf *ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value);
++
++/**
++ * returns an int16_data rdf that contains the data in the
++ * given array, preceded by an int16 specifying the length.
++ *
++ * The memory is copied, and an LDNS_RDF_TYPE_INT16DATA is returned
++ * \param[in] size the size of the data
++ * \param[in] *data pointer to the actual data
++ *
++ * \return ldns_rd* the rdf with the data
++ */
++ldns_rdf *ldns_native2rdf_int16_data(size_t size, uint8_t *data);
++
++/**
++ * reverses an rdf, only actually useful for AAAA and A records.
++ * The returned rdf has the type LDNS_RDF_TYPE_DNAME!
++ * \param[in] *rd rdf to be reversed
++ * \return the reversed rdf (a newly created rdf)
++ */
++ldns_rdf *ldns_rdf_address_reverse(ldns_rdf *rd);
++
++/**
++ * returns the native uint8_t representation from the rdf.
++ * \param[in] rd the ldns_rdf to operate on
++ * \return uint8_t the value extracted
++ */
++uint8_t ldns_rdf2native_int8(const ldns_rdf *rd);
++
++/**
++ * returns the native uint16_t representation from the rdf.
++ * \param[in] rd the ldns_rdf to operate on
++ * \return uint16_t the value extracted
++ */
++uint16_t ldns_rdf2native_int16(const ldns_rdf *rd);
++
++/**
++ * returns the native uint32_t representation from the rdf.
++ * \param[in] rd the ldns_rdf to operate on
++ * \return uint32_t the value extracted
++ */
++uint32_t ldns_rdf2native_int32(const ldns_rdf *rd);
++
++/**
++ * returns the native time_t representation from the rdf.
++ * \param[in] rd the ldns_rdf to operate on
++ * \return time_t the value extracted (32 bits currently)
++ */
++time_t ldns_rdf2native_time_t(const ldns_rdf *rd);
++
++/**
++ * converts a ttl value (like 5d2h) to a long.
++ * \param[in] nptr the start of the string
++ * \param[out] endptr points to the last char in case of error
++ * \return the convert duration value
++ */
++uint32_t ldns_str2period(const char *nptr, const char **endptr);
++
++/**
++ * removes \\DDD, \\[space] and other escapes from the input.
++ * See RFC 1035, section 5.1.
++ * \param[in] word what to check
++ * \param[in] length the string
++ * \return ldns_status mesg
++ */
++ldns_status ldns_octet(char *word, size_t *length);
++
++/**
++ * clones a rdf structure. The data is copied.
++ * \param[in] rd rdf to be copied
++ * \return a new rdf structure
++ */
++ldns_rdf *ldns_rdf_clone(const ldns_rdf *rd);
++
++/**
++ * compares two rdf's on their wire formats.
++ * (To order dnames according to rfc4034, use ldns_dname_compare)
++ * \param[in] rd1 the first one
++ * \param[in] rd2 the second one
++ * \return 0 if equal
++ * \return -1 if rd1 comes before rd2
++ * \return +1 if rd2 comes before rd1
++ */
++int ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2);
++
++/**
++ * Gets the algorithm value, the HIT and Public Key data from the rdf with
++ * type LDNS_RDF_TYPE_HIP.
++ * \param[in] rdf the rdf with type LDNS_RDF_TYPE_HIP
++ * \param[out] alg the algorithm
++ * \param[out] hit_size the size of the HIT data
++ * \param[out] hit the hit data
++ * \param[out] pk_size the size of the Public Key data
++ * \param[out] pk the Public Key data
++ * \return LDNS_STATUS_OK on success, and the error otherwise
++ */
++ldns_status ldns_rdf_hip_get_alg_hit_pk(ldns_rdf *rdf, uint8_t* alg,
++ uint8_t *hit_size, uint8_t** hit,
++ uint16_t *pk_size, uint8_t** pk);
++
++/**
++ * Creates a new LDNS_RDF_TYPE_HIP rdf from given data.
++ * \param[out] rdf the newly created LDNS_RDF_TYPE_HIP rdf
++ * \param[in] alg the algorithm
++ * \param[in] hit_size the size of the HIT data
++ * \param[in] hit the hit data
++ * \param[in] pk_size the size of the Public Key data
++ * \param[in] pk the Public Key data
++ * \return LDNS_STATUS_OK on success, and the error otherwise
++ */
++ldns_status ldns_rdf_hip_new_frm_alg_hit_pk(ldns_rdf** rdf, uint8_t alg,
++ uint8_t hit_size, uint8_t *hit, uint16_t pk_size, uint8_t *pk);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_RDATA_H */
+diff --git a/ldns/include/ldns/resolver.h b/ldns/include/ldns/resolver.h
+new file mode 100644
+index 0000000..228485c
+--- /dev/null
++++ b/ldns/include/ldns/resolver.h
+@@ -0,0 +1,805 @@
++/*
++ * resolver.h
++ *
++ * DNS Resolver definitions
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++/**
++ * \file
++ *
++ * Defines the ldns_resolver structure, a stub resolver that can send queries and parse answers.
++ *
++ */
++
++#ifndef LDNS_RESOLVER_H
++#define LDNS_RESOLVER_H
++
++#include <ldns/error.h>
++#include <ldns/common.h>
++#include <ldns/rr.h>
++#include <ldns/tsig.h>
++#include <ldns/rdata.h>
++#include <ldns/packet.h>
++#include <sys/time.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/** Default location of the resolv.conf file */
++#define LDNS_RESOLV_CONF "/etc/resolv.conf"
++/** Default location of the hosts file */
++#define LDNS_RESOLV_HOSTS "/etc/hosts"
++
++#define LDNS_RESOLV_KEYWORD -1
++#define LDNS_RESOLV_DEFDOMAIN 0
++#define LDNS_RESOLV_NAMESERVER 1
++#define LDNS_RESOLV_SEARCH 2
++#define LDNS_RESOLV_SORTLIST 3
++#define LDNS_RESOLV_OPTIONS 4
++#define LDNS_RESOLV_ANCHOR 5
++#define LDNS_RESOLV_KEYWORDS 6
++
++#define LDNS_RESOLV_INETANY 0
++#define LDNS_RESOLV_INET 1
++#define LDNS_RESOLV_INET6 2
++
++#define LDNS_RESOLV_RTT_INF 0 /* infinity */
++#define LDNS_RESOLV_RTT_MIN 1 /* reachable */
++
++/**
++ * DNS stub resolver structure
++ */
++struct ldns_struct_resolver
++{
++ /** Port to send queries to */
++ uint16_t _port;
++
++ /** Array of nameservers to query (IP addresses or dnames) */
++ ldns_rdf **_nameservers;
++ /** Number of nameservers in \c _nameservers */
++ size_t _nameserver_count; /* how many do we have */
++
++ /** Round trip time; 0 -> infinity. Unit: ms? */
++ size_t *_rtt;
++
++ /** Whether or not to be recursive */
++ bool _recursive;
++
++ /** Print debug information */
++ bool _debug;
++
++ /** Default domain to add to non fully qualified domain names */
++ ldns_rdf *_domain;
++
++ /** Searchlist array, add the names in this array if a query cannot be found */
++ ldns_rdf **_searchlist;
++
++ /** Number of entries in the searchlist array */
++ size_t _searchlist_count;
++
++ /** Number of times to retry before giving up */
++ uint8_t _retry;
++ /** Time to wait before retrying */
++ uint8_t _retrans;
++ /** Use new fallback mechanism (try EDNS, then do TCP) */
++ bool _fallback;
++
++ /** Whether to do DNSSEC */
++ bool _dnssec;
++ /** Whether to set the CD bit on DNSSEC requests */
++ bool _dnssec_cd;
++ /** Optional trust anchors for complete DNSSEC validation */
++ ldns_rr_list * _dnssec_anchors;
++ /** Whether to use tcp or udp (tcp if the value is true)*/
++ bool _usevc;
++ /** Whether to ignore the tc bit */
++ bool _igntc;
++ /** Whether to use ip6: 0->does not matter, 1 is IPv4, 2 is IPv6 */
++ uint8_t _ip6;
++ /** If true append the default domain */
++ bool _defnames;
++ /** If true apply the search list */
++ bool _dnsrch;
++ /** Timeout for socket connections */
++ struct timeval _timeout;
++ /** Only try the first nameserver, and return with an error directly if it fails */
++ bool _fail;
++ /** Randomly choose a nameserver */
++ bool _random;
++ /** Keep some things to make AXFR possible */
++ int _socket;
++ /** Count the number of LDNS_RR_TYPE_SOA RRs we have seen so far
++ * (the second one signifies the end of the AXFR)
++ */
++ int _axfr_soa_count;
++ /* when axfring we get complete packets from the server
++ but we want to give the caller 1 rr at a time, so
++ keep the current pkt */
++ /** Packet currently handled when doing part of an AXFR */
++ ldns_pkt *_cur_axfr_pkt;
++ /** Counter for within the AXFR packets */
++ uint16_t _axfr_i;
++ /* EDNS0 available buffer size */
++ uint16_t _edns_udp_size;
++ /* serial for IXFR */
++ uint32_t _serial;
++
++ /* Optional tsig key for signing queries,
++ outgoing messages are signed if and only if both are set
++ */
++ /** Name of the key to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */
++ char *_tsig_keyname;
++ /** Secret key data to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */
++ char *_tsig_keydata;
++ /** TSIG signing algorithm */
++ char *_tsig_algorithm;
++
++ /** Source address to query from */
++ ldns_rdf *_source;
++};
++typedef struct ldns_struct_resolver ldns_resolver;
++
++/* prototypes */
++/* read access functions */
++
++/**
++ * Get the port the resolver should use
++ * \param[in] r the resolver
++ * \return the port number
++ */
++uint16_t ldns_resolver_port(const ldns_resolver *r);
++
++/**
++ * Get the source address the resolver should use
++ * \param[in] r the resolver
++ * \return the source rdf
++ */
++ldns_rdf *ldns_resolver_source(const ldns_resolver *r);
++
++/**
++ * Is the resolver set to recurse
++ * \param[in] r the resolver
++ * \return true if so, otherwise false
++ */
++bool ldns_resolver_recursive(const ldns_resolver *r);
++
++/**
++ * Get the debug status of the resolver
++ * \param[in] r the resolver
++ * \return true if so, otherwise false
++ */
++bool ldns_resolver_debug(const ldns_resolver *r);
++
++/**
++ * Get the number of retries
++ * \param[in] r the resolver
++ * \return the number of retries
++ */
++uint8_t ldns_resolver_retry(const ldns_resolver *r);
++
++/**
++ * Get the retransmit interval
++ * \param[in] r the resolver
++ * \return the retransmit interval
++ */
++uint8_t ldns_resolver_retrans(const ldns_resolver *r);
++
++/**
++ * Get the truncation fallback status
++ * \param[in] r the resolver
++ * \return whether the truncation fallback mechanism is used
++ */
++bool ldns_resolver_fallback(const ldns_resolver *r);
++
++/**
++ * Does the resolver use ip6 or ip4
++ * \param[in] r the resolver
++ * \return 0: both, 1: ip4, 2:ip6
++ */
++uint8_t ldns_resolver_ip6(const ldns_resolver *r);
++
++/**
++ * Get the resolver's udp size
++ * \param[in] r the resolver
++ * \return the udp mesg size
++ */
++uint16_t ldns_resolver_edns_udp_size(const ldns_resolver *r);
++/**
++ * Does the resolver use tcp or udp
++ * \param[in] r the resolver
++ * \return true: tcp, false: udp
++ */
++bool ldns_resolver_usevc(const ldns_resolver *r);
++/**
++ * Does the resolver only try the first nameserver
++ * \param[in] r the resolver
++ * \return true: yes, fail, false: no, try the others
++ */
++bool ldns_resolver_fail(const ldns_resolver *r);
++/**
++ * Does the resolver apply default domain name
++ * \param[in] r the resolver
++ * \return true: yes, false: no
++ */
++bool ldns_resolver_defnames(const ldns_resolver *r);
++/**
++ * Does the resolver apply search list
++ * \param[in] r the resolver
++ * \return true: yes, false: no
++ */
++bool ldns_resolver_dnsrch(const ldns_resolver *r);
++/**
++ * Does the resolver do DNSSEC
++ * \param[in] r the resolver
++ * \return true: yes, false: no
++ */
++bool ldns_resolver_dnssec(const ldns_resolver *r);
++/**
++ * Does the resolver set the CD bit
++ * \param[in] r the resolver
++ * \return true: yes, false: no
++ */
++bool ldns_resolver_dnssec_cd(const ldns_resolver *r);
++/**
++ * Get the resolver's DNSSEC anchors
++ * \param[in] r the resolver
++ * \return an rr_list containg trusted DNSSEC anchors
++ */
++ldns_rr_list * ldns_resolver_dnssec_anchors(const ldns_resolver *r);
++/**
++ * Does the resolver ignore the TC bit (truncated)
++ * \param[in] r the resolver
++ * \return true: yes, false: no
++ */
++bool ldns_resolver_igntc(const ldns_resolver *r);
++/**
++ * Does the resolver randomize the nameserver before usage
++ * \param[in] r the resolver
++ * \return true: yes, false: no
++ */
++bool ldns_resolver_random(const ldns_resolver *r);
++/**
++ * How many nameserver are configured in the resolver
++ * \param[in] r the resolver
++ * \return number of nameservers
++ */
++size_t ldns_resolver_nameserver_count(const ldns_resolver *r);
++/**
++ * What is the default dname to add to relative queries
++ * \param[in] r the resolver
++ * \return the dname which is added
++ */
++ldns_rdf *ldns_resolver_domain(const ldns_resolver *r);
++/**
++ * What is the timeout on socket connections
++ * \param[in] r the resolver
++ * \return the timeout as struct timeval
++ */
++struct timeval ldns_resolver_timeout(const ldns_resolver *r);
++/**
++ * What is the searchlist as used by the resolver
++ * \param[in] r the resolver
++ * \return a ldns_rdf pointer to a list of the addresses
++ */
++ldns_rdf** ldns_resolver_searchlist(const ldns_resolver *r);
++/**
++ * Return the configured nameserver ip address
++ * \param[in] r the resolver
++ * \return a ldns_rdf pointer to a list of the addresses
++ */
++ldns_rdf** ldns_resolver_nameservers(const ldns_resolver *r);
++/**
++ * Return the used round trip times for the nameservers
++ * \param[in] r the resolver
++ * \return a size_t* pointer to the list.
++ * yet)
++ */
++size_t * ldns_resolver_rtt(const ldns_resolver *r);
++/**
++ * Return the used round trip time for a specific nameserver
++ * \param[in] r the resolver
++ * \param[in] pos the index to the nameserver
++ * \return the rrt, 0: infinite, >0: undefined (as of * yet)
++ */
++size_t ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos);
++/**
++ * Return the tsig keyname as used by the nameserver
++ * \param[in] r the resolver
++ * \return the name used.
++ */
++char *ldns_resolver_tsig_keyname(const ldns_resolver *r);
++/**
++ * Return the tsig algorithm as used by the nameserver
++ * \param[in] r the resolver
++ * \return the algorithm used.
++ */
++char *ldns_resolver_tsig_algorithm(const ldns_resolver *r);
++/**
++ * Return the tsig keydata as used by the nameserver
++ * \param[in] r the resolver
++ * \return the keydata used.
++ */
++char *ldns_resolver_tsig_keydata(const ldns_resolver *r);
++/**
++ * pop the last nameserver from the resolver.
++ * \param[in] r the resolver
++ * \return the popped address or NULL if empty
++ */
++ldns_rdf* ldns_resolver_pop_nameserver(ldns_resolver *r);
++
++/**
++ * Return the resolver's searchlist count
++ * \param[in] r the resolver
++ * \return the searchlist count
++ */
++size_t ldns_resolver_searchlist_count(const ldns_resolver *r);
++
++/* write access function */
++/**
++ * Set the port the resolver should use
++ * \param[in] r the resolver
++ * \param[in] p the port number
++ */
++void ldns_resolver_set_port(ldns_resolver *r, uint16_t p);
++
++/**
++ * Set the source rdf (address) the resolver should use
++ * \param[in] r the resolver
++ * \param[in] s the source address
++ */
++void ldns_resolver_set_source(ldns_resolver *r, ldns_rdf *s);
++
++/**
++ * Set the resolver recursion
++ * \param[in] r the resolver
++ * \param[in] b true: set to recurse, false: unset
++ */
++void ldns_resolver_set_recursive(ldns_resolver *r, bool b);
++
++/**
++ * Set the resolver debugging
++ * \param[in] r the resolver
++ * \param[in] b true: debug on: false debug off
++ */
++void ldns_resolver_set_debug(ldns_resolver *r, bool b);
++
++/**
++ * Incremental the resolver's nameserver count.
++ * \param[in] r the resolver
++ */
++void ldns_resolver_incr_nameserver_count(ldns_resolver *r);
++
++/**
++ * Decrement the resolver's nameserver count.
++ * \param[in] r the resolver
++ */
++void ldns_resolver_dec_nameserver_count(ldns_resolver *r);
++
++/**
++ * Set the resolver's nameserver count directly.
++ * \param[in] r the resolver
++ * \param[in] c the nameserver count
++ */
++void ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c);
++
++/**
++ * Set the resolver's nameserver count directly by using an rdf list
++ * \param[in] r the resolver
++ * \param[in] rd the resolver addresses
++ */
++void ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **rd);
++
++/**
++ * Set the resolver's default domain. This gets appended when no
++ * absolute name is given
++ * \param[in] r the resolver
++ * \param[in] rd the name to append
++ */
++void ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *rd);
++
++/**
++ * Set the resolver's socket time out when talking to remote hosts
++ * \param[in] r the resolver
++ * \param[in] timeout the timeout to use
++ */
++void ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout);
++
++/**
++ * Push a new rd to the resolver's searchlist
++ * \param[in] r the resolver
++ * \param[in] rd to push
++ */
++void ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *rd);
++
++/**
++ * Whether the resolver uses the name set with _set_domain
++ * \param[in] r the resolver
++ * \param[in] b true: use the defaults, false: don't use them
++ */
++void ldns_resolver_set_defnames(ldns_resolver *r, bool b);
++
++/**
++ * Whether the resolver uses a virtual circuit (TCP)
++ * \param[in] r the resolver
++ * \param[in] b true: use TCP, false: don't use TCP
++ */
++void ldns_resolver_set_usevc(ldns_resolver *r, bool b);
++
++/**
++ * Whether the resolver uses the searchlist
++ * \param[in] r the resolver
++ * \param[in] b true: use the list, false: don't use the list
++ */
++void ldns_resolver_set_dnsrch(ldns_resolver *r, bool b);
++
++/**
++ * Whether the resolver uses DNSSEC
++ * \param[in] r the resolver
++ * \param[in] b true: use DNSSEC, false: don't use DNSSEC
++ */
++void ldns_resolver_set_dnssec(ldns_resolver *r, bool b);
++
++/**
++ * Whether the resolver uses the checking disable bit
++ * \param[in] r the resolver
++ * \param[in] b true: enable , false: don't use TCP
++ */
++void ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool b);
++/**
++ * Set the resolver's DNSSEC anchor list directly. RRs should be of type DS or DNSKEY.
++ * \param[in] r the resolver
++ * \param[in] l the list of RRs to use as trust anchors
++ */
++void ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l);
++
++/**
++ * Push a new trust anchor to the resolver. It must be a DS or DNSKEY rr
++ * \param[in] r the resolver.
++ * \param[in] rr the RR to add as a trust anchor.
++ * \return a status
++ */
++ldns_status ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr);
++
++/**
++ * Set the resolver retrans timeout (in seconds)
++ * \param[in] r the resolver
++ * \param[in] re the retransmission interval in seconds
++ */
++void ldns_resolver_set_retrans(ldns_resolver *r, uint8_t re);
++
++/**
++ * Set whether the resolvers truncation fallback mechanism is used
++ * when ldns_resolver_query() is called.
++ * \param[in] r the resolver
++ * \param[in] fallback whether to use the fallback mechanism
++ */
++void ldns_resolver_set_fallback(ldns_resolver *r, bool fallback);
++
++/**
++ * Set the number of times a resolver should retry a nameserver before the
++ * next one is tried.
++ * \param[in] r the resolver
++ * \param[in] re the number of retries
++ */
++void ldns_resolver_set_retry(ldns_resolver *r, uint8_t re);
++
++/**
++ * Whether the resolver uses ip6
++ * \param[in] r the resolver
++ * \param[in] i 0: no pref, 1: ip4, 2: ip6
++ */
++void ldns_resolver_set_ip6(ldns_resolver *r, uint8_t i);
++
++/**
++ * Whether or not to fail after one failed query
++ * \param[in] r the resolver
++ * \param[in] b true: yes fail, false: continue with next nameserver
++ */
++void ldns_resolver_set_fail(ldns_resolver *r, bool b);
++
++/**
++ * Whether or not to ignore the TC bit
++ * \param[in] r the resolver
++ * \param[in] b true: yes ignore, false: don't ignore
++ */
++void ldns_resolver_set_igntc(ldns_resolver *r, bool b);
++
++/**
++ * Set maximum udp size
++ * \param[in] r the resolver
++ * \param[in] s the udp max size
++ */
++void ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s);
++
++/**
++ * Set the tsig key name
++ * \param[in] r the resolver
++ * \param[in] tsig_keyname the tsig key name
++ */
++void ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname);
++
++/**
++ * Set the tsig algorithm
++ * \param[in] r the resolver
++ * \param[in] tsig_algorithm the tsig algorithm
++ */
++void ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm);
++
++/**
++ * Set the tsig key data
++ * \param[in] r the resolver
++ * \param[in] tsig_keydata the key data
++ */
++void ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata);
++
++/**
++ * Set round trip time for all nameservers. Note this currently
++ * differentiates between: unreachable and reachable.
++ * \param[in] r the resolver
++ * \param[in] rtt a list with the times
++ */
++void ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt);
++
++/**
++ * Set round trip time for a specific nameserver. Note this
++ * currently differentiates between: unreachable and reachable.
++ * \param[in] r the resolver
++ * \param[in] pos the nameserver position
++ * \param[in] value the rtt
++ */
++void ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value);
++
++/**
++ * Should the nameserver list be randomized before each use
++ * \param[in] r the resolver
++ * \param[in] b: true: randomize, false: don't
++ */
++void ldns_resolver_set_random(ldns_resolver *r, bool b);
++
++/**
++ * Push a new nameserver to the resolver. It must be an IP
++ * address v4 or v6.
++ * \param[in] r the resolver
++ * \param[in] n the ip address
++ * \return ldns_status a status
++ */
++ldns_status ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n);
++
++/**
++ * Push a new nameserver to the resolver. It must be an
++ * A or AAAA RR record type
++ * \param[in] r the resolver
++ * \param[in] rr the resource record
++ * \return ldns_status a status
++ */
++ldns_status ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr);
++
++/**
++ * Push a new nameserver rr_list to the resolver.
++ * \param[in] r the resolver
++ * \param[in] rrlist the rr_list to push
++ * \return ldns_status a status
++ */
++ldns_status ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist);
++
++/**
++ * Send the query for using the resolver and take the search list into account
++ * The search algorithm is as follows:
++ * If the name is absolute, try it as-is, otherwise apply the search list
++ * \param[in] *r operate using this resolver
++ * \param[in] *rdf query for this name
++ * \param[in] t query for this type (may be 0, defaults to A)
++ * \param[in] c query for this class (may be 0, default to IN)
++ * \param[in] flags the query flags
++ *
++ * \return ldns_pkt* a packet with the reply from the nameserver
++ */
++ldns_pkt* ldns_resolver_search(const ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
++
++
++/**
++ * Send the query for using the resolver and take the search list into account
++ * The search algorithm is as follows:
++ * If the name is absolute, try it as-is, otherwise apply the search list
++ * \param[out] pkt a packet with the reply from the nameserver
++ * \param[in] *r operate using this resolver
++ * \param[in] *rdf query for this name
++ * \param[in] t query for this type (may be 0, defaults to A)
++ * \param[in] c query for this class (may be 0, default to IN)
++ * \param[in] flags the query flags
++ *
++ * \return ldns_status LDNS_STATUS_OK on success
++ */
++ldns_status ldns_resolver_search_status(ldns_pkt** pkt, ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
++
++/**
++ * Form a query packet from a resolver and name/type/class combo
++ * \param[out] **q a pointer to a ldns_pkt pointer (initialized by this function)
++ * \param[in] *r operate using this resolver
++ * \param[in] *name query for this name
++ * \param[in] t query for this type (may be 0, defaults to A)
++ * \param[in] c query for this class (may be 0, default to IN)
++ * \param[in] f the query flags
++ *
++ * \return ldns_pkt* a packet with the reply from the nameserver
++ */
++ldns_status ldns_resolver_prepare_query_pkt(ldns_pkt **q, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t f);
++
++/**
++ * Send the query for name as-is
++ * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function)
++ * \param[in] *r operate using this resolver
++ * \param[in] *name query for this name
++ * \param[in] t query for this type (may be 0, defaults to A)
++ * \param[in] c query for this class (may be 0, default to IN)
++ * \param[in] flags the query flags
++ *
++ * \return ldns_pkt* a packet with the reply from the nameserver
++ */
++ldns_status ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
++
++/**
++ * Send the given packet to a nameserver
++ * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function)
++ * \param[in] *r operate using this resolver
++ * \param[in] *query_pkt query
++ */
++ldns_status ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r, ldns_pkt *query_pkt);
++
++/**
++ * Send a query to a nameserver
++ * \param[out] pkt a packet with the reply from the nameserver
++ * \param[in] *r operate using this resolver
++ * \param[in] *name query for this name
++ * \param[in] *t query for this type (may be 0, defaults to A)
++ * \param[in] *c query for this class (may be 0, default to IN)
++ * \param[in] flags the query flags
++ *
++ * \return ldns_status LDNS_STATUS_OK on success
++ * if _defnames is true the default domain will be added
++ */
++ldns_status ldns_resolver_query_status(ldns_pkt** pkt, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
++
++
++/**
++ * Send a query to a nameserver
++ * \param[in] *r operate using this resolver
++ * (despite the const in the declaration,
++ * the struct is altered as a side-effect)
++ * \param[in] *name query for this name
++ * \param[in] *t query for this type (may be 0, defaults to A)
++ * \param[in] *c query for this class (may be 0, default to IN)
++ * \param[in] flags the query flags
++ *
++ * \return ldns_pkt* a packet with the reply from the nameserver
++ * if _defnames is true the default domain will be added
++ */
++ldns_pkt* ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
++
++
++/**
++ * Create a new resolver structure
++ * \return ldns_resolver* pointer to new structure
++ */
++ldns_resolver* ldns_resolver_new(void);
++
++/**
++ * Clone a resolver
++ * \param[in] r the resolver to clone
++ * \return ldns_resolver* pointer to new structure
++ */
++ldns_resolver* ldns_resolver_clone(ldns_resolver *r);
++
++/**
++ * Create a resolver structure from a file like /etc/resolv.conf
++ * \param[out] r the new resolver
++ * \param[in] fp file pointer to create new resolver from
++ * if NULL use /etc/resolv.conf
++ * \return LDNS_STATUS_OK or the error
++ */
++ldns_status ldns_resolver_new_frm_fp(ldns_resolver **r, FILE *fp);
++
++/**
++ * Create a resolver structure from a file like /etc/resolv.conf
++ * \param[out] r the new resolver
++ * \param[in] fp file pointer to create new resolver from
++ * if NULL use /etc/resolv.conf
++ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
++ * \return LDNS_STATUS_OK or the error
++ */
++ldns_status ldns_resolver_new_frm_fp_l(ldns_resolver **r, FILE *fp, int *line_nr);
++
++/**
++ * Configure a resolver by means of a resolv.conf file
++ * The file may be NULL in which case there will be
++ * looked the RESOLV_CONF (defaults to /etc/resolv.conf
++ * \param[out] r the new resolver
++ * \param[in] filename the filename to use
++ * \return LDNS_STATUS_OK or the error
++ */
++ldns_status ldns_resolver_new_frm_file(ldns_resolver **r, const char *filename);
++
++/**
++ * Frees the allocated space for this resolver. Only frees the resolver pionter! You should probably be using _deep_free.
++ * \param res resolver to free
++ */
++void ldns_resolver_free(ldns_resolver *res);
++
++/**
++ * Frees the allocated space for this resolver and all it's data
++ * \param res resolver to free
++ */
++void ldns_resolver_deep_free(ldns_resolver *res);
++
++/**
++ * Get the next stream of RRs in a AXFR
++ * \param[in] resolver the resolver to use. First ldns_axfr_start() must be
++ * called
++ * \return ldns_rr the next RR from the AXFR stream
++ * After you get this returned RR (not NULL: on error), then check if
++ * ldns_axfr_complete() is true to see if the zone transfer has completed.
++ */
++ldns_rr* ldns_axfr_next(ldns_resolver *resolver);
++
++/**
++ * Abort a transfer that is in progress
++ * \param[in] resolver the resolver that is used
++ */
++void ldns_axfr_abort(ldns_resolver *resolver);
++
++/**
++ * Returns true if the axfr transfer has completed (i.e. 2 SOA RRs and no errors were encountered
++ * \param[in] resolver the resolver that is used
++ * \return bool true if axfr transfer was completed without error
++ */
++bool ldns_axfr_complete(const ldns_resolver *resolver);
++
++/**
++ * Returns a pointer to the last ldns_pkt that was sent by the server in the AXFR transfer
++ * uasable for instance to get the error code on failure
++ * \param[in] res the resolver that was used in the axfr transfer
++ * \return ldns_pkt the last packet sent
++ */
++ldns_pkt *ldns_axfr_last_pkt(const ldns_resolver *res);
++
++/**
++ * Get the serial for requesting IXFR.
++ * \param[in] r the resolver
++ * \param[in] serial serial
++ */
++void ldns_resolver_set_ixfr_serial(ldns_resolver *r, uint32_t serial);
++
++/**
++ * Get the serial for requesting IXFR.
++ * \param[in] res the resolver
++ * \return uint32_t serial
++ */
++uint32_t ldns_resolver_get_ixfr_serial(const ldns_resolver *res);
++
++/**
++ * Randomize the nameserver list in the resolver
++ * \param[in] r the resolver
++ */
++void ldns_resolver_nameservers_randomize(ldns_resolver *r);
++
++/**
++ * Returns true if at least one of the provided keys is a trust anchor
++ * \param[in] r the current resolver
++ * \param[in] keys the keyset to check
++ * \param[out] trusted_keys the subset of trusted keys in the 'keys' rrset
++ * \return true if at least one of the provided keys is a configured trust anchor
++ */
++bool ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_RESOLVER_H */
+diff --git a/ldns/include/ldns/rr.h b/ldns/include/ldns/rr.h
+new file mode 100644
+index 0000000..75ac352
+--- /dev/null
++++ b/ldns/include/ldns/rr.h
+@@ -0,0 +1,929 @@
++/*
++ * rr.h - resource record definitions
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++/**
++ * \file
++ *
++ * Contains the definition of ldns_rr and functions to manipulate those.
++ */
++
++
++#ifndef LDNS_RR_H
++#define LDNS_RR_H
++
++#include <ldns/common.h>
++#include <ldns/rdata.h>
++#include <ldns/buffer.h>
++#include <ldns/error.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/** Maximum length of a dname label */
++#define LDNS_MAX_LABELLEN 63
++/** Maximum length of a complete dname */
++#define LDNS_MAX_DOMAINLEN 255
++/** Maximum number of pointers in 1 dname */
++#define LDNS_MAX_POINTERS 65535
++/** The bytes TTL, CLASS and length use up in an rr */
++#define LDNS_RR_OVERHEAD 10
++
++/* The first fields are contiguous and can be referenced instantly */
++#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 258
++
++
++
++/**
++ * The different RR classes.
++ */
++enum ldns_enum_rr_class
++{
++ /** the Internet */
++ LDNS_RR_CLASS_IN = 1,
++ /** Chaos class */
++ LDNS_RR_CLASS_CH = 3,
++ /** Hesiod (Dyer 87) */
++ LDNS_RR_CLASS_HS = 4,
++ /** None class, dynamic update */
++ LDNS_RR_CLASS_NONE = 254,
++ /** Any class */
++ LDNS_RR_CLASS_ANY = 255,
++
++ LDNS_RR_CLASS_FIRST = 0,
++ LDNS_RR_CLASS_LAST = 65535,
++ LDNS_RR_CLASS_COUNT = LDNS_RR_CLASS_LAST - LDNS_RR_CLASS_FIRST + 1
++};
++typedef enum ldns_enum_rr_class ldns_rr_class;
++
++/**
++ * Used to specify whether compression is allowed.
++ */
++enum ldns_enum_rr_compress
++{
++ /** compression is allowed */
++ LDNS_RR_COMPRESS,
++ LDNS_RR_NO_COMPRESS
++};
++typedef enum ldns_enum_rr_compress ldns_rr_compress;
++
++/**
++ * The different RR types.
++ */
++enum ldns_enum_rr_type
++{
++ /** a host address */
++ LDNS_RR_TYPE_A = 1,
++ /** an authoritative name server */
++ LDNS_RR_TYPE_NS = 2,
++ /** a mail destination (Obsolete - use MX) */
++ LDNS_RR_TYPE_MD = 3,
++ /** a mail forwarder (Obsolete - use MX) */
++ LDNS_RR_TYPE_MF = 4,
++ /** the canonical name for an alias */
++ LDNS_RR_TYPE_CNAME = 5,
++ /** marks the start of a zone of authority */
++ LDNS_RR_TYPE_SOA = 6,
++ /** a mailbox domain name (EXPERIMENTAL) */
++ LDNS_RR_TYPE_MB = 7,
++ /** a mail group member (EXPERIMENTAL) */
++ LDNS_RR_TYPE_MG = 8,
++ /** a mail rename domain name (EXPERIMENTAL) */
++ LDNS_RR_TYPE_MR = 9,
++ /** a null RR (EXPERIMENTAL) */
++ LDNS_RR_TYPE_NULL = 10,
++ /** a well known service description */
++ LDNS_RR_TYPE_WKS = 11,
++ /** a domain name pointer */
++ LDNS_RR_TYPE_PTR = 12,
++ /** host information */
++ LDNS_RR_TYPE_HINFO = 13,
++ /** mailbox or mail list information */
++ LDNS_RR_TYPE_MINFO = 14,
++ /** mail exchange */
++ LDNS_RR_TYPE_MX = 15,
++ /** text strings */
++ LDNS_RR_TYPE_TXT = 16,
++ /** RFC1183 */
++ LDNS_RR_TYPE_RP = 17,
++ /** RFC1183 */
++ LDNS_RR_TYPE_AFSDB = 18,
++ /** RFC1183 */
++ LDNS_RR_TYPE_X25 = 19,
++ /** RFC1183 */
++ LDNS_RR_TYPE_ISDN = 20,
++ /** RFC1183 */
++ LDNS_RR_TYPE_RT = 21,
++ /** RFC1706 */
++ LDNS_RR_TYPE_NSAP = 22,
++ /** RFC1348 */
++ LDNS_RR_TYPE_NSAP_PTR = 23,
++ /** 2535typecode */
++ LDNS_RR_TYPE_SIG = 24,
++ /** 2535typecode */
++ LDNS_RR_TYPE_KEY = 25,
++ /** RFC2163 */
++ LDNS_RR_TYPE_PX = 26,
++ /** RFC1712 */
++ LDNS_RR_TYPE_GPOS = 27,
++ /** ipv6 address */
++ LDNS_RR_TYPE_AAAA = 28,
++ /** LOC record RFC1876 */
++ LDNS_RR_TYPE_LOC = 29,
++ /** 2535typecode */
++ LDNS_RR_TYPE_NXT = 30,
++ /** draft-ietf-nimrod-dns-01.txt */
++ LDNS_RR_TYPE_EID = 31,
++ /** draft-ietf-nimrod-dns-01.txt */
++ LDNS_RR_TYPE_NIMLOC = 32,
++ /** SRV record RFC2782 */
++ LDNS_RR_TYPE_SRV = 33,
++ /** http://www.jhsoft.com/rfc/af-saa-0069.000.rtf */
++ LDNS_RR_TYPE_ATMA = 34,
++ /** RFC2915 */
++ LDNS_RR_TYPE_NAPTR = 35,
++ /** RFC2230 */
++ LDNS_RR_TYPE_KX = 36,
++ /** RFC2538 */
++ LDNS_RR_TYPE_CERT = 37,
++ /** RFC2874 */
++ LDNS_RR_TYPE_A6 = 38,
++ /** RFC2672 */
++ LDNS_RR_TYPE_DNAME = 39,
++ /** dnsind-kitchen-sink-02.txt */
++ LDNS_RR_TYPE_SINK = 40,
++ /** Pseudo OPT record... */
++ LDNS_RR_TYPE_OPT = 41,
++ /** RFC3123 */
++ LDNS_RR_TYPE_APL = 42,
++ /** RFC4034, RFC3658 */
++ LDNS_RR_TYPE_DS = 43,
++ /** SSH Key Fingerprint */
++ LDNS_RR_TYPE_SSHFP = 44, /* RFC 4255 */
++ /** IPsec Key */
++ LDNS_RR_TYPE_IPSECKEY = 45, /* RFC 4025 */
++ /** DNSSEC */
++ LDNS_RR_TYPE_RRSIG = 46, /* RFC 4034 */
++ LDNS_RR_TYPE_NSEC = 47, /* RFC 4034 */
++ LDNS_RR_TYPE_DNSKEY = 48, /* RFC 4034 */
++
++ LDNS_RR_TYPE_DHCID = 49, /* RFC 4701 */
++ /* NSEC3 */
++ LDNS_RR_TYPE_NSEC3 = 50, /* RFC 5155 */
++ LDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */
++ LDNS_RR_TYPE_NSEC3PARAMS = 51,
++ LDNS_RR_TYPE_TLSA = 52, /* RFC 6698 */
++
++ LDNS_RR_TYPE_HIP = 55, /* RFC 5205 */
++
++ /** draft-reid-dnsext-zs */
++ LDNS_RR_TYPE_NINFO = 56,
++ /** draft-reid-dnsext-rkey */
++ LDNS_RR_TYPE_RKEY = 57,
++ /** draft-ietf-dnsop-trust-history */
++ LDNS_RR_TYPE_TALINK = 58,
++ LDNS_RR_TYPE_CDS = 59, /* RFC 7344 */
++ LDNS_RR_TYPE_CDNSKEY = 60, /* RFC 7344 */
++ /** draft-ietf-dane-openpgpkey */
++ LDNS_RR_TYPE_OPENPGPKEY = 61,
++
++ LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
++
++ LDNS_RR_TYPE_UINFO = 100,
++ LDNS_RR_TYPE_UID = 101,
++ LDNS_RR_TYPE_GID = 102,
++ LDNS_RR_TYPE_UNSPEC = 103,
++
++ LDNS_RR_TYPE_NID = 104, /* RFC 6742 */
++ LDNS_RR_TYPE_L32 = 105, /* RFC 6742 */
++ LDNS_RR_TYPE_L64 = 106, /* RFC 6742 */
++ LDNS_RR_TYPE_LP = 107, /* RFC 6742 */
++
++ LDNS_RR_TYPE_EUI48 = 108, /* RFC 7043 */
++ LDNS_RR_TYPE_EUI64 = 109, /* RFC 7043 */
++
++ LDNS_RR_TYPE_TKEY = 249, /* RFC 2930 */
++ LDNS_RR_TYPE_TSIG = 250,
++ LDNS_RR_TYPE_IXFR = 251,
++ LDNS_RR_TYPE_AXFR = 252,
++ /** A request for mailbox-related records (MB, MG or MR) */
++ LDNS_RR_TYPE_MAILB = 253,
++ /** A request for mail agent RRs (Obsolete - see MX) */
++ LDNS_RR_TYPE_MAILA = 254,
++ /** any type (wildcard) */
++ LDNS_RR_TYPE_ANY = 255,
++ /** draft-faltstrom-uri-06 */
++ LDNS_RR_TYPE_URI = 256,
++ LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */
++
++ /** DNSSEC Trust Authorities */
++ LDNS_RR_TYPE_TA = 32768,
++ /* RFC 4431, 5074, DNSSEC Lookaside Validation */
++ LDNS_RR_TYPE_DLV = 32769,
++
++ /* type codes from nsec3 experimental phase
++ LDNS_RR_TYPE_NSEC3 = 65324,
++ LDNS_RR_TYPE_NSEC3PARAMS = 65325, */
++ LDNS_RR_TYPE_FIRST = 0,
++ LDNS_RR_TYPE_LAST = 65535,
++ LDNS_RR_TYPE_COUNT = LDNS_RR_TYPE_LAST - LDNS_RR_TYPE_FIRST + 1
++};
++typedef enum ldns_enum_rr_type ldns_rr_type;
++
++/**
++ * Resource Record
++ *
++ * This is the basic DNS element that contains actual data
++ *
++ * From RFC1035:
++ * <pre>
++3.2.1. Format
++
++All RRs have the same top level format shown below:
++
++ 1 1 1 1 1 1
++ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ | |
++ / /
++ / NAME /
++ | |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ | TYPE |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ | CLASS |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ | TTL |
++ | |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ | RDLENGTH |
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
++ / RDATA /
++ / /
++ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++
++where:
++
++NAME an owner name, i.e., the name of the node to which this
++ resource record pertains.
++
++TYPE two octets containing one of the RR TYPE codes.
++
++CLASS two octets containing one of the RR CLASS codes.
++
++TTL a 32 bit signed integer that specifies the time interval
++ that the resource record may be cached before the source
++ of the information should again be consulted. Zero
++ values are interpreted to mean that the RR can only be
++ used for the transaction in progress, and should not be
++ cached. For example, SOA records are always distributed
++ with a zero TTL to prohibit caching. Zero values can
++ also be used for extremely volatile data.
++
++RDLENGTH an unsigned 16 bit integer that specifies the length in
++ octets of the RDATA field.
++
++RDATA a variable length string of octets that describes the
++ resource. The format of this information varies
++ according to the TYPE and CLASS of the resource record.
++ * </pre>
++ *
++ * The actual amount and type of rdata fields depend on the RR type of the
++ * RR, and can be found by using \ref ldns_rr_descriptor functions.
++ */
++struct ldns_struct_rr
++{
++ /** Owner name, uncompressed */
++ ldns_rdf *_owner;
++ /** Time to live */
++ uint32_t _ttl;
++ /** Number of data fields */
++ size_t _rd_count;
++ /** the type of the RR. A, MX etc. */
++ ldns_rr_type _rr_type;
++ /** Class of the resource record. */
++ ldns_rr_class _rr_class;
++ /* everything in the rdata is in network order */
++ /** The array of rdata's */
++ ldns_rdf **_rdata_fields;
++ /** question rr [it would be nicer if thous is after _rd_count]
++ ABI change: Fix this in next major release
++ */
++ bool _rr_question;
++};
++typedef struct ldns_struct_rr ldns_rr;
++
++/**
++ * List or Set of Resource Records
++ *
++ * Contains a list of rr's <br>
++ * No official RFC-like checks are made
++ */
++struct ldns_struct_rr_list
++{
++ size_t _rr_count;
++ size_t _rr_capacity;
++ ldns_rr **_rrs;
++};
++typedef struct ldns_struct_rr_list ldns_rr_list;
++
++/**
++ * Contains all information about resource record types.
++ *
++ * This structure contains, for all rr types, the rdata fields that are defined.
++ */
++struct ldns_struct_rr_descriptor
++{
++ /** Type of the RR that is described here */
++ ldns_rr_type _type;
++ /** Textual name of the RR type. */
++ const char *_name;
++ /** Minimum number of rdata fields in the RRs of this type. */
++ uint8_t _minimum;
++ /** Maximum number of rdata fields in the RRs of this type. */
++ uint8_t _maximum;
++ /** Wireformat specification for the rr, i.e. the types of rdata fields in their respective order. */
++ const ldns_rdf_type *_wireformat;
++ /** Special rdf types */
++ ldns_rdf_type _variable;
++ /** Specifies whether compression can be used for dnames in this RR type. */
++ ldns_rr_compress _compress;
++ /** The number of DNAMEs in the _wireformat string, for parsing. */
++ uint8_t _dname_count;
++};
++typedef struct ldns_struct_rr_descriptor ldns_rr_descriptor;
++
++
++/**
++ * Create a rr type bitmap rdf providing enough space to set all
++ * known (to ldns) rr types.
++ * \param[out] rdf the constructed rdf
++ * \return LDNS_STATUS_OK if all went well.
++ */
++ldns_status ldns_rdf_bitmap_known_rr_types_space(ldns_rdf** rdf);
++
++/**
++ * Create a rr type bitmap rdf with at least all known (to ldns) rr types set.
++ * \param[out] rdf the constructed rdf
++ * \return LDNS_STATUS_OK if all went well.
++ */
++ldns_status ldns_rdf_bitmap_known_rr_types(ldns_rdf** rdf);
++
++
++/**
++ * creates a new rr structure.
++ * \return ldns_rr *
++ */
++ldns_rr* ldns_rr_new(void);
++
++/**
++ * creates a new rr structure, based on the given type.
++ * alloc enough space to hold all the rdf's
++ */
++ldns_rr* ldns_rr_new_frm_type(ldns_rr_type t);
++
++/**
++ * frees an RR structure
++ * \param[in] *rr the RR to be freed
++ * \return void
++ */
++void ldns_rr_free(ldns_rr *rr);
++
++/**
++ * creates an rr from a string.
++ * The string should be a fully filled-in rr, like
++ * ownername <space> TTL <space> CLASS <space>
++ * TYPE <space> RDATA.
++ * \param[out] n the rr to return
++ * \param[in] str the string to convert
++ * \param[in] default_ttl default ttl value for the rr.
++ * If 0 DEF_TTL will be used
++ * \param[in] origin when the owner is relative add this.
++ * The caller must ldns_rdf_deep_free it.
++ * \param[out] prev the previous ownername. if this value is not NULL,
++ * the function overwrites this with the ownername found in this
++ * string. The caller must then ldns_rdf_deep_free it.
++ * \return a status msg describing an error or LDNS_STATUS_OK
++ */
++ldns_status ldns_rr_new_frm_str(ldns_rr **n, const char *str,
++ uint32_t default_ttl, ldns_rdf *origin,
++ ldns_rdf **prev);
++
++/**
++ * creates an rr for the question section from a string, i.e.
++ * without RDATA fields
++ * Origin and previous RR functionality are the same as in
++ * ldns_rr_new_frm_str()
++ * \param[out] n the rr to return
++ * \param[in] str the string to convert
++ * \param[in] origin when the owner is relative add this.
++ * The caller must ldns_rdf_deep_free it.
++ * \param prev the previous ownername. the function overwrite this with
++ * the current found ownername. The caller must ldns_rdf_deep_free it.
++ * \return a status msg describing an error or LDNS_STATUS_OK
++ */
++ldns_status ldns_rr_new_question_frm_str(ldns_rr **n, const char *str,
++ ldns_rdf *origin, ldns_rdf **prev);
++
++/**
++ * creates a new rr from a file containing a string.
++ * \param[out] rr the new rr
++ * \param[in] fp the file pointer to use
++ * \param[in] default_ttl pointer to a default ttl for the rr. If NULL DEF_TTL will be used
++ * the pointer will be updated if the file contains a $TTL directive
++ * \param[in] origin when the owner is relative add this
++ * the pointer will be updated if the file contains a $ORIGIN directive
++ * The caller must ldns_rdf_deep_free it.
++ * \param[in] prev when the owner is whitespaces use this as the * ownername
++ * the pointer will be updated after the call
++ * The caller must ldns_rdf_deep_free it.
++ * \return a ldns_status with an error or LDNS_STATUS_OK
++ */
++ldns_status ldns_rr_new_frm_fp(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev);
++
++/**
++ * creates a new rr from a file containing a string.
++ * \param[out] rr the new rr
++ * \param[in] fp the file pointer to use
++ * \param[in] default_ttl a default ttl for the rr. If NULL DEF_TTL will be used
++ * the pointer will be updated if the file contains a $TTL directive
++ * \param[in] origin when the owner is relative add this
++ * the pointer will be updated if the file contains a $ORIGIN directive
++ * The caller must ldns_rdf_deep_free it.
++ * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
++ * \param[in] prev when the owner is whitespaces use this as the * ownername
++ * the pointer will be updated after the call
++ * The caller must ldns_rdf_deep_free it.
++ * \return a ldns_status with an error or LDNS_STATUS_OK
++ */
++ldns_status ldns_rr_new_frm_fp_l(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr);
++
++/**
++ * sets the owner in the rr structure.
++ * \param[in] *rr rr to operate on
++ * \param[in] *owner set to this owner
++ * \return void
++ */
++void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner);
++
++/**
++ * sets the question flag in the rr structure.
++ * \param[in] *rr rr to operate on
++ * \param[in] question question flag
++ * \return void
++ */
++void ldns_rr_set_question(ldns_rr *rr, bool question);
++
++/**
++ * sets the ttl in the rr structure.
++ * \param[in] *rr rr to operate on
++ * \param[in] ttl set to this ttl
++ * \return void
++ */
++void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl);
++
++/**
++ * sets the rd_count in the rr.
++ * \param[in] *rr rr to operate on
++ * \param[in] count set to this count
++ * \return void
++ */
++void ldns_rr_set_rd_count(ldns_rr *rr, size_t count);
++
++/**
++ * sets the type in the rr.
++ * \param[in] *rr rr to operate on
++ * \param[in] rr_type set to this type
++ * \return void
++ */
++void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type);
++
++/**
++ * sets the class in the rr.
++ * \param[in] *rr rr to operate on
++ * \param[in] rr_class set to this class
++ * \return void
++ */
++void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class);
++
++/**
++ * sets a rdf member, it will be set on the
++ * position given. The old value is returned, like pop.
++ * \param[in] *rr the rr to operate on
++ * \param[in] *f the rdf to set
++ * \param[in] position the position the set the rdf
++ * \return the old value in the rr, NULL on failyre
++ */
++ldns_rdf* ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position);
++
++/**
++ * sets rd_field member, it will be
++ * placed in the next available spot.
++ * \param[in] *rr rr to operate on
++ * \param[in] *f the data field member to set
++ * \return bool
++ */
++bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f);
++
++/**
++ * removes a rd_field member, it will be
++ * popped from the last position.
++ * \param[in] *rr rr to operate on
++ * \return rdf which was popped (null if nothing)
++ */
++ldns_rdf* ldns_rr_pop_rdf(ldns_rr *rr);
++
++/**
++ * returns the rdata field member counter.
++ * \param[in] *rr rr to operate on
++ * \param[in] nr the number of the rdf to return
++ * \return ldns_rdf *
++ */
++ldns_rdf* ldns_rr_rdf(const ldns_rr *rr, size_t nr);
++
++/**
++ * returns the owner name of an rr structure.
++ * \param[in] *rr rr to operate on
++ * \return ldns_rdf *
++ */
++ldns_rdf* ldns_rr_owner(const ldns_rr *rr);
++
++/**
++ * returns the question flag of an rr structure.
++ * \param[in] *rr rr to operate on
++ * \return bool true if question
++ */
++bool ldns_rr_is_question(const ldns_rr *rr);
++
++/**
++ * returns the ttl of an rr structure.
++ * \param[in] *rr the rr to read from
++ * \return the ttl of the rr
++ */
++uint32_t ldns_rr_ttl(const ldns_rr *rr);
++
++/**
++ * returns the rd_count of an rr structure.
++ * \param[in] *rr the rr to read from
++ * \return the rd count of the rr
++ */
++size_t ldns_rr_rd_count(const ldns_rr *rr);
++
++/**
++ * returns the type of the rr.
++ * \param[in] *rr the rr to read from
++ * \return the type of the rr
++ */
++ldns_rr_type ldns_rr_get_type(const ldns_rr *rr);
++
++/**
++ * returns the class of the rr.
++ * \param[in] *rr the rr to read from
++ * \return the class of the rr
++ */
++ldns_rr_class ldns_rr_get_class(const ldns_rr *rr);
++
++/* rr_lists */
++
++/**
++ * returns the number of rr's in an rr_list.
++ * \param[in] rr_list the rr_list to read from
++ * \return the number of rr's
++ */
++size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list);
++
++/**
++ * sets the number of rr's in an rr_list.
++ * \param[in] rr_list the rr_list to set the count on
++ * \param[in] count the number of rr in this list
++ * \return void
++ */
++void ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count);
++
++/**
++ * set a rr on a specific index in a ldns_rr_list
++ * \param[in] rr_list the rr_list to use
++ * \param[in] r the rr to set
++ * \param[in] count index into the rr_list
++ * \return the old rr which was stored in the rr_list, or
++ * NULL is the index was too large
++ * set a specific rr */
++ldns_rr * ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count);
++
++/**
++ * returns a specific rr of an rrlist.
++ * \param[in] rr_list the rr_list to read from
++ * \param[in] nr return this rr
++ * \return the rr at position nr
++ */
++ldns_rr* ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr);
++
++/**
++ * creates a new rr_list structure.
++ * \return a new rr_list structure
++ */
++ldns_rr_list* ldns_rr_list_new(void);
++
++/**
++ * frees an rr_list structure.
++ * \param[in] rr_list the list to free
++ */
++void ldns_rr_list_free(ldns_rr_list *rr_list);
++
++/**
++ * frees an rr_list structure and all rrs contained therein.
++ * \param[in] rr_list the list to free
++ */
++void ldns_rr_list_deep_free(ldns_rr_list *rr_list);
++
++/**
++ * concatenates two ldns_rr_lists together. This modifies
++ * *left (to extend it and add the pointers from *right).
++ * \param[in] left the leftside
++ * \param[in] right the rightside
++ * \return a left with right concatenated to it
++ */
++bool ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right);
++
++/**
++ * concatenates two ldns_rr_lists together, but makes clones of the rr's
++ * (instead of pointer copying).
++ * \param[in] left the leftside
++ * \param[in] right the rightside
++ * \return a new rr_list with leftside/rightside concatenated
++ */
++ldns_rr_list* ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right);
++
++/**
++ * pushes an rr to an rrlist.
++ * \param[in] rr_list the rr_list to push to
++ * \param[in] rr the rr to push
++ * \return false on error, otherwise true
++ */
++bool ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr);
++
++/**
++ * pushes an rr_list to an rrlist.
++ * \param[in] rr_list the rr_list to push to
++ * \param[in] push_list the rr_list to push
++ * \return false on error, otherwise true
++ */
++bool ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list);
++
++/**
++ * pops the last rr from an rrlist.
++ * \param[in] rr_list the rr_list to pop from
++ * \return NULL if nothing to pop. Otherwise the popped RR
++ */
++ldns_rr* ldns_rr_list_pop_rr(ldns_rr_list *rr_list);
++
++/**
++ * pops an rr_list of size s from an rrlist.
++ * \param[in] rr_list the rr_list to pop from
++ * \param[in] size the number of rr's to pop
++ * \return NULL if nothing to pop. Otherwise the popped rr_list
++ */
++ldns_rr_list* ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t size);
++
++/**
++ * returns true if the given rr is one of the rrs in the
++ * list, or if it is equal to one
++ * \param[in] rr_list the rr_list to check
++ * \param[in] rr the rr to check
++ * \return true if rr_list contains rr, false otherwise
++ */
++bool ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr);
++
++/**
++ * checks if an rr_list is a rrset.
++ * \param[in] rr_list the rr_list to check
++ * \return true if it is an rrset otherwise false
++ */
++bool ldns_is_rrset(ldns_rr_list *rr_list);
++
++/**
++ * pushes an rr to an rrset (which really are rr_list's).
++ * \param[in] *rr_list the rrset to push the rr to
++ * \param[in] *rr the rr to push
++ * \return true if the push succeeded otherwise false
++ */
++bool ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr);
++
++/**
++ * pops the last rr from an rrset. This function is there only
++ * for the symmetry.
++ * \param[in] rr_list the rr_list to pop from
++ * \return NULL if nothing to pop. Otherwise the popped RR
++ *
++ */
++ldns_rr* ldns_rr_set_pop_rr(ldns_rr_list *rr_list);
++
++/**
++ * pops the first rrset from the list,
++ * the list must be sorted, so that all rr's from each rrset
++ * are next to each other
++ */
++ldns_rr_list *ldns_rr_list_pop_rrset(ldns_rr_list *rr_list);
++
++
++/**
++ * retrieves a rrtype by looking up its name.
++ * \param[in] name a string with the name
++ * \return the type which corresponds with the name
++ */
++ldns_rr_type ldns_get_rr_type_by_name(const char *name);
++
++/**
++ * retrieves a class by looking up its name.
++ * \param[in] name string with the name
++ * \return the cass which corresponds with the name
++ */
++ldns_rr_class ldns_get_rr_class_by_name(const char *name);
++
++/**
++ * clones a rr and all its data
++ * \param[in] rr the rr to clone
++ * \return the new rr or NULL on failure
++ */
++ldns_rr* ldns_rr_clone(const ldns_rr *rr);
++
++/**
++ * clones an rrlist.
++ * \param[in] rrlist the rrlist to clone
++ * \return the cloned rr list
++ */
++ldns_rr_list* ldns_rr_list_clone(const ldns_rr_list *rrlist);
++
++/**
++ * sorts an rr_list (canonical wire format). the sorting is done inband.
++ * \param[in] unsorted the rr_list to be sorted
++ * \return void
++ */
++void ldns_rr_list_sort(ldns_rr_list *unsorted);
++
++/**
++ * compares two rrs. The TTL is not looked at.
++ * \param[in] rr1 the first one
++ * \param[in] rr2 the second one
++ * \return 0 if equal
++ * -1 if rr1 comes before rr2
++ * +1 if rr2 comes before rr1
++ */
++int ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2);
++
++/**
++ * compares two rrs, up to the rdata.
++ * \param[in] rr1 the first one
++ * \param[in] rr2 the second one
++ * \return 0 if equal
++ * -1 if rr1 comes before rr2
++ * +1 if rr2 comes before rr1
++ */
++int ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2);
++
++/**
++ * compares the wireformat of two rrs, contained in the given buffers.
++ * \param[in] rr1_buf the first one
++ * \param[in] rr2_buf the second one
++ * \return 0 if equal
++ * -1 if rr1_buf comes before rr2_buf
++ * +1 if rr2_buf comes before rr1_buf
++ */
++int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf);
++
++/**
++ * returns true of the given rr's are equal.
++ * Also returns true if one record is a DS that represents the
++ * same DNSKEY record as the other record
++ * \param[in] rr1 the first rr
++ * \param[in] rr2 the second rr
++ * \return true if equal otherwise false
++ */
++bool ldns_rr_compare_ds(const ldns_rr *rr1, const ldns_rr *rr2);
++
++/**
++ * compares two rr listss.
++ * \param[in] rrl1 the first one
++ * \param[in] rrl2 the second one
++ * \return 0 if equal
++ * -1 if rrl1 comes before rrl2
++ * +1 if rrl2 comes before rrl1
++ */
++int ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2);
++
++/**
++ * calculates the uncompressed size of an RR.
++ * \param[in] r the rr to operate on
++ * \return size of the rr
++ */
++size_t ldns_rr_uncompressed_size(const ldns_rr *r);
++
++/**
++ * converts each dname in a rr to its canonical form.
++ * \param[in] rr the rr to work on
++ * \return void
++ */
++void ldns_rr2canonical(ldns_rr *rr);
++
++/**
++ * converts each dname in each rr in a rr_list to its canonical form.
++ * \param[in] rr_list the rr_list to work on
++ * \return void
++ */
++void ldns_rr_list2canonical(ldns_rr_list *rr_list);
++
++/**
++ * counts the number of labels of the ownername.
++ * \param[in] rr count the labels of this rr
++ * \return the number of labels
++ */
++uint8_t ldns_rr_label_count(ldns_rr *rr);
++
++/**
++ * returns the resource record descriptor for the given rr type.
++ *
++ * \param[in] type the type value of the rr type
++ *\return the ldns_rr_descriptor for this type
++ */
++const ldns_rr_descriptor *ldns_rr_descript(uint16_t type);
++
++/**
++ * returns the minimum number of rdata fields of the rr type this descriptor describes.
++ *
++ * \param[in] descriptor for an rr type
++ * \return the minimum number of rdata fields
++ */
++size_t ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor);
++
++/**
++ * returns the maximum number of rdata fields of the rr type this descriptor describes.
++ *
++ * \param[in] descriptor for an rr type
++ * \return the maximum number of rdata fields
++ */
++size_t ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor);
++
++/**
++ * returns the rdf type for the given rdata field number of the rr type for the given descriptor.
++ *
++ * \param[in] descriptor for an rr type
++ * \param[in] field the field number
++ * \return the rdf type for the field
++ */
++ldns_rdf_type ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, size_t field);
++
++/**
++ * Return the rr_list which matches the rdf at position field. Think
++ * type-covered stuff for RRSIG
++ *
++ * \param[in] l the rr_list to look in
++ * \param[in] r the rdf to use for the comparison
++ * \param[in] pos at which position can we find the rdf
++ *
++ * \return a new rr list with only the RRs that match
++ *
++ */
++ldns_rr_list *ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos);
++
++/**
++ * convert an rdf of type LDNS_RDF_TYPE_TYPE to an actual
++ * LDNS_RR_TYPE. This is usefull in the case when inspecting
++ * the rrtype covered field of an RRSIG.
++ * \param[in] rd the rdf to look at
++ * \return a ldns_rr_type with equivalent LDNS_RR_TYPE
++ *
++ */
++ldns_rr_type ldns_rdf2rr_type(const ldns_rdf *rd);
++
++/**
++ * Returns the type of the first element of the RR
++ * If there are no elements present, 0 is returned
++ *
++ * \param[in] rr_list The rr list
++ * \return rr_type of the first element, or 0 if the list is empty
++ */
++ldns_rr_type
++ldns_rr_list_type(const ldns_rr_list *rr_list);
++
++/**
++ * Returns the owner domain name rdf of the first element of the RR
++ * If there are no elements present, NULL is returned
++ *
++ * \param[in] rr_list The rr list
++ * \return dname of the first element, or NULL if the list is empty
++ */
++ldns_rdf *
++ldns_rr_list_owner(const ldns_rr_list *rr_list);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_RR_H */
+diff --git a/ldns/include/ldns/rr_functions.h b/ldns/include/ldns/rr_functions.h
+new file mode 100644
+index 0000000..09a28dd
+--- /dev/null
++++ b/ldns/include/ldns/rr_functions.h
+@@ -0,0 +1,363 @@
++/*
++ * rr_functions.h
++ *
++ * the .h file with defs for the per rr
++ * functions
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++#ifndef LDNS_RR_FUNCTIONS_H
++#define LDNS_RR_FUNCTIONS_H
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * \file
++ *
++ * Defines some extra convenience functions for ldns_rr structures
++ */
++
++/* A / AAAA */
++/**
++ * returns the address of a LDNS_RR_TYPE_A rr
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the address or NULL on failure
++ */
++ldns_rdf* ldns_rr_a_address(const ldns_rr *r);
++
++/**
++ * sets the address of a LDNS_RR_TYPE_A rr
++ * \param[in] r the rr to use
++ * \param[in] f the address to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f);
++
++/* NS */
++/**
++ * returns the name of a LDNS_RR_TYPE_NS rr
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the name or NULL on failure
++ */
++ldns_rdf* ldns_rr_ns_nsdname(const ldns_rr *r);
++
++/* MX */
++/**
++ * returns the mx pref. of a LDNS_RR_TYPE_MX rr
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the preference or NULL on failure
++ */
++ldns_rdf* ldns_rr_mx_preference(const ldns_rr *r);
++/**
++ * returns the mx host of a LDNS_RR_TYPE_MX rr
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the name of the MX host or NULL on failure
++ */
++ldns_rdf* ldns_rr_mx_exchange(const ldns_rr *r);
++
++/* RRSIG */
++/**
++ * returns the type covered of a LDNS_RR_TYPE_RRSIG rr
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the type covered or NULL on failure
++ */
++ldns_rdf* ldns_rr_rrsig_typecovered(const ldns_rr *r);
++/**
++ * sets the typecovered of a LDNS_RR_TYPE_RRSIG rr
++ * \param[in] r the rr to use
++ * \param[in] f the typecovered to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the algorithm of a LDNS_RR_TYPE_RRSIG RR
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the algorithm or NULL on failure
++ */
++ldns_rdf* ldns_rr_rrsig_algorithm(const ldns_rr *r);
++/**
++ * sets the algorithm of a LDNS_RR_TYPE_RRSIG rr
++ * \param[in] r the rr to use
++ * \param[in] f the algorithm to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the number of labels of a LDNS_RR_TYPE_RRSIG RR
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the number of labels or NULL on failure
++ */
++ldns_rdf *ldns_rr_rrsig_labels(const ldns_rr *r);
++/**
++ * sets the number of labels of a LDNS_RR_TYPE_RRSIG rr
++ * \param[in] r the rr to use
++ * \param[in] f the number of labels to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the original TTL of a LDNS_RR_TYPE_RRSIG RR
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the original TTL or NULL on failure
++ */
++ldns_rdf* ldns_rr_rrsig_origttl(const ldns_rr *r);
++/**
++ * sets the original TTL of a LDNS_RR_TYPE_RRSIG rr
++ * \param[in] r the rr to use
++ * \param[in] f the original TTL to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the expiration time of a LDNS_RR_TYPE_RRSIG RR
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the expiration time or NULL on failure
++ */
++ldns_rdf* ldns_rr_rrsig_expiration(const ldns_rr *r);
++/**
++ * sets the expireation date of a LDNS_RR_TYPE_RRSIG rr
++ * \param[in] r the rr to use
++ * \param[in] f the expireation date to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the inception time of a LDNS_RR_TYPE_RRSIG RR
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the inception time or NULL on failure
++ */
++ldns_rdf* ldns_rr_rrsig_inception(const ldns_rr *r);
++/**
++ * sets the inception date of a LDNS_RR_TYPE_RRSIG rr
++ * \param[in] r the rr to use
++ * \param[in] f the inception date to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the keytag of a LDNS_RR_TYPE_RRSIG RR
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the keytag or NULL on failure
++ */
++ldns_rdf* ldns_rr_rrsig_keytag(const ldns_rr *r);
++/**
++ * sets the keytag of a LDNS_RR_TYPE_RRSIG rr
++ * \param[in] r the rr to use
++ * \param[in] f the keytag to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the signers name of a LDNS_RR_TYPE_RRSIG RR
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the signers name or NULL on failure
++ */
++ldns_rdf* ldns_rr_rrsig_signame(const ldns_rr *r);
++/**
++ * sets the signers name of a LDNS_RR_TYPE_RRSIG rr
++ * \param[in] r the rr to use
++ * \param[in] f the signers name to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the signature data of a LDNS_RR_TYPE_RRSIG RR
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the signature data or NULL on failure
++ */
++ldns_rdf* ldns_rr_rrsig_sig(const ldns_rr *r);
++/**
++ * sets the signature data of a LDNS_RR_TYPE_RRSIG rr
++ * \param[in] r the rr to use
++ * \param[in] f the signature data to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f);
++
++/* DNSKEY */
++/**
++ * returns the flags of a LDNS_RR_TYPE_DNSKEY rr
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the flags or NULL on failure
++ */
++ldns_rdf* ldns_rr_dnskey_flags(const ldns_rr *r);
++/**
++ * sets the flags of a LDNS_RR_TYPE_DNSKEY rr
++ * \param[in] r the rr to use
++ * \param[in] f the flags to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the protocol of a LDNS_RR_TYPE_DNSKEY rr
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the protocol or NULL on failure
++ */
++ldns_rdf* ldns_rr_dnskey_protocol(const ldns_rr *r);
++/**
++ * sets the protocol of a LDNS_RR_TYPE_DNSKEY rr
++ * \param[in] r the rr to use
++ * \param[in] f the protocol to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the algorithm of a LDNS_RR_TYPE_DNSKEY rr
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the algorithm or NULL on failure
++ */
++ldns_rdf* ldns_rr_dnskey_algorithm(const ldns_rr *r);
++/**
++ * sets the algorithm of a LDNS_RR_TYPE_DNSKEY rr
++ * \param[in] r the rr to use
++ * \param[in] f the algorithm to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f);
++/**
++ * returns the key data of a LDNS_RR_TYPE_DNSKEY rr
++ * \param[in] r the resource record
++ * \return a ldns_rdf* with the key data or NULL on failure
++ */
++ldns_rdf* ldns_rr_dnskey_key(const ldns_rr *r);
++/**
++ * sets the key data of a LDNS_RR_TYPE_DNSKEY rr
++ * \param[in] r the rr to use
++ * \param[in] f the key data to set
++ * \return true on success, false otherwise
++ */
++bool ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f);
++
++/**
++ * get the length of the keydata in bits
++ * \param[in] keydata the raw key data
++ * \param[in] len the length of the keydata
++ * \param[in] alg the cryptographic algorithm this is a key for
++ * \return the keysize in bits, or 0 on error
++ */
++size_t ldns_rr_dnskey_key_size_raw(const unsigned char *keydata,
++ const size_t len,
++ const ldns_algorithm alg);
++
++/**
++ * get the length of the keydata in bits
++ * \param[in] key the key rr to use
++ * \return the keysize in bits
++ */
++size_t ldns_rr_dnskey_key_size(const ldns_rr *key);
++
++/**
++ * The type of function to be passed to ldns_rr_soa_increment_func,
++ * ldns_rr_soa_increment_func_data or ldns_rr_soa_increment_int.
++ * The function will be called with as the first argument the current serial
++ * number of the SOA RR to be updated, and as the second argument a value
++ * given when calling ldns_rr_soa_increment_func_data or
++ * ldns_rr_soa_increment_int. With ldns_rr_soa_increment_int the pointer
++ * value holds the integer value passed to ldns_rr_soa_increment_int,
++ * and it should be cast to intptr_t to be used as an integer by the
++ * serial modifying function.
++ */
++typedef uint32_t (*ldns_soa_serial_increment_func_t)(uint32_t, void*);
++
++/**
++ * Function to be used with dns_rr_soa_increment_func_int, to set the soa
++ * serial number.
++ * \param[in] unused the (unused) current serial number.
++ * \param[in] data the serial number to be set.
++ */
++uint32_t ldns_soa_serial_identity(uint32_t unused, void *data);
++
++/**
++ * Function to be used with dns_rr_soa_increment_func, to increment the soa
++ * serial number with one.
++ * \param[in] s the current serial number.
++ * \param[in] unused unused.
++ */
++uint32_t ldns_soa_serial_increment(uint32_t s, void *unused);
++
++/**
++ * Function to be used with dns_rr_soa_increment_func_int, to increment the soa
++ * serial number with a certain amount.
++ * \param[in] s the current serial number.
++ * \param[in] data the amount to add to the current serial number.
++ */
++uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data);
++
++/**
++ * Function to be used with ldns_rr_soa_increment_func or
++ * ldns_rr_soa_increment_func_int to set the soa serial to the number of
++ * seconds since unix epoch (1-1-1970 00:00).
++ * When data is given (i.e. the function is called via
++ * ldns_rr_soa_increment_func_int), it is used as the current time.
++ * When the resulting serial number is smaller than the current serial number,
++ * the current serial number is increased by one.
++ * \param[in] s the current serial number.
++ * \param[in] data the time in seconds since 1-1-1970 00:00
++ */
++uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data);
++
++/**
++ * Function to be used with ldns_rr_soa_increment_func or
++ * ldns_rr_soa_increment_func_int to set the soa serial to the current date
++ * succeeded by a two digit iteration (datecounter).
++ * When data is given (i.e. the function is called via
++ * ldns_rr_soa_increment_func_int), it is used as the current time.
++ * When the resulting serial number is smaller than the current serial number,
++ * the current serial number is increased by one.
++ * \param[in] s the current serial number.
++ * \param[in] data the time in seconds since 1-1-1970 00:00
++ */
++uint32_t ldns_soa_serial_datecounter(uint32_t s, void *data);
++
++/**
++ * Increment the serial number of the given SOA by one.
++ * \param[in] soa The soa rr to be incremented
++ */
++void ldns_rr_soa_increment(
++ ldns_rr *soa);
++
++/**
++ * Increment the serial number of the given SOA with the given function.
++ * Included functions to be used here are: ldns_rr_soa_increment,
++ * ldns_soa_serial_unixtime and ldns_soa_serial_datecounter.
++ * \param[in] soa The soa rr to be incremented
++ * \param[in] f the function to use to increment the soa rr.
++ */
++void ldns_rr_soa_increment_func(
++ ldns_rr *soa, ldns_soa_serial_increment_func_t f);
++
++/**
++ * Increment the serial number of the given SOA with the given function
++ * passing it the given data argument.
++ * \param[in] soa The soa rr to be incremented
++ * \param[in] f the function to use to increment the soa rr.
++ * \param[in] data this argument will be passed to f as the second argument.
++ */
++void ldns_rr_soa_increment_func_data(
++ ldns_rr *soa, ldns_soa_serial_increment_func_t f, void *data);
++
++/**
++ * Increment the serial number of the given SOA with the given function
++ * using data as an argument for the function.
++ * Included functions to be used here are: ldns_soa_serial_identity,
++ * ldns_rr_soa_increment_by, ldns_soa_serial_unixtime and
++ * ldns_soa_serial_datecounter.
++ * \param[in] soa The soa rr to be incremented
++ * \param[in] f the function to use to increment the soa rr.
++ * \param[in] data this argument will be passed to f as the second argument
++ * (by casting it to void*).
++ */
++void ldns_rr_soa_increment_func_int(
++ ldns_rr *soa, ldns_soa_serial_increment_func_t f, int data);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_RR_FUNCTIONS_H */
+diff --git a/ldns/include/ldns/sha1.h b/ldns/include/ldns/sha1.h
+new file mode 100644
+index 0000000..d5b1082
+--- /dev/null
++++ b/ldns/include/ldns/sha1.h
+@@ -0,0 +1,38 @@
++#ifndef LDNS_SHA1_H
++#define LDNS_SHA1_H
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define LDNS_SHA1_BLOCK_LENGTH 64
++#define LDNS_SHA1_DIGEST_LENGTH 20
++
++typedef struct {
++ uint32_t state[5];
++ uint64_t count;
++ unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH];
++} ldns_sha1_ctx;
++
++void ldns_sha1_init(ldns_sha1_ctx * context);
++void ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]);
++void ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len);
++void ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context);
++
++/**
++ * Convenience function to digest a fixed block of data at once.
++ *
++ * \param[in] data the data to digest
++ * \param[in] data_len the length of data in bytes
++ * \param[out] digest the length of data in bytes
++ * This pointer MUST have LDNS_SHA1_DIGEST_LENGTH bytes
++ * available
++ * \return the SHA1 digest of the given data
++ */
++unsigned char *ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_SHA1_H */
+diff --git a/ldns/include/ldns/sha2.h b/ldns/include/ldns/sha2.h
+new file mode 100644
+index 0000000..238767a
+--- /dev/null
++++ b/ldns/include/ldns/sha2.h
+@@ -0,0 +1,149 @@
++/*
++ * FILE: sha2.h
++ * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/
++ *
++ * Copyright (c) 2000-2001, Aaron D. Gifford
++ * All rights reserved.
++ *
++ * Modified by Jelte Jansen to fit in ldns, and not clash with any
++ * system-defined SHA code.
++ * Changes:
++ * - Renamed (external) functions and constants to fit ldns style
++ * - Removed uintXX vs. u_intXX smartness, since ldns needs uintXX
++ * anyway
++ * - BYTE ORDER check replaced by simple ifdef as defined or not by
++ * configure.ac
++ * - Removed _End and _Data functions
++ * - Added ldns_shaX(data, len, digest) functions
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. Neither the name of the copyright holder nor the names of contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * $Id: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
++ */
++
++#ifndef __LDNS_SHA2_H__
++#define __LDNS_SHA2_H__
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++
++/*
++ * Import u_intXX_t size_t type definitions from system headers. You
++ * may need to change this, or define these things yourself in this
++ * file.
++ */
++#include <sys/types.h>
++
++#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H
++
++#include <inttypes.h>
++
++#endif /* LDNS_BUILD_CONFIG_HAVE_INTTYPES_H */
++
++
++/*** SHA-256/384/512 Various Length Definitions ***********************/
++#define LDNS_SHA256_BLOCK_LENGTH 64
++#define LDNS_SHA256_DIGEST_LENGTH 32
++#define LDNS_SHA256_DIGEST_STRING_LENGTH (LDNS_SHA256_DIGEST_LENGTH * 2 + 1)
++#define LDNS_SHA384_BLOCK_LENGTH 128
++#define LDNS_SHA384_DIGEST_LENGTH 48
++#define LDNS_SHA384_DIGEST_STRING_LENGTH (LDNS_SHA384_DIGEST_LENGTH * 2 + 1)
++#define LDNS_SHA512_BLOCK_LENGTH 128
++#define LDNS_SHA512_DIGEST_LENGTH 64
++#define LDNS_SHA512_DIGEST_STRING_LENGTH (LDNS_SHA512_DIGEST_LENGTH * 2 + 1)
++
++
++/*** SHA-256/384/512 Context Structures *******************************/
++
++typedef struct _ldns_sha256_CTX {
++ uint32_t state[8];
++ uint64_t bitcount;
++ uint8_t buffer[LDNS_SHA256_BLOCK_LENGTH];
++} ldns_sha256_CTX;
++typedef struct _ldns_sha512_CTX {
++ uint64_t state[8];
++ uint64_t bitcount[2];
++ uint8_t buffer[LDNS_SHA512_BLOCK_LENGTH];
++} ldns_sha512_CTX;
++
++typedef ldns_sha512_CTX ldns_sha384_CTX;
++
++
++/*** SHA-256/384/512 Function Prototypes ******************************/
++void ldns_sha256_init(ldns_sha256_CTX *);
++void ldns_sha256_update(ldns_sha256_CTX*, const uint8_t*, size_t);
++void ldns_sha256_final(uint8_t[LDNS_SHA256_DIGEST_LENGTH], ldns_sha256_CTX*);
++
++void ldns_sha384_init(ldns_sha384_CTX*);
++void ldns_sha384_update(ldns_sha384_CTX*, const uint8_t*, size_t);
++void ldns_sha384_final(uint8_t[LDNS_SHA384_DIGEST_LENGTH], ldns_sha384_CTX*);
++
++void ldns_sha512_init(ldns_sha512_CTX*);
++void ldns_sha512_update(ldns_sha512_CTX*, const uint8_t*, size_t);
++void ldns_sha512_final(uint8_t[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_CTX*);
++
++/**
++ * Convenience function to digest a fixed block of data at once.
++ *
++ * \param[in] data the data to digest
++ * \param[in] data_len the length of data in bytes
++ * \param[out] digest the length of data in bytes
++ * This pointer MUST have LDNS_SHA256_DIGEST_LENGTH bytes
++ * available
++ * \return the SHA1 digest of the given data
++ */
++unsigned char *ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest);
++
++/**
++ * Convenience function to digest a fixed block of data at once.
++ *
++ * \param[in] data the data to digest
++ * \param[in] data_len the length of data in bytes
++ * \param[out] digest the length of data in bytes
++ * This pointer MUST have LDNS_SHA384_DIGEST_LENGTH bytes
++ * available
++ * \return the SHA1 digest of the given data
++ */
++unsigned char *ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest);
++
++/**
++ * Convenience function to digest a fixed block of data at once.
++ *
++ * \param[in] data the data to digest
++ * \param[in] data_len the length of data in bytes
++ * \param[out] digest the length of data in bytes
++ * This pointer MUST have LDNS_SHA512_DIGEST_LENGTH bytes
++ * available
++ * \return the SHA1 digest of the given data
++ */
++unsigned char *ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest);
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __LDNS_SHA2_H__ */
+diff --git a/ldns/include/ldns/str2host.h b/ldns/include/ldns/str2host.h
+new file mode 100644
+index 0000000..d639970
+--- /dev/null
++++ b/ldns/include/ldns/str2host.h
+@@ -0,0 +1,319 @@
++/**
++ * str2host.h - conversion from str to the host fmt
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#ifndef LDNS_2HOST_H
++#define LDNS_2HOST_H
++
++#include <ldns/common.h>
++#include <ldns/error.h>
++#include <ldns/rr.h>
++#include <ldns/rdata.h>
++#include <ldns/packet.h>
++#include <ldns/buffer.h>
++#include <ctype.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * \file
++ *
++ * Defines functions to convert dns data in presentation format or text files
++ * to internal structures.
++ */
++
++/**
++ * convert a byte into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] bytestr the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr);
++
++/**
++ * convert a string to a int16 in wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] shortstr the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr);
++
++/**
++ * convert a strings into a 4 byte int in wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] longstr the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr);
++
++/**
++ * convert a time string to a time value in wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] time the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_time(ldns_rdf **rd, const char *time);
++
++/* convert string with NSEC3 salt to wireformat)
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * return ldns_status
++ */
++ldns_status ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *nsec3_salt);
++
++/* convert a time period (think TTL's) to wireformat)
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * return ldns_status
++ */
++ldns_status ldns_str2rdf_period(ldns_rdf **rd, const char *str);
++
++/**
++ * convert str with an A record into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_a(ldns_rdf **rd, const char *str);
++
++/**
++ * convert the str with an AAAA record into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a string into wireformat (think txt record)
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted (NULL terminated)
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_str(ldns_rdf **rd, const char *str);
++
++/**
++ * convert str with the apl record into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_apl(ldns_rdf **rd, const char *str);
++
++/**
++ * convert the string with the b64 data into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str);
++
++/**
++ * convert the string with the b32 ext hex data into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a hex value into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_hex(ldns_rdf **rd, const char *str);
++
++/**
++ * convert string with nsec into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_nsec(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a rrtype into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_type(ldns_rdf **rd, const char *str);
++
++/**
++ * convert string with a classname into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_class(ldns_rdf **rd, const char *str);
++
++/**
++ * convert an certificate algorithm value into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str);
++
++/**
++ * convert an algorithm value into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_alg(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a tlsa certificate usage value into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a tlsa selector value into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_selector(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a tlsa matching type value into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a string with a unknown RR into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_unknown(ldns_rdf **rd, const char *str);
++
++/**
++ * convert string with a protocol service into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_service(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a string with a LOC RR into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_loc(ldns_rdf **rd, const char *str);
++
++/**
++ * convert string with a WKS RR into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_wks(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a str with a NSAP RR into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_nsap(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a str with a ATMA RR into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_atma(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a str with a IPSECKEY RR into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str);
++
++/**
++ * convert a dname string into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_dname(ldns_rdf **rd, const char *str);
++
++/**
++ * convert 4 * 16bit hex separated by colons into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_ilnp64(ldns_rdf **rd, const char *str);
++
++/**
++ * convert 6 hex bytes separated by dashes into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_eui48(ldns_rdf **rd, const char *str);
++
++/**
++ * convert 8 hex bytes separated by dashes into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_eui64(ldns_rdf **rd, const char *str);
++
++/**
++ * Convert a non-zero sequence of US-ASCII letters and numbers into wireformat
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_tag(ldns_rdf **rd, const char *str);
++
++/**
++ * Convert a <character-string> encoding of the value field as specified
++ * [RFC1035], Section 5.1., encoded as one bug chunk of data.
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_long_str(ldns_rdf **rd, const char *str);
++
++/**
++ * Convert a "<algorithm> <hit> <pk>" encoding of the value field as specified
++ * in Section 6. of [RFC5205], encoded as wireformat as specified in Section 5.
++ * of [RFC5205].
++ * \param[in] rd the rdf where to put the data
++ * \param[in] str the string to be converted
++ * \return ldns_status
++ */
++ldns_status ldns_str2rdf_hip(ldns_rdf **rd, const char *str);
++
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_2HOST_H */
+diff --git a/ldns/include/ldns/tsig.h b/ldns/include/ldns/tsig.h
+new file mode 100644
+index 0000000..676045f
+--- /dev/null
++++ b/ldns/include/ldns/tsig.h
+@@ -0,0 +1,101 @@
++/*
++ * tsig.h -- defines for TSIG [RFC2845]
++ *
++ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
++ *
++ * See LICENSE for the license.
++ */
++
++#ifndef LDNS_TSIG_H
++#define LDNS_TSIG_H
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * \file
++ *
++ * Defines functions for TSIG usage
++ */
++
++
++/**
++ * Contains credentials for TSIG
++*/
++typedef struct ldns_tsig_credentials_struct
++{
++ char *algorithm;
++ char *keyname;
++ char *keydata;
++ /* XXX More eventually. */
++} ldns_tsig_credentials;
++
++char *ldns_tsig_algorithm(ldns_tsig_credentials *);
++char *ldns_tsig_keyname(ldns_tsig_credentials *);
++char *ldns_tsig_keydata(ldns_tsig_credentials *);
++char *ldns_tsig_keyname_clone(ldns_tsig_credentials *);
++char *ldns_tsig_keydata_clone(ldns_tsig_credentials *);
++
++/**
++ * verifies the tsig rr for the given packet and key.
++ * The wire must be given too because tsig does not sign normalized packets.
++ * \param[in] pkt the packet to verify
++ * \param[in] wire needed to verify the mac
++ * \param[in] wire_size size of wire
++ * \param[in] key_name the name of the shared key
++ * \param[in] key_data the key in base 64 format
++ * \param[in] mac original mac
++ * \return true if tsig is correct, false if not, or if tsig is not set
++ */
++bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac);
++
++/**
++ * verifies the tsig rr for the given packet and key.
++ * The wire must be given too because tsig does not sign normalized packets.
++ * \param[in] pkt the packet to verify
++ * \param[in] wire needed to verify the mac
++ * \param[in] wire_size size of wire
++ * \param[in] key_name the name of the shared key
++ * \param[in] key_data the key in base 64 format
++ * \param[in] mac original mac
++ * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
++ components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac.
++ * \return true if tsig is correct, false if not, or if tsig is not set
++ */
++bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac,
++ int tsig_timers_only);
++
++/**
++ * creates a tsig rr for the given packet and key.
++ * \param[in] pkt the packet to sign
++ * \param[in] key_name the name of the shared key
++ * \param[in] key_data the key in base 64 format
++ * \param[in] fudge seconds of error permitted in time signed
++ * \param[in] algorithm_name the name of the algorithm used
++ * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
++ * \return status (OK if success)
++ */
++ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
++ const char *algorithm_name, ldns_rdf *query_mac);
++
++/**
++ * creates a tsig rr for the given packet and key.
++ * \param[in] pkt the packet to sign
++ * \param[in] key_name the name of the shared key
++ * \param[in] key_data the key in base 64 format
++ * \param[in] fudge seconds of error permitted in time signed
++ * \param[in] algorithm_name the name of the algorithm used
++ * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
++ * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
++ components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac.
++ * \return status (OK if success)
++ */
++ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
++ const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_TSIG_H */
+diff --git a/ldns/include/ldns/update.h b/ldns/include/ldns/update.h
+new file mode 100644
+index 0000000..d3459d3
+--- /dev/null
++++ b/ldns/include/ldns/update.h
+@@ -0,0 +1,115 @@
++/*
++ * update.h
++ *
++ * Functions for RFC 2136 Dynamic Update
++ *
++ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
++ *
++ * See LICENSE for the license.
++ */
++
++/**
++ * \file
++ *
++ * Defines functions to perform UPDATE queries
++ */
++
++
++#ifndef LDNS_UPDATE_H
++#define LDNS_UPDATE_H
++
++#include <ldns/resolver.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * create an update packet from zone name, class and the rr lists
++ * \param[in] zone_rdf name of the zone
++ * \param[in] clas zone class
++ * \param[in] pr_rrlist list of Prerequisite Section RRs
++ * \param[in] up_rrlist list of Updates Section RRs
++ * \param[in] ad_rrlist list of Additional Data Section RRs (currently unused)
++ * \return the new packet
++ */
++ldns_pkt *ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class clas, ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist);
++
++/**
++ * add tsig credentials to
++ * a packet from a resolver
++ * \param[in] p packet to copy to
++ * \param[in] r resolver to copy from
++ *
++ * \return status wether successfull or not
++ */
++ldns_status ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r);
++
++/* access functions */
++
++/**
++ * Get the zo count
++ * \param[in] p the packet
++ * \return the zo count
++ */
++uint16_t ldns_update_zocount(const ldns_pkt *p);
++/**
++ * Get the zo count
++ * \param[in] p the packet
++ * \return the pr count
++ */
++uint16_t ldns_update_prcount(const ldns_pkt *p);
++/**
++ * Get the zo count
++ * \param[in] p the packet
++ * \return the up count
++ */
++uint16_t ldns_update_upcount(const ldns_pkt *p);
++/**
++ * Get the zo count
++ * \param[in] p the packet
++ * \return the ad count
++ */
++uint16_t ldns_update_ad(const ldns_pkt *p);
++/**
++ * Set the zo count
++ * \param[in] p the packet
++ * \param[in] c the zo count to set
++ */
++void ldns_update_set_zo(ldns_pkt *p, uint16_t c);
++/**
++ * Set the pr count
++ * \param[in] p the packet
++ * \param[in] c the pr count to set
++ */
++void ldns_update_set_prcount(ldns_pkt *p, uint16_t c);
++/**
++ * Set the up count
++ * \param[in] p the packet
++ * \param[in] c the up count to set
++ */
++void ldns_update_set_upcount(ldns_pkt *p, uint16_t c);
++/**
++ * Set the ad count
++ * \param[in] p the packet
++ * \param[in] c the ad count to set
++ */
++void ldns_update_set_adcount(ldns_pkt *p, uint16_t c);
++
++/* soa functions that need to be configured */
++/*
++ * Not sure if we want to keep these like this, therefore
++ * not documented
++ */
++ldns_status ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, ldns_rr_class c, ldns_rdf **mname);
++/*
++ * Not sure if we want to keep these like this, therefore
++ * not documented
++ */
++ldns_status ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_UPDATE_H */
+diff --git a/ldns/include/ldns/util.h b/ldns/include/ldns/util.h
+new file mode 100644
+index 0000000..86848eb
+--- /dev/null
++++ b/ldns/include/ldns/util.h
+@@ -0,0 +1,392 @@
++/*
++ * util.h
++ *
++ * helper function header file
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004
++ *
++ * See the file LICENSE for the license
++ */
++
++#ifndef _UTIL_H
++#define _UTIL_H
++
++#include "EXTERN.h"
++#include "perl.h"
++#include <ldns/common.h>
++#include <time.h>
++#include <stdio.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define dprintf(X,Y) fprintf(stderr, (X), (Y))
++/* #define dprintf(X, Y) */
++
++#define LDNS_VERSION "1.6.18"
++#define LDNS_REVISION ((1<<16)|(6<<8)|(18))
++
++/**
++ * splint static inline workaround
++ */
++#ifdef S_SPLINT_S
++# define INLINE
++#else
++# ifdef SWIG
++# define INLINE static
++# else
++# define INLINE static inline
++# endif
++#endif
++
++/**
++ * Memory management macros
++ */
++#define LDNS_MALLOC(type) LDNS_XMALLOC(type, 1)
++
++#define LDNS_XMALLOC(type, count) ((type *) malloc((count) * sizeof(type)))
++
++#define LDNS_CALLOC(type, count) ((type *) calloc((count), sizeof(type)))
++
++#define LDNS_REALLOC(ptr, type) LDNS_XREALLOC((ptr), type, 1)
++
++#define LDNS_XREALLOC(ptr, type, count) \
++ ((type *) realloc((ptr), (count) * sizeof(type)))
++
++#define LDNS_FREE(ptr) \
++ do { free((ptr)); (ptr) = NULL; } while (0)
++
++#define LDNS_DEP printf("DEPRECATED FUNCTION!\n");
++
++/*
++ * Copy data allowing for unaligned accesses in network byte order
++ * (big endian).
++ */
++INLINE uint16_t
++ldns_read_uint16(const void *src)
++{
++#ifdef ALLOW_UNALIGNED_ACCESSES
++ return ntohs(*(const uint16_t *) src);
++#else
++ const uint8_t *p = (const uint8_t *) src;
++ return ((uint16_t) p[0] << 8) | (uint16_t) p[1];
++#endif
++}
++
++INLINE uint32_t
++ldns_read_uint32(const void *src)
++{
++#ifdef ALLOW_UNALIGNED_ACCESSES
++ return ntohl(*(const uint32_t *) src);
++#else
++ const uint8_t *p = (const uint8_t *) src;
++ return ( ((uint32_t) p[0] << 24)
++ | ((uint32_t) p[1] << 16)
++ | ((uint32_t) p[2] << 8)
++ | (uint32_t) p[3]);
++#endif
++}
++
++/*
++ * Copy data allowing for unaligned accesses in network byte order
++ * (big endian).
++ */
++INLINE void
++ldns_write_uint16(void *dst, uint16_t data)
++{
++#ifdef ALLOW_UNALIGNED_ACCESSES
++ * (uint16_t *) dst = htons(data);
++#else
++ uint8_t *p = (uint8_t *) dst;
++ p[0] = (uint8_t) ((data >> 8) & 0xff);
++ p[1] = (uint8_t) (data & 0xff);
++#endif
++}
++
++INLINE void
++ldns_write_uint32(void *dst, uint32_t data)
++{
++#ifdef ALLOW_UNALIGNED_ACCESSES
++ * (uint32_t *) dst = htonl(data);
++#else
++ uint8_t *p = (uint8_t *) dst;
++ p[0] = (uint8_t) ((data >> 24) & 0xff);
++ p[1] = (uint8_t) ((data >> 16) & 0xff);
++ p[2] = (uint8_t) ((data >> 8) & 0xff);
++ p[3] = (uint8_t) (data & 0xff);
++#endif
++}
++
++/* warning. */
++INLINE void
++ldns_write_uint64_as_uint48(void *dst, uint64_t data)
++{
++ uint8_t *p = (uint8_t *) dst;
++ p[0] = (uint8_t) ((data >> 40) & 0xff);
++ p[1] = (uint8_t) ((data >> 32) & 0xff);
++ p[2] = (uint8_t) ((data >> 24) & 0xff);
++ p[3] = (uint8_t) ((data >> 16) & 0xff);
++ p[4] = (uint8_t) ((data >> 8) & 0xff);
++ p[5] = (uint8_t) (data & 0xff);
++}
++
++
++/**
++ * Structure to do a Schwartzian-like transformation, for instance when
++ * sorting. If you need a transformation on the objects that are sorted,
++ * you can sue this to store the transformed values, so you do not
++ * need to do the transformation again for each comparison
++ */
++struct ldns_schwartzian_compare_struct {
++ void *original_object;
++ void *transformed_object;
++};
++
++/** A general purpose lookup table
++ *
++ * Lookup tables are arrays of (id, name) pairs,
++ * So you can for instance lookup the RCODE 3, which is "NXDOMAIN",
++ * and vice versa. The lookup tables themselves are defined wherever needed,
++ * for instance in \ref host2str.c
++ */
++struct ldns_struct_lookup_table {
++ int id;
++ const char *name;
++};
++typedef struct ldns_struct_lookup_table ldns_lookup_table;
++
++/**
++ * Looks up the table entry by name, returns NULL if not found.
++ * \param[in] table the lookup table to search in
++ * \param[in] name what to search for
++ * \return the item found
++ */
++ldns_lookup_table *ldns_lookup_by_name(ldns_lookup_table table[],
++ const char *name);
++
++/**
++ * Looks up the table entry by id, returns NULL if not found.
++ * \param[in] table the lookup table to search in
++ * \param[in] id what to search for
++ * \return the item found
++ */
++ldns_lookup_table *ldns_lookup_by_id(ldns_lookup_table table[], int id);
++
++/**
++ * Returns the value of the specified bit
++ * The bits are counted from left to right, so bit #0 is the
++ * left most bit.
++ * \param[in] bits array holding the bits
++ * \param[in] index to the wanted bit
++ * \return
++ */
++int ldns_get_bit(uint8_t bits[], size_t index);
++
++
++/**
++ * Returns the value of the specified bit
++ * The bits are counted from right to left, so bit #0 is the
++ * right most bit.
++ * \param[in] bits array holding the bits
++ * \param[in] index to the wanted bit
++ * \return 1 or 0 depending no the bit state
++ */
++int ldns_get_bit_r(uint8_t bits[], size_t index);
++
++/**
++ * sets the specified bit in the specified byte to
++ * 1 if value is true, 0 if false
++ * The bits are counted from right to left, so bit #0 is the
++ * right most bit.
++ * \param[in] byte the bit to set the bit in
++ * \param[in] bit_nr the bit to set (0 <= n <= 7)
++ * \param[in] value whether to set the bit to 1 or 0
++ * \return 1 or 0 depending no the bit state
++ */
++void ldns_set_bit(uint8_t *byte, int bit_nr, bool value);
++
++/**
++ * Returns the value of a to the power of b
++ * (or 1 of b < 1)
++ */
++/*@unused@*/
++INLINE long
++ldns_power(long a, long b) {
++ long result = 1;
++ while (b > 0) {
++ if (b & 1) {
++ result *= a;
++ if (b == 1) {
++ return result;
++ }
++ }
++ a *= a;
++ b /= 2;
++ }
++ return result;
++}
++
++/**
++ * Returns the int value of the given (hex) digit
++ * \param[in] ch the hex char to convert
++ * \return the converted decimal value
++ */
++int ldns_hexdigit_to_int(char ch);
++
++/**
++ * Returns the char (hex) representation of the given int
++ * \param[in] ch the int to convert
++ * \return the converted hex char
++ */
++char ldns_int_to_hexdigit(int ch);
++
++/**
++ * Converts a hex string to binary data
++ *
++ * \param[out] data The binary result is placed here.
++ * At least strlen(str)/2 bytes should be allocated
++ * \param[in] str The hex string to convert.
++ * This string should not contain spaces
++ * \return The number of bytes of converted data, or -1 if one of the arguments * is NULL, or -2 if the string length is not an even number
++ */
++int
++ldns_hexstring_to_data(uint8_t *data, const char *str);
++
++/**
++ * Show the internal library version
++ * \return a string with the version in it
++ */
++const char * ldns_version(void);
++
++/**
++ * Convert TM to seconds since epoch (midnight, January 1st, 1970).
++ * Like timegm(3), which is not always available.
++ * \param[in] tm a struct tm* with the date
++ * \return the seconds since epoch
++ */
++time_t ldns_mktime_from_utc(const struct tm *tm);
++
++time_t mktime_from_utc(const struct tm *tm);
++
++/**
++ * The function interprets time as the number of seconds since epoch
++ * with respect to now using serial arithmitics (rfc1982).
++ * That number of seconds is then converted to broken-out time information.
++ * This is especially usefull when converting the inception and expiration
++ * fields of RRSIG records.
++ *
++ * \param[in] time number of seconds since epoch (midnight, January 1st, 1970)
++ * to be intepreted as a serial arithmitics number relative to now.
++ * \param[in] now number of seconds since epoch (midnight, January 1st, 1970)
++ * to which the time value is compared to determine the final value.
++ * \param[out] result the struct with the broken-out time information
++ * \return result on success or NULL on error
++ */
++struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result);
++
++/**
++ * Seed the random function.
++ * If the file descriptor is specified, the random generator is seeded with
++ * data from that file. If not, /dev/urandom is used.
++ *
++ * applications should call this if they need entropy data within ldns
++ * If openSSL is available, it is automatically seeded from /dev/urandom
++ * or /dev/random.
++ *
++ * If you need more entropy, or have no openssl available, this function
++ * MUST be called at the start of the program
++ *
++ * If openssl *is* available, this function just adds more entropy
++ *
++ * \param[in] fd a file providing entropy data for the seed
++ * \param[in] size the number of bytes to use as entropy data. If this is 0,
++ * only the minimal amount is taken (usually 4 bytes)
++ * \return 0 if seeding succeeds, 1 if it fails
++ */
++int ldns_init_random(FILE *fd, unsigned int size);
++
++/**
++ * Get random number.
++ * \return random number.
++ *
++ */
++uint16_t ldns_get_random(void);
++
++/**
++ * Encode data as BubbleBabble
++ *
++ * \param[in] data a pointer to data to be encoded
++ * \param[in] len size the number of bytes of data
++ * \return a string of BubbleBabble
++ */
++char *ldns_bubblebabble(uint8_t *data, size_t len);
++
++
++INLINE time_t ldns_time(time_t *t) { return time(t); }
++
++
++/**
++ * calculates the size needed to store the result of b32_ntop
++ */
++/*@unused@*/
++INLINE size_t ldns_b32_ntop_calculate_size(size_t src_data_length)
++{
++ return src_data_length == 0 ? 0 : ((src_data_length - 1) / 5 + 1) * 8;
++}
++
++INLINE size_t ldns_b32_ntop_calculate_size_no_padding(size_t src_data_length)
++{
++ return ((src_data_length + 3) * 8 / 5) - 4;
++}
++
++int ldns_b32_ntop(const uint8_t* src_data, size_t src_data_length,
++ char* target_text_buffer, size_t target_text_buffer_size);
++
++int ldns_b32_ntop_extended_hex(const uint8_t* src_data, size_t src_data_length,
++ char* target_text_buffer, size_t target_text_buffer_size);
++
++#if ! LDNS_BUILD_CONFIG_HAVE_B32_NTOP
++
++int b32_ntop(const uint8_t* src_data, size_t src_data_length,
++ char* target_text_buffer, size_t target_text_buffer_size);
++
++int b32_ntop_extended_hex(const uint8_t* src_data, size_t src_data_length,
++ char* target_text_buffer, size_t target_text_buffer_size);
++
++#endif /* ! LDNS_BUILD_CONFIG_HAVE_B32_NTOP */
++
++
++/**
++ * calculates the size needed to store the result of b32_pton
++ */
++/*@unused@*/
++INLINE size_t ldns_b32_pton_calculate_size(size_t src_text_length)
++{
++ return src_text_length * 5 / 8;
++}
++
++int ldns_b32_pton(const char* src_text, size_t src_text_length,
++ uint8_t* target_data_buffer, size_t target_data_buffer_size);
++
++int ldns_b32_pton_extended_hex(const char* src_text, size_t src_text_length,
++ uint8_t* target_data_buffer, size_t target_data_buffer_size);
++
++#if ! LDNS_BUILD_CONFIG_HAVE_B32_PTON
++
++int b32_pton(const char* src_text, size_t src_text_length,
++ uint8_t* target_data_buffer, size_t target_data_buffer_size);
++
++int b32_pton_extended_hex(const char* src_text, size_t src_text_length,
++ uint8_t* target_data_buffer, size_t target_data_buffer_size);
++
++#endif /* ! LDNS_BUILD_CONFIG_HAVE_B32_PTON */
++
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* !_UTIL_H */
+diff --git a/ldns/include/ldns/wire2host.h b/ldns/include/ldns/wire2host.h
+new file mode 100644
+index 0000000..53155b3
+--- /dev/null
++++ b/ldns/include/ldns/wire2host.h
+@@ -0,0 +1,197 @@
++/*
++ * wire2host.h - from wire conversion routines
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++/**
++ * \file
++ *
++ * Contains functions that translate dns data from the wire format (as sent
++ * by servers and clients) to the internal structures.
++ */
++
++#ifndef LDNS_WIRE2HOST_H
++#define LDNS_WIRE2HOST_H
++
++#include <ldns/rdata.h>
++#include <ldns/common.h>
++#include <ldns/error.h>
++#include <ldns/rr.h>
++#include <ldns/packet.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/* The length of the header */
++#define LDNS_HEADER_SIZE 12
++
++/* First octet of flags */
++#define LDNS_RD_MASK 0x01U
++#define LDNS_RD_SHIFT 0
++#define LDNS_RD_WIRE(wirebuf) (*(wirebuf+2) & LDNS_RD_MASK)
++#define LDNS_RD_SET(wirebuf) (*(wirebuf+2) |= LDNS_RD_MASK)
++#define LDNS_RD_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_RD_MASK)
++
++#define LDNS_TC_MASK 0x02U
++#define LDNS_TC_SHIFT 1
++#define LDNS_TC_WIRE(wirebuf) (*(wirebuf+2) & LDNS_TC_MASK)
++#define LDNS_TC_SET(wirebuf) (*(wirebuf+2) |= LDNS_TC_MASK)
++#define LDNS_TC_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_TC_MASK)
++
++#define LDNS_AA_MASK 0x04U
++#define LDNS_AA_SHIFT 2
++#define LDNS_AA_WIRE(wirebuf) (*(wirebuf+2) & LDNS_AA_MASK)
++#define LDNS_AA_SET(wirebuf) (*(wirebuf+2) |= LDNS_AA_MASK)
++#define LDNS_AA_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_AA_MASK)
++
++#define LDNS_OPCODE_MASK 0x78U
++#define LDNS_OPCODE_SHIFT 3
++#define LDNS_OPCODE_WIRE(wirebuf) ((*(wirebuf+2) & LDNS_OPCODE_MASK) >> LDNS_OPCODE_SHIFT)
++#define LDNS_OPCODE_SET(wirebuf, opcode) \
++ (*(wirebuf+2) = ((*(wirebuf+2)) & ~LDNS_OPCODE_MASK) | ((opcode) << LDNS_OPCODE_SHIFT))
++
++#define LDNS_QR_MASK 0x80U
++#define LDNS_QR_SHIFT 7
++#define LDNS_QR_WIRE(wirebuf) (*(wirebuf+2) & LDNS_QR_MASK)
++#define LDNS_QR_SET(wirebuf) (*(wirebuf+2) |= LDNS_QR_MASK)
++#define LDNS_QR_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_QR_MASK)
++
++/* Second octet of flags */
++#define LDNS_RCODE_MASK 0x0fU
++#define LDNS_RCODE_SHIFT 0
++#define LDNS_RCODE_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RCODE_MASK)
++#define LDNS_RCODE_SET(wirebuf, rcode) \
++ (*(wirebuf+3) = ((*(wirebuf+3)) & ~LDNS_RCODE_MASK) | (rcode))
++
++#define LDNS_CD_MASK 0x10U
++#define LDNS_CD_SHIFT 4
++#define LDNS_CD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_CD_MASK)
++#define LDNS_CD_SET(wirebuf) (*(wirebuf+3) |= LDNS_CD_MASK)
++#define LDNS_CD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_CD_MASK)
++
++#define LDNS_AD_MASK 0x20U
++#define LDNS_AD_SHIFT 5
++#define LDNS_AD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_AD_MASK)
++#define LDNS_AD_SET(wirebuf) (*(wirebuf+3) |= LDNS_AD_MASK)
++#define LDNS_AD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_AD_MASK)
++
++#define LDNS_Z_MASK 0x40U
++#define LDNS_Z_SHIFT 6
++#define LDNS_Z_WIRE(wirebuf) (*(wirebuf+3) & LDNS_Z_MASK)
++#define LDNS_Z_SET(wirebuf) (*(wirebuf+3) |= LDNS_Z_MASK)
++#define LDNS_Z_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_Z_MASK)
++
++#define LDNS_RA_MASK 0x80U
++#define LDNS_RA_SHIFT 7
++#define LDNS_RA_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RA_MASK)
++#define LDNS_RA_SET(wirebuf) (*(wirebuf+3) |= LDNS_RA_MASK)
++#define LDNS_RA_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_RA_MASK)
++
++/* Query ID */
++#define LDNS_ID_WIRE(wirebuf) (ldns_read_uint16(wirebuf))
++#define LDNS_ID_SET(wirebuf, id) (ldns_write_uint16(wirebuf, id))
++
++/* Counter of the question section */
++#define LDNS_QDCOUNT_OFF 4
++/*
++#define QDCOUNT(wirebuf) (ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF)))
++*/
++#define LDNS_QDCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_QDCOUNT_OFF))
++
++/* Counter of the answer section */
++#define LDNS_ANCOUNT_OFF 6
++#define LDNS_ANCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_ANCOUNT_OFF))
++
++/* Counter of the authority section */
++#define LDNS_NSCOUNT_OFF 8
++#define LDNS_NSCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_NSCOUNT_OFF))
++
++/* Counter of the additional section */
++#define LDNS_ARCOUNT_OFF 10
++#define LDNS_ARCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_ARCOUNT_OFF))
++
++/**
++ * converts the data on the uint8_t bytearray (in wire format) to a DNS packet.
++ * This function will initialize and allocate memory space for the packet
++ * structure.
++ *
++ * \param[in] packet pointer to the structure to hold the packet
++ * \param[in] data pointer to the buffer with the data
++ * \param[in] len the length of the data buffer (in bytes)
++ * \return LDNS_STATUS_OK if everything succeeds, error otherwise
++ */
++ldns_status ldns_wire2pkt(ldns_pkt **packet, const uint8_t *data, size_t len);
++
++/**
++ * converts the data on the uint8_t bytearray (in wire format) to a DNS packet.
++ * This function will initialize and allocate memory space for the packet
++ * structure.
++ *
++ * \param[in] packet pointer to the structure to hold the packet
++ * \param[in] buffer the buffer with the data
++ * \return LDNS_STATUS_OK if everything succeeds, error otherwise
++ */
++ldns_status ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer);
++
++/**
++ * converts the data on the uint8_t bytearray (in wire format) to a DNS
++ * dname rdata field. This function will initialize and allocate memory
++ * space for the dname structure. The length of the wiredata of this rdf
++ * is added to the *pos value.
++ *
++ * \param[in] dname pointer to the structure to hold the rdata value
++ * \param[in] wire pointer to the buffer with the data
++ * \param[in] max the length of the data buffer (in bytes)
++ * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes
++ * from the start of the buffer)
++ * \return LDNS_STATUS_OK if everything succeeds, error otherwise
++ */
++ldns_status ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos);
++
++/**
++ * converts the data on the uint8_t bytearray (in wire format) to DNS
++ * rdata fields, and adds them to the list of rdfs of the given rr.
++ * This function will initialize and allocate memory space for the dname
++ * structures.
++ * The length of the wiredata of these rdfs is added to the *pos value.
++ *
++ * All rdfs belonging to the RR are read; the rr should have no rdfs
++ * yet. An error is returned if the format cannot be parsed.
++ *
++ * \param[in] rr pointer to the ldns_rr structure to hold the rdata value
++ * \param[in] wire pointer to the buffer with the data
++ * \param[in] max the length of the data buffer (in bytes)
++ * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes
++ * from the start of the buffer)
++ * \return LDNS_STATUS_OK if everything succeeds, error otherwise
++ */
++ldns_status ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos);
++
++/**
++ * converts the data on the uint8_t bytearray (in wire format) to a DNS
++ * resource record.
++ * This function will initialize and allocate memory space for the rr
++ * structure.
++ * The length of the wiredata of this rr is added to the *pos value.
++ *
++ * \param[in] rr pointer to the structure to hold the rdata value
++ * \param[in] wire pointer to the buffer with the data
++ * \param[in] max the length of the data buffer (in bytes)
++ * \param[in] pos the position of the rr in the buffer (ie. the number of bytes
++ * from the start of the buffer)
++ * \param[in] section the section in the packet the rr is meant for
++ * \return LDNS_STATUS_OK if everything succeeds, error otherwise
++ */
++ldns_status ldns_wire2rr(ldns_rr **rr, const uint8_t *wire, size_t max, size_t *pos, ldns_pkt_section section);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_WIRE2HOST_H */
+diff --git a/ldns/include/ldns/zone.h b/ldns/include/ldns/zone.h
+new file mode 100644
+index 0000000..0d129a0
+--- /dev/null
++++ b/ldns/include/ldns/zone.h
+@@ -0,0 +1,176 @@
++/**
++ * zone.h
++ *
++ * zone definitions
++ * - what is it
++ * - get_glue function
++ * - search etc
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++/**
++ * \file
++ *
++ * Defines the ldns_zone structure and functions to manipulate it.
++ */
++
++
++#ifndef LDNS_ZONE_H
++#define LDNS_ZONE_H
++
++#include <ldns/common.h>
++#include <ldns/rdata.h>
++#include <ldns/rr.h>
++#include <ldns/error.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * DNS Zone
++ *
++ * A list of RR's with some
++ * extra information which comes from the SOA RR
++ * Note: nothing has been done to make this efficient (yet).
++ */
++struct ldns_struct_zone
++{
++ /** the soa defines a zone */
++ ldns_rr *_soa;
++ /* basicly a zone is a list of rr's */
++ ldns_rr_list *_rrs;
++ /* we could change this to be a b-tree etc etc todo */
++};
++typedef struct ldns_struct_zone ldns_zone;
++
++/**
++ * create a new ldns_zone structure
++ * \return a pointer to a ldns_zone structure
++ */
++ldns_zone * ldns_zone_new(void);
++
++/**
++ * Return the soa record of a zone
++ * \param[in] z the zone to read from
++ * \return the soa record in the zone
++ */
++ldns_rr * ldns_zone_soa(const ldns_zone *z);
++
++/**
++ * Returns the number of resource records in the zone, NOT counting the SOA record
++ * \param[in] z the zone to read from
++ * \return the number of rr's in the zone
++ */
++size_t ldns_zone_rr_count(const ldns_zone *z);
++
++/**
++ * Set the zone's soa record
++ * \param[in] z the zone to put the new soa in
++ * \param[in] soa the soa to set
++ */
++void ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa);
++
++/**
++ * Get a list of a zone's content. Note that the SOA
++ * isn't included in this list. You need to get the
++ * with ldns_zone_soa.
++ * \param[in] z the zone to read from
++ * \return the rrs from this zone
++ */
++ldns_rr_list * ldns_zone_rrs(const ldns_zone *z);
++
++/**
++ * Set the zone's contents
++ * \param[in] z the zone to put the new soa in
++ * \param[in] rrlist the rrlist to use
++ */
++void ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist);
++
++/**
++ * push an rrlist to a zone structure. This function use pointer
++ * copying, so the rr_list structure inside z is modified!
++ * \param[in] z the zone to add to
++ * \param[in] list the list to add
++ * \return a true on succes otherwise falsed
++ */
++bool ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list);
++
++/**
++ * push an single rr to a zone structure. This function use pointer
++ * copying, so the rr_list structure inside z is modified!
++ * \param[in] z the zone to add to
++ * \param[in] rr the rr to add
++ * \return a true on succes otherwise falsed
++ */
++bool ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr);
++
++/**
++ * Retrieve all resource records from the zone that are glue
++ * records. The resulting list does are pointer references
++ * to the zone's data.
++ *
++ * Due to the current zone implementation (as a list of rr's), this
++ * function is extremely slow. Another (probably better) way to do this
++ * is to use an ldns_dnssec_zone structure and the
++ * ldns_dnssec_mark_and_get_glue() function.
++ *
++ * \param[in] z the zone to look for glue
++ * \return the rr_list with the glue
++ */
++ldns_rr_list *ldns_zone_glue_rr_list(const ldns_zone *z);
++
++/**
++ * Create a new zone from a file
++ * \param[out] z the new zone
++ * \param[in] *fp the filepointer to use
++ * \param[in] *origin the zones' origin
++ * \param[in] ttl default ttl to use
++ * \param[in] c default class to use (IN)
++ *
++ * \return ldns_status mesg with an error or LDNS_STATUS_OK
++ */
++ldns_status ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c);
++
++/**
++ * Create a new zone from a file, keep track of the line numbering
++ * \param[out] z the new zone
++ * \param[in] *fp the filepointer to use
++ * \param[in] *origin the zones' origin
++ * \param[in] ttl default ttl to use
++ * \param[in] c default class to use (IN)
++ * \param[out] line_nr used for error msg, to get to the line number
++ *
++ * \return ldns_status mesg with an error or LDNS_STATUS_OK
++ */
++ldns_status ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c, int *line_nr);
++
++/**
++ * Frees the allocated memory for the zone, and the rr_list structure in it
++ * \param[in] zone the zone to free
++ */
++void ldns_zone_free(ldns_zone *zone);
++
++/**
++ * Frees the allocated memory for the zone, the soa rr in it,
++ * and the rr_list structure in it, including the rr's in that. etc.
++ * \param[in] zone the zone to free
++ */
++void ldns_zone_deep_free(ldns_zone *zone);
++
++/**
++ * Sort the rrs in a zone, with the current impl. this is slow
++ * \param[in] zone the zone to sort
++ */
++void ldns_zone_sort(ldns_zone *zone);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* LDNS_ZONE_H */
+diff --git a/ldns/src/buffer.c b/ldns/src/buffer.c
+new file mode 100644
+index 0000000..fc6c17e
+--- /dev/null
++++ b/ldns/src/buffer.c
+@@ -0,0 +1,177 @@
++/*
++ * buffer.c -- generic memory buffer .
++ *
++ * Copyright (c) 2001-2008, NLnet Labs. All rights reserved.
++ *
++ * See LICENSE for the license.
++ *
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++#include <ldns/buffer.h>
++
++ldns_buffer *
++ldns_buffer_new(size_t capacity)
++{
++ ldns_buffer *buffer = LDNS_MALLOC(ldns_buffer);
++
++ if (!buffer) {
++ return NULL;
++ }
++
++ buffer->_data = (uint8_t *) LDNS_XMALLOC(uint8_t, capacity);
++ if (!buffer->_data) {
++ LDNS_FREE(buffer);
++ return NULL;
++ }
++
++ buffer->_position = 0;
++ buffer->_limit = buffer->_capacity = capacity;
++ buffer->_fixed = 0;
++ buffer->_status = LDNS_STATUS_OK;
++
++ ldns_buffer_invariant(buffer);
++
++ return buffer;
++}
++
++void
++ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size)
++{
++ assert(data != NULL);
++
++ buffer->_position = 0;
++ buffer->_limit = buffer->_capacity = size;
++ buffer->_fixed = 0;
++ buffer->_data = LDNS_XMALLOC(uint8_t, size);
++ if(!buffer->_data) {
++ buffer->_status = LDNS_STATUS_MEM_ERR;
++ return;
++ }
++ memcpy(buffer->_data, data, size);
++ buffer->_status = LDNS_STATUS_OK;
++
++ ldns_buffer_invariant(buffer);
++}
++
++bool
++ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity)
++{
++ void *data;
++
++ ldns_buffer_invariant(buffer);
++ assert(buffer->_position <= capacity);
++
++ data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity);
++ if (!data) {
++ buffer->_status = LDNS_STATUS_MEM_ERR;
++ return false;
++ } else {
++ buffer->_data = data;
++ buffer->_limit = buffer->_capacity = capacity;
++ return true;
++ }
++}
++
++bool
++ldns_buffer_reserve(ldns_buffer *buffer, size_t amount)
++{
++ ldns_buffer_invariant(buffer);
++ assert(!buffer->_fixed);
++ if (buffer->_capacity < buffer->_position + amount) {
++ size_t new_capacity = buffer->_capacity * 3 / 2;
++
++ if (new_capacity < buffer->_position + amount) {
++ new_capacity = buffer->_position + amount;
++ }
++ if (!ldns_buffer_set_capacity(buffer, new_capacity)) {
++ buffer->_status = LDNS_STATUS_MEM_ERR;
++ return false;
++ }
++ }
++ buffer->_limit = buffer->_capacity;
++ return true;
++}
++
++int
++ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...)
++{
++ va_list args;
++ int written = 0;
++ size_t remaining;
++
++ if (ldns_buffer_status_ok(buffer)) {
++ ldns_buffer_invariant(buffer);
++ assert(buffer->_limit == buffer->_capacity);
++
++ remaining = ldns_buffer_remaining(buffer);
++ va_start(args, format);
++ written = vsnprintf((char *) ldns_buffer_current(buffer), remaining,
++ format, args);
++ va_end(args);
++ if (written == -1) {
++ buffer->_status = LDNS_STATUS_INTERNAL_ERR;
++ return -1;
++ } else if ((size_t) written >= remaining) {
++ if (!ldns_buffer_reserve(buffer, (size_t) written + 1)) {
++ buffer->_status = LDNS_STATUS_MEM_ERR;
++ return -1;
++ }
++ va_start(args, format);
++ written = vsnprintf((char *) ldns_buffer_current(buffer),
++ ldns_buffer_remaining(buffer), format, args);
++ va_end(args);
++ if (written == -1) {
++ buffer->_status = LDNS_STATUS_INTERNAL_ERR;
++ return -1;
++ }
++ }
++ buffer->_position += written;
++ }
++ return written;
++}
++
++void
++ldns_buffer_free(ldns_buffer *buffer)
++{
++ if (!buffer) {
++ return;
++ }
++
++ if (!buffer->_fixed)
++ LDNS_FREE(buffer->_data);
++
++ LDNS_FREE(buffer);
++}
++
++void *
++ldns_buffer_export(ldns_buffer *buffer)
++{
++ buffer->_fixed = 1;
++ return buffer->_data;
++}
++
++int
++ldns_bgetc(ldns_buffer *buffer)
++{
++ if (!ldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) {
++ ldns_buffer_set_position(buffer, ldns_buffer_limit(buffer));
++ /* ldns_buffer_rewind(buffer);*/
++ return EOF;
++ }
++ return (int)ldns_buffer_read_u8(buffer);
++}
++
++void
++ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from)
++{
++ size_t tocopy = ldns_buffer_limit(from);
++
++ if(tocopy > ldns_buffer_capacity(result))
++ tocopy = ldns_buffer_capacity(result);
++ ldns_buffer_clear(result);
++ ldns_buffer_write(result, ldns_buffer_begin(from), tocopy);
++ ldns_buffer_flip(result);
++}
+diff --git a/ldns/src/compat/b64_ntop.c b/ldns/src/compat/b64_ntop.c
+new file mode 100644
+index 0000000..6895aca
+--- /dev/null
++++ b/ldns/src/compat/b64_ntop.c
+@@ -0,0 +1,185 @@
++/*
++ * Copyright (c) 1996, 1998 by Internet Software Consortium.
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
++ * SOFTWARE.
++ */
++
++/*
++ * Portions Copyright (c) 1995 by International Business Machines, Inc.
++ *
++ * International Business Machines, Inc. (hereinafter called IBM) grants
++ * permission under its copyrights to use, copy, modify, and distribute this
++ * Software with or without fee, provided that the above copyright notice and
++ * all paragraphs of this notice appear in all copies, and that the name of IBM
++ * not be used in connection with the marketing of any product incorporating
++ * the Software or modifications thereof, without specific, written prior
++ * permission.
++ *
++ * To the extent it has a right to do so, IBM grants an immunity from suit
++ * under its patents, if any, for the use, sale or manufacture of products to
++ * the extent that such products are used for performing Domain Name System
++ * dynamic updates in TCP/IP networks by means of the Software. No immunity is
++ * granted for any product per se or for any other function of any product.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
++ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
++ * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
++ * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
++ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
++ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
++ */
++#include <ldns/config.h>
++#include <ctype.h>
++#include <stdlib.h>
++#include <string.h>
++
++static const char Base64[] =
++ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
++static const char Pad64 = '=';
++
++/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
++ The following encoding technique is taken from RFC 1521 by Borenstein
++ and Freed. It is reproduced here in a slightly edited form for
++ convenience.
++
++ A 65-character subset of US-ASCII is used, enabling 6 bits to be
++ represented per printable character. (The extra 65th character, "=",
++ is used to signify a special processing function.)
++
++ The encoding process represents 24-bit groups of input bits as output
++ strings of 4 encoded characters. Proceeding from left to right, a
++ 24-bit input group is formed by concatenating 3 8-bit input groups.
++ These 24 bits are then treated as 4 concatenated 6-bit groups, each
++ of which is translated into a single digit in the base64 alphabet.
++
++ Each 6-bit group is used as an index into an array of 64 printable
++ characters. The character referenced by the index is placed in the
++ output string.
++
++ Table 1: The Base64 Alphabet
++
++ Value Encoding Value Encoding Value Encoding Value Encoding
++ 0 A 17 R 34 i 51 z
++ 1 B 18 S 35 j 52 0
++ 2 C 19 T 36 k 53 1
++ 3 D 20 U 37 l 54 2
++ 4 E 21 V 38 m 55 3
++ 5 F 22 W 39 n 56 4
++ 6 G 23 X 40 o 57 5
++ 7 H 24 Y 41 p 58 6
++ 8 I 25 Z 42 q 59 7
++ 9 J 26 a 43 r 60 8
++ 10 K 27 b 44 s 61 9
++ 11 L 28 c 45 t 62 +
++ 12 M 29 d 46 u 63 /
++ 13 N 30 e 47 v
++ 14 O 31 f 48 w (pad) =
++ 15 P 32 g 49 x
++ 16 Q 33 h 50 y
++
++ Special processing is performed if fewer than 24 bits are available
++ at the end of the data being encoded. A full encoding quantum is
++ always completed at the end of a quantity. When fewer than 24 input
++ bits are available in an input group, zero bits are added (on the
++ right) to form an integral number of 6-bit groups. Padding at the
++ end of the data is performed using the '=' character.
++
++ Since all base64 input is an integral number of octets, only the
++ -------------------------------------------------
++ following cases can arise:
++
++ (1) the final quantum of encoding input is an integral
++ multiple of 24 bits; here, the final unit of encoded
++ output will be an integral multiple of 4 characters
++ with no "=" padding,
++ (2) the final quantum of encoding input is exactly 8 bits;
++ here, the final unit of encoded output will be two
++ characters followed by two "=" padding characters, or
++ (3) the final quantum of encoding input is exactly 16 bits;
++ here, the final unit of encoded output will be three
++ characters followed by one "=" padding character.
++ */
++
++int
++ldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) {
++ size_t datalength = 0;
++ uint8_t input[3];
++ uint8_t output[4];
++ size_t i;
++
++ if (srclength == 0) {
++ if (targsize > 0) {
++ target[0] = '\0';
++ return 0;
++ } else {
++ return -1;
++ }
++ }
++
++ while (2 < srclength) {
++ input[0] = *src++;
++ input[1] = *src++;
++ input[2] = *src++;
++ srclength -= 3;
++
++ output[0] = input[0] >> 2;
++ output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
++ output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
++ output[3] = input[2] & 0x3f;
++ assert(output[0] < 64);
++ assert(output[1] < 64);
++ assert(output[2] < 64);
++ assert(output[3] < 64);
++
++ if (datalength + 4 > targsize) {
++ return (-1);
++ }
++ target[datalength++] = Base64[output[0]];
++ target[datalength++] = Base64[output[1]];
++ target[datalength++] = Base64[output[2]];
++ target[datalength++] = Base64[output[3]];
++ }
++
++ /* Now we worry about padding. */
++ if (0 != srclength) {
++ /* Get what's left. */
++ input[0] = input[1] = input[2] = (uint8_t) '\0';
++ for (i = 0; i < srclength; i++)
++ input[i] = *src++;
++
++ output[0] = input[0] >> 2;
++ output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
++ output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
++ assert(output[0] < 64);
++ assert(output[1] < 64);
++ assert(output[2] < 64);
++
++ if (datalength + 4 > targsize) {
++ return (-2);
++ }
++ target[datalength++] = Base64[output[0]];
++ target[datalength++] = Base64[output[1]];
++ if (srclength == 1) {
++ target[datalength++] = Pad64;
++ } else {
++ target[datalength++] = Base64[output[2]];
++ }
++ target[datalength++] = Pad64;
++ }
++ if (datalength >= targsize) {
++ return (-3);
++ }
++ target[datalength] = '\0'; /* Returned value doesn't count \0. */
++ return (int) (datalength);
++}
+diff --git a/ldns/src/compat/b64_pton.c b/ldns/src/compat/b64_pton.c
+new file mode 100644
+index 0000000..18d8c8e
+--- /dev/null
++++ b/ldns/src/compat/b64_pton.c
+@@ -0,0 +1,244 @@
++/*
++ * Copyright (c) 1996, 1998 by Internet Software Consortium.
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
++ * SOFTWARE.
++ */
++
++/*
++ * Portions Copyright (c) 1995 by International Business Machines, Inc.
++ *
++ * International Business Machines, Inc. (hereinafter called IBM) grants
++ * permission under its copyrights to use, copy, modify, and distribute this
++ * Software with or without fee, provided that the above copyright notice and
++ * all paragraphs of this notice appear in all copies, and that the name of IBM
++ * not be used in connection with the marketing of any product incorporating
++ * the Software or modifications thereof, without specific, written prior
++ * permission.
++ *
++ * To the extent it has a right to do so, IBM grants an immunity from suit
++ * under its patents, if any, for the use, sale or manufacture of products to
++ * the extent that such products are used for performing Domain Name System
++ * dynamic updates in TCP/IP networks by means of the Software. No immunity is
++ * granted for any product per se or for any other function of any product.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
++ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
++ * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
++ * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
++ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
++ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
++ */
++#include <ldns/config.h>
++#include <ctype.h>
++#include <stdlib.h>
++#include <string.h>
++
++static const char Base64[] =
++ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
++static const char Pad64 = '=';
++
++/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
++ The following encoding technique is taken from RFC 1521 by Borenstein
++ and Freed. It is reproduced here in a slightly edited form for
++ convenience.
++
++ A 65-character subset of US-ASCII is used, enabling 6 bits to be
++ represented per printable character. (The extra 65th character, "=",
++ is used to signify a special processing function.)
++
++ The encoding process represents 24-bit groups of input bits as output
++ strings of 4 encoded characters. Proceeding from left to right, a
++ 24-bit input group is formed by concatenating 3 8-bit input groups.
++ These 24 bits are then treated as 4 concatenated 6-bit groups, each
++ of which is translated into a single digit in the base64 alphabet.
++
++ Each 6-bit group is used as an index into an array of 64 printable
++ characters. The character referenced by the index is placed in the
++ output string.
++
++ Table 1: The Base64 Alphabet
++
++ Value Encoding Value Encoding Value Encoding Value Encoding
++ 0 A 17 R 34 i 51 z
++ 1 B 18 S 35 j 52 0
++ 2 C 19 T 36 k 53 1
++ 3 D 20 U 37 l 54 2
++ 4 E 21 V 38 m 55 3
++ 5 F 22 W 39 n 56 4
++ 6 G 23 X 40 o 57 5
++ 7 H 24 Y 41 p 58 6
++ 8 I 25 Z 42 q 59 7
++ 9 J 26 a 43 r 60 8
++ 10 K 27 b 44 s 61 9
++ 11 L 28 c 45 t 62 +
++ 12 M 29 d 46 u 63 /
++ 13 N 30 e 47 v
++ 14 O 31 f 48 w (pad) =
++ 15 P 32 g 49 x
++ 16 Q 33 h 50 y
++
++ Special processing is performed if fewer than 24 bits are available
++ at the end of the data being encoded. A full encoding quantum is
++ always completed at the end of a quantity. When fewer than 24 input
++ bits are available in an input group, zero bits are added (on the
++ right) to form an integral number of 6-bit groups. Padding at the
++ end of the data is performed using the '=' character.
++
++ Since all base64 input is an integral number of octets, only the
++ -------------------------------------------------
++ following cases can arise:
++
++ (1) the final quantum of encoding input is an integral
++ multiple of 24 bits; here, the final unit of encoded
++ output will be an integral multiple of 4 characters
++ with no "=" padding,
++ (2) the final quantum of encoding input is exactly 8 bits;
++ here, the final unit of encoded output will be two
++ characters followed by two "=" padding characters, or
++ (3) the final quantum of encoding input is exactly 16 bits;
++ here, the final unit of encoded output will be three
++ characters followed by one "=" padding character.
++ */
++
++/* skips all whitespace anywhere.
++ converts characters, four at a time, starting at (or after)
++ src from base - 64 numbers into three 8 bit bytes in the target area.
++ it returns the number of data bytes stored at the target, or -1 on error.
++ */
++
++int
++ldns_b64_pton(char const *origsrc, uint8_t *target, size_t targsize)
++{
++ unsigned char const* src = (unsigned char*)origsrc;
++ int tarindex, state, ch;
++ char *pos;
++
++ state = 0;
++ tarindex = 0;
++
++ if (strlen(origsrc) == 0) {
++ return 0;
++ }
++
++ while ((ch = *src++) != '\0') {
++ if (isspace((unsigned char)ch)) /* Skip whitespace anywhere. */
++ continue;
++
++ if (ch == Pad64)
++ break;
++
++ pos = strchr(Base64, ch);
++ if (pos == 0) {
++ /* A non-base64 character. */
++ return (-1);
++ }
++
++ switch (state) {
++ case 0:
++ if (target) {
++ if ((size_t)tarindex >= targsize)
++ return (-1);
++ target[tarindex] = (pos - Base64) << 2;
++ }
++ state = 1;
++ break;
++ case 1:
++ if (target) {
++ if ((size_t)tarindex + 1 >= targsize)
++ return (-1);
++ target[tarindex] |= (pos - Base64) >> 4;
++ target[tarindex+1] = ((pos - Base64) & 0x0f)
++ << 4 ;
++ }
++ tarindex++;
++ state = 2;
++ break;
++ case 2:
++ if (target) {
++ if ((size_t)tarindex + 1 >= targsize)
++ return (-1);
++ target[tarindex] |= (pos - Base64) >> 2;
++ target[tarindex+1] = ((pos - Base64) & 0x03)
++ << 6;
++ }
++ tarindex++;
++ state = 3;
++ break;
++ case 3:
++ if (target) {
++ if ((size_t)tarindex >= targsize)
++ return (-1);
++ target[tarindex] |= (pos - Base64);
++ }
++ tarindex++;
++ state = 0;
++ break;
++ default:
++ abort();
++ }
++ }
++
++ /*
++ * We are done decoding Base-64 chars. Let's see if we ended
++ * on a byte boundary, and/or with erroneous trailing characters.
++ */
++
++ if (ch == Pad64) { /* We got a pad char. */
++ ch = *src++; /* Skip it, get next. */
++ switch (state) {
++ case 0: /* Invalid = in first position */
++ case 1: /* Invalid = in second position */
++ return (-1);
++
++ case 2: /* Valid, means one byte of info */
++ /* Skip any number of spaces. */
++ for ((void)NULL; ch != '\0'; ch = *src++)
++ if (!isspace((unsigned char)ch))
++ break;
++ /* Make sure there is another trailing = sign. */
++ if (ch != Pad64)
++ return (-1);
++ ch = *src++; /* Skip the = */
++ /* Fall through to "single trailing =" case. */
++ /* FALLTHROUGH */
++
++ case 3: /* Valid, means two bytes of info */
++ /*
++ * We know this char is an =. Is there anything but
++ * whitespace after it?
++ */
++ for ((void)NULL; ch != '\0'; ch = *src++)
++ if (!isspace((unsigned char)ch))
++ return (-1);
++
++ /*
++ * Now make sure for cases 2 and 3 that the "extra"
++ * bits that slopped past the last full byte were
++ * zeros. If we don't check them, they become a
++ * subliminal channel.
++ */
++ if (target && target[tarindex] != 0)
++ return (-1);
++ }
++ } else {
++ /*
++ * We ended by seeing the end of the string. Make sure we
++ * have no partial bytes lying around.
++ */
++ if (state != 0)
++ return (-1);
++ }
++
++ return (tarindex);
++}
+diff --git a/ldns/src/compat/strlcpy.c b/ldns/src/compat/strlcpy.c
+new file mode 100644
+index 0000000..d6c34c1
+--- /dev/null
++++ b/ldns/src/compat/strlcpy.c
+@@ -0,0 +1,57 @@
++/* from openssh 4.3p2 compat/strlcpy.c */
++/*
++ * Copyright (c) 1998 Todd C. Miller <Todd.Miller at courtesan.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
++
++#include <ldns/config.h>
++#ifndef HAVE_STRLCPY
++
++#include <sys/types.h>
++#include <string.h>
++
++/*
++ * Copy src to string dst of size siz. At most siz-1 characters
++ * will be copied. Always NUL terminates (unless siz == 0).
++ * Returns strlen(src); if retval >= siz, truncation occurred.
++ */
++size_t
++strlcpy(char *dst, const char *src, size_t siz)
++{
++ char *d = dst;
++ const char *s = src;
++ size_t n = siz;
++
++ /* Copy as many bytes as will fit */
++ if (n != 0 && --n != 0) {
++ do {
++ if ((*d++ = *s++) == 0)
++ break;
++ } while (--n != 0);
++ }
++
++ /* Not enough room in dst, add NUL and traverse rest of src */
++ if (n == 0) {
++ if (siz != 0)
++ *d = '\0'; /* NUL-terminate dst */
++ while (*s++)
++ ;
++ }
++
++ return(s - src - 1); /* count does not include NUL */
++}
++
++#endif /* !HAVE_STRLCPY */
+diff --git a/ldns/src/dane.c b/ldns/src/dane.c
+new file mode 100644
+index 0000000..675dfa8
+--- /dev/null
++++ b/ldns/src/dane.c
+@@ -0,0 +1,748 @@
++/*
++ * Verify or create TLS authentication with DANE (RFC6698)
++ *
++ * (c) NLnetLabs 2012
++ *
++ * See the file LICENSE for the license.
++ *
++ */
++
++#include <ldns/config.h>
++#ifdef USE_DANE
++
++#include <ldns/ldns.h>
++#include <ldns/dane.h>
++
++#include <unistd.h>
++#include <stdlib.h>
++#include <sys/types.h>
++#ifdef HAVE_SYS_SOCKET_H
++#include <sys/socket.h>
++#endif
++#ifdef HAVE_NETDB_H
++#include <netdb.h>
++#endif
++
++#ifdef HAVE_SSL
++#include <openssl/ssl.h>
++#include <openssl/err.h>
++#include <openssl/x509v3.h>
++#endif
++
++ldns_status
++ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
++ uint16_t port, ldns_dane_transport transport)
++{
++ char buf[LDNS_MAX_DOMAINLEN];
++ size_t s;
++
++ assert(tlsa_owner != NULL);
++ assert(name != NULL);
++ assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
++
++ s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
++ buf[0] = (char)(s - 1);
++
++ switch(transport) {
++ case LDNS_DANE_TRANSPORT_TCP:
++ s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp");
++ break;
++
++ case LDNS_DANE_TRANSPORT_UDP:
++ s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp");
++ break;
++
++ case LDNS_DANE_TRANSPORT_SCTP:
++ s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp");
++ break;
++
++ default:
++ return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT;
++ }
++ if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) {
++ return LDNS_STATUS_DOMAINNAME_OVERFLOW;
++ }
++ memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name));
++ *tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME,
++ s + ldns_rdf_size(name), buf);
++ if (*tlsa_owner == NULL) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ return LDNS_STATUS_OK;
++}
++
++
++#ifdef HAVE_SSL
++ldns_status
++ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
++ ldns_tlsa_selector selector,
++ ldns_tlsa_matching_type matching_type)
++{
++ unsigned char* buf = NULL;
++ size_t len;
++
++ X509_PUBKEY* xpubkey;
++ EVP_PKEY* epubkey;
++
++ unsigned char* digest;
++
++ assert(rdf != NULL);
++ assert(cert != NULL);
++
++ switch(selector) {
++ case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
++
++ len = (size_t)i2d_X509(cert, &buf);
++ break;
++
++ case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
++
++#ifndef S_SPLINT_S
++ xpubkey = X509_get_X509_PUBKEY(cert);
++#endif
++ if (! xpubkey) {
++ return LDNS_STATUS_SSL_ERR;
++ }
++ epubkey = X509_PUBKEY_get(xpubkey);
++ if (! epubkey) {
++ return LDNS_STATUS_SSL_ERR;
++ }
++ len = (size_t)i2d_PUBKEY(epubkey, &buf);
++ break;
++
++ default:
++ return LDNS_STATUS_DANE_UNKNOWN_SELECTOR;
++ }
++
++ switch(matching_type) {
++ case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED:
++
++ *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf);
++
++ return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
++ break;
++
++ case LDNS_TLSA_MATCHING_TYPE_SHA256:
++
++ digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH);
++ if (digest == NULL) {
++ LDNS_FREE(buf);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ (void) ldns_sha256(buf, (unsigned int)len, digest);
++ *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH,
++ digest);
++ LDNS_FREE(buf);
++
++ return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
++ break;
++
++ case LDNS_TLSA_MATCHING_TYPE_SHA512:
++
++ digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH);
++ if (digest == NULL) {
++ LDNS_FREE(buf);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ (void) ldns_sha512(buf, (unsigned int)len, digest);
++ *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH,
++ digest);
++ LDNS_FREE(buf);
++
++ return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
++ break;
++
++ default:
++ LDNS_FREE(buf);
++ return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE;
++ }
++}
++
++
++/* Ordinary PKIX validation of cert (with extra_certs to help)
++ * against the CA's in store
++ */
++static ldns_status
++ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs,
++ X509_STORE* store)
++{
++ X509_STORE_CTX* vrfy_ctx;
++ ldns_status s;
++
++ if (! store) {
++ return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
++ }
++ vrfy_ctx = X509_STORE_CTX_new();
++ if (! vrfy_ctx) {
++
++ return LDNS_STATUS_SSL_ERR;
++
++ } else if (X509_STORE_CTX_init(vrfy_ctx, store,
++ cert, extra_certs) != 1) {
++ s = LDNS_STATUS_SSL_ERR;
++
++ } else if (X509_verify_cert(vrfy_ctx) == 1) {
++
++ s = LDNS_STATUS_OK;
++
++ } else {
++ s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
++ }
++ X509_STORE_CTX_free(vrfy_ctx);
++ return s;
++}
++
++
++/* Orinary PKIX validation of cert (with extra_certs to help)
++ * against the CA's in store, but also return the validation chain.
++ */
++static ldns_status
++ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert,
++ STACK_OF(X509)* extra_certs, X509_STORE* store)
++{
++ ldns_status s;
++ X509_STORE* empty_store = NULL;
++ X509_STORE_CTX* vrfy_ctx;
++
++ assert(chain != NULL);
++
++ if (! store) {
++ store = empty_store = X509_STORE_new();
++ }
++ s = LDNS_STATUS_SSL_ERR;
++ vrfy_ctx = X509_STORE_CTX_new();
++ if (! vrfy_ctx) {
++
++ goto exit_free_empty_store;
++
++ } else if (X509_STORE_CTX_init(vrfy_ctx, store,
++ cert, extra_certs) != 1) {
++ goto exit_free_vrfy_ctx;
++
++ } else if (X509_verify_cert(vrfy_ctx) == 1) {
++
++ s = LDNS_STATUS_OK;
++
++ } else {
++ s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
++ }
++ *chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
++ if (! *chain) {
++ s = LDNS_STATUS_SSL_ERR;
++ }
++
++exit_free_vrfy_ctx:
++ X509_STORE_CTX_free(vrfy_ctx);
++
++exit_free_empty_store:
++ if (empty_store) {
++ X509_STORE_free(empty_store);
++ }
++ return s;
++}
++
++
++/* Return the validation chain that can be build out of cert, with extra_certs.
++ */
++static ldns_status
++ldns_dane_pkix_get_chain(STACK_OF(X509)** chain,
++ X509* cert, STACK_OF(X509)* extra_certs)
++{
++ ldns_status s;
++ X509_STORE* empty_store = NULL;
++ X509_STORE_CTX* vrfy_ctx;
++
++ assert(chain != NULL);
++
++ empty_store = X509_STORE_new();
++ s = LDNS_STATUS_SSL_ERR;
++ vrfy_ctx = X509_STORE_CTX_new();
++ if (! vrfy_ctx) {
++
++ goto exit_free_empty_store;
++
++ } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
++ cert, extra_certs) != 1) {
++ goto exit_free_vrfy_ctx;
++ }
++ (void) X509_verify_cert(vrfy_ctx);
++ *chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
++ if (! *chain) {
++ s = LDNS_STATUS_SSL_ERR;
++ } else {
++ s = LDNS_STATUS_OK;
++ }
++exit_free_vrfy_ctx:
++ X509_STORE_CTX_free(vrfy_ctx);
++
++exit_free_empty_store:
++ X509_STORE_free(empty_store);
++ return s;
++}
++
++
++/* Pop n+1 certs and return the last popped.
++ */
++static ldns_status
++ldns_dane_get_nth_cert_from_validation_chain(
++ X509** cert, STACK_OF(X509)* chain, int n, bool ca)
++{
++ if (n >= sk_X509_num(chain) || n < 0) {
++ return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE;
++ }
++ *cert = sk_X509_pop(chain);
++ while (n-- > 0) {
++ X509_free(*cert);
++ *cert = sk_X509_pop(chain);
++ }
++ if (ca && ! X509_check_ca(*cert)) {
++ return LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
++ }
++ return LDNS_STATUS_OK;
++}
++
++
++/* Create validation chain with cert and extra_certs and returns the last
++ * self-signed (if present).
++ */
++static ldns_status
++ldns_dane_pkix_get_last_self_signed(X509** out_cert,
++ X509* cert, STACK_OF(X509)* extra_certs)
++{
++ ldns_status s;
++ X509_STORE* empty_store = NULL;
++ X509_STORE_CTX* vrfy_ctx;
++
++ assert(out_cert != NULL);
++
++ empty_store = X509_STORE_new();
++ s = LDNS_STATUS_SSL_ERR;
++ vrfy_ctx = X509_STORE_CTX_new();
++ if (! vrfy_ctx) {
++ goto exit_free_empty_store;
++
++ } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
++ cert, extra_certs) != 1) {
++ goto exit_free_vrfy_ctx;
++
++ }
++ (void) X509_verify_cert(vrfy_ctx);
++ if (vrfy_ctx->error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
++ vrfy_ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){
++
++ *out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx);
++ s = LDNS_STATUS_OK;
++ } else {
++ s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR;
++ }
++exit_free_vrfy_ctx:
++ X509_STORE_CTX_free(vrfy_ctx);
++
++exit_free_empty_store:
++ X509_STORE_free(empty_store);
++ return s;
++}
++
++
++ldns_status
++ldns_dane_select_certificate(X509** selected_cert,
++ X509* cert, STACK_OF(X509)* extra_certs,
++ X509_STORE* pkix_validation_store,
++ ldns_tlsa_certificate_usage cert_usage, int offset)
++{
++ ldns_status s;
++ STACK_OF(X509)* pkix_validation_chain = NULL;
++
++ assert(selected_cert != NULL);
++ assert(cert != NULL);
++
++ /* With PKIX validation explicitely turned off (pkix_validation_store
++ * == NULL), treat the "CA constraint" and "Service certificate
++ * constraint" the same as "Trust anchor assertion" and "Domain issued
++ * certificate" respectively.
++ */
++ if (pkix_validation_store == NULL) {
++ switch (cert_usage) {
++
++ case LDNS_TLSA_USAGE_CA_CONSTRAINT:
++
++ cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION;
++ break;
++
++ case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
++
++ cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE;
++ break;
++
++ default:
++ break;
++ }
++ }
++
++ /* Now what to do with each Certificate usage...
++ */
++ switch (cert_usage) {
++
++ case LDNS_TLSA_USAGE_CA_CONSTRAINT:
++
++ s = ldns_dane_pkix_validate_and_get_chain(
++ &pkix_validation_chain,
++ cert, extra_certs,
++ pkix_validation_store);
++ if (! pkix_validation_chain) {
++ return s;
++ }
++ if (s == LDNS_STATUS_OK) {
++ if (offset == -1) {
++ offset = 0;
++ }
++ s = ldns_dane_get_nth_cert_from_validation_chain(
++ selected_cert, pkix_validation_chain,
++ offset, true);
++ }
++ sk_X509_pop_free(pkix_validation_chain, X509_free);
++ return s;
++ break;
++
++
++ case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
++
++ *selected_cert = cert;
++ return ldns_dane_pkix_validate(cert, extra_certs,
++ pkix_validation_store);
++ break;
++
++
++ case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
++
++ if (offset == -1) {
++ s = ldns_dane_pkix_get_last_self_signed(
++ selected_cert, cert, extra_certs);
++ return s;
++ } else {
++ s = ldns_dane_pkix_get_chain(
++ &pkix_validation_chain,
++ cert, extra_certs);
++ if (s == LDNS_STATUS_OK) {
++ s =
++ ldns_dane_get_nth_cert_from_validation_chain(
++ selected_cert, pkix_validation_chain,
++ offset, false);
++ } else if (! pkix_validation_chain) {
++ return s;
++ }
++ sk_X509_pop_free(pkix_validation_chain, X509_free);
++ return s;
++ }
++ break;
++
++
++ case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
++
++ *selected_cert = cert;
++ return LDNS_STATUS_OK;
++ break;
++
++ default:
++ return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
++ break;
++ }
++}
++
++
++ldns_status
++ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
++ ldns_tlsa_certificate_usage certificate_usage,
++ ldns_tlsa_selector selector,
++ ldns_tlsa_matching_type matching_type,
++ X509* cert)
++{
++ ldns_rdf* rdf;
++ ldns_status s;
++
++ assert(tlsa != NULL);
++ assert(cert != NULL);
++
++ /* create rr */
++ *tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA);
++ if (*tlsa == NULL) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8,
++ (uint8_t)certificate_usage);
++ if (rdf == NULL) {
++ goto memerror;
++ }
++ (void) ldns_rr_set_rdf(*tlsa, rdf, 0);
++
++ rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector);
++ if (rdf == NULL) {
++ goto memerror;
++ }
++ (void) ldns_rr_set_rdf(*tlsa, rdf, 1);
++
++ rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type);
++ if (rdf == NULL) {
++ goto memerror;
++ }
++ (void) ldns_rr_set_rdf(*tlsa, rdf, 2);
++
++ s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type);
++ if (s == LDNS_STATUS_OK) {
++ (void) ldns_rr_set_rdf(*tlsa, rdf, 3);
++ return LDNS_STATUS_OK;
++ }
++ ldns_rr_free(*tlsa);
++ *tlsa = NULL;
++ return s;
++
++memerror:
++ ldns_rr_free(*tlsa);
++ *tlsa = NULL;
++ return LDNS_STATUS_MEM_ERR;
++}
++
++
++/* Return tlsas that actually are TLSA resource records with known values
++ * for the Certificate usage, Selector and Matching type rdata fields.
++ */
++static ldns_rr_list*
++ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas)
++{
++ size_t i;
++ ldns_rr_list* r = ldns_rr_list_new();
++ ldns_rr* tlsa_rr;
++
++ if (! r) {
++ return NULL;
++ }
++ for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
++ tlsa_rr = ldns_rr_list_rr(tlsas, i);
++ if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA &&
++ ldns_rr_rd_count(tlsa_rr) == 4 &&
++ ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 &&
++ ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 &&
++ ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) {
++
++ if (! ldns_rr_list_push_rr(r, tlsa_rr)) {
++ ldns_rr_list_free(r);
++ return NULL;
++ }
++ }
++ }
++ return r;
++}
++
++
++/* Return whether cert/selector/matching_type matches data.
++ */
++static ldns_status
++ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector,
++ ldns_tlsa_matching_type matching_type, ldns_rdf* data)
++{
++ ldns_status s;
++ ldns_rdf* match_data;
++
++ s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type);
++ if (s == LDNS_STATUS_OK) {
++ if (ldns_rdf_compare(data, match_data) != 0) {
++ s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
++ }
++ ldns_rdf_free(match_data);
++ }
++ return s;
++}
++
++
++/* Return whether any certificate from the chain with selector/matching_type
++ * matches data.
++ * ca should be true if the certificate has to be a CA certificate too.
++ */
++static ldns_status
++ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
++ ldns_tlsa_selector selector,
++ ldns_tlsa_matching_type matching_type,
++ ldns_rdf* data, bool ca)
++{
++ ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
++ size_t n, i;
++ X509* cert;
++
++ n = (size_t)sk_X509_num(chain);
++ for (i = 0; i < n; i++) {
++ cert = sk_X509_pop(chain);
++ if (! cert) {
++ s = LDNS_STATUS_SSL_ERR;
++ break;
++ }
++ s = ldns_dane_match_cert_with_data(cert,
++ selector, matching_type, data);
++ if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) {
++ s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
++ }
++ X509_free(cert);
++ if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) {
++ break;
++ }
++ /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
++ * try to match the next certificate
++ */
++ }
++ return s;
++}
++
++
++ldns_status
++ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
++ X509* cert, STACK_OF(X509)* extra_certs,
++ X509_STORE* pkix_validation_store)
++{
++ ldns_status s;
++
++ STACK_OF(X509)* pkix_validation_chain = NULL;
++
++ ldns_tlsa_certificate_usage cert_usage;
++ ldns_tlsa_selector selector;
++ ldns_tlsa_matching_type matching_type;
++ ldns_rdf* data;
++
++ if (! tlsa_rr) {
++ /* No TLSA, so regular PKIX validation
++ */
++ return ldns_dane_pkix_validate(cert, extra_certs,
++ pkix_validation_store);
++ }
++ cert_usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0));
++ selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1));
++ matching_type = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2));
++ data = ldns_rr_rdf(tlsa_rr, 3) ;
++
++ switch (cert_usage) {
++ case LDNS_TLSA_USAGE_CA_CONSTRAINT:
++ s = ldns_dane_pkix_validate_and_get_chain(
++ &pkix_validation_chain,
++ cert, extra_certs,
++ pkix_validation_store);
++ if (! pkix_validation_chain) {
++ return s;
++ }
++ if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
++ /*
++ * NO PKIX validation. We still try to match *any*
++ * certificate from the chain, so we return
++ * TLSA errors over PKIX errors.
++ *
++ * i.e. When the TLSA matches no certificate, we return
++ * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE
++ */
++ s = ldns_dane_match_any_cert_with_data(
++ pkix_validation_chain,
++ selector, matching_type, data, true);
++
++ if (s == LDNS_STATUS_OK) {
++ /* A TLSA record did match a cert from the
++ * chain, thus the error is failed PKIX
++ * validation.
++ */
++ s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
++ }
++
++ } else if (s == LDNS_STATUS_OK) {
++ /* PKIX validated, does the TLSA match too? */
++
++ s = ldns_dane_match_any_cert_with_data(
++ pkix_validation_chain,
++ selector, matching_type, data, true);
++ }
++ sk_X509_pop_free(pkix_validation_chain, X509_free);
++ return s;
++ break;
++
++ case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
++ s = ldns_dane_match_cert_with_data(cert,
++ selector, matching_type, data);
++
++ if (s == LDNS_STATUS_OK) {
++ return ldns_dane_pkix_validate(cert, extra_certs,
++ pkix_validation_store);
++ }
++ return s;
++ break;
++
++ case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
++ s = ldns_dane_pkix_get_chain(&pkix_validation_chain,
++ cert, extra_certs);
++
++ if (s == LDNS_STATUS_OK) {
++ s = ldns_dane_match_any_cert_with_data(
++ pkix_validation_chain,
++ selector, matching_type, data, false);
++
++ } else if (! pkix_validation_chain) {
++ return s;
++ }
++ sk_X509_pop_free(pkix_validation_chain, X509_free);
++ return s;
++ break;
++
++ case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
++ return ldns_dane_match_cert_with_data(cert,
++ selector, matching_type, data);
++ break;
++
++ default:
++ break;
++ }
++ return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
++}
++
++
++ldns_status
++ldns_dane_verify(ldns_rr_list* tlsas,
++ X509* cert, STACK_OF(X509)* extra_certs,
++ X509_STORE* pkix_validation_store)
++{
++ size_t i;
++ ldns_rr* tlsa_rr;
++ ldns_status s = LDNS_STATUS_OK, ps;
++
++ assert(cert != NULL);
++
++ if (tlsas && ldns_rr_list_rr_count(tlsas) > 0) {
++ tlsas = ldns_dane_filter_unusable_records(tlsas);
++ if (! tlsas) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ }
++ if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0) {
++ /* No TLSA's, so regular PKIX validation
++ */
++ return ldns_dane_pkix_validate(cert, extra_certs,
++ pkix_validation_store);
++ } else {
++ for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
++ tlsa_rr = ldns_rr_list_rr(tlsas, i);
++ ps = s;
++ s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs,
++ pkix_validation_store);
++
++ if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH &&
++ s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
++
++ /* which would be LDNS_STATUS_OK (match)
++ * or some fatal error preventing use from
++ * trying the next TLSA record.
++ */
++ break;
++ }
++ s = (s > ps ? s : ps); /* prefer PKIX_DID_NOT_VALIDATE
++ * over TLSA_DID_NOT_MATCH
++ */
++ }
++ ldns_rr_list_free(tlsas);
++ }
++ return s;
++}
++#endif /* HAVE_SSL */
++#endif /* USE_DANE */
+diff --git a/ldns/src/dname.c b/ldns/src/dname.c
+new file mode 100644
+index 0000000..55aba5d
+--- /dev/null
++++ b/ldns/src/dname.c
+@@ -0,0 +1,598 @@
++/*
++ * dname.c
++ *
++ * dname specific rdata implementations
++ * A dname is a rdf structure with type LDNS_RDF_TYPE_DNAME
++ * It is not a /real/ type! All function must therefor check
++ * for LDNS_RDF_TYPE_DNAME.
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#ifdef HAVE_NETINET_IN_H
++#include <netinet/in.h>
++#endif
++#ifdef HAVE_SYS_SOCKET_H
++#include <sys/socket.h>
++#endif
++#ifdef HAVE_NETDB_H
++#include <netdb.h>
++#endif
++#ifdef HAVE_ARPA_INET_H
++#include <arpa/inet.h>
++#endif
++
++/* Returns whether the last label in the name is a root label (a empty label).
++ * Note that it is not enough to just test the last character to be 0,
++ * because it may be part of the last label itself.
++ */
++static bool
++ldns_dname_last_label_is_root_label(const ldns_rdf* dname)
++{
++ size_t src_pos;
++ size_t len = 0;
++
++ for (src_pos = 0; src_pos < ldns_rdf_size(dname); src_pos += len + 1) {
++ len = ldns_rdf_data(dname)[src_pos];
++ }
++ assert(src_pos == ldns_rdf_size(dname));
++
++ return src_pos > 0 && len == 0;
++}
++
++ldns_rdf *
++ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2)
++{
++ ldns_rdf *new;
++ uint16_t new_size;
++ uint8_t *buf;
++ uint16_t left_size;
++
++ if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME ||
++ ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) {
++ return NULL;
++ }
++
++ /* remove root label if it is present at the end of the left
++ * rd, by reducing the size with 1
++ */
++ left_size = ldns_rdf_size(rd1);
++ if (ldns_dname_last_label_is_root_label(rd1)) {
++ left_size--;
++ }
++
++ /* we overwrite the nullbyte of rd1 */
++ new_size = left_size + ldns_rdf_size(rd2);
++ buf = LDNS_XMALLOC(uint8_t, new_size);
++ if (!buf) {
++ return NULL;
++ }
++
++ /* put the two dname's after each other */
++ memcpy(buf, ldns_rdf_data(rd1), left_size);
++ memcpy(buf + left_size, ldns_rdf_data(rd2), ldns_rdf_size(rd2));
++
++ new = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, new_size, buf);
++
++ LDNS_FREE(buf);
++ return new;
++}
++
++ldns_status
++ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2)
++{
++ uint16_t left_size;
++ uint16_t size;
++ uint8_t* newd;
++
++ if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME ||
++ ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) {
++ return LDNS_STATUS_ERR;
++ }
++
++ /* remove root label if it is present at the end of the left
++ * rd, by reducing the size with 1
++ */
++ left_size = ldns_rdf_size(rd1);
++ if (ldns_dname_last_label_is_root_label(rd1)) {
++ left_size--;
++ }
++
++ size = left_size + ldns_rdf_size(rd2);
++ newd = LDNS_XREALLOC(ldns_rdf_data(rd1), uint8_t, size);
++ if(!newd) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ ldns_rdf_set_data(rd1, newd);
++ memcpy(ldns_rdf_data(rd1) + left_size, ldns_rdf_data(rd2),
++ ldns_rdf_size(rd2));
++ ldns_rdf_set_size(rd1, size);
++
++ return LDNS_STATUS_OK;
++}
++
++ldns_rdf*
++ldns_dname_reverse(const ldns_rdf *dname)
++{
++ size_t rd_size;
++ uint8_t* buf;
++ ldns_rdf* new;
++ size_t src_pos;
++ size_t len ;
++
++ assert(ldns_rdf_get_type(dname) == LDNS_RDF_TYPE_DNAME);
++
++ rd_size = ldns_rdf_size(dname);
++ buf = LDNS_XMALLOC(uint8_t, rd_size);
++ if (! buf) {
++ return NULL;
++ }
++ new = ldns_rdf_new(LDNS_RDF_TYPE_DNAME, rd_size, buf);
++ if (! new) {
++ LDNS_FREE(buf);
++ return NULL;
++ }
++
++ /* If dname ends in a root label, the reverse should too.
++ */
++ if (ldns_dname_last_label_is_root_label(dname)) {
++ buf[rd_size - 1] = 0;
++ rd_size -= 1;
++ }
++ for (src_pos = 0; src_pos < rd_size; src_pos += len + 1) {
++ len = ldns_rdf_data(dname)[src_pos];
++ memcpy(&buf[rd_size - src_pos - len - 1],
++ &ldns_rdf_data(dname)[src_pos], len + 1);
++ }
++ return new;
++}
++
++ldns_rdf *
++ldns_dname_clone_from(const ldns_rdf *d, uint16_t n)
++{
++ uint8_t *data;
++ uint8_t label_size;
++ size_t data_size;
++
++ if (!d ||
++ ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME ||
++ ldns_dname_label_count(d) < n) {
++ return NULL;
++ }
++
++ data = ldns_rdf_data(d);
++ data_size = ldns_rdf_size(d);
++ while (n > 0) {
++ label_size = data[0] + 1;
++ data += label_size;
++ if (data_size < label_size) {
++ /* this label is very broken */
++ return NULL;
++ }
++ data_size -= label_size;
++ n--;
++ }
++
++ return ldns_dname_new_frm_data(data_size, data);
++}
++
++ldns_rdf *
++ldns_dname_left_chop(const ldns_rdf *d)
++{
++ uint8_t label_pos;
++ ldns_rdf *chop;
++
++ if (!d) {
++ return NULL;
++ }
++
++ if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) {
++ return NULL;
++ }
++ if (ldns_dname_label_count(d) == 0) {
++ /* root label */
++ return NULL;
++ }
++ /* 05blaat02nl00 */
++ label_pos = ldns_rdf_data(d)[0];
++
++ chop = ldns_dname_new_frm_data(ldns_rdf_size(d) - label_pos - 1,
++ ldns_rdf_data(d) + label_pos + 1);
++ return chop;
++}
++
++uint8_t
++ldns_dname_label_count(const ldns_rdf *r)
++{
++ uint16_t src_pos;
++ uint16_t len;
++ uint8_t i;
++ size_t r_size;
++
++ if (!r) {
++ return 0;
++ }
++
++ i = 0;
++ src_pos = 0;
++ r_size = ldns_rdf_size(r);
++
++ if (ldns_rdf_get_type(r) != LDNS_RDF_TYPE_DNAME) {
++ return 0;
++ } else {
++ len = ldns_rdf_data(r)[src_pos]; /* start of the label */
++
++ /* single root label */
++ if (1 == r_size) {
++ return 0;
++ } else {
++ while ((len > 0) && src_pos < r_size) {
++ src_pos++;
++ src_pos += len;
++ len = ldns_rdf_data(r)[src_pos];
++ i++;
++ }
++ }
++ }
++ return i;
++}
++
++ldns_rdf *
++ldns_dname_new(uint16_t s, void *d)
++{
++ ldns_rdf *rd;
++
++ rd = LDNS_MALLOC(ldns_rdf);
++ if (!rd) {
++ return NULL;
++ }
++ ldns_rdf_set_size(rd, s);
++ ldns_rdf_set_type(rd, LDNS_RDF_TYPE_DNAME);
++ ldns_rdf_set_data(rd, d);
++ return rd;
++}
++
++ldns_rdf *
++ldns_dname_new_frm_str(const char *str)
++{
++ return ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, str);
++}
++
++ldns_rdf *
++ldns_dname_new_frm_data(uint16_t size, const void *data)
++{
++ return ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, size, data);
++}
++
++void
++ldns_dname2canonical(const ldns_rdf *rd)
++{
++ uint8_t *rdd;
++ uint16_t i;
++
++ if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_DNAME) {
++ return;
++ }
++
++ rdd = (uint8_t*)ldns_rdf_data(rd);
++ for (i = 0; i < ldns_rdf_size(rd); i++, rdd++) {
++ *rdd = (uint8_t)LDNS_DNAME_NORMALIZE((int)*rdd);
++ }
++}
++
++bool
++ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent)
++{
++ uint8_t sub_lab;
++ uint8_t par_lab;
++ int8_t i, j;
++ ldns_rdf *tmp_sub = NULL;
++ ldns_rdf *tmp_par = NULL;
++ ldns_rdf *sub_clone;
++ ldns_rdf *parent_clone;
++ bool result = true;
++
++ if (ldns_rdf_get_type(sub) != LDNS_RDF_TYPE_DNAME ||
++ ldns_rdf_get_type(parent) != LDNS_RDF_TYPE_DNAME ||
++ ldns_rdf_compare(sub, parent) == 0) {
++ return false;
++ }
++
++ /* would be nicer if we do not have to clone... */
++ sub_clone = ldns_dname_clone_from(sub, 0);
++ parent_clone = ldns_dname_clone_from(parent, 0);
++ ldns_dname2canonical(sub_clone);
++ ldns_dname2canonical(parent_clone);
++
++ sub_lab = ldns_dname_label_count(sub_clone);
++ par_lab = ldns_dname_label_count(parent_clone);
++
++ /* if sub sits above parent, it cannot be a child/sub domain */
++ if (sub_lab < par_lab) {
++ result = false;
++ } else {
++ /* check all labels the from the parent labels, from right to left.
++ * When they /all/ match we have found a subdomain
++ */
++ j = sub_lab - 1; /* we count from zero, thank you */
++ for (i = par_lab -1; i >= 0; i--) {
++ tmp_sub = ldns_dname_label(sub_clone, j);
++ tmp_par = ldns_dname_label(parent_clone, i);
++ if (!tmp_sub || !tmp_par) {
++ /* deep free does null check */
++ ldns_rdf_deep_free(tmp_sub);
++ ldns_rdf_deep_free(tmp_par);
++ result = false;
++ break;
++ }
++
++ if (ldns_rdf_compare(tmp_sub, tmp_par) != 0) {
++ /* they are not equal */
++ ldns_rdf_deep_free(tmp_sub);
++ ldns_rdf_deep_free(tmp_par);
++ result = false;
++ break;
++ }
++ ldns_rdf_deep_free(tmp_sub);
++ ldns_rdf_deep_free(tmp_par);
++ j--;
++ }
++ }
++ ldns_rdf_deep_free(sub_clone);
++ ldns_rdf_deep_free(parent_clone);
++ return result;
++}
++
++int
++ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2)
++{
++ size_t lc1, lc2, lc1f, lc2f;
++ size_t i;
++ int result = 0;
++ uint8_t *lp1, *lp2;
++
++ /* see RFC4034 for this algorithm */
++ /* this algorithm assumes the names are normalized to case */
++
++ /* only when both are not NULL we can say anything about them */
++ if (!dname1 && !dname2) {
++ return 0;
++ }
++ if (!dname1 || !dname2) {
++ return -1;
++ }
++ /* asserts must happen later as we are looking in the
++ * dname, which could be NULL. But this case is handled
++ * above
++ */
++ assert(ldns_rdf_get_type(dname1) == LDNS_RDF_TYPE_DNAME);
++ assert(ldns_rdf_get_type(dname2) == LDNS_RDF_TYPE_DNAME);
++
++ lc1 = ldns_dname_label_count(dname1);
++ lc2 = ldns_dname_label_count(dname2);
++
++ if (lc1 == 0 && lc2 == 0) {
++ return 0;
++ }
++ if (lc1 == 0) {
++ return -1;
++ }
++ if (lc2 == 0) {
++ return 1;
++ }
++ lc1--;
++ lc2--;
++ /* we start at the last label */
++ while (true) {
++ /* find the label first */
++ lc1f = lc1;
++ lp1 = ldns_rdf_data(dname1);
++ while (lc1f > 0) {
++ lp1 += *lp1 + 1;
++ lc1f--;
++ }
++
++ /* and find the other one */
++ lc2f = lc2;
++ lp2 = ldns_rdf_data(dname2);
++ while (lc2f > 0) {
++ lp2 += *lp2 + 1;
++ lc2f--;
++ }
++
++ /* now check the label character for character. */
++ for (i = 1; i < (size_t)(*lp1 + 1); i++) {
++ if (i > *lp2) {
++ /* apparently label 1 is larger */
++ result = 1;
++ goto done;
++ }
++ if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) <
++ LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) {
++ result = -1;
++ goto done;
++ } else if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) >
++ LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) {
++ result = 1;
++ goto done;
++ }
++ }
++ if (*lp1 < *lp2) {
++ /* apparently label 2 is larger */
++ result = -1;
++ goto done;
++ }
++ if (lc1 == 0 && lc2 > 0) {
++ result = -1;
++ goto done;
++ } else if (lc1 > 0 && lc2 == 0) {
++ result = 1;
++ goto done;
++ } else if (lc1 == 0 && lc2 == 0) {
++ result = 0;
++ goto done;
++ }
++ lc1--;
++ lc2--;
++ }
++
++ done:
++ return result;
++}
++
++int
++ldns_dname_is_wildcard(const ldns_rdf* dname)
++{
++ return ( ldns_dname_label_count(dname) > 0 &&
++ ldns_rdf_data(dname)[0] == 1 &&
++ ldns_rdf_data(dname)[1] == '*');
++}
++
++int
++ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard)
++{
++ ldns_rdf *wc_chopped;
++ int result;
++ /* check whether it really is a wildcard */
++ if (ldns_dname_is_wildcard(wildcard)) {
++ /* ok, so the dname needs to be a subdomain of the wildcard
++ * without the *
++ */
++ wc_chopped = ldns_dname_left_chop(wildcard);
++ result = (int) ldns_dname_is_subdomain(dname, wc_chopped);
++ ldns_rdf_deep_free(wc_chopped);
++ } else {
++ result = (ldns_dname_compare(dname, wildcard) == 0);
++ }
++ return result;
++}
++
++/* nsec test: does prev <= middle < next
++ * -1 = yes
++ * 0 = error/can't tell
++ * 1 = no
++ */
++int
++ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle,
++ const ldns_rdf *next)
++{
++ int prev_check, next_check;
++
++ assert(ldns_rdf_get_type(prev) == LDNS_RDF_TYPE_DNAME);
++ assert(ldns_rdf_get_type(middle) == LDNS_RDF_TYPE_DNAME);
++ assert(ldns_rdf_get_type(next) == LDNS_RDF_TYPE_DNAME);
++
++ prev_check = ldns_dname_compare(prev, middle);
++ next_check = ldns_dname_compare(middle, next);
++ /* <= next. This cannot be the case for nsec, because then we would
++ * have gotten the nsec of next...
++ */
++ if (next_check == 0) {
++ return 0;
++ }
++
++ /* <= */
++ if ((prev_check == -1 || prev_check == 0) &&
++ /* < */
++ next_check == -1) {
++ return -1;
++ } else {
++ return 1;
++ }
++}
++
++
++bool
++ldns_dname_str_absolute(const char *dname_str)
++{
++ const char* s;
++ if(dname_str && strcmp(dname_str, ".") == 0)
++ return 1;
++ if(!dname_str || strlen(dname_str) < 2)
++ return 0;
++ if(dname_str[strlen(dname_str) - 1] != '.')
++ return 0;
++ if(dname_str[strlen(dname_str) - 2] != '\\')
++ return 1; /* ends in . and no \ before it */
++ /* so we have the case of ends in . and there is \ before it */
++ for(s=dname_str; *s; s++) {
++ if(*s == '\\') {
++ if(s[1] && s[2] && s[3] /* check length */
++ && isdigit(s[1]) && isdigit(s[2]) &&
++ isdigit(s[3]))
++ s += 3;
++ else if(!s[1] || isdigit(s[1])) /* escape of nul,0-9 */
++ return 0; /* parse error */
++ else s++; /* another character escaped */
++ }
++ else if(!*(s+1) && *s == '.')
++ return 1; /* trailing dot, unescaped */
++ }
++ return 0;
++}
++
++bool
++ldns_dname_absolute(const ldns_rdf *rdf)
++{
++ char *str = ldns_rdf2str(rdf);
++ if (str) {
++ bool r = ldns_dname_str_absolute(str);
++ LDNS_FREE(str);
++ return r;
++ }
++ return false;
++}
++
++ldns_rdf *
++ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos)
++{
++ uint8_t labelcnt;
++ uint16_t src_pos;
++ uint16_t len;
++ ldns_rdf *tmpnew;
++ size_t s;
++ uint8_t *data;
++
++ if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_DNAME) {
++ return NULL;
++ }
++
++ labelcnt = 0;
++ src_pos = 0;
++ s = ldns_rdf_size(rdf);
++
++ len = ldns_rdf_data(rdf)[src_pos]; /* label start */
++ while ((len > 0) && src_pos < s) {
++ if (labelcnt == labelpos) {
++ /* found our label */
++ data = LDNS_XMALLOC(uint8_t, len + 2);
++ if (!data) {
++ return NULL;
++ }
++ memcpy(data, ldns_rdf_data(rdf) + src_pos, len + 1);
++ data[len + 2 - 1] = 0;
++
++ tmpnew = ldns_rdf_new( LDNS_RDF_TYPE_DNAME
++ , len + 2, data);
++ if (!tmpnew) {
++ LDNS_FREE(data);
++ return NULL;
++ }
++ return tmpnew;
++ }
++ src_pos++;
++ src_pos += len;
++ len = ldns_rdf_data(rdf)[src_pos];
++ labelcnt++;
++ }
++ return NULL;
++}
+diff --git a/ldns/src/dnssec.c b/ldns/src/dnssec.c
+new file mode 100644
+index 0000000..a41a9f6
+--- /dev/null
++++ b/ldns/src/dnssec.c
+@@ -0,0 +1,1869 @@
++/*
++ * dnssec.c
++ *
++ * contains the cryptographic function needed for DNSSEC in ldns
++ * The crypto library used is openssl
++ *
++ * (c) NLnet Labs, 2004-2008
++ *
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++#include <ldns/dnssec.h>
++
++#include <strings.h>
++#include <time.h>
++
++#ifdef HAVE_SSL
++#include <openssl/ssl.h>
++#include <openssl/evp.h>
++#include <openssl/rand.h>
++#include <openssl/err.h>
++#include <openssl/md5.h>
++#endif
++
++ldns_rr *
++ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name,
++ const ldns_rr_type type,
++ const ldns_rr_list *rrs)
++{
++ size_t i;
++ ldns_rr *candidate;
++
++ if (!name || !rrs) {
++ return NULL;
++ }
++
++ for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
++ candidate = ldns_rr_list_rr(rrs, i);
++ if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_RRSIG) {
++ if (ldns_dname_compare(ldns_rr_owner(candidate),
++ name) == 0 &&
++ ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(candidate))
++ == type
++ ) {
++ return candidate;
++ }
++ }
++ }
++
++ return NULL;
++}
++
++ldns_rr *
++ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig,
++ const ldns_rr_list *rrs)
++{
++ size_t i;
++ ldns_rr *candidate;
++
++ if (!rrsig || !rrs) {
++ return NULL;
++ }
++
++ for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
++ candidate = ldns_rr_list_rr(rrs, i);
++ if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_DNSKEY) {
++ if (ldns_dname_compare(ldns_rr_owner(candidate),
++ ldns_rr_rrsig_signame(rrsig)) == 0 &&
++ ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig)) ==
++ ldns_calc_keytag(candidate)
++ ) {
++ return candidate;
++ }
++ }
++ }
++
++ return NULL;
++}
++
++ldns_rdf *
++ldns_nsec_get_bitmap(ldns_rr *nsec) {
++ if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) {
++ return ldns_rr_rdf(nsec, 1);
++ } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) {
++ return ldns_rr_rdf(nsec, 5);
++ } else {
++ return NULL;
++ }
++}
++
++/*return the owner name of the closest encloser for name from the list of rrs */
++/* this is NOT the hash, but the original name! */
++ldns_rdf *
++ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
++ ATTR_UNUSED(ldns_rr_type qtype),
++ ldns_rr_list *nsec3s)
++{
++ /* remember parameters, they must match */
++ uint8_t algorithm;
++ uint32_t iterations;
++ uint8_t salt_length;
++ uint8_t *salt;
++
++ ldns_rdf *sname, *hashed_sname, *tmp;
++ bool flag;
++
++ bool exact_match_found;
++ bool in_range_found;
++
++ ldns_status status;
++ ldns_rdf *zone_name;
++
++ size_t nsec_i;
++ ldns_rr *nsec;
++ ldns_rdf *result = NULL;
++
++ if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) {
++ return NULL;
++ }
++
++ nsec = ldns_rr_list_rr(nsec3s, 0);
++ algorithm = ldns_nsec3_algorithm(nsec);
++ salt_length = ldns_nsec3_salt_length(nsec);
++ salt = ldns_nsec3_salt_data(nsec);
++ iterations = ldns_nsec3_iterations(nsec);
++
++ sname = ldns_rdf_clone(qname);
++
++ flag = false;
++
++ zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec));
++
++ /* algorithm from nsec3-07 8.3 */
++ while (ldns_dname_label_count(sname) > 0) {
++ exact_match_found = false;
++ in_range_found = false;
++
++ hashed_sname = ldns_nsec3_hash_name(sname,
++ algorithm,
++ iterations,
++ salt_length,
++ salt);
++
++ status = ldns_dname_cat(hashed_sname, zone_name);
++ if(status != LDNS_STATUS_OK) {
++ LDNS_FREE(salt);
++ ldns_rdf_deep_free(zone_name);
++ ldns_rdf_deep_free(sname);
++ return NULL;
++ }
++
++ for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsec3s); nsec_i++) {
++ nsec = ldns_rr_list_rr(nsec3s, nsec_i);
++
++ /* check values of iterations etc! */
++
++ /* exact match? */
++ if (ldns_dname_compare(ldns_rr_owner(nsec), hashed_sname) == 0) {
++ exact_match_found = true;
++ } else if (ldns_nsec_covers_name(nsec, hashed_sname)) {
++ in_range_found = true;
++ }
++
++ }
++ if (!exact_match_found && in_range_found) {
++ flag = true;
++ } else if (exact_match_found && flag) {
++ result = ldns_rdf_clone(sname);
++ /* RFC 5155: 8.3. 2.** "The proof is complete" */
++ ldns_rdf_deep_free(hashed_sname);
++ goto done;
++ } else if (exact_match_found && !flag) {
++ /* error! */
++ ldns_rdf_deep_free(hashed_sname);
++ goto done;
++ } else {
++ flag = false;
++ }
++
++ ldns_rdf_deep_free(hashed_sname);
++ tmp = sname;
++ sname = ldns_dname_left_chop(sname);
++ ldns_rdf_deep_free(tmp);
++ }
++
++ done:
++ LDNS_FREE(salt);
++ ldns_rdf_deep_free(zone_name);
++ ldns_rdf_deep_free(sname);
++
++ return result;
++}
++
++bool
++ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt)
++{
++ size_t i;
++ for (i = 0; i < ldns_pkt_ancount(pkt); i++) {
++ if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_answer(pkt), i)) ==
++ LDNS_RR_TYPE_RRSIG) {
++ return true;
++ }
++ }
++ for (i = 0; i < ldns_pkt_nscount(pkt); i++) {
++ if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_authority(pkt), i)) ==
++ LDNS_RR_TYPE_RRSIG) {
++ return true;
++ }
++ }
++ return false;
++}
++
++ldns_rr_list *
++ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt,
++ ldns_rdf *name,
++ ldns_rr_type type)
++{
++ uint16_t t_netorder;
++ ldns_rr_list *sigs;
++ ldns_rr_list *sigs_covered;
++ ldns_rdf *rdf_t;
++
++ sigs = ldns_pkt_rr_list_by_name_and_type(pkt,
++ name,
++ LDNS_RR_TYPE_RRSIG,
++ LDNS_SECTION_ANY_NOQUESTION
++ );
++
++ t_netorder = htons(type); /* rdf are in network order! */
++ rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, LDNS_RDF_SIZE_WORD, &t_netorder);
++ sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0);
++
++ ldns_rdf_free(rdf_t);
++ ldns_rr_list_deep_free(sigs);
++
++ return sigs_covered;
++
++}
++
++ldns_rr_list *
++ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type)
++{
++ uint16_t t_netorder;
++ ldns_rr_list *sigs;
++ ldns_rr_list *sigs_covered;
++ ldns_rdf *rdf_t;
++
++ sigs = ldns_pkt_rr_list_by_type(pkt,
++ LDNS_RR_TYPE_RRSIG,
++ LDNS_SECTION_ANY_NOQUESTION
++ );
++
++ t_netorder = htons(type); /* rdf are in network order! */
++ rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE,
++ 2,
++ &t_netorder);
++ sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0);
++
++ ldns_rdf_free(rdf_t);
++ ldns_rr_list_deep_free(sigs);
++
++ return sigs_covered;
++
++}
++
++/* used only on the public key RR */
++uint16_t
++ldns_calc_keytag(const ldns_rr *key)
++{
++ uint16_t ac16;
++ ldns_buffer *keybuf;
++ size_t keysize;
++
++ if (!key) {
++ return 0;
++ }
++
++ if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY &&
++ ldns_rr_get_type(key) != LDNS_RR_TYPE_KEY
++ ) {
++ return 0;
++ }
++
++ /* rdata to buf - only put the rdata in a buffer */
++ keybuf = ldns_buffer_new(LDNS_MIN_BUFLEN); /* grows */
++ if (!keybuf) {
++ return 0;
++ }
++ (void)ldns_rr_rdata2buffer_wire(keybuf, key);
++ /* the current pos in the buffer is the keysize */
++ keysize= ldns_buffer_position(keybuf);
++
++ ac16 = ldns_calc_keytag_raw(ldns_buffer_begin(keybuf), keysize);
++ ldns_buffer_free(keybuf);
++ return ac16;
++}
++
++uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize)
++{
++ unsigned int i;
++ uint32_t ac32;
++ uint16_t ac16;
++
++ if(keysize < 4) {
++ return 0;
++ }
++ /* look at the algorithm field, copied from 2535bis */
++ if (key[3] == LDNS_RSAMD5) {
++ ac16 = 0;
++ if (keysize > 4) {
++ memmove(&ac16, key + keysize - 3, 2);
++ }
++ ac16 = ntohs(ac16);
++ return (uint16_t) ac16;
++ } else {
++ ac32 = 0;
++ for (i = 0; (size_t)i < keysize; ++i) {
++ ac32 += (i & 1) ? key[i] : key[i] << 8;
++ }
++ ac32 += (ac32 >> 16) & 0xFFFF;
++ return (uint16_t) (ac32 & 0xFFFF);
++ }
++}
++
++#ifdef HAVE_SSL
++DSA *
++ldns_key_buf2dsa(ldns_buffer *key)
++{
++ return ldns_key_buf2dsa_raw((unsigned char*)ldns_buffer_begin(key),
++ ldns_buffer_position(key));
++}
++
++DSA *
++ldns_key_buf2dsa_raw(unsigned char* key, size_t len)
++{
++ uint8_t T;
++ uint16_t length;
++ uint16_t offset;
++ DSA *dsa;
++ BIGNUM *Q; BIGNUM *P;
++ BIGNUM *G; BIGNUM *Y;
++
++ if(len == 0)
++ return NULL;
++ T = (uint8_t)key[0];
++ length = (64 + T * 8);
++ offset = 1;
++
++ if (T > 8) {
++ return NULL;
++ }
++ if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length)
++ return NULL;
++
++ Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
++ offset += SHA_DIGEST_LENGTH;
++
++ P = BN_bin2bn(key+offset, (int)length, NULL);
++ offset += length;
++
++ G = BN_bin2bn(key+offset, (int)length, NULL);
++ offset += length;
++
++ Y = BN_bin2bn(key+offset, (int)length, NULL);
++ offset += length;
++
++ /* create the key and set its properties */
++ if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
++ BN_free(Q);
++ BN_free(P);
++ BN_free(G);
++ BN_free(Y);
++ return NULL;
++ }
++#ifndef S_SPLINT_S
++ dsa->p = P;
++ dsa->q = Q;
++ dsa->g = G;
++ dsa->pub_key = Y;
++#endif /* splint */
++
++ return dsa;
++}
++
++RSA *
++ldns_key_buf2rsa(ldns_buffer *key)
++{
++ return ldns_key_buf2rsa_raw((unsigned char*)ldns_buffer_begin(key),
++ ldns_buffer_position(key));
++}
++
++RSA *
++ldns_key_buf2rsa_raw(unsigned char* key, size_t len)
++{
++ uint16_t offset;
++ uint16_t exp;
++ uint16_t int16;
++ RSA *rsa;
++ BIGNUM *modulus;
++ BIGNUM *exponent;
++
++ if (len == 0)
++ return NULL;
++ if (key[0] == 0) {
++ if(len < 3)
++ return NULL;
++ /* need some smart comment here XXX*/
++ /* the exponent is too large so it's places
++ * futher...???? */
++ memmove(&int16, key+1, 2);
++ exp = ntohs(int16);
++ offset = 3;
++ } else {
++ exp = key[0];
++ offset = 1;
++ }
++
++ /* key length at least one */
++ if(len < (size_t)offset + exp + 1)
++ return NULL;
++
++ /* Exponent */
++ exponent = BN_new();
++ if(!exponent) return NULL;
++ (void) BN_bin2bn(key+offset, (int)exp, exponent);
++ offset += exp;
++
++ /* Modulus */
++ modulus = BN_new();
++ if(!modulus) {
++ BN_free(exponent);
++ return NULL;
++ }
++ /* length of the buffer must match the key length! */
++ (void) BN_bin2bn(key+offset, (int)(len - offset), modulus);
++
++ rsa = RSA_new();
++ if(!rsa) {
++ BN_free(exponent);
++ BN_free(modulus);
++ return NULL;
++ }
++#ifndef S_SPLINT_S
++ rsa->n = modulus;
++ rsa->e = exponent;
++#endif /* splint */
++
++ return rsa;
++}
++
++int
++ldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
++ const EVP_MD* md)
++{
++ EVP_MD_CTX* ctx;
++ ctx = EVP_MD_CTX_create();
++ if(!ctx)
++ return false;
++ if(!EVP_DigestInit_ex(ctx, md, NULL) ||
++ !EVP_DigestUpdate(ctx, data, len) ||
++ !EVP_DigestFinal_ex(ctx, dest, NULL)) {
++ EVP_MD_CTX_destroy(ctx);
++ return false;
++ }
++ EVP_MD_CTX_destroy(ctx);
++ return true;
++}
++#endif /* HAVE_SSL */
++
++ldns_rr *
++ldns_key_rr2ds(const ldns_rr *key, ldns_hash h)
++{
++ ldns_rdf *tmp;
++ ldns_rr *ds;
++ uint16_t keytag;
++ uint8_t sha1hash;
++ uint8_t *digest;
++ ldns_buffer *data_buf;
++#ifdef USE_GOST
++ const EVP_MD* md = NULL;
++#endif
++
++ if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) {
++ return NULL;
++ }
++
++ ds = ldns_rr_new();
++ if (!ds) {
++ return NULL;
++ }
++ ldns_rr_set_type(ds, LDNS_RR_TYPE_DS);
++ ldns_rr_set_owner(ds, ldns_rdf_clone(
++ ldns_rr_owner(key)));
++ ldns_rr_set_ttl(ds, ldns_rr_ttl(key));
++ ldns_rr_set_class(ds, ldns_rr_get_class(key));
++
++ switch(h) {
++ default:
++ case LDNS_SHA1:
++ digest = LDNS_XMALLOC(uint8_t, LDNS_SHA1_DIGEST_LENGTH);
++ if (!digest) {
++ ldns_rr_free(ds);
++ return NULL;
++ }
++ break;
++ case LDNS_SHA256:
++ digest = LDNS_XMALLOC(uint8_t, LDNS_SHA256_DIGEST_LENGTH);
++ if (!digest) {
++ ldns_rr_free(ds);
++ return NULL;
++ }
++ break;
++ case LDNS_HASH_GOST:
++#ifdef USE_GOST
++ (void)ldns_key_EVP_load_gost_id();
++ md = EVP_get_digestbyname("md_gost94");
++ if(!md) {
++ ldns_rr_free(ds);
++ return NULL;
++ }
++ digest = LDNS_XMALLOC(uint8_t, EVP_MD_size(md));
++ if (!digest) {
++ ldns_rr_free(ds);
++ return NULL;
++ }
++ break;
++#else
++ /* not implemented */
++ ldns_rr_free(ds);
++ return NULL;
++#endif
++ case LDNS_SHA384:
++#ifdef USE_ECDSA
++ digest = LDNS_XMALLOC(uint8_t, SHA384_DIGEST_LENGTH);
++ if (!digest) {
++ ldns_rr_free(ds);
++ return NULL;
++ }
++ break;
++#else
++ /* not implemented */
++ ldns_rr_free(ds);
++ return NULL;
++#endif
++ }
++
++ data_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ if (!data_buf) {
++ LDNS_FREE(digest);
++ ldns_rr_free(ds);
++ return NULL;
++ }
++
++ /* keytag */
++ keytag = htons(ldns_calc_keytag((ldns_rr*)key));
++ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16,
++ sizeof(uint16_t),
++ &keytag);
++ ldns_rr_push_rdf(ds, tmp);
++
++ /* copy the algorithm field */
++ if ((tmp = ldns_rr_rdf(key, 2)) == NULL) {
++ LDNS_FREE(digest);
++ ldns_buffer_free(data_buf);
++ ldns_rr_free(ds);
++ return NULL;
++ } else {
++ ldns_rr_push_rdf(ds, ldns_rdf_clone( tmp ));
++ }
++
++ /* digest hash type */
++ sha1hash = (uint8_t)h;
++ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8,
++ sizeof(uint8_t),
++ &sha1hash);
++ ldns_rr_push_rdf(ds, tmp);
++
++ /* digest */
++ /* owner name */
++ tmp = ldns_rdf_clone(ldns_rr_owner(key));
++ ldns_dname2canonical(tmp);
++ if (ldns_rdf2buffer_wire(data_buf, tmp) != LDNS_STATUS_OK) {
++ LDNS_FREE(digest);
++ ldns_buffer_free(data_buf);
++ ldns_rr_free(ds);
++ ldns_rdf_deep_free(tmp);
++ return NULL;
++ }
++ ldns_rdf_deep_free(tmp);
++
++ /* all the rdata's */
++ if (ldns_rr_rdata2buffer_wire(data_buf,
++ (ldns_rr*)key) != LDNS_STATUS_OK) {
++ LDNS_FREE(digest);
++ ldns_buffer_free(data_buf);
++ ldns_rr_free(ds);
++ return NULL;
++ }
++ switch(h) {
++ case LDNS_SHA1:
++ (void) ldns_sha1((unsigned char *) ldns_buffer_begin(data_buf),
++ (unsigned int) ldns_buffer_position(data_buf),
++ (unsigned char *) digest);
++
++ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
++ LDNS_SHA1_DIGEST_LENGTH,
++ digest);
++ ldns_rr_push_rdf(ds, tmp);
++
++ break;
++ case LDNS_SHA256:
++ (void) ldns_sha256((unsigned char *) ldns_buffer_begin(data_buf),
++ (unsigned int) ldns_buffer_position(data_buf),
++ (unsigned char *) digest);
++ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
++ LDNS_SHA256_DIGEST_LENGTH,
++ digest);
++ ldns_rr_push_rdf(ds, tmp);
++ break;
++ case LDNS_HASH_GOST:
++#ifdef USE_GOST
++ if(!ldns_digest_evp((unsigned char *) ldns_buffer_begin(data_buf),
++ (unsigned int) ldns_buffer_position(data_buf),
++ (unsigned char *) digest, md)) {
++ LDNS_FREE(digest);
++ ldns_buffer_free(data_buf);
++ ldns_rr_free(ds);
++ return NULL;
++ }
++ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
++ (size_t)EVP_MD_size(md),
++ digest);
++ ldns_rr_push_rdf(ds, tmp);
++#endif
++ break;
++ case LDNS_SHA384:
++#ifdef USE_ECDSA
++ (void) SHA384((unsigned char *) ldns_buffer_begin(data_buf),
++ (unsigned int) ldns_buffer_position(data_buf),
++ (unsigned char *) digest);
++ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
++ SHA384_DIGEST_LENGTH,
++ digest);
++ ldns_rr_push_rdf(ds, tmp);
++#endif
++ break;
++ }
++
++ LDNS_FREE(digest);
++ ldns_buffer_free(data_buf);
++ return ds;
++}
++
++/* From RFC3845:
++ *
++ * 2.1.2. The List of Type Bit Map(s) Field
++ *
++ * The RR type space is split into 256 window blocks, each representing
++ * the low-order 8 bits of the 16-bit RR type space. Each block that
++ * has at least one active RR type is encoded using a single octet
++ * window number (from 0 to 255), a single octet bitmap length (from 1
++ * to 32) indicating the number of octets used for the window block's
++ * bitmap, and up to 32 octets (256 bits) of bitmap.
++ *
++ * Window blocks are present in the NSEC RR RDATA in increasing
++ * numerical order.
++ *
++ * "|" denotes concatenation
++ *
++ * Type Bit Map(s) Field = ( Window Block # | Bitmap Length | Bitmap ) +
++ *
++ * <cut>
++ *
++ * Blocks with no types present MUST NOT be included. Trailing zero
++ * octets in the bitmap MUST be omitted. The length of each block's
++ * bitmap is determined by the type code with the largest numerical
++ * value within that block, among the set of RR types present at the
++ * NSEC RR's owner name. Trailing zero octets not specified MUST be
++ * interpreted as zero octets.
++ */
++ldns_rdf *
++ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
++ size_t size,
++ ldns_rr_type nsec_type)
++{
++ uint8_t window; /* most significant octet of type */
++ uint8_t subtype; /* least significant octet of type */
++ uint16_t windows[256] /* Max subtype per window */
++#ifndef S_SPLINT_S
++ = { 0 } /* Initialize ALL elements with 0 */
++#endif
++ ;
++ ldns_rr_type* d; /* used to traverse rr_type_list*/
++ size_t i; /* used to traverse windows array */
++
++ size_t sz; /* size needed for type bitmap rdf */
++ uint8_t* data = NULL; /* rdf data */
++ uint8_t* dptr; /* used to itraverse rdf data */
++ ldns_rdf* rdf; /* bitmap rdf to return */
++
++ if (nsec_type != LDNS_RR_TYPE_NSEC &&
++ nsec_type != LDNS_RR_TYPE_NSEC3) {
++ return NULL;
++ }
++
++ /* Which other windows need to be in the bitmap rdf?
++ */
++ for (d = rr_type_list; d < rr_type_list + size; d++) {
++ window = *d >> 8;
++ subtype = *d & 0xff;
++ if (windows[window] < subtype) {
++ windows[window] = subtype;
++ }
++ }
++
++ /* How much space do we need in the rdf for those windows?
++ */
++ sz = 0;
++ for (i = 0; i < 256; i++) {
++ if (windows[i]) {
++ sz += windows[i] / 8 + 3;
++ }
++ }
++ if (sz > 0) {
++ /* Format rdf data according RFC3845 Section 2.1.2 (see above)
++ */
++ dptr = data = LDNS_CALLOC(uint8_t, sz);
++ if (!data) {
++ return NULL;
++ }
++ for (i = 0; i < 256; i++) {
++ if (windows[i]) {
++ *dptr++ = (uint8_t)i;
++ *dptr++ = (uint8_t)(windows[i] / 8 + 1);
++
++ /* Now let windows[i] index the bitmap
++ * within data
++ */
++ windows[i] = (uint16_t)(dptr - data);
++
++ dptr += dptr[-1];
++ }
++ }
++ }
++
++ /* Set the bits?
++ */
++ for (d = rr_type_list; d < rr_type_list + size; d++) {
++ subtype = *d & 0xff;
++ data[windows[*d >> 8] + subtype/8] |= (0x80 >> (subtype % 8));
++ }
++
++ /* Allocate and return rdf structure for the data
++ */
++ rdf = ldns_rdf_new(LDNS_RDF_TYPE_BITMAP, sz, data);
++ if (!rdf) {
++ LDNS_FREE(data);
++ return NULL;
++ }
++ return rdf;
++}
++
++int
++ldns_dnssec_rrsets_contains_type(ldns_dnssec_rrsets *rrsets,
++ ldns_rr_type type)
++{
++ ldns_dnssec_rrsets *cur_rrset = rrsets;
++ while (cur_rrset) {
++ if (cur_rrset->type == type) {
++ return 1;
++ }
++ cur_rrset = cur_rrset->next;
++ }
++ return 0;
++}
++
++ldns_rr *
++ldns_dnssec_create_nsec(ldns_dnssec_name *from,
++ ldns_dnssec_name *to,
++ ldns_rr_type nsec_type)
++{
++ ldns_rr *nsec_rr;
++ ldns_rr_type types[65536];
++ size_t type_count = 0;
++ ldns_dnssec_rrsets *cur_rrsets;
++ int on_delegation_point;
++
++ if (!from || !to || (nsec_type != LDNS_RR_TYPE_NSEC)) {
++ return NULL;
++ }
++
++ nsec_rr = ldns_rr_new();
++ ldns_rr_set_type(nsec_rr, nsec_type);
++ ldns_rr_set_owner(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(from)));
++ ldns_rr_push_rdf(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(to)));
++
++ on_delegation_point = ldns_dnssec_rrsets_contains_type(
++ from->rrsets, LDNS_RR_TYPE_NS)
++ && !ldns_dnssec_rrsets_contains_type(
++ from->rrsets, LDNS_RR_TYPE_SOA);
++
++ cur_rrsets = from->rrsets;
++ while (cur_rrsets) {
++ /* Do not include non-authoritative rrsets on the delegation point
++ * in the type bitmap */
++ if ((on_delegation_point && (
++ cur_rrsets->type == LDNS_RR_TYPE_NS
++ || cur_rrsets->type == LDNS_RR_TYPE_DS))
++ || (!on_delegation_point &&
++ cur_rrsets->type != LDNS_RR_TYPE_RRSIG
++ && cur_rrsets->type != LDNS_RR_TYPE_NSEC)) {
++
++ types[type_count] = cur_rrsets->type;
++ type_count++;
++ }
++ cur_rrsets = cur_rrsets->next;
++
++ }
++ types[type_count] = LDNS_RR_TYPE_RRSIG;
++ type_count++;
++ types[type_count] = LDNS_RR_TYPE_NSEC;
++ type_count++;
++
++ ldns_rr_push_rdf(nsec_rr, ldns_dnssec_create_nsec_bitmap(types,
++ type_count,
++ nsec_type));
++
++ return nsec_rr;
++}
++
++ldns_rr *
++ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
++ ldns_dnssec_name *to,
++ ldns_rdf *zone_name,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt)
++{
++ ldns_rr *nsec_rr;
++ ldns_rr_type types[65536];
++ size_t type_count = 0;
++ ldns_dnssec_rrsets *cur_rrsets;
++ ldns_status status;
++ int on_delegation_point;
++
++ if (!from) {
++ return NULL;
++ }
++
++ nsec_rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3);
++ ldns_rr_set_owner(nsec_rr,
++ ldns_nsec3_hash_name(ldns_dnssec_name_name(from),
++ algorithm,
++ iterations,
++ salt_length,
++ salt));
++ status = ldns_dname_cat(ldns_rr_owner(nsec_rr), zone_name);
++ if(status != LDNS_STATUS_OK) {
++ ldns_rr_free(nsec_rr);
++ return NULL;
++ }
++ ldns_nsec3_add_param_rdfs(nsec_rr,
++ algorithm,
++ flags,
++ iterations,
++ salt_length,
++ salt);
++
++ on_delegation_point = ldns_dnssec_rrsets_contains_type(
++ from->rrsets, LDNS_RR_TYPE_NS)
++ && !ldns_dnssec_rrsets_contains_type(
++ from->rrsets, LDNS_RR_TYPE_SOA);
++ cur_rrsets = from->rrsets;
++ while (cur_rrsets) {
++ /* Do not include non-authoritative rrsets on the delegation point
++ * in the type bitmap. Potentionally not skipping insecure
++ * delegation should have been done earlier, in function
++ * ldns_dnssec_zone_create_nsec3s, or even earlier in:
++ * ldns_dnssec_zone_sign_nsec3_flg .
++ */
++ if ((on_delegation_point && (
++ cur_rrsets->type == LDNS_RR_TYPE_NS
++ || cur_rrsets->type == LDNS_RR_TYPE_DS))
++ || (!on_delegation_point &&
++ cur_rrsets->type != LDNS_RR_TYPE_RRSIG)) {
++
++ types[type_count] = cur_rrsets->type;
++ type_count++;
++ }
++ cur_rrsets = cur_rrsets->next;
++ }
++ /* always add rrsig type if this is not an unsigned
++ * delegation
++ */
++ if (type_count > 0 &&
++ !(type_count == 1 && types[0] == LDNS_RR_TYPE_NS)) {
++ types[type_count] = LDNS_RR_TYPE_RRSIG;
++ type_count++;
++ }
++
++ /* leave next rdata empty if they weren't precomputed yet */
++ if (to && to->hashed_name) {
++ (void) ldns_rr_set_rdf(nsec_rr,
++ ldns_rdf_clone(to->hashed_name),
++ 4);
++ } else {
++ (void) ldns_rr_set_rdf(nsec_rr, NULL, 4);
++ }
++
++ ldns_rr_push_rdf(nsec_rr,
++ ldns_dnssec_create_nsec_bitmap(types,
++ type_count,
++ LDNS_RR_TYPE_NSEC3));
++
++ return nsec_rr;
++}
++
++ldns_rr *
++ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs)
++{
++ /* we do not do any check here - garbage in, garbage out */
++
++ /* the the start and end names - get the type from the
++ * before rrlist */
++
++ /* inefficient, just give it a name, a next name, and a list of rrs */
++ /* we make 1 big uberbitmap first, then windows */
++ /* todo: make something more efficient :) */
++ uint16_t i;
++ ldns_rr *i_rr;
++ uint16_t i_type;
++
++ ldns_rr *nsec = NULL;
++ ldns_rr_type i_type_list[65536];
++ size_t type_count = 0;
++
++ nsec = ldns_rr_new();
++ ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC);
++ ldns_rr_set_owner(nsec, ldns_rdf_clone(cur_owner));
++ ldns_rr_push_rdf(nsec, ldns_rdf_clone(next_owner));
++
++ for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
++ i_rr = ldns_rr_list_rr(rrs, i);
++ if (ldns_rdf_compare(cur_owner,
++ ldns_rr_owner(i_rr)) == 0) {
++ i_type = ldns_rr_get_type(i_rr);
++ if (i_type != LDNS_RR_TYPE_RRSIG && i_type != LDNS_RR_TYPE_NSEC) {
++ if (type_count == 0 || i_type_list[type_count-1] != i_type) {
++ i_type_list[type_count] = i_type;
++ type_count++;
++ }
++ }
++ }
++ }
++
++ i_type_list[type_count] = LDNS_RR_TYPE_RRSIG;
++ type_count++;
++ i_type_list[type_count] = LDNS_RR_TYPE_NSEC;
++ type_count++;
++
++ ldns_rr_push_rdf(nsec,
++ ldns_dnssec_create_nsec_bitmap(i_type_list,
++ type_count, LDNS_RR_TYPE_NSEC));
++
++ return nsec;
++}
++
++ldns_rdf *
++ldns_nsec3_hash_name(ldns_rdf *name,
++ uint8_t algorithm,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt)
++{
++ size_t hashed_owner_str_len;
++ ldns_rdf *cann;
++ ldns_rdf *hashed_owner;
++ unsigned char *hashed_owner_str;
++ char *hashed_owner_b32;
++ size_t hashed_owner_b32_len;
++ uint32_t cur_it;
++ /* define to contain the largest possible hash, which is
++ * sha1 at the moment */
++ unsigned char hash[LDNS_SHA1_DIGEST_LENGTH];
++ ldns_status status;
++
++ /* TODO: mnemonic list for hash algs SHA-1, default to 1 now (sha1) */
++ if (algorithm != LDNS_SHA1) {
++ return NULL;
++ }
++
++ /* prepare the owner name according to the draft section bla */
++ cann = ldns_rdf_clone(name);
++ if(!cann) {
++#ifdef STDERR_MSGS
++ fprintf(stderr, "Memory error\n");
++#endif
++ return NULL;
++ }
++ ldns_dname2canonical(cann);
++
++ hashed_owner_str_len = salt_length + ldns_rdf_size(cann);
++ hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len);
++ if(!hashed_owner_str) {
++ ldns_rdf_deep_free(cann);
++ return NULL;
++ }
++ memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann));
++ memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length);
++ ldns_rdf_deep_free(cann);
++
++ for (cur_it = iterations + 1; cur_it > 0; cur_it--) {
++ (void) ldns_sha1((unsigned char *) hashed_owner_str,
++ (unsigned int) hashed_owner_str_len, hash);
++
++ LDNS_FREE(hashed_owner_str);
++ hashed_owner_str_len = salt_length + LDNS_SHA1_DIGEST_LENGTH;
++ hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len);
++ if (!hashed_owner_str) {
++ return NULL;
++ }
++ memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH);
++ memcpy(hashed_owner_str + LDNS_SHA1_DIGEST_LENGTH, salt, salt_length);
++ hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH + salt_length;
++ }
++
++ LDNS_FREE(hashed_owner_str);
++ hashed_owner_str = hash;
++ hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH;
++
++ hashed_owner_b32 = LDNS_XMALLOC(char,
++ ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1);
++ if(!hashed_owner_b32) {
++ return NULL;
++ }
++ hashed_owner_b32_len = (size_t) ldns_b32_ntop_extended_hex(
++ (uint8_t *) hashed_owner_str,
++ hashed_owner_str_len,
++ hashed_owner_b32,
++ ldns_b32_ntop_calculate_size(hashed_owner_str_len)+1);
++ if (hashed_owner_b32_len < 1) {
++#ifdef STDERR_MSGS
++ fprintf(stderr, "Error in base32 extended hex encoding ");
++ fprintf(stderr, "of hashed owner name (name: ");
++ ldns_rdf_print(stderr, name);
++ fprintf(stderr, ", return code: %u)\n",
++ (unsigned int) hashed_owner_b32_len);
++#endif
++ LDNS_FREE(hashed_owner_b32);
++ return NULL;
++ }
++ hashed_owner_b32[hashed_owner_b32_len] = '\0';
++
++ status = ldns_str2rdf_dname(&hashed_owner, hashed_owner_b32);
++ if (status != LDNS_STATUS_OK) {
++#ifdef STDERR_MSGS
++ fprintf(stderr, "Error creating rdf from %s\n", hashed_owner_b32);
++#endif
++ LDNS_FREE(hashed_owner_b32);
++ return NULL;
++ }
++
++ LDNS_FREE(hashed_owner_b32);
++ return hashed_owner;
++}
++
++void
++ldns_nsec3_add_param_rdfs(ldns_rr *rr,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt)
++{
++ ldns_rdf *salt_rdf = NULL;
++ uint8_t *salt_data = NULL;
++ ldns_rdf *old;
++
++ old = ldns_rr_set_rdf(rr,
++ ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8,
++ 1, (void*)&algorithm),
++ 0);
++ if (old) ldns_rdf_deep_free(old);
++
++ old = ldns_rr_set_rdf(rr,
++ ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8,
++ 1, (void*)&flags),
++ 1);
++ if (old) ldns_rdf_deep_free(old);
++
++ old = ldns_rr_set_rdf(rr,
++ ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
++ iterations),
++ 2);
++ if (old) ldns_rdf_deep_free(old);
++
++ salt_data = LDNS_XMALLOC(uint8_t, salt_length + 1);
++ if(!salt_data) {
++ /* no way to return error */
++ return;
++ }
++ salt_data[0] = salt_length;
++ memcpy(salt_data + 1, salt, salt_length);
++ salt_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT,
++ salt_length + 1,
++ salt_data);
++ if(!salt_rdf) {
++ LDNS_FREE(salt_data);
++ /* no way to return error */
++ return;
++ }
++
++ old = ldns_rr_set_rdf(rr, salt_rdf, 3);
++ if (old) ldns_rdf_deep_free(old);
++ LDNS_FREE(salt_data);
++}
++
++static int
++rr_list_delegation_only(ldns_rdf *origin, ldns_rr_list *rr_list)
++{
++ size_t i;
++ ldns_rr *cur_rr;
++ if (!origin || !rr_list) return 0;
++ for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
++ cur_rr = ldns_rr_list_rr(rr_list, i);
++ if (ldns_dname_compare(ldns_rr_owner(cur_rr), origin) == 0) {
++ return 0;
++ }
++ if (ldns_rr_get_type(cur_rr) != LDNS_RR_TYPE_NS) {
++ return 0;
++ }
++ }
++ return 1;
++}
++
++/* this will NOT return the NSEC3 completed, you will have to run the
++ finalize function on the rrlist later! */
++ldns_rr *
++ldns_create_nsec3(ldns_rdf *cur_owner,
++ ldns_rdf *cur_zone,
++ ldns_rr_list *rrs,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt,
++ bool emptynonterminal)
++{
++ size_t i;
++ ldns_rr *i_rr;
++ uint16_t i_type;
++
++ ldns_rr *nsec = NULL;
++ ldns_rdf *hashed_owner = NULL;
++
++ ldns_status status;
++
++ ldns_rr_type i_type_list[1024];
++ size_t type_count = 0;
++
++ hashed_owner = ldns_nsec3_hash_name(cur_owner,
++ algorithm,
++ iterations,
++ salt_length,
++ salt);
++ status = ldns_dname_cat(hashed_owner, cur_zone);
++ if(status != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(hashed_owner);
++ return NULL;
++ }
++ nsec = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3);
++ if(!nsec) {
++ ldns_rdf_deep_free(hashed_owner);
++ return NULL;
++ }
++ ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC3);
++ ldns_rr_set_owner(nsec, hashed_owner);
++
++ ldns_nsec3_add_param_rdfs(nsec,
++ algorithm,
++ flags,
++ iterations,
++ salt_length,
++ salt);
++ (void) ldns_rr_set_rdf(nsec, NULL, 4);
++
++
++ for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
++ i_rr = ldns_rr_list_rr(rrs, i);
++ if (ldns_rdf_compare(cur_owner,
++ ldns_rr_owner(i_rr)) == 0) {
++ i_type = ldns_rr_get_type(i_rr);
++ if (type_count == 0 || i_type_list[type_count-1] != i_type) {
++ i_type_list[type_count] = i_type;
++ type_count++;
++ }
++ }
++ }
++
++ /* add RRSIG anyway, but only if this is not an ENT or
++ * an unsigned delegation */
++ if (!emptynonterminal && !rr_list_delegation_only(cur_zone, rrs)) {
++ i_type_list[type_count] = LDNS_RR_TYPE_RRSIG;
++ type_count++;
++ }
++
++ /* and SOA if owner == zone */
++ if (ldns_dname_compare(cur_zone, cur_owner) == 0) {
++ i_type_list[type_count] = LDNS_RR_TYPE_SOA;
++ type_count++;
++ }
++
++ ldns_rr_push_rdf(nsec,
++ ldns_dnssec_create_nsec_bitmap(i_type_list,
++ type_count, LDNS_RR_TYPE_NSEC3));
++
++ return nsec;
++}
++
++uint8_t
++ldns_nsec3_algorithm(const ldns_rr *nsec3_rr)
++{
++ if (nsec3_rr &&
++ (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 ||
++ ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM)
++ && (ldns_rr_rdf(nsec3_rr, 0) != NULL)
++ && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 0)) > 0) {
++ return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 0));
++ }
++ return 0;
++}
++
++uint8_t
++ldns_nsec3_flags(const ldns_rr *nsec3_rr)
++{
++ if (nsec3_rr &&
++ (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 ||
++ ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM)
++ && (ldns_rr_rdf(nsec3_rr, 1) != NULL)
++ && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 1)) > 0) {
++ return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 1));
++ }
++ return 0;
++}
++
++bool
++ldns_nsec3_optout(const ldns_rr *nsec3_rr)
++{
++ return (ldns_nsec3_flags(nsec3_rr) & LDNS_NSEC3_VARS_OPTOUT_MASK);
++}
++
++uint16_t
++ldns_nsec3_iterations(const ldns_rr *nsec3_rr)
++{
++ if (nsec3_rr &&
++ (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 ||
++ ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM)
++ && (ldns_rr_rdf(nsec3_rr, 2) != NULL)
++ && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 2)) > 0) {
++ return ldns_rdf2native_int16(ldns_rr_rdf(nsec3_rr, 2));
++ }
++ return 0;
++
++}
++
++ldns_rdf *
++ldns_nsec3_salt(const ldns_rr *nsec3_rr)
++{
++ if (nsec3_rr &&
++ (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 ||
++ ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM)
++ ) {
++ return ldns_rr_rdf(nsec3_rr, 3);
++ }
++ return NULL;
++}
++
++uint8_t
++ldns_nsec3_salt_length(const ldns_rr *nsec3_rr)
++{
++ ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr);
++ if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) {
++ return (uint8_t) ldns_rdf_data(salt_rdf)[0];
++ }
++ return 0;
++}
++
++/* allocs data, free with LDNS_FREE() */
++uint8_t *
++ldns_nsec3_salt_data(const ldns_rr *nsec3_rr)
++{
++ uint8_t salt_length;
++ uint8_t *salt;
++
++ ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr);
++ if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) {
++ salt_length = ldns_rdf_data(salt_rdf)[0];
++ salt = LDNS_XMALLOC(uint8_t, salt_length);
++ if(!salt) return NULL;
++ memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length);
++ return salt;
++ }
++ return NULL;
++}
++
++ldns_rdf *
++ldns_nsec3_next_owner(const ldns_rr *nsec3_rr)
++{
++ if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) {
++ return NULL;
++ } else {
++ return ldns_rr_rdf(nsec3_rr, 4);
++ }
++}
++
++ldns_rdf *
++ldns_nsec3_bitmap(const ldns_rr *nsec3_rr)
++{
++ if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) {
++ return NULL;
++ } else {
++ return ldns_rr_rdf(nsec3_rr, 5);
++ }
++}
++
++ldns_rdf *
++ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name)
++{
++ uint8_t algorithm;
++ uint16_t iterations;
++ uint8_t salt_length;
++ uint8_t *salt = 0;
++
++ ldns_rdf *hashed_owner;
++
++ algorithm = ldns_nsec3_algorithm(nsec);
++ salt_length = ldns_nsec3_salt_length(nsec);
++ salt = ldns_nsec3_salt_data(nsec);
++ iterations = ldns_nsec3_iterations(nsec);
++
++ hashed_owner = ldns_nsec3_hash_name(name,
++ algorithm,
++ iterations,
++ salt_length,
++ salt);
++
++ LDNS_FREE(salt);
++ return hashed_owner;
++}
++
++bool
++ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type)
++{
++ uint8_t* dptr;
++ uint8_t* dend;
++
++ /* From RFC3845 Section 2.1.2:
++ *
++ * "The RR type space is split into 256 window blocks, each re-
++ * presenting the low-order 8 bits of the 16-bit RR type space."
++ */
++ uint8_t window = type >> 8;
++ uint8_t subtype = type & 0xff;
++
++ if (! bitmap) {
++ return false;
++ }
++ assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP);
++
++ dptr = ldns_rdf_data(bitmap);
++ dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap);
++
++ /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) +
++ * dptr[0] dptr[1] dptr[2:]
++ */
++ while (dptr < dend && dptr[0] <= window) {
++
++ if (dptr[0] == window && subtype / 8 < dptr[1] &&
++ dptr + dptr[1] + 2 <= dend) {
++
++ return dptr[2 + subtype / 8] & (0x80 >> (subtype % 8));
++ }
++ dptr += dptr[1] + 2; /* next window */
++ }
++ return false;
++}
++
++ldns_status
++ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type)
++{
++ uint8_t* dptr;
++ uint8_t* dend;
++
++ /* From RFC3845 Section 2.1.2:
++ *
++ * "The RR type space is split into 256 window blocks, each re-
++ * presenting the low-order 8 bits of the 16-bit RR type space."
++ */
++ uint8_t window = type >> 8;
++ uint8_t subtype = type & 0xff;
++
++ if (! bitmap) {
++ return false;
++ }
++ assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP);
++
++ dptr = ldns_rdf_data(bitmap);
++ dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap);
++
++ /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) +
++ * dptr[0] dptr[1] dptr[2:]
++ */
++ while (dptr < dend && dptr[0] <= window) {
++
++ if (dptr[0] == window && subtype / 8 < dptr[1] &&
++ dptr + dptr[1] + 2 <= dend) {
++
++ dptr[2 + subtype / 8] |= (0x80 >> (subtype % 8));
++ return LDNS_STATUS_OK;
++ }
++ dptr += dptr[1] + 2; /* next window */
++ }
++ return LDNS_STATUS_TYPE_NOT_IN_BITMAP;
++}
++
++ldns_status
++ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type)
++{
++ uint8_t* dptr;
++ uint8_t* dend;
++
++ /* From RFC3845 Section 2.1.2:
++ *
++ * "The RR type space is split into 256 window blocks, each re-
++ * presenting the low-order 8 bits of the 16-bit RR type space."
++ */
++ uint8_t window = type >> 8;
++ uint8_t subtype = type & 0xff;
++
++ if (! bitmap) {
++ return false;
++ }
++
++ assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP);
++
++ dptr = ldns_rdf_data(bitmap);
++ dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap);
++
++ /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) +
++ * dptr[0] dptr[1] dptr[2:]
++ */
++ while (dptr < dend && dptr[0] <= window) {
++
++ if (dptr[0] == window && subtype / 8 < dptr[1] &&
++ dptr + dptr[1] + 2 <= dend) {
++
++ dptr[2 + subtype / 8] &= ~(0x80 >> (subtype % 8));
++ return LDNS_STATUS_OK;
++ }
++ dptr += dptr[1] + 2; /* next window */
++ }
++ return LDNS_STATUS_TYPE_NOT_IN_BITMAP;
++}
++
++
++bool
++ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name)
++{
++ ldns_rdf *nsec_owner = ldns_rr_owner(nsec);
++ ldns_rdf *hash_next;
++ char *next_hash_str;
++ ldns_rdf *nsec_next = NULL;
++ ldns_status status;
++ ldns_rdf *chopped_dname;
++ bool result;
++
++ if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) {
++ if (ldns_rr_rdf(nsec, 0) != NULL) {
++ nsec_next = ldns_rdf_clone(ldns_rr_rdf(nsec, 0));
++ } else {
++ return false;
++ }
++ } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) {
++ hash_next = ldns_nsec3_next_owner(nsec);
++ next_hash_str = ldns_rdf2str(hash_next);
++ nsec_next = ldns_dname_new_frm_str(next_hash_str);
++ LDNS_FREE(next_hash_str);
++ chopped_dname = ldns_dname_left_chop(nsec_owner);
++ status = ldns_dname_cat(nsec_next, chopped_dname);
++ ldns_rdf_deep_free(chopped_dname);
++ if (status != LDNS_STATUS_OK) {
++ printf("error catting: %s\n", ldns_get_errorstr_by_id(status));
++ }
++ } else {
++ ldns_rdf_deep_free(nsec_next);
++ return false;
++ }
++
++ /* in the case of the last nsec */
++ if(ldns_dname_compare(nsec_owner, nsec_next) > 0) {
++ result = (ldns_dname_compare(nsec_owner, name) <= 0 ||
++ ldns_dname_compare(name, nsec_next) < 0);
++ } else if(ldns_dname_compare(nsec_owner, nsec_next) < 0) {
++ result = (ldns_dname_compare(nsec_owner, name) <= 0 &&
++ ldns_dname_compare(name, nsec_next) < 0);
++ } else {
++ result = true;
++ }
++
++ ldns_rdf_deep_free(nsec_next);
++ return result;
++}
++
++#ifdef HAVE_SSL
++/* sig may be null - if so look in the packet */
++
++ldns_status
++ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
++ ldns_rr_list *k, ldns_rr_list *s,
++ time_t check_time, ldns_rr_list *good_keys)
++{
++ ldns_rr_list *rrset;
++ ldns_rr_list *sigs;
++ ldns_rr_list *sigs_covered;
++ ldns_rdf *rdf_t;
++ ldns_rr_type t_netorder;
++
++ if (!k) {
++ return LDNS_STATUS_ERR;
++ /* return LDNS_STATUS_CRYPTO_NO_DNSKEY; */
++ }
++
++ if (t == LDNS_RR_TYPE_RRSIG) {
++ /* we don't have RRSIG(RRSIG) (yet? ;-) ) */
++ return LDNS_STATUS_ERR;
++ }
++
++ if (s) {
++ /* if s is not NULL, the sigs are given to use */
++ sigs = s;
++ } else {
++ /* otherwise get them from the packet */
++ sigs = ldns_pkt_rr_list_by_name_and_type(p, o,
++ LDNS_RR_TYPE_RRSIG,
++ LDNS_SECTION_ANY_NOQUESTION);
++ if (!sigs) {
++ /* no sigs */
++ return LDNS_STATUS_ERR;
++ /* return LDNS_STATUS_CRYPTO_NO_RRSIG; */
++ }
++ }
++
++ /* rrsig are subtyped, so now we need to find the correct
++ * sigs for the type t
++ */
++ t_netorder = htons(t); /* rdf are in network order! */
++ /* a type identifier is a 16-bit number, so the size is 2 bytes */
++ rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, 2, &t_netorder);
++
++ sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0);
++ ldns_rdf_free(rdf_t);
++ if (! sigs_covered) {
++ if (! s) {
++ ldns_rr_list_deep_free(sigs);
++ }
++ return LDNS_STATUS_ERR;
++ }
++ ldns_rr_list_deep_free(sigs_covered);
++
++ rrset = ldns_pkt_rr_list_by_name_and_type(p, o, t,
++ LDNS_SECTION_ANY_NOQUESTION);
++ if (!rrset) {
++ if (! s) {
++ ldns_rr_list_deep_free(sigs);
++ }
++ return LDNS_STATUS_ERR;
++ }
++ return ldns_verify_time(rrset, sigs, k, check_time, good_keys);
++}
++
++ldns_status
++ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
++ ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys)
++{
++ return ldns_pkt_verify_time(p, t, o, k, s, ldns_time(NULL), good_keys);
++}
++#endif /* HAVE_SSL */
++
++ldns_status
++ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs)
++{
++ size_t i;
++ char *next_nsec_owner_str;
++ ldns_rdf *next_nsec_owner_label;
++ ldns_rdf *next_nsec_rdf;
++ ldns_status status = LDNS_STATUS_OK;
++
++ for (i = 0; i < ldns_rr_list_rr_count(nsec3_rrs); i++) {
++ if (i == ldns_rr_list_rr_count(nsec3_rrs) - 1) {
++ next_nsec_owner_label =
++ ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs,
++ 0)), 0);
++ next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label);
++ if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
++ == '.') {
++ next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
++ = '\0';
++ }
++ status = ldns_str2rdf_b32_ext(&next_nsec_rdf,
++ next_nsec_owner_str);
++ if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i),
++ next_nsec_rdf, 4)) {
++ /* todo: error */
++ }
++
++ ldns_rdf_deep_free(next_nsec_owner_label);
++ LDNS_FREE(next_nsec_owner_str);
++ } else {
++ next_nsec_owner_label =
++ ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs,
++ i + 1)),
++ 0);
++ next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label);
++ if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
++ == '.') {
++ next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
++ = '\0';
++ }
++ status = ldns_str2rdf_b32_ext(&next_nsec_rdf,
++ next_nsec_owner_str);
++ ldns_rdf_deep_free(next_nsec_owner_label);
++ LDNS_FREE(next_nsec_owner_str);
++ if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i),
++ next_nsec_rdf, 4)) {
++ /* todo: error */
++ }
++ }
++ }
++ return status;
++}
++
++int
++qsort_rr_compare_nsec3(const void *a, const void *b)
++{
++ const ldns_rr *rr1 = * (const ldns_rr **) a;
++ const ldns_rr *rr2 = * (const ldns_rr **) b;
++ if (rr1 == NULL && rr2 == NULL) {
++ return 0;
++ }
++ if (rr1 == NULL) {
++ return -1;
++ }
++ if (rr2 == NULL) {
++ return 1;
++ }
++ return ldns_rdf_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2));
++}
++
++void
++ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted)
++{
++ qsort(unsorted->_rrs,
++ ldns_rr_list_rr_count(unsorted),
++ sizeof(ldns_rr *),
++ qsort_rr_compare_nsec3);
++}
++
++int
++ldns_dnssec_default_add_to_signatures( ATTR_UNUSED(ldns_rr *sig)
++ , ATTR_UNUSED(void *n)
++ )
++{
++ return LDNS_SIGNATURE_LEAVE_ADD_NEW;
++}
++
++int
++ldns_dnssec_default_leave_signatures( ATTR_UNUSED(ldns_rr *sig)
++ , ATTR_UNUSED(void *n)
++ )
++{
++ return LDNS_SIGNATURE_LEAVE_NO_ADD;
++}
++
++int
++ldns_dnssec_default_delete_signatures( ATTR_UNUSED(ldns_rr *sig)
++ , ATTR_UNUSED(void *n)
++ )
++{
++ return LDNS_SIGNATURE_REMOVE_NO_ADD;
++}
++
++int
++ldns_dnssec_default_replace_signatures( ATTR_UNUSED(ldns_rr *sig)
++ , ATTR_UNUSED(void *n)
++ )
++{
++ return LDNS_SIGNATURE_REMOVE_ADD_NEW;
++}
++
++#ifdef HAVE_SSL
++ldns_rdf *
++ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
++ const long sig_len)
++{
++ ldns_rdf *sigdata_rdf;
++ DSA_SIG *dsasig;
++ unsigned char *dsasig_data = (unsigned char*)ldns_buffer_begin(sig);
++ size_t byte_offset;
++
++ dsasig = d2i_DSA_SIG(NULL,
++ (const unsigned char **)&dsasig_data,
++ sig_len);
++ if (!dsasig) {
++ DSA_SIG_free(dsasig);
++ return NULL;
++ }
++
++ dsasig_data = LDNS_XMALLOC(unsigned char, 41);
++ if(!dsasig_data) {
++ DSA_SIG_free(dsasig);
++ return NULL;
++ }
++ dsasig_data[0] = 0;
++ byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r));
++ if (byte_offset > 20) {
++ DSA_SIG_free(dsasig);
++ LDNS_FREE(dsasig_data);
++ return NULL;
++ }
++ memset(&dsasig_data[1], 0, byte_offset);
++ BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]);
++ byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s));
++ if (byte_offset > 20) {
++ DSA_SIG_free(dsasig);
++ LDNS_FREE(dsasig_data);
++ return NULL;
++ }
++ memset(&dsasig_data[21], 0, byte_offset);
++ BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]);
++
++ sigdata_rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, 41, dsasig_data);
++ if(!sigdata_rdf) {
++ LDNS_FREE(dsasig_data);
++ }
++ DSA_SIG_free(dsasig);
++
++ return sigdata_rdf;
++}
++
++ldns_status
++ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
++ const ldns_rdf *sig_rdf)
++{
++ /* the EVP api wants the DER encoding of the signature... */
++ BIGNUM *R, *S;
++ DSA_SIG *dsasig;
++ unsigned char *raw_sig = NULL;
++ int raw_sig_len;
++
++ if(ldns_rdf_size(sig_rdf) < 1 + 2*SHA_DIGEST_LENGTH)
++ return LDNS_STATUS_SYNTAX_RDATA_ERR;
++ /* extract the R and S field from the sig buffer */
++ R = BN_new();
++ if(!R) return LDNS_STATUS_MEM_ERR;
++ (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 1,
++ SHA_DIGEST_LENGTH, R);
++ S = BN_new();
++ if(!S) {
++ BN_free(R);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 21,
++ SHA_DIGEST_LENGTH, S);
++
++ dsasig = DSA_SIG_new();
++ if (!dsasig) {
++ BN_free(R);
++ BN_free(S);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ dsasig->r = R;
++ dsasig->s = S;
++
++ raw_sig_len = i2d_DSA_SIG(dsasig, &raw_sig);
++ if (raw_sig_len < 0) {
++ DSA_SIG_free(dsasig);
++ free(raw_sig);
++ return LDNS_STATUS_SSL_ERR;
++ }
++ if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) {
++ ldns_buffer_write(target_buffer, raw_sig, (size_t)raw_sig_len);
++ }
++
++ DSA_SIG_free(dsasig);
++ free(raw_sig);
++
++ return ldns_buffer_status(target_buffer);
++}
++
++#ifdef USE_ECDSA
++#ifndef S_SPLINT_S
++ldns_rdf *
++ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
++{
++ ECDSA_SIG* ecdsa_sig;
++ unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
++ ldns_rdf* rdf;
++ ecdsa_sig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&data, sig_len);
++ if(!ecdsa_sig) return NULL;
++
++ /* "r | s". */
++ data = LDNS_XMALLOC(unsigned char,
++ BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s));
++ if(!data) {
++ ECDSA_SIG_free(ecdsa_sig);
++ return NULL;
++ }
++ BN_bn2bin(ecdsa_sig->r, data);
++ BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r));
++ rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)(
++ BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)), data);
++ ECDSA_SIG_free(ecdsa_sig);
++ return rdf;
++}
++
++ldns_status
++ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
++ const ldns_rdf *sig_rdf)
++{
++ ECDSA_SIG* sig;
++ int raw_sig_len;
++ long bnsize = (long)ldns_rdf_size(sig_rdf) / 2;
++ /* if too short, or not even length, do not bother */
++ if(bnsize < 16 || (size_t)bnsize*2 != ldns_rdf_size(sig_rdf))
++ return LDNS_STATUS_ERR;
++
++ /* use the raw data to parse two evenly long BIGNUMs, "r | s". */
++ sig = ECDSA_SIG_new();
++ if(!sig) return LDNS_STATUS_MEM_ERR;
++ sig->r = BN_bin2bn((const unsigned char*)ldns_rdf_data(sig_rdf),
++ bnsize, sig->r);
++ sig->s = BN_bin2bn((const unsigned char*)ldns_rdf_data(sig_rdf)+bnsize,
++ bnsize, sig->s);
++ if(!sig->r || !sig->s) {
++ ECDSA_SIG_free(sig);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ raw_sig_len = i2d_ECDSA_SIG(sig, NULL);
++ if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) {
++ unsigned char* pp = (unsigned char*)
++ ldns_buffer_current(target_buffer);
++ raw_sig_len = i2d_ECDSA_SIG(sig, &pp);
++ ldns_buffer_skip(target_buffer, (ssize_t) raw_sig_len);
++ }
++ ECDSA_SIG_free(sig);
++
++ return ldns_buffer_status(target_buffer);
++}
++
++#endif /* S_SPLINT_S */
++#endif /* USE_ECDSA */
++#endif /* HAVE_SSL */
+diff --git a/ldns/src/dnssec_sign.c b/ldns/src/dnssec_sign.c
+new file mode 100644
+index 0000000..4af882a
+--- /dev/null
++++ b/ldns/src/dnssec_sign.c
+@@ -0,0 +1,1456 @@
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#include <ldns/dnssec.h>
++#include <ldns/dnssec_sign.h>
++
++#include <strings.h>
++#include <time.h>
++
++#ifdef HAVE_SSL
++/* this entire file is rather useless when you don't have
++ * crypto...
++ */
++#include <openssl/ssl.h>
++#include <openssl/evp.h>
++#include <openssl/rand.h>
++#include <openssl/err.h>
++#include <openssl/md5.h>
++#endif /* HAVE_SSL */
++
++ldns_rr *
++ldns_create_empty_rrsig(ldns_rr_list *rrset,
++ ldns_key *current_key)
++{
++ uint32_t orig_ttl;
++ ldns_rr_class orig_class;
++ time_t now;
++ ldns_rr *current_sig;
++ uint8_t label_count;
++ ldns_rdf *signame;
++
++ label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset,
++ 0)));
++ /* RFC4035 2.2: not counting the leftmost label if it is a wildcard */
++ if(ldns_dname_is_wildcard(ldns_rr_owner(ldns_rr_list_rr(rrset, 0))))
++ label_count --;
++
++ current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG);
++
++ /* set the type on the new signature */
++ orig_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrset, 0));
++ orig_class = ldns_rr_get_class(ldns_rr_list_rr(rrset, 0));
++
++ ldns_rr_set_ttl(current_sig, orig_ttl);
++ ldns_rr_set_class(current_sig, orig_class);
++ ldns_rr_set_owner(current_sig,
++ ldns_rdf_clone(
++ ldns_rr_owner(
++ ldns_rr_list_rr(rrset,
++ 0))));
++
++ /* fill in what we know of the signature */
++
++ /* set the orig_ttl */
++ (void)ldns_rr_rrsig_set_origttl(
++ current_sig,
++ ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
++ orig_ttl));
++ /* the signers name */
++ signame = ldns_rdf_clone(ldns_key_pubkey_owner(current_key));
++ ldns_dname2canonical(signame);
++ (void)ldns_rr_rrsig_set_signame(
++ current_sig,
++ signame);
++ /* label count - get it from the first rr in the rr_list */
++ (void)ldns_rr_rrsig_set_labels(
++ current_sig,
++ ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8,
++ label_count));
++ /* inception, expiration */
++ now = time(NULL);
++ if (ldns_key_inception(current_key) != 0) {
++ (void)ldns_rr_rrsig_set_inception(
++ current_sig,
++ ldns_native2rdf_int32(
++ LDNS_RDF_TYPE_TIME,
++ ldns_key_inception(current_key)));
++ } else {
++ (void)ldns_rr_rrsig_set_inception(
++ current_sig,
++ ldns_native2rdf_int32(LDNS_RDF_TYPE_TIME, now));
++ }
++ if (ldns_key_expiration(current_key) != 0) {
++ (void)ldns_rr_rrsig_set_expiration(
++ current_sig,
++ ldns_native2rdf_int32(
++ LDNS_RDF_TYPE_TIME,
++ ldns_key_expiration(current_key)));
++ } else {
++ (void)ldns_rr_rrsig_set_expiration(
++ current_sig,
++ ldns_native2rdf_int32(
++ LDNS_RDF_TYPE_TIME,
++ now + LDNS_DEFAULT_EXP_TIME));
++ }
++
++ (void)ldns_rr_rrsig_set_keytag(
++ current_sig,
++ ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
++ ldns_key_keytag(current_key)));
++
++ (void)ldns_rr_rrsig_set_algorithm(
++ current_sig,
++ ldns_native2rdf_int8(
++ LDNS_RDF_TYPE_ALG,
++ ldns_key_algorithm(current_key)));
++
++ (void)ldns_rr_rrsig_set_typecovered(
++ current_sig,
++ ldns_native2rdf_int16(
++ LDNS_RDF_TYPE_TYPE,
++ ldns_rr_get_type(ldns_rr_list_rr(rrset,
++ 0))));
++ return current_sig;
++}
++
++#ifdef HAVE_SSL
++ldns_rdf *
++ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
++{
++ ldns_rdf *b64rdf = NULL;
++
++ switch(ldns_key_algorithm(current_key)) {
++ case LDNS_SIGN_DSA:
++ case LDNS_SIGN_DSA_NSEC3:
++ b64rdf = ldns_sign_public_evp(
++ sign_buf,
++ ldns_key_evp_key(current_key),
++ EVP_dss1());
++ break;
++ case LDNS_SIGN_RSASHA1:
++ case LDNS_SIGN_RSASHA1_NSEC3:
++ b64rdf = ldns_sign_public_evp(
++ sign_buf,
++ ldns_key_evp_key(current_key),
++ EVP_sha1());
++ break;
++#ifdef USE_SHA2
++ case LDNS_SIGN_RSASHA256:
++ b64rdf = ldns_sign_public_evp(
++ sign_buf,
++ ldns_key_evp_key(current_key),
++ EVP_sha256());
++ break;
++ case LDNS_SIGN_RSASHA512:
++ b64rdf = ldns_sign_public_evp(
++ sign_buf,
++ ldns_key_evp_key(current_key),
++ EVP_sha512());
++ break;
++#endif /* USE_SHA2 */
++#ifdef USE_GOST
++ case LDNS_SIGN_ECC_GOST:
++ b64rdf = ldns_sign_public_evp(
++ sign_buf,
++ ldns_key_evp_key(current_key),
++ EVP_get_digestbyname("md_gost94"));
++ break;
++#endif /* USE_GOST */
++#ifdef USE_ECDSA
++ case LDNS_SIGN_ECDSAP256SHA256:
++ b64rdf = ldns_sign_public_evp(
++ sign_buf,
++ ldns_key_evp_key(current_key),
++ EVP_sha256());
++ break;
++ case LDNS_SIGN_ECDSAP384SHA384:
++ b64rdf = ldns_sign_public_evp(
++ sign_buf,
++ ldns_key_evp_key(current_key),
++ EVP_sha384());
++ break;
++#endif
++ case LDNS_SIGN_RSAMD5:
++ b64rdf = ldns_sign_public_evp(
++ sign_buf,
++ ldns_key_evp_key(current_key),
++ EVP_md5());
++ break;
++ default:
++ /* do _you_ know this alg? */
++ printf("unknown algorithm, ");
++ printf("is the one used available on this system?\n");
++ break;
++ }
++
++ return b64rdf;
++}
++
++/**
++ * use this function to sign with a public/private key alg
++ * return the created signatures
++ */
++ldns_rr_list *
++ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
++{
++ ldns_rr_list *signatures;
++ ldns_rr_list *rrset_clone;
++ ldns_rr *current_sig;
++ ldns_rdf *b64rdf;
++ ldns_key *current_key;
++ size_t key_count;
++ uint16_t i;
++ ldns_buffer *sign_buf;
++ ldns_rdf *new_owner;
++
++ if (!rrset || ldns_rr_list_rr_count(rrset) < 1 || !keys) {
++ return NULL;
++ }
++
++ new_owner = NULL;
++
++ signatures = ldns_rr_list_new();
++
++ /* prepare a signature and add all the know data
++ * prepare the rrset. Sign this together. */
++ rrset_clone = ldns_rr_list_clone(rrset);
++ if (!rrset_clone) {
++ return NULL;
++ }
++
++ /* make it canonical */
++ for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) {
++ ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i),
++ ldns_rr_ttl(ldns_rr_list_rr(rrset, 0)));
++ ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i));
++ }
++ /* sort */
++ ldns_rr_list_sort(rrset_clone);
++
++ for (key_count = 0;
++ key_count < ldns_key_list_key_count(keys);
++ key_count++) {
++ if (!ldns_key_use(ldns_key_list_key(keys, key_count))) {
++ continue;
++ }
++ sign_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ if (!sign_buf) {
++ ldns_rr_list_free(rrset_clone);
++ ldns_rr_list_free(signatures);
++ ldns_rdf_free(new_owner);
++ return NULL;
++ }
++ b64rdf = NULL;
++
++ current_key = ldns_key_list_key(keys, key_count);
++ /* sign all RRs with keys that have ZSKbit, !SEPbit.
++ sign DNSKEY RRs with keys that have ZSKbit&SEPbit */
++ if (ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY) {
++ current_sig = ldns_create_empty_rrsig(rrset_clone,
++ current_key);
++
++ /* right now, we have: a key, a semi-sig and an rrset. For
++ * which we can create the sig and base64 encode that and
++ * add that to the signature */
++
++ if (ldns_rrsig2buffer_wire(sign_buf, current_sig)
++ != LDNS_STATUS_OK) {
++ ldns_buffer_free(sign_buf);
++ /* ERROR */
++ ldns_rr_list_deep_free(rrset_clone);
++ ldns_rr_free(current_sig);
++ ldns_rr_list_deep_free(signatures);
++ return NULL;
++ }
++
++ /* add the rrset in sign_buf */
++ if (ldns_rr_list2buffer_wire(sign_buf, rrset_clone)
++ != LDNS_STATUS_OK) {
++ ldns_buffer_free(sign_buf);
++ ldns_rr_list_deep_free(rrset_clone);
++ ldns_rr_free(current_sig);
++ ldns_rr_list_deep_free(signatures);
++ return NULL;
++ }
++
++ b64rdf = ldns_sign_public_buffer(sign_buf, current_key);
++
++ if (!b64rdf) {
++ /* signing went wrong */
++ ldns_rr_list_deep_free(rrset_clone);
++ ldns_rr_free(current_sig);
++ ldns_rr_list_deep_free(signatures);
++ return NULL;
++ }
++
++ ldns_rr_rrsig_set_sig(current_sig, b64rdf);
++
++ /* push the signature to the signatures list */
++ ldns_rr_list_push_rr(signatures, current_sig);
++ }
++ ldns_buffer_free(sign_buf); /* restart for the next key */
++ }
++ ldns_rr_list_deep_free(rrset_clone);
++
++ return signatures;
++}
++
++/**
++ * Sign data with DSA
++ *
++ * \param[in] to_sign The ldns_buffer containing raw data that is
++ * to be signed
++ * \param[in] key The DSA key structure to sign with
++ * \return ldns_rdf for the RRSIG ldns_rr
++ */
++ldns_rdf *
++ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
++{
++ unsigned char *sha1_hash;
++ ldns_rdf *sigdata_rdf;
++ ldns_buffer *b64sig;
++
++ DSA_SIG *sig;
++ uint8_t *data;
++ size_t pad;
++
++ b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ if (!b64sig) {
++ return NULL;
++ }
++
++ sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign),
++ ldns_buffer_position(to_sign), NULL);
++ if (!sha1_hash) {
++ ldns_buffer_free(b64sig);
++ return NULL;
++ }
++
++ sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key);
++ if(!sig) {
++ ldns_buffer_free(b64sig);
++ return NULL;
++ }
++
++ data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH);
++ if(!data) {
++ ldns_buffer_free(b64sig);
++ DSA_SIG_free(sig);
++ return NULL;
++ }
++
++ data[0] = 1;
++ pad = 20 - (size_t) BN_num_bytes(sig->r);
++ if (pad > 0) {
++ memset(data + 1, 0, pad);
++ }
++ BN_bn2bin(sig->r, (unsigned char *) (data + 1) + pad);
++
++ pad = 20 - (size_t) BN_num_bytes(sig->s);
++ if (pad > 0) {
++ memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad);
++ }
++ BN_bn2bin(sig->s, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad));
++
++ sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64,
++ 1 + 2 * SHA_DIGEST_LENGTH,
++ data);
++
++ ldns_buffer_free(b64sig);
++ LDNS_FREE(data);
++ DSA_SIG_free(sig);
++
++ return sigdata_rdf;
++}
++
++#ifdef USE_ECDSA
++#ifndef S_SPLINT_S
++static int
++ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
++{
++ EC_KEY* ec;
++ const EC_GROUP* g;
++ if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC)
++ return 0;
++ ec = EVP_PKEY_get1_EC_KEY(pkey);
++ g = EC_KEY_get0_group(ec);
++ if(!g) {
++ EC_KEY_free(ec);
++ return 0;
++ }
++ if(EC_GROUP_get_curve_name(g) == NID_secp224r1 ||
++ EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 ||
++ EC_GROUP_get_curve_name(g) == NID_secp384r1) {
++ EC_KEY_free(ec);
++ return 1;
++ }
++ /* downref the eckey, the original is still inside the pkey */
++ EC_KEY_free(ec);
++ return 0;
++}
++#endif /* splint */
++#endif /* USE_ECDSA */
++
++ldns_rdf *
++ldns_sign_public_evp(ldns_buffer *to_sign,
++ EVP_PKEY *key,
++ const EVP_MD *digest_type)
++{
++ unsigned int siglen;
++ ldns_rdf *sigdata_rdf;
++ ldns_buffer *b64sig;
++ EVP_MD_CTX ctx;
++ const EVP_MD *md_type;
++ int r;
++
++ siglen = 0;
++ b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ if (!b64sig) {
++ return NULL;
++ }
++
++ /* initializes a signing context */
++ md_type = digest_type;
++ if(!md_type) {
++ /* unknown message difest */
++ ldns_buffer_free(b64sig);
++ return NULL;
++ }
++
++ EVP_MD_CTX_init(&ctx);
++ r = EVP_SignInit(&ctx, md_type);
++ if(r == 1) {
++ r = EVP_SignUpdate(&ctx, (unsigned char*)
++ ldns_buffer_begin(to_sign),
++ ldns_buffer_position(to_sign));
++ } else {
++ ldns_buffer_free(b64sig);
++ return NULL;
++ }
++ if(r == 1) {
++ r = EVP_SignFinal(&ctx, (unsigned char*)
++ ldns_buffer_begin(b64sig), &siglen, key);
++ } else {
++ ldns_buffer_free(b64sig);
++ return NULL;
++ }
++ if(r != 1) {
++ ldns_buffer_free(b64sig);
++ return NULL;
++ }
++
++ /* unfortunately, OpenSSL output is differenct from DNS DSA format */
++#ifndef S_SPLINT_S
++ if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
++ sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen);
++#ifdef USE_ECDSA
++ } else if(EVP_PKEY_type(key->type) == EVP_PKEY_EC &&
++ ldns_pkey_is_ecdsa(key)) {
++ sigdata_rdf = ldns_convert_ecdsa_rrsig_asn12rdf(b64sig, siglen);
++#endif
++ } else {
++ /* ok output for other types is the same */
++ sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen,
++ ldns_buffer_begin(b64sig));
++ }
++#endif /* splint */
++ ldns_buffer_free(b64sig);
++ EVP_MD_CTX_cleanup(&ctx);
++ return sigdata_rdf;
++}
++
++ldns_rdf *
++ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key)
++{
++ unsigned char *sha1_hash;
++ unsigned int siglen;
++ ldns_rdf *sigdata_rdf;
++ ldns_buffer *b64sig;
++ int result;
++
++ siglen = 0;
++ b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ if (!b64sig) {
++ return NULL;
++ }
++
++ sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign),
++ ldns_buffer_position(to_sign), NULL);
++ if (!sha1_hash) {
++ ldns_buffer_free(b64sig);
++ return NULL;
++ }
++
++ result = RSA_sign(NID_sha1, sha1_hash, SHA_DIGEST_LENGTH,
++ (unsigned char*)ldns_buffer_begin(b64sig),
++ &siglen, key);
++ if (result != 1) {
++ ldns_buffer_free(b64sig);
++ return NULL;
++ }
++
++ sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen,
++ ldns_buffer_begin(b64sig));
++ ldns_buffer_free(b64sig); /* can't free this buffer ?? */
++ return sigdata_rdf;
++}
++
++ldns_rdf *
++ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key)
++{
++ unsigned char *md5_hash;
++ unsigned int siglen;
++ ldns_rdf *sigdata_rdf;
++ ldns_buffer *b64sig;
++
++ b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ if (!b64sig) {
++ return NULL;
++ }
++
++ md5_hash = MD5((unsigned char*)ldns_buffer_begin(to_sign),
++ ldns_buffer_position(to_sign), NULL);
++ if (!md5_hash) {
++ ldns_buffer_free(b64sig);
++ return NULL;
++ }
++
++ RSA_sign(NID_md5, md5_hash, MD5_DIGEST_LENGTH,
++ (unsigned char*)ldns_buffer_begin(b64sig),
++ &siglen, key);
++
++ sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen,
++ ldns_buffer_begin(b64sig));
++ ldns_buffer_free(b64sig);
++ return sigdata_rdf;
++}
++#endif /* HAVE_SSL */
++
++/**
++ * Pushes all rrs from the rrsets of type A and AAAA on gluelist.
++ */
++static ldns_status
++ldns_dnssec_addresses_on_glue_list(
++ ldns_dnssec_rrsets *cur_rrset,
++ ldns_rr_list *glue_list)
++{
++ ldns_dnssec_rrs *cur_rrs;
++ while (cur_rrset) {
++ if (cur_rrset->type == LDNS_RR_TYPE_A
++ || cur_rrset->type == LDNS_RR_TYPE_AAAA) {
++ for (cur_rrs = cur_rrset->rrs;
++ cur_rrs;
++ cur_rrs = cur_rrs->next) {
++ if (cur_rrs->rr) {
++ if (!ldns_rr_list_push_rr(glue_list,
++ cur_rrs->rr)) {
++ return LDNS_STATUS_MEM_ERR;
++ /* ldns_rr_list_push_rr()
++ * returns false when unable
++ * to increase the capacity
++ * of the ldsn_rr_list
++ */
++ }
++ }
++ }
++ }
++ cur_rrset = cur_rrset->next;
++ }
++ return LDNS_STATUS_OK;
++}
++
++/**
++ * Marks the names in the zone that are occluded. Those names will be skipped
++ * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
++ * function. But watch out! Names that are partially occluded (like glue with
++ * the same name as the delegation) will not be marked and should specifically
++ * be taken into account separately.
++ *
++ * When glue_list is given (not NULL), in the process of marking the names, all
++ * glue resource records will be pushed to that list, even glue at delegation names.
++ *
++ * \param[in] zone the zone in which to mark the names
++ * \param[in] glue_list the list to which to push the glue rrs
++ * \return LDNS_STATUS_OK on success, an error code otherwise
++ */
++ldns_status
++ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
++ ldns_rr_list *glue_list)
++{
++ ldns_rbnode_t *node;
++ ldns_dnssec_name *name;
++ ldns_rdf *owner;
++ ldns_rdf *cut = NULL; /* keeps track of zone cuts */
++ /* When the cut is caused by a delegation, below_delegation will be 1.
++ * When caused by a DNAME, below_delegation will be 0.
++ */
++ int below_delegation = -1; /* init suppresses comiler warning */
++ ldns_status s;
++
++ if (!zone || !zone->names) {
++ return LDNS_STATUS_NULL;
++ }
++ for (node = ldns_rbtree_first(zone->names);
++ node != LDNS_RBTREE_NULL;
++ node = ldns_rbtree_next(node)) {
++ name = (ldns_dnssec_name *) node->data;
++ owner = ldns_dnssec_name_name(name);
++
++ if (cut) {
++ /* The previous node was a zone cut, or a subdomain
++ * below a zone cut. Is this node (still) a subdomain
++ * below the cut? Then the name is occluded. Unless
++ * the name contains a SOA, after which we are
++ * authoritative again.
++ *
++ * FIXME! If there are labels in between the SOA and
++ * the cut, going from the authoritative space (below
++ * the SOA) up into occluded space again, will not be
++ * detected with the contruct below!
++ */
++ if (ldns_dname_is_subdomain(owner, cut) &&
++ !ldns_dnssec_rrsets_contains_type(
++ name->rrsets, LDNS_RR_TYPE_SOA)) {
++
++ if (below_delegation && glue_list) {
++ s = ldns_dnssec_addresses_on_glue_list(
++ name->rrsets, glue_list);
++ if (s != LDNS_STATUS_OK) {
++ return s;
++ }
++ }
++ name->is_glue = true; /* Mark occluded name! */
++ continue;
++ } else {
++ cut = NULL;
++ }
++ }
++
++ /* The node is not below a zone cut. Is it a zone cut itself?
++ * Everything below a SOA is authoritative of course; Except
++ * when the name also contains a DNAME :).
++ */
++ if (ldns_dnssec_rrsets_contains_type(
++ name->rrsets, LDNS_RR_TYPE_NS)
++ && !ldns_dnssec_rrsets_contains_type(
++ name->rrsets, LDNS_RR_TYPE_SOA)) {
++ cut = owner;
++ below_delegation = 1;
++ if (glue_list) { /* record glue on the zone cut */
++ s = ldns_dnssec_addresses_on_glue_list(
++ name->rrsets, glue_list);
++ if (s != LDNS_STATUS_OK) {
++ return s;
++ }
++ }
++ } else if (ldns_dnssec_rrsets_contains_type(
++ name->rrsets, LDNS_RR_TYPE_DNAME)) {
++ cut = owner;
++ below_delegation = 0;
++ }
++ }
++ return LDNS_STATUS_OK;
++}
++
++/**
++ * Marks the names in the zone that are occluded. Those names will be skipped
++ * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
++ * function. But watch out! Names that are partially occluded (like glue with
++ * the same name as the delegation) will not be marked and should specifically
++ * be taken into account separately.
++ *
++ * \param[in] zone the zone in which to mark the names
++ * \return LDNS_STATUS_OK on success, an error code otherwise
++ */
++ldns_status
++ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
++{
++ return ldns_dnssec_zone_mark_and_get_glue(zone, NULL);
++}
++
++ldns_rbnode_t *
++ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node)
++{
++ ldns_rbnode_t *next_node = NULL;
++ ldns_dnssec_name *next_name = NULL;
++ bool done = false;
++
++ if (node == LDNS_RBTREE_NULL) {
++ return NULL;
++ }
++ next_node = node;
++ while (!done) {
++ if (next_node == LDNS_RBTREE_NULL) {
++ return NULL;
++ } else {
++ next_name = (ldns_dnssec_name *)next_node->data;
++ if (!next_name->is_glue) {
++ done = true;
++ } else {
++ next_node = ldns_rbtree_next(next_node);
++ }
++ }
++ }
++ return next_node;
++}
++
++ldns_status
++ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs)
++{
++
++ ldns_rbnode_t *first_node, *cur_node, *next_node;
++ ldns_dnssec_name *cur_name, *next_name;
++ ldns_rr *nsec_rr;
++ uint32_t nsec_ttl;
++ ldns_dnssec_rrsets *soa;
++
++ /* the TTL of NSEC rrs should be set to the minimum TTL of
++ * the zone SOA (RFC4035 Section 2.3)
++ */
++ soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA);
++
++ /* did the caller actually set it? if not,
++ * fall back to default ttl
++ */
++ if (soa && soa->rrs && soa->rrs->rr
++ && (ldns_rr_rdf(soa->rrs->rr, 6) != NULL)) {
++ nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6));
++ } else {
++ nsec_ttl = LDNS_DEFAULT_TTL;
++ }
++
++ first_node = ldns_dnssec_name_node_next_nonglue(
++ ldns_rbtree_first(zone->names));
++ cur_node = first_node;
++ if (cur_node) {
++ next_node = ldns_dnssec_name_node_next_nonglue(
++ ldns_rbtree_next(cur_node));
++ } else {
++ next_node = NULL;
++ }
++
++ while (cur_node && next_node) {
++ cur_name = (ldns_dnssec_name *)cur_node->data;
++ next_name = (ldns_dnssec_name *)next_node->data;
++ nsec_rr = ldns_dnssec_create_nsec(cur_name,
++ next_name,
++ LDNS_RR_TYPE_NSEC);
++ ldns_rr_set_ttl(nsec_rr, nsec_ttl);
++ if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){
++ ldns_rr_free(nsec_rr);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_rr_list_push_rr(new_rrs, nsec_rr);
++ cur_node = next_node;
++ if (cur_node) {
++ next_node = ldns_dnssec_name_node_next_nonglue(
++ ldns_rbtree_next(cur_node));
++ }
++ }
++
++ if (cur_node && !next_node) {
++ cur_name = (ldns_dnssec_name *)cur_node->data;
++ next_name = (ldns_dnssec_name *)first_node->data;
++ nsec_rr = ldns_dnssec_create_nsec(cur_name,
++ next_name,
++ LDNS_RR_TYPE_NSEC);
++ ldns_rr_set_ttl(nsec_rr, nsec_ttl);
++ if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){
++ ldns_rr_free(nsec_rr);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_rr_list_push_rr(new_rrs, nsec_rr);
++ } else {
++ printf("error\n");
++ }
++
++ return LDNS_STATUS_OK;
++}
++
++#ifdef HAVE_SSL
++static void
++ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) {
++ (void) arg;
++ LDNS_FREE(node);
++}
++
++static ldns_status
++ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt,
++ ldns_rbtree_t **map)
++{
++ ldns_rbnode_t *first_name_node;
++ ldns_rbnode_t *current_name_node;
++ ldns_dnssec_name *current_name;
++ ldns_status result = LDNS_STATUS_OK;
++ ldns_rr *nsec_rr;
++ ldns_rr_list *nsec3_list;
++ uint32_t nsec_ttl;
++ ldns_dnssec_rrsets *soa;
++ ldns_rbnode_t *hashmap_node;
++
++ if (!zone || !new_rrs || !zone->names) {
++ return LDNS_STATUS_ERR;
++ }
++
++ /* the TTL of NSEC rrs should be set to the minimum TTL of
++ * the zone SOA (RFC4035 Section 2.3)
++ */
++ soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA);
++
++ /* did the caller actually set it? if not,
++ * fall back to default ttl
++ */
++ if (soa && soa->rrs && soa->rrs->rr
++ && ldns_rr_rdf(soa->rrs->rr, 6) != NULL) {
++ nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6));
++ } else {
++ nsec_ttl = LDNS_DEFAULT_TTL;
++ }
++
++ if (zone->hashed_names) {
++ ldns_traverse_postorder(zone->hashed_names,
++ ldns_hashed_names_node_free, NULL);
++ LDNS_FREE(zone->hashed_names);
++ }
++ zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v);
++ if (zone->hashed_names && map) {
++ *map = zone->hashed_names;
++ }
++
++ first_name_node = ldns_dnssec_name_node_next_nonglue(
++ ldns_rbtree_first(zone->names));
++
++ current_name_node = first_name_node;
++
++ while (current_name_node && current_name_node != LDNS_RBTREE_NULL &&
++ result == LDNS_STATUS_OK) {
++
++ current_name = (ldns_dnssec_name *) current_name_node->data;
++ nsec_rr = ldns_dnssec_create_nsec3(current_name,
++ NULL,
++ zone->soa->name,
++ algorithm,
++ flags,
++ iterations,
++ salt_length,
++ salt);
++ /* by default, our nsec based generator adds rrsigs
++ * remove the bitmap for empty nonterminals */
++ if (!current_name->rrsets) {
++ ldns_rdf_deep_free(ldns_rr_pop_rdf(nsec_rr));
++ }
++ ldns_rr_set_ttl(nsec_rr, nsec_ttl);
++ result = ldns_dnssec_name_add_rr(current_name, nsec_rr);
++ ldns_rr_list_push_rr(new_rrs, nsec_rr);
++ if (ldns_rr_owner(nsec_rr)) {
++ hashmap_node = LDNS_MALLOC(ldns_rbnode_t);
++ if (hashmap_node == NULL) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ current_name->hashed_name =
++ ldns_dname_label(ldns_rr_owner(nsec_rr), 0);
++
++ if (current_name->hashed_name == NULL) {
++ LDNS_FREE(hashmap_node);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ hashmap_node->key = current_name->hashed_name;
++ hashmap_node->data = current_name;
++
++ if (! ldns_rbtree_insert(zone->hashed_names
++ , hashmap_node)) {
++ LDNS_FREE(hashmap_node);
++ }
++ }
++ current_name_node = ldns_dnssec_name_node_next_nonglue(
++ ldns_rbtree_next(current_name_node));
++ }
++ if (result != LDNS_STATUS_OK) {
++ return result;
++ }
++
++ /* Make sorted list of nsec3s (via zone->hashed_names)
++ */
++ nsec3_list = ldns_rr_list_new();
++ if (nsec3_list == NULL) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ for ( hashmap_node = ldns_rbtree_first(zone->hashed_names)
++ ; hashmap_node != LDNS_RBTREE_NULL
++ ; hashmap_node = ldns_rbtree_next(hashmap_node)
++ ) {
++ current_name = (ldns_dnssec_name *) hashmap_node->data;
++ nsec_rr = ((ldns_dnssec_name *) hashmap_node->data)->nsec;
++ if (nsec_rr) {
++ ldns_rr_list_push_rr(nsec3_list, nsec_rr);
++ }
++ }
++ result = ldns_dnssec_chain_nsec3_list(nsec3_list);
++ ldns_rr_list_free(nsec3_list);
++
++ return result;
++}
++
++ldns_status
++ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt)
++{
++ return ldns_dnssec_zone_create_nsec3s_mkmap(zone, new_rrs, algorithm,
++ flags, iterations, salt_length, salt, NULL);
++
++}
++#endif /* HAVE_SSL */
++
++ldns_dnssec_rrs *
++ldns_dnssec_remove_signatures( ldns_dnssec_rrs *signatures
++ , ATTR_UNUSED(ldns_key_list *key_list)
++ , int (*func)(ldns_rr *, void *)
++ , void *arg
++ )
++{
++ ldns_dnssec_rrs *base_rrs = signatures;
++ ldns_dnssec_rrs *cur_rr = base_rrs;
++ ldns_dnssec_rrs *prev_rr = NULL;
++ ldns_dnssec_rrs *next_rr;
++
++ uint16_t keytag;
++ size_t i;
++
++ if (!cur_rr) {
++ switch(func(NULL, arg)) {
++ case LDNS_SIGNATURE_LEAVE_ADD_NEW:
++ case LDNS_SIGNATURE_REMOVE_ADD_NEW:
++ break;
++ case LDNS_SIGNATURE_LEAVE_NO_ADD:
++ case LDNS_SIGNATURE_REMOVE_NO_ADD:
++ ldns_key_list_set_use(key_list, false);
++ break;
++ default:
++#ifdef STDERR_MSGS
++ fprintf(stderr, "[XX] unknown return value from callback\n");
++#endif
++ break;
++ }
++ return NULL;
++ }
++ (void)func(cur_rr->rr, arg);
++
++ while (cur_rr) {
++ next_rr = cur_rr->next;
++
++ switch (func(cur_rr->rr, arg)) {
++ case LDNS_SIGNATURE_LEAVE_ADD_NEW:
++ prev_rr = cur_rr;
++ break;
++ case LDNS_SIGNATURE_LEAVE_NO_ADD:
++ keytag = ldns_rdf2native_int16(
++ ldns_rr_rrsig_keytag(cur_rr->rr));
++ for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
++ if (ldns_key_keytag(ldns_key_list_key(key_list, i)) ==
++ keytag) {
++ ldns_key_set_use(ldns_key_list_key(key_list, i),
++ false);
++ }
++ }
++ prev_rr = cur_rr;
++ break;
++ case LDNS_SIGNATURE_REMOVE_NO_ADD:
++ keytag = ldns_rdf2native_int16(
++ ldns_rr_rrsig_keytag(cur_rr->rr));
++ for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
++ if (ldns_key_keytag(ldns_key_list_key(key_list, i))
++ == keytag) {
++ ldns_key_set_use(ldns_key_list_key(key_list, i),
++ false);
++ }
++ }
++ if (prev_rr) {
++ prev_rr->next = next_rr;
++ } else {
++ base_rrs = next_rr;
++ }
++ LDNS_FREE(cur_rr);
++ break;
++ case LDNS_SIGNATURE_REMOVE_ADD_NEW:
++ if (prev_rr) {
++ prev_rr->next = next_rr;
++ } else {
++ base_rrs = next_rr;
++ }
++ LDNS_FREE(cur_rr);
++ break;
++ default:
++#ifdef STDERR_MSGS
++ fprintf(stderr, "[XX] unknown return value from callback\n");
++#endif
++ break;
++ }
++ cur_rr = next_rr;
++ }
++
++ return base_rrs;
++}
++
++#ifdef HAVE_SSL
++ldns_status
++ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void*),
++ void *arg)
++{
++ return ldns_dnssec_zone_create_rrsigs_flg(zone, new_rrs, key_list,
++ func, arg, 0);
++}
++
++/** If there are KSKs use only them and mark ZSKs unused */
++static void
++ldns_key_list_filter_for_dnskey(ldns_key_list *key_list)
++{
++ int saw_ksk = 0;
++ size_t i;
++ for(i=0; i<ldns_key_list_key_count(key_list); i++)
++ if((ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY)) {
++ saw_ksk = 1;
++ break;
++ }
++ if(!saw_ksk)
++ return;
++ for(i=0; i<ldns_key_list_key_count(key_list); i++)
++ if(!(ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY))
++ ldns_key_set_use(ldns_key_list_key(key_list, i), 0);
++}
++
++/** If there are no ZSKs use KSK as ZSK */
++static void
++ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list)
++{
++ int saw_zsk = 0;
++ size_t i;
++ for(i=0; i<ldns_key_list_key_count(key_list); i++)
++ if(!(ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY)) {
++ saw_zsk = 1;
++ break;
++ }
++ if(!saw_zsk)
++ return;
++ /* else filter all KSKs */
++ for(i=0; i<ldns_key_list_key_count(key_list); i++)
++ if((ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY))
++ ldns_key_set_use(ldns_key_list_key(key_list, i), 0);
++}
++
++ldns_status
++ldns_dnssec_zone_create_rrsigs_flg( ldns_dnssec_zone *zone
++ , ldns_rr_list *new_rrs
++ , ldns_key_list *key_list
++ , int (*func)(ldns_rr *, void*)
++ , void *arg
++ , int flags
++ )
++{
++ ldns_status result = LDNS_STATUS_OK;
++
++ ldns_rbnode_t *cur_node;
++ ldns_rr_list *rr_list;
++
++ ldns_dnssec_name *cur_name;
++ ldns_dnssec_rrsets *cur_rrset;
++ ldns_dnssec_rrs *cur_rr;
++
++ ldns_rr_list *siglist;
++
++ size_t i;
++
++ int on_delegation_point = 0; /* handle partially occluded names */
++
++ ldns_rr_list *pubkey_list = ldns_rr_list_new();
++ for (i = 0; i<ldns_key_list_key_count(key_list); i++) {
++ ldns_rr_list_push_rr( pubkey_list
++ , ldns_key2rr(ldns_key_list_key(
++ key_list, i))
++ );
++ }
++ /* TODO: callback to see is list should be signed */
++ /* TODO: remove 'old' signatures from signature list */
++ cur_node = ldns_rbtree_first(zone->names);
++ while (cur_node != LDNS_RBTREE_NULL) {
++ cur_name = (ldns_dnssec_name *) cur_node->data;
++
++ if (!cur_name->is_glue) {
++ on_delegation_point = ldns_dnssec_rrsets_contains_type(
++ cur_name->rrsets, LDNS_RR_TYPE_NS)
++ && !ldns_dnssec_rrsets_contains_type(
++ cur_name->rrsets, LDNS_RR_TYPE_SOA);
++ cur_rrset = cur_name->rrsets;
++ while (cur_rrset) {
++ /* reset keys to use */
++ ldns_key_list_set_use(key_list, true);
++
++ /* walk through old sigs, remove the old,
++ and mark which keys (not) to use) */
++ cur_rrset->signatures =
++ ldns_dnssec_remove_signatures(cur_rrset->signatures,
++ key_list,
++ func,
++ arg);
++ if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK) &&
++ cur_rrset->type == LDNS_RR_TYPE_DNSKEY)
++ ldns_key_list_filter_for_dnskey(key_list);
++
++ if(cur_rrset->type != LDNS_RR_TYPE_DNSKEY)
++ ldns_key_list_filter_for_non_dnskey(key_list);
++
++ /* TODO: just set count to zero? */
++ rr_list = ldns_rr_list_new();
++
++ cur_rr = cur_rrset->rrs;
++ while (cur_rr) {
++ ldns_rr_list_push_rr(rr_list, cur_rr->rr);
++ cur_rr = cur_rr->next;
++ }
++
++ /* only sign non-delegation RRsets */
++ /* (glue should have been marked earlier,
++ * except on the delegation points itself) */
++ if (!on_delegation_point ||
++ ldns_rr_list_type(rr_list)
++ == LDNS_RR_TYPE_DS ||
++ ldns_rr_list_type(rr_list)
++ == LDNS_RR_TYPE_NSEC ||
++ ldns_rr_list_type(rr_list)
++ == LDNS_RR_TYPE_NSEC3) {
++ siglist = ldns_sign_public(rr_list, key_list);
++ for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) {
++ if (cur_rrset->signatures) {
++ result = ldns_dnssec_rrs_add_rr(cur_rrset->signatures,
++ ldns_rr_list_rr(siglist,
++ i));
++ } else {
++ cur_rrset->signatures = ldns_dnssec_rrs_new();
++ cur_rrset->signatures->rr =
++ ldns_rr_list_rr(siglist, i);
++ }
++ if (new_rrs) {
++ ldns_rr_list_push_rr(new_rrs,
++ ldns_rr_list_rr(siglist,
++ i));
++ }
++ }
++ ldns_rr_list_free(siglist);
++ }
++
++ ldns_rr_list_free(rr_list);
++
++ cur_rrset = cur_rrset->next;
++ }
++
++ /* sign the nsec */
++ ldns_key_list_set_use(key_list, true);
++ cur_name->nsec_signatures =
++ ldns_dnssec_remove_signatures(cur_name->nsec_signatures,
++ key_list,
++ func,
++ arg);
++ ldns_key_list_filter_for_non_dnskey(key_list);
++
++ rr_list = ldns_rr_list_new();
++ ldns_rr_list_push_rr(rr_list, cur_name->nsec);
++ siglist = ldns_sign_public(rr_list, key_list);
++
++ for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) {
++ if (cur_name->nsec_signatures) {
++ result = ldns_dnssec_rrs_add_rr(cur_name->nsec_signatures,
++ ldns_rr_list_rr(siglist, i));
++ } else {
++ cur_name->nsec_signatures = ldns_dnssec_rrs_new();
++ cur_name->nsec_signatures->rr =
++ ldns_rr_list_rr(siglist, i);
++ }
++ if (new_rrs) {
++ ldns_rr_list_push_rr(new_rrs,
++ ldns_rr_list_rr(siglist, i));
++ }
++ }
++
++ ldns_rr_list_free(siglist);
++ ldns_rr_list_free(rr_list);
++ }
++ cur_node = ldns_rbtree_next(cur_node);
++ }
++
++ ldns_rr_list_deep_free(pubkey_list);
++ return result;
++}
++
++ldns_status
++ldns_dnssec_zone_sign(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg)
++{
++ return ldns_dnssec_zone_sign_flg(zone, new_rrs, key_list, func, arg, 0);
++}
++
++ldns_status
++ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg,
++ int flags)
++{
++ ldns_status result = LDNS_STATUS_OK;
++
++ if (!zone || !new_rrs || !key_list) {
++ return LDNS_STATUS_ERR;
++ }
++
++ /* zone is already sorted */
++ result = ldns_dnssec_zone_mark_glue(zone);
++ if (result != LDNS_STATUS_OK) {
++ return result;
++ }
++
++ /* check whether we need to add nsecs */
++ if (zone->names && !((ldns_dnssec_name *)zone->names->root->data)->nsec) {
++ result = ldns_dnssec_zone_create_nsecs(zone, new_rrs);
++ if (result != LDNS_STATUS_OK) {
++ return result;
++ }
++ }
++
++ result = ldns_dnssec_zone_create_rrsigs_flg(zone,
++ new_rrs,
++ key_list,
++ func,
++ arg,
++ flags);
++
++ return result;
++}
++
++ldns_status
++ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt)
++{
++ return ldns_dnssec_zone_sign_nsec3_flg_mkmap(zone, new_rrs, key_list,
++ func, arg, algorithm, flags, iterations, salt_length, salt, 0,
++ NULL);
++}
++
++ldns_status
++ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt,
++ int signflags,
++ ldns_rbtree_t **map)
++{
++ ldns_rr *nsec3, *nsec3param;
++ ldns_status result = LDNS_STATUS_OK;
++
++ /* zone is already sorted */
++ result = ldns_dnssec_zone_mark_glue(zone);
++ if (result != LDNS_STATUS_OK) {
++ return result;
++ }
++
++ /* TODO if there are already nsec3s presents and their
++ * parameters are the same as these, we don't have to recreate
++ */
++ if (zone->names) {
++ /* add empty nonterminals */
++ result = ldns_dnssec_zone_add_empty_nonterminals(zone);
++ if (result != LDNS_STATUS_OK) {
++ return result;
++ }
++
++ nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec;
++ if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) {
++ /* no need to recreate */
++ } else {
++ if (!ldns_dnssec_zone_find_rrset(zone,
++ zone->soa->name,
++ LDNS_RR_TYPE_NSEC3PARAM)) {
++ /* create and add the nsec3param rr */
++ nsec3param =
++ ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAM);
++ ldns_rr_set_owner(nsec3param,
++ ldns_rdf_clone(zone->soa->name));
++ ldns_nsec3_add_param_rdfs(nsec3param,
++ algorithm,
++ flags,
++ iterations,
++ salt_length,
++ salt);
++ /* always set bit 7 of the flags to zero, according to
++ * rfc5155 section 11. The bits are counted from right to left,
++ * so bit 7 in rfc5155 is bit 0 in ldns */
++ ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 0, 0);
++ result = ldns_dnssec_zone_add_rr(zone, nsec3param);
++ if (result != LDNS_STATUS_OK) {
++ return result;
++ }
++ ldns_rr_list_push_rr(new_rrs, nsec3param);
++ }
++ result = ldns_dnssec_zone_create_nsec3s_mkmap(zone,
++ new_rrs,
++ algorithm,
++ flags,
++ iterations,
++ salt_length,
++ salt,
++ map);
++ if (result != LDNS_STATUS_OK) {
++ return result;
++ }
++ }
++
++ result = ldns_dnssec_zone_create_rrsigs_flg(zone,
++ new_rrs,
++ key_list,
++ func,
++ arg,
++ signflags);
++ }
++
++ return result;
++}
++
++ldns_status
++ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone,
++ ldns_rr_list *new_rrs,
++ ldns_key_list *key_list,
++ int (*func)(ldns_rr *, void *),
++ void *arg,
++ uint8_t algorithm,
++ uint8_t flags,
++ uint16_t iterations,
++ uint8_t salt_length,
++ uint8_t *salt,
++ int signflags)
++{
++ return ldns_dnssec_zone_sign_nsec3_flg_mkmap(zone, new_rrs, key_list,
++ func, arg, algorithm, flags, iterations, salt_length, salt,
++ signflags, NULL);
++}
++
++ldns_zone *
++ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list)
++{
++ ldns_dnssec_zone *dnssec_zone;
++ ldns_zone *signed_zone;
++ ldns_rr_list *new_rrs;
++ size_t i;
++
++ signed_zone = ldns_zone_new();
++ dnssec_zone = ldns_dnssec_zone_new();
++
++ (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone));
++ ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone)));
++
++ for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) {
++ (void) ldns_dnssec_zone_add_rr(dnssec_zone,
++ ldns_rr_list_rr(ldns_zone_rrs(zone),
++ i));
++ ldns_zone_push_rr(signed_zone,
++ ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone),
++ i)));
++ }
++
++ new_rrs = ldns_rr_list_new();
++ (void) ldns_dnssec_zone_sign(dnssec_zone,
++ new_rrs,
++ key_list,
++ ldns_dnssec_default_replace_signatures,
++ NULL);
++
++ for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) {
++ ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone),
++ ldns_rr_clone(ldns_rr_list_rr(new_rrs, i)));
++ }
++
++ ldns_rr_list_deep_free(new_rrs);
++ ldns_dnssec_zone_free(dnssec_zone);
++
++ return signed_zone;
++}
++
++ldns_zone *
++ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
++{
++ ldns_dnssec_zone *dnssec_zone;
++ ldns_zone *signed_zone;
++ ldns_rr_list *new_rrs;
++ size_t i;
++
++ signed_zone = ldns_zone_new();
++ dnssec_zone = ldns_dnssec_zone_new();
++
++ (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone));
++ ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone)));
++
++ for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) {
++ (void) ldns_dnssec_zone_add_rr(dnssec_zone,
++ ldns_rr_list_rr(ldns_zone_rrs(zone),
++ i));
++ ldns_zone_push_rr(signed_zone,
++ ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone),
++ i)));
++ }
++
++ new_rrs = ldns_rr_list_new();
++ (void) ldns_dnssec_zone_sign_nsec3(dnssec_zone,
++ new_rrs,
++ key_list,
++ ldns_dnssec_default_replace_signatures,
++ NULL,
++ algorithm,
++ flags,
++ iterations,
++ salt_length,
++ salt);
++
++ for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) {
++ ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone),
++ ldns_rr_clone(ldns_rr_list_rr(new_rrs, i)));
++ }
++
++ ldns_rr_list_deep_free(new_rrs);
++ ldns_dnssec_zone_free(dnssec_zone);
++
++ return signed_zone;
++}
++#endif /* HAVE_SSL */
++
++
+diff --git a/ldns/src/dnssec_verify.c b/ldns/src/dnssec_verify.c
+new file mode 100644
+index 0000000..1af6635
+--- /dev/null
++++ b/ldns/src/dnssec_verify.c
+@@ -0,0 +1,2684 @@
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#include <strings.h>
++#include <time.h>
++
++#ifdef HAVE_SSL
++/* this entire file is rather useless when you don't have
++ * crypto...
++ */
++#include <openssl/ssl.h>
++#include <openssl/evp.h>
++#include <openssl/rand.h>
++#include <openssl/err.h>
++#include <openssl/md5.h>
++
++ldns_dnssec_data_chain *
++ldns_dnssec_data_chain_new(void)
++{
++ ldns_dnssec_data_chain *nc = LDNS_CALLOC(ldns_dnssec_data_chain, 1);
++ if(!nc) return NULL;
++ /*
++ * not needed anymore because CALLOC initalizes everything to zero.
++
++ nc->rrset = NULL;
++ nc->parent_type = 0;
++ nc->parent = NULL;
++ nc->signatures = NULL;
++ nc->packet_rcode = 0;
++ nc->packet_qtype = 0;
++ nc->packet_nodata = false;
++
++ */
++ return nc;
++}
++
++void
++ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain)
++{
++ LDNS_FREE(chain);
++}
++
++void
++ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain)
++{
++ ldns_rr_list_deep_free(chain->rrset);
++ ldns_rr_list_deep_free(chain->signatures);
++ if (chain->parent) {
++ ldns_dnssec_data_chain_deep_free(chain->parent);
++ }
++ LDNS_FREE(chain);
++}
++
++void
++ldns_dnssec_data_chain_print_fmt(FILE *out, const ldns_output_format *fmt,
++ const ldns_dnssec_data_chain *chain)
++{
++ ldns_lookup_table *rcode;
++ const ldns_rr_descriptor *rr_descriptor;
++ if (chain) {
++ ldns_dnssec_data_chain_print_fmt(out, fmt, chain->parent);
++ if (ldns_rr_list_rr_count(chain->rrset) > 0) {
++ rcode = ldns_lookup_by_id(ldns_rcodes,
++ (int) chain->packet_rcode);
++ if (rcode) {
++ fprintf(out, ";; rcode: %s\n", rcode->name);
++ }
++
++ rr_descriptor = ldns_rr_descript(chain->packet_qtype);
++ if (rr_descriptor && rr_descriptor->_name) {
++ fprintf(out, ";; qtype: %s\n", rr_descriptor->_name);
++ } else if (chain->packet_qtype != 0) {
++ fprintf(out, "TYPE%u",
++ chain->packet_qtype);
++ }
++ if (chain->packet_nodata) {
++ fprintf(out, ";; NODATA response\n");
++ }
++ fprintf(out, "rrset:\n");
++ ldns_rr_list_print_fmt(out, fmt, chain->rrset);
++ fprintf(out, "sigs:\n");
++ ldns_rr_list_print_fmt(out, fmt, chain->signatures);
++ fprintf(out, "---\n");
++ } else {
++ fprintf(out, "<no data>\n");
++ }
++ }
++}
++void
++ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain)
++{
++ ldns_dnssec_data_chain_print_fmt(
++ out, ldns_output_format_default, chain);
++}
++
++
++static void
++ldns_dnssec_build_data_chain_dnskey(ldns_resolver *res,
++ uint16_t qflags,
++ const ldns_pkt *pkt,
++ ldns_rr_list *signatures,
++ ldns_dnssec_data_chain *new_chain,
++ ldns_rdf *key_name,
++ ldns_rr_class c) {
++ ldns_rr_list *keys;
++ ldns_pkt *my_pkt;
++ if (signatures && ldns_rr_list_rr_count(signatures) > 0) {
++ new_chain->signatures = ldns_rr_list_clone(signatures);
++ new_chain->parent_type = 0;
++
++ keys = ldns_pkt_rr_list_by_name_and_type(
++ pkt,
++ key_name,
++ LDNS_RR_TYPE_DNSKEY,
++ LDNS_SECTION_ANY_NOQUESTION
++ );
++ if (!keys) {
++ my_pkt = ldns_resolver_query(res,
++ key_name,
++ LDNS_RR_TYPE_DNSKEY,
++ c,
++ qflags);
++ if (my_pkt) {
++ keys = ldns_pkt_rr_list_by_name_and_type(
++ my_pkt,
++ key_name,
++ LDNS_RR_TYPE_DNSKEY,
++ LDNS_SECTION_ANY_NOQUESTION
++ );
++ new_chain->parent = ldns_dnssec_build_data_chain(res,
++ qflags,
++ keys,
++ my_pkt,
++ NULL);
++ new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY;
++ ldns_pkt_free(my_pkt);
++ }
++ } else {
++ new_chain->parent = ldns_dnssec_build_data_chain(res,
++ qflags,
++ keys,
++ pkt,
++ NULL);
++ new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY;
++ }
++ ldns_rr_list_deep_free(keys);
++ }
++}
++
++static void
++ldns_dnssec_build_data_chain_other(ldns_resolver *res,
++ uint16_t qflags,
++ ldns_dnssec_data_chain *new_chain,
++ ldns_rdf *key_name,
++ ldns_rr_class c,
++ ldns_rr_list *dss)
++{
++ /* 'self-signed', parent is a DS */
++
++ /* okay, either we have other keys signing the current one,
++ * or the current
++ * one should have a DS record in the parent zone.
++ * How do we find this out? Try both?
++ *
++ * request DNSKEYS for current zone,
++ * add all signatures to current level
++ */
++ ldns_pkt *my_pkt;
++ ldns_rr_list *signatures2;
++
++ new_chain->parent_type = 1;
++
++ my_pkt = ldns_resolver_query(res,
++ key_name,
++ LDNS_RR_TYPE_DS,
++ c,
++ qflags);
++ if (my_pkt) {
++ dss = ldns_pkt_rr_list_by_name_and_type(my_pkt,
++ key_name,
++ LDNS_RR_TYPE_DS,
++ LDNS_SECTION_ANY_NOQUESTION
++ );
++ if (dss) {
++ new_chain->parent = ldns_dnssec_build_data_chain(res,
++ qflags,
++ dss,
++ my_pkt,
++ NULL);
++ new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS;
++ ldns_rr_list_deep_free(dss);
++ }
++ ldns_pkt_free(my_pkt);
++ }
++
++ my_pkt = ldns_resolver_query(res,
++ key_name,
++ LDNS_RR_TYPE_DNSKEY,
++ c,
++ qflags);
++ if (my_pkt) {
++ signatures2 = ldns_pkt_rr_list_by_name_and_type(my_pkt,
++ key_name,
++ LDNS_RR_TYPE_RRSIG,
++ LDNS_SECTION_ANSWER);
++ if (signatures2) {
++ if (new_chain->signatures) {
++ printf("There were already sigs!\n");
++ ldns_rr_list_deep_free(new_chain->signatures);
++ printf("replacing the old sigs\n");
++ }
++ new_chain->signatures = signatures2;
++ }
++ ldns_pkt_free(my_pkt);
++ }
++}
++
++static ldns_dnssec_data_chain *
++ldns_dnssec_build_data_chain_nokeyname(ldns_resolver *res,
++ uint16_t qflags,
++ ldns_rr *orig_rr,
++ const ldns_rr_list *rrset,
++ ldns_dnssec_data_chain *new_chain)
++{
++ ldns_rdf *possible_parent_name;
++ ldns_pkt *my_pkt;
++ /* apparently we were not able to find a signing key, so
++ we assume the chain ends here
++ */
++ /* try parents for auth denial of DS */
++ if (orig_rr) {
++ possible_parent_name = ldns_rr_owner(orig_rr);
++ } else if (rrset && ldns_rr_list_rr_count(rrset) > 0) {
++ possible_parent_name = ldns_rr_owner(ldns_rr_list_rr(rrset, 0));
++ } else {
++ /* no information to go on, give up */
++ return new_chain;
++ }
++
++ my_pkt = ldns_resolver_query(res,
++ possible_parent_name,
++ LDNS_RR_TYPE_DS,
++ LDNS_RR_CLASS_IN,
++ qflags);
++ if (!my_pkt) {
++ return new_chain;
++ }
++
++ if (ldns_pkt_ancount(my_pkt) > 0) {
++ /* add error, no sigs but DS in parent */
++ /*ldns_pkt_print(stdout, my_pkt);*/
++ ldns_pkt_free(my_pkt);
++ } else {
++ /* are there signatures? */
++ new_chain->parent = ldns_dnssec_build_data_chain(res,
++ qflags,
++ NULL,
++ my_pkt,
++ NULL);
++
++ new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS;
++
++ }
++ return new_chain;
++}
++
++
++ldns_dnssec_data_chain *
++ldns_dnssec_build_data_chain(ldns_resolver *res,
++ uint16_t qflags,
++ const ldns_rr_list *rrset,
++ const ldns_pkt *pkt,
++ ldns_rr *orig_rr)
++{
++ ldns_rr_list *signatures = NULL;
++ ldns_rr_list *dss = NULL;
++
++ ldns_rr_list *my_rrset;
++
++ ldns_pkt *my_pkt;
++
++ ldns_rdf *name = NULL, *key_name = NULL;
++ ldns_rr_type type = 0;
++ ldns_rr_class c = 0;
++
++ bool other_rrset = false;
++
++ ldns_dnssec_data_chain *new_chain = ldns_dnssec_data_chain_new();
++
++ assert(pkt != NULL);
++
++ if (!ldns_dnssec_pkt_has_rrsigs(pkt)) {
++ /* hmm. no dnssec data in the packet. go up to try and deny
++ * DS? */
++ return new_chain;
++ }
++
++ if (orig_rr) {
++ new_chain->rrset = ldns_rr_list_new();
++ ldns_rr_list_push_rr(new_chain->rrset, orig_rr);
++ new_chain->parent = ldns_dnssec_build_data_chain(res,
++ qflags,
++ rrset,
++ pkt,
++ NULL);
++ new_chain->packet_rcode = ldns_pkt_get_rcode(pkt);
++ new_chain->packet_qtype = ldns_rr_get_type(orig_rr);
++ if (ldns_pkt_ancount(pkt) == 0) {
++ new_chain->packet_nodata = true;
++ }
++ return new_chain;
++ }
++
++ if (!rrset || ldns_rr_list_rr_count(rrset) < 1) {
++ /* hmm, no data, do we have denial? only works if pkt was given,
++ otherwise caller has to do the check himself */
++ new_chain->packet_nodata = true;
++ if (pkt) {
++ my_rrset = ldns_pkt_rr_list_by_type(pkt,
++ LDNS_RR_TYPE_NSEC,
++ LDNS_SECTION_ANY_NOQUESTION
++ );
++ if (my_rrset) {
++ if (ldns_rr_list_rr_count(my_rrset) > 0) {
++ type = LDNS_RR_TYPE_NSEC;
++ other_rrset = true;
++ } else {
++ ldns_rr_list_deep_free(my_rrset);
++ my_rrset = NULL;
++ }
++ } else {
++ /* nothing, try nsec3 */
++ my_rrset = ldns_pkt_rr_list_by_type(pkt,
++ LDNS_RR_TYPE_NSEC3,
++ LDNS_SECTION_ANY_NOQUESTION);
++ if (my_rrset) {
++ if (ldns_rr_list_rr_count(my_rrset) > 0) {
++ type = LDNS_RR_TYPE_NSEC3;
++ other_rrset = true;
++ } else {
++ ldns_rr_list_deep_free(my_rrset);
++ my_rrset = NULL;
++ }
++ } else {
++ /* nothing, stop */
++ /* try parent zone? for denied insecure? */
++ return new_chain;
++ }
++ }
++ } else {
++ return new_chain;
++ }
++ } else {
++ my_rrset = (ldns_rr_list *) rrset;
++ }
++
++ if (my_rrset && ldns_rr_list_rr_count(my_rrset) > 0) {
++ new_chain->rrset = ldns_rr_list_clone(my_rrset);
++ name = ldns_rr_owner(ldns_rr_list_rr(my_rrset, 0));
++ type = ldns_rr_get_type(ldns_rr_list_rr(my_rrset, 0));
++ c = ldns_rr_get_class(ldns_rr_list_rr(my_rrset, 0));
++ }
++
++ if (other_rrset) {
++ ldns_rr_list_deep_free(my_rrset);
++ }
++
++ /* normally there will only be 1 signature 'set'
++ but there can be more than 1 denial (wildcards)
++ so check for NSEC
++ */
++ if (type == LDNS_RR_TYPE_NSEC || type == LDNS_RR_TYPE_NSEC3) {
++ /* just throw in all signatures, the tree builder must sort
++ this out */
++ if (pkt) {
++ signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type);
++ } else {
++ my_pkt = ldns_resolver_query(res, name, type, c, qflags);
++ if (my_pkt) {
++ signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type);
++ ldns_pkt_free(my_pkt);
++ }
++ }
++ } else {
++ if (pkt) {
++ signatures =
++ ldns_dnssec_pkt_get_rrsigs_for_name_and_type(pkt,
++ name,
++ type);
++ }
++ if (!signatures) {
++ my_pkt = ldns_resolver_query(res, name, type, c, qflags);
++ if (my_pkt) {
++ signatures =
++ ldns_dnssec_pkt_get_rrsigs_for_name_and_type(my_pkt,
++ name,
++ type);
++ ldns_pkt_free(my_pkt);
++ }
++ }
++ }
++
++ if (signatures && ldns_rr_list_rr_count(signatures) > 0) {
++ key_name = ldns_rr_rdf(ldns_rr_list_rr(signatures, 0), 7);
++ }
++ if (!key_name) {
++ if (signatures) {
++ ldns_rr_list_deep_free(signatures);
++ }
++ return ldns_dnssec_build_data_chain_nokeyname(res,
++ qflags,
++ orig_rr,
++ rrset,
++ new_chain);
++ }
++ if (type != LDNS_RR_TYPE_DNSKEY) {
++ ldns_dnssec_build_data_chain_dnskey(res,
++ qflags,
++ pkt,
++ signatures,
++ new_chain,
++ key_name,
++ c
++ );
++ } else {
++ ldns_dnssec_build_data_chain_other(res,
++ qflags,
++ new_chain,
++ key_name,
++ c,
++ dss
++ );
++ }
++ if (signatures) {
++ ldns_rr_list_deep_free(signatures);
++ }
++ return new_chain;
++}
++
++ldns_dnssec_trust_tree *
++ldns_dnssec_trust_tree_new(void)
++{
++ ldns_dnssec_trust_tree *new_tree = LDNS_XMALLOC(ldns_dnssec_trust_tree,
++ 1);
++ if(!new_tree) return NULL;
++ new_tree->rr = NULL;
++ new_tree->rrset = NULL;
++ new_tree->parent_count = 0;
++
++ return new_tree;
++}
++
++void
++ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree)
++{
++ size_t i;
++ if (tree) {
++ for (i = 0; i < tree->parent_count; i++) {
++ ldns_dnssec_trust_tree_free(tree->parents[i]);
++ }
++ }
++ LDNS_FREE(tree);
++}
++
++size_t
++ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree)
++{
++ size_t result = 0;
++ size_t parent = 0;
++ size_t i;
++
++ for (i = 0; i < tree->parent_count; i++) {
++ parent = ldns_dnssec_trust_tree_depth(tree->parents[i]);
++ if (parent > result) {
++ result = parent;
++ }
++ }
++ return 1 + result;
++}
++
++/* TODO ldns_ */
++static void
++print_tabs(FILE *out, size_t nr, uint8_t *map, size_t treedepth)
++{
++ size_t i;
++ for (i = 0; i < nr; i++) {
++ if (i == nr - 1) {
++ fprintf(out, "|---");
++ } else if (map && i < treedepth && map[i] == 1) {
++ fprintf(out, "| ");
++ } else {
++ fprintf(out, " ");
++ }
++ }
++}
++
++static void
++ldns_dnssec_trust_tree_print_sm_fmt(FILE *out,
++ const ldns_output_format *fmt,
++ ldns_dnssec_trust_tree *tree,
++ size_t tabs,
++ bool extended,
++ uint8_t *sibmap,
++ size_t treedepth)
++{
++ size_t i;
++ const ldns_rr_descriptor *descriptor;
++ bool mapset = false;
++
++ if (!sibmap) {
++ treedepth = ldns_dnssec_trust_tree_depth(tree);
++ sibmap = LDNS_XMALLOC(uint8_t, treedepth);
++ if(!sibmap)
++ return; /* mem err */
++ memset(sibmap, 0, treedepth);
++ mapset = true;
++ }
++
++ if (tree) {
++ if (tree->rr) {
++ print_tabs(out, tabs, sibmap, treedepth);
++ ldns_rdf_print(out, ldns_rr_owner(tree->rr));
++ descriptor = ldns_rr_descript(ldns_rr_get_type(tree->rr));
++
++ if (descriptor->_name) {
++ fprintf(out, " (%s", descriptor->_name);
++ } else {
++ fprintf(out, " (TYPE%d",
++ ldns_rr_get_type(tree->rr));
++ }
++ if (tabs > 0) {
++ if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DNSKEY) {
++ fprintf(out, " keytag: %u",
++ (unsigned int) ldns_calc_keytag(tree->rr));
++ fprintf(out, " alg: ");
++ ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2));
++ fprintf(out, " flags: ");
++ ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0));
++ } else if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DS) {
++ fprintf(out, " keytag: ");
++ ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0));
++ fprintf(out, " digest type: ");
++ ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2));
++ }
++ if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NSEC) {
++ fprintf(out, " ");
++ ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0));
++ fprintf(out, " ");
++ ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 1));
++ }
++ }
++
++ fprintf(out, ")\n");
++ for (i = 0; i < tree->parent_count; i++) {
++ if (tree->parent_count > 1 && i < tree->parent_count - 1) {
++ sibmap[tabs] = 1;
++ } else {
++ sibmap[tabs] = 0;
++ }
++ /* only print errors */
++ if (ldns_rr_get_type(tree->parents[i]->rr) ==
++ LDNS_RR_TYPE_NSEC ||
++ ldns_rr_get_type(tree->parents[i]->rr) ==
++ LDNS_RR_TYPE_NSEC3) {
++ if (tree->parent_status[i] == LDNS_STATUS_OK) {
++ print_tabs(out, tabs + 1, sibmap, treedepth);
++ if (tabs == 0 &&
++ ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS &&
++ ldns_rr_rd_count(tree->rr) > 0) {
++ fprintf(out, "Existence of DS is denied by:\n");
++ } else {
++ fprintf(out, "Existence is denied by:\n");
++ }
++ } else {
++ /* NS records aren't signed */
++ if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS) {
++ fprintf(out, "Existence of DS is denied by:\n");
++ } else {
++ print_tabs(out, tabs + 1, sibmap, treedepth);
++ fprintf(out,
++ "Error in denial of existence: %s\n",
++ ldns_get_errorstr_by_id(
++ tree->parent_status[i]));
++ }
++ }
++ } else
++ if (tree->parent_status[i] != LDNS_STATUS_OK) {
++ print_tabs(out, tabs + 1, sibmap, treedepth);
++ fprintf(out,
++ "%s:\n",
++ ldns_get_errorstr_by_id(
++ tree->parent_status[i]));
++ if (tree->parent_status[i]
++ == LDNS_STATUS_SSL_ERR) {
++ printf("; SSL Error: ");
++ ERR_load_crypto_strings();
++ ERR_print_errors_fp(stdout);
++ printf("\n");
++ }
++ ldns_rr_print_fmt(out, fmt,
++ tree->
++ parent_signature[i]);
++ printf("For RRset:\n");
++ ldns_rr_list_print_fmt(out, fmt,
++ tree->rrset);
++ printf("With key:\n");
++ ldns_rr_print_fmt(out, fmt,
++ tree->parents[i]->rr);
++ }
++ ldns_dnssec_trust_tree_print_sm_fmt(out, fmt,
++ tree->parents[i],
++ tabs+1,
++ extended,
++ sibmap,
++ treedepth);
++ }
++ } else {
++ print_tabs(out, tabs, sibmap, treedepth);
++ fprintf(out, "<no data>\n");
++ }
++ } else {
++ fprintf(out, "<null pointer>\n");
++ }
++
++ if (mapset) {
++ LDNS_FREE(sibmap);
++ }
++}
++
++void
++ldns_dnssec_trust_tree_print_fmt(FILE *out, const ldns_output_format *fmt,
++ ldns_dnssec_trust_tree *tree,
++ size_t tabs,
++ bool extended)
++{
++ ldns_dnssec_trust_tree_print_sm_fmt(out, fmt,
++ tree, tabs, extended, NULL, 0);
++}
++
++void
++ldns_dnssec_trust_tree_print(FILE *out,
++ ldns_dnssec_trust_tree *tree,
++ size_t tabs,
++ bool extended)
++{
++ ldns_dnssec_trust_tree_print_fmt(out, ldns_output_format_default,
++ tree, tabs, extended);
++}
++
++
++ldns_status
++ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree,
++ const ldns_dnssec_trust_tree *parent,
++ const ldns_rr *signature,
++ const ldns_status parent_status)
++{
++ if (tree
++ && parent
++ && tree->parent_count < LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS) {
++ /*
++ printf("Add parent for: ");
++ ldns_rr_print(stdout, tree->rr);
++ printf("parent: ");
++ ldns_rr_print(stdout, parent->rr);
++ */
++ tree->parents[tree->parent_count] =
++ (ldns_dnssec_trust_tree *) parent;
++ tree->parent_status[tree->parent_count] = parent_status;
++ tree->parent_signature[tree->parent_count] = (ldns_rr *) signature;
++ tree->parent_count++;
++ return LDNS_STATUS_OK;
++ } else {
++ return LDNS_STATUS_ERR;
++ }
++}
++
++/* if rr is null, take the first from the rrset */
++ldns_dnssec_trust_tree *
++ldns_dnssec_derive_trust_tree_time(
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *rr,
++ time_t check_time
++ )
++{
++ ldns_rr_list *cur_rrset;
++ ldns_rr_list *cur_sigs;
++ ldns_rr *cur_rr = NULL;
++ ldns_rr *cur_sig_rr;
++ size_t i, j;
++
++ ldns_dnssec_trust_tree *new_tree = ldns_dnssec_trust_tree_new();
++ if(!new_tree)
++ return NULL;
++
++ if (data_chain && data_chain->rrset) {
++ cur_rrset = data_chain->rrset;
++
++ cur_sigs = data_chain->signatures;
++
++ if (rr) {
++ cur_rr = rr;
++ }
++
++ if (!cur_rr && ldns_rr_list_rr_count(cur_rrset) > 0) {
++ cur_rr = ldns_rr_list_rr(cur_rrset, 0);
++ }
++
++ if (cur_rr) {
++ new_tree->rr = cur_rr;
++ new_tree->rrset = cur_rrset;
++ /* there are three possibilities:
++ 1 - 'normal' rrset, signed by a key
++ 2 - dnskey signed by other dnskey
++ 3 - dnskey proven by higher level DS
++ (data denied by nsec is a special case that can
++ occur in multiple places)
++
++ */
++ if (cur_sigs) {
++ for (i = 0; i < ldns_rr_list_rr_count(cur_sigs); i++) {
++ /* find the appropriate key in the parent list */
++ cur_sig_rr = ldns_rr_list_rr(cur_sigs, i);
++
++ if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_NSEC) {
++ if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr),
++ ldns_rr_owner(cur_rr)))
++ {
++ /* find first that does match */
++
++ for (j = 0;
++ j < ldns_rr_list_rr_count(cur_rrset) &&
++ ldns_dname_compare(ldns_rr_owner(cur_sig_rr),ldns_rr_owner(cur_rr)) != 0;
++ j++) {
++ cur_rr = ldns_rr_list_rr(cur_rrset, j);
++
++ }
++ if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr),
++ ldns_rr_owner(cur_rr)))
++ {
++ break;
++ }
++ }
++
++ }
++ /* option 1 */
++ if (data_chain->parent) {
++ ldns_dnssec_derive_trust_tree_normal_rrset_time(
++ new_tree,
++ data_chain,
++ cur_sig_rr,
++ check_time);
++ }
++
++ /* option 2 */
++ ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
++ new_tree,
++ data_chain,
++ cur_rr,
++ cur_sig_rr,
++ check_time);
++ }
++
++ ldns_dnssec_derive_trust_tree_ds_rrset_time(
++ new_tree, data_chain,
++ cur_rr, check_time);
++ } else {
++ /* no signatures? maybe it's nsec data */
++
++ /* just add every rr from parent as new parent */
++ ldns_dnssec_derive_trust_tree_no_sig_time(
++ new_tree, data_chain, check_time);
++ }
++ }
++ }
++
++ return new_tree;
++}
++
++ldns_dnssec_trust_tree *
++ldns_dnssec_derive_trust_tree(ldns_dnssec_data_chain *data_chain, ldns_rr *rr)
++{
++ return ldns_dnssec_derive_trust_tree_time(data_chain, rr, ldns_time(NULL));
++}
++
++void
++ldns_dnssec_derive_trust_tree_normal_rrset_time(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_sig_rr,
++ time_t check_time)
++{
++ size_t i, j;
++ ldns_rr_list *cur_rrset = ldns_rr_list_clone(data_chain->rrset);
++ ldns_dnssec_trust_tree *cur_parent_tree;
++ ldns_rr *cur_parent_rr;
++ uint16_t cur_keytag;
++ ldns_rr_list *tmp_rrset = NULL;
++ ldns_status cur_status;
++
++ cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr));
++
++ for (j = 0; j < ldns_rr_list_rr_count(data_chain->parent->rrset); j++) {
++ cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j);
++ if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) {
++ if (ldns_calc_keytag(cur_parent_rr) == cur_keytag) {
++
++ /* TODO: check wildcard nsec too */
++ if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) {
++ tmp_rrset = cur_rrset;
++ if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0))
++ == LDNS_RR_TYPE_NSEC ||
++ ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0))
++ == LDNS_RR_TYPE_NSEC3) {
++ /* might contain different names!
++ sort and split */
++ ldns_rr_list_sort(cur_rrset);
++ assert(tmp_rrset == cur_rrset);
++ tmp_rrset = ldns_rr_list_pop_rrset(cur_rrset);
++
++ /* with nsecs, this might be the wrong one */
++ while (tmp_rrset &&
++ ldns_rr_list_rr_count(cur_rrset) > 0 &&
++ ldns_dname_compare(
++ ldns_rr_owner(ldns_rr_list_rr(
++ tmp_rrset, 0)),
++ ldns_rr_owner(cur_sig_rr)) != 0) {
++ ldns_rr_list_deep_free(tmp_rrset);
++ tmp_rrset =
++ ldns_rr_list_pop_rrset(cur_rrset);
++ }
++ }
++ cur_status = ldns_verify_rrsig_time(
++ tmp_rrset,
++ cur_sig_rr,
++ cur_parent_rr,
++ check_time);
++ if (tmp_rrset && tmp_rrset != cur_rrset
++ ) {
++ ldns_rr_list_deep_free(
++ tmp_rrset);
++ tmp_rrset = NULL;
++ }
++ /* avoid dupes */
++ for (i = 0; i < new_tree->parent_count; i++) {
++ if (cur_parent_rr == new_tree->parents[i]->rr) {
++ goto done;
++ }
++ }
++
++ cur_parent_tree =
++ ldns_dnssec_derive_trust_tree_time(
++ data_chain->parent,
++ cur_parent_rr,
++ check_time);
++ (void)ldns_dnssec_trust_tree_add_parent(new_tree,
++ cur_parent_tree,
++ cur_sig_rr,
++ cur_status);
++ }
++ }
++ }
++ }
++ done:
++ ldns_rr_list_deep_free(cur_rrset);
++}
++
++void
++ldns_dnssec_derive_trust_tree_normal_rrset(ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_sig_rr)
++{
++ ldns_dnssec_derive_trust_tree_normal_rrset_time(
++ new_tree, data_chain, cur_sig_rr, ldns_time(NULL));
++}
++
++void
++ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_rr,
++ ldns_rr *cur_sig_rr,
++ time_t check_time)
++{
++ size_t j;
++ ldns_rr_list *cur_rrset = data_chain->rrset;
++ ldns_dnssec_trust_tree *cur_parent_tree;
++ ldns_rr *cur_parent_rr;
++ uint16_t cur_keytag;
++ ldns_status cur_status;
++
++ cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr));
++
++ for (j = 0; j < ldns_rr_list_rr_count(cur_rrset); j++) {
++ cur_parent_rr = ldns_rr_list_rr(cur_rrset, j);
++ if (cur_parent_rr != cur_rr &&
++ ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) {
++ if (ldns_calc_keytag(cur_parent_rr) == cur_keytag
++ ) {
++ cur_parent_tree = ldns_dnssec_trust_tree_new();
++ cur_parent_tree->rr = cur_parent_rr;
++ cur_parent_tree->rrset = cur_rrset;
++ cur_status = ldns_verify_rrsig_time(
++ cur_rrset, cur_sig_rr,
++ cur_parent_rr, check_time);
++ (void) ldns_dnssec_trust_tree_add_parent(new_tree,
++ cur_parent_tree, cur_sig_rr, cur_status);
++ }
++ }
++ }
++}
++
++void
++ldns_dnssec_derive_trust_tree_dnskey_rrset(ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_rr,
++ ldns_rr *cur_sig_rr)
++{
++ ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
++ new_tree, data_chain, cur_rr, cur_sig_rr, ldns_time(NULL));
++}
++
++void
++ldns_dnssec_derive_trust_tree_ds_rrset_time(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_rr,
++ time_t check_time)
++{
++ size_t j, h;
++ ldns_rr_list *cur_rrset = data_chain->rrset;
++ ldns_dnssec_trust_tree *cur_parent_tree;
++ ldns_rr *cur_parent_rr;
++
++ /* try the parent to see whether there are DSs there */
++ if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_DNSKEY &&
++ data_chain->parent &&
++ data_chain->parent->rrset
++ ) {
++ for (j = 0;
++ j < ldns_rr_list_rr_count(data_chain->parent->rrset);
++ j++) {
++ cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j);
++ if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DS) {
++ for (h = 0; h < ldns_rr_list_rr_count(cur_rrset); h++) {
++ cur_rr = ldns_rr_list_rr(cur_rrset, h);
++ if (ldns_rr_compare_ds(cur_rr, cur_parent_rr)) {
++ cur_parent_tree =
++ ldns_dnssec_derive_trust_tree_time(
++ data_chain->parent,
++ cur_parent_rr,
++ check_time);
++ (void) ldns_dnssec_trust_tree_add_parent(
++ new_tree,
++ cur_parent_tree,
++ NULL,
++ LDNS_STATUS_OK);
++ } else {
++ /*ldns_rr_print(stdout, cur_parent_rr);*/
++ }
++ }
++ }
++ }
++ }
++}
++
++void
++ldns_dnssec_derive_trust_tree_ds_rrset(ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ ldns_rr *cur_rr)
++{
++ ldns_dnssec_derive_trust_tree_ds_rrset_time(
++ new_tree, data_chain, cur_rr, ldns_time(NULL));
++}
++
++void
++ldns_dnssec_derive_trust_tree_no_sig_time(
++ ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain,
++ time_t check_time)
++{
++ size_t i;
++ ldns_rr_list *cur_rrset;
++ ldns_rr *cur_parent_rr;
++ ldns_dnssec_trust_tree *cur_parent_tree;
++ ldns_status result;
++
++ if (data_chain->parent && data_chain->parent->rrset) {
++ cur_rrset = data_chain->parent->rrset;
++ /* nsec? */
++ if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) {
++ if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) ==
++ LDNS_RR_TYPE_NSEC3) {
++ result = ldns_dnssec_verify_denial_nsec3(
++ new_tree->rr,
++ cur_rrset,
++ data_chain->parent->signatures,
++ data_chain->packet_rcode,
++ data_chain->packet_qtype,
++ data_chain->packet_nodata);
++ } else if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) ==
++ LDNS_RR_TYPE_NSEC) {
++ result = ldns_dnssec_verify_denial(
++ new_tree->rr,
++ cur_rrset,
++ data_chain->parent->signatures);
++ } else {
++ /* unsigned zone, unsigned parent */
++ result = LDNS_STATUS_OK;
++ }
++ } else {
++ result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
++ }
++ for (i = 0; i < ldns_rr_list_rr_count(cur_rrset); i++) {
++ cur_parent_rr = ldns_rr_list_rr(cur_rrset, i);
++ cur_parent_tree =
++ ldns_dnssec_derive_trust_tree_time(
++ data_chain->parent,
++ cur_parent_rr,
++ check_time);
++ (void) ldns_dnssec_trust_tree_add_parent(new_tree,
++ cur_parent_tree, NULL, result);
++ }
++ }
++}
++
++void
++ldns_dnssec_derive_trust_tree_no_sig(ldns_dnssec_trust_tree *new_tree,
++ ldns_dnssec_data_chain *data_chain)
++{
++ ldns_dnssec_derive_trust_tree_no_sig_time(
++ new_tree, data_chain, ldns_time(NULL));
++}
++
++/*
++ * returns OK if there is a path from tree to key with only OK
++ * the (first) error in between otherwise
++ * or NOT_FOUND if the key wasn't present at all
++ */
++ldns_status
++ldns_dnssec_trust_tree_contains_keys(ldns_dnssec_trust_tree *tree,
++ ldns_rr_list *trusted_keys)
++{
++ size_t i;
++ ldns_status result = LDNS_STATUS_CRYPTO_NO_DNSKEY;
++ bool equal;
++ ldns_status parent_result;
++
++ if (tree && trusted_keys && ldns_rr_list_rr_count(trusted_keys) > 0)
++ { if (tree->rr) {
++ for (i = 0; i < ldns_rr_list_rr_count(trusted_keys); i++) {
++ equal = ldns_rr_compare_ds(
++ tree->rr,
++ ldns_rr_list_rr(trusted_keys, i));
++ if (equal) {
++ result = LDNS_STATUS_OK;
++ return result;
++ }
++ }
++ }
++ for (i = 0; i < tree->parent_count; i++) {
++ parent_result =
++ ldns_dnssec_trust_tree_contains_keys(tree->parents[i],
++ trusted_keys);
++ if (parent_result != LDNS_STATUS_CRYPTO_NO_DNSKEY) {
++ if (tree->parent_status[i] != LDNS_STATUS_OK) {
++ result = tree->parent_status[i];
++ } else {
++ if (tree->rr &&
++ ldns_rr_get_type(tree->rr)
++ == LDNS_RR_TYPE_NSEC &&
++ parent_result == LDNS_STATUS_OK
++ ) {
++ result =
++ LDNS_STATUS_DNSSEC_EXISTENCE_DENIED;
++ } else {
++ result = parent_result;
++ }
++ }
++ }
++ }
++ } else {
++ result = LDNS_STATUS_ERR;
++ }
++
++ return result;
++}
++
++ldns_status
++ldns_verify_time(
++ ldns_rr_list *rrset,
++ ldns_rr_list *rrsig,
++ const ldns_rr_list *keys,
++ time_t check_time,
++ ldns_rr_list *good_keys
++ )
++{
++ uint16_t i;
++ ldns_status verify_result = LDNS_STATUS_ERR;
++
++ if (!rrset || !rrsig || !keys) {
++ return LDNS_STATUS_ERR;
++ }
++
++ if (ldns_rr_list_rr_count(rrset) < 1) {
++ return LDNS_STATUS_ERR;
++ }
++
++ if (ldns_rr_list_rr_count(rrsig) < 1) {
++ return LDNS_STATUS_CRYPTO_NO_RRSIG;
++ }
++
++ if (ldns_rr_list_rr_count(keys) < 1) {
++ verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
++ } else {
++ for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) {
++ ldns_status s = ldns_verify_rrsig_keylist_time(
++ rrset, ldns_rr_list_rr(rrsig, i),
++ keys, check_time, good_keys);
++ /* try a little to get more descriptive error */
++ if(s == LDNS_STATUS_OK) {
++ verify_result = LDNS_STATUS_OK;
++ } else if(verify_result == LDNS_STATUS_ERR)
++ verify_result = s;
++ else if(s != LDNS_STATUS_ERR && verify_result ==
++ LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY)
++ verify_result = s;
++ }
++ }
++ return verify_result;
++}
++
++ldns_status
++ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, const ldns_rr_list *keys,
++ ldns_rr_list *good_keys)
++{
++ return ldns_verify_time(rrset, rrsig, keys, ldns_time(NULL), good_keys);
++}
++
++ldns_status
++ldns_verify_notime(ldns_rr_list *rrset, ldns_rr_list *rrsig,
++ const ldns_rr_list *keys, ldns_rr_list *good_keys)
++{
++ uint16_t i;
++ ldns_status verify_result = LDNS_STATUS_ERR;
++
++ if (!rrset || !rrsig || !keys) {
++ return LDNS_STATUS_ERR;
++ }
++
++ if (ldns_rr_list_rr_count(rrset) < 1) {
++ return LDNS_STATUS_ERR;
++ }
++
++ if (ldns_rr_list_rr_count(rrsig) < 1) {
++ return LDNS_STATUS_CRYPTO_NO_RRSIG;
++ }
++
++ if (ldns_rr_list_rr_count(keys) < 1) {
++ verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
++ } else {
++ for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) {
++ ldns_status s = ldns_verify_rrsig_keylist_notime(rrset,
++ ldns_rr_list_rr(rrsig, i), keys, good_keys);
++
++ /* try a little to get more descriptive error */
++ if (s == LDNS_STATUS_OK) {
++ verify_result = LDNS_STATUS_OK;
++ } else if (verify_result == LDNS_STATUS_ERR) {
++ verify_result = s;
++ } else if (s != LDNS_STATUS_ERR && verify_result ==
++ LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) {
++ verify_result = s;
++ }
++ }
++ }
++ return verify_result;
++}
++
++ldns_rr_list *
++ldns_fetch_valid_domain_keys_time(const ldns_resolver *res,
++ const ldns_rdf *domain,
++ const ldns_rr_list *keys,
++ time_t check_time,
++ ldns_status *status)
++{
++ ldns_rr_list * trusted_keys = NULL;
++ ldns_rr_list * ds_keys = NULL;
++ ldns_rdf * prev_parent_domain;
++ ldns_rdf * parent_domain;
++ ldns_rr_list * parent_keys = NULL;
++
++ if (res && domain && keys) {
++
++ if ((trusted_keys = ldns_validate_domain_dnskey_time(res,
++ domain, keys, check_time))) {
++ *status = LDNS_STATUS_OK;
++ } else {
++ /* No trusted keys in this domain, we'll have to find some in the parent domain */
++ *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
++
++ parent_domain = ldns_dname_left_chop(domain);
++ while (parent_domain && /* Fail if we are at the root*/
++ ldns_rdf_size(parent_domain) > 0) {
++
++ if ((parent_keys =
++ ldns_fetch_valid_domain_keys_time(res,
++ parent_domain,
++ keys,
++ check_time,
++ status))) {
++ /* Check DS records */
++ if ((ds_keys =
++ ldns_validate_domain_ds_time(res,
++ domain,
++ parent_keys,
++ check_time))) {
++ trusted_keys =
++ ldns_fetch_valid_domain_keys_time(
++ res,
++ domain,
++ ds_keys,
++ check_time,
++ status);
++ ldns_rr_list_deep_free(ds_keys);
++ } else {
++ /* No valid DS at the parent -- fail */
++ *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DS ;
++ }
++ ldns_rr_list_deep_free(parent_keys);
++ break;
++ } else {
++ parent_domain = ldns_dname_left_chop((
++ prev_parent_domain
++ = parent_domain
++ ));
++ ldns_rdf_deep_free(prev_parent_domain);
++ }
++ }
++ if (parent_domain) {
++ ldns_rdf_deep_free(parent_domain);
++ }
++ }
++ }
++ return trusted_keys;
++}
++
++ldns_rr_list *
++ldns_fetch_valid_domain_keys(const ldns_resolver *res,
++ const ldns_rdf *domain,
++ const ldns_rr_list *keys,
++ ldns_status *status)
++{
++ return ldns_fetch_valid_domain_keys_time(
++ res, domain, keys, ldns_time(NULL), status);
++}
++
++ldns_rr_list *
++ldns_validate_domain_dnskey_time(
++ const ldns_resolver * res,
++ const ldns_rdf * domain,
++ const ldns_rr_list * keys,
++ time_t check_time
++ )
++{
++ ldns_pkt * keypkt;
++ ldns_rr * cur_key;
++ uint16_t key_i; uint16_t key_j; uint16_t key_k;
++ uint16_t sig_i; ldns_rr * cur_sig;
++
++ ldns_rr_list * domain_keys = NULL;
++ ldns_rr_list * domain_sigs = NULL;
++ ldns_rr_list * trusted_keys = NULL;
++
++ /* Fetch keys for the domain */
++ keypkt = ldns_resolver_query(res, domain,
++ LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD);
++ if (keypkt) {
++ domain_keys = ldns_pkt_rr_list_by_type(keypkt,
++ LDNS_RR_TYPE_DNSKEY,
++ LDNS_SECTION_ANSWER);
++ domain_sigs = ldns_pkt_rr_list_by_type(keypkt,
++ LDNS_RR_TYPE_RRSIG,
++ LDNS_SECTION_ANSWER);
++
++ /* Try to validate the record using our keys */
++ for (key_i=0; key_i< ldns_rr_list_rr_count(domain_keys); key_i++) {
++
++ cur_key = ldns_rr_list_rr(domain_keys, key_i);
++ for (key_j=0; key_j<ldns_rr_list_rr_count(keys); key_j++) {
++ if (ldns_rr_compare_ds(ldns_rr_list_rr(keys, key_j),
++ cur_key)) {
++
++ /* Current key is trusted -- validate */
++ trusted_keys = ldns_rr_list_new();
++
++ for (sig_i=0;
++ sig_i<ldns_rr_list_rr_count(domain_sigs);
++ sig_i++) {
++ cur_sig = ldns_rr_list_rr(domain_sigs, sig_i);
++ /* Avoid non-matching sigs */
++ if (ldns_rdf2native_int16(
++ ldns_rr_rrsig_keytag(cur_sig))
++ == ldns_calc_keytag(cur_key)) {
++ if (ldns_verify_rrsig_time(
++ domain_keys,
++ cur_sig,
++ cur_key,
++ check_time)
++ == LDNS_STATUS_OK) {
++
++ /* Push the whole rrset
++ -- we can't do much more */
++ for (key_k=0;
++ key_k<ldns_rr_list_rr_count(
++ domain_keys);
++ key_k++) {
++ ldns_rr_list_push_rr(
++ trusted_keys,
++ ldns_rr_clone(
++ ldns_rr_list_rr(
++ domain_keys,
++ key_k)));
++ }
++
++ ldns_rr_list_deep_free(domain_keys);
++ ldns_rr_list_deep_free(domain_sigs);
++ ldns_pkt_free(keypkt);
++ return trusted_keys;
++ }
++ }
++ }
++
++ /* Only push our trusted key */
++ ldns_rr_list_push_rr(trusted_keys,
++ ldns_rr_clone(cur_key));
++ }
++ }
++ }
++
++ ldns_rr_list_deep_free(domain_keys);
++ ldns_rr_list_deep_free(domain_sigs);
++ ldns_pkt_free(keypkt);
++
++ } else {
++ /* LDNS_STATUS_CRYPTO_NO_DNSKEY */
++ }
++
++ return trusted_keys;
++}
++
++ldns_rr_list *
++ldns_validate_domain_dnskey(const ldns_resolver * res,
++ const ldns_rdf * domain,
++ const ldns_rr_list * keys)
++{
++ return ldns_validate_domain_dnskey_time(
++ res, domain, keys, ldns_time(NULL));
++}
++
++ldns_rr_list *
++ldns_validate_domain_ds_time(
++ const ldns_resolver *res,
++ const ldns_rdf * domain,
++ const ldns_rr_list * keys,
++ time_t check_time)
++{
++ ldns_pkt * dspkt;
++ uint16_t key_i;
++ ldns_rr_list * rrset = NULL;
++ ldns_rr_list * sigs = NULL;
++ ldns_rr_list * trusted_keys = NULL;
++
++ /* Fetch DS for the domain */
++ dspkt = ldns_resolver_query(res, domain,
++ LDNS_RR_TYPE_DS, LDNS_RR_CLASS_IN, LDNS_RD);
++ if (dspkt) {
++ rrset = ldns_pkt_rr_list_by_type(dspkt,
++ LDNS_RR_TYPE_DS,
++ LDNS_SECTION_ANSWER);
++ sigs = ldns_pkt_rr_list_by_type(dspkt,
++ LDNS_RR_TYPE_RRSIG,
++ LDNS_SECTION_ANSWER);
++
++ /* Validate sigs */
++ if (ldns_verify_time(rrset, sigs, keys, check_time, NULL)
++ == LDNS_STATUS_OK) {
++ trusted_keys = ldns_rr_list_new();
++ for (key_i=0; key_i<ldns_rr_list_rr_count(rrset); key_i++) {
++ ldns_rr_list_push_rr(trusted_keys,
++ ldns_rr_clone(ldns_rr_list_rr(rrset,
++ key_i)
++ )
++ );
++ }
++ }
++
++ ldns_rr_list_deep_free(rrset);
++ ldns_rr_list_deep_free(sigs);
++ ldns_pkt_free(dspkt);
++
++ } else {
++ /* LDNS_STATUS_CRYPTO_NO_DS */
++ }
++
++ return trusted_keys;
++}
++
++ldns_rr_list *
++ldns_validate_domain_ds(const ldns_resolver *res,
++ const ldns_rdf * domain,
++ const ldns_rr_list * keys)
++{
++ return ldns_validate_domain_ds_time(res, domain, keys, ldns_time(NULL));
++}
++
++ldns_status
++ldns_verify_trusted_time(
++ ldns_resolver *res,
++ ldns_rr_list *rrset,
++ ldns_rr_list * rrsigs,
++ time_t check_time,
++ ldns_rr_list * validating_keys
++ )
++{
++ uint16_t sig_i; uint16_t key_i;
++ ldns_rr * cur_sig; ldns_rr * cur_key;
++ ldns_rr_list * trusted_keys = NULL;
++ ldns_status result = LDNS_STATUS_ERR;
++
++ if (!res || !rrset || !rrsigs) {
++ return LDNS_STATUS_ERR;
++ }
++
++ if (ldns_rr_list_rr_count(rrset) < 1) {
++ return LDNS_STATUS_ERR;
++ }
++
++ if (ldns_rr_list_rr_count(rrsigs) < 1) {
++ return LDNS_STATUS_CRYPTO_NO_RRSIG;
++ }
++
++ /* Look at each sig */
++ for (sig_i=0; sig_i < ldns_rr_list_rr_count(rrsigs); sig_i++) {
++
++ cur_sig = ldns_rr_list_rr(rrsigs, sig_i);
++ /* Get a valid signer key and validate the sig */
++ if ((trusted_keys = ldns_fetch_valid_domain_keys_time(
++ res,
++ ldns_rr_rrsig_signame(cur_sig),
++ ldns_resolver_dnssec_anchors(res),
++ check_time,
++ &result))) {
++
++ for (key_i = 0;
++ key_i < ldns_rr_list_rr_count(trusted_keys);
++ key_i++) {
++ cur_key = ldns_rr_list_rr(trusted_keys, key_i);
++
++ if ((result = ldns_verify_rrsig_time(rrset,
++ cur_sig,
++ cur_key,
++ check_time))
++ == LDNS_STATUS_OK) {
++ if (validating_keys) {
++ ldns_rr_list_push_rr(validating_keys,
++ ldns_rr_clone(cur_key));
++ }
++ ldns_rr_list_deep_free(trusted_keys);
++ return LDNS_STATUS_OK;
++ }
++ }
++ }
++ }
++
++ ldns_rr_list_deep_free(trusted_keys);
++ return result;
++}
++
++ldns_status
++ldns_verify_trusted(
++ ldns_resolver *res,
++ ldns_rr_list *rrset,
++ ldns_rr_list * rrsigs,
++ ldns_rr_list * validating_keys)
++{
++ return ldns_verify_trusted_time(
++ res, rrset, rrsigs, ldns_time(NULL), validating_keys);
++}
++
++
++ldns_status
++ldns_dnssec_verify_denial(ldns_rr *rr,
++ ldns_rr_list *nsecs,
++ ldns_rr_list *rrsigs)
++{
++ ldns_rdf *rr_name;
++ ldns_rdf *wildcard_name;
++ ldns_rdf *chopped_dname;
++ ldns_rr *cur_nsec;
++ size_t i;
++ ldns_status result;
++ /* needed for wildcard check on exact match */
++ ldns_rr *rrsig;
++ bool name_covered = false;
++ bool type_covered = false;
++ bool wildcard_covered = false;
++ bool wildcard_type_covered = false;
++
++ wildcard_name = ldns_dname_new_frm_str("*");
++ rr_name = ldns_rr_owner(rr);
++ chopped_dname = ldns_dname_left_chop(rr_name);
++ result = ldns_dname_cat(wildcard_name, chopped_dname);
++ ldns_rdf_deep_free(chopped_dname);
++ if (result != LDNS_STATUS_OK) {
++ return result;
++ }
++
++ for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
++ cur_nsec = ldns_rr_list_rr(nsecs, i);
++ if (ldns_dname_compare(rr_name, ldns_rr_owner(cur_nsec)) == 0) {
++ /* see section 5.4 of RFC4035, if the label count of the NSEC's
++ RRSIG is equal, then it is proven that wildcard expansion
++ could not have been used to match the request */
++ rrsig = ldns_dnssec_get_rrsig_for_name_and_type(
++ ldns_rr_owner(cur_nsec),
++ ldns_rr_get_type(cur_nsec),
++ rrsigs);
++ if (rrsig && ldns_rdf2native_int8(ldns_rr_rrsig_labels(rrsig))
++ == ldns_dname_label_count(rr_name)) {
++ wildcard_covered = true;
++ }
++
++ if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(cur_nsec),
++ ldns_rr_get_type(rr))) {
++ type_covered = true;
++ }
++ }
++ if (ldns_nsec_covers_name(cur_nsec, rr_name)) {
++ name_covered = true;
++ }
++
++ if (ldns_dname_compare(wildcard_name,
++ ldns_rr_owner(cur_nsec)) == 0) {
++ if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(cur_nsec),
++ ldns_rr_get_type(rr))) {
++ wildcard_type_covered = true;
++ }
++ }
++
++ if (ldns_nsec_covers_name(cur_nsec, wildcard_name)) {
++ wildcard_covered = true;
++ }
++
++ }
++
++ ldns_rdf_deep_free(wildcard_name);
++
++ if (type_covered || !name_covered) {
++ return LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
++ }
++
++ if (wildcard_type_covered || !wildcard_covered) {
++ return LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED;
++ }
++
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
++ , ldns_rr_list *nsecs
++ , ATTR_UNUSED(ldns_rr_list *rrsigs)
++ , ldns_pkt_rcode packet_rcode
++ , ldns_rr_type packet_qtype
++ , bool packet_nodata
++ , ldns_rr **match
++ )
++{
++ ldns_rdf *closest_encloser;
++ ldns_rdf *wildcard;
++ ldns_rdf *hashed_wildcard_name;
++ bool wildcard_covered = false;
++ ldns_rdf *zone_name;
++ ldns_rdf *hashed_name;
++ /* self assignment to suppress uninitialized warning */
++ ldns_rdf *next_closer = next_closer;
++ ldns_rdf *hashed_next_closer;
++ size_t i;
++ ldns_status result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
++
++ if (match) {
++ *match = NULL;
++ }
++
++ zone_name = ldns_dname_left_chop(ldns_rr_owner(ldns_rr_list_rr(nsecs,0)));
++
++ /* section 8.4 */
++ if (packet_rcode == LDNS_RCODE_NXDOMAIN) {
++ closest_encloser = ldns_dnssec_nsec3_closest_encloser(
++ ldns_rr_owner(rr),
++ ldns_rr_get_type(rr),
++ nsecs);
++ if(!closest_encloser) {
++ result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
++ goto done;
++ }
++
++ wildcard = ldns_dname_new_frm_str("*");
++ (void) ldns_dname_cat(wildcard, closest_encloser);
++
++ for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
++ hashed_wildcard_name =
++ ldns_nsec3_hash_name_frm_nsec3(ldns_rr_list_rr(nsecs, 0),
++ wildcard
++ );
++ (void) ldns_dname_cat(hashed_wildcard_name, zone_name);
++
++ if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, i),
++ hashed_wildcard_name)) {
++ wildcard_covered = true;
++ if (match) {
++ *match = ldns_rr_list_rr(nsecs, i);
++ }
++ }
++ ldns_rdf_deep_free(hashed_wildcard_name);
++ }
++
++ if (! wildcard_covered) {
++ result = LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED;
++ } else {
++ result = LDNS_STATUS_OK;
++ }
++ ldns_rdf_deep_free(closest_encloser);
++ ldns_rdf_deep_free(wildcard);
++
++ } else if (packet_nodata && packet_qtype != LDNS_RR_TYPE_DS) {
++ /* section 8.5 */
++ hashed_name = ldns_nsec3_hash_name_frm_nsec3(
++ ldns_rr_list_rr(nsecs, 0),
++ ldns_rr_owner(rr));
++ (void) ldns_dname_cat(hashed_name, zone_name);
++ for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
++ if (ldns_dname_compare(hashed_name,
++ ldns_rr_owner(ldns_rr_list_rr(nsecs, i)))
++ == 0) {
++ if (!ldns_nsec_bitmap_covers_type(
++ ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
++ packet_qtype)
++ &&
++ !ldns_nsec_bitmap_covers_type(
++ ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
++ LDNS_RR_TYPE_CNAME)) {
++ result = LDNS_STATUS_OK;
++ if (match) {
++ *match = ldns_rr_list_rr(nsecs, i);
++ }
++ goto done;
++ }
++ }
++ }
++ result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
++ /* wildcard no data? section 8.7 */
++ closest_encloser = ldns_dnssec_nsec3_closest_encloser(
++ ldns_rr_owner(rr),
++ ldns_rr_get_type(rr),
++ nsecs);
++ if(!closest_encloser) {
++ result = LDNS_STATUS_NSEC3_ERR;
++ goto done;
++ }
++ wildcard = ldns_dname_new_frm_str("*");
++ (void) ldns_dname_cat(wildcard, closest_encloser);
++ for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
++ hashed_wildcard_name =
++ ldns_nsec3_hash_name_frm_nsec3(ldns_rr_list_rr(nsecs, 0),
++ wildcard);
++ (void) ldns_dname_cat(hashed_wildcard_name, zone_name);
++
++ if (ldns_dname_compare(hashed_wildcard_name,
++ ldns_rr_owner(ldns_rr_list_rr(nsecs, i)))
++ == 0) {
++ if (!ldns_nsec_bitmap_covers_type(
++ ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
++ packet_qtype)
++ &&
++ !ldns_nsec_bitmap_covers_type(
++ ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
++ LDNS_RR_TYPE_CNAME)) {
++ result = LDNS_STATUS_OK;
++ if (match) {
++ *match = ldns_rr_list_rr(nsecs, i);
++ }
++ }
++ }
++ ldns_rdf_deep_free(hashed_wildcard_name);
++ if (result == LDNS_STATUS_OK) {
++ break;
++ }
++ }
++ ldns_rdf_deep_free(closest_encloser);
++ ldns_rdf_deep_free(wildcard);
++ } else if (packet_nodata && packet_qtype == LDNS_RR_TYPE_DS) {
++ /* section 8.6 */
++ /* note: up to XXX this is the same as for 8.5 */
++ hashed_name = ldns_nsec3_hash_name_frm_nsec3(ldns_rr_list_rr(nsecs,
++ 0),
++ ldns_rr_owner(rr)
++ );
++ (void) ldns_dname_cat(hashed_name, zone_name);
++ for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
++ if (ldns_dname_compare(hashed_name,
++ ldns_rr_owner(ldns_rr_list_rr(nsecs,
++ i)))
++ == 0) {
++ if (!ldns_nsec_bitmap_covers_type(
++ ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
++ LDNS_RR_TYPE_DS)
++ &&
++ !ldns_nsec_bitmap_covers_type(
++ ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
++ LDNS_RR_TYPE_CNAME)) {
++ result = LDNS_STATUS_OK;
++ if (match) {
++ *match = ldns_rr_list_rr(nsecs, i);
++ }
++ goto done;
++ }
++ }
++ }
++
++ /* XXX see note above */
++ result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
++
++ closest_encloser = ldns_dnssec_nsec3_closest_encloser(
++ ldns_rr_owner(rr),
++ ldns_rr_get_type(rr),
++ nsecs);
++ if(!closest_encloser) {
++ result = LDNS_STATUS_NSEC3_ERR;
++ goto done;
++ }
++ /* Now check if we have a Opt-Out NSEC3 that covers the "next closer"*/
++
++ if (ldns_dname_label_count(closest_encloser) + 1
++ >= ldns_dname_label_count(ldns_rr_owner(rr))) {
++
++ /* Query name *is* the "next closer". */
++ hashed_next_closer = hashed_name;
++ } else {
++
++ /* "next closer" has less labels than the query name.
++ * Create the name and hash it.
++ */
++ next_closer = ldns_dname_clone_from(
++ ldns_rr_owner(rr),
++ ldns_dname_label_count(ldns_rr_owner(rr))
++ - (ldns_dname_label_count(closest_encloser) + 1)
++ );
++ hashed_next_closer = ldns_nsec3_hash_name_frm_nsec3(
++ ldns_rr_list_rr(nsecs, 0),
++ next_closer
++ );
++ (void) ldns_dname_cat(hashed_next_closer, zone_name);
++ }
++ /* Find the NSEC3 that covers the "next closer" */
++ for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
++ if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, i),
++ hashed_next_closer) &&
++ ldns_nsec3_optout(ldns_rr_list_rr(nsecs, i))) {
++
++ result = LDNS_STATUS_OK;
++ if (match) {
++ *match = ldns_rr_list_rr(nsecs, i);
++ }
++ break;
++ }
++ }
++ if (ldns_dname_label_count(closest_encloser) + 1
++ < ldns_dname_label_count(ldns_rr_owner(rr))) {
++
++ /* "next closer" has less labels than the query name.
++ * Dispose of the temporary variables that held that name.
++ */
++ ldns_rdf_deep_free(hashed_next_closer);
++ ldns_rdf_deep_free(next_closer);
++ }
++ ldns_rdf_deep_free(closest_encloser);
++ }
++
++ done:
++ ldns_rdf_deep_free(zone_name);
++ return result;
++}
++
++ldns_status
++ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
++ ldns_rr_list *nsecs,
++ ldns_rr_list *rrsigs,
++ ldns_pkt_rcode packet_rcode,
++ ldns_rr_type packet_qtype,
++ bool packet_nodata)
++{
++ return ldns_dnssec_verify_denial_nsec3_match(
++ rr, nsecs, rrsigs, packet_rcode,
++ packet_qtype, packet_nodata, NULL
++ );
++}
++
++#ifdef USE_GOST
++EVP_PKEY*
++ldns_gost2pkey_raw(unsigned char* key, size_t keylen)
++{
++ /* prefix header for X509 encoding */
++ uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85,
++ 0x03, 0x02, 0x02, 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85,
++ 0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07, 0x2a, 0x85, 0x03,
++ 0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40};
++ unsigned char encoded[37+64];
++ const unsigned char* pp;
++ if(keylen != 64) {
++ /* key wrong size */
++ return NULL;
++ }
++
++ /* create evp_key */
++ memmove(encoded, asn, 37);
++ memmove(encoded+37, key, 64);
++ pp = (unsigned char*)&encoded[0];
++
++ return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded));
++}
++
++static ldns_status
++ldns_verify_rrsig_gost_raw(unsigned char* sig, size_t siglen,
++ ldns_buffer* rrset, unsigned char* key, size_t keylen)
++{
++ EVP_PKEY *evp_key;
++ ldns_status result;
++
++ (void) ldns_key_EVP_load_gost_id();
++ evp_key = ldns_gost2pkey_raw(key, keylen);
++ if(!evp_key) {
++ /* could not convert key */
++ return LDNS_STATUS_CRYPTO_BOGUS;
++ }
++
++ /* verify signature */
++ result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset,
++ evp_key, EVP_get_digestbyname("md_gost94"));
++ EVP_PKEY_free(evp_key);
++
++ return result;
++}
++#endif
++
++#ifdef USE_ECDSA
++EVP_PKEY*
++ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
++{
++ unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
++ const unsigned char* pp = buf;
++ EVP_PKEY *evp_key;
++ EC_KEY *ec;
++ /* check length, which uncompressed must be 2 bignums */
++ if(algo == LDNS_ECDSAP256SHA256) {
++ if(keylen != 2*256/8) return NULL;
++ ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
++ } else if(algo == LDNS_ECDSAP384SHA384) {
++ if(keylen != 2*384/8) return NULL;
++ ec = EC_KEY_new_by_curve_name(NID_secp384r1);
++ } else ec = NULL;
++ if(!ec) return NULL;
++ if(keylen+1 > sizeof(buf))
++ return NULL; /* sanity check */
++ /* prepend the 0x02 (from docs) (or actually 0x04 from implementation
++ * of openssl) for uncompressed data */
++ buf[0] = POINT_CONVERSION_UNCOMPRESSED;
++ memmove(buf+1, key, keylen);
++ if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) {
++ EC_KEY_free(ec);
++ return NULL;
++ }
++ evp_key = EVP_PKEY_new();
++ if(!evp_key) {
++ EC_KEY_free(ec);
++ return NULL;
++ }
++ if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
++ EVP_PKEY_free(evp_key);
++ EC_KEY_free(ec);
++ return NULL;
++ }
++ return evp_key;
++}
++
++static ldns_status
++ldns_verify_rrsig_ecdsa_raw(unsigned char* sig, size_t siglen,
++ ldns_buffer* rrset, unsigned char* key, size_t keylen, uint8_t algo)
++{
++ EVP_PKEY *evp_key;
++ ldns_status result;
++ const EVP_MD *d;
++
++ evp_key = ldns_ecdsa2pkey_raw(key, keylen, algo);
++ if(!evp_key) {
++ /* could not convert key */
++ return LDNS_STATUS_CRYPTO_BOGUS;
++ }
++ if(algo == LDNS_ECDSAP256SHA256)
++ d = EVP_sha256();
++ else d = EVP_sha384(); /* LDNS_ECDSAP384SHA384 */
++ result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, d);
++ EVP_PKEY_free(evp_key);
++ return result;
++}
++#endif
++
++ldns_status
++ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf, ldns_buffer *verify_buf,
++ ldns_buffer *key_buf, uint8_t algo)
++{
++ return ldns_verify_rrsig_buffers_raw(
++ (unsigned char*)ldns_buffer_begin(rawsig_buf),
++ ldns_buffer_position(rawsig_buf),
++ verify_buf,
++ (unsigned char*)ldns_buffer_begin(key_buf),
++ ldns_buffer_position(key_buf), algo);
++}
++
++ldns_status
++ldns_verify_rrsig_buffers_raw(unsigned char* sig, size_t siglen,
++ ldns_buffer *verify_buf, unsigned char* key, size_t keylen,
++ uint8_t algo)
++{
++ /* check for right key */
++ switch(algo) {
++ case LDNS_DSA:
++ case LDNS_DSA_NSEC3:
++ return ldns_verify_rrsig_dsa_raw(sig,
++ siglen,
++ verify_buf,
++ key,
++ keylen);
++ break;
++ case LDNS_RSASHA1:
++ case LDNS_RSASHA1_NSEC3:
++ return ldns_verify_rrsig_rsasha1_raw(sig,
++ siglen,
++ verify_buf,
++ key,
++ keylen);
++ break;
++#ifdef USE_SHA2
++ case LDNS_RSASHA256:
++ return ldns_verify_rrsig_rsasha256_raw(sig,
++ siglen,
++ verify_buf,
++ key,
++ keylen);
++ break;
++ case LDNS_RSASHA512:
++ return ldns_verify_rrsig_rsasha512_raw(sig,
++ siglen,
++ verify_buf,
++ key,
++ keylen);
++ break;
++#endif
++#ifdef USE_GOST
++ case LDNS_ECC_GOST:
++ return ldns_verify_rrsig_gost_raw(sig, siglen, verify_buf,
++ key, keylen);
++ break;
++#endif
++#ifdef USE_ECDSA
++ case LDNS_ECDSAP256SHA256:
++ case LDNS_ECDSAP384SHA384:
++ return ldns_verify_rrsig_ecdsa_raw(sig, siglen, verify_buf,
++ key, keylen, algo);
++ break;
++#endif
++ case LDNS_RSAMD5:
++ return ldns_verify_rrsig_rsamd5_raw(sig,
++ siglen,
++ verify_buf,
++ key,
++ keylen);
++ break;
++ default:
++ /* do you know this alg?! */
++ return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
++ }
++}
++
++
++/**
++ * Reset the ttl in the rrset with the orig_ttl from the sig
++ * and update owner name if it was wildcard
++ * Also canonicalizes the rrset.
++ * @param rrset: rrset to modify
++ * @param sig: signature to take TTL and wildcard values from
++ */
++static void
++ldns_rrset_use_signature_ttl(ldns_rr_list* rrset_clone, ldns_rr* rrsig)
++{
++ uint32_t orig_ttl;
++ uint16_t i;
++ uint8_t label_count;
++ ldns_rdf *wildcard_name;
++ ldns_rdf *wildcard_chopped;
++ ldns_rdf *wildcard_chopped_tmp;
++
++ if ((rrsig == NULL) || ldns_rr_rd_count(rrsig) < 4) {
++ return;
++ }
++
++ orig_ttl = ldns_rdf2native_int32( ldns_rr_rdf(rrsig, 3));
++ label_count = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 2));
++
++ for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) {
++ if (label_count <
++ ldns_dname_label_count(
++ ldns_rr_owner(ldns_rr_list_rr(rrset_clone, i)))) {
++ (void) ldns_str2rdf_dname(&wildcard_name, "*");
++ wildcard_chopped = ldns_rdf_clone(ldns_rr_owner(
++ ldns_rr_list_rr(rrset_clone, i)));
++ while (label_count < ldns_dname_label_count(wildcard_chopped)) {
++ wildcard_chopped_tmp = ldns_dname_left_chop(
++ wildcard_chopped);
++ ldns_rdf_deep_free(wildcard_chopped);
++ wildcard_chopped = wildcard_chopped_tmp;
++ }
++ (void) ldns_dname_cat(wildcard_name, wildcard_chopped);
++ ldns_rdf_deep_free(wildcard_chopped);
++ ldns_rdf_deep_free(ldns_rr_owner(ldns_rr_list_rr(
++ rrset_clone, i)));
++ ldns_rr_set_owner(ldns_rr_list_rr(rrset_clone, i),
++ wildcard_name);
++ }
++ ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i), orig_ttl);
++ /* convert to lowercase */
++ ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i));
++ }
++}
++
++/**
++ * Make raw signature buffer out of rrsig
++ * @param rawsig_buf: raw signature buffer for result
++ * @param rrsig: signature to convert
++ * @return OK or more specific error.
++ */
++static ldns_status
++ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, ldns_rr* rrsig)
++{
++ uint8_t sig_algo;
++
++ if (rrsig == NULL) {
++ return LDNS_STATUS_CRYPTO_NO_RRSIG;
++ }
++ if (ldns_rr_rdf(rrsig, 1) == NULL) {
++ return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
++ }
++ sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1));
++ /* check for known and implemented algo's now (otherwise
++ * the function could return a wrong error
++ */
++ /* create a buffer with signature rdata */
++ /* for some algorithms we need other data than for others... */
++ /* (the DSA API wants DER encoding for instance) */
++
++ switch(sig_algo) {
++ case LDNS_RSAMD5:
++ case LDNS_RSASHA1:
++ case LDNS_RSASHA1_NSEC3:
++#ifdef USE_SHA2
++ case LDNS_RSASHA256:
++ case LDNS_RSASHA512:
++#endif
++#ifdef USE_GOST
++ case LDNS_ECC_GOST:
++#endif
++ if (ldns_rr_rdf(rrsig, 8) == NULL) {
++ return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
++ }
++ if (ldns_rdf2buffer_wire(rawsig_buf, ldns_rr_rdf(rrsig, 8))
++ != LDNS_STATUS_OK) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ break;
++ case LDNS_DSA:
++ case LDNS_DSA_NSEC3:
++ /* EVP takes rfc2459 format, which is a tad longer than dns format */
++ if (ldns_rr_rdf(rrsig, 8) == NULL) {
++ return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
++ }
++ if (ldns_convert_dsa_rrsig_rdf2asn1(
++ rawsig_buf, ldns_rr_rdf(rrsig, 8))
++ != LDNS_STATUS_OK) {
++ /*
++ if (ldns_rdf2buffer_wire(rawsig_buf,
++ ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) {
++ */
++ return LDNS_STATUS_MEM_ERR;
++ }
++ break;
++#ifdef USE_ECDSA
++ case LDNS_ECDSAP256SHA256:
++ case LDNS_ECDSAP384SHA384:
++ /* EVP produces an ASN prefix on the signature, which is
++ * not used in the DNS */
++ if (ldns_rr_rdf(rrsig, 8) == NULL) {
++ return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
++ }
++ if (ldns_convert_ecdsa_rrsig_rdf2asn1(
++ rawsig_buf, ldns_rr_rdf(rrsig, 8))
++ != LDNS_STATUS_OK) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ break;
++#endif
++ case LDNS_DH:
++ case LDNS_ECC:
++ case LDNS_INDIRECT:
++ return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL;
++ default:
++ return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
++ }
++ return LDNS_STATUS_OK;
++}
++
++/**
++ * Check RRSIG timestamps against the given 'now' time.
++ * @param rrsig: signature to check.
++ * @param now: the current time in seconds epoch.
++ * @return status code LDNS_STATUS_OK if all is fine.
++ */
++static ldns_status
++ldns_rrsig_check_timestamps(ldns_rr* rrsig, time_t now)
++{
++ int32_t inception, expiration;
++
++ /* check the signature time stamps */
++ inception = (int32_t)ldns_rdf2native_time_t(
++ ldns_rr_rrsig_inception(rrsig));
++ expiration = (int32_t)ldns_rdf2native_time_t(
++ ldns_rr_rrsig_expiration(rrsig));
++
++ if (expiration - inception < 0) {
++ /* bad sig, expiration before inception?? Tsssg */
++ return LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION;
++ }
++ if (((int32_t) now) - inception < 0) {
++ /* bad sig, inception date has not yet come to pass */
++ return LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED;
++ }
++ if (expiration - ((int32_t) now) < 0) {
++ /* bad sig, expiration date has passed */
++ return LDNS_STATUS_CRYPTO_SIG_EXPIRED;
++ }
++ return LDNS_STATUS_OK;
++}
++
++/**
++ * Prepare for verification.
++ * @param rawsig_buf: raw signature buffer made ready.
++ * @param verify_buf: data for verification buffer made ready.
++ * @param rrset_clone: made ready.
++ * @param rrsig: signature to prepare for.
++ * @return LDNS_STATUS_OK is all went well. Otherwise specific error.
++ */
++static ldns_status
++ldns_prepare_for_verify(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf,
++ ldns_rr_list* rrset_clone, ldns_rr* rrsig)
++{
++ ldns_status result;
++
++ /* canonicalize the sig */
++ ldns_dname2canonical(ldns_rr_owner(rrsig));
++
++ /* check if the typecovered is equal to the type checked */
++ if (ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rrsig)) !=
++ ldns_rr_get_type(ldns_rr_list_rr(rrset_clone, 0)))
++ return LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR;
++
++ /* create a buffer with b64 signature rdata */
++ result = ldns_rrsig2rawsig_buffer(rawsig_buf, rrsig);
++ if(result != LDNS_STATUS_OK)
++ return result;
++
++ /* use TTL from signature. Use wildcard names for wildcards */
++ /* also canonicalizes rrset_clone */
++ ldns_rrset_use_signature_ttl(rrset_clone, rrsig);
++
++ /* sort the rrset in canonical order */
++ ldns_rr_list_sort(rrset_clone);
++
++ /* put the signature rr (without the b64) to the verify_buf */
++ if (ldns_rrsig2buffer_wire(verify_buf, rrsig) != LDNS_STATUS_OK)
++ return LDNS_STATUS_MEM_ERR;
++
++ /* add the rrset in verify_buf */
++ if(ldns_rr_list2buffer_wire(verify_buf, rrset_clone)
++ != LDNS_STATUS_OK)
++ return LDNS_STATUS_MEM_ERR;
++
++ return LDNS_STATUS_OK;
++}
++
++/**
++ * Check if a key matches a signature.
++ * Checks keytag, sigalgo and signature.
++ * @param rawsig_buf: raw signature buffer for verify
++ * @param verify_buf: raw data buffer for verify
++ * @param rrsig: the rrsig
++ * @param key: key to attempt.
++ * @return LDNS_STATUS_OK if OK, else some specific error.
++ */
++static ldns_status
++ldns_verify_test_sig_key(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf,
++ ldns_rr* rrsig, ldns_rr* key)
++{
++ uint8_t sig_algo;
++
++ if (rrsig == NULL) {
++ return LDNS_STATUS_CRYPTO_NO_RRSIG;
++ }
++ if (ldns_rr_rdf(rrsig, 1) == NULL) {
++ return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
++ }
++ sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1));
++
++ /* before anything, check if the keytags match */
++ if (ldns_calc_keytag(key)
++ ==
++ ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig))
++ ) {
++ ldns_buffer* key_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ ldns_status result = LDNS_STATUS_ERR;
++
++ /* put the key-data in a buffer, that's the third rdf, with
++ * the base64 encoded key data */
++ if (ldns_rr_rdf(key, 3) == NULL) {
++ ldns_buffer_free(key_buf);
++ return LDNS_STATUS_MISSING_RDATA_FIELDS_KEY;
++ }
++ if (ldns_rdf2buffer_wire(key_buf, ldns_rr_rdf(key, 3))
++ != LDNS_STATUS_OK) {
++ ldns_buffer_free(key_buf);
++ /* returning is bad might screw up
++ good keys later in the list
++ what to do? */
++ return LDNS_STATUS_ERR;
++ }
++
++ if (ldns_rr_rdf(key, 2) == NULL) {
++ result = LDNS_STATUS_MISSING_RDATA_FIELDS_KEY;
++ }
++ else if (sig_algo == ldns_rdf2native_int8(
++ ldns_rr_rdf(key, 2))) {
++ result = ldns_verify_rrsig_buffers(rawsig_buf,
++ verify_buf, key_buf, sig_algo);
++ } else {
++ /* No keys with the corresponding algorithm are found */
++ result = LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY;
++ }
++
++ ldns_buffer_free(key_buf);
++ return result;
++ }
++ else {
++ /* No keys with the corresponding keytag are found */
++ return LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY;
++ }
++}
++
++/*
++ * to verify:
++ * - create the wire fmt of the b64 key rdata
++ * - create the wire fmt of the sorted rrset
++ * - create the wire fmt of the b64 sig rdata
++ * - create the wire fmt of the sig without the b64 rdata
++ * - cat the sig data (without b64 rdata) to the rrset
++ * - verify the rrset+sig, with the b64 data and the b64 key data
++ */
++ldns_status
++ldns_verify_rrsig_keylist_time(
++ ldns_rr_list *rrset,
++ ldns_rr *rrsig,
++ const ldns_rr_list *keys,
++ time_t check_time,
++ ldns_rr_list *good_keys)
++{
++ ldns_status result;
++ ldns_rr_list *valid = ldns_rr_list_new();
++ if (!valid)
++ return LDNS_STATUS_MEM_ERR;
++
++ result = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, valid);
++ if(result != LDNS_STATUS_OK) {
++ ldns_rr_list_free(valid);
++ return result;
++ }
++
++ /* check timestamps last; its OK except time */
++ result = ldns_rrsig_check_timestamps(rrsig, check_time);
++ if(result != LDNS_STATUS_OK) {
++ ldns_rr_list_free(valid);
++ return result;
++ }
++
++ ldns_rr_list_cat(good_keys, valid);
++ ldns_rr_list_free(valid);
++ return LDNS_STATUS_OK;
++}
++
++/*
++ * to verify:
++ * - create the wire fmt of the b64 key rdata
++ * - create the wire fmt of the sorted rrset
++ * - create the wire fmt of the b64 sig rdata
++ * - create the wire fmt of the sig without the b64 rdata
++ * - cat the sig data (without b64 rdata) to the rrset
++ * - verify the rrset+sig, with the b64 data and the b64 key data
++ */
++ldns_status
++ldns_verify_rrsig_keylist(ldns_rr_list *rrset,
++ ldns_rr *rrsig,
++ const ldns_rr_list *keys,
++ ldns_rr_list *good_keys)
++{
++ return ldns_verify_rrsig_keylist_time(
++ rrset, rrsig, keys, ldns_time(NULL), good_keys);
++}
++
++ldns_status
++ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset,
++ ldns_rr *rrsig,
++ const ldns_rr_list *keys,
++ ldns_rr_list *good_keys)
++{
++ ldns_buffer *rawsig_buf;
++ ldns_buffer *verify_buf;
++ uint16_t i;
++ ldns_status result, status;
++ ldns_rr_list *rrset_clone;
++ ldns_rr_list *validkeys;
++
++ if (!rrset) {
++ return LDNS_STATUS_ERR;
++ }
++
++ validkeys = ldns_rr_list_new();
++ if (!validkeys) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ /* clone the rrset so that we can fiddle with it */
++ rrset_clone = ldns_rr_list_clone(rrset);
++
++ /* create the buffers which will certainly hold the raw data */
++ rawsig_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ verify_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++
++ result = ldns_prepare_for_verify(rawsig_buf, verify_buf,
++ rrset_clone, rrsig);
++ if(result != LDNS_STATUS_OK) {
++ ldns_buffer_free(verify_buf);
++ ldns_buffer_free(rawsig_buf);
++ ldns_rr_list_deep_free(rrset_clone);
++ ldns_rr_list_free(validkeys);
++ return result;
++ }
++
++ result = LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY;
++ for(i = 0; i < ldns_rr_list_rr_count(keys); i++) {
++ status = ldns_verify_test_sig_key(rawsig_buf, verify_buf,
++ rrsig, ldns_rr_list_rr(keys, i));
++ if (status == LDNS_STATUS_OK) {
++ /* one of the keys has matched, don't break
++ * here, instead put the 'winning' key in
++ * the validkey list and return the list
++ * later */
++ if (!ldns_rr_list_push_rr(validkeys,
++ ldns_rr_list_rr(keys,i))) {
++ /* couldn't push the key?? */
++ ldns_buffer_free(rawsig_buf);
++ ldns_buffer_free(verify_buf);
++ ldns_rr_list_deep_free(rrset_clone);
++ ldns_rr_list_free(validkeys);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ result = status;
++ }
++
++ if (result == LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) {
++ result = status;
++ }
++ }
++
++ /* no longer needed */
++ ldns_rr_list_deep_free(rrset_clone);
++ ldns_buffer_free(rawsig_buf);
++ ldns_buffer_free(verify_buf);
++
++ if (ldns_rr_list_rr_count(validkeys) == 0) {
++ /* no keys were added, return last error */
++ ldns_rr_list_free(validkeys);
++ return result;
++ }
++
++ /* do not check timestamps */
++
++ ldns_rr_list_cat(good_keys, validkeys);
++ ldns_rr_list_free(validkeys);
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_verify_rrsig_time(
++ ldns_rr_list *rrset,
++ ldns_rr *rrsig,
++ ldns_rr *key,
++ time_t check_time)
++{
++ ldns_buffer *rawsig_buf;
++ ldns_buffer *verify_buf;
++ ldns_status result;
++ ldns_rr_list *rrset_clone;
++
++ if (!rrset) {
++ return LDNS_STATUS_NO_DATA;
++ }
++ /* clone the rrset so that we can fiddle with it */
++ rrset_clone = ldns_rr_list_clone(rrset);
++ /* create the buffers which will certainly hold the raw data */
++ rawsig_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ verify_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++
++ result = ldns_prepare_for_verify(rawsig_buf, verify_buf,
++ rrset_clone, rrsig);
++ if(result != LDNS_STATUS_OK) {
++ ldns_rr_list_deep_free(rrset_clone);
++ ldns_buffer_free(rawsig_buf);
++ ldns_buffer_free(verify_buf);
++ return result;
++ }
++ result = ldns_verify_test_sig_key(rawsig_buf, verify_buf,
++ rrsig, key);
++ /* no longer needed */
++ ldns_rr_list_deep_free(rrset_clone);
++ ldns_buffer_free(rawsig_buf);
++ ldns_buffer_free(verify_buf);
++
++ /* check timestamp last, apart from time its OK */
++ if(result == LDNS_STATUS_OK)
++ result = ldns_rrsig_check_timestamps(rrsig, check_time);
++
++ return result;
++}
++
++ldns_status
++ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key)
++{
++ return ldns_verify_rrsig_time(rrset, rrsig, key, ldns_time(NULL));
++}
++
++
++ldns_status
++ldns_verify_rrsig_evp(ldns_buffer *sig,
++ ldns_buffer *rrset,
++ EVP_PKEY *key,
++ const EVP_MD *digest_type)
++{
++ return ldns_verify_rrsig_evp_raw(
++ (unsigned char*)ldns_buffer_begin(sig),
++ ldns_buffer_position(sig),
++ rrset,
++ key,
++ digest_type);
++}
++
++ldns_status
++ldns_verify_rrsig_evp_raw(unsigned char *sig, size_t siglen,
++ ldns_buffer *rrset, EVP_PKEY *key, const EVP_MD *digest_type)
++{
++ EVP_MD_CTX ctx;
++ int res;
++
++ EVP_MD_CTX_init(&ctx);
++
++ EVP_VerifyInit(&ctx, digest_type);
++ EVP_VerifyUpdate(&ctx,
++ ldns_buffer_begin(rrset),
++ ldns_buffer_position(rrset));
++ res = EVP_VerifyFinal(&ctx, sig, (unsigned int) siglen, key);
++
++ EVP_MD_CTX_cleanup(&ctx);
++
++ if (res == 1) {
++ return LDNS_STATUS_OK;
++ } else if (res == 0) {
++ return LDNS_STATUS_CRYPTO_BOGUS;
++ }
++ /* TODO how to communicate internal SSL error?
++ let caller use ssl's get_error() */
++ return LDNS_STATUS_SSL_ERR;
++}
++
++ldns_status
++ldns_verify_rrsig_dsa(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
++{
++ return ldns_verify_rrsig_dsa_raw(
++ (unsigned char*) ldns_buffer_begin(sig),
++ ldns_buffer_position(sig),
++ rrset,
++ (unsigned char*) ldns_buffer_begin(key),
++ ldns_buffer_position(key));
++}
++
++ldns_status
++ldns_verify_rrsig_rsasha1(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
++{
++ return ldns_verify_rrsig_rsasha1_raw(
++ (unsigned char*)ldns_buffer_begin(sig),
++ ldns_buffer_position(sig),
++ rrset,
++ (unsigned char*) ldns_buffer_begin(key),
++ ldns_buffer_position(key));
++}
++
++ldns_status
++ldns_verify_rrsig_rsamd5(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
++{
++ return ldns_verify_rrsig_rsamd5_raw(
++ (unsigned char*)ldns_buffer_begin(sig),
++ ldns_buffer_position(sig),
++ rrset,
++ (unsigned char*) ldns_buffer_begin(key),
++ ldns_buffer_position(key));
++}
++
++ldns_status
++ldns_verify_rrsig_dsa_raw(unsigned char* sig, size_t siglen,
++ ldns_buffer* rrset, unsigned char* key, size_t keylen)
++{
++ EVP_PKEY *evp_key;
++ ldns_status result;
++
++ evp_key = EVP_PKEY_new();
++ if (EVP_PKEY_assign_DSA(evp_key, ldns_key_buf2dsa_raw(key, keylen))) {
++ result = ldns_verify_rrsig_evp_raw(sig,
++ siglen,
++ rrset,
++ evp_key,
++ EVP_dss1());
++ } else {
++ result = LDNS_STATUS_SSL_ERR;
++ }
++ EVP_PKEY_free(evp_key);
++ return result;
++
++}
++
++ldns_status
++ldns_verify_rrsig_rsasha1_raw(unsigned char* sig, size_t siglen,
++ ldns_buffer* rrset, unsigned char* key, size_t keylen)
++{
++ EVP_PKEY *evp_key;
++ ldns_status result;
++
++ evp_key = EVP_PKEY_new();
++ if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
++ result = ldns_verify_rrsig_evp_raw(sig,
++ siglen,
++ rrset,
++ evp_key,
++ EVP_sha1());
++ } else {
++ result = LDNS_STATUS_SSL_ERR;
++ }
++ EVP_PKEY_free(evp_key);
++
++ return result;
++}
++
++ldns_status
++ldns_verify_rrsig_rsasha256_raw(unsigned char* sig,
++ size_t siglen,
++ ldns_buffer* rrset,
++ unsigned char* key,
++ size_t keylen)
++{
++#ifdef USE_SHA2
++ EVP_PKEY *evp_key;
++ ldns_status result;
++
++ evp_key = EVP_PKEY_new();
++ if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
++ result = ldns_verify_rrsig_evp_raw(sig,
++ siglen,
++ rrset,
++ evp_key,
++ EVP_sha256());
++ } else {
++ result = LDNS_STATUS_SSL_ERR;
++ }
++ EVP_PKEY_free(evp_key);
++
++ return result;
++#else
++ /* touch these to prevent compiler warnings */
++ (void) sig;
++ (void) siglen;
++ (void) rrset;
++ (void) key;
++ (void) keylen;
++ return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
++#endif
++}
++
++ldns_status
++ldns_verify_rrsig_rsasha512_raw(unsigned char* sig,
++ size_t siglen,
++ ldns_buffer* rrset,
++ unsigned char* key,
++ size_t keylen)
++{
++#ifdef USE_SHA2
++ EVP_PKEY *evp_key;
++ ldns_status result;
++
++ evp_key = EVP_PKEY_new();
++ if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
++ result = ldns_verify_rrsig_evp_raw(sig,
++ siglen,
++ rrset,
++ evp_key,
++ EVP_sha512());
++ } else {
++ result = LDNS_STATUS_SSL_ERR;
++ }
++ EVP_PKEY_free(evp_key);
++
++ return result;
++#else
++ /* touch these to prevent compiler warnings */
++ (void) sig;
++ (void) siglen;
++ (void) rrset;
++ (void) key;
++ (void) keylen;
++ return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
++#endif
++}
++
++
++ldns_status
++ldns_verify_rrsig_rsamd5_raw(unsigned char* sig,
++ size_t siglen,
++ ldns_buffer* rrset,
++ unsigned char* key,
++ size_t keylen)
++{
++ EVP_PKEY *evp_key;
++ ldns_status result;
++
++ evp_key = EVP_PKEY_new();
++ if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
++ result = ldns_verify_rrsig_evp_raw(sig,
++ siglen,
++ rrset,
++ evp_key,
++ EVP_md5());
++ } else {
++ result = LDNS_STATUS_SSL_ERR;
++ }
++ EVP_PKEY_free(evp_key);
++
++ return result;
++}
++
++#endif
+diff --git a/ldns/src/dnssec_zone.c b/ldns/src/dnssec_zone.c
+new file mode 100644
+index 0000000..0fec48c
+--- /dev/null
++++ b/ldns/src/dnssec_zone.c
+@@ -0,0 +1,1192 @@
++/*
++ * special zone file structures and functions for better dnssec handling
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++ldns_dnssec_rrs *
++ldns_dnssec_rrs_new(void)
++{
++ ldns_dnssec_rrs *new_rrs;
++ new_rrs = LDNS_MALLOC(ldns_dnssec_rrs);
++ if(!new_rrs) return NULL;
++ new_rrs->rr = NULL;
++ new_rrs->next = NULL;
++ return new_rrs;
++}
++
++INLINE void
++ldns_dnssec_rrs_free_internal(ldns_dnssec_rrs *rrs, int deep)
++{
++ ldns_dnssec_rrs *next;
++ while (rrs) {
++ next = rrs->next;
++ if (deep) {
++ ldns_rr_free(rrs->rr);
++ }
++ LDNS_FREE(rrs);
++ rrs = next;
++ }
++}
++
++void
++ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs)
++{
++ ldns_dnssec_rrs_free_internal(rrs, 0);
++}
++
++void
++ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs)
++{
++ ldns_dnssec_rrs_free_internal(rrs, 1);
++}
++
++ldns_status
++ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr)
++{
++ int cmp;
++ ldns_dnssec_rrs *new_rrs;
++ if (!rrs || !rr) {
++ return LDNS_STATUS_ERR;
++ }
++
++ /* this could be done more efficiently; name and type should already
++ be equal */
++ cmp = ldns_rr_compare(rrs->rr, rr);
++ if (cmp < 0) {
++ if (rrs->next) {
++ return ldns_dnssec_rrs_add_rr(rrs->next, rr);
++ } else {
++ new_rrs = ldns_dnssec_rrs_new();
++ new_rrs->rr = rr;
++ rrs->next = new_rrs;
++ }
++ } else if (cmp > 0) {
++ /* put the current old rr in the new next, put the new
++ rr in the current container */
++ new_rrs = ldns_dnssec_rrs_new();
++ new_rrs->rr = rrs->rr;
++ new_rrs->next = rrs->next;
++ rrs->rr = rr;
++ rrs->next = new_rrs;
++ }
++ /* Silently ignore equal rr's */
++ return LDNS_STATUS_OK;
++}
++
++void
++ldns_dnssec_rrs_print_fmt(FILE *out, const ldns_output_format *fmt,
++ ldns_dnssec_rrs *rrs)
++{
++ if (!rrs) {
++ if ((fmt->flags & LDNS_COMMENT_LAYOUT))
++ fprintf(out, "; <void>");
++ } else {
++ if (rrs->rr) {
++ ldns_rr_print_fmt(out, fmt, rrs->rr);
++ }
++ if (rrs->next) {
++ ldns_dnssec_rrs_print_fmt(out, fmt, rrs->next);
++ }
++ }
++}
++
++void
++ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs)
++{
++ ldns_dnssec_rrs_print_fmt(out, ldns_output_format_default, rrs);
++}
++
++
++ldns_dnssec_rrsets *
++ldns_dnssec_rrsets_new(void)
++{
++ ldns_dnssec_rrsets *new_rrsets;
++ new_rrsets = LDNS_MALLOC(ldns_dnssec_rrsets);
++ if(!new_rrsets) return NULL;
++ new_rrsets->rrs = NULL;
++ new_rrsets->type = 0;
++ new_rrsets->signatures = NULL;
++ new_rrsets->next = NULL;
++ return new_rrsets;
++}
++
++INLINE void
++ldns_dnssec_rrsets_free_internal(ldns_dnssec_rrsets *rrsets, int deep)
++{
++ if (rrsets) {
++ if (rrsets->rrs) {
++ ldns_dnssec_rrs_free_internal(rrsets->rrs, deep);
++ }
++ if (rrsets->next) {
++ ldns_dnssec_rrsets_free_internal(rrsets->next, deep);
++ }
++ if (rrsets->signatures) {
++ ldns_dnssec_rrs_free_internal(rrsets->signatures, deep);
++ }
++ LDNS_FREE(rrsets);
++ }
++}
++
++void
++ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets)
++{
++ ldns_dnssec_rrsets_free_internal(rrsets, 0);
++}
++
++void
++ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets)
++{
++ ldns_dnssec_rrsets_free_internal(rrsets, 1);
++}
++
++ldns_rr_type
++ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets)
++{
++ if (rrsets) {
++ return rrsets->type;
++ } else {
++ return 0;
++ }
++}
++
++ldns_status
++ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets,
++ ldns_rr_type type)
++{
++ if (rrsets) {
++ rrsets->type = type;
++ return LDNS_STATUS_OK;
++ }
++ return LDNS_STATUS_ERR;
++}
++
++static ldns_dnssec_rrsets *
++ldns_dnssec_rrsets_new_frm_rr(ldns_rr *rr)
++{
++ ldns_dnssec_rrsets *new_rrsets;
++ ldns_rr_type rr_type;
++ bool rrsig;
++
++ new_rrsets = ldns_dnssec_rrsets_new();
++ rr_type = ldns_rr_get_type(rr);
++ if (rr_type == LDNS_RR_TYPE_RRSIG) {
++ rrsig = true;
++ rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
++ } else {
++ rrsig = false;
++ }
++ if (!rrsig) {
++ new_rrsets->rrs = ldns_dnssec_rrs_new();
++ new_rrsets->rrs->rr = rr;
++ } else {
++ new_rrsets->signatures = ldns_dnssec_rrs_new();
++ new_rrsets->signatures->rr = rr;
++ }
++ new_rrsets->type = rr_type;
++ return new_rrsets;
++}
++
++ldns_status
++ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr)
++{
++ ldns_dnssec_rrsets *new_rrsets;
++ ldns_rr_type rr_type;
++ bool rrsig = false;
++ ldns_status result = LDNS_STATUS_OK;
++
++ if (!rrsets || !rr) {
++ return LDNS_STATUS_ERR;
++ }
++
++ rr_type = ldns_rr_get_type(rr);
++
++ if (rr_type == LDNS_RR_TYPE_RRSIG) {
++ rrsig = true;
++ rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
++ }
++
++ if (!rrsets->rrs && rrsets->type == 0 && !rrsets->signatures) {
++ if (!rrsig) {
++ rrsets->rrs = ldns_dnssec_rrs_new();
++ rrsets->rrs->rr = rr;
++ rrsets->type = rr_type;
++ } else {
++ rrsets->signatures = ldns_dnssec_rrs_new();
++ rrsets->signatures->rr = rr;
++ rrsets->type = rr_type;
++ }
++ return LDNS_STATUS_OK;
++ }
++
++ if (rr_type > ldns_dnssec_rrsets_type(rrsets)) {
++ if (rrsets->next) {
++ result = ldns_dnssec_rrsets_add_rr(rrsets->next, rr);
++ } else {
++ new_rrsets = ldns_dnssec_rrsets_new_frm_rr(rr);
++ rrsets->next = new_rrsets;
++ }
++ } else if (rr_type < ldns_dnssec_rrsets_type(rrsets)) {
++ /* move the current one into the new next,
++ replace field of current with data from new rr */
++ new_rrsets = ldns_dnssec_rrsets_new();
++ new_rrsets->rrs = rrsets->rrs;
++ new_rrsets->type = rrsets->type;
++ new_rrsets->signatures = rrsets->signatures;
++ new_rrsets->next = rrsets->next;
++ if (!rrsig) {
++ rrsets->rrs = ldns_dnssec_rrs_new();
++ rrsets->rrs->rr = rr;
++ rrsets->signatures = NULL;
++ } else {
++ rrsets->rrs = NULL;
++ rrsets->signatures = ldns_dnssec_rrs_new();
++ rrsets->signatures->rr = rr;
++ }
++ rrsets->type = rr_type;
++ rrsets->next = new_rrsets;
++ } else {
++ /* equal, add to current rrsets */
++ if (rrsig) {
++ if (rrsets->signatures) {
++ result = ldns_dnssec_rrs_add_rr(rrsets->signatures, rr);
++ } else {
++ rrsets->signatures = ldns_dnssec_rrs_new();
++ rrsets->signatures->rr = rr;
++ }
++ } else {
++ if (rrsets->rrs) {
++ result = ldns_dnssec_rrs_add_rr(rrsets->rrs, rr);
++ } else {
++ rrsets->rrs = ldns_dnssec_rrs_new();
++ rrsets->rrs->rr = rr;
++ }
++ }
++ }
++
++ return result;
++}
++
++static void
++ldns_dnssec_rrsets_print_soa_fmt(FILE *out, const ldns_output_format *fmt,
++ ldns_dnssec_rrsets *rrsets,
++ bool follow,
++ bool show_soa)
++{
++ if (!rrsets) {
++ if ((fmt->flags & LDNS_COMMENT_LAYOUT))
++ fprintf(out, "; <void>\n");
++ } else {
++ if (rrsets->rrs &&
++ (show_soa ||
++ ldns_rr_get_type(rrsets->rrs->rr) != LDNS_RR_TYPE_SOA
++ )
++ ) {
++ ldns_dnssec_rrs_print_fmt(out, fmt, rrsets->rrs);
++ if (rrsets->signatures) {
++ ldns_dnssec_rrs_print_fmt(out, fmt,
++ rrsets->signatures);
++ }
++ }
++ if (follow && rrsets->next) {
++ ldns_dnssec_rrsets_print_soa_fmt(out, fmt,
++ rrsets->next, follow, show_soa);
++ }
++ }
++}
++
++
++void
++ldns_dnssec_rrsets_print_fmt(FILE *out, const ldns_output_format *fmt,
++ ldns_dnssec_rrsets *rrsets,
++ bool follow)
++{
++ ldns_dnssec_rrsets_print_soa_fmt(out, fmt, rrsets, follow, true);
++}
++
++void
++ldns_dnssec_rrsets_print(FILE *out, ldns_dnssec_rrsets *rrsets, bool follow)
++{
++ ldns_dnssec_rrsets_print_fmt(out, ldns_output_format_default,
++ rrsets, follow);
++}
++
++ldns_dnssec_name *
++ldns_dnssec_name_new(void)
++{
++ ldns_dnssec_name *new_name;
++
++ new_name = LDNS_CALLOC(ldns_dnssec_name, 1);
++ if (!new_name) {
++ return NULL;
++ }
++ /*
++ * not needed anymore because CALLOC initalizes everything to zero.
++
++ new_name->name = NULL;
++ new_name->rrsets = NULL;
++ new_name->name_alloced = false;
++ new_name->nsec = NULL;
++ new_name->nsec_signatures = NULL;
++
++ new_name->is_glue = false;
++ new_name->hashed_name = NULL;
++
++ */
++ return new_name;
++}
++
++ldns_dnssec_name *
++ldns_dnssec_name_new_frm_rr(ldns_rr *rr)
++{
++ ldns_dnssec_name *new_name = ldns_dnssec_name_new();
++
++ new_name->name = ldns_rr_owner(rr);
++ if(ldns_dnssec_name_add_rr(new_name, rr) != LDNS_STATUS_OK) {
++ ldns_dnssec_name_free(new_name);
++ return NULL;
++ }
++
++ return new_name;
++}
++
++INLINE void
++ldns_dnssec_name_free_internal(ldns_dnssec_name *name,
++ int deep)
++{
++ if (name) {
++ if (name->name_alloced) {
++ ldns_rdf_deep_free(name->name);
++ }
++ if (name->rrsets) {
++ ldns_dnssec_rrsets_free_internal(name->rrsets, deep);
++ }
++ if (name->nsec && deep) {
++ ldns_rr_free(name->nsec);
++ }
++ if (name->nsec_signatures) {
++ ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep);
++ }
++ if (name->hashed_name) {
++ if (deep) {
++ ldns_rdf_deep_free(name->hashed_name);
++ }
++ }
++ LDNS_FREE(name);
++ }
++}
++
++void
++ldns_dnssec_name_free(ldns_dnssec_name *name)
++{
++ ldns_dnssec_name_free_internal(name, 0);
++}
++
++void
++ldns_dnssec_name_deep_free(ldns_dnssec_name *name)
++{
++ ldns_dnssec_name_free_internal(name, 1);
++}
++
++ldns_rdf *
++ldns_dnssec_name_name(ldns_dnssec_name *name)
++{
++ if (name) {
++ return name->name;
++ }
++ return NULL;
++}
++
++bool
++ldns_dnssec_name_is_glue(ldns_dnssec_name *name)
++{
++ if (name) {
++ return name->is_glue;
++ }
++ return false;
++}
++
++void
++ldns_dnssec_name_set_name(ldns_dnssec_name *rrset,
++ ldns_rdf *dname)
++{
++ if (rrset && dname) {
++ rrset->name = dname;
++ }
++}
++
++
++void
++ldns_dnssec_name_set_nsec(ldns_dnssec_name *rrset, ldns_rr *nsec)
++{
++ if (rrset && nsec) {
++ rrset->nsec = nsec;
++ }
++}
++
++int
++ldns_dnssec_name_cmp(const void *a, const void *b)
++{
++ ldns_dnssec_name *na = (ldns_dnssec_name *) a;
++ ldns_dnssec_name *nb = (ldns_dnssec_name *) b;
++
++ if (na && nb) {
++ return ldns_dname_compare(ldns_dnssec_name_name(na),
++ ldns_dnssec_name_name(nb));
++ } else if (na) {
++ return 1;
++ } else if (nb) {
++ return -1;
++ } else {
++ return 0;
++ }
++}
++
++ldns_status
++ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
++ ldns_rr *rr)
++{
++ ldns_status result = LDNS_STATUS_OK;
++ ldns_rr_type rr_type;
++ ldns_rr_type typecovered = 0;
++
++ /* special handling for NSEC3 and NSECX covering RRSIGS */
++
++ if (!name || !rr) {
++ return LDNS_STATUS_ERR;
++ }
++
++ rr_type = ldns_rr_get_type(rr);
++
++ if (rr_type == LDNS_RR_TYPE_RRSIG) {
++ typecovered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
++ }
++
++ if (rr_type == LDNS_RR_TYPE_NSEC ||
++ rr_type == LDNS_RR_TYPE_NSEC3) {
++ /* XX check if is already set (and error?) */
++ name->nsec = rr;
++ } else if (typecovered == LDNS_RR_TYPE_NSEC ||
++ typecovered == LDNS_RR_TYPE_NSEC3) {
++ if (name->nsec_signatures) {
++ result = ldns_dnssec_rrs_add_rr(name->nsec_signatures, rr);
++ } else {
++ name->nsec_signatures = ldns_dnssec_rrs_new();
++ name->nsec_signatures->rr = rr;
++ }
++ } else {
++ /* it's a 'normal' RR, add it to the right rrset */
++ if (name->rrsets) {
++ result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr);
++ } else {
++ name->rrsets = ldns_dnssec_rrsets_new();
++ result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr);
++ }
++ }
++ return result;
++}
++
++ldns_dnssec_rrsets *
++ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
++ ldns_rr_type type) {
++ ldns_dnssec_rrsets *result;
++
++ result = name->rrsets;
++ while (result) {
++ if (result->type == type) {
++ return result;
++ } else {
++ result = result->next;
++ }
++ }
++ return NULL;
++}
++
++ldns_dnssec_rrsets *
++ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
++ ldns_rdf *dname,
++ ldns_rr_type type)
++{
++ ldns_rbnode_t *node;
++
++ if (!zone || !dname || !zone->names) {
++ return NULL;
++ }
++
++ node = ldns_rbtree_search(zone->names, dname);
++ if (node) {
++ return ldns_dnssec_name_find_rrset((ldns_dnssec_name *)node->data,
++ type);
++ } else {
++ return NULL;
++ }
++}
++
++static void
++ldns_dnssec_name_print_soa_fmt(FILE *out, const ldns_output_format *fmt,
++ ldns_dnssec_name *name,
++ bool show_soa)
++{
++ if (name) {
++ if(name->rrsets) {
++ ldns_dnssec_rrsets_print_soa_fmt(out, fmt,
++ name->rrsets, true, show_soa);
++ } else if ((fmt->flags & LDNS_COMMENT_LAYOUT)) {
++ fprintf(out, ";; Empty nonterminal: ");
++ ldns_rdf_print(out, name->name);
++ fprintf(out, "\n");
++ }
++ if(name->nsec) {
++ ldns_rr_print_fmt(out, fmt, name->nsec);
++ }
++ if (name->nsec_signatures) {
++ ldns_dnssec_rrs_print_fmt(out, fmt,
++ name->nsec_signatures);
++ }
++ } else if ((fmt->flags & LDNS_COMMENT_LAYOUT)) {
++ fprintf(out, "; <void>\n");
++ }
++}
++
++
++void
++ldns_dnssec_name_print_fmt(FILE *out, const ldns_output_format *fmt,
++ ldns_dnssec_name *name)
++{
++ ldns_dnssec_name_print_soa_fmt(out, fmt, name, true);
++}
++
++void
++ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name)
++{
++ ldns_dnssec_name_print_fmt(out, ldns_output_format_default, name);
++}
++
++
++ldns_dnssec_zone *
++ldns_dnssec_zone_new(void)
++{
++ ldns_dnssec_zone *zone = LDNS_MALLOC(ldns_dnssec_zone);
++ if(!zone) return NULL;
++ zone->soa = NULL;
++ zone->names = NULL;
++ zone->hashed_names = NULL;
++ zone->_nsec3params = NULL;
++
++ return zone;
++}
++
++static bool
++rr_is_rrsig_covering(ldns_rr* rr, ldns_rr_type t)
++{
++ return ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG
++ && ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)) == t;
++}
++
++/* When the zone is first read into an list and then inserted into an
++ * ldns_dnssec_zone (rbtree) the nodes of the rbtree are allocated close (next)
++ * to each other. Because ldns-verify-zone (the only program that uses this
++ * function) uses the rbtree mostly for sequentual walking, this results
++ * in a speed increase (of 15% on linux) because we have less CPU-cache misses.
++ */
++#define FASTER_DNSSEC_ZONE_NEW_FRM_FP 1 /* Because of L2 cache efficiency */
++
++static ldns_status
++ldns_dnssec_zone_add_empty_nonterminals_nsec3(
++ ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s);
++
++static void
++ldns_todo_nsec3_ents_node_free(ldns_rbnode_t *node, void *arg) {
++ (void) arg;
++ ldns_rdf_deep_free((ldns_rdf *)node->key);
++ LDNS_FREE(node);
++}
++
++ldns_status
++ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin,
++ uint32_t ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr)
++{
++ ldns_rr* cur_rr;
++ size_t i;
++
++ ldns_rdf *my_origin = NULL;
++ ldns_rdf *my_prev = NULL;
++
++ ldns_dnssec_zone *newzone = ldns_dnssec_zone_new();
++ /* NSEC3s may occur before the names they refer to. We must remember
++ them and add them to the name later on, after the name is read.
++ We track not yet matching NSEC3s*n the todo_nsec3s list */
++ ldns_rr_list* todo_nsec3s = ldns_rr_list_new();
++ /* when reading NSEC3s, there is a chance that we encounter nsecs
++ for empty nonterminals, whose nonterminals we cannot derive yet
++ because the needed information is to be read later.
++
++ nsec3_ents (where ent is e.n.t.; i.e. empty non terminal) will
++ hold the NSEC3s that still didn't have a matching name in the
++ zone tree, even after all names were read. They can only match
++ after the zone is equiped with all the empty non terminals. */
++ ldns_rbtree_t todo_nsec3_ents;
++ ldns_rbnode_t *new_node;
++ ldns_rr_list* todo_nsec3_rrsigs = ldns_rr_list_new();
++
++ ldns_status status;
++
++#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
++ ldns_zone* zone = NULL;
++#else
++ uint32_t my_ttl = ttl;
++#endif
++
++ ldns_rbtree_init(&todo_nsec3_ents, ldns_dname_compare_v);
++
++#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
++ status = ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr);
++ if (status != LDNS_STATUS_OK)
++ goto error;
++#endif
++ if (!newzone || !todo_nsec3s || !todo_nsec3_rrsigs ) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto error;
++ }
++ if (origin) {
++ if (!(my_origin = ldns_rdf_clone(origin))) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto error;
++ }
++ if (!(my_prev = ldns_rdf_clone(origin))) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto error;
++ }
++ }
++
++#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
++ if (ldns_zone_soa(zone)) {
++ status = ldns_dnssec_zone_add_rr(newzone, ldns_zone_soa(zone));
++ if (status != LDNS_STATUS_OK)
++ goto error;
++ }
++ for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) {
++ cur_rr = ldns_rr_list_rr(ldns_zone_rrs(zone), i);
++ status = LDNS_STATUS_OK;
++#else
++ while (!feof(fp)) {
++ status = ldns_rr_new_frm_fp_l(&cur_rr, fp, &my_ttl, &my_origin,
++ &my_prev, line_nr);
++
++#endif
++ switch (status) {
++ case LDNS_STATUS_OK:
++
++ status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
++ if (status ==
++ LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) {
++
++ if (rr_is_rrsig_covering(cur_rr,
++ LDNS_RR_TYPE_NSEC3)){
++ ldns_rr_list_push_rr(todo_nsec3_rrsigs,
++ cur_rr);
++ } else {
++ ldns_rr_list_push_rr(todo_nsec3s,
++ cur_rr);
++ }
++ status = LDNS_STATUS_OK;
++
++ } else if (status != LDNS_STATUS_OK)
++ goto error;
++
++ break;
++
++
++ case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */
++ case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/
++ case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/
++ status = LDNS_STATUS_OK;
++ break;
++
++ case LDNS_STATUS_SYNTAX_INCLUDE:/* $include not implemented */
++ status = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL;
++ break;
++
++ default:
++ goto error;
++ }
++ }
++
++ for (i = 0; status == LDNS_STATUS_OK &&
++ i < ldns_rr_list_rr_count(todo_nsec3s); i++) {
++ cur_rr = ldns_rr_list_rr(todo_nsec3s, i);
++ status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
++ if (status == LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) {
++ if (!(new_node = LDNS_MALLOC(ldns_rbnode_t))) {
++ status = LDNS_STATUS_MEM_ERR;
++ break;
++ }
++ new_node->key = ldns_dname_label(ldns_rr_owner(cur_rr), 0);
++ new_node->data = cur_rr;
++ if (!ldns_rbtree_insert(&todo_nsec3_ents, new_node)) {
++ LDNS_FREE(new_node);
++ status = LDNS_STATUS_MEM_ERR;
++ break;
++ }
++ status = LDNS_STATUS_OK;
++ }
++ }
++ if (todo_nsec3_ents.count > 0)
++ (void) ldns_dnssec_zone_add_empty_nonterminals_nsec3(
++ newzone, &todo_nsec3_ents);
++ for (i = 0; status == LDNS_STATUS_OK &&
++ i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++) {
++ cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i);
++ status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
++ }
++ if (z) {
++ *z = newzone;
++ newzone = NULL;
++ } else {
++ ldns_dnssec_zone_free(newzone);
++ }
++
++error:
++#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
++ if (zone) {
++ ldns_zone_free(zone);
++ }
++#endif
++ ldns_rr_list_free(todo_nsec3_rrsigs);
++ ldns_traverse_postorder(&todo_nsec3_ents,
++ ldns_todo_nsec3_ents_node_free, NULL);
++ ldns_rr_list_free(todo_nsec3s);
++
++ if (my_origin) {
++ ldns_rdf_deep_free(my_origin);
++ }
++ if (my_prev) {
++ ldns_rdf_deep_free(my_prev);
++ }
++ if (newzone) {
++ ldns_dnssec_zone_free(newzone);
++ }
++ return status;
++}
++
++ldns_status
++ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin,
++ uint32_t ttl, ldns_rr_class ATTR_UNUSED(c))
++{
++ return ldns_dnssec_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL);
++}
++
++static void
++ldns_dnssec_name_node_free(ldns_rbnode_t *node, void *arg) {
++ (void) arg;
++ ldns_dnssec_name_free((ldns_dnssec_name *)node->data);
++ LDNS_FREE(node);
++}
++
++static void
++ldns_dnssec_name_node_deep_free(ldns_rbnode_t *node, void *arg) {
++ (void) arg;
++ ldns_dnssec_name_deep_free((ldns_dnssec_name *)node->data);
++ LDNS_FREE(node);
++}
++
++void
++ldns_dnssec_zone_free(ldns_dnssec_zone *zone)
++{
++ if (zone) {
++ if (zone->names) {
++ /* destroy all name structures within the tree */
++ ldns_traverse_postorder(zone->names,
++ ldns_dnssec_name_node_free,
++ NULL);
++ LDNS_FREE(zone->names);
++ }
++ LDNS_FREE(zone);
++ }
++}
++
++void
++ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone)
++{
++ if (zone) {
++ if (zone->names) {
++ /* destroy all name structures within the tree */
++ ldns_traverse_postorder(zone->names,
++ ldns_dnssec_name_node_deep_free,
++ NULL);
++ LDNS_FREE(zone->names);
++ }
++ LDNS_FREE(zone);
++ }
++}
++
++/* use for dname comparison in tree */
++int
++ldns_dname_compare_v(const void *a, const void *b) {
++ return ldns_dname_compare((ldns_rdf *)a, (ldns_rdf *)b);
++}
++
++static void
++ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone,
++ ldns_dnssec_name* name, ldns_rr* nsec3rr);
++
++static void
++ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) {
++ (void) arg;
++ LDNS_FREE(node);
++}
++
++static void
++ldns_dnssec_zone_hashed_names_from_nsec3(
++ ldns_dnssec_zone* zone, ldns_rr* nsec3rr)
++{
++ ldns_rbnode_t* current_node;
++ ldns_dnssec_name* current_name;
++
++ assert(zone != NULL);
++ assert(nsec3rr != NULL);
++
++ if (zone->hashed_names) {
++ ldns_traverse_postorder(zone->hashed_names,
++ ldns_hashed_names_node_free, NULL);
++ LDNS_FREE(zone->hashed_names);
++ }
++ zone->_nsec3params = nsec3rr;
++
++ /* So this is a NSEC3 zone.
++ * Calculate hashes for all names already in the zone
++ */
++ zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v);
++ if (zone->hashed_names == NULL) {
++ return;
++ }
++ for ( current_node = ldns_rbtree_first(zone->names)
++ ; current_node != LDNS_RBTREE_NULL
++ ; current_node = ldns_rbtree_next(current_node)
++ ) {
++ current_name = (ldns_dnssec_name *) current_node->data;
++ ldns_dnssec_name_make_hashed_name(zone, current_name, nsec3rr);
++
++ }
++}
++
++static void
++ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone,
++ ldns_dnssec_name* name, ldns_rr* nsec3rr)
++{
++ ldns_rbnode_t* new_node;
++
++ assert(name != NULL);
++ if (! zone->_nsec3params) {
++ if (! nsec3rr) {
++ return;
++ }
++ ldns_dnssec_zone_hashed_names_from_nsec3(zone, nsec3rr);
++
++ } else if (! nsec3rr) {
++ nsec3rr = zone->_nsec3params;
++ }
++ name->hashed_name = ldns_nsec3_hash_name_frm_nsec3(nsec3rr, name->name);
++
++ /* Also store in zone->hashed_names */
++ if ((new_node = LDNS_MALLOC(ldns_rbnode_t))) {
++
++ new_node->key = name->hashed_name;
++ new_node->data = name;
++
++ if (ldns_rbtree_insert(zone->hashed_names, new_node) == NULL) {
++
++ LDNS_FREE(new_node);
++ }
++ }
++}
++
++
++static ldns_rbnode_t *
++ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone, ldns_rr *rr) {
++ ldns_rdf *hashed_name;
++
++ hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0);
++ if (hashed_name == NULL) {
++ return NULL;
++ }
++ if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 && ! zone->_nsec3params){
++
++ ldns_dnssec_zone_hashed_names_from_nsec3(zone, rr);
++ }
++ if (zone->hashed_names == NULL) {
++ ldns_rdf_deep_free(hashed_name);
++ return NULL;
++ }
++ return ldns_rbtree_search(zone->hashed_names, hashed_name);
++}
++
++ldns_status
++ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
++{
++ ldns_status result = LDNS_STATUS_OK;
++ ldns_dnssec_name *cur_name;
++ ldns_rbnode_t *cur_node;
++ ldns_rr_type type_covered = 0;
++
++ if (!zone || !rr) {
++ return LDNS_STATUS_ERR;
++ }
++
++ if (!zone->names) {
++ zone->names = ldns_rbtree_create(ldns_dname_compare_v);
++ if(!zone->names) return LDNS_STATUS_MEM_ERR;
++ }
++
++ /* we need the original of the hashed name if this is
++ an NSEC3, or an RRSIG that covers an NSEC3 */
++ if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) {
++ type_covered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
++ }
++ if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 ||
++ type_covered == LDNS_RR_TYPE_NSEC3) {
++ cur_node = ldns_dnssec_zone_find_nsec3_original(zone, rr);
++ if (!cur_node) {
++ return LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND;
++ }
++ } else {
++ cur_node = ldns_rbtree_search(zone->names, ldns_rr_owner(rr));
++ }
++ if (!cur_node) {
++ /* add */
++ cur_name = ldns_dnssec_name_new_frm_rr(rr);
++ if(!cur_name) return LDNS_STATUS_MEM_ERR;
++ cur_node = LDNS_MALLOC(ldns_rbnode_t);
++ if(!cur_node) {
++ ldns_dnssec_name_free(cur_name);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ cur_node->key = ldns_rr_owner(rr);
++ cur_node->data = cur_name;
++ (void)ldns_rbtree_insert(zone->names, cur_node);
++ ldns_dnssec_name_make_hashed_name(zone, cur_name, NULL);
++ } else {
++ cur_name = (ldns_dnssec_name *) cur_node->data;
++ result = ldns_dnssec_name_add_rr(cur_name, rr);
++ }
++ if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
++ zone->soa = cur_name;
++ }
++ return result;
++}
++
++void
++ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt,
++ ldns_rbtree_t *tree,
++ bool print_soa)
++{
++ ldns_rbnode_t *node;
++ ldns_dnssec_name *name;
++
++ node = ldns_rbtree_first(tree);
++ while (node != LDNS_RBTREE_NULL) {
++ name = (ldns_dnssec_name *) node->data;
++ ldns_dnssec_name_print_soa_fmt(out, fmt, name, print_soa);
++ if ((fmt->flags & LDNS_COMMENT_LAYOUT))
++ fprintf(out, ";\n");
++ node = ldns_rbtree_next(node);
++ }
++}
++
++void
++ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa)
++{
++ ldns_dnssec_zone_names_print_fmt(out, ldns_output_format_default,
++ tree, print_soa);
++}
++
++void
++ldns_dnssec_zone_print_fmt(FILE *out, const ldns_output_format *fmt,
++ ldns_dnssec_zone *zone)
++{
++ if (zone) {
++ if (zone->soa) {
++ if ((fmt->flags & LDNS_COMMENT_LAYOUT)) {
++ fprintf(out, ";; Zone: ");
++ ldns_rdf_print(out, ldns_dnssec_name_name(
++ zone->soa));
++ fprintf(out, "\n;\n");
++ }
++ ldns_dnssec_rrsets_print_fmt(out, fmt,
++ ldns_dnssec_name_find_rrset(
++ zone->soa,
++ LDNS_RR_TYPE_SOA),
++ false);
++ if ((fmt->flags & LDNS_COMMENT_LAYOUT))
++ fprintf(out, ";\n");
++ }
++
++ if (zone->names) {
++ ldns_dnssec_zone_names_print_fmt(out, fmt,
++ zone->names, false);
++ }
++ }
++}
++
++void
++ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone)
++{
++ ldns_dnssec_zone_print_fmt(out, ldns_output_format_default, zone);
++}
++
++static ldns_status
++ldns_dnssec_zone_add_empty_nonterminals_nsec3(
++ ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s)
++{
++ ldns_dnssec_name *new_name;
++ ldns_rdf *cur_name;
++ ldns_rdf *next_name;
++ ldns_rbnode_t *cur_node, *next_node, *new_node;
++
++ /* for the detection */
++ uint16_t i, cur_label_count, next_label_count;
++ uint16_t soa_label_count = 0;
++ ldns_rdf *l1, *l2;
++ int lpos;
++
++ if (!zone) {
++ return LDNS_STATUS_ERR;
++ }
++ if (zone->soa && zone->soa->name) {
++ soa_label_count = ldns_dname_label_count(zone->soa->name);
++ }
++
++ cur_node = ldns_rbtree_first(zone->names);
++ while (cur_node != LDNS_RBTREE_NULL) {
++ next_node = ldns_rbtree_next(cur_node);
++
++ /* skip glue */
++ while (next_node != LDNS_RBTREE_NULL &&
++ next_node->data &&
++ ((ldns_dnssec_name *)next_node->data)->is_glue
++ ) {
++ next_node = ldns_rbtree_next(next_node);
++ }
++
++ if (next_node == LDNS_RBTREE_NULL) {
++ next_node = ldns_rbtree_first(zone->names);
++ }
++ if (! cur_node->data || ! next_node->data) {
++ return LDNS_STATUS_ERR;
++ }
++ cur_name = ((ldns_dnssec_name *)cur_node->data)->name;
++ next_name = ((ldns_dnssec_name *)next_node->data)->name;
++ cur_label_count = ldns_dname_label_count(cur_name);
++ next_label_count = ldns_dname_label_count(next_name);
++
++ /* Since the names are in canonical order, we can
++ * recognize empty non-terminals by their labels;
++ * every label after the first one on the next owner
++ * name is a non-terminal if it either does not exist
++ * in the current name or is different from the same
++ * label in the current name (counting from the end)
++ */
++ for (i = 1; i < next_label_count - soa_label_count; i++) {
++ lpos = (int)cur_label_count - (int)next_label_count + (int)i;
++ if (lpos >= 0) {
++ l1 = ldns_dname_clone_from(cur_name, (uint8_t)lpos);
++ } else {
++ l1 = NULL;
++ }
++ l2 = ldns_dname_clone_from(next_name, i);
++
++ if (!l1 || ldns_dname_compare(l1, l2) != 0) {
++ /* We have an empty nonterminal, add it to the
++ * tree
++ */
++ ldns_rbnode_t *node = NULL;
++ ldns_rdf *ent_name;
++
++ if (!(ent_name = ldns_dname_clone_from(
++ next_name, i)))
++ return LDNS_STATUS_MEM_ERR;
++
++ if (nsec3s && zone->_nsec3params) {
++ ldns_rdf *ent_hashed_name;
++
++ if (!(ent_hashed_name =
++ ldns_nsec3_hash_name_frm_nsec3(
++ zone->_nsec3params,
++ ent_name)))
++ return LDNS_STATUS_MEM_ERR;
++ node = ldns_rbtree_search(nsec3s,
++ ent_hashed_name);
++ if (!node) {
++ ldns_rdf_deep_free(l1);
++ ldns_rdf_deep_free(l2);
++ continue;
++ }
++ }
++ new_name = ldns_dnssec_name_new();
++ if (!new_name) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ new_name->name = ent_name;
++ if (!new_name->name) {
++ ldns_dnssec_name_free(new_name);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ new_name->name_alloced = true;
++ new_node = LDNS_MALLOC(ldns_rbnode_t);
++ if (!new_node) {
++ ldns_dnssec_name_free(new_name);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ new_node->key = new_name->name;
++ new_node->data = new_name;
++ (void)ldns_rbtree_insert(zone->names, new_node);
++ ldns_dnssec_name_make_hashed_name(
++ zone, new_name, NULL);
++ if (node)
++ (void) ldns_dnssec_zone_add_rr(zone,
++ (ldns_rr *)node->data);
++ }
++ ldns_rdf_deep_free(l1);
++ ldns_rdf_deep_free(l2);
++ }
++
++ /* we might have inserted a new node after
++ * the current one so we can't just use next()
++ */
++ if (next_node != ldns_rbtree_first(zone->names)) {
++ cur_node = next_node;
++ } else {
++ cur_node = LDNS_RBTREE_NULL;
++ }
++ }
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
++{
++ return ldns_dnssec_zone_add_empty_nonterminals_nsec3(zone, NULL);
++}
++
++bool
++ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone)
++{
++ ldns_rr* nsec3;
++ ldns_rbnode_t* node;
++
++ if (ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_NSEC3PARAM)) {
++ node = ldns_rbtree_first(zone->names);
++ while (node != LDNS_RBTREE_NULL) {
++ nsec3 = ((ldns_dnssec_name*)node->data)->nsec;
++ if (nsec3 &&ldns_rr_get_type(nsec3)
++ == LDNS_RR_TYPE_NSEC3 &&
++ ldns_nsec3_optout(nsec3)) {
++ return true;
++ }
++ node = ldns_rbtree_next(node);
++ }
++ }
++ return false;
++}
+diff --git a/ldns/src/duration.c b/ldns/src/duration.c
+new file mode 100644
+index 0000000..6d0a388
+--- /dev/null
++++ b/ldns/src/duration.c
+@@ -0,0 +1,354 @@
++/*
++ * $Id: duration.c 4518 2011-02-24 15:39:09Z matthijs $
++ *
++ * Copyright (c) 2009 NLNet Labs. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
++ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
++ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
++ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
++ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
++ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
++ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++/**
++ *
++ * This file is copied from the OpenDNSSEC source repository
++ * and only slightly adapted to make it fit.
++ */
++
++/**
++ *
++ * Durations.
++ */
++
++#include <ldns/config.h>
++#include <ldns/duration.h>
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <time.h>
++
++
++/**
++ * Create a new 'instant' duration.
++ *
++ */
++ldns_duration_type*
++ldns_duration_create(void)
++{
++ ldns_duration_type* duration;
++
++ duration = malloc(sizeof(ldns_duration_type));
++ if (!duration) {
++ return NULL;
++ }
++ duration->years = 0;
++ duration->months = 0;
++ duration->weeks = 0;
++ duration->days = 0;
++ duration->hours = 0;
++ duration->minutes = 0;
++ duration->seconds = 0;
++ return duration;
++}
++
++
++/**
++ * Compare durations.
++ *
++ */
++int
++ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2)
++{
++ if (!d1 && !d2) {
++ return 0;
++ }
++ if (!d1 || !d2) {
++ return d1?-1:1;
++ }
++
++ if (d1->years != d2->years) {
++ return (int) (d1->years - d2->years);
++ }
++ if (d1->months != d2->months) {
++ return (int) (d1->months - d2->months);
++ }
++ if (d1->weeks != d2->weeks) {
++ return (int) (d1->weeks - d2->weeks);
++ }
++ if (d1->days != d2->days) {
++ return (int) (d1->days - d2->days);
++ }
++ if (d1->hours != d2->hours) {
++ return (int) (d1->hours - d2->hours);
++ }
++ if (d1->minutes != d2->minutes) {
++ return (int) (d1->minutes - d2->minutes);
++ }
++ if (d1->seconds != d2->seconds) {
++ return (int) (d1->seconds - d2->seconds);
++ }
++
++ return 0;
++}
++
++
++/**
++ * Create a duration from string.
++ *
++ */
++ldns_duration_type*
++ldns_duration_create_from_string(const char* str)
++{
++ ldns_duration_type* duration = ldns_duration_create();
++ char* P, *X, *T, *W;
++ int not_weeks = 0;
++
++ if (!duration) {
++ return NULL;
++ }
++ if (!str) {
++ return duration;
++ }
++
++ P = strchr(str, 'P');
++ if (!P) {
++ ldns_duration_cleanup(duration);
++ return NULL;
++ }
++
++ T = strchr(str, 'T');
++ X = strchr(str, 'Y');
++ if (X) {
++ duration->years = (time_t) atoi(str+1);
++ str = X;
++ not_weeks = 1;
++ }
++ X = strchr(str, 'M');
++ if (X && (!T || (size_t) (X-P) < (size_t) (T-P))) {
++ duration->months = (time_t) atoi(str+1);
++ str = X;
++ not_weeks = 1;
++ }
++ X = strchr(str, 'D');
++ if (X) {
++ duration->days = (time_t) atoi(str+1);
++ str = X;
++ not_weeks = 1;
++ }
++ if (T) {
++ str = T;
++ not_weeks = 1;
++ }
++ X = strchr(str, 'H');
++ if (X && T) {
++ duration->hours = (time_t) atoi(str+1);
++ str = X;
++ not_weeks = 1;
++ }
++ X = strrchr(str, 'M');
++ if (X && T && (size_t) (X-P) > (size_t) (T-P)) {
++ duration->minutes = (time_t) atoi(str+1);
++ str = X;
++ not_weeks = 1;
++ }
++ X = strchr(str, 'S');
++ if (X && T) {
++ duration->seconds = (time_t) atoi(str+1);
++ str = X;
++ not_weeks = 1;
++ }
++
++ W = strchr(str, 'W');
++ if (W) {
++ if (not_weeks) {
++ ldns_duration_cleanup(duration);
++ return NULL;
++ } else {
++ duration->weeks = (time_t) atoi(str+1);
++ str = W;
++ }
++ }
++ return duration;
++}
++
++
++/**
++ * Get the number of digits in a number.
++ *
++ */
++static size_t
++digits_in_number(time_t duration)
++{
++ uint32_t period = (uint32_t) duration;
++ size_t count = 0;
++
++ while (period > 0) {
++ count++;
++ period /= 10;
++ }
++ return count;
++}
++
++
++/**
++ * Convert a duration to a string.
++ *
++ */
++char*
++ldns_duration2string(ldns_duration_type* duration)
++{
++ char* str = NULL, *num = NULL;
++ size_t count = 2;
++ int T = 0;
++
++ if (!duration) {
++ return NULL;
++ }
++
++ if (duration->years > 0) {
++ count = count + 1 + digits_in_number(duration->years);
++ }
++ if (duration->months > 0) {
++ count = count + 1 + digits_in_number(duration->months);
++ }
++ if (duration->weeks > 0) {
++ count = count + 1 + digits_in_number(duration->weeks);
++ }
++ if (duration->days > 0) {
++ count = count + 1 + digits_in_number(duration->days);
++ }
++ if (duration->hours > 0) {
++ count = count + 1 + digits_in_number(duration->hours);
++ T = 1;
++ }
++ if (duration->minutes > 0) {
++ count = count + 1 + digits_in_number(duration->minutes);
++ T = 1;
++ }
++ if (duration->seconds > 0) {
++ count = count + 1 + digits_in_number(duration->seconds);
++ T = 1;
++ }
++ if (T) {
++ count++;
++ }
++
++ str = (char*) calloc(count, sizeof(char));
++ str[0] = 'P';
++ str[1] = '\0';
++
++ if (duration->years > 0) {
++ count = digits_in_number(duration->years);
++ num = (char*) calloc(count+2, sizeof(char));
++ snprintf(num, count+2, "%uY", (unsigned int) duration->years);
++ str = strncat(str, num, count+2);
++ free((void*) num);
++ }
++ if (duration->months > 0) {
++ count = digits_in_number(duration->months);
++ num = (char*) calloc(count+2, sizeof(char));
++ snprintf(num, count+2, "%uM", (unsigned int) duration->months);
++ str = strncat(str, num, count+2);
++ free((void*) num);
++ }
++ if (duration->weeks > 0) {
++ count = digits_in_number(duration->weeks);
++ num = (char*) calloc(count+2, sizeof(char));
++ snprintf(num, count+2, "%uW", (unsigned int) duration->weeks);
++ str = strncat(str, num, count+2);
++ free((void*) num);
++ }
++ if (duration->days > 0) {
++ count = digits_in_number(duration->days);
++ num = (char*) calloc(count+2, sizeof(char));
++ snprintf(num, count+2, "%uD", (unsigned int) duration->days);
++ str = strncat(str, num, count+2);
++ free((void*) num);
++ }
++ if (T) {
++ str = strncat(str, "T", 1);
++ }
++ if (duration->hours > 0) {
++ count = digits_in_number(duration->hours);
++ num = (char*) calloc(count+2, sizeof(char));
++ snprintf(num, count+2, "%uH", (unsigned int) duration->hours);
++ str = strncat(str, num, count+2);
++ free((void*) num);
++ }
++ if (duration->minutes > 0) {
++ count = digits_in_number(duration->minutes);
++ num = (char*) calloc(count+2, sizeof(char));
++ snprintf(num, count+2, "%uM", (unsigned int) duration->minutes);
++ str = strncat(str, num, count+2);
++ free((void*) num);
++ }
++ if (duration->seconds > 0) {
++ count = digits_in_number(duration->seconds);
++ num = (char*) calloc(count+2, sizeof(char));
++ snprintf(num, count+2, "%uS", (unsigned int) duration->seconds);
++ str = strncat(str, num, count+2);
++ free((void*) num);
++ }
++ return str;
++}
++
++
++/**
++ * Convert a duration to a time.
++ *
++ */
++time_t
++ldns_duration2time(ldns_duration_type* duration)
++{
++ time_t period = 0;
++
++ if (duration) {
++ period += (duration->seconds);
++ period += (duration->minutes)*60;
++ period += (duration->hours)*3600;
++ period += (duration->days)*86400;
++ period += (duration->weeks)*86400*7;
++ period += (duration->months)*86400*31;
++ period += (duration->years)*86400*365;
++
++ /* [TODO] calculate correct number of days in this month/year */
++ /*
++ if (duration->months || duration->years) {
++ }
++ */
++ }
++ return period;
++}
++
++
++/**
++ * Clean up duration.
++ *
++ */
++void
++ldns_duration_cleanup(ldns_duration_type* duration)
++{
++ if (!duration) {
++ return;
++ }
++ free(duration);
++ return;
++}
+diff --git a/ldns/src/error.c b/ldns/src/error.c
+new file mode 100644
+index 0000000..82ea61a
+--- /dev/null
++++ b/ldns/src/error.c
+@@ -0,0 +1,160 @@
++/*
++ * a error2str function to make sense of all the
++ * error codes we have laying ardoun
++ *
++ * a Net::DNS like library for C
++ * LibDNS Team @ NLnet Labs
++ * (c) NLnet Labs, 2005-2006
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++ldns_lookup_table ldns_error_str[] = {
++ { LDNS_STATUS_OK, "All OK" },
++ { LDNS_STATUS_EMPTY_LABEL, "Empty label" },
++ { LDNS_STATUS_LABEL_OVERFLOW, "Label length overflow" },
++ { LDNS_STATUS_DOMAINNAME_OVERFLOW, "Domainname length overflow" },
++ { LDNS_STATUS_DOMAINNAME_UNDERFLOW, "Domainname length underflow (zero length)" },
++ { LDNS_STATUS_DDD_OVERFLOW, "\\DDD sequence overflow (>255)" },
++ { LDNS_STATUS_PACKET_OVERFLOW, "Packet size overflow" },
++ { LDNS_STATUS_INVALID_POINTER, "Invalid compression pointer" },
++ { LDNS_STATUS_MEM_ERR, "General memory error" },
++ { LDNS_STATUS_INTERNAL_ERR, "Internal error, this should not happen" },
++ { LDNS_STATUS_SSL_ERR, "Error in SSL library" },
++ { LDNS_STATUS_ERR, "General LDNS error" },
++ { LDNS_STATUS_INVALID_INT, "Conversion error, integer expected" },
++ { LDNS_STATUS_INVALID_IP4, "Conversion error, ip4 addr expected" },
++ { LDNS_STATUS_INVALID_IP6, "Conversion error, ip6 addr expected" },
++ { LDNS_STATUS_INVALID_STR, "Conversion error, string expected" },
++ { LDNS_STATUS_INVALID_B32_EXT, "Conversion error, b32 ext encoding expected" },
++ { LDNS_STATUS_INVALID_B64, "Conversion error, b64 encoding expected" },
++ { LDNS_STATUS_INVALID_HEX, "Conversion error, hex encoding expected" },
++ { LDNS_STATUS_INVALID_TIME, "Conversion error, time encoding expected" },
++ { LDNS_STATUS_NETWORK_ERR, "Could not send or receive, because of network error" },
++ { LDNS_STATUS_ADDRESS_ERR, "Could not start AXFR, because of address error" },
++ { LDNS_STATUS_FILE_ERR, "Could not open the files" },
++ { LDNS_STATUS_UNKNOWN_INET, "Uknown address family" },
++ { LDNS_STATUS_NOT_IMPL, "This function is not implemented (yet), please notify the developers - or not..." },
++ { LDNS_STATUS_NULL, "Supplied value pointer null" },
++ { LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, "Unknown cryptographic algorithm" },
++ { LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL, "Cryptographic algorithm not implemented" },
++ { LDNS_STATUS_CRYPTO_NO_RRSIG, "No DNSSEC signature(s)" },
++ { LDNS_STATUS_CRYPTO_NO_DNSKEY, "No DNSSEC public key(s)" },
++ { LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR, "The signature does not cover this RRset" },
++ { LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY, "No signatures found for trusted DNSSEC public key(s)" },
++ { LDNS_STATUS_CRYPTO_NO_DS, "No DS record(s)" },
++ { LDNS_STATUS_CRYPTO_NO_TRUSTED_DS, "Could not validate DS record(s)" },
++ { LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY, "No keys with the keytag and algorithm from the RRSIG found" },
++ { LDNS_STATUS_CRYPTO_VALIDATED, "Valid DNSSEC signature" },
++ { LDNS_STATUS_CRYPTO_BOGUS, "Bogus DNSSEC signature" },
++ { LDNS_STATUS_CRYPTO_SIG_EXPIRED, "DNSSEC signature has expired" },
++ { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED, "DNSSEC signature not incepted yet" },
++ { LDNS_STATUS_CRYPTO_TSIG_BOGUS, "Bogus TSIG signature" },
++ { LDNS_STATUS_CRYPTO_TSIG_ERR, "Could not create TSIG signature" },
++ { LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION, "DNSSEC signature has expiration date earlier than inception date" },
++ { LDNS_STATUS_ENGINE_KEY_NOT_LOADED, "Unable to load private key from engine" },
++ { LDNS_STATUS_NSEC3_ERR, "Error in NSEC3 denial of existence proof" },
++ { LDNS_STATUS_RES_NO_NS, "No (valid) nameservers defined in the resolver" },
++ { LDNS_STATUS_RES_QUERY, "No correct query given to resolver" },
++ { LDNS_STATUS_WIRE_INCOMPLETE_HEADER, "header section incomplete" },
++ { LDNS_STATUS_WIRE_INCOMPLETE_QUESTION, "question section incomplete" },
++ { LDNS_STATUS_WIRE_INCOMPLETE_ANSWER, "answer section incomplete" },
++ { LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY, "authority section incomplete" },
++ { LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL, "additional section incomplete" },
++ { LDNS_STATUS_NO_DATA, "No data" },
++ { LDNS_STATUS_EXISTS_ERR, "Element already exists" },
++ { LDNS_STATUS_CERT_BAD_ALGORITHM, "Bad algorithm type for CERT record" },
++ { LDNS_STATUS_SYNTAX_TYPE_ERR, "Syntax error, could not parse the RR's type" },
++ { LDNS_STATUS_SYNTAX_CLASS_ERR, "Syntax error, could not parse the RR's class" },
++ { LDNS_STATUS_SYNTAX_TTL_ERR, "Syntax error, could not parse the RR's TTL" },
++ { LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL, "Syntax error, $INCLUDE not implemented" },
++ { LDNS_STATUS_SYNTAX_RDATA_ERR, "Syntax error, could not parse the RR's rdata" },
++ { LDNS_STATUS_SYNTAX_DNAME_ERR, "Syntax error, could not parse the RR's dname(s)" },
++ { LDNS_STATUS_SYNTAX_VERSION_ERR, "Syntax error, version mismatch" },
++ { LDNS_STATUS_SYNTAX_ALG_ERR, "Syntax error, algorithm unknown or non parseable" },
++ { LDNS_STATUS_SYNTAX_KEYWORD_ERR, "Syntax error, unknown keyword in input" },
++ { LDNS_STATUS_SYNTAX_ERR, "Syntax error, could not parse the RR" },
++ { LDNS_STATUS_SYNTAX_EMPTY, "Empty line was returned" },
++ { LDNS_STATUS_SYNTAX_TTL, "$TTL directive was seen in the zone" },
++ { LDNS_STATUS_SYNTAX_ORIGIN, "$ORIGIN directive was seen in the zone" },
++ { LDNS_STATUS_SYNTAX_INCLUDE, "$INCLUDE directive was seen in the zone" },
++ { LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW, "Iterations count for NSEC3 record higher than maximum" },
++ { LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR, "Syntax error, value expected" },
++ { LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer value too large" },
++ { LDNS_STATUS_SYNTAX_BAD_ESCAPE, "Syntax error, bad escape sequence" },
++ { LDNS_STATUS_SOCKET_ERROR, "Error creating socket" },
++ { LDNS_STATUS_DNSSEC_EXISTENCE_DENIED, "Existence denied by NSEC" },
++ { LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED, "RR not covered by the given NSEC RRs" },
++ { LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED, "wildcard not covered by the given NSEC RRs" },
++ { LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND, "original of NSEC3 hashed name could not be found" },
++ { LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG, "The RRSIG has to few rdata fields" },
++ { LDNS_STATUS_MISSING_RDATA_FIELDS_KEY, "The DNSKEY has to few rdata fields" },
++ { LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN,
++ "DNSSEC signature will expire too soon" },
++ { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN,
++ "DNSSEC signature not incepted long enough" },
++ { LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE,
++ "Unknown TLSA Certificate Usage" },
++ { LDNS_STATUS_DANE_UNKNOWN_SELECTOR, "Unknown TLSA Selector" },
++ { LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE,
++ "Unknown TLSA Matching Type" },
++ { LDNS_STATUS_DANE_UNKNOWN_PROTOCOL,
++ "Unknown protocol. Only IPv4 and IPv6 are understood" },
++ { LDNS_STATUS_DANE_UNKNOWN_TRANSPORT,
++ "Unknown transport. Should be one of {tcp, udp, sctp}" },
++ { LDNS_STATUS_DANE_MISSING_EXTRA_CERTS, /* Trust anchor assertion */
++ "More than one certificate should be provided" },
++ { LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED, /* Trust anchor assertion */
++ "Non of the extra certificates is used to sign the first" },
++ { LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE, /* Trust anchor assertion */
++ "The offset was out of range" },
++ { LDNS_STATUS_DANE_INSECURE, /* Unused by library */
++ "The queried resource records were insecure" },
++ { LDNS_STATUS_DANE_BOGUS, /* Unused by library */
++ "The queried resource records were bogus" },
++ { LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
++ "The TLSA record(s) "
++ "did not match with the server certificate (chain)" },
++ { LDNS_STATUS_DANE_NON_CA_CERTIFICATE,
++ "The certificate was not a CA certificate" },
++ { LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE,
++ "Could not PKIX validate" },
++ { LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR,
++ "The validation path "
++ "did not end in a self-signed certificate" },
++ { LDNS_STATUS_INVALID_ILNP64,
++ "Conversion error, 4 colon separated hex numbers expected" },
++ { LDNS_STATUS_INVALID_EUI48,
++ "Conversion error, 6 two character hex numbers "
++ "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx" },
++ { LDNS_STATUS_INVALID_EUI64,
++ "Conversion error, 8 two character hex numbers "
++ "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx-xx-xx" },
++ { LDNS_STATUS_WIRE_RDATA_ERR, "invalid rdata in wire format" },
++ { LDNS_STATUS_INVALID_TAG,
++ "Conversion error, a non-zero sequence of US-ASCII letters "
++ "and numbers in lower case expected" },
++ { LDNS_STATUS_TYPE_NOT_IN_BITMAP,
++ "The RR type bitmap rdata field did not have "
++ "a bit reserved for the specific RR type" },
++ { LDNS_STATUS_INVALID_RDF_TYPE,
++ "The rdata field was not of the expected type" },
++ { LDNS_STATUS_RDATA_OVERFLOW, "Rdata size overflow" },
++ { 0, NULL }
++};
++
++const char *
++ldns_get_errorstr_by_id(ldns_status err)
++{
++ ldns_lookup_table *lt;
++
++ lt = ldns_lookup_by_id(ldns_error_str, err);
++
++ if (lt) {
++ return lt->name;
++ }
++ return NULL;
++}
+diff --git a/ldns/src/higher.c b/ldns/src/higher.c
+new file mode 100644
+index 0000000..8ce86a4
+--- /dev/null
++++ b/ldns/src/higher.c
+@@ -0,0 +1,344 @@
++/*
++ * higher.c
++ *
++ * Specify some higher level functions that would
++ * be usefull to would be developers
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#ifdef HAVE_SSL
++#include <openssl/ssl.h>
++#include <openssl/sha.h>
++#endif /* HAVE_SSL */
++
++ldns_rr_list *
++ldns_get_rr_list_addr_by_name(ldns_resolver *res, ldns_rdf *name, ldns_rr_class c,
++ uint16_t flags)
++{
++ ldns_pkt *pkt;
++ ldns_rr_list *aaaa;
++ ldns_rr_list *a;
++ ldns_rr_list *result = NULL;
++ ldns_rr_list *hostsfilenames;
++ size_t i;
++ uint8_t ip6;
++
++ a = NULL;
++ aaaa = NULL;
++ result = NULL;
++
++ if (!res) {
++ return NULL;
++ }
++ if (ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) {
++ return NULL;
++ }
++
++ ip6 = ldns_resolver_ip6(res); /* we use INET_ANY here, save
++ what was there */
++
++ ldns_resolver_set_ip6(res, LDNS_RESOLV_INETANY);
++
++ hostsfilenames = ldns_get_rr_list_hosts_frm_file(NULL);
++ for (i = 0; i < ldns_rr_list_rr_count(hostsfilenames); i++) {
++ if (ldns_rdf_compare(name,
++ ldns_rr_owner(ldns_rr_list_rr(hostsfilenames,
++ i))) == 0) {
++ if (!result) {
++ result = ldns_rr_list_new();
++ }
++ ldns_rr_list_push_rr(result,
++ ldns_rr_clone(ldns_rr_list_rr(hostsfilenames, i)));
++ }
++ }
++ ldns_rr_list_deep_free(hostsfilenames);
++
++ if (result) {
++ return result;
++ }
++
++ /* add the RD flags, because we want an answer */
++ pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_AAAA, c, flags | LDNS_RD);
++ if (pkt) {
++ /* extract the data we need */
++ aaaa = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_AAAA,
++ LDNS_SECTION_ANSWER);
++ ldns_pkt_free(pkt);
++ }
++
++ pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_A, c, flags | LDNS_RD);
++ if (pkt) {
++ /* extract the data we need */
++ a = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_A, LDNS_SECTION_ANSWER);
++ ldns_pkt_free(pkt);
++ }
++ ldns_resolver_set_ip6(res, ip6);
++
++ if (aaaa && a) {
++ result = ldns_rr_list_cat_clone(aaaa, a);
++ ldns_rr_list_deep_free(aaaa);
++ ldns_rr_list_deep_free(a);
++ return result;
++ }
++
++ if (aaaa) {
++ result = ldns_rr_list_clone(aaaa);
++ }
++
++ if (a) {
++ result = ldns_rr_list_clone(a);
++ }
++
++ ldns_rr_list_deep_free(aaaa);
++ ldns_rr_list_deep_free(a);
++ return result;
++}
++
++ldns_rr_list *
++ldns_get_rr_list_name_by_addr(ldns_resolver *res, ldns_rdf *addr, ldns_rr_class c,
++ uint16_t flags)
++{
++ ldns_pkt *pkt;
++ ldns_rr_list *names;
++ ldns_rdf *name;
++
++ names = NULL;
++
++ if (!res || !addr) {
++ return NULL;
++ }
++
++ if (ldns_rdf_get_type(addr) != LDNS_RDF_TYPE_A &&
++ ldns_rdf_get_type(addr) != LDNS_RDF_TYPE_AAAA) {
++ return NULL;
++ }
++
++ name = ldns_rdf_address_reverse(addr);
++
++ /* add the RD flags, because we want an answer */
++ pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_PTR, c, flags | LDNS_RD);
++ ldns_rdf_deep_free(name);
++ if (pkt) {
++ /* extract the data we need */
++ names = ldns_pkt_rr_list_by_type(pkt,
++ LDNS_RR_TYPE_PTR, LDNS_SECTION_ANSWER);
++ ldns_pkt_free(pkt);
++ }
++ return names;
++}
++
++/* read a line, put it in a buffer, parse the buffer */
++ldns_rr_list *
++ldns_get_rr_list_hosts_frm_fp(FILE *fp)
++{
++ return ldns_get_rr_list_hosts_frm_fp_l(fp, NULL);
++}
++
++ldns_rr_list *
++ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr)
++{
++ ssize_t i, j;
++ size_t cnt;
++ char *line;
++ char *word;
++ char *addr;
++ char *rr_str;
++ ldns_buffer *linebuf;
++ ldns_rr *rr;
++ ldns_rr_list *list;
++ ldns_rdf *tmp;
++ bool ip6;
++ ldns_status parse_result;
++
++ line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
++ word = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
++ addr = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
++ rr_str = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
++ ip6 = false;
++ list = ldns_rr_list_new();
++ rr = NULL;
++ if(!line || !word || !addr || !rr_str || !list) {
++ LDNS_FREE(line);
++ LDNS_FREE(word);
++ LDNS_FREE(addr);
++ LDNS_FREE(rr_str);
++ ldns_rr_list_free(list);
++ return NULL;
++ }
++
++ for(i = ldns_fget_token_l(fp, line, "\n", LDNS_MAX_LINELEN, line_nr);
++ i > 0; i = ldns_fget_token_l(fp, line, "\n", LDNS_MAX_LINELEN, line_nr)) {
++ /* # is comment */
++ if (line[0] == '#') {
++ continue;
++ }
++ /* put it in a buffer for further processing */
++ linebuf = LDNS_MALLOC(ldns_buffer);
++ if(!linebuf) {
++ LDNS_FREE(line);
++ LDNS_FREE(word);
++ LDNS_FREE(addr);
++ LDNS_FREE(rr_str);
++ ldns_rr_list_deep_free(list);
++ return NULL;
++ }
++
++ ldns_buffer_new_frm_data(linebuf, line, (size_t) i);
++ for(cnt = 0, j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, LDNS_MAX_LINELEN);
++ j > 0;
++ j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, LDNS_MAX_LINELEN), cnt++) {
++ if (cnt == 0) {
++ /* the address */
++ if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA,
++ word))) {
++ /* ip6 */
++ ldns_rdf_deep_free(tmp);
++ ip6 = true;
++ } else {
++ if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A,
++ word))) {
++ /* ip4 */
++ ldns_rdf_deep_free(tmp);
++ ip6 = false;
++ } else {
++ /* kaput */
++ break;
++ }
++ }
++ (void)strlcpy(addr, word, LDNS_MAX_LINELEN+1);
++ } else {
++ /* la al la la */
++ if (ip6) {
++ snprintf(rr_str, LDNS_MAX_LINELEN,
++ "%s IN AAAA %s", word, addr);
++ } else {
++ snprintf(rr_str, LDNS_MAX_LINELEN,
++ "%s IN A %s", word, addr);
++ }
++ parse_result = ldns_rr_new_frm_str(&rr, rr_str, 0, NULL, NULL);
++ if (parse_result == LDNS_STATUS_OK && ldns_rr_owner(rr) && ldns_rr_rd_count(rr) > 0) {
++ ldns_rr_list_push_rr(list, ldns_rr_clone(rr));
++ }
++ ldns_rr_free(rr);
++ }
++ }
++ ldns_buffer_free(linebuf);
++ }
++ LDNS_FREE(line);
++ LDNS_FREE(word);
++ LDNS_FREE(addr);
++ LDNS_FREE(rr_str);
++ return list;
++}
++
++ldns_rr_list *
++ldns_get_rr_list_hosts_frm_file(char *filename)
++{
++ ldns_rr_list *names;
++ FILE *fp;
++
++ if (!filename) {
++ fp = fopen(LDNS_RESOLV_HOSTS, "r");
++
++ } else {
++ fp = fopen(filename, "r");
++ }
++ if (!fp) {
++ return NULL;
++ }
++
++ names = ldns_get_rr_list_hosts_frm_fp(fp);
++ fclose(fp);
++ return names;
++}
++
++uint16_t
++ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c,
++ ldns_rr_list **ret)
++{
++ ldns_rdf_type t;
++ uint16_t names_found;
++ ldns_resolver *r;
++ ldns_status s;
++
++ t = ldns_rdf_get_type(node);
++ names_found = 0;
++ r = res;
++
++ if (res == NULL) {
++ /* prepare a new resolver, using /etc/resolv.conf as a guide */
++ s = ldns_resolver_new_frm_file(&r, NULL);
++ if (s != LDNS_STATUS_OK) {
++ return 0;
++ }
++ }
++
++ if (t == LDNS_RDF_TYPE_DNAME) {
++ /* we're asked to query for a name */
++ *ret = ldns_get_rr_list_addr_by_name(r, node, c, 0);
++ names_found = ldns_rr_list_rr_count(*ret);
++ }
++
++ if (t == LDNS_RDF_TYPE_A || t == LDNS_RDF_TYPE_AAAA) {
++ /* an address */
++ *ret = ldns_get_rr_list_name_by_addr(r, node, c, 0);
++ names_found = ldns_rr_list_rr_count(*ret);
++ }
++
++ if (res == NULL) {
++ ldns_resolver_deep_free(r);
++ }
++
++ return names_found;
++}
++
++bool
++ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t)
++{
++ switch (ldns_rr_get_type(nsec)) {
++ case LDNS_RR_TYPE_NSEC : if (ldns_rr_rd_count(nsec) < 2) {
++ return false;
++ }
++ return ldns_nsec_bitmap_covers_type(
++ ldns_rr_rdf(nsec, 1), t);
++
++ case LDNS_RR_TYPE_NSEC3 : if (ldns_rr_rd_count(nsec) < 6) {
++ return false;
++ }
++ return ldns_nsec_bitmap_covers_type(
++ ldns_rr_rdf(nsec, 5), t);
++
++ default : return false;
++ }
++}
++
++void
++ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...)
++{
++ int16_t rdf;
++ ldns_rdf *rd;
++ va_list va_rdf;
++ va_start(va_rdf, rdfnum);
++
++ for (rdf = (int16_t)rdfnum; rdf != -1; rdf = (int16_t)va_arg(va_rdf, int))
++ {
++ rd = ldns_rr_rdf(r, rdf);
++ if (!rd) {
++ continue;
++ } else {
++ ldns_rdf_print(fp, rd);
++ fprintf(fp, " "); /* not sure if we want to do this */
++ }
++ }
++ va_end(va_rdf);
++}
++
+diff --git a/ldns/src/host2str.c b/ldns/src/host2str.c
+new file mode 100644
+index 0000000..3445254
+--- /dev/null
++++ b/ldns/src/host2str.c
+@@ -0,0 +1,2635 @@
++/*
++ * host2str.c
++ *
++ * conversion routines from the host format
++ * to the presentation format (strings)
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#include <limits.h>
++
++#ifdef HAVE_SYS_SOCKET_H
++#include <sys/socket.h>
++#endif
++#ifdef HAVE_ARPA_INET_H
++#include <arpa/inet.h>
++#endif
++#ifdef HAVE_NETDB_H
++#include <netdb.h>
++#endif
++#include <time.h>
++#include <sys/time.h>
++
++#ifndef INET_ADDRSTRLEN
++#define INET_ADDRSTRLEN 16
++#endif
++#ifndef INET6_ADDRSTRLEN
++#define INET6_ADDRSTRLEN 46
++#endif
++
++/* lookup tables for standard DNS stuff */
++
++/* Taken from RFC 2535, section 7. */
++ldns_lookup_table ldns_algorithms[] = {
++ { LDNS_RSAMD5, "RSAMD5" },
++ { LDNS_DH, "DH" },
++ { LDNS_DSA, "DSA" },
++ { LDNS_ECC, "ECC" },
++ { LDNS_RSASHA1, "RSASHA1" },
++ { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" },
++ { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
++#ifdef USE_SHA2
++ { LDNS_RSASHA256, "RSASHA256"},
++ { LDNS_RSASHA512, "RSASHA512"},
++#endif
++#ifdef USE_GOST
++ { LDNS_ECC_GOST, "ECC-GOST"},
++#endif
++#ifdef USE_ECDSA
++ { LDNS_ECDSAP256SHA256, "ECDSAP256SHA256"},
++ { LDNS_ECDSAP384SHA384, "ECDSAP384SHA384"},
++#endif
++ { LDNS_INDIRECT, "INDIRECT" },
++ { LDNS_PRIVATEDNS, "PRIVATEDNS" },
++ { LDNS_PRIVATEOID, "PRIVATEOID" },
++ { 0, NULL }
++};
++
++/* Taken from RFC 4398 */
++ldns_lookup_table ldns_cert_algorithms[] = {
++ { LDNS_CERT_PKIX, "PKIX" },
++ { LDNS_CERT_SPKI, "SPKI" },
++ { LDNS_CERT_PGP, "PGP" },
++ { LDNS_CERT_IPKIX, "IPKIX" },
++ { LDNS_CERT_ISPKI, "ISPKI" },
++ { LDNS_CERT_IPGP, "IPGP" },
++ { LDNS_CERT_ACPKIX, "ACPKIX" },
++ { LDNS_CERT_IACPKIX, "IACPKIX" },
++ { LDNS_CERT_URI, "URI" },
++ { LDNS_CERT_OID, "OID" },
++ { 0, NULL }
++};
++
++/* classes */
++ldns_lookup_table ldns_rr_classes[] = {
++ { LDNS_RR_CLASS_IN, "IN" },
++ { LDNS_RR_CLASS_CH, "CH" },
++ { LDNS_RR_CLASS_HS, "HS" },
++ { LDNS_RR_CLASS_NONE, "NONE" },
++ { LDNS_RR_CLASS_ANY, "ANY" },
++ { 0, NULL }
++};
++
++/* if these are used elsewhere */
++ldns_lookup_table ldns_rcodes[] = {
++ { LDNS_RCODE_NOERROR, "NOERROR" },
++ { LDNS_RCODE_FORMERR, "FORMERR" },
++ { LDNS_RCODE_SERVFAIL, "SERVFAIL" },
++ { LDNS_RCODE_NXDOMAIN, "NXDOMAIN" },
++ { LDNS_RCODE_NOTIMPL, "NOTIMPL" },
++ { LDNS_RCODE_REFUSED, "REFUSED" },
++ { LDNS_RCODE_YXDOMAIN, "YXDOMAIN" },
++ { LDNS_RCODE_YXRRSET, "YXRRSET" },
++ { LDNS_RCODE_NXRRSET, "NXRRSET" },
++ { LDNS_RCODE_NOTAUTH, "NOTAUTH" },
++ { LDNS_RCODE_NOTZONE, "NOTZONE" },
++ { 0, NULL }
++};
++
++ldns_lookup_table ldns_opcodes[] = {
++ { LDNS_PACKET_QUERY, "QUERY" },
++ { LDNS_PACKET_IQUERY, "IQUERY" },
++ { LDNS_PACKET_STATUS, "STATUS" },
++ { LDNS_PACKET_NOTIFY, "NOTIFY" },
++ { LDNS_PACKET_UPDATE, "UPDATE" },
++ { 0, NULL }
++};
++
++const ldns_output_format ldns_output_format_nocomments_record = { 0, NULL };
++const ldns_output_format *ldns_output_format_nocomments
++ = &ldns_output_format_nocomments_record;
++const ldns_output_format ldns_output_format_onlykeyids_record = {
++ LDNS_COMMENT_KEY, NULL
++};
++const ldns_output_format *ldns_output_format_onlykeyids
++ = &ldns_output_format_onlykeyids_record;
++const ldns_output_format *ldns_output_format_default
++ = &ldns_output_format_onlykeyids_record;
++
++const ldns_output_format ldns_output_format_bubblebabble_record = {
++ LDNS_COMMENT_KEY | LDNS_COMMENT_BUBBLEBABBLE | LDNS_COMMENT_FLAGS, NULL
++};
++const ldns_output_format *ldns_output_format_bubblebabble
++ = &ldns_output_format_bubblebabble_record;
++
++static bool
++ldns_output_format_covers_type(const ldns_output_format* fmt, ldns_rr_type t)
++{
++ return fmt && (fmt->flags & LDNS_FMT_RFC3597) &&
++ ((ldns_output_format_storage*)fmt)->bitmap &&
++ ldns_nsec_bitmap_covers_type(
++ ((ldns_output_format_storage*)fmt)->bitmap, t);
++}
++
++ldns_status
++ldns_output_format_set_type(ldns_output_format* fmt, ldns_rr_type t)
++{
++ ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt;
++ ldns_status s;
++
++ assert(fmt != NULL);
++
++ if (!(fmt_st->flags & LDNS_FMT_RFC3597)) {
++ ldns_output_format_set(fmt, LDNS_FMT_RFC3597);
++ }
++ if (! fmt_st->bitmap) {
++ s = ldns_rdf_bitmap_known_rr_types_space(&fmt_st->bitmap);
++ if (s != LDNS_STATUS_OK) {
++ return s;
++ }
++ }
++ return ldns_nsec_bitmap_set_type(fmt_st->bitmap, t);
++}
++
++ldns_status
++ldns_output_format_clear_type(ldns_output_format* fmt, ldns_rr_type t)
++{
++ ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt;
++ ldns_status s;
++
++ assert(fmt != NULL);
++
++ if (!(fmt_st->flags & LDNS_FMT_RFC3597)) {
++ ldns_output_format_set(fmt, LDNS_FMT_RFC3597);
++ }
++ if (! fmt_st->bitmap) {
++ s = ldns_rdf_bitmap_known_rr_types(&fmt_st->bitmap);
++ if (s != LDNS_STATUS_OK) {
++ return s;
++ }
++ }
++ return ldns_nsec_bitmap_clear_type(fmt_st->bitmap, t);
++}
++
++ldns_status
++ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode)
++{
++ ldns_lookup_table *lt = ldns_lookup_by_id(ldns_opcodes, opcode);
++ if (lt && lt->name) {
++ ldns_buffer_printf(output, "%s", lt->name);
++ } else {
++ ldns_buffer_printf(output, "OPCODE%u", opcode);
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode)
++{
++ ldns_lookup_table *lt = ldns_lookup_by_id(ldns_rcodes, rcode);
++ if (lt && lt->name) {
++ ldns_buffer_printf(output, "%s", lt->name);
++ } else {
++ ldns_buffer_printf(output, "RCODE%u", rcode);
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_algorithm2buffer_str(ldns_buffer *output,
++ ldns_algorithm algorithm)
++{
++ ldns_lookup_table *lt = ldns_lookup_by_id(ldns_algorithms,
++ algorithm);
++ if (lt && lt->name) {
++ ldns_buffer_printf(output, "%s", lt->name);
++ } else {
++ ldns_buffer_printf(output, "ALG%u", algorithm);
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_cert_algorithm2buffer_str(ldns_buffer *output,
++ ldns_cert_algorithm cert_algorithm)
++{
++ ldns_lookup_table *lt = ldns_lookup_by_id(ldns_cert_algorithms,
++ cert_algorithm);
++ if (lt && lt->name) {
++ ldns_buffer_printf(output, "%s", lt->name);
++ } else {
++ ldns_buffer_printf(output, "CERT_ALG%u",
++ cert_algorithm);
++ }
++ return ldns_buffer_status(output);
++}
++
++char *
++ldns_pkt_opcode2str(ldns_pkt_opcode opcode)
++{
++ char *str;
++ ldns_buffer *buf;
++
++ buf = ldns_buffer_new(12);
++ if (!buf) {
++ return NULL;
++ }
++
++ str = NULL;
++ if (ldns_pkt_opcode2buffer_str(buf, opcode) == LDNS_STATUS_OK) {
++ str = ldns_buffer_export2str(buf);
++ }
++
++ ldns_buffer_free(buf);
++ return str;
++}
++
++char *
++ldns_pkt_rcode2str(ldns_pkt_rcode rcode)
++{
++ char *str;
++ ldns_buffer *buf;
++
++ buf = ldns_buffer_new(10);
++ if (!buf) {
++ return NULL;
++ }
++
++ str = NULL;
++ if (ldns_pkt_rcode2buffer_str(buf, rcode) == LDNS_STATUS_OK) {
++ str = ldns_buffer_export2str(buf);
++ }
++
++ ldns_buffer_free(buf);
++ return str;
++}
++
++char *
++ldns_pkt_algorithm2str(ldns_algorithm algorithm)
++{
++ char *str;
++ ldns_buffer *buf;
++
++ buf = ldns_buffer_new(10);
++ if (!buf) {
++ return NULL;
++ }
++
++ str = NULL;
++ if (ldns_algorithm2buffer_str(buf, algorithm)
++ == LDNS_STATUS_OK) {
++ str = ldns_buffer_export2str(buf);
++ }
++
++ ldns_buffer_free(buf);
++ return str;
++}
++
++char *
++ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm)
++{
++ char *str;
++ ldns_buffer *buf;
++
++ buf = ldns_buffer_new(10);
++ if (!buf) {
++ return NULL;
++ }
++
++ str = NULL;
++ if (ldns_cert_algorithm2buffer_str(buf, cert_algorithm)
++ == LDNS_STATUS_OK) {
++ str = ldns_buffer_export2str(buf);
++ }
++
++ ldns_buffer_free(buf);
++ return str;
++}
++
++
++/* do NOT pass compressed data here :p */
++ldns_status
++ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname)
++{
++ /* can we do with 1 pos var? or without at all? */
++ uint8_t src_pos = 0;
++ uint8_t len;
++ uint8_t *data;
++ uint8_t i;
++ unsigned char c;
++
++ data = (uint8_t*)ldns_rdf_data(dname);
++ len = data[src_pos];
++
++ if (ldns_rdf_size(dname) > LDNS_MAX_DOMAINLEN) {
++ /* too large, return */
++ return LDNS_STATUS_DOMAINNAME_OVERFLOW;
++ }
++
++ /* special case: root label */
++ if (1 == ldns_rdf_size(dname)) {
++ ldns_buffer_printf(output, ".");
++ } else {
++ while ((len > 0) && src_pos < ldns_rdf_size(dname)) {
++ src_pos++;
++ for(i = 0; i < len; i++) {
++ /* paranoia check for various 'strange'
++ characters in dnames
++ */
++ c = (unsigned char) data[src_pos];
++ if(c == '.' || c == ';' ||
++ c == '(' || c == ')' ||
++ c == '\\') {
++ ldns_buffer_printf(output, "\\%c",
++ data[src_pos]);
++ } else if (!(isascii(c) && isgraph(c))) {
++ ldns_buffer_printf(output, "\\%03u",
++ data[src_pos]);
++ } else {
++ ldns_buffer_printf(output, "%c", data[src_pos]);
++ }
++ src_pos++;
++ }
++
++ if (src_pos < ldns_rdf_size(dname)) {
++ ldns_buffer_printf(output, ".");
++ }
++ len = data[src_pos];
++ }
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_int8(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ uint8_t data = ldns_rdf_data(rdf)[0];
++ ldns_buffer_printf(output, "%lu", (unsigned long) data);
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf));
++ ldns_buffer_printf(output, "%lu", (unsigned long) data);
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ uint32_t data = ldns_read_uint32(ldns_rdf_data(rdf));
++ ldns_buffer_printf(output, "%lu", (unsigned long) data);
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ /* create a YYYYMMDDHHMMSS string if possible */
++ struct tm tm;
++ char date_buf[16];
++
++ memset(&tm, 0, sizeof(tm));
++ if (ldns_serial_arithmitics_gmtime_r(ldns_rdf2native_int32(rdf), time(NULL), &tm)
++ && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) {
++ ldns_buffer_printf(output, "%s", date_buf);
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ char str[INET_ADDRSTRLEN];
++
++ if (inet_ntop(AF_INET, ldns_rdf_data(rdf), str, INET_ADDRSTRLEN)) {
++ ldns_buffer_printf(output, "%s", str);
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ char str[INET6_ADDRSTRLEN];
++
++ if (inet_ntop(AF_INET6, ldns_rdf_data(rdf), str, INET6_ADDRSTRLEN)) {
++ ldns_buffer_printf(output, "%s", str);
++ }
++
++ return ldns_buffer_status(output);
++}
++
++static void
++ldns_characters2buffer_str(ldns_buffer* output,
++ size_t amount, const uint8_t* characters)
++{
++ uint8_t ch;
++ while (amount > 0) {
++ ch = *characters++;
++ if (isprint((int)ch) || ch == '\t') {
++ if (ch == '\"' || ch == '\\')
++ ldns_buffer_printf(output, "\\%c", ch);
++ else
++ ldns_buffer_printf(output, "%c", ch);
++ } else {
++ ldns_buffer_printf(output, "\\%03u",
++ (unsigned)(uint8_t) ch);
++ }
++ amount--;
++ }
++}
++
++ldns_status
++ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ if(ldns_rdf_size(rdf) < 1) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ if((int)ldns_rdf_size(rdf) < (int)ldns_rdf_data(rdf)[0] + 1) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ ldns_buffer_printf(output, "\"");
++ ldns_characters2buffer_str(output,
++ ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf) + 1);
++ ldns_buffer_printf(output, "\"");
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ size_t size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf));
++ char *b64 = LDNS_XMALLOC(char, size);
++ if(!b64) return LDNS_STATUS_MEM_ERR;
++ if (ldns_b64_ntop(ldns_rdf_data(rdf), ldns_rdf_size(rdf), b64, size)) {
++ ldns_buffer_printf(output, "%s", b64);
++ }
++ LDNS_FREE(b64);
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_b32_ext(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ size_t size;
++ char *b32;
++ if(ldns_rdf_size(rdf) == 0)
++ return LDNS_STATUS_OK;
++ /* remove -1 for the b32-hash-len octet */
++ size = ldns_b32_ntop_calculate_size(ldns_rdf_size(rdf) - 1);
++ /* add one for the end nul for the string */
++ b32 = LDNS_XMALLOC(char, size + 1);
++ if(!b32) return LDNS_STATUS_MEM_ERR;
++ size = (size_t) ldns_b32_ntop_extended_hex(ldns_rdf_data(rdf) + 1,
++ ldns_rdf_size(rdf) - 1, b32, size+1);
++ if (size > 0) {
++ ldns_buffer_printf(output, "%s", b32);
++ }
++ LDNS_FREE(b32);
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ size_t i;
++ for (i = 0; i < ldns_rdf_size(rdf); i++) {
++ ldns_buffer_printf(output, "%02x", ldns_rdf_data(rdf)[i]);
++ }
++
++ return ldns_buffer_status(output);
++}
++
++static ldns_status
++ldns_rdf2buffer_str_type_fmt(ldns_buffer *output,
++ const ldns_output_format* fmt, const ldns_rdf *rdf)
++{
++ uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf));
++
++ if (! ldns_output_format_covers_type(fmt, data) &&
++ ldns_rr_descript(data) &&
++ ldns_rr_descript(data)->_name) {
++
++ ldns_buffer_printf(output, "%s",ldns_rr_descript(data)->_name);
++ } else {
++ ldns_buffer_printf(output, "TYPE%u", data);
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ return ldns_rdf2buffer_str_type_fmt(output,
++ ldns_output_format_default, rdf);
++}
++
++ldns_status
++ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf));
++ ldns_lookup_table *lt;
++
++ lt = ldns_lookup_by_id(ldns_rr_classes, (int) data);
++ if (lt) {
++ ldns_buffer_printf(output, "\t%s", lt->name);
++ } else {
++ ldns_buffer_printf(output, "\tCLASS%d", data);
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf));
++ ldns_lookup_table *lt;
++ lt = ldns_lookup_by_id(ldns_cert_algorithms, (int) data);
++ if (lt) {
++ ldns_buffer_printf(output, "%s", lt->name);
++ } else {
++ ldns_buffer_printf(output, "%d", data);
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ return ldns_rdf2buffer_str_int8(output, rdf);
++}
++
++static void
++loc_cm_print(ldns_buffer *output, uint8_t mantissa, uint8_t exponent)
++{
++ uint8_t i;
++ /* is it 0.<two digits> ? */
++ if(exponent < 2) {
++ if(exponent == 1)
++ mantissa *= 10;
++ ldns_buffer_printf(output, "0.%02ld", (long)mantissa);
++ return;
++ }
++ /* always <digit><string of zeros> */
++ ldns_buffer_printf(output, "%d", (int)mantissa);
++ for(i=0; i<exponent-2; i++)
++ ldns_buffer_printf(output, "0");
++}
++
++ldns_status
++ldns_rr_type2buffer_str(ldns_buffer *output, const ldns_rr_type type)
++{
++ const ldns_rr_descriptor *descriptor;
++
++ descriptor = ldns_rr_descript(type);
++
++ switch (type) {
++ case LDNS_RR_TYPE_IXFR:
++ ldns_buffer_printf(output, "IXFR");
++ break;
++ case LDNS_RR_TYPE_AXFR:
++ ldns_buffer_printf(output, "AXFR");
++ break;
++ case LDNS_RR_TYPE_MAILA:
++ ldns_buffer_printf(output, "MAILA");
++ break;
++ case LDNS_RR_TYPE_MAILB:
++ ldns_buffer_printf(output, "MAILB");
++ break;
++ case LDNS_RR_TYPE_ANY:
++ ldns_buffer_printf(output, "ANY");
++ break;
++ default:
++ if (descriptor && descriptor->_name) {
++ ldns_buffer_printf(output, "%s", descriptor->_name);
++ } else {
++ ldns_buffer_printf(output, "TYPE%u", type);
++ }
++ }
++ return ldns_buffer_status(output);
++}
++
++char *
++ldns_rr_type2str(const ldns_rr_type type)
++{
++ char *str;
++ ldns_buffer *buf;
++
++ buf = ldns_buffer_new(10);
++ if (!buf) {
++ return NULL;
++ }
++
++ str = NULL;
++ if (ldns_rr_type2buffer_str(buf, type) == LDNS_STATUS_OK) {
++ str = ldns_buffer_export2str(buf);
++ }
++
++ ldns_buffer_free(buf);
++ return str;
++}
++
++
++ldns_status
++ldns_rr_class2buffer_str(ldns_buffer *output,
++ const ldns_rr_class klass)
++{
++ ldns_lookup_table *lt;
++
++ lt = ldns_lookup_by_id(ldns_rr_classes, klass);
++ if (lt) {
++ ldns_buffer_printf(output, "%s", lt->name);
++ } else {
++ ldns_buffer_printf(output, "CLASS%d", klass);
++ }
++ return ldns_buffer_status(output);
++}
++
++char *
++ldns_rr_class2str(const ldns_rr_class klass)
++{
++ ldns_buffer *buf;
++ char *str;
++
++ buf = ldns_buffer_new(10);
++ if (!buf) {
++ return NULL;
++ }
++
++ str = NULL;
++ if (ldns_rr_class2buffer_str(buf, klass) == LDNS_STATUS_OK) {
++ str = ldns_buffer_export2str(buf);
++ }
++ ldns_buffer_free(buf);
++ return str;
++}
++
++ldns_status
++ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ /* we could do checking (ie degrees < 90 etc)? */
++ uint8_t version;
++ uint8_t size;
++ uint8_t horizontal_precision;
++ uint8_t vertical_precision;
++ uint32_t longitude;
++ uint32_t latitude;
++ uint32_t altitude;
++ char northerness;
++ char easterness;
++ uint32_t h;
++ uint32_t m;
++ double s;
++
++ uint32_t equator = (uint32_t) ldns_power(2, 31);
++
++ if(ldns_rdf_size(rdf) < 1) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ version = ldns_rdf_data(rdf)[0];
++ if (version == 0) {
++ if(ldns_rdf_size(rdf) < 16) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ size = ldns_rdf_data(rdf)[1];
++ horizontal_precision = ldns_rdf_data(rdf)[2];
++ vertical_precision = ldns_rdf_data(rdf)[3];
++
++ latitude = ldns_read_uint32(&ldns_rdf_data(rdf)[4]);
++ longitude = ldns_read_uint32(&ldns_rdf_data(rdf)[8]);
++ altitude = ldns_read_uint32(&ldns_rdf_data(rdf)[12]);
++
++ if (latitude > equator) {
++ northerness = 'N';
++ latitude = latitude - equator;
++ } else {
++ northerness = 'S';
++ latitude = equator - latitude;
++ }
++ h = latitude / (1000 * 60 * 60);
++ latitude = latitude % (1000 * 60 * 60);
++ m = latitude / (1000 * 60);
++ latitude = latitude % (1000 * 60);
++ s = (double) latitude / 1000.0;
++ ldns_buffer_printf(output, "%02u %02u %0.3f %c ",
++ h, m, s, northerness);
++
++ if (longitude > equator) {
++ easterness = 'E';
++ longitude = longitude - equator;
++ } else {
++ easterness = 'W';
++ longitude = equator - longitude;
++ }
++ h = longitude / (1000 * 60 * 60);
++ longitude = longitude % (1000 * 60 * 60);
++ m = longitude / (1000 * 60);
++ longitude = longitude % (1000 * 60);
++ s = (double) longitude / (1000.0);
++ ldns_buffer_printf(output, "%02u %02u %0.3f %c ",
++ h, m, s, easterness);
++
++
++ s = ((double) altitude) / 100;
++ s -= 100000;
++
++ if(altitude%100 != 0)
++ ldns_buffer_printf(output, "%.2f", s);
++ else
++ ldns_buffer_printf(output, "%.0f", s);
++
++ ldns_buffer_printf(output, "m ");
++
++ loc_cm_print(output, (size & 0xf0) >> 4, size & 0x0f);
++ ldns_buffer_printf(output, "m ");
++
++ loc_cm_print(output, (horizontal_precision & 0xf0) >> 4,
++ horizontal_precision & 0x0f);
++ ldns_buffer_printf(output, "m ");
++
++ loc_cm_print(output, (vertical_precision & 0xf0) >> 4,
++ vertical_precision & 0x0f);
++ ldns_buffer_printf(output, "m");
++
++ return ldns_buffer_status(output);
++ } else {
++ return ldns_rdf2buffer_str_hex(output, rdf);
++ }
++}
++
++ldns_status
++ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ ldns_buffer_printf(output, "\\# %u ", ldns_rdf_size(rdf));
++ return ldns_rdf2buffer_str_hex(output, rdf);
++}
++
++ldns_status
++ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ ldns_buffer_printf(output, "0x");
++ return ldns_rdf2buffer_str_hex(output, rdf);
++}
++
++ldns_status
++ldns_rdf2buffer_str_atma(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ return ldns_rdf2buffer_str_hex(output, rdf);
++}
++
++ldns_status
++ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ /* protocol, followed by bitmap of services */
++ struct protoent *protocol;
++ char *proto_name = NULL;
++ uint8_t protocol_nr;
++ struct servent *service;
++ uint16_t current_service;
++
++ if(ldns_rdf_size(rdf) < 1) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ protocol_nr = ldns_rdf_data(rdf)[0];
++ protocol = getprotobynumber((int) protocol_nr);
++ if (protocol && (protocol->p_name != NULL)) {
++ proto_name = protocol->p_name;
++ ldns_buffer_printf(output, "%s ", protocol->p_name);
++ } else {
++ ldns_buffer_printf(output, "%u ", protocol_nr);
++ }
++
++#ifdef HAVE_ENDPROTOENT
++ endprotoent();
++#endif
++
++ for (current_service = 0;
++ current_service < (ldns_rdf_size(rdf)-1)*8; current_service++) {
++ if (ldns_get_bit(&(ldns_rdf_data(rdf)[1]), current_service)) {
++ service = getservbyport((int) htons(current_service),
++ proto_name);
++ if (service && service->s_name) {
++ ldns_buffer_printf(output, "%s ", service->s_name);
++ } else {
++ ldns_buffer_printf(output, "%u ", current_service);
++ }
++#ifdef HAVE_ENDSERVENT
++ endservent();
++#endif
++ }
++ }
++ return ldns_buffer_status(output);
++}
++
++static ldns_status
++ldns_rdf2buffer_str_nsec_fmt(ldns_buffer *output,
++ const ldns_output_format* fmt, const ldns_rdf *rdf)
++{
++ /* Note: this code is duplicated in higher.c in
++ * ldns_nsec_type_check() function
++ */
++ uint8_t window_block_nr;
++ uint8_t bitmap_length;
++ uint16_t type;
++ uint16_t pos = 0;
++ uint16_t bit_pos;
++ uint8_t *data = ldns_rdf_data(rdf);
++
++ while((size_t)(pos + 2) < ldns_rdf_size(rdf)) {
++ window_block_nr = data[pos];
++ bitmap_length = data[pos + 1];
++ pos += 2;
++ if (ldns_rdf_size(rdf) < pos + bitmap_length) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ for (bit_pos = 0; bit_pos < (bitmap_length) * 8; bit_pos++) {
++ if (! ldns_get_bit(&data[pos], bit_pos)) {
++ continue;
++ }
++ type = 256 * (uint16_t) window_block_nr + bit_pos;
++
++ if (! ldns_output_format_covers_type(fmt, type) &&
++ ldns_rr_descript(type) &&
++ ldns_rr_descript(type)->_name){
++
++ ldns_buffer_printf(output, "%s ",
++ ldns_rr_descript(type)->_name);
++ } else {
++ ldns_buffer_printf(output, "TYPE%u ", type);
++ }
++ }
++ pos += (uint16_t) bitmap_length;
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ return ldns_rdf2buffer_str_nsec_fmt(output,
++ ldns_output_format_default, rdf);
++}
++
++ldns_status
++ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ uint8_t salt_length;
++ uint8_t salt_pos;
++
++ uint8_t *data = ldns_rdf_data(rdf);
++
++ if(ldns_rdf_size(rdf) < 1) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ salt_length = data[0];
++ /* from now there are variable length entries so remember pos */
++ if (salt_length == 0 || ((size_t)salt_length)+1 > ldns_rdf_size(rdf)) {
++ ldns_buffer_printf(output, "- ");
++ } else {
++ for (salt_pos = 0; salt_pos < salt_length; salt_pos++) {
++ ldns_buffer_printf(output, "%02x", data[1 + salt_pos]);
++ }
++ ldns_buffer_printf(output, " ");
++ }
++
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ /* period is the number of seconds */
++ if (ldns_rdf_size(rdf) != 4) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ ldns_buffer_printf(output, "%u", ldns_read_uint32(ldns_rdf_data(rdf)));
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_tsigtime(ldns_buffer *output,const ldns_rdf *rdf)
++{
++ /* tsigtime is 48 bits network order unsigned integer */
++ uint64_t tsigtime = 0;
++ uint8_t *data = ldns_rdf_data(rdf);
++ uint64_t d0, d1, d2, d3, d4, d5;
++
++ if (ldns_rdf_size(rdf) < 6) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ d0 = data[0]; /* cast to uint64 for shift operations */
++ d1 = data[1];
++ d2 = data[2];
++ d3 = data[3];
++ d4 = data[4];
++ d5 = data[5];
++ tsigtime = (d0<<40) | (d1<<32) | (d2<<24) | (d3<<16) | (d4<<8) | d5;
++
++ ldns_buffer_printf(output, "%llu ", (long long)tsigtime);
++
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ uint8_t *data = ldns_rdf_data(rdf);
++ uint16_t address_family;
++ uint8_t prefix;
++ bool negation;
++ uint8_t adf_length;
++ size_t i;
++ size_t pos = 0;
++
++ while (pos < (unsigned int) ldns_rdf_size(rdf)) {
++ if(pos + 3 >= (unsigned)ldns_rdf_size(rdf))
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ address_family = ldns_read_uint16(&data[pos]);
++ prefix = data[pos + 2];
++ negation = data[pos + 3] & LDNS_APL_NEGATION;
++ adf_length = data[pos + 3] & LDNS_APL_MASK;
++ if (address_family == LDNS_APL_IP4) {
++ /* check if prefix < 32? */
++ if (negation) {
++ ldns_buffer_printf(output, "!");
++ }
++ ldns_buffer_printf(output, "%u:", address_family);
++ /* address is variable length 0 - 4 */
++ for (i = 0; i < 4; i++) {
++ if (i > 0) {
++ ldns_buffer_printf(output, ".");
++ }
++ if (i < (unsigned short) adf_length) {
++ if(pos+i+4 >= ldns_rdf_size(rdf))
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ ldns_buffer_printf(output, "%d",
++ data[pos + i + 4]);
++ } else {
++ ldns_buffer_printf(output, "0");
++ }
++ }
++ ldns_buffer_printf(output, "/%u ", prefix);
++ } else if (address_family == LDNS_APL_IP6) {
++ /* check if prefix < 128? */
++ if (negation) {
++ ldns_buffer_printf(output, "!");
++ }
++ ldns_buffer_printf(output, "%u:", address_family);
++ /* address is variable length 0 - 16 */
++ for (i = 0; i < 16; i++) {
++ if (i % 2 == 0 && i > 0) {
++ ldns_buffer_printf(output, ":");
++ }
++ if (i < (unsigned short) adf_length) {
++ if(pos+i+4 >= ldns_rdf_size(rdf))
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ ldns_buffer_printf(output, "%02x",
++ data[pos + i + 4]);
++ } else {
++ ldns_buffer_printf(output, "00");
++ }
++ }
++ ldns_buffer_printf(output, "/%u ", prefix);
++
++ } else {
++ /* unknown address family */
++ ldns_buffer_printf(output,
++ "Unknown address family: %u data: ",
++ address_family);
++ for (i = 1; i < (unsigned short) (4 + adf_length); i++) {
++ if(pos+i >= ldns_rdf_size(rdf))
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ ldns_buffer_printf(output, "%02x", data[i]);
++ }
++ }
++ pos += 4 + adf_length;
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ size_t size;
++ char *b64;
++ if (ldns_rdf_size(rdf) < 2) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ /* Subtract the size (2) of the number that specifies the length */
++ size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf) - 2);
++ ldns_buffer_printf(output, "%u ", ldns_rdf_size(rdf) - 2);
++ if (ldns_rdf_size(rdf) > 2) {
++ b64 = LDNS_XMALLOC(char, size);
++ if(!b64)
++ return LDNS_STATUS_MEM_ERR;
++
++ if (ldns_rdf_size(rdf) > 2 &&
++ ldns_b64_ntop(ldns_rdf_data(rdf) + 2,
++ ldns_rdf_size(rdf) - 2,
++ b64, size)) {
++ ldns_buffer_printf(output, "%s", b64);
++ }
++ LDNS_FREE(b64);
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ /* wire format from
++ http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt
++ */
++ uint8_t *data = ldns_rdf_data(rdf);
++ uint8_t precedence;
++ uint8_t gateway_type;
++ uint8_t algorithm;
++
++ ldns_rdf *gateway = NULL;
++ uint8_t *gateway_data;
++
++ size_t public_key_size;
++ uint8_t *public_key_data;
++ ldns_rdf *public_key;
++
++ size_t offset = 0;
++ ldns_status status;
++
++ if (ldns_rdf_size(rdf) < 3) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ precedence = data[0];
++ gateway_type = data[1];
++ algorithm = data[2];
++ offset = 3;
++
++ switch (gateway_type) {
++ case 0:
++ /* no gateway */
++ break;
++ case 1:
++ gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN);
++ if(!gateway_data)
++ return LDNS_STATUS_MEM_ERR;
++ if (ldns_rdf_size(rdf) < offset + LDNS_IP4ADDRLEN) {
++ return LDNS_STATUS_ERR;
++ }
++ memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN);
++ gateway = ldns_rdf_new(LDNS_RDF_TYPE_A,
++ LDNS_IP4ADDRLEN , gateway_data);
++ offset += LDNS_IP4ADDRLEN;
++ if(!gateway) {
++ LDNS_FREE(gateway_data);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ break;
++ case 2:
++ gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN);
++ if(!gateway_data)
++ return LDNS_STATUS_MEM_ERR;
++ if (ldns_rdf_size(rdf) < offset + LDNS_IP6ADDRLEN) {
++ return LDNS_STATUS_ERR;
++ }
++ memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN);
++ offset += LDNS_IP6ADDRLEN;
++ gateway =
++ ldns_rdf_new(LDNS_RDF_TYPE_AAAA,
++ LDNS_IP6ADDRLEN, gateway_data);
++ if(!gateway) {
++ LDNS_FREE(gateway_data);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ break;
++ case 3:
++ status = ldns_wire2dname(&gateway, data,
++ ldns_rdf_size(rdf), &offset);
++ if(status != LDNS_STATUS_OK)
++ return status;
++ break;
++ default:
++ /* error? */
++ break;
++ }
++
++ if (ldns_rdf_size(rdf) <= offset) {
++ return LDNS_STATUS_ERR;
++ }
++ public_key_size = ldns_rdf_size(rdf) - offset;
++ public_key_data = LDNS_XMALLOC(uint8_t, public_key_size);
++ if(!public_key_data) {
++ ldns_rdf_free(gateway);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ memcpy(public_key_data, &data[offset], public_key_size);
++ public_key = ldns_rdf_new(LDNS_RDF_TYPE_B64,
++ public_key_size, public_key_data);
++ if(!public_key) {
++ LDNS_FREE(public_key_data);
++ ldns_rdf_free(gateway);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ ldns_buffer_printf(output, "%u %u %u ", precedence, gateway_type, algorithm);
++ if (gateway)
++ (void) ldns_rdf2buffer_str(output, gateway);
++ else
++ ldns_buffer_printf(output, ".");
++ ldns_buffer_printf(output, " ");
++ (void) ldns_rdf2buffer_str(output, public_key);
++
++ ldns_rdf_free(gateway);
++ ldns_rdf_free(public_key);
++
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_ilnp64(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ if (ldns_rdf_size(rdf) != 8) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ ldns_buffer_printf(output,"%.4x:%.4x:%.4x:%.4x",
++ ldns_read_uint16(ldns_rdf_data(rdf)),
++ ldns_read_uint16(ldns_rdf_data(rdf)+2),
++ ldns_read_uint16(ldns_rdf_data(rdf)+4),
++ ldns_read_uint16(ldns_rdf_data(rdf)+6));
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_eui48(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ if (ldns_rdf_size(rdf) != 6) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ ldns_buffer_printf(output,"%.2x-%.2x-%.2x-%.2x-%.2x-%.2x",
++ ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf)[1],
++ ldns_rdf_data(rdf)[2], ldns_rdf_data(rdf)[3],
++ ldns_rdf_data(rdf)[4], ldns_rdf_data(rdf)[5]);
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_eui64(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ if (ldns_rdf_size(rdf) != 8) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ ldns_buffer_printf(output,"%.2x-%.2x-%.2x-%.2x-%.2x-%.2x-%.2x-%.2x",
++ ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf)[1],
++ ldns_rdf_data(rdf)[2], ldns_rdf_data(rdf)[3],
++ ldns_rdf_data(rdf)[4], ldns_rdf_data(rdf)[5],
++ ldns_rdf_data(rdf)[6], ldns_rdf_data(rdf)[7]);
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_tag(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ size_t nchars;
++ const uint8_t* chars;
++ char ch;
++ if (ldns_rdf_size(rdf) < 2) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ nchars = ldns_rdf_data(rdf)[0];
++ if (nchars >= ldns_rdf_size(rdf) || /* should be rdf_size - 1 */
++ nchars < 1) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ chars = ldns_rdf_data(rdf) + 1;
++ while (nchars > 0) {
++ ch = (char)*chars++;
++ if (! isalnum(ch)) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ ldns_buffer_printf(output, "%c", ch);
++ nchars--;
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_long_str(ldns_buffer *output, const ldns_rdf *rdf)
++{
++
++ ldns_buffer_printf(output, "\"");
++ ldns_characters2buffer_str(output,
++ ldns_rdf_size(rdf), ldns_rdf_data(rdf));
++ ldns_buffer_printf(output, "\"");
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rdf2buffer_str_hip(ldns_buffer *output, const ldns_rdf *rdf)
++{
++ uint8_t *data = ldns_rdf_data(rdf);
++ size_t rdf_size = ldns_rdf_size(rdf);
++ uint8_t hit_size;
++ uint16_t pk_size;
++ int written;
++
++ if (rdf_size < 6) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ if ((hit_size = data[0]) == 0 ||
++ (pk_size = ldns_read_uint16(data + 2)) == 0 ||
++ rdf_size < (size_t) hit_size + pk_size + 4) {
++
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++
++ ldns_buffer_printf(output, "%d ", (int) data[1]);
++
++ for (data += 4; hit_size > 0; hit_size--, data++) {
++
++ ldns_buffer_printf(output, "%02x", (int) *data);
++ }
++ ldns_buffer_write_u8(output, (uint8_t) ' ');
++
++ if (ldns_buffer_reserve(output,
++ ldns_b64_ntop_calculate_size(pk_size))) {
++
++ written = ldns_b64_ntop(data, pk_size,
++ (char *) ldns_buffer_current(output),
++ ldns_buffer_remaining(output));
++
++ if (written > 0 &&
++ written < (int) ldns_buffer_remaining(output)) {
++
++ output->_position += written;
++ }
++ }
++ return ldns_buffer_status(output);
++}
++
++static ldns_status
++ldns_rdf2buffer_str_fmt(ldns_buffer *buffer,
++ const ldns_output_format* fmt, const ldns_rdf *rdf)
++{
++ ldns_status res = LDNS_STATUS_OK;
++
++ /*ldns_buffer_printf(buffer, "%u:", ldns_rdf_get_type(rdf));*/
++ if (rdf) {
++ switch(ldns_rdf_get_type(rdf)) {
++ case LDNS_RDF_TYPE_NONE:
++ break;
++ case LDNS_RDF_TYPE_DNAME:
++ res = ldns_rdf2buffer_str_dname(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_INT8: /* Don't output mnemonics for these */
++ case LDNS_RDF_TYPE_ALG:
++ case LDNS_RDF_TYPE_CERTIFICATE_USAGE:
++ case LDNS_RDF_TYPE_SELECTOR:
++ case LDNS_RDF_TYPE_MATCHING_TYPE:
++ res = ldns_rdf2buffer_str_int8(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_INT16:
++ res = ldns_rdf2buffer_str_int16(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_INT32:
++ res = ldns_rdf2buffer_str_int32(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_PERIOD:
++ res = ldns_rdf2buffer_str_period(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_TSIGTIME:
++ res = ldns_rdf2buffer_str_tsigtime(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_A:
++ res = ldns_rdf2buffer_str_a(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_AAAA:
++ res = ldns_rdf2buffer_str_aaaa(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_STR:
++ res = ldns_rdf2buffer_str_str(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_APL:
++ res = ldns_rdf2buffer_str_apl(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_B32_EXT:
++ res = ldns_rdf2buffer_str_b32_ext(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_B64:
++ res = ldns_rdf2buffer_str_b64(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_HEX:
++ res = ldns_rdf2buffer_str_hex(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_NSEC:
++ res = ldns_rdf2buffer_str_nsec_fmt(buffer, fmt, rdf);
++ break;
++ case LDNS_RDF_TYPE_NSEC3_SALT:
++ res = ldns_rdf2buffer_str_nsec3_salt(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_TYPE:
++ res = ldns_rdf2buffer_str_type_fmt(buffer, fmt, rdf);
++ break;
++ case LDNS_RDF_TYPE_CLASS:
++ res = ldns_rdf2buffer_str_class(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_CERT_ALG:
++ res = ldns_rdf2buffer_str_cert_alg(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_UNKNOWN:
++ res = ldns_rdf2buffer_str_unknown(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_TIME:
++ res = ldns_rdf2buffer_str_time(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_HIP:
++ res = ldns_rdf2buffer_str_hip(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_LOC:
++ res = ldns_rdf2buffer_str_loc(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_WKS:
++ case LDNS_RDF_TYPE_SERVICE:
++ res = ldns_rdf2buffer_str_wks(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_NSAP:
++ res = ldns_rdf2buffer_str_nsap(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_ATMA:
++ res = ldns_rdf2buffer_str_atma(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_IPSECKEY:
++ res = ldns_rdf2buffer_str_ipseckey(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_INT16_DATA:
++ res = ldns_rdf2buffer_str_int16_data(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER:
++ res = ldns_rdf2buffer_str_b32_ext(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_ILNP64:
++ res = ldns_rdf2buffer_str_ilnp64(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_EUI48:
++ res = ldns_rdf2buffer_str_eui48(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_EUI64:
++ res = ldns_rdf2buffer_str_eui64(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_TAG:
++ res = ldns_rdf2buffer_str_tag(buffer, rdf);
++ break;
++ case LDNS_RDF_TYPE_LONG_STR:
++ res = ldns_rdf2buffer_str_long_str(buffer, rdf);
++ break;
++ }
++ } else {
++ /** This will write mangled RRs */
++ ldns_buffer_printf(buffer, "(null) ");
++ res = LDNS_STATUS_ERR;
++ }
++ return res;
++}
++
++ldns_status
++ldns_rdf2buffer_str(ldns_buffer *buffer, const ldns_rdf *rdf)
++{
++ return ldns_rdf2buffer_str_fmt(buffer,ldns_output_format_default,rdf);
++}
++
++static ldns_rdf *
++ldns_b32_ext2dname(const ldns_rdf *rdf)
++{
++ size_t size;
++ char *b32;
++ ldns_rdf *out;
++ if(ldns_rdf_size(rdf) == 0)
++ return NULL;
++ /* remove -1 for the b32-hash-len octet */
++ size = ldns_b32_ntop_calculate_size(ldns_rdf_size(rdf) - 1);
++ /* add one for the end nul for the string */
++ b32 = LDNS_XMALLOC(char, size + 2);
++ if (b32) {
++ if (ldns_b32_ntop_extended_hex(ldns_rdf_data(rdf) + 1,
++ ldns_rdf_size(rdf) - 1, b32, size+1) > 0) {
++ b32[size] = '.';
++ b32[size+1] = '\0';
++ if (ldns_str2rdf_dname(&out, b32) == LDNS_STATUS_OK) {
++ LDNS_FREE(b32);
++ return out;
++ }
++ }
++ LDNS_FREE(b32);
++ }
++ return NULL;
++}
++
++static ldns_status
++ldns_rr2buffer_str_rfc3597(ldns_buffer *output, const ldns_rr *rr)
++{
++ size_t total_rdfsize = 0;
++ size_t i, j;
++
++ ldns_buffer_printf(output, "TYPE%u\t", ldns_rr_get_type(rr));
++ for (i = 0; i < ldns_rr_rd_count(rr); i++) {
++ total_rdfsize += ldns_rdf_size(ldns_rr_rdf(rr, i));
++ }
++ if (total_rdfsize == 0) {
++ ldns_buffer_printf(output, "\\# 0\n");
++ return ldns_buffer_status(output);
++ }
++ ldns_buffer_printf(output, "\\# %d ", total_rdfsize);
++ for (i = 0; i < ldns_rr_rd_count(rr); i++) {
++ for (j = 0; j < ldns_rdf_size(ldns_rr_rdf(rr, i)); j++) {
++ ldns_buffer_printf(output, "%.2x",
++ ldns_rdf_data(ldns_rr_rdf(rr, i))[j]);
++ }
++ }
++ ldns_buffer_printf(output, "\n");
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rr2buffer_str_fmt(ldns_buffer *output,
++ const ldns_output_format *fmt, const ldns_rr *rr)
++{
++ uint16_t i, flags;
++ ldns_status status = LDNS_STATUS_OK;
++ ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt;
++
++ if (fmt_st == NULL) {
++ fmt_st = (ldns_output_format_storage*)
++ ldns_output_format_default;
++ }
++ if (!rr) {
++ if (LDNS_COMMENT_NULLS & fmt_st->flags) {
++ ldns_buffer_printf(output, "; (null)\n");
++ }
++ return ldns_buffer_status(output);
++ }
++ if (ldns_rr_owner(rr)) {
++ status = ldns_rdf2buffer_str_dname(output, ldns_rr_owner(rr));
++ }
++ if (status != LDNS_STATUS_OK) {
++ return status;
++ }
++
++ /* TTL should NOT be printed if it is a question */
++ if (!ldns_rr_is_question(rr)) {
++ ldns_buffer_printf(output, "\t%d", ldns_rr_ttl(rr));
++ }
++
++ ldns_buffer_printf(output, "\t");
++ status = ldns_rr_class2buffer_str(output, ldns_rr_get_class(rr));
++ if (status != LDNS_STATUS_OK) {
++ return status;
++ }
++ ldns_buffer_printf(output, "\t");
++
++ if (ldns_output_format_covers_type(fmt, ldns_rr_get_type(rr))) {
++ return ldns_rr2buffer_str_rfc3597(output, rr);
++ }
++ status = ldns_rr_type2buffer_str(output, ldns_rr_get_type(rr));
++ if (status != LDNS_STATUS_OK) {
++ return status;
++ }
++
++ if (ldns_rr_rd_count(rr) > 0) {
++ ldns_buffer_printf(output, "\t");
++ } else if (!ldns_rr_is_question(rr)) {
++ ldns_buffer_printf(output, "\t\\# 0");
++ }
++
++ for (i = 0; i < ldns_rr_rd_count(rr); i++) {
++ /* ldns_rdf2buffer_str handles NULL input fine! */
++ if ((fmt_st->flags & LDNS_FMT_ZEROIZE_RRSIGS) &&
++ (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) &&
++ ((/* inception */ i == 4 &&
++ ldns_rdf_get_type(ldns_rr_rdf(rr, 4)) ==
++ LDNS_RDF_TYPE_TIME) ||
++ (/* expiration */ i == 5 &&
++ ldns_rdf_get_type(ldns_rr_rdf(rr, 5)) ==
++ LDNS_RDF_TYPE_TIME) ||
++ (/* signature */ i == 8 &&
++ ldns_rdf_get_type(ldns_rr_rdf(rr, 8)) ==
++ LDNS_RDF_TYPE_B64))) {
++
++ ldns_buffer_printf(output, "(null)");
++ status = ldns_buffer_status(output);
++ } else if ((fmt_st->flags & LDNS_FMT_PAD_SOA_SERIAL) &&
++ (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) &&
++ /* serial */ i == 2 &&
++ ldns_rdf_get_type(ldns_rr_rdf(rr, 2)) ==
++ LDNS_RDF_TYPE_INT32) {
++ ldns_buffer_printf(output, "%10lu",
++ (unsigned long) ldns_read_uint32(
++ ldns_rdf_data(ldns_rr_rdf(rr, 2))));
++ status = ldns_buffer_status(output);
++ } else {
++ status = ldns_rdf2buffer_str_fmt(output,
++ fmt, ldns_rr_rdf(rr, i));
++ }
++ if(status != LDNS_STATUS_OK)
++ return status;
++ if (i < ldns_rr_rd_count(rr) - 1) {
++ ldns_buffer_printf(output, " ");
++ }
++ }
++ /* per RR special comments - handy for DNSSEC types */
++ /* check to prevent question sec. rr from
++ * getting here */
++ if (ldns_rr_rd_count(rr) > 0) {
++ switch (ldns_rr_get_type(rr)) {
++ case LDNS_RR_TYPE_DNSKEY:
++ /* if ldns_rr_rd_count(rr) > 0
++ then ldns_rr_rdf(rr, 0) exists! */
++ if (! (fmt_st->flags & LDNS_COMMENT_KEY)) {
++ break;
++ }
++ flags = ldns_rdf2native_int16(ldns_rr_rdf(rr, 0));
++ ldns_buffer_printf(output, " ;{");
++ if (fmt_st->flags & LDNS_COMMENT_KEY_ID) {
++ ldns_buffer_printf(output, "id = %u",
++ (unsigned int) ldns_calc_keytag(rr));
++ }
++ if ((fmt_st->flags & LDNS_COMMENT_KEY_TYPE) &&
++ (flags & LDNS_KEY_ZONE_KEY)){
++
++ if (flags & LDNS_KEY_SEP_KEY) {
++ ldns_buffer_printf(output, " (ksk)");
++ } else {
++ ldns_buffer_printf(output, " (zsk)");
++ }
++ if (fmt_st->flags & LDNS_COMMENT_KEY_SIZE){
++ ldns_buffer_printf(output, ", ");
++ }
++ } else if (fmt_st->flags
++ & (LDNS_COMMENT_KEY_ID
++ |LDNS_COMMENT_KEY_SIZE)) {
++ ldns_buffer_printf( output, ", ");
++ }
++ if (fmt_st->flags & LDNS_COMMENT_KEY_SIZE) {
++ ldns_buffer_printf(output, "size = %db",
++ ldns_rr_dnskey_key_size(rr));
++ }
++ ldns_buffer_printf(output, "}");
++ break;
++ case LDNS_RR_TYPE_RRSIG:
++ if ((fmt_st->flags & LDNS_COMMENT_KEY)
++ && (fmt_st->flags& LDNS_COMMENT_RRSIGS)
++ && ldns_rr_rdf(rr, 6) != NULL) {
++ ldns_buffer_printf(output, " ;{id = %d}",
++ ldns_rdf2native_int16(
++ ldns_rr_rdf(rr, 6)));
++ }
++ break;
++ case LDNS_RR_TYPE_DS:
++ if ((fmt_st->flags & LDNS_COMMENT_BUBBLEBABBLE) &&
++ ldns_rr_rdf(rr, 3) != NULL) {
++
++ uint8_t *data = ldns_rdf_data(
++ ldns_rr_rdf(rr, 3));
++ size_t len = ldns_rdf_size(ldns_rr_rdf(rr, 3));
++ char *babble = ldns_bubblebabble(data, len);
++ if(babble) {
++ ldns_buffer_printf(output,
++ " ;{%s}", babble);
++ }
++ LDNS_FREE(babble);
++ }
++ break;
++ case LDNS_RR_TYPE_NSEC3:
++ if (! (fmt_st->flags & LDNS_COMMENT_FLAGS) &&
++ ! (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN)) {
++ break;
++ }
++ ldns_buffer_printf(output, " ;{");
++ if ((fmt_st->flags & LDNS_COMMENT_FLAGS)) {
++ if (ldns_nsec3_optout(rr)) {
++ ldns_buffer_printf(output,
++ " flags: optout");
++ } else {
++ ldns_buffer_printf(output," flags: -");
++ }
++ if (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN &&
++ fmt_st->hashmap != NULL) {
++ ldns_buffer_printf(output, ", ");
++ }
++ }
++ if (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN &&
++ fmt_st->hashmap != NULL) {
++ ldns_rbnode_t *node;
++ ldns_rdf *key = ldns_dname_label(
++ ldns_rr_owner(rr), 0);
++ if (key) {
++ node = ldns_rbtree_search(
++ fmt_st->hashmap,
++ (void *) key);
++ if (node->data) {
++ ldns_buffer_printf(output,
++ "from: ");
++ (void) ldns_rdf2buffer_str(
++ output,
++ ldns_dnssec_name_name(
++ (ldns_dnssec_name*)
++ node->data
++ ));
++ }
++ ldns_rdf_free(key);
++ }
++ key = ldns_b32_ext2dname(
++ ldns_nsec3_next_owner(rr));
++ if (key) {
++ node = ldns_rbtree_search(
++ fmt_st->hashmap,
++ (void *) key);
++ if (node->data) {
++ ldns_buffer_printf(output,
++ " to: ");
++ (void) ldns_rdf2buffer_str(
++ output,
++ ldns_dnssec_name_name(
++ (ldns_dnssec_name*)
++ node->data
++ ));
++ }
++ ldns_rdf_free(key);
++ }
++ }
++ ldns_buffer_printf(output, "}");
++ break;
++ default:
++ break;
++
++ }
++ }
++ /* last */
++ ldns_buffer_printf(output, "\n");
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr)
++{
++ return ldns_rr2buffer_str_fmt(output, ldns_output_format_default, rr);
++}
++
++ldns_status
++ldns_rr_list2buffer_str_fmt(ldns_buffer *output,
++ const ldns_output_format *fmt, const ldns_rr_list *list)
++{
++ uint16_t i;
++
++ for(i = 0; i < ldns_rr_list_rr_count(list); i++) {
++ (void) ldns_rr2buffer_str_fmt(output, fmt,
++ ldns_rr_list_rr(list, i));
++ }
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list)
++{
++ return ldns_rr_list2buffer_str_fmt(
++ output, ldns_output_format_default, list);
++}
++
++ldns_status
++ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt)
++{
++ ldns_lookup_table *opcode = ldns_lookup_by_id(ldns_opcodes,
++ (int) ldns_pkt_get_opcode(pkt));
++ ldns_lookup_table *rcode = ldns_lookup_by_id(ldns_rcodes,
++ (int) ldns_pkt_get_rcode(pkt));
++
++ ldns_buffer_printf(output, ";; ->>HEADER<<- ");
++ if (opcode) {
++ ldns_buffer_printf(output, "opcode: %s, ", opcode->name);
++ } else {
++ ldns_buffer_printf(output, "opcode: ?? (%u), ",
++ ldns_pkt_get_opcode(pkt));
++ }
++ if (rcode) {
++ ldns_buffer_printf(output, "rcode: %s, ", rcode->name);
++ } else {
++ ldns_buffer_printf(output, "rcode: ?? (%u), ", ldns_pkt_get_rcode(pkt));
++ }
++ ldns_buffer_printf(output, "id: %d\n", ldns_pkt_id(pkt));
++ ldns_buffer_printf(output, ";; flags: ");
++
++ if (ldns_pkt_qr(pkt)) {
++ ldns_buffer_printf(output, "qr ");
++ }
++ if (ldns_pkt_aa(pkt)) {
++ ldns_buffer_printf(output, "aa ");
++ }
++ if (ldns_pkt_tc(pkt)) {
++ ldns_buffer_printf(output, "tc ");
++ }
++ if (ldns_pkt_rd(pkt)) {
++ ldns_buffer_printf(output, "rd ");
++ }
++ if (ldns_pkt_cd(pkt)) {
++ ldns_buffer_printf(output, "cd ");
++ }
++ if (ldns_pkt_ra(pkt)) {
++ ldns_buffer_printf(output, "ra ");
++ }
++ if (ldns_pkt_ad(pkt)) {
++ ldns_buffer_printf(output, "ad ");
++ }
++ ldns_buffer_printf(output, "; ");
++ ldns_buffer_printf(output, "QUERY: %u, ", ldns_pkt_qdcount(pkt));
++ ldns_buffer_printf(output, "ANSWER: %u, ", ldns_pkt_ancount(pkt));
++ ldns_buffer_printf(output, "AUTHORITY: %u, ", ldns_pkt_nscount(pkt));
++ ldns_buffer_printf(output, "ADDITIONAL: %u ", ldns_pkt_arcount(pkt));
++ return ldns_buffer_status(output);
++}
++
++ldns_status
++ldns_pkt2buffer_str_fmt(ldns_buffer *output,
++ const ldns_output_format *fmt, const ldns_pkt *pkt)
++{
++ uint16_t i;
++ ldns_status status = LDNS_STATUS_OK;
++ char *tmp;
++ struct timeval time;
++ time_t time_tt;
++
++ if (!pkt) {
++ ldns_buffer_printf(output, "null");
++ return LDNS_STATUS_OK;
++ }
++
++ if (ldns_buffer_status_ok(output)) {
++ status = ldns_pktheader2buffer_str(output, pkt);
++ if (status != LDNS_STATUS_OK) {
++ return status;
++ }
++
++ ldns_buffer_printf(output, "\n");
++
++ ldns_buffer_printf(output, ";; QUESTION SECTION:\n;; ");
++
++
++ for (i = 0; i < ldns_pkt_qdcount(pkt); i++) {
++ status = ldns_rr2buffer_str_fmt(output, fmt,
++ ldns_rr_list_rr(
++ ldns_pkt_question(pkt), i));
++ if (status != LDNS_STATUS_OK) {
++ return status;
++ }
++ }
++ ldns_buffer_printf(output, "\n");
++
++ ldns_buffer_printf(output, ";; ANSWER SECTION:\n");
++ for (i = 0; i < ldns_pkt_ancount(pkt); i++) {
++ status = ldns_rr2buffer_str_fmt(output, fmt,
++ ldns_rr_list_rr(
++ ldns_pkt_answer(pkt), i));
++ if (status != LDNS_STATUS_OK) {
++ return status;
++ }
++
++ }
++ ldns_buffer_printf(output, "\n");
++
++ ldns_buffer_printf(output, ";; AUTHORITY SECTION:\n");
++
++ for (i = 0; i < ldns_pkt_nscount(pkt); i++) {
++ status = ldns_rr2buffer_str_fmt(output, fmt,
++ ldns_rr_list_rr(
++ ldns_pkt_authority(pkt), i));
++ if (status != LDNS_STATUS_OK) {
++ return status;
++ }
++ }
++ ldns_buffer_printf(output, "\n");
++
++ ldns_buffer_printf(output, ";; ADDITIONAL SECTION:\n");
++ for (i = 0; i < ldns_pkt_arcount(pkt); i++) {
++ status = ldns_rr2buffer_str_fmt(output, fmt,
++ ldns_rr_list_rr(
++ ldns_pkt_additional(pkt), i));
++ if (status != LDNS_STATUS_OK) {
++ return status;
++ }
++
++ }
++ ldns_buffer_printf(output, "\n");
++ /* add some futher fields */
++ ldns_buffer_printf(output, ";; Query time: %d msec\n",
++ ldns_pkt_querytime(pkt));
++ if (ldns_pkt_edns(pkt)) {
++ ldns_buffer_printf(output,
++ ";; EDNS: version %u; flags:",
++ ldns_pkt_edns_version(pkt));
++ if (ldns_pkt_edns_do(pkt)) {
++ ldns_buffer_printf(output, " do");
++ }
++ /* the extended rcode is the value set, shifted four bits,
++ * and or'd with the original rcode */
++ if (ldns_pkt_edns_extended_rcode(pkt)) {
++ ldns_buffer_printf(output, " ; ext-rcode: %d",
++ (ldns_pkt_edns_extended_rcode(pkt) << 4 | ldns_pkt_get_rcode(pkt)));
++ }
++ ldns_buffer_printf(output, " ; udp: %u\n",
++ ldns_pkt_edns_udp_size(pkt));
++
++ if (ldns_pkt_edns_data(pkt)) {
++ ldns_buffer_printf(output, ";; Data: ");
++ (void)ldns_rdf2buffer_str(output,
++ ldns_pkt_edns_data(pkt));
++ ldns_buffer_printf(output, "\n");
++ }
++ }
++ if (ldns_pkt_tsig(pkt)) {
++ ldns_buffer_printf(output, ";; TSIG:\n;; ");
++ (void) ldns_rr2buffer_str_fmt(
++ output, fmt, ldns_pkt_tsig(pkt));
++ ldns_buffer_printf(output, "\n");
++ }
++ if (ldns_pkt_answerfrom(pkt)) {
++ tmp = ldns_rdf2str(ldns_pkt_answerfrom(pkt));
++ ldns_buffer_printf(output, ";; SERVER: %s\n", tmp);
++ LDNS_FREE(tmp);
++ }
++ time = ldns_pkt_timestamp(pkt);
++ time_tt = (time_t)time.tv_sec;
++ ldns_buffer_printf(output, ";; WHEN: %s",
++ (char*)ctime(&time_tt));
++
++ ldns_buffer_printf(output, ";; MSG SIZE rcvd: %d\n",
++ (int)ldns_pkt_size(pkt));
++ } else {
++ return ldns_buffer_status(output);
++ }
++ return status;
++}
++
++ldns_status
++ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt)
++{
++ return ldns_pkt2buffer_str_fmt(output, ldns_output_format_default, pkt);
++}
++
++
++#ifdef HAVE_SSL
++static ldns_status
++ldns_hmac_key2buffer_str(ldns_buffer *output, const ldns_key *k)
++{
++ ldns_status status;
++ size_t i;
++ ldns_rdf *b64_bignum;
++
++ ldns_buffer_printf(output, "Key: ");
++
++ i = ldns_key_hmac_size(k);
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, ldns_key_hmac_key(k));
++ status = ldns_rdf2buffer_str(output, b64_bignum);
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ return status;
++}
++#endif
++
++#if defined(HAVE_SSL) && defined(USE_GOST)
++static ldns_status
++ldns_gost_key2buffer_str(ldns_buffer *output, EVP_PKEY *p)
++{
++ unsigned char* pp = NULL;
++ int ret;
++ ldns_rdf *b64_bignum;
++ ldns_status status;
++
++ ldns_buffer_printf(output, "GostAsn1: ");
++
++ ret = i2d_PrivateKey(p, &pp);
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, (size_t)ret, pp);
++ status = ldns_rdf2buffer_str(output, b64_bignum);
++
++ ldns_rdf_deep_free(b64_bignum);
++ OPENSSL_free(pp);
++ ldns_buffer_printf(output, "\n");
++ return status;
++}
++#endif
++
++ldns_status
++ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
++{
++ ldns_status status = LDNS_STATUS_OK;
++ unsigned char *bignum;
++#ifdef HAVE_SSL
++# ifndef S_SPLINT_S
++ uint16_t i;
++# endif
++ /* not used when ssl is not defined */
++ /*@unused@*/
++ ldns_rdf *b64_bignum = NULL;
++
++ RSA *rsa;
++ DSA *dsa;
++#endif /* HAVE_SSL */
++
++ if (!k) {
++ return LDNS_STATUS_ERR;
++ }
++
++ bignum = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
++ if (!bignum) {
++ return LDNS_STATUS_ERR;
++ }
++
++ if (ldns_buffer_status_ok(output)) {
++#ifdef HAVE_SSL
++ switch(ldns_key_algorithm(k)) {
++ case LDNS_SIGN_RSASHA1:
++ case LDNS_SIGN_RSASHA1_NSEC3:
++ case LDNS_SIGN_RSASHA256:
++ case LDNS_SIGN_RSASHA512:
++ case LDNS_SIGN_RSAMD5:
++ /* copied by looking at dnssec-keygen output */
++ /* header */
++ rsa = ldns_key_rsa_key(k);
++
++ ldns_buffer_printf(output,"Private-key-format: v1.2\n");
++ switch(ldns_key_algorithm(k)) {
++ case LDNS_SIGN_RSAMD5:
++ ldns_buffer_printf(output,
++ "Algorithm: %u (RSA)\n",
++ LDNS_RSAMD5);
++ break;
++ case LDNS_SIGN_RSASHA1:
++ ldns_buffer_printf(output,
++ "Algorithm: %u (RSASHA1)\n",
++ LDNS_RSASHA1);
++ break;
++ case LDNS_SIGN_RSASHA1_NSEC3:
++ ldns_buffer_printf(output,
++ "Algorithm: %u (RSASHA1_NSEC3)\n",
++ LDNS_RSASHA1_NSEC3);
++ break;
++#ifdef USE_SHA2
++ case LDNS_SIGN_RSASHA256:
++ ldns_buffer_printf(output,
++ "Algorithm: %u (RSASHA256)\n",
++ LDNS_RSASHA256);
++ break;
++ case LDNS_SIGN_RSASHA512:
++ ldns_buffer_printf(output,
++ "Algorithm: %u (RSASHA512)\n",
++ LDNS_RSASHA512);
++ break;
++#endif
++ default:
++#ifdef STDERR_MSGS
++ fprintf(stderr, "Warning: unknown signature ");
++ fprintf(stderr,
++ "algorithm type %u\n",
++ ldns_key_algorithm(k));
++#endif
++ ldns_buffer_printf(output,
++ "Algorithm: %u (Unknown)\n",
++ ldns_key_algorithm(k));
++ break;
++ }
++
++ /* print to buf, convert to bin, convert to b64,
++ * print to buf */
++ ldns_buffer_printf(output, "Modulus: ");
++#ifndef S_SPLINT_S
++ i = (uint16_t)BN_bn2bin(rsa->n, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ ldns_buffer_printf(output, "PublicExponent: ");
++ i = (uint16_t)BN_bn2bin(rsa->e, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++
++ ldns_buffer_printf(output, "PrivateExponent: ");
++ if (rsa->d) {
++ i = (uint16_t)BN_bn2bin(rsa->d, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ ldns_buffer_printf(output, "(Not available)\n");
++ }
++
++ ldns_buffer_printf(output, "Prime1: ");
++ if (rsa->p) {
++ i = (uint16_t)BN_bn2bin(rsa->p, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ ldns_buffer_printf(output, "(Not available)\n");
++ }
++
++ ldns_buffer_printf(output, "Prime2: ");
++ if (rsa->q) {
++ i = (uint16_t)BN_bn2bin(rsa->q, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ ldns_buffer_printf(output, "(Not available)\n");
++ }
++
++ ldns_buffer_printf(output, "Exponent1: ");
++ if (rsa->dmp1) {
++ i = (uint16_t)BN_bn2bin(rsa->dmp1, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ ldns_buffer_printf(output, "(Not available)\n");
++ }
++
++ ldns_buffer_printf(output, "Exponent2: ");
++ if (rsa->dmq1) {
++ i = (uint16_t)BN_bn2bin(rsa->dmq1, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ ldns_buffer_printf(output, "(Not available)\n");
++ }
++
++ ldns_buffer_printf(output, "Coefficient: ");
++ if (rsa->iqmp) {
++ i = (uint16_t)BN_bn2bin(rsa->iqmp, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ ldns_buffer_printf(output, "(Not available)\n");
++ }
++#endif /* splint */
++
++ RSA_free(rsa);
++ break;
++ case LDNS_SIGN_DSA:
++ case LDNS_SIGN_DSA_NSEC3:
++ dsa = ldns_key_dsa_key(k);
++
++ ldns_buffer_printf(output,"Private-key-format: v1.2\n");
++ if (ldns_key_algorithm(k) == LDNS_SIGN_DSA) {
++ ldns_buffer_printf(output,"Algorithm: 3 (DSA)\n");
++ } else if (ldns_key_algorithm(k) == LDNS_SIGN_DSA_NSEC3) {
++ ldns_buffer_printf(output,"Algorithm: 6 (DSA_NSEC3)\n");
++ }
++
++ /* print to buf, convert to bin, convert to b64,
++ * print to buf */
++ ldns_buffer_printf(output, "Prime(p): ");
++#ifndef S_SPLINT_S
++ if (dsa->p) {
++ i = (uint16_t)BN_bn2bin(dsa->p, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ printf("(Not available)\n");
++ }
++
++ ldns_buffer_printf(output, "Subprime(q): ");
++ if (dsa->q) {
++ i = (uint16_t)BN_bn2bin(dsa->q, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ printf("(Not available)\n");
++ }
++
++ ldns_buffer_printf(output, "Base(g): ");
++ if (dsa->g) {
++ i = (uint16_t)BN_bn2bin(dsa->g, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ printf("(Not available)\n");
++ }
++
++ ldns_buffer_printf(output, "Private_value(x): ");
++ if (dsa->priv_key) {
++ i = (uint16_t)BN_bn2bin(dsa->priv_key, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ printf("(Not available)\n");
++ }
++
++ ldns_buffer_printf(output, "Public_value(y): ");
++ if (dsa->pub_key) {
++ i = (uint16_t)BN_bn2bin(dsa->pub_key, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ } else {
++ printf("(Not available)\n");
++ }
++#endif /* splint */
++ break;
++ case LDNS_SIGN_ECC_GOST:
++ /* no format defined, use blob */
++#if defined(HAVE_SSL) && defined(USE_GOST)
++ ldns_buffer_printf(output, "Private-key-format: v1.2\n");
++ ldns_buffer_printf(output, "Algorithm: %d (ECC-GOST)\n", LDNS_SIGN_ECC_GOST);
++ status = ldns_gost_key2buffer_str(output,
++#ifndef S_SPLINT_S
++ k->_key.key
++#else
++ NULL
++#endif
++ );
++#else
++ goto error;
++#endif /* GOST */
++ break;
++ case LDNS_SIGN_ECDSAP256SHA256:
++ case LDNS_SIGN_ECDSAP384SHA384:
++#ifdef USE_ECDSA
++ ldns_buffer_printf(output, "Private-key-format: v1.2\n");
++ ldns_buffer_printf(output, "Algorithm: %d (", ldns_key_algorithm(k));
++ status=ldns_algorithm2buffer_str(output, (ldns_algorithm)ldns_key_algorithm(k));
++#ifndef S_SPLINT_S
++ ldns_buffer_printf(output, ")\n");
++ if(k->_key.key) {
++ EC_KEY* ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
++ const BIGNUM* b = EC_KEY_get0_private_key(ec);
++ ldns_buffer_printf(output, "PrivateKey: ");
++ i = (uint16_t)BN_bn2bin(b, bignum);
++ if (i > LDNS_MAX_KEYLEN) {
++ goto error;
++ }
++ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
++ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(b64_bignum);
++ goto error;
++ }
++ ldns_rdf_deep_free(b64_bignum);
++ ldns_buffer_printf(output, "\n");
++ /* down reference count in EC_KEY
++ * its still assigned to the PKEY */
++ EC_KEY_free(ec);
++ }
++#endif /* splint */
++#else
++ goto error;
++#endif /* ECDSA */
++ break;
++ case LDNS_SIGN_HMACMD5:
++ /* there's not much of a format defined for TSIG */
++ /* It's just a binary blob, Same for all algorithms */
++ ldns_buffer_printf(output, "Private-key-format: v1.2\n");
++ ldns_buffer_printf(output, "Algorithm: 157 (HMAC_MD5)\n");
++ status = ldns_hmac_key2buffer_str(output, k);
++ break;
++ case LDNS_SIGN_HMACSHA1:
++ ldns_buffer_printf(output, "Private-key-format: v1.2\n");
++ ldns_buffer_printf(output, "Algorithm: 158 (HMAC_SHA1)\n");
++ status = ldns_hmac_key2buffer_str(output, k);
++ break;
++ case LDNS_SIGN_HMACSHA256:
++ ldns_buffer_printf(output, "Private-key-format: v1.2\n");
++ ldns_buffer_printf(output, "Algorithm: 159 (HMAC_SHA256)\n");
++ status = ldns_hmac_key2buffer_str(output, k);
++ break;
++ }
++#endif /* HAVE_SSL */
++ } else {
++ LDNS_FREE(bignum);
++ return ldns_buffer_status(output);
++ }
++ LDNS_FREE(bignum);
++ return status;
++
++#ifdef HAVE_SSL
++ /* compiles warn the label isn't used */
++error:
++ LDNS_FREE(bignum);
++ return LDNS_STATUS_ERR;
++#endif /* HAVE_SSL */
++
++}
++
++/*
++ * Zero terminate the buffer and copy data.
++ */
++char *
++ldns_buffer2str(ldns_buffer *buffer)
++{
++ char *str;
++
++ /* check if buffer ends with \0, if not, and
++ if there is space, add it */
++ if (*(ldns_buffer_at(buffer, ldns_buffer_position(buffer))) != 0) {
++ if (!ldns_buffer_reserve(buffer, 1)) {
++ return NULL;
++ }
++ ldns_buffer_write_u8(buffer, (uint8_t) '\0');
++ if (!ldns_buffer_set_capacity(buffer, ldns_buffer_position(buffer))) {
++ return NULL;
++ }
++ }
++
++ str = strdup((const char *)ldns_buffer_begin(buffer));
++ if(!str) {
++ return NULL;
++ }
++ return str;
++}
++
++/*
++ * Zero terminate the buffer and export data.
++ */
++char *
++ldns_buffer_export2str(ldns_buffer *buffer)
++{
++ /* Append '\0' as string terminator */
++ if (! ldns_buffer_reserve(buffer, 1)) {
++ return NULL;
++ }
++ ldns_buffer_write_u8(buffer, 0);
++
++ /* reallocate memory to the size of the string and export */
++ ldns_buffer_set_capacity(buffer, ldns_buffer_position(buffer));
++ return ldns_buffer_export(buffer);
++}
++
++char *
++ldns_rdf2str(const ldns_rdf *rdf)
++{
++ char *result = NULL;
++ ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++
++ if (!tmp_buffer) {
++ return NULL;
++ }
++ if (ldns_rdf2buffer_str(tmp_buffer, rdf) == LDNS_STATUS_OK) {
++ /* export and return string, destroy rest */
++ result = ldns_buffer_export2str(tmp_buffer);
++ }
++ ldns_buffer_free(tmp_buffer);
++ return result;
++}
++
++char *
++ldns_rr2str_fmt(const ldns_output_format *fmt, const ldns_rr *rr)
++{
++ char *result = NULL;
++ ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++
++ if (!tmp_buffer) {
++ return NULL;
++ }
++ if (ldns_rr2buffer_str_fmt(tmp_buffer, fmt, rr)
++ == LDNS_STATUS_OK) {
++ /* export and return string, destroy rest */
++ result = ldns_buffer_export2str(tmp_buffer);
++ }
++ ldns_buffer_free(tmp_buffer);
++ return result;
++}
++
++char *
++ldns_rr2str(const ldns_rr *rr)
++{
++ return ldns_rr2str_fmt(ldns_output_format_default, rr);
++}
++
++char *
++ldns_pkt2str_fmt(const ldns_output_format *fmt, const ldns_pkt *pkt)
++{
++ char *result = NULL;
++ ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++
++ if (!tmp_buffer) {
++ return NULL;
++ }
++ if (ldns_pkt2buffer_str_fmt(tmp_buffer, fmt, pkt)
++ == LDNS_STATUS_OK) {
++ /* export and return string, destroy rest */
++ result = ldns_buffer_export2str(tmp_buffer);
++ }
++
++ ldns_buffer_free(tmp_buffer);
++ return result;
++}
++
++char *
++ldns_pkt2str(const ldns_pkt *pkt)
++{
++ return ldns_pkt2str_fmt(ldns_output_format_default, pkt);
++}
++
++char *
++ldns_key2str(const ldns_key *k)
++{
++ char *result = NULL;
++ ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++
++ if (!tmp_buffer) {
++ return NULL;
++ }
++ if (ldns_key2buffer_str(tmp_buffer, k) == LDNS_STATUS_OK) {
++ /* export and return string, destroy rest */
++ result = ldns_buffer_export2str(tmp_buffer);
++ }
++ ldns_buffer_free(tmp_buffer);
++ return result;
++}
++
++char *
++ldns_rr_list2str_fmt(const ldns_output_format *fmt, const ldns_rr_list *list)
++{
++ char *result = NULL;
++ ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++
++ if (!tmp_buffer) {
++ return NULL;
++ }
++ if (list) {
++ if (ldns_rr_list2buffer_str_fmt(
++ tmp_buffer, fmt, list)
++ == LDNS_STATUS_OK) {
++ }
++ } else {
++ if (fmt == NULL) {
++ fmt = ldns_output_format_default;
++ }
++ if (fmt->flags & LDNS_COMMENT_NULLS) {
++ ldns_buffer_printf(tmp_buffer, "; (null)\n");
++ }
++ }
++
++ /* export and return string, destroy rest */
++ result = ldns_buffer_export2str(tmp_buffer);
++ ldns_buffer_free(tmp_buffer);
++ return result;
++}
++
++char *
++ldns_rr_list2str(const ldns_rr_list *list)
++{
++ return ldns_rr_list2str_fmt(ldns_output_format_default, list);
++}
++
++void
++ldns_rdf_print(FILE *output, const ldns_rdf *rdf)
++{
++ char *str = ldns_rdf2str(rdf);
++ if (str) {
++ fprintf(output, "%s", str);
++ } else {
++ fprintf(output, ";Unable to convert rdf to string\n");
++ }
++ LDNS_FREE(str);
++}
++
++void
++ldns_rr_print_fmt(FILE *output,
++ const ldns_output_format *fmt, const ldns_rr *rr)
++{
++ char *str = ldns_rr2str_fmt(fmt, rr);
++ if (str) {
++ fprintf(output, "%s", str);
++ } else {
++ fprintf(output, ";Unable to convert rr to string\n");
++ }
++ LDNS_FREE(str);
++}
++
++void
++ldns_rr_print(FILE *output, const ldns_rr *rr)
++{
++ ldns_rr_print_fmt(output, ldns_output_format_default, rr);
++}
++
++void
++ldns_pkt_print_fmt(FILE *output,
++ const ldns_output_format *fmt, const ldns_pkt *pkt)
++{
++ char *str = ldns_pkt2str_fmt(fmt, pkt);
++ if (str) {
++ fprintf(output, "%s", str);
++ } else {
++ fprintf(output, ";Unable to convert packet to string\n");
++ }
++ LDNS_FREE(str);
++}
++
++void
++ldns_pkt_print(FILE *output, const ldns_pkt *pkt)
++{
++ ldns_pkt_print_fmt(output, ldns_output_format_default, pkt);
++}
++
++void
++ldns_rr_list_print_fmt(FILE *output,
++ const ldns_output_format *fmt, const ldns_rr_list *lst)
++{
++ size_t i;
++ for (i = 0; i < ldns_rr_list_rr_count(lst); i++) {
++ ldns_rr_print_fmt(output, fmt, ldns_rr_list_rr(lst, i));
++ }
++}
++
++void
++ldns_rr_list_print(FILE *output, const ldns_rr_list *lst)
++{
++ ldns_rr_list_print_fmt(output, ldns_output_format_default, lst);
++}
++
++void
++ldns_resolver_print_fmt(FILE *output,
++ const ldns_output_format *fmt, const ldns_resolver *r)
++{
++ uint16_t i;
++ ldns_rdf **n;
++ ldns_rdf **s;
++ size_t *rtt;
++ if (!r) {
++ return;
++ }
++ n = ldns_resolver_nameservers(r);
++ s = ldns_resolver_searchlist(r);
++ rtt = ldns_resolver_rtt(r);
++
++ fprintf(output, "port: %d\n", (int)ldns_resolver_port(r));
++ fprintf(output, "edns0 size: %d\n", (int)ldns_resolver_edns_udp_size(r));
++ fprintf(output, "use ip6: %d\n", (int)ldns_resolver_ip6(r));
++
++ fprintf(output, "recursive: %d\n", ldns_resolver_recursive(r));
++ fprintf(output, "usevc: %d\n", ldns_resolver_usevc(r));
++ fprintf(output, "igntc: %d\n", ldns_resolver_igntc(r));
++ fprintf(output, "fail: %d\n", ldns_resolver_fail(r));
++ fprintf(output, "retry: %d\n", (int)ldns_resolver_retry(r));
++ fprintf(output, "retrans: %d\n", (int)ldns_resolver_retrans(r));
++ fprintf(output, "fallback: %d\n", ldns_resolver_fallback(r));
++ fprintf(output, "random: %d\n", ldns_resolver_random(r));
++ fprintf(output, "timeout: %d\n", (int)ldns_resolver_timeout(r).tv_sec);
++ fprintf(output, "dnssec: %d\n", ldns_resolver_dnssec(r));
++ fprintf(output, "dnssec cd: %d\n", ldns_resolver_dnssec_cd(r));
++ fprintf(output, "trust anchors (%d listed):\n",
++ (int)ldns_rr_list_rr_count(ldns_resolver_dnssec_anchors(r)));
++ ldns_rr_list_print_fmt(output, fmt, ldns_resolver_dnssec_anchors(r));
++ fprintf(output, "tsig: %s %s\n",
++ ldns_resolver_tsig_keyname(r)?ldns_resolver_tsig_keyname(r):"-",
++ ldns_resolver_tsig_algorithm(r)?ldns_resolver_tsig_algorithm(r):"-");
++ fprintf(output, "debug: %d\n", ldns_resolver_debug(r));
++
++ fprintf(output, "default domain: ");
++ ldns_rdf_print(output, ldns_resolver_domain(r));
++ fprintf(output, "\n");
++ fprintf(output, "apply default domain: %d\n", ldns_resolver_defnames(r));
++
++ fprintf(output, "searchlist (%d listed):\n", (int)ldns_resolver_searchlist_count(r));
++ for (i = 0; i < ldns_resolver_searchlist_count(r); i++) {
++ fprintf(output, "\t");
++ ldns_rdf_print(output, s[i]);
++ fprintf(output, "\n");
++ }
++ fprintf(output, "apply search list: %d\n", ldns_resolver_dnsrch(r));
++
++ fprintf(output, "nameservers (%d listed):\n", (int)ldns_resolver_nameserver_count(r));
++ for (i = 0; i < ldns_resolver_nameserver_count(r); i++) {
++ fprintf(output, "\t");
++ ldns_rdf_print(output, n[i]);
++
++ switch ((int)rtt[i]) {
++ case LDNS_RESOLV_RTT_MIN:
++ fprintf(output, " - reachable\n");
++ break;
++ case LDNS_RESOLV_RTT_INF:
++ fprintf(output, " - unreachable\n");
++ break;
++ }
++ }
++}
++
++void
++ldns_resolver_print(FILE *output, const ldns_resolver *r)
++{
++ ldns_resolver_print_fmt(output, ldns_output_format_default, r);
++}
++
++void
++ldns_zone_print_fmt(FILE *output,
++ const ldns_output_format *fmt, const ldns_zone *z)
++{
++ if(ldns_zone_soa(z))
++ ldns_rr_print_fmt(output, fmt, ldns_zone_soa(z));
++ ldns_rr_list_print_fmt(output, fmt, ldns_zone_rrs(z));
++}
++void
++ldns_zone_print(FILE *output, const ldns_zone *z)
++{
++ ldns_zone_print_fmt(output, ldns_output_format_default, z);
++}
+diff --git a/ldns/src/host2wire.c b/ldns/src/host2wire.c
+new file mode 100644
+index 0000000..06f45ba
+--- /dev/null
++++ b/ldns/src/host2wire.c
+@@ -0,0 +1,494 @@
++/*
++ * host2wire.c
++ *
++ * conversion routines from the host to the wire format.
++ * This will usually just a re-ordering of the
++ * data (as we store it in network format)
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++ldns_status
++ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name)
++{
++ return ldns_dname2buffer_wire_compress(buffer, name, NULL);
++}
++
++ldns_status
++ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_rbtree_t *compression_data)
++{
++ ldns_rbnode_t *node;
++ uint8_t *data;
++ size_t size;
++ ldns_rdf *label;
++ ldns_rdf *rest;
++ ldns_status s;
++
++ /* If no tree, just add the data */
++ if(!compression_data)
++ {
++ if (ldns_buffer_reserve(buffer, ldns_rdf_size(name)))
++ {
++ ldns_buffer_write(buffer, ldns_rdf_data(name), ldns_rdf_size(name));
++ }
++ return ldns_buffer_status(buffer);
++ }
++
++ /* No labels left, write final zero */
++ if(ldns_dname_label_count(name)==0)
++ {
++ if(ldns_buffer_reserve(buffer,1))
++ {
++ ldns_buffer_write_u8(buffer, 0);
++ }
++ return ldns_buffer_status(buffer);
++ }
++
++ /* Can we find the name in the tree? */
++ if((node = ldns_rbtree_search(compression_data, ldns_rdf_data(name))) != NULL)
++ {
++ /* Found */
++ uint16_t position = (uint16_t) (intptr_t) node->data | 0xC000;
++ if (ldns_buffer_reserve(buffer, 2))
++ {
++ ldns_buffer_write_u16(buffer, position);
++ }
++ return ldns_buffer_status(buffer);
++ }
++ else
++ {
++ /* Not found. Write cache entry, take off first label, write it, */
++ /* try again with the rest of the name. */
++ ldns_rbnode_t *node = LDNS_MALLOC(ldns_rbnode_t);
++ if(!node)
++ {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ if (ldns_buffer_position(buffer) < 16384) {
++ node->key = strdup((const char *)ldns_rdf_data(name));
++ node->data = (void *) (intptr_t) ldns_buffer_position(buffer);
++ if(!ldns_rbtree_insert(compression_data,node))
++ {
++ /* fprintf(stderr,"Name not found but now it's there?\n"); */
++ }
++ }
++ label = ldns_dname_label(name, 0);
++ rest = ldns_dname_left_chop(name);
++ size = ldns_rdf_size(label) - 1; /* Don't want the final zero */
++ data = ldns_rdf_data(label);
++ if(ldns_buffer_reserve(buffer, size))
++ {
++ ldns_buffer_write(buffer, data, size);
++ }
++ ldns_rdf_deep_free(label);
++ s = ldns_dname2buffer_wire_compress(buffer, rest, compression_data);
++ ldns_rdf_deep_free(rest);
++ return s;
++ }
++}
++
++ldns_status
++ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf)
++{
++ return ldns_rdf2buffer_wire_compress(buffer, rdf, NULL);
++}
++
++ldns_status
++ldns_rdf2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *rdf, ldns_rbtree_t *compression_data)
++{
++ /* If it's a DNAME, call that function to get compression */
++ if(compression_data && ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME)
++ {
++ return ldns_dname2buffer_wire_compress(buffer,rdf,compression_data);
++ }
++
++ if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) {
++ ldns_buffer_write(buffer, ldns_rdf_data(rdf), ldns_rdf_size(rdf));
++ }
++ return ldns_buffer_status(buffer);
++}
++
++ldns_status
++ldns_rdf2buffer_wire_canonical(ldns_buffer *buffer, const ldns_rdf *rdf)
++{
++ size_t i;
++ uint8_t *rdf_data;
++
++ if (ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME) {
++ if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) {
++ rdf_data = ldns_rdf_data(rdf);
++ for (i = 0; i < ldns_rdf_size(rdf); i++) {
++ ldns_buffer_write_u8(buffer,
++ (uint8_t) LDNS_DNAME_NORMALIZE((int)rdf_data[i]));
++ }
++ }
++ } else {
++ /* direct copy for all other types */
++ if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) {
++ ldns_buffer_write(buffer,
++ ldns_rdf_data(rdf),
++ ldns_rdf_size(rdf));
++ }
++ }
++ return ldns_buffer_status(buffer);
++}
++
++/* convert a rr list to wireformat */
++ldns_status
++ldns_rr_list2buffer_wire(ldns_buffer *buffer,const ldns_rr_list *rr_list)
++{
++ uint16_t rr_count;
++ uint16_t i;
++
++ rr_count = ldns_rr_list_rr_count(rr_list);
++ for(i = 0; i < rr_count; i++) {
++ (void)ldns_rr2buffer_wire(buffer, ldns_rr_list_rr(rr_list, i),
++ LDNS_SECTION_ANY);
++ }
++ return ldns_buffer_status(buffer);
++}
++
++
++ldns_status
++ldns_rr2buffer_wire_canonical(ldns_buffer *buffer,
++ const ldns_rr *rr,
++ int section)
++{
++ uint16_t i;
++ uint16_t rdl_pos = 0;
++ bool pre_rfc3597 = false;
++ switch (ldns_rr_get_type(rr)) {
++ case LDNS_RR_TYPE_NS:
++ case LDNS_RR_TYPE_MD:
++ case LDNS_RR_TYPE_MF:
++ case LDNS_RR_TYPE_CNAME:
++ case LDNS_RR_TYPE_SOA:
++ case LDNS_RR_TYPE_MB:
++ case LDNS_RR_TYPE_MG:
++ case LDNS_RR_TYPE_MR:
++ case LDNS_RR_TYPE_PTR:
++ case LDNS_RR_TYPE_HINFO:
++ case LDNS_RR_TYPE_MINFO:
++ case LDNS_RR_TYPE_MX:
++ case LDNS_RR_TYPE_RP:
++ case LDNS_RR_TYPE_AFSDB:
++ case LDNS_RR_TYPE_RT:
++ case LDNS_RR_TYPE_SIG:
++ case LDNS_RR_TYPE_PX:
++ case LDNS_RR_TYPE_NXT:
++ case LDNS_RR_TYPE_NAPTR:
++ case LDNS_RR_TYPE_KX:
++ case LDNS_RR_TYPE_SRV:
++ case LDNS_RR_TYPE_DNAME:
++ case LDNS_RR_TYPE_A6:
++ case LDNS_RR_TYPE_RRSIG:
++ pre_rfc3597 = true;
++ break;
++ default:
++ break;
++ }
++
++ if (ldns_rr_owner(rr)) {
++ (void) ldns_rdf2buffer_wire_canonical(buffer, ldns_rr_owner(rr));
++ }
++
++ if (ldns_buffer_reserve(buffer, 4)) {
++ (void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr));
++ (void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr));
++ }
++
++ if (section != LDNS_SECTION_QUESTION) {
++ if (ldns_buffer_reserve(buffer, 6)) {
++ ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr));
++ /* remember pos for later */
++ rdl_pos = ldns_buffer_position(buffer);
++ ldns_buffer_write_u16(buffer, 0);
++ }
++ for (i = 0; i < ldns_rr_rd_count(rr); i++) {
++ if (pre_rfc3597) {
++ (void) ldns_rdf2buffer_wire_canonical(
++ buffer, ldns_rr_rdf(rr, i));
++ } else {
++ (void) ldns_rdf2buffer_wire(
++ buffer, ldns_rr_rdf(rr, i));
++ }
++ }
++ if (rdl_pos != 0) {
++ ldns_buffer_write_u16_at(buffer, rdl_pos,
++ ldns_buffer_position(buffer)
++ - rdl_pos - 2);
++ }
++ }
++ return ldns_buffer_status(buffer);
++}
++
++ldns_status
++ldns_rr2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr, int section)
++{
++ return ldns_rr2buffer_wire_compress(buffer,rr,section,NULL);
++}
++
++ldns_status
++ldns_rr2buffer_wire_compress(ldns_buffer *buffer, const ldns_rr *rr, int section, ldns_rbtree_t *compression_data)
++{
++ uint16_t i;
++ uint16_t rdl_pos = 0;
++
++ if (ldns_rr_owner(rr)) {
++ (void) ldns_dname2buffer_wire_compress(buffer, ldns_rr_owner(rr), compression_data);
++ }
++
++ if (ldns_buffer_reserve(buffer, 4)) {
++ (void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr));
++ (void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr));
++ }
++
++ if (section != LDNS_SECTION_QUESTION) {
++ if (ldns_buffer_reserve(buffer, 6)) {
++ ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr));
++ /* remember pos for later */
++ rdl_pos = ldns_buffer_position(buffer);
++ ldns_buffer_write_u16(buffer, 0);
++ }
++ if (LDNS_RR_COMPRESS ==
++ ldns_rr_descript(ldns_rr_get_type(rr))->_compress) {
++
++ for (i = 0; i < ldns_rr_rd_count(rr); i++) {
++ (void) ldns_rdf2buffer_wire_compress(buffer,
++ ldns_rr_rdf(rr, i), compression_data);
++ }
++ } else {
++ for (i = 0; i < ldns_rr_rd_count(rr); i++) {
++ (void) ldns_rdf2buffer_wire(
++ buffer, ldns_rr_rdf(rr, i));
++ }
++ }
++ if (rdl_pos != 0) {
++ ldns_buffer_write_u16_at(buffer, rdl_pos,
++ ldns_buffer_position(buffer)
++ - rdl_pos - 2);
++ }
++ }
++ return ldns_buffer_status(buffer);
++}
++
++ldns_status
++ldns_rrsig2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr)
++{
++ uint16_t i;
++
++ /* it must be a sig RR */
++ if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) {
++ return LDNS_STATUS_ERR;
++ }
++
++ /* Convert all the rdfs, except the actual signature data
++ * rdf number 8 - the last, hence: -1 */
++ for (i = 0; i < ldns_rr_rd_count(rr) - 1; i++) {
++ (void) ldns_rdf2buffer_wire_canonical(buffer,
++ ldns_rr_rdf(rr, i));
++ }
++
++ return ldns_buffer_status(buffer);
++}
++
++ldns_status
++ldns_rr_rdata2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr)
++{
++ uint16_t i;
++
++ /* convert all the rdf's */
++ for (i = 0; i < ldns_rr_rd_count(rr); i++) {
++ (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr,i));
++ }
++ return ldns_buffer_status(buffer);
++}
++
++/*
++ * Copies the packet header data to the buffer in wire format
++ */
++static ldns_status
++ldns_hdr2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
++{
++ uint8_t flags;
++ uint16_t arcount;
++
++ if (ldns_buffer_reserve(buffer, 12)) {
++ ldns_buffer_write_u16(buffer, ldns_pkt_id(packet));
++
++ flags = ldns_pkt_qr(packet) << 7
++ | ldns_pkt_get_opcode(packet) << 3
++ | ldns_pkt_aa(packet) << 2
++ | ldns_pkt_tc(packet) << 1 | ldns_pkt_rd(packet);
++ ldns_buffer_write_u8(buffer, flags);
++
++ flags = ldns_pkt_ra(packet) << 7
++ /*| ldns_pkt_z(packet) << 6*/
++ | ldns_pkt_ad(packet) << 5
++ | ldns_pkt_cd(packet) << 4
++ | ldns_pkt_get_rcode(packet);
++ ldns_buffer_write_u8(buffer, flags);
++
++ ldns_buffer_write_u16(buffer, ldns_pkt_qdcount(packet));
++ ldns_buffer_write_u16(buffer, ldns_pkt_ancount(packet));
++ ldns_buffer_write_u16(buffer, ldns_pkt_nscount(packet));
++ /* add EDNS0 and TSIG to additional if they are there */
++ arcount = ldns_pkt_arcount(packet);
++ if (ldns_pkt_tsig(packet)) {
++ arcount++;
++ }
++ if (ldns_pkt_edns(packet)) {
++ arcount++;
++ }
++ ldns_buffer_write_u16(buffer, arcount);
++ }
++
++ return ldns_buffer_status(buffer);
++}
++
++void
++compression_node_free(ldns_rbnode_t *node, void *arg)
++{
++ (void)arg; /* Yes, dear compiler, it is used */
++ free((void *)node->key);
++ LDNS_FREE(node);
++}
++
++ldns_status
++ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
++{
++ ldns_rr_list *rr_list;
++ uint16_t i;
++
++ /* edns tmp vars */
++ ldns_rr *edns_rr;
++ uint8_t edata[4];
++
++ ldns_rbtree_t *compression_data = ldns_rbtree_create((int (*)(const void *, const void *))strcasecmp);
++
++ (void) ldns_hdr2buffer_wire(buffer, packet);
++
++ rr_list = ldns_pkt_question(packet);
++ if (rr_list) {
++ for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
++ (void) ldns_rr2buffer_wire_compress(buffer,
++ ldns_rr_list_rr(rr_list, i), LDNS_SECTION_QUESTION, compression_data);
++ }
++ }
++ rr_list = ldns_pkt_answer(packet);
++ if (rr_list) {
++ for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
++ (void) ldns_rr2buffer_wire_compress(buffer,
++ ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ANSWER, compression_data);
++ }
++ }
++ rr_list = ldns_pkt_authority(packet);
++ if (rr_list) {
++ for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
++ (void) ldns_rr2buffer_wire_compress(buffer,
++ ldns_rr_list_rr(rr_list, i), LDNS_SECTION_AUTHORITY, compression_data);
++ }
++ }
++ rr_list = ldns_pkt_additional(packet);
++ if (rr_list) {
++ for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
++ (void) ldns_rr2buffer_wire_compress(buffer,
++ ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ADDITIONAL, compression_data);
++ }
++ }
++
++ /* add EDNS to additional if it is needed */
++ if (ldns_pkt_edns(packet)) {
++ edns_rr = ldns_rr_new();
++ if(!edns_rr) return LDNS_STATUS_MEM_ERR;
++ ldns_rr_set_owner(edns_rr,
++ ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "."));
++ ldns_rr_set_type(edns_rr, LDNS_RR_TYPE_OPT);
++ ldns_rr_set_class(edns_rr, ldns_pkt_edns_udp_size(packet));
++ edata[0] = ldns_pkt_edns_extended_rcode(packet);
++ edata[1] = ldns_pkt_edns_version(packet);
++ ldns_write_uint16(&edata[2], ldns_pkt_edns_z(packet));
++ ldns_rr_set_ttl(edns_rr, ldns_read_uint32(edata));
++ /* don't forget to add the edns rdata (if any) */
++ if (packet->_edns_data)
++ ldns_rr_push_rdf (edns_rr, packet->_edns_data);
++ (void)ldns_rr2buffer_wire_compress(buffer, edns_rr, LDNS_SECTION_ADDITIONAL, compression_data);
++ /* take the edns rdata back out of the rr before we free rr */
++ if (packet->_edns_data)
++ (void)ldns_rr_pop_rdf (edns_rr);
++ ldns_rr_free(edns_rr);
++ }
++
++ /* add TSIG to additional if it is there */
++ if (ldns_pkt_tsig(packet)) {
++ (void) ldns_rr2buffer_wire_compress(buffer,
++ ldns_pkt_tsig(packet), LDNS_SECTION_ADDITIONAL, compression_data);
++ }
++
++ ldns_traverse_postorder(compression_data,compression_node_free,NULL);
++ ldns_rbtree_free(compression_data);
++
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *result_size)
++{
++ ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ ldns_status status;
++ *result_size = 0;
++ *dest = NULL;
++ if(!buffer) return LDNS_STATUS_MEM_ERR;
++
++ status = ldns_rdf2buffer_wire(buffer, rdf);
++ if (status == LDNS_STATUS_OK) {
++ *result_size = ldns_buffer_position(buffer);
++ *dest = (uint8_t *) ldns_buffer_export(buffer);
++ }
++ ldns_buffer_free(buffer);
++ return status;
++}
++
++ldns_status
++ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *result_size)
++{
++ ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ ldns_status status;
++ *result_size = 0;
++ *dest = NULL;
++ if(!buffer) return LDNS_STATUS_MEM_ERR;
++
++ status = ldns_rr2buffer_wire(buffer, rr, section);
++ if (status == LDNS_STATUS_OK) {
++ *result_size = ldns_buffer_position(buffer);
++ *dest = (uint8_t *) ldns_buffer_export(buffer);
++ }
++ ldns_buffer_free(buffer);
++ return status;
++}
++
++ldns_status
++ldns_pkt2wire(uint8_t **dest, const ldns_pkt *packet, size_t *result_size)
++{
++ ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ ldns_status status;
++ *result_size = 0;
++ *dest = NULL;
++ if(!buffer) return LDNS_STATUS_MEM_ERR;
++
++ status = ldns_pkt2buffer_wire(buffer, packet);
++ if (status == LDNS_STATUS_OK) {
++ *result_size = ldns_buffer_position(buffer);
++ *dest = (uint8_t *) ldns_buffer_export(buffer);
++ }
++ ldns_buffer_free(buffer);
++ return status;
++}
+diff --git a/ldns/src/keys.c b/ldns/src/keys.c
+new file mode 100644
+index 0000000..8b43821
+--- /dev/null
++++ b/ldns/src/keys.c
+@@ -0,0 +1,1726 @@
++/*
++ * keys.c handle private keys for use in DNSSEC
++ *
++ * This module should hide some of the openSSL complexities
++ * and give a general interface for private keys and hmac
++ * handling
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#ifdef HAVE_SSL
++#include <openssl/ssl.h>
++#include <openssl/engine.h>
++#include <openssl/rand.h>
++#endif /* HAVE_SSL */
++
++ldns_lookup_table ldns_signing_algorithms[] = {
++ { LDNS_SIGN_RSAMD5, "RSAMD5" },
++ { LDNS_SIGN_RSASHA1, "RSASHA1" },
++ { LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
++#ifdef USE_SHA2
++ { LDNS_SIGN_RSASHA256, "RSASHA256" },
++ { LDNS_SIGN_RSASHA512, "RSASHA512" },
++#endif
++#ifdef USE_GOST
++ { LDNS_SIGN_ECC_GOST, "ECC-GOST" },
++#endif
++#ifdef USE_ECDSA
++ { LDNS_SIGN_ECDSAP256SHA256, "ECDSAP256SHA256" },
++ { LDNS_SIGN_ECDSAP384SHA384, "ECDSAP384SHA384" },
++#endif
++ { LDNS_SIGN_DSA, "DSA" },
++ { LDNS_SIGN_DSA_NSEC3, "DSA-NSEC3-SHA1" },
++ { LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" },
++ { LDNS_SIGN_HMACSHA1, "hmac-sha1" },
++ { LDNS_SIGN_HMACSHA256, "hmac-sha256" },
++ { 0, NULL }
++};
++
++ldns_key_list *
++ldns_key_list_new(void)
++{
++ ldns_key_list *key_list = LDNS_MALLOC(ldns_key_list);
++ if (!key_list) {
++ return NULL;
++ } else {
++ key_list->_key_count = 0;
++ key_list->_keys = NULL;
++ return key_list;
++ }
++}
++
++ldns_key *
++ldns_key_new(void)
++{
++ ldns_key *newkey;
++
++ newkey = LDNS_MALLOC(ldns_key);
++ if (!newkey) {
++ return NULL;
++ } else {
++ /* some defaults - not sure wether to do this */
++ ldns_key_set_use(newkey, true);
++ ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY);
++ ldns_key_set_origttl(newkey, 0);
++ ldns_key_set_keytag(newkey, 0);
++ ldns_key_set_inception(newkey, 0);
++ ldns_key_set_expiration(newkey, 0);
++ ldns_key_set_pubkey_owner(newkey, NULL);
++#ifdef HAVE_SSL
++ ldns_key_set_evp_key(newkey, NULL);
++#endif /* HAVE_SSL */
++ ldns_key_set_hmac_key(newkey, NULL);
++ ldns_key_set_external_key(newkey, NULL);
++ return newkey;
++ }
++}
++
++ldns_status
++ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
++{
++ return ldns_key_new_frm_fp_l(k, fp, NULL);
++}
++
++#ifdef HAVE_SSL
++ldns_status
++ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
++{
++ ldns_key *k;
++
++ k = ldns_key_new();
++ if(!k) return LDNS_STATUS_MEM_ERR;
++#ifndef S_SPLINT_S
++ k->_key.key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL);
++ if(!k->_key.key) {
++ ldns_key_free(k);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_key_set_algorithm(k, (ldns_signing_algorithm) alg);
++ if (!k->_key.key) {
++ ldns_key_free(k);
++ return LDNS_STATUS_ENGINE_KEY_NOT_LOADED;
++ }
++#endif /* splint */
++ *key = k;
++ return LDNS_STATUS_OK;
++}
++#endif
++
++#ifdef USE_GOST
++/** store GOST engine reference loaded into OpenSSL library */
++ENGINE* ldns_gost_engine = NULL;
++
++int
++ldns_key_EVP_load_gost_id(void)
++{
++ static int gost_id = 0;
++ const EVP_PKEY_ASN1_METHOD* meth;
++ ENGINE* e;
++
++ if(gost_id) return gost_id;
++
++ /* see if configuration loaded gost implementation from other engine*/
++ meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1);
++ if(meth) {
++ EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
++ return gost_id;
++ }
++
++ /* see if engine can be loaded already */
++ e = ENGINE_by_id("gost");
++ if(!e) {
++ /* load it ourself, in case statically linked */
++ ENGINE_load_builtin_engines();
++ ENGINE_load_dynamic();
++ e = ENGINE_by_id("gost");
++ }
++ if(!e) {
++ /* no gost engine in openssl */
++ return 0;
++ }
++ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
++ ENGINE_finish(e);
++ ENGINE_free(e);
++ return 0;
++ }
++
++ meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1);
++ if(!meth) {
++ /* algo not found */
++ ENGINE_finish(e);
++ ENGINE_free(e);
++ return 0;
++ }
++ /* Note: do not ENGINE_finish and ENGINE_free the acquired engine
++ * on some platforms this frees up the meth and unloads gost stuff */
++ ldns_gost_engine = e;
++
++ EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
++ return gost_id;
++}
++
++void ldns_key_EVP_unload_gost(void)
++{
++ if(ldns_gost_engine) {
++ ENGINE_finish(ldns_gost_engine);
++ ENGINE_free(ldns_gost_engine);
++ ldns_gost_engine = NULL;
++ }
++}
++
++/** read GOST private key */
++static EVP_PKEY*
++ldns_key_new_frm_fp_gost_l(FILE* fp, int* line_nr)
++{
++ char token[16384];
++ const unsigned char* pp;
++ int gost_id;
++ EVP_PKEY* pkey;
++ ldns_rdf* b64rdf = NULL;
++
++ gost_id = ldns_key_EVP_load_gost_id();
++ if(!gost_id)
++ return NULL;
++
++ if (ldns_fget_keyword_data_l(fp, "GostAsn1", ": ", token, "\n",
++ sizeof(token), line_nr) == -1)
++ return NULL;
++ while(strlen(token) < 96) {
++ /* read more b64 from the file, b64 split on multiple lines */
++ if(ldns_fget_token_l(fp, token+strlen(token), "\n",
++ sizeof(token)-strlen(token), line_nr) == -1)
++ return NULL;
++ }
++ if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
++ return NULL;
++ pp = (unsigned char*)ldns_rdf_data(b64rdf);
++ pkey = d2i_PrivateKey(gost_id, NULL, &pp, (int)ldns_rdf_size(b64rdf));
++ ldns_rdf_deep_free(b64rdf);
++ return pkey;
++}
++#endif
++
++#ifdef USE_ECDSA
++/** calculate public key from private key */
++static int
++ldns_EC_KEY_calc_public(EC_KEY* ec)
++{
++ EC_POINT* pub_key;
++ const EC_GROUP* group;
++ group = EC_KEY_get0_group(ec);
++ pub_key = EC_POINT_new(group);
++ if(!pub_key) return 0;
++ if(!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
++ EC_POINT_free(pub_key);
++ return 0;
++ }
++ if(!EC_POINT_mul(group, pub_key, EC_KEY_get0_private_key(ec),
++ NULL, NULL, NULL)) {
++ EC_POINT_free(pub_key);
++ return 0;
++ }
++ if(EC_KEY_set_public_key(ec, pub_key) == 0) {
++ EC_POINT_free(pub_key);
++ return 0;
++ }
++ EC_POINT_free(pub_key);
++ return 1;
++}
++
++/** read ECDSA private key */
++static EVP_PKEY*
++ldns_key_new_frm_fp_ecdsa_l(FILE* fp, ldns_algorithm alg, int* line_nr)
++{
++ char token[16384];
++ ldns_rdf* b64rdf = NULL;
++ unsigned char* pp;
++ BIGNUM* bn;
++ EVP_PKEY* evp_key;
++ EC_KEY* ec;
++ if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n",
++ sizeof(token), line_nr) == -1)
++ return NULL;
++ if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
++ return NULL;
++ pp = (unsigned char*)ldns_rdf_data(b64rdf);
++
++ if(alg == LDNS_ECDSAP256SHA256)
++ ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
++ else if(alg == LDNS_ECDSAP384SHA384)
++ ec = EC_KEY_new_by_curve_name(NID_secp384r1);
++ else ec = NULL;
++ if(!ec) {
++ ldns_rdf_deep_free(b64rdf);
++ return NULL;
++ }
++ bn = BN_bin2bn(pp, (int)ldns_rdf_size(b64rdf), NULL);
++ ldns_rdf_deep_free(b64rdf);
++ if(!bn) {
++ EC_KEY_free(ec);
++ return NULL;
++ }
++ EC_KEY_set_private_key(ec, bn);
++ BN_free(bn);
++ if(!ldns_EC_KEY_calc_public(ec)) {
++ EC_KEY_free(ec);
++ return NULL;
++ }
++
++ evp_key = EVP_PKEY_new();
++ if(!evp_key) {
++ EC_KEY_free(ec);
++ return NULL;
++ }
++ if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
++ EVP_PKEY_free(evp_key);
++ EC_KEY_free(ec);
++ return NULL;
++ }
++ return evp_key;
++}
++#endif
++
++ldns_status
++ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
++{
++ ldns_key *k;
++ char *d;
++ ldns_signing_algorithm alg;
++ ldns_rr *key_rr;
++#ifdef HAVE_SSL
++ RSA *rsa;
++ DSA *dsa;
++ unsigned char *hmac;
++ size_t hmac_size;
++#endif /* HAVE_SSL */
++
++ k = ldns_key_new();
++
++ d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
++ if (!k || !d) {
++ ldns_key_free(k);
++ LDNS_FREE(d);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ alg = 0;
++
++ /* the file is highly structured. Do this in sequence */
++ /* RSA:
++ * Private-key-format: v1.x.
++ * Algorithm: 1 (RSA)
++
++ */
++ /* get the key format version number */
++ if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n",
++ LDNS_MAX_LINELEN, line_nr) == -1) {
++ /* no version information */
++ ldns_key_free(k);
++ LDNS_FREE(d);
++ return LDNS_STATUS_SYNTAX_ERR;
++ }
++ if (strncmp(d, "v1.", 3) != 0) {
++ ldns_key_free(k);
++ LDNS_FREE(d);
++ return LDNS_STATUS_SYNTAX_VERSION_ERR;
++ }
++
++ /* get the algorithm type, our file function strip ( ) so there are
++ * not in the return string! */
++ if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n",
++ LDNS_MAX_LINELEN, line_nr) == -1) {
++ /* no alg information */
++ ldns_key_free(k);
++ LDNS_FREE(d);
++ return LDNS_STATUS_SYNTAX_ALG_ERR;
++ }
++
++ if (strncmp(d, "1 RSA", 2) == 0) {
++ alg = LDNS_SIGN_RSAMD5;
++ }
++ if (strncmp(d, "2 DH", 2) == 0) {
++ alg = (ldns_signing_algorithm)LDNS_DH;
++ }
++ if (strncmp(d, "3 DSA", 2) == 0) {
++ alg = LDNS_SIGN_DSA;
++ }
++ if (strncmp(d, "4 ECC", 2) == 0) {
++ alg = (ldns_signing_algorithm)LDNS_ECC;
++ }
++ if (strncmp(d, "5 RSASHA1", 2) == 0) {
++ alg = LDNS_SIGN_RSASHA1;
++ }
++ if (strncmp(d, "6 DSA", 2) == 0) {
++ alg = LDNS_SIGN_DSA_NSEC3;
++ }
++ if (strncmp(d, "7 RSASHA1", 2) == 0) {
++ alg = LDNS_SIGN_RSASHA1_NSEC3;
++ }
++
++ if (strncmp(d, "8 RSASHA256", 2) == 0) {
++#ifdef USE_SHA2
++ alg = LDNS_SIGN_RSASHA256;
++#else
++# ifdef STDERR_MSGS
++ fprintf(stderr, "Warning: SHA256 not compiled into this ");
++ fprintf(stderr, "version of ldns\n");
++# endif
++#endif
++ }
++ if (strncmp(d, "10 RSASHA512", 3) == 0) {
++#ifdef USE_SHA2
++ alg = LDNS_SIGN_RSASHA512;
++#else
++# ifdef STDERR_MSGS
++ fprintf(stderr, "Warning: SHA512 not compiled into this ");
++ fprintf(stderr, "version of ldns\n");
++# endif
++#endif
++ }
++ if (strncmp(d, "12 ECC-GOST", 3) == 0) {
++#ifdef USE_GOST
++ alg = LDNS_SIGN_ECC_GOST;
++#else
++# ifdef STDERR_MSGS
++ fprintf(stderr, "Warning: ECC-GOST not compiled into this ");
++ fprintf(stderr, "version of ldns, use --enable-gost\n");
++# endif
++#endif
++ }
++ if (strncmp(d, "13 ECDSAP256SHA256", 3) == 0) {
++#ifdef USE_ECDSA
++ alg = LDNS_SIGN_ECDSAP256SHA256;
++#else
++# ifdef STDERR_MSGS
++ fprintf(stderr, "Warning: ECDSA not compiled into this ");
++ fprintf(stderr, "version of ldns, use --enable-ecdsa\n");
++# endif
++#endif
++ }
++ if (strncmp(d, "14 ECDSAP384SHA384", 3) == 0) {
++#ifdef USE_ECDSA
++ alg = LDNS_SIGN_ECDSAP384SHA384;
++#else
++# ifdef STDERR_MSGS
++ fprintf(stderr, "Warning: ECDSA not compiled into this ");
++ fprintf(stderr, "version of ldns, use --enable-ecdsa\n");
++# endif
++#endif
++ }
++ if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
++ alg = LDNS_SIGN_HMACMD5;
++ }
++ if (strncmp(d, "158 HMAC-SHA1", 4) == 0) {
++ alg = LDNS_SIGN_HMACSHA1;
++ }
++ if (strncmp(d, "159 HMAC-SHA256", 4) == 0) {
++ alg = LDNS_SIGN_HMACSHA256;
++ }
++
++ LDNS_FREE(d);
++
++ switch(alg) {
++ case LDNS_SIGN_RSAMD5:
++ case LDNS_SIGN_RSASHA1:
++ case LDNS_SIGN_RSASHA1_NSEC3:
++#ifdef USE_SHA2
++ case LDNS_SIGN_RSASHA256:
++ case LDNS_SIGN_RSASHA512:
++#endif
++ ldns_key_set_algorithm(k, alg);
++#ifdef HAVE_SSL
++ rsa = ldns_key_new_frm_fp_rsa_l(fp, line_nr);
++ if (!rsa) {
++ ldns_key_free(k);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_key_assign_rsa_key(k, rsa);
++#endif /* HAVE_SSL */
++ break;
++ case LDNS_SIGN_DSA:
++ case LDNS_SIGN_DSA_NSEC3:
++ ldns_key_set_algorithm(k, alg);
++#ifdef HAVE_SSL
++ dsa = ldns_key_new_frm_fp_dsa_l(fp, line_nr);
++ if (!dsa) {
++ ldns_key_free(k);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_key_assign_dsa_key(k, dsa);
++#endif /* HAVE_SSL */
++ break;
++ case LDNS_SIGN_HMACMD5:
++ case LDNS_SIGN_HMACSHA1:
++ case LDNS_SIGN_HMACSHA256:
++ ldns_key_set_algorithm(k, alg);
++#ifdef HAVE_SSL
++ hmac = ldns_key_new_frm_fp_hmac_l(fp, line_nr, &hmac_size);
++ if (!hmac) {
++ ldns_key_free(k);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_key_set_hmac_size(k, hmac_size);
++ ldns_key_set_hmac_key(k, hmac);
++#endif /* HAVE_SSL */
++ break;
++ case LDNS_SIGN_ECC_GOST:
++ ldns_key_set_algorithm(k, alg);
++#if defined(HAVE_SSL) && defined(USE_GOST)
++ if(!ldns_key_EVP_load_gost_id()) {
++ ldns_key_free(k);
++ return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL;
++ }
++ ldns_key_set_evp_key(k,
++ ldns_key_new_frm_fp_gost_l(fp, line_nr));
++#ifndef S_SPLINT_S
++ if(!k->_key.key) {
++ ldns_key_free(k);
++ return LDNS_STATUS_ERR;
++ }
++#endif /* splint */
++#endif
++ break;
++#ifdef USE_ECDSA
++ case LDNS_SIGN_ECDSAP256SHA256:
++ case LDNS_SIGN_ECDSAP384SHA384:
++ ldns_key_set_algorithm(k, alg);
++ ldns_key_set_evp_key(k,
++ ldns_key_new_frm_fp_ecdsa_l(fp, (ldns_algorithm)alg, line_nr));
++#ifndef S_SPLINT_S
++ if(!k->_key.key) {
++ ldns_key_free(k);
++ return LDNS_STATUS_ERR;
++ }
++#endif /* splint */
++ break;
++#endif
++ default:
++ ldns_key_free(k);
++ return LDNS_STATUS_SYNTAX_ALG_ERR;
++ }
++ key_rr = ldns_key2rr(k);
++ ldns_key_set_keytag(k, ldns_calc_keytag(key_rr));
++ ldns_rr_free(key_rr);
++
++ if (key) {
++ *key = k;
++ return LDNS_STATUS_OK;
++ }
++ ldns_key_free(k);
++ return LDNS_STATUS_ERR;
++}
++
++#ifdef HAVE_SSL
++RSA *
++ldns_key_new_frm_fp_rsa(FILE *f)
++{
++ return ldns_key_new_frm_fp_rsa_l(f, NULL);
++}
++
++RSA *
++ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
++{
++ /* we parse
++ * Modulus:
++ * PublicExponent:
++ * PrivateExponent:
++ * Prime1:
++ * Prime2:
++ * Exponent1:
++ * Exponent2:
++ * Coefficient:
++ *
++ * man 3 RSA:
++ *
++ * struct
++ * {
++ * BIGNUM *n; // public modulus
++ * BIGNUM *e; // public exponent
++ * BIGNUM *d; // private exponent
++ * BIGNUM *p; // secret prime factor
++ * BIGNUM *q; // secret prime factor
++ * BIGNUM *dmp1; // d mod (p-1)
++ * BIGNUM *dmq1; // d mod (q-1)
++ * BIGNUM *iqmp; // q^-1 mod p
++ * // ...
++ *
++ */
++ char *d;
++ RSA *rsa;
++ uint8_t *buf;
++ int i;
++
++ d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
++ buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
++ rsa = RSA_new();
++ if (!d || !rsa || !buf) {
++ goto error;
++ }
++
++ /* I could use functions again, but that seems an overkill,
++ * allthough this also looks tedious
++ */
++
++ /* Modules, rsa->n */
++ if (ldns_fget_keyword_data_l(f, "Modulus", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++#ifndef S_SPLINT_S
++ rsa->n = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!rsa->n) {
++ goto error;
++ }
++
++ /* PublicExponent, rsa->e */
++ if (ldns_fget_keyword_data_l(f, "PublicExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ rsa->e = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!rsa->e) {
++ goto error;
++ }
++
++ /* PrivateExponent, rsa->d */
++ if (ldns_fget_keyword_data_l(f, "PrivateExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ rsa->d = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!rsa->d) {
++ goto error;
++ }
++
++ /* Prime1, rsa->p */
++ if (ldns_fget_keyword_data_l(f, "Prime1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ rsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!rsa->p) {
++ goto error;
++ }
++
++ /* Prime2, rsa->q */
++ if (ldns_fget_keyword_data_l(f, "Prime2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ rsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!rsa->q) {
++ goto error;
++ }
++
++ /* Exponent1, rsa->dmp1 */
++ if (ldns_fget_keyword_data_l(f, "Exponent1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ rsa->dmp1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!rsa->dmp1) {
++ goto error;
++ }
++
++ /* Exponent2, rsa->dmq1 */
++ if (ldns_fget_keyword_data_l(f, "Exponent2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ rsa->dmq1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!rsa->dmq1) {
++ goto error;
++ }
++
++ /* Coefficient, rsa->iqmp */
++ if (ldns_fget_keyword_data_l(f, "Coefficient", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ rsa->iqmp = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!rsa->iqmp) {
++ goto error;
++ }
++#endif /* splint */
++
++ LDNS_FREE(buf);
++ LDNS_FREE(d);
++ return rsa;
++
++error:
++ RSA_free(rsa);
++ LDNS_FREE(d);
++ LDNS_FREE(buf);
++ return NULL;
++}
++
++DSA *
++ldns_key_new_frm_fp_dsa(FILE *f)
++{
++ return ldns_key_new_frm_fp_dsa_l(f, NULL);
++}
++
++DSA *
++ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr))
++{
++ int i;
++ char *d;
++ DSA *dsa;
++ uint8_t *buf;
++
++ d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
++ buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
++ dsa = DSA_new();
++ if (!d || !dsa || !buf) {
++ goto error;
++ }
++
++ /* the line parser removes the () from the input... */
++
++ /* Prime, dsa->p */
++ if (ldns_fget_keyword_data_l(f, "Primep", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++#ifndef S_SPLINT_S
++ dsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!dsa->p) {
++ goto error;
++ }
++
++ /* Subprime, dsa->q */
++ if (ldns_fget_keyword_data_l(f, "Subprimeq", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ dsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!dsa->q) {
++ goto error;
++ }
++
++ /* Base, dsa->g */
++ if (ldns_fget_keyword_data_l(f, "Baseg", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ dsa->g = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!dsa->g) {
++ goto error;
++ }
++
++ /* Private key, dsa->priv_key */
++ if (ldns_fget_keyword_data_l(f, "Private_valuex", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ dsa->priv_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!dsa->priv_key) {
++ goto error;
++ }
++
++ /* Public key, dsa->priv_key */
++ if (ldns_fget_keyword_data_l(f, "Public_valuey", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
++ dsa->pub_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
++ if (!dsa->pub_key) {
++ goto error;
++ }
++#endif /* splint */
++
++ LDNS_FREE(buf);
++ LDNS_FREE(d);
++
++ return dsa;
++
++error:
++ LDNS_FREE(d);
++ LDNS_FREE(buf);
++ DSA_free(dsa);
++ return NULL;
++}
++
++unsigned char *
++ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
++{
++ return ldns_key_new_frm_fp_hmac_l(f, NULL, hmac_size);
++}
++
++unsigned char *
++ldns_key_new_frm_fp_hmac_l( FILE *f
++ , ATTR_UNUSED(int *line_nr)
++ , size_t *hmac_size
++ )
++{
++ size_t i, bufsz;
++ char d[LDNS_MAX_LINELEN];
++ unsigned char *buf = NULL;
++
++ if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
++ goto error;
++ }
++ bufsz = ldns_b64_ntop_calculate_size(strlen(d));
++ buf = LDNS_XMALLOC(unsigned char, bufsz);
++ i = (size_t) ldns_b64_pton((const char*)d, buf, bufsz);
++
++ *hmac_size = i;
++ return buf;
++
++ error:
++ LDNS_FREE(buf);
++ *hmac_size = 0;
++ return NULL;
++}
++#endif /* HAVE_SSL */
++
++#ifdef USE_GOST
++static EVP_PKEY*
++ldns_gen_gost_key(void)
++{
++ EVP_PKEY_CTX* ctx;
++ EVP_PKEY* p = NULL;
++ int gost_id = ldns_key_EVP_load_gost_id();
++ if(!gost_id)
++ return NULL;
++ ctx = EVP_PKEY_CTX_new_id(gost_id, NULL);
++ if(!ctx) {
++ /* the id should be available now */
++ return NULL;
++ }
++ if(EVP_PKEY_CTX_ctrl_str(ctx, "paramset", "A") <= 0) {
++ /* cannot set paramset */
++ EVP_PKEY_CTX_free(ctx);
++ return NULL;
++ }
++
++ if(EVP_PKEY_keygen_init(ctx) <= 0) {
++ EVP_PKEY_CTX_free(ctx);
++ return NULL;
++ }
++ if(EVP_PKEY_keygen(ctx, &p) <= 0) {
++ EVP_PKEY_free(p);
++ EVP_PKEY_CTX_free(ctx);
++ return NULL;
++ }
++ EVP_PKEY_CTX_free(ctx);
++ return p;
++}
++#endif
++
++ldns_key *
++ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
++{
++ ldns_key *k;
++#ifdef HAVE_SSL
++ DSA *d;
++ RSA *r;
++# ifdef USE_ECDSA
++ EC_KEY *ec = NULL;
++# endif
++#else
++ int i;
++ uint16_t offset = 0;
++#endif
++ unsigned char *hmac;
++
++ k = ldns_key_new();
++ if (!k) {
++ return NULL;
++ }
++ switch(alg) {
++ case LDNS_SIGN_RSAMD5:
++ case LDNS_SIGN_RSASHA1:
++ case LDNS_SIGN_RSASHA1_NSEC3:
++ case LDNS_SIGN_RSASHA256:
++ case LDNS_SIGN_RSASHA512:
++#ifdef HAVE_SSL
++ r = RSA_generate_key((int)size, RSA_F4, NULL, NULL);
++ if(!r) {
++ ldns_key_free(k);
++ return NULL;
++ }
++ if (RSA_check_key(r) != 1) {
++ ldns_key_free(k);
++ return NULL;
++ }
++ ldns_key_set_rsa_key(k, r);
++ RSA_free(r);
++#endif /* HAVE_SSL */
++ break;
++ case LDNS_SIGN_DSA:
++ case LDNS_SIGN_DSA_NSEC3:
++#ifdef HAVE_SSL
++ d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
++ if (!d) {
++ ldns_key_free(k);
++ return NULL;
++ }
++ if (DSA_generate_key(d) != 1) {
++ ldns_key_free(k);
++ return NULL;
++ }
++ ldns_key_set_dsa_key(k, d);
++ DSA_free(d);
++#endif /* HAVE_SSL */
++ break;
++ case LDNS_SIGN_HMACMD5:
++ case LDNS_SIGN_HMACSHA1:
++ case LDNS_SIGN_HMACSHA256:
++#ifdef HAVE_SSL
++#ifndef S_SPLINT_S
++ k->_key.key = NULL;
++#endif /* splint */
++#endif /* HAVE_SSL */
++ size = size / 8;
++ ldns_key_set_hmac_size(k, size);
++
++ hmac = LDNS_XMALLOC(unsigned char, size);
++ if(!hmac) {
++ ldns_key_free(k);
++ return NULL;
++ }
++#ifdef HAVE_SSL
++ if (RAND_bytes(hmac, (int) size) != 1) {
++ LDNS_FREE(hmac);
++ ldns_key_free(k);
++ return NULL;
++ }
++#else
++ while (offset + sizeof(i) < size) {
++ i = random();
++ memcpy(&hmac[offset], &i, sizeof(i));
++ offset += sizeof(i);
++ }
++ if (offset < size) {
++ i = random();
++ memcpy(&hmac[offset], &i, size - offset);
++ }
++#endif /* HAVE_SSL */
++ ldns_key_set_hmac_key(k, hmac);
++
++ ldns_key_set_flags(k, 0);
++ break;
++ case LDNS_SIGN_ECC_GOST:
++#if defined(HAVE_SSL) && defined(USE_GOST)
++ ldns_key_set_evp_key(k, ldns_gen_gost_key());
++#ifndef S_SPLINT_S
++ if(!k->_key.key) {
++ ldns_key_free(k);
++ return NULL;
++ }
++#endif /* splint */
++#else
++ ldns_key_free(k);
++ return NULL;
++#endif /* HAVE_SSL and USE_GOST */
++ break;
++ case LDNS_SIGN_ECDSAP256SHA256:
++ case LDNS_SIGN_ECDSAP384SHA384:
++#ifdef USE_ECDSA
++ if(alg == LDNS_SIGN_ECDSAP256SHA256)
++ ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
++ else if(alg == LDNS_SIGN_ECDSAP384SHA384)
++ ec = EC_KEY_new_by_curve_name(NID_secp384r1);
++ if(!ec) {
++ ldns_key_free(k);
++ return NULL;
++ }
++ if(!EC_KEY_generate_key(ec)) {
++ ldns_key_free(k);
++ EC_KEY_free(ec);
++ return NULL;
++ }
++#ifndef S_SPLINT_S
++ k->_key.key = EVP_PKEY_new();
++ if(!k->_key.key) {
++ ldns_key_free(k);
++ EC_KEY_free(ec);
++ return NULL;
++ }
++ if (!EVP_PKEY_assign_EC_KEY(k->_key.key, ec)) {
++ ldns_key_free(k);
++ EC_KEY_free(ec);
++ return NULL;
++ }
++#endif /* splint */
++#else
++ ldns_key_free(k);
++ return NULL;
++#endif /* ECDSA */
++ break;
++ }
++ ldns_key_set_algorithm(k, alg);
++ return k;
++}
++
++void
++ldns_key_print(FILE *output, const ldns_key *k)
++{
++ char *str = ldns_key2str(k);
++ if (str) {
++ fprintf(output, "%s", str);
++ } else {
++ fprintf(output, "Unable to convert private key to string\n");
++ }
++ LDNS_FREE(str);
++}
++
++
++void
++ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
++{
++ k->_alg = l;
++}
++
++void
++ldns_key_set_flags(ldns_key *k, uint16_t f)
++{
++ k->_extra.dnssec.flags = f;
++}
++
++#ifdef HAVE_SSL
++#ifndef S_SPLINT_S
++void
++ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
++{
++ k->_key.key = e;
++}
++
++void
++ldns_key_set_rsa_key(ldns_key *k, RSA *r)
++{
++ EVP_PKEY *key = EVP_PKEY_new();
++ EVP_PKEY_set1_RSA(key, r);
++ k->_key.key = key;
++}
++
++void
++ldns_key_set_dsa_key(ldns_key *k, DSA *d)
++{
++ EVP_PKEY *key = EVP_PKEY_new();
++ EVP_PKEY_set1_DSA(key, d);
++ k->_key.key = key;
++}
++
++void
++ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
++{
++ EVP_PKEY *key = EVP_PKEY_new();
++ EVP_PKEY_assign_RSA(key, r);
++ k->_key.key = key;
++}
++
++void
++ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
++{
++ EVP_PKEY *key = EVP_PKEY_new();
++ EVP_PKEY_assign_DSA(key, d);
++ k->_key.key = key;
++}
++#endif /* splint */
++#endif /* HAVE_SSL */
++
++void
++ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
++{
++ k->_key.hmac.key = hmac;
++}
++
++void
++ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
++{
++ k->_key.hmac.size = hmac_size;
++}
++
++void
++ldns_key_set_external_key(ldns_key *k, void *external_key)
++{
++ k->_key.external_key = external_key;
++}
++
++void
++ldns_key_set_origttl(ldns_key *k, uint32_t t)
++{
++ k->_extra.dnssec.orig_ttl = t;
++}
++
++void
++ldns_key_set_inception(ldns_key *k, uint32_t i)
++{
++ k->_extra.dnssec.inception = i;
++}
++
++void
++ldns_key_set_expiration(ldns_key *k, uint32_t e)
++{
++ k->_extra.dnssec.expiration = e;
++}
++
++void
++ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
++{
++ k->_pubkey_owner = r;
++}
++
++void
++ldns_key_set_keytag(ldns_key *k, uint16_t tag)
++{
++ k->_extra.dnssec.keytag = tag;
++}
++
++/* read */
++size_t
++ldns_key_list_key_count(const ldns_key_list *key_list)
++{
++ return key_list->_key_count;
++}
++
++ldns_key *
++ldns_key_list_key(const ldns_key_list *key, size_t nr)
++{
++ if (nr < ldns_key_list_key_count(key)) {
++ return key->_keys[nr];
++ } else {
++ return NULL;
++ }
++}
++
++ldns_signing_algorithm
++ldns_key_algorithm(const ldns_key *k)
++{
++ return k->_alg;
++}
++
++void
++ldns_key_set_use(ldns_key *k, bool v)
++{
++ if (k) {
++ k->_use = v;
++ }
++}
++
++bool
++ldns_key_use(const ldns_key *k)
++{
++ if (k) {
++ return k->_use;
++ }
++ return false;
++}
++
++#ifdef HAVE_SSL
++#ifndef S_SPLINT_S
++EVP_PKEY *
++ldns_key_evp_key(const ldns_key *k)
++{
++ return k->_key.key;
++}
++
++RSA *
++ldns_key_rsa_key(const ldns_key *k)
++{
++ if (k->_key.key) {
++ return EVP_PKEY_get1_RSA(k->_key.key);
++ } else {
++ return NULL;
++ }
++}
++
++DSA *
++ldns_key_dsa_key(const ldns_key *k)
++{
++ if (k->_key.key) {
++ return EVP_PKEY_get1_DSA(k->_key.key);
++ } else {
++ return NULL;
++ }
++}
++#endif /* splint */
++#endif /* HAVE_SSL */
++
++unsigned char *
++ldns_key_hmac_key(const ldns_key *k)
++{
++ if (k->_key.hmac.key) {
++ return k->_key.hmac.key;
++ } else {
++ return NULL;
++ }
++}
++
++size_t
++ldns_key_hmac_size(const ldns_key *k)
++{
++ if (k->_key.hmac.size) {
++ return k->_key.hmac.size;
++ } else {
++ return 0;
++ }
++}
++
++void *
++ldns_key_external_key(const ldns_key *k)
++{
++ return k->_key.external_key;
++}
++
++uint32_t
++ldns_key_origttl(const ldns_key *k)
++{
++ return k->_extra.dnssec.orig_ttl;
++}
++
++uint16_t
++ldns_key_flags(const ldns_key *k)
++{
++ return k->_extra.dnssec.flags;
++}
++
++uint32_t
++ldns_key_inception(const ldns_key *k)
++{
++ return k->_extra.dnssec.inception;
++}
++
++uint32_t
++ldns_key_expiration(const ldns_key *k)
++{
++ return k->_extra.dnssec.expiration;
++}
++
++uint16_t
++ldns_key_keytag(const ldns_key *k)
++{
++ return k->_extra.dnssec.keytag;
++}
++
++ldns_rdf *
++ldns_key_pubkey_owner(const ldns_key *k)
++{
++ return k->_pubkey_owner;
++}
++
++/* write */
++void
++ldns_key_list_set_use(ldns_key_list *keys, bool v)
++{
++ size_t i;
++
++ for (i = 0; i < ldns_key_list_key_count(keys); i++) {
++ ldns_key_set_use(ldns_key_list_key(keys, i), v);
++ }
++}
++
++void
++ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
++{
++ key->_key_count = count;
++}
++
++bool
++ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
++{
++ size_t key_count;
++ ldns_key **keys;
++
++ key_count = ldns_key_list_key_count(key_list);
++
++ /* grow the array */
++ keys = LDNS_XREALLOC(
++ key_list->_keys, ldns_key *, key_count + 1);
++ if (!keys) {
++ return false;
++ }
++
++ /* add the new member */
++ key_list->_keys = keys;
++ key_list->_keys[key_count] = key;
++
++ ldns_key_list_set_key_count(key_list, key_count + 1);
++ return true;
++}
++
++ldns_key *
++ldns_key_list_pop_key(ldns_key_list *key_list)
++{
++ size_t key_count;
++ ldns_key** a;
++ ldns_key *pop;
++
++ if (!key_list) {
++ return NULL;
++ }
++
++ key_count = ldns_key_list_key_count(key_list);
++ if (key_count == 0) {
++ return NULL;
++ }
++
++ pop = ldns_key_list_key(key_list, key_count);
++
++ /* shrink the array */
++ a = LDNS_XREALLOC(key_list->_keys, ldns_key *, key_count - 1);
++ if(a) {
++ key_list->_keys = a;
++ }
++
++ ldns_key_list_set_key_count(key_list, key_count - 1);
++
++ return pop;
++}
++
++#ifdef HAVE_SSL
++#ifndef S_SPLINT_S
++/* data pointer must be large enough (LDNS_MAX_KEYLEN) */
++static bool
++ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
++{
++ int i,j;
++
++ if (!k) {
++ return false;
++ }
++
++ if (BN_num_bytes(k->e) <= 256) {
++ /* normally only this path is executed (small factors are
++ * more common
++ */
++ data[0] = (unsigned char) BN_num_bytes(k->e);
++ i = BN_bn2bin(k->e, data + 1);
++ j = BN_bn2bin(k->n, data + i + 1);
++ *size = (uint16_t) i + j;
++ } else if (BN_num_bytes(k->e) <= 65536) {
++ data[0] = 0;
++ /* BN_bn2bin does bigendian, _uint16 also */
++ ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(k->e));
++
++ BN_bn2bin(k->e, data + 3);
++ BN_bn2bin(k->n, data + 4 + BN_num_bytes(k->e));
++ *size = (uint16_t) BN_num_bytes(k->n) + 6;
++ } else {
++ return false;
++ }
++ return true;
++}
++
++/* data pointer must be large enough (LDNS_MAX_KEYLEN) */
++static bool
++ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
++{
++ uint8_t T;
++
++ if (!k) {
++ return false;
++ }
++
++ /* See RFC2536 */
++ *size = (uint16_t)BN_num_bytes(k->p);
++ T = (*size - 64) / 8;
++
++ if (T > 8) {
++#ifdef STDERR_MSGS
++ fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)");
++ fprintf(stderr, " not implemented\n");
++#endif
++ return false;
++ }
++
++ /* size = 64 + (T * 8); */
++ memset(data, 0, 21 + *size * 3);
++ data[0] = (unsigned char)T;
++ BN_bn2bin(k->q, data + 1 ); /* 20 octects */
++ BN_bn2bin(k->p, data + 21 ); /* offset octects */
++ BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g));
++ BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key));
++ *size = 21 + *size * 3;
++ return true;
++}
++
++#ifdef USE_GOST
++static bool
++ldns_key_gost2bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
++{
++ int i;
++ unsigned char* pp = NULL;
++ if(i2d_PUBKEY(k, &pp) != 37 + 64) {
++ /* expect 37 byte(ASN header) and 64 byte(X and Y) */
++ CRYPTO_free(pp);
++ return false;
++ }
++ /* omit ASN header */
++ for(i=0; i<64; i++)
++ data[i] = pp[i+37];
++ CRYPTO_free(pp);
++ *size = 64;
++ return true;
++}
++#endif /* USE_GOST */
++#endif /* splint */
++#endif /* HAVE_SSL */
++
++ldns_rr *
++ldns_key2rr(const ldns_key *k)
++{
++ /* this function will convert a the keydata contained in
++ * rsa/dsa pointers to a DNSKEY rr. It will fill in as
++ * much as it can, but it does not know about key-flags
++ * for instance
++ */
++ ldns_rr *pubkey;
++ ldns_rdf *keybin;
++ unsigned char *bin = NULL;
++ uint16_t size = 0;
++#ifdef HAVE_SSL
++ RSA *rsa = NULL;
++ DSA *dsa = NULL;
++#endif /* HAVE_SSL */
++#ifdef USE_ECDSA
++ EC_KEY* ec;
++#endif
++ int internal_data = 0;
++
++ if (!k) {
++ return NULL;
++ }
++ pubkey = ldns_rr_new();
++
++ switch (ldns_key_algorithm(k)) {
++ case LDNS_SIGN_HMACMD5:
++ case LDNS_SIGN_HMACSHA1:
++ case LDNS_SIGN_HMACSHA256:
++ ldns_rr_set_type(pubkey, LDNS_RR_TYPE_KEY);
++ break;
++ default:
++ ldns_rr_set_type(pubkey, LDNS_RR_TYPE_DNSKEY);
++ break;
++ }
++ /* zero-th rdf - flags */
++ ldns_rr_push_rdf(pubkey,
++ ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
++ ldns_key_flags(k)));
++ /* first - proto */
++ ldns_rr_push_rdf(pubkey,
++ ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, LDNS_DNSSEC_KEYPROTO));
++
++ if (ldns_key_pubkey_owner(k)) {
++ ldns_rr_set_owner(pubkey, ldns_rdf_clone(ldns_key_pubkey_owner(k)));
++ }
++
++ /* third - da algorithm */
++ switch(ldns_key_algorithm(k)) {
++ case LDNS_SIGN_RSAMD5:
++ case LDNS_SIGN_RSASHA1:
++ case LDNS_SIGN_RSASHA1_NSEC3:
++ case LDNS_SIGN_RSASHA256:
++ case LDNS_SIGN_RSASHA512:
++ ldns_rr_push_rdf(pubkey,
++ ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
++#ifdef HAVE_SSL
++ rsa = ldns_key_rsa_key(k);
++ if (rsa) {
++ bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
++ if (!bin) {
++ ldns_rr_free(pubkey);
++ return NULL;
++ }
++ if (!ldns_key_rsa2bin(bin, rsa, &size)) {
++ LDNS_FREE(bin);
++ ldns_rr_free(pubkey);
++ return NULL;
++ }
++ RSA_free(rsa);
++ internal_data = 1;
++ }
++#endif
++ size++;
++ break;
++ case LDNS_SIGN_DSA:
++ ldns_rr_push_rdf(pubkey,
++ ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
++#ifdef HAVE_SSL
++ dsa = ldns_key_dsa_key(k);
++ if (dsa) {
++ bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
++ if (!bin) {
++ ldns_rr_free(pubkey);
++ return NULL;
++ }
++ if (!ldns_key_dsa2bin(bin, dsa, &size)) {
++ LDNS_FREE(bin);
++ ldns_rr_free(pubkey);
++ return NULL;
++ }
++ DSA_free(dsa);
++ internal_data = 1;
++ }
++#endif /* HAVE_SSL */
++ break;
++ case LDNS_SIGN_DSA_NSEC3:
++ ldns_rr_push_rdf(pubkey,
++ ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
++#ifdef HAVE_SSL
++ dsa = ldns_key_dsa_key(k);
++ if (dsa) {
++ bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
++ if (!bin) {
++ ldns_rr_free(pubkey);
++ return NULL;
++ }
++ if (!ldns_key_dsa2bin(bin, dsa, &size)) {
++ LDNS_FREE(bin);
++ ldns_rr_free(pubkey);
++ return NULL;
++ }
++ DSA_free(dsa);
++ internal_data = 1;
++ }
++#endif /* HAVE_SSL */
++ break;
++ case LDNS_SIGN_ECC_GOST:
++ ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
++ LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
++#if defined(HAVE_SSL) && defined(USE_GOST)
++ bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
++ if (!bin) {
++ ldns_rr_free(pubkey);
++ return NULL;
++ }
++#ifndef S_SPLINT_S
++ if (!ldns_key_gost2bin(bin, k->_key.key, &size)) {
++ LDNS_FREE(bin);
++ ldns_rr_free(pubkey);
++ return NULL;
++ }
++#endif /* splint */
++ internal_data = 1;
++#else
++ ldns_rr_free(pubkey);
++ return NULL;
++#endif /* HAVE_SSL and USE_GOST */
++ break;
++ case LDNS_SIGN_ECDSAP256SHA256:
++ case LDNS_SIGN_ECDSAP384SHA384:
++#ifdef USE_ECDSA
++ ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
++ LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
++ bin = NULL;
++#ifndef S_SPLINT_S
++ ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
++#endif
++ EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
++ size = (uint16_t)i2o_ECPublicKey(ec, NULL);
++ if(!i2o_ECPublicKey(ec, &bin)) {
++ EC_KEY_free(ec);
++ ldns_rr_free(pubkey);
++ return NULL;
++ }
++ if(size > 1) {
++ /* move back one byte to shave off the 0x02
++ * 'uncompressed' indicator that openssl made
++ * Actually its 0x04 (from implementation).
++ */
++ assert(bin[0] == POINT_CONVERSION_UNCOMPRESSED);
++ size -= 1;
++ memmove(bin, bin+1, size);
++ }
++ /* down the reference count for ec, its still assigned
++ * to the pkey */
++ EC_KEY_free(ec);
++ internal_data = 1;
++#else
++ ldns_rr_free(pubkey);
++ return NULL;
++#endif /* ECDSA */
++ break;
++ case LDNS_SIGN_HMACMD5:
++ case LDNS_SIGN_HMACSHA1:
++ case LDNS_SIGN_HMACSHA256:
++ bin = LDNS_XMALLOC(unsigned char, ldns_key_hmac_size(k));
++ if (!bin) {
++ ldns_rr_free(pubkey);
++ return NULL;
++ }
++ ldns_rr_push_rdf(pubkey,
++ ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG,
++ ldns_key_algorithm(k)));
++ size = ldns_key_hmac_size(k);
++ memcpy(bin, ldns_key_hmac_key(k), size);
++ internal_data = 1;
++ break;
++ }
++ /* fourth the key bin material */
++ if (internal_data) {
++ keybin = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, size, bin);
++ LDNS_FREE(bin);
++ ldns_rr_push_rdf(pubkey, keybin);
++ }
++ return pubkey;
++}
++
++void
++ldns_key_free(ldns_key *key)
++{
++ LDNS_FREE(key);
++}
++
++void
++ldns_key_deep_free(ldns_key *key)
++{
++ unsigned char* hmac;
++ if (ldns_key_pubkey_owner(key)) {
++ ldns_rdf_deep_free(ldns_key_pubkey_owner(key));
++ }
++#ifdef HAVE_SSL
++ if (ldns_key_evp_key(key)) {
++ EVP_PKEY_free(ldns_key_evp_key(key));
++ }
++#endif /* HAVE_SSL */
++ if (ldns_key_hmac_key(key)) {
++ hmac = ldns_key_hmac_key(key);
++ LDNS_FREE(hmac);
++ }
++ LDNS_FREE(key);
++}
++
++void
++ldns_key_list_free(ldns_key_list *key_list)
++{
++ size_t i;
++ for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
++ ldns_key_deep_free(ldns_key_list_key(key_list, i));
++ }
++ LDNS_FREE(key_list->_keys);
++ LDNS_FREE(key_list);
++}
++
++ldns_rr *
++ldns_read_anchor_file(const char *filename)
++{
++ FILE *fp;
++ /*char line[LDNS_MAX_PACKETLEN];*/
++ char *line = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN);
++ int c;
++ size_t i = 0;
++ ldns_rr *r;
++ ldns_status status;
++ if(!line) {
++ return NULL;
++ }
++
++ fp = fopen(filename, "r");
++ if (!fp) {
++#ifdef STDERR_MSGS
++ fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
++#endif
++ LDNS_FREE(line);
++ return NULL;
++ }
++
++ while ((c = fgetc(fp)) && i+1 < LDNS_MAX_PACKETLEN && c != EOF) {
++ line[i] = c;
++ i++;
++ }
++ line[i] = '\0';
++
++ fclose(fp);
++
++ if (i <= 0) {
++#ifdef STDERR_MSGS
++ fprintf(stderr, "nothing read from %s", filename);
++#endif
++ LDNS_FREE(line);
++ return NULL;
++ } else {
++ status = ldns_rr_new_frm_str(&r, line, 0, NULL, NULL);
++ if (status == LDNS_STATUS_OK && (ldns_rr_get_type(r) == LDNS_RR_TYPE_DNSKEY || ldns_rr_get_type(r) == LDNS_RR_TYPE_DS)) {
++ LDNS_FREE(line);
++ return r;
++ } else {
++#ifdef STDERR_MSGS
++ fprintf(stderr, "Error creating DNSKEY or DS rr from %s: %s\n", filename, ldns_get_errorstr_by_id(status));
++#endif
++ LDNS_FREE(line);
++ return NULL;
++ }
++ }
++}
++
++char *
++ldns_key_get_file_base_name(ldns_key *key)
++{
++ ldns_buffer *buffer;
++ char *file_base_name;
++
++ buffer = ldns_buffer_new(255);
++ ldns_buffer_printf(buffer, "K");
++ (void)ldns_rdf2buffer_str_dname(buffer, ldns_key_pubkey_owner(key));
++ ldns_buffer_printf(buffer,
++ "+%03u+%05u",
++ ldns_key_algorithm(key),
++ ldns_key_keytag(key));
++ file_base_name = ldns_buffer_export(buffer);
++ ldns_buffer_free(buffer);
++ return file_base_name;
++}
++
++int ldns_key_algo_supported(int algo)
++{
++ ldns_lookup_table *lt = ldns_signing_algorithms;
++ while(lt->name) {
++ if(lt->id == algo)
++ return 1;
++ lt++;
++ }
++ return 0;
++}
++
++ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name)
++{
++ /* list of (signing algorithm id, alias_name) */
++ ldns_lookup_table aliases[] = {
++ /* from bind dnssec-keygen */
++ {LDNS_SIGN_HMACMD5, "HMAC-MD5"},
++ {LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"},
++ {LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"},
++ /* old ldns usage, now RFC names */
++ {LDNS_SIGN_DSA_NSEC3, "DSA_NSEC3" },
++ {LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1_NSEC3" },
++#ifdef USE_GOST
++ {LDNS_SIGN_ECC_GOST, "GOST"},
++#endif
++ /* compat with possible output */
++ {LDNS_DH, "DH"},
++ {LDNS_ECC, "ECC"},
++ {LDNS_INDIRECT, "INDIRECT"},
++ {LDNS_PRIVATEDNS, "PRIVATEDNS"},
++ {LDNS_PRIVATEOID, "PRIVATEOID"},
++ {0, NULL}};
++ ldns_lookup_table* lt = ldns_signing_algorithms;
++ ldns_signing_algorithm a;
++ char *endptr;
++
++ while(lt->name) {
++ if(strcasecmp(lt->name, name) == 0)
++ return lt->id;
++ lt++;
++ }
++ lt = aliases;
++ while(lt->name) {
++ if(strcasecmp(lt->name, name) == 0)
++ return lt->id;
++ lt++;
++ }
++ a = strtol(name, &endptr, 10);
++ if (*name && !*endptr)
++ return a;
++
++ return 0;
++}
+diff --git a/ldns/src/net.c b/ldns/src/net.c
+new file mode 100644
+index 0000000..b8a5385
+--- /dev/null
++++ b/ldns/src/net.c
+@@ -0,0 +1,1002 @@
++/*
++ * net.c
++ *
++ * Network implementation
++ * All network related functions are grouped here
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#ifdef HAVE_NETINET_IN_H
++#include <netinet/in.h>
++#endif
++#ifdef HAVE_SYS_SOCKET_H
++#include <sys/socket.h>
++#endif
++#ifdef HAVE_NETDB_H
++#include <netdb.h>
++#endif
++#ifdef HAVE_ARPA_INET_H
++#include <arpa/inet.h>
++#endif
++#include <sys/time.h>
++#include <errno.h>
++#include <fcntl.h>
++
++ldns_status
++ldns_send(ldns_pkt **result_packet, ldns_resolver *r, const ldns_pkt *query_pkt)
++{
++ ldns_buffer *qb;
++ ldns_status result;
++ ldns_rdf *tsig_mac = NULL;
++
++ qb = ldns_buffer_new(LDNS_MIN_BUFLEN);
++
++ if (query_pkt && ldns_pkt_tsig(query_pkt)) {
++ tsig_mac = ldns_rr_rdf(ldns_pkt_tsig(query_pkt), 3);
++ }
++
++ if (!query_pkt ||
++ ldns_pkt2buffer_wire(qb, query_pkt) != LDNS_STATUS_OK) {
++ result = LDNS_STATUS_ERR;
++ } else {
++ result = ldns_send_buffer(result_packet, r, qb, tsig_mac);
++ }
++
++ ldns_buffer_free(qb);
++
++ return result;
++}
++
++/* code from rdata.c */
++static struct sockaddr_storage *
++ldns_rdf2native_sockaddr_storage_port(
++ const ldns_rdf *rd, uint16_t port, size_t *size)
++{
++ struct sockaddr_storage *data;
++ struct sockaddr_in *data_in;
++ struct sockaddr_in6 *data_in6;
++
++ data = LDNS_MALLOC(struct sockaddr_storage);
++ if (!data) {
++ return NULL;
++ }
++ /* zero the structure for portability */
++ memset(data, 0, sizeof(struct sockaddr_storage));
++
++ switch(ldns_rdf_get_type(rd)) {
++ case LDNS_RDF_TYPE_A:
++#ifndef S_SPLINT_S
++ data->ss_family = AF_INET;
++#endif
++ data_in = (struct sockaddr_in*) data;
++ data_in->sin_port = (in_port_t)htons(port);
++ memcpy(&(data_in->sin_addr), ldns_rdf_data(rd), ldns_rdf_size(rd));
++ *size = sizeof(struct sockaddr_in);
++ return data;
++ case LDNS_RDF_TYPE_AAAA:
++#ifndef S_SPLINT_S
++ data->ss_family = AF_INET6;
++#endif
++ data_in6 = (struct sockaddr_in6*) data;
++ data_in6->sin6_port = (in_port_t)htons(port);
++ memcpy(&data_in6->sin6_addr, ldns_rdf_data(rd), ldns_rdf_size(rd));
++ *size = sizeof(struct sockaddr_in6);
++ return data;
++ default:
++ LDNS_FREE(data);
++ return NULL;
++ }
++}
++
++struct sockaddr_storage *
++ldns_rdf2native_sockaddr_storage(
++ const ldns_rdf *rd, uint16_t port, size_t *size)
++{
++ return ldns_rdf2native_sockaddr_storage_port(
++ rd, (port == 0 ? (uint16_t)LDNS_PORT : port), size);
++}
++
++/** best effort to set nonblocking */
++static void
++ldns_sock_nonblock(int sockfd)
++{
++#ifdef HAVE_FCNTL
++ int flag;
++ if((flag = fcntl(sockfd, F_GETFL)) != -1) {
++ flag |= O_NONBLOCK;
++ if(fcntl(sockfd, F_SETFL, flag) == -1) {
++ /* ignore error, continue blockingly */
++ }
++ }
++#elif defined(HAVE_IOCTLSOCKET)
++ unsigned long on = 1;
++ if(ioctlsocket(sockfd, FIONBIO, &on) != 0) {
++ /* ignore error, continue blockingly */
++ }
++#endif
++}
++
++/** best effort to set blocking */
++static void
++ldns_sock_block(int sockfd)
++{
++#ifdef HAVE_FCNTL
++ int flag;
++ if((flag = fcntl(sockfd, F_GETFL)) != -1) {
++ flag &= ~O_NONBLOCK;
++ if(fcntl(sockfd, F_SETFL, flag) == -1) {
++ /* ignore error, continue */
++ }
++ }
++#elif defined(HAVE_IOCTLSOCKET)
++ unsigned long off = 0;
++ if(ioctlsocket(sockfd, FIONBIO, &off) != 0) {
++ /* ignore error, continue */
++ }
++#endif
++}
++
++/** wait for a socket to become ready */
++static int
++ldns_sock_wait(int sockfd, struct timeval timeout, int write)
++{
++ int ret;
++#ifndef S_SPLINT_S
++ fd_set fds;
++ FD_ZERO(&fds);
++ FD_SET(FD_SET_T sockfd, &fds);
++ if(write)
++ ret = select(sockfd+1, NULL, &fds, NULL, &timeout);
++ else
++ ret = select(sockfd+1, &fds, NULL, NULL, &timeout);
++#endif
++ if(ret == 0)
++ /* timeout expired */
++ return 0;
++ else if(ret == -1)
++ /* error */
++ return 0;
++ return 1;
++}
++
++
++static int
++ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
++ const struct sockaddr_storage *from, socklen_t fromlen,
++ struct timeval timeout)
++{
++ int sockfd;
++
++#ifndef S_SPLINT_S
++ if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_STREAM,
++ IPPROTO_TCP)) == -1) {
++ return 0;
++ }
++#endif
++ if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){
++ return 0;
++ }
++
++ /* perform nonblocking connect, to be able to wait with select() */
++ ldns_sock_nonblock(sockfd);
++ if (connect(sockfd, (struct sockaddr*)to, tolen) == -1) {
++#ifndef USE_WINSOCK
++#ifdef EINPROGRESS
++ if(errno != EINPROGRESS) {
++#else
++ if(1) {
++#endif
++ close(sockfd);
++ return 0;
++ }
++#else /* USE_WINSOCK */
++ if(WSAGetLastError() != WSAEINPROGRESS &&
++ WSAGetLastError() != WSAEWOULDBLOCK) {
++ closesocket(sockfd);
++ return 0;
++ }
++#endif
++ /* error was only telling us that it would block */
++ }
++
++ /* wait(write) until connected or error */
++ while(1) {
++ int error = 0;
++ socklen_t len = (socklen_t)sizeof(error);
++
++ if(!ldns_sock_wait(sockfd, timeout, 1)) {
++#ifndef USE_WINSOCK
++ close(sockfd);
++#else
++ closesocket(sockfd);
++#endif
++ return 0;
++ }
++
++ /* check if there is a pending error for nonblocking connect */
++ if(getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void*)&error,
++ &len) < 0) {
++#ifndef USE_WINSOCK
++ error = errno; /* on solaris errno is error */
++#else
++ error = WSAGetLastError();
++#endif
++ }
++#ifndef USE_WINSOCK
++#if defined(EINPROGRESS) && defined(EWOULDBLOCK)
++ if(error == EINPROGRESS || error == EWOULDBLOCK)
++ continue; /* try again */
++#endif
++ else if(error != 0) {
++ close(sockfd);
++ /* error in errno for our user */
++ errno = error;
++ return 0;
++ }
++#else /* USE_WINSOCK */
++ if(error == WSAEINPROGRESS)
++ continue;
++ else if(error == WSAEWOULDBLOCK)
++ continue;
++ else if(error != 0) {
++ closesocket(sockfd);
++ errno = error;
++ return 0;
++ }
++#endif /* USE_WINSOCK */
++ /* connected */
++ break;
++ }
++
++ /* set the socket blocking again */
++ ldns_sock_block(sockfd);
++
++ return sockfd;
++}
++
++int
++ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen,
++ struct timeval timeout)
++{
++ return ldns_tcp_connect_from(to, tolen, NULL, 0, timeout);
++}
++
++static int
++ldns_tcp_bgsend_from(ldns_buffer *qbin,
++ const struct sockaddr_storage *to, socklen_t tolen,
++ const struct sockaddr_storage *from, socklen_t fromlen,
++ struct timeval timeout)
++{
++ int sockfd;
++
++ sockfd = ldns_tcp_connect_from(to, tolen, from, fromlen, timeout);
++
++ if (sockfd == 0) {
++ return 0;
++ }
++
++ if (ldns_tcp_send_query(qbin, sockfd, to, tolen) == 0) {
++#ifndef USE_WINSOCK
++ close(sockfd);
++#else
++ closesocket(sockfd);
++#endif
++ return 0;
++ }
++
++ return sockfd;
++}
++
++int
++ldns_tcp_bgsend(ldns_buffer *qbin,
++ const struct sockaddr_storage *to, socklen_t tolen,
++ struct timeval timeout)
++{
++ return ldns_tcp_bgsend_from(qbin, to, tolen, NULL, 0, timeout);
++}
++
++
++/* keep in mind that in DNS tcp messages the first 2 bytes signal the
++ * amount data to expect
++ */
++static ldns_status
++ldns_tcp_send_from(uint8_t **result, ldns_buffer *qbin,
++ const struct sockaddr_storage *to, socklen_t tolen,
++ const struct sockaddr_storage *from, socklen_t fromlen,
++ struct timeval timeout, size_t *answer_size)
++{
++ int sockfd;
++ uint8_t *answer;
++
++ sockfd = ldns_tcp_bgsend_from(qbin, to, tolen, from, fromlen, timeout);
++
++ if (sockfd == 0) {
++ return LDNS_STATUS_ERR;
++ }
++
++ answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout);
++#ifndef USE_WINSOCK
++ close(sockfd);
++#else
++ closesocket(sockfd);
++#endif
++
++ if (*answer_size == 0) {
++ /* oops */
++ return LDNS_STATUS_NETWORK_ERR;
++ }
++
++ /* resize accordingly */
++ *result = LDNS_XREALLOC(answer, uint8_t, (size_t)*answer_size);
++ if(!*result) {
++ LDNS_FREE(answer);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_tcp_send(uint8_t **result, ldns_buffer *qbin,
++ const struct sockaddr_storage *to, socklen_t tolen,
++ struct timeval timeout, size_t *answer_size)
++{
++ return ldns_tcp_send_from(result, qbin,
++ to, tolen, NULL, 0, timeout, answer_size);
++}
++
++int
++ldns_udp_connect(const struct sockaddr_storage *to, struct timeval ATTR_UNUSED(timeout))
++{
++ int sockfd;
++
++#ifndef S_SPLINT_S
++ if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_DGRAM,
++ IPPROTO_UDP))
++ == -1) {
++ return 0;
++ }
++#endif
++ return sockfd;
++}
++
++static int
++ldns_udp_bgsend_from(ldns_buffer *qbin,
++ const struct sockaddr_storage *to , socklen_t tolen,
++ const struct sockaddr_storage *from, socklen_t fromlen,
++ struct timeval timeout)
++{
++ int sockfd;
++
++ sockfd = ldns_udp_connect(to, timeout);
++
++ if (sockfd == 0) {
++ return 0;
++ }
++
++ if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){
++ return 0;
++ }
++
++ if (ldns_udp_send_query(qbin, sockfd, to, tolen) == 0) {
++#ifndef USE_WINSOCK
++ close(sockfd);
++#else
++ closesocket(sockfd);
++#endif
++ return 0;
++ }
++ return sockfd;
++}
++
++int
++ldns_udp_bgsend(ldns_buffer *qbin,
++ const struct sockaddr_storage *to , socklen_t tolen,
++ struct timeval timeout)
++{
++ return ldns_udp_bgsend_from(qbin, to, tolen, NULL, 0, timeout);
++}
++
++static ldns_status
++ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin,
++ const struct sockaddr_storage *to , socklen_t tolen,
++ const struct sockaddr_storage *from, socklen_t fromlen,
++ struct timeval timeout, size_t *answer_size)
++{
++ int sockfd;
++ uint8_t *answer;
++
++ sockfd = ldns_udp_bgsend_from(qbin, to, tolen, from, fromlen, timeout);
++
++ if (sockfd == 0) {
++ return LDNS_STATUS_SOCKET_ERROR;
++ }
++
++ /* wait for an response*/
++ if(!ldns_sock_wait(sockfd, timeout, 0)) {
++#ifndef USE_WINSOCK
++ close(sockfd);
++#else
++ closesocket(sockfd);
++#endif
++ return LDNS_STATUS_NETWORK_ERR;
++ }
++
++ /* set to nonblocking, so if the checksum is bad, it becomes
++ * an EGAIN error and the ldns_udp_send function does not block,
++ * but returns a 'NETWORK_ERROR' much like a timeout. */
++ ldns_sock_nonblock(sockfd);
++
++ answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL);
++#ifndef USE_WINSOCK
++ close(sockfd);
++#else
++ closesocket(sockfd);
++#endif
++
++ if (*answer_size == 0) {
++ /* oops */
++ return LDNS_STATUS_NETWORK_ERR;
++ }
++
++ *result = answer;
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_udp_send(uint8_t **result, ldns_buffer *qbin,
++ const struct sockaddr_storage *to , socklen_t tolen,
++ struct timeval timeout, size_t *answer_size)
++{
++ return ldns_udp_send_from(result, qbin, to, tolen, NULL, 0,
++ timeout, answer_size);
++}
++
++ldns_status
++ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac)
++{
++ uint8_t i;
++
++ struct sockaddr_storage *src = NULL;
++ size_t src_len;
++ struct sockaddr_storage *ns;
++ size_t ns_len;
++ struct timeval tv_s;
++ struct timeval tv_e;
++
++ ldns_rdf **ns_array;
++ size_t *rtt;
++ ldns_pkt *reply;
++ bool all_servers_rtt_inf;
++ uint8_t retries;
++
++ uint8_t *reply_bytes = NULL;
++ size_t reply_size = 0;
++ ldns_status status, send_status;
++
++ assert(r != NULL);
++
++ status = LDNS_STATUS_OK;
++ rtt = ldns_resolver_rtt(r);
++ ns_array = ldns_resolver_nameservers(r);
++ reply = NULL;
++ ns_len = 0;
++
++ all_servers_rtt_inf = true;
++
++ if (ldns_resolver_random(r)) {
++ ldns_resolver_nameservers_randomize(r);
++ }
++
++ if(ldns_resolver_source(r)) {
++ src = ldns_rdf2native_sockaddr_storage_port(
++ ldns_resolver_source(r), 0, &src_len);
++ }
++
++ /* loop through all defined nameservers */
++ for (i = 0; i < ldns_resolver_nameserver_count(r); i++) {
++ if (rtt[i] == LDNS_RESOLV_RTT_INF) {
++ /* not reachable nameserver! */
++ continue;
++ }
++
++ /* maybe verbosity setting?
++ printf("Sending to ");
++ ldns_rdf_print(stdout, ns_array[i]);
++ printf("\n");
++ */
++ ns = ldns_rdf2native_sockaddr_storage(ns_array[i],
++ ldns_resolver_port(r), &ns_len);
++
++
++#ifndef S_SPLINT_S
++ if ((ns->ss_family == AF_INET) &&
++ (ldns_resolver_ip6(r) == LDNS_RESOLV_INET6)) {
++ /* not reachable */
++ LDNS_FREE(ns);
++ continue;
++ }
++
++ if ((ns->ss_family == AF_INET6) &&
++ (ldns_resolver_ip6(r) == LDNS_RESOLV_INET)) {
++ /* not reachable */
++ LDNS_FREE(ns);
++ continue;
++ }
++#endif
++
++ all_servers_rtt_inf = false;
++
++ gettimeofday(&tv_s, NULL);
++
++ send_status = LDNS_STATUS_ERR;
++
++ /* reply_bytes implicitly handles our error */
++ if (ldns_resolver_usevc(r)) {
++ for (retries = ldns_resolver_retry(r); retries > 0; retries--) {
++ send_status =
++ ldns_tcp_send_from(&reply_bytes, qb,
++ ns, (socklen_t)ns_len,
++ src, (socklen_t)src_len,
++ ldns_resolver_timeout(r),
++ &reply_size);
++ if (send_status == LDNS_STATUS_OK) {
++ break;
++ }
++ }
++ } else {
++ for (retries = ldns_resolver_retry(r); retries > 0; retries--) {
++ /* ldns_rdf_print(stdout, ns_array[i]); */
++ send_status =
++ ldns_udp_send_from(&reply_bytes, qb,
++ ns, (socklen_t)ns_len,
++ src, (socklen_t)src_len,
++ ldns_resolver_timeout(r),
++ &reply_size);
++ if (send_status == LDNS_STATUS_OK) {
++ break;
++ }
++ }
++ }
++
++ if (send_status != LDNS_STATUS_OK) {
++ ldns_resolver_set_nameserver_rtt(r, i, LDNS_RESOLV_RTT_INF);
++ status = send_status;
++ }
++
++ /* obey the fail directive */
++ if (!reply_bytes) {
++ /* the current nameserver seems to have a problem, blacklist it */
++ if (ldns_resolver_fail(r)) {
++ LDNS_FREE(ns);
++ return LDNS_STATUS_ERR;
++ } else {
++ LDNS_FREE(ns);
++ continue;
++ }
++ }
++
++ status = ldns_wire2pkt(&reply, reply_bytes, reply_size);
++ if (status != LDNS_STATUS_OK) {
++ LDNS_FREE(reply_bytes);
++ LDNS_FREE(ns);
++ return status;
++ }
++
++ LDNS_FREE(ns);
++ gettimeofday(&tv_e, NULL);
++
++ if (reply) {
++ ldns_pkt_set_querytime(reply, (uint32_t)
++ ((tv_e.tv_sec - tv_s.tv_sec) * 1000) +
++ (tv_e.tv_usec - tv_s.tv_usec) / 1000);
++ ldns_pkt_set_answerfrom(reply,
++ ldns_rdf_clone(ns_array[i]));
++ ldns_pkt_set_timestamp(reply, tv_s);
++ ldns_pkt_set_size(reply, reply_size);
++ break;
++ } else {
++ if (ldns_resolver_fail(r)) {
++ /* if fail is set bail out, after the first
++ * one */
++ break;
++ }
++ }
++
++ /* wait retrans seconds... */
++ sleep((unsigned int) ldns_resolver_retrans(r));
++ }
++
++ if(src) {
++ LDNS_FREE(src);
++ }
++ if (all_servers_rtt_inf) {
++ LDNS_FREE(reply_bytes);
++ return LDNS_STATUS_RES_NO_NS;
++ }
++#ifdef HAVE_SSL
++ if (tsig_mac && reply && reply_bytes) {
++ if (!ldns_pkt_tsig_verify(reply,
++ reply_bytes,
++ reply_size,
++ ldns_resolver_tsig_keyname(r),
++ ldns_resolver_tsig_keydata(r), tsig_mac)) {
++ status = LDNS_STATUS_CRYPTO_TSIG_BOGUS;
++ }
++ }
++#else
++ (void)tsig_mac;
++#endif /* HAVE_SSL */
++
++ LDNS_FREE(reply_bytes);
++ if (result) {
++ *result = reply;
++ }
++
++ return status;
++}
++
++ssize_t
++ldns_tcp_send_query(ldns_buffer *qbin, int sockfd,
++ const struct sockaddr_storage *to, socklen_t tolen)
++{
++ uint8_t *sendbuf;
++ ssize_t bytes;
++
++ /* add length of packet */
++ sendbuf = LDNS_XMALLOC(uint8_t, ldns_buffer_position(qbin) + 2);
++ if(!sendbuf) return 0;
++ ldns_write_uint16(sendbuf, ldns_buffer_position(qbin));
++ memcpy(sendbuf + 2, ldns_buffer_begin(qbin), ldns_buffer_position(qbin));
++
++ bytes = sendto(sockfd, (void*)sendbuf,
++ ldns_buffer_position(qbin) + 2, 0, (struct sockaddr *)to, tolen);
++
++ LDNS_FREE(sendbuf);
++
++ if (bytes == -1 || (size_t) bytes != ldns_buffer_position(qbin) + 2 ) {
++ return 0;
++ }
++ return bytes;
++}
++
++/* don't wait for an answer */
++ssize_t
++ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to,
++ socklen_t tolen)
++{
++ ssize_t bytes;
++
++ bytes = sendto(sockfd, (void*)ldns_buffer_begin(qbin),
++ ldns_buffer_position(qbin), 0, (struct sockaddr *)to, tolen);
++
++ if (bytes == -1 || (size_t)bytes != ldns_buffer_position(qbin)) {
++ return 0;
++ }
++ if ((size_t) bytes != ldns_buffer_position(qbin)) {
++ return 0;
++ }
++ return bytes;
++}
++
++uint8_t *
++ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *from,
++ socklen_t *fromlen)
++{
++ uint8_t *wire, *wireout;
++ ssize_t wire_size;
++
++ wire = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN);
++ if (!wire) {
++ *size = 0;
++ return NULL;
++ }
++
++ wire_size = recvfrom(sockfd, (void*)wire, LDNS_MAX_PACKETLEN, 0,
++ (struct sockaddr *)from, fromlen);
++
++ /* recvfrom can also return 0 */
++ if (wire_size == -1 || wire_size == 0) {
++ *size = 0;
++ LDNS_FREE(wire);
++ return NULL;
++ }
++
++ *size = (size_t)wire_size;
++ wireout = LDNS_XREALLOC(wire, uint8_t, (size_t)wire_size);
++ if(!wireout) LDNS_FREE(wire);
++
++ return wireout;
++}
++
++uint8_t *
++ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout)
++{
++ uint8_t *wire;
++ uint16_t wire_size;
++ ssize_t bytes = 0, rc = 0;
++
++ wire = LDNS_XMALLOC(uint8_t, 2);
++ if (!wire) {
++ *size = 0;
++ return NULL;
++ }
++
++ while (bytes < 2) {
++ if(!ldns_sock_wait(sockfd, timeout, 0)) {
++ *size = 0;
++ LDNS_FREE(wire);
++ return NULL;
++ }
++ rc = recv(sockfd, (void*) (wire + bytes),
++ (size_t) (2 - bytes), 0);
++ if (rc == -1 || rc == 0) {
++ *size = 0;
++ LDNS_FREE(wire);
++ return NULL;
++ }
++ bytes += rc;
++ }
++
++ wire_size = ldns_read_uint16(wire);
++
++ LDNS_FREE(wire);
++ wire = LDNS_XMALLOC(uint8_t, wire_size);
++ if (!wire) {
++ *size = 0;
++ return NULL;
++ }
++ bytes = 0;
++
++ while (bytes < (ssize_t) wire_size) {
++ if(!ldns_sock_wait(sockfd, timeout, 0)) {
++ *size = 0;
++ LDNS_FREE(wire);
++ return NULL;
++ }
++ rc = recv(sockfd, (void*) (wire + bytes),
++ (size_t) (wire_size - bytes), 0);
++ if (rc == -1 || rc == 0) {
++ LDNS_FREE(wire);
++ *size = 0;
++ return NULL;
++ }
++ bytes += rc;
++ }
++
++ *size = (size_t) bytes;
++ return wire;
++}
++
++uint8_t *
++ldns_tcp_read_wire(int sockfd, size_t *size)
++{
++ uint8_t *wire;
++ uint16_t wire_size;
++ ssize_t bytes = 0, rc = 0;
++
++ wire = LDNS_XMALLOC(uint8_t, 2);
++ if (!wire) {
++ *size = 0;
++ return NULL;
++ }
++
++ while (bytes < 2) {
++ rc = recv(sockfd, (void*) (wire + bytes),
++ (size_t) (2 - bytes), 0);
++ if (rc == -1 || rc == 0) {
++ *size = 0;
++ LDNS_FREE(wire);
++ return NULL;
++ }
++ bytes += rc;
++ }
++
++ wire_size = ldns_read_uint16(wire);
++
++ LDNS_FREE(wire);
++ wire = LDNS_XMALLOC(uint8_t, wire_size);
++ if (!wire) {
++ *size = 0;
++ return NULL;
++ }
++ bytes = 0;
++
++ while (bytes < (ssize_t) wire_size) {
++ rc = recv(sockfd, (void*) (wire + bytes),
++ (size_t) (wire_size - bytes), 0);
++ if (rc == -1 || rc == 0) {
++ LDNS_FREE(wire);
++ *size = 0;
++ return NULL;
++ }
++ bytes += rc;
++ }
++
++ *size = (size_t) bytes;
++ return wire;
++}
++
++#ifndef S_SPLINT_S
++ldns_rdf *
++ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port)
++{
++ ldns_rdf *addr;
++ struct sockaddr_in *data_in;
++ struct sockaddr_in6 *data_in6;
++
++ switch(sock->ss_family) {
++ case AF_INET:
++ data_in = (struct sockaddr_in*)sock;
++ if (port) {
++ *port = ntohs((uint16_t)data_in->sin_port);
++ }
++ addr = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_A,
++ LDNS_IP4ADDRLEN, &data_in->sin_addr);
++ break;
++ case AF_INET6:
++ data_in6 = (struct sockaddr_in6*)sock;
++ if (port) {
++ *port = ntohs((uint16_t)data_in6->sin6_port);
++ }
++ addr = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_AAAA,
++ LDNS_IP6ADDRLEN, &data_in6->sin6_addr);
++ break;
++ default:
++ if (port) {
++ *port = 0;
++ }
++ return NULL;
++ }
++ return addr;
++}
++#endif
++
++/* code from resolver.c */
++ldns_status
++ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
++{
++ ldns_pkt *query;
++ ldns_buffer *query_wire;
++
++ struct sockaddr_storage *src = NULL;
++ size_t src_len = 0;
++ struct sockaddr_storage *ns = NULL;
++ size_t ns_len = 0;
++ size_t ns_i;
++ ldns_status status;
++
++ if (!resolver || ldns_resolver_nameserver_count(resolver) < 1) {
++ return LDNS_STATUS_ERR;
++ }
++
++ query = ldns_pkt_query_new(ldns_rdf_clone(domain), LDNS_RR_TYPE_AXFR, class, 0);
++
++ if (!query) {
++ return LDNS_STATUS_ADDRESS_ERR;
++ }
++ if(ldns_resolver_source(resolver)) {
++ src = ldns_rdf2native_sockaddr_storage_port(
++ ldns_resolver_source(resolver), 0, &src_len);
++ }
++ /* For AXFR, we have to make the connection ourselves */
++ /* try all nameservers (which usually would mean v4 fallback if
++ * @hostname is used */
++ for (ns_i = 0;
++ ns_i < ldns_resolver_nameserver_count(resolver) &&
++ resolver->_socket == 0;
++ ns_i++) {
++ if (ns != NULL) {
++ LDNS_FREE(ns);
++ }
++ ns = ldns_rdf2native_sockaddr_storage(
++ resolver->_nameservers[ns_i],
++ ldns_resolver_port(resolver), &ns_len);
++
++ resolver->_socket = ldns_tcp_connect_from(
++ ns, (socklen_t)ns_len,
++ src, (socklen_t)src_len,
++ ldns_resolver_timeout(resolver));
++ }
++
++ if (resolver->_socket == 0) {
++ ldns_pkt_free(query);
++ LDNS_FREE(ns);
++ return LDNS_STATUS_NETWORK_ERR;
++ }
++
++#ifdef HAVE_SSL
++ if (ldns_resolver_tsig_keyname(resolver) && ldns_resolver_tsig_keydata(resolver)) {
++ status = ldns_pkt_tsig_sign(query,
++ ldns_resolver_tsig_keyname(resolver),
++ ldns_resolver_tsig_keydata(resolver),
++ 300, ldns_resolver_tsig_algorithm(resolver), NULL);
++ if (status != LDNS_STATUS_OK) {
++ /* to prevent problems on subsequent calls to
++ * ldns_axfr_start we have to close the socket here! */
++#ifndef USE_WINSOCK
++ close(resolver->_socket);
++#else
++ closesocket(resolver->_socket);
++#endif
++ resolver->_socket = 0;
++
++ ldns_pkt_free(query);
++ LDNS_FREE(ns);
++
++ return LDNS_STATUS_CRYPTO_TSIG_ERR;
++ }
++ }
++#endif /* HAVE_SSL */
++
++ /* Convert the query to a buffer
++ * Is this necessary?
++ */
++ query_wire = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ if(!query_wire) {
++ ldns_pkt_free(query);
++ LDNS_FREE(ns);
++#ifndef USE_WINSOCK
++ close(resolver->_socket);
++#else
++ closesocket(resolver->_socket);
++#endif
++ resolver->_socket = 0;
++
++ return LDNS_STATUS_MEM_ERR;
++ }
++ status = ldns_pkt2buffer_wire(query_wire, query);
++ if (status != LDNS_STATUS_OK) {
++ ldns_pkt_free(query);
++ ldns_buffer_free(query_wire);
++ LDNS_FREE(ns);
++
++ /* to prevent problems on subsequent calls to ldns_axfr_start
++ * we have to close the socket here! */
++#ifndef USE_WINSOCK
++ close(resolver->_socket);
++#else
++ closesocket(resolver->_socket);
++#endif
++ resolver->_socket = 0;
++
++ return status;
++ }
++ /* Send the query */
++ if (ldns_tcp_send_query(query_wire, resolver->_socket, ns,
++ (socklen_t)ns_len) == 0) {
++ ldns_pkt_free(query);
++ ldns_buffer_free(query_wire);
++ LDNS_FREE(ns);
++
++ /* to prevent problems on subsequent calls to ldns_axfr_start
++ * we have to close the socket here! */
++
++#ifndef USE_WINSOCK
++ close(resolver->_socket);
++#else
++ closesocket(resolver->_socket);
++#endif
++ resolver->_socket = 0;
++
++ return LDNS_STATUS_NETWORK_ERR;
++ }
++
++ ldns_pkt_free(query);
++ ldns_buffer_free(query_wire);
++ LDNS_FREE(ns);
++
++ /*
++ * The AXFR is done once the second SOA record is sent
++ */
++ resolver->_axfr_soa_count = 0;
++ return LDNS_STATUS_OK;
++}
+diff --git a/ldns/src/packet.c b/ldns/src/packet.c
+new file mode 100644
+index 0000000..62bfd07
+--- /dev/null
++++ b/ldns/src/packet.c
+@@ -0,0 +1,1159 @@
++/*
++ * packet.c
++ *
++ * dns packet implementation
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#include <strings.h>
++#include <limits.h>
++
++#ifdef HAVE_SSL
++#include <openssl/rand.h>
++#endif
++
++/* Access functions
++ * do this as functions to get type checking
++ */
++
++#define LDNS_EDNS_MASK_DO_BIT 0x8000
++
++/* TODO defines for 3600 */
++/* convert to and from numerical flag values */
++ldns_lookup_table ldns_edns_flags[] = {
++ { 3600, "do"},
++ { 0, NULL}
++};
++
++/* read */
++uint16_t
++ldns_pkt_id(const ldns_pkt *packet)
++{
++ return packet->_header->_id;
++}
++
++bool
++ldns_pkt_qr(const ldns_pkt *packet)
++{
++ return packet->_header->_qr;
++}
++
++bool
++ldns_pkt_aa(const ldns_pkt *packet)
++{
++ return packet->_header->_aa;
++}
++
++bool
++ldns_pkt_tc(const ldns_pkt *packet)
++{
++ return packet->_header->_tc;
++}
++
++bool
++ldns_pkt_rd(const ldns_pkt *packet)
++{
++ return packet->_header->_rd;
++}
++
++bool
++ldns_pkt_cd(const ldns_pkt *packet)
++{
++ return packet->_header->_cd;
++}
++
++bool
++ldns_pkt_ra(const ldns_pkt *packet)
++{
++ return packet->_header->_ra;
++}
++
++bool
++ldns_pkt_ad(const ldns_pkt *packet)
++{
++ return packet->_header->_ad;
++}
++
++ldns_pkt_opcode
++ldns_pkt_get_opcode(const ldns_pkt *packet)
++{
++ return packet->_header->_opcode;
++}
++
++ldns_pkt_rcode
++ldns_pkt_get_rcode(const ldns_pkt *packet)
++{
++ return packet->_header->_rcode;
++}
++
++uint16_t
++ldns_pkt_qdcount(const ldns_pkt *packet)
++{
++ return packet->_header->_qdcount;
++}
++
++uint16_t
++ldns_pkt_ancount(const ldns_pkt *packet)
++{
++ return packet->_header->_ancount;
++}
++
++uint16_t
++ldns_pkt_nscount(const ldns_pkt *packet)
++{
++ return packet->_header->_nscount;
++}
++
++uint16_t
++ldns_pkt_arcount(const ldns_pkt *packet)
++{
++ return packet->_header->_arcount;
++}
++
++ldns_rr_list *
++ldns_pkt_question(const ldns_pkt *packet)
++{
++ return packet->_question;
++}
++
++ldns_rr_list *
++ldns_pkt_answer(const ldns_pkt *packet)
++{
++ return packet->_answer;
++}
++
++ldns_rr_list *
++ldns_pkt_authority(const ldns_pkt *packet)
++{
++ return packet->_authority;
++}
++
++ldns_rr_list *
++ldns_pkt_additional(const ldns_pkt *packet)
++{
++ return packet->_additional;
++}
++
++/* return ALL section concatenated */
++ldns_rr_list *
++ldns_pkt_all(const ldns_pkt *packet)
++{
++ ldns_rr_list *all, *prev_all;
++
++ all = ldns_rr_list_cat_clone(
++ ldns_pkt_question(packet),
++ ldns_pkt_answer(packet));
++ prev_all = all;
++ all = ldns_rr_list_cat_clone(all,
++ ldns_pkt_authority(packet));
++ ldns_rr_list_deep_free(prev_all);
++ prev_all = all;
++ all = ldns_rr_list_cat_clone(all,
++ ldns_pkt_additional(packet));
++ ldns_rr_list_deep_free(prev_all);
++ return all;
++}
++
++ldns_rr_list *
++ldns_pkt_all_noquestion(const ldns_pkt *packet)
++{
++ ldns_rr_list *all, *all2;
++
++ all = ldns_rr_list_cat_clone(
++ ldns_pkt_answer(packet),
++ ldns_pkt_authority(packet));
++ all2 = ldns_rr_list_cat_clone(all,
++ ldns_pkt_additional(packet));
++
++ ldns_rr_list_deep_free(all);
++ return all2;
++}
++
++size_t
++ldns_pkt_size(const ldns_pkt *packet)
++{
++ return packet->_size;
++}
++
++uint32_t
++ldns_pkt_querytime(const ldns_pkt *packet)
++{
++ return packet->_querytime;
++}
++
++ldns_rdf *
++ldns_pkt_answerfrom(const ldns_pkt *packet)
++{
++ return packet->_answerfrom;
++}
++
++struct timeval
++ldns_pkt_timestamp(const ldns_pkt *packet)
++{
++ return packet->timestamp;
++}
++
++uint16_t
++ldns_pkt_edns_udp_size(const ldns_pkt *packet)
++{
++ return packet->_edns_udp_size;
++}
++
++uint8_t
++ldns_pkt_edns_extended_rcode(const ldns_pkt *packet)
++{
++ return packet->_edns_extended_rcode;
++}
++
++uint8_t
++ldns_pkt_edns_version(const ldns_pkt *packet)
++{
++ return packet->_edns_version;
++}
++
++uint16_t
++ldns_pkt_edns_z(const ldns_pkt *packet)
++{
++ return packet->_edns_z;
++}
++
++bool
++ldns_pkt_edns_do(const ldns_pkt *packet)
++{
++ return (packet->_edns_z & LDNS_EDNS_MASK_DO_BIT);
++}
++
++void
++ldns_pkt_set_edns_do(ldns_pkt *packet, bool value)
++{
++ if (value) {
++ packet->_edns_z = packet->_edns_z | LDNS_EDNS_MASK_DO_BIT;
++ } else {
++ packet->_edns_z = packet->_edns_z & ~LDNS_EDNS_MASK_DO_BIT;
++ }
++}
++
++ldns_rdf *
++ldns_pkt_edns_data(const ldns_pkt *packet)
++{
++ return packet->_edns_data;
++}
++
++/* return only those rr that share the ownername */
++ldns_rr_list *
++ldns_pkt_rr_list_by_name(ldns_pkt *packet,
++ ldns_rdf *ownername,
++ ldns_pkt_section sec)
++{
++ ldns_rr_list *rrs;
++ ldns_rr_list *ret;
++ uint16_t i;
++
++ if (!packet) {
++ return NULL;
++ }
++
++ rrs = ldns_pkt_get_section_clone(packet, sec);
++ ret = NULL;
++
++ for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
++ if (ldns_dname_compare(ldns_rr_owner(
++ ldns_rr_list_rr(rrs, i)),
++ ownername) == 0) {
++ /* owner names match */
++ if (ret == NULL) {
++ ret = ldns_rr_list_new();
++ }
++ ldns_rr_list_push_rr(ret,
++ ldns_rr_clone(
++ ldns_rr_list_rr(rrs, i))
++ );
++ }
++ }
++
++ ldns_rr_list_deep_free(rrs);
++
++ return ret;
++}
++
++/* return only those rr that share a type */
++ldns_rr_list *
++ldns_pkt_rr_list_by_type(const ldns_pkt *packet,
++ ldns_rr_type type,
++ ldns_pkt_section sec)
++{
++ ldns_rr_list *rrs;
++ ldns_rr_list *new;
++ uint16_t i;
++
++ if(!packet) {
++ return NULL;
++ }
++
++ rrs = ldns_pkt_get_section_clone(packet, sec);
++ new = ldns_rr_list_new();
++
++ for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
++ if (type == ldns_rr_get_type(ldns_rr_list_rr(rrs, i))) {
++ /* types match */
++ ldns_rr_list_push_rr(new,
++ ldns_rr_clone(
++ ldns_rr_list_rr(rrs, i))
++ );
++ }
++ }
++ ldns_rr_list_deep_free(rrs);
++
++ if (ldns_rr_list_rr_count(new) == 0) {
++ ldns_rr_list_free(new);
++ return NULL;
++ } else {
++ return new;
++ }
++}
++
++/* return only those rrs that share name and type */
++ldns_rr_list *
++ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet,
++ const ldns_rdf *ownername,
++ ldns_rr_type type,
++ ldns_pkt_section sec)
++{
++ ldns_rr_list *rrs;
++ ldns_rr_list *new;
++ ldns_rr_list *ret;
++ uint16_t i;
++
++ if(!packet) {
++ return NULL;
++ }
++
++ rrs = ldns_pkt_get_section_clone(packet, sec);
++ new = ldns_rr_list_new();
++ ret = NULL;
++
++ for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
++ if (type == ldns_rr_get_type(ldns_rr_list_rr(rrs, i)) &&
++ ldns_dname_compare(ldns_rr_owner(ldns_rr_list_rr(rrs, i)),
++ ownername
++ ) == 0
++ ) {
++ /* types match */
++ ldns_rr_list_push_rr(new, ldns_rr_clone(ldns_rr_list_rr(rrs, i)));
++ ret = new;
++ }
++ }
++ ldns_rr_list_deep_free(rrs);
++ if (!ret) {
++ ldns_rr_list_free(new);
++ }
++ return ret;
++}
++
++bool
++ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr)
++{
++ bool result = false;
++
++ switch (sec) {
++ case LDNS_SECTION_QUESTION:
++ return ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr);
++ case LDNS_SECTION_ANSWER:
++ return ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr);
++ case LDNS_SECTION_AUTHORITY:
++ return ldns_rr_list_contains_rr(ldns_pkt_authority(pkt), rr);
++ case LDNS_SECTION_ADDITIONAL:
++ return ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr);
++ case LDNS_SECTION_ANY:
++ result = ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr);
++ case LDNS_SECTION_ANY_NOQUESTION:
++ result = result
++ || ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr)
++ || ldns_rr_list_contains_rr(ldns_pkt_authority(pkt), rr)
++ || ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr);
++ }
++
++ return result;
++}
++
++uint16_t
++ldns_pkt_section_count(const ldns_pkt *packet, ldns_pkt_section s)
++{
++ switch(s) {
++ case LDNS_SECTION_QUESTION:
++ return ldns_pkt_qdcount(packet);
++ case LDNS_SECTION_ANSWER:
++ return ldns_pkt_ancount(packet);
++ case LDNS_SECTION_AUTHORITY:
++ return ldns_pkt_nscount(packet);
++ case LDNS_SECTION_ADDITIONAL:
++ return ldns_pkt_arcount(packet);
++ case LDNS_SECTION_ANY:
++ return ldns_pkt_qdcount(packet) +
++ ldns_pkt_ancount(packet) +
++ ldns_pkt_nscount(packet) +
++ ldns_pkt_arcount(packet);
++ case LDNS_SECTION_ANY_NOQUESTION:
++ return ldns_pkt_ancount(packet) +
++ ldns_pkt_nscount(packet) +
++ ldns_pkt_arcount(packet);
++ default:
++ return 0;
++ }
++}
++
++bool
++ldns_pkt_empty(ldns_pkt *p)
++{
++ if (!p) {
++ return true; /* NULL is empty? */
++ }
++ if (ldns_pkt_section_count(p, LDNS_SECTION_ANY) > 0) {
++ return false;
++ } else {
++ return true;
++ }
++}
++
++
++ldns_rr_list *
++ldns_pkt_get_section_clone(const ldns_pkt *packet, ldns_pkt_section s)
++{
++ switch(s) {
++ case LDNS_SECTION_QUESTION:
++ return ldns_rr_list_clone(ldns_pkt_question(packet));
++ case LDNS_SECTION_ANSWER:
++ return ldns_rr_list_clone(ldns_pkt_answer(packet));
++ case LDNS_SECTION_AUTHORITY:
++ return ldns_rr_list_clone(ldns_pkt_authority(packet));
++ case LDNS_SECTION_ADDITIONAL:
++ return ldns_rr_list_clone(ldns_pkt_additional(packet));
++ case LDNS_SECTION_ANY:
++ /* these are already clones */
++ return ldns_pkt_all(packet);
++ case LDNS_SECTION_ANY_NOQUESTION:
++ return ldns_pkt_all_noquestion(packet);
++ default:
++ return NULL;
++ }
++}
++
++ldns_rr *ldns_pkt_tsig(const ldns_pkt *pkt) {
++ return pkt->_tsig_rr;
++}
++
++/* write */
++void
++ldns_pkt_set_id(ldns_pkt *packet, uint16_t id)
++{
++ packet->_header->_id = id;
++}
++
++void
++ldns_pkt_set_random_id(ldns_pkt *packet)
++{
++ uint16_t rid = ldns_get_random();
++ ldns_pkt_set_id(packet, rid);
++}
++
++
++void
++ldns_pkt_set_qr(ldns_pkt *packet, bool qr)
++{
++ packet->_header->_qr = qr;
++}
++
++void
++ldns_pkt_set_aa(ldns_pkt *packet, bool aa)
++{
++ packet->_header->_aa = aa;
++}
++
++void
++ldns_pkt_set_tc(ldns_pkt *packet, bool tc)
++{
++ packet->_header->_tc = tc;
++}
++
++void
++ldns_pkt_set_rd(ldns_pkt *packet, bool rd)
++{
++ packet->_header->_rd = rd;
++}
++
++void
++ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr)
++{
++ p->_additional = rr;
++}
++
++void
++ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr)
++{
++ p->_question = rr;
++}
++
++void
++ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr)
++{
++ p->_answer = rr;
++}
++
++void
++ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr)
++{
++ p->_authority = rr;
++}
++
++void
++ldns_pkt_set_cd(ldns_pkt *packet, bool cd)
++{
++ packet->_header->_cd = cd;
++}
++
++void
++ldns_pkt_set_ra(ldns_pkt *packet, bool ra)
++{
++ packet->_header->_ra = ra;
++}
++
++void
++ldns_pkt_set_ad(ldns_pkt *packet, bool ad)
++{
++ packet->_header->_ad = ad;
++}
++
++void
++ldns_pkt_set_opcode(ldns_pkt *packet, ldns_pkt_opcode opcode)
++{
++ packet->_header->_opcode = opcode;
++}
++
++void
++ldns_pkt_set_rcode(ldns_pkt *packet, uint8_t rcode)
++{
++ packet->_header->_rcode = rcode;
++}
++
++void
++ldns_pkt_set_qdcount(ldns_pkt *packet, uint16_t qdcount)
++{
++ packet->_header->_qdcount = qdcount;
++}
++
++void
++ldns_pkt_set_ancount(ldns_pkt *packet, uint16_t ancount)
++{
++ packet->_header->_ancount = ancount;
++}
++
++void
++ldns_pkt_set_nscount(ldns_pkt *packet, uint16_t nscount)
++{
++ packet->_header->_nscount = nscount;
++}
++
++void
++ldns_pkt_set_arcount(ldns_pkt *packet, uint16_t arcount)
++{
++ packet->_header->_arcount = arcount;
++}
++
++void
++ldns_pkt_set_querytime(ldns_pkt *packet, uint32_t time)
++{
++ packet->_querytime = time;
++}
++
++void
++ldns_pkt_set_answerfrom(ldns_pkt *packet, ldns_rdf *answerfrom)
++{
++ packet->_answerfrom = answerfrom;
++}
++
++void
++ldns_pkt_set_timestamp(ldns_pkt *packet, struct timeval timeval)
++{
++ packet->timestamp.tv_sec = timeval.tv_sec;
++ packet->timestamp.tv_usec = timeval.tv_usec;
++}
++
++void
++ldns_pkt_set_size(ldns_pkt *packet, size_t s)
++{
++ packet->_size = s;
++}
++
++void
++ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s)
++{
++ packet->_edns_udp_size = s;
++}
++
++void
++ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c)
++{
++ packet->_edns_extended_rcode = c;
++}
++
++void
++ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v)
++{
++ packet->_edns_version = v;
++}
++
++void
++ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z)
++{
++ packet->_edns_z = z;
++}
++
++void
++ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data)
++{
++ packet->_edns_data = data;
++}
++
++void
++ldns_pkt_set_section_count(ldns_pkt *packet, ldns_pkt_section s, uint16_t count)
++{
++ switch(s) {
++ case LDNS_SECTION_QUESTION:
++ ldns_pkt_set_qdcount(packet, count);
++ break;
++ case LDNS_SECTION_ANSWER:
++ ldns_pkt_set_ancount(packet, count);
++ break;
++ case LDNS_SECTION_AUTHORITY:
++ ldns_pkt_set_nscount(packet, count);
++ break;
++ case LDNS_SECTION_ADDITIONAL:
++ ldns_pkt_set_arcount(packet, count);
++ break;
++ case LDNS_SECTION_ANY:
++ case LDNS_SECTION_ANY_NOQUESTION:
++ break;
++ }
++}
++
++void ldns_pkt_set_tsig(ldns_pkt *pkt, ldns_rr *rr)
++{
++ pkt->_tsig_rr = rr;
++}
++
++bool
++ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr)
++{
++ switch(section) {
++ case LDNS_SECTION_QUESTION:
++ if (!ldns_rr_list_push_rr(ldns_pkt_question(packet), rr)) {
++ return false;
++ }
++ ldns_pkt_set_qdcount(packet, ldns_pkt_qdcount(packet) + 1);
++ break;
++ case LDNS_SECTION_ANSWER:
++ if (!ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr)) {
++ return false;
++ }
++ ldns_pkt_set_ancount(packet, ldns_pkt_ancount(packet) + 1);
++ break;
++ case LDNS_SECTION_AUTHORITY:
++ if (!ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr)) {
++ return false;
++ }
++ ldns_pkt_set_nscount(packet, ldns_pkt_nscount(packet) + 1);
++ break;
++ case LDNS_SECTION_ADDITIONAL:
++ if (!ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr)) {
++ return false;
++ }
++ ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) + 1);
++ break;
++ case LDNS_SECTION_ANY:
++ case LDNS_SECTION_ANY_NOQUESTION:
++ /* shouldn't this error? */
++ break;
++ }
++ return true;
++}
++
++bool
++ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr)
++{
++
++ /* check to see if its there */
++ if (ldns_pkt_rr(pkt, sec, rr)) {
++ /* already there */
++ return false;
++ }
++ return ldns_pkt_push_rr(pkt, sec, rr);
++}
++
++bool
++ldns_pkt_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list)
++{
++ size_t i;
++ for(i = 0; i < ldns_rr_list_rr_count(list); i++) {
++ if (!ldns_pkt_push_rr(p, s, ldns_rr_list_rr(list, i))) {
++ return false;
++ }
++ }
++ return true;
++}
++
++bool
++ldns_pkt_safe_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list)
++{
++ size_t i;
++ for(i = 0; i < ldns_rr_list_rr_count(list); i++) {
++ if (!ldns_pkt_safe_push_rr(p, s, ldns_rr_list_rr(list, i))) {
++ return false;
++ }
++ }
++ return true;
++}
++
++bool
++ldns_pkt_edns(const ldns_pkt *pkt) {
++ return (ldns_pkt_edns_udp_size(pkt) > 0 ||
++ ldns_pkt_edns_extended_rcode(pkt) > 0 ||
++ ldns_pkt_edns_data(pkt) ||
++ ldns_pkt_edns_do(pkt) ||
++ pkt->_edns_present
++ );
++}
++
++
++/* Create/destroy/convert functions
++ */
++ldns_pkt *
++ldns_pkt_new(void)
++{
++ ldns_pkt *packet;
++ packet = LDNS_MALLOC(ldns_pkt);
++ if (!packet) {
++ return NULL;
++ }
++
++ packet->_header = LDNS_MALLOC(ldns_hdr);
++ if (!packet->_header) {
++ LDNS_FREE(packet);
++ return NULL;
++ }
++
++ packet->_question = ldns_rr_list_new();
++ packet->_answer = ldns_rr_list_new();
++ packet->_authority = ldns_rr_list_new();
++ packet->_additional = ldns_rr_list_new();
++
++ /* default everything to false */
++ ldns_pkt_set_qr(packet, false);
++ ldns_pkt_set_aa(packet, false);
++ ldns_pkt_set_tc(packet, false);
++ ldns_pkt_set_rd(packet, false);
++ ldns_pkt_set_ra(packet, false);
++ ldns_pkt_set_ad(packet, false);
++ ldns_pkt_set_cd(packet, false);
++
++ ldns_pkt_set_opcode(packet, LDNS_PACKET_QUERY);
++ ldns_pkt_set_rcode(packet, 0);
++ ldns_pkt_set_id(packet, 0);
++ ldns_pkt_set_size(packet, 0);
++ ldns_pkt_set_querytime(packet, 0);
++ memset(&packet->timestamp, 0, sizeof(packet->timestamp));
++ ldns_pkt_set_answerfrom(packet, NULL);
++ ldns_pkt_set_section_count(packet, LDNS_SECTION_QUESTION, 0);
++ ldns_pkt_set_section_count(packet, LDNS_SECTION_ANSWER, 0);
++ ldns_pkt_set_section_count(packet, LDNS_SECTION_AUTHORITY, 0);
++ ldns_pkt_set_section_count(packet, LDNS_SECTION_ADDITIONAL, 0);
++
++ ldns_pkt_set_edns_udp_size(packet, 0);
++ ldns_pkt_set_edns_extended_rcode(packet, 0);
++ ldns_pkt_set_edns_version(packet, 0);
++ ldns_pkt_set_edns_z(packet, 0);
++ ldns_pkt_set_edns_data(packet, NULL);
++ packet->_edns_present = false;
++
++ ldns_pkt_set_tsig(packet, NULL);
++
++ return packet;
++}
++
++void
++ldns_pkt_free(ldns_pkt *packet)
++{
++ if (packet) {
++ LDNS_FREE(packet->_header);
++ ldns_rr_list_deep_free(packet->_question);
++ ldns_rr_list_deep_free(packet->_answer);
++ ldns_rr_list_deep_free(packet->_authority);
++ ldns_rr_list_deep_free(packet->_additional);
++ ldns_rr_free(packet->_tsig_rr);
++ ldns_rdf_deep_free(packet->_edns_data);
++ ldns_rdf_deep_free(packet->_answerfrom);
++ LDNS_FREE(packet);
++ }
++}
++
++bool
++ldns_pkt_set_flags(ldns_pkt *packet, uint16_t flags)
++{
++ if (!packet) {
++ return false;
++ }
++ if ((flags & LDNS_QR) == LDNS_QR) {
++ ldns_pkt_set_qr(packet, true);
++ }
++ if ((flags & LDNS_AA) == LDNS_AA) {
++ ldns_pkt_set_aa(packet, true);
++ }
++ if ((flags & LDNS_RD) == LDNS_RD) {
++ ldns_pkt_set_rd(packet, true);
++ }
++ if ((flags & LDNS_TC) == LDNS_TC) {
++ ldns_pkt_set_tc(packet, true);
++ }
++ if ((flags & LDNS_CD) == LDNS_CD) {
++ ldns_pkt_set_cd(packet, true);
++ }
++ if ((flags & LDNS_RA) == LDNS_RA) {
++ ldns_pkt_set_ra(packet, true);
++ }
++ if ((flags & LDNS_AD) == LDNS_AD) {
++ ldns_pkt_set_ad(packet, true);
++ }
++ return true;
++}
++
++
++static ldns_rr*
++ldns_pkt_authsoa(ldns_rdf* rr_name, ldns_rr_class rr_class)
++{
++ ldns_rr* soa_rr = ldns_rr_new();
++ ldns_rdf *owner_rdf;
++ ldns_rdf *mname_rdf;
++ ldns_rdf *rname_rdf;
++ ldns_rdf *serial_rdf;
++ ldns_rdf *refresh_rdf;
++ ldns_rdf *retry_rdf;
++ ldns_rdf *expire_rdf;
++ ldns_rdf *minimum_rdf;
++
++ if (!soa_rr) {
++ return NULL;
++ }
++ owner_rdf = ldns_rdf_clone(rr_name);
++ if (!owner_rdf) {
++ ldns_rr_free(soa_rr);
++ return NULL;
++ }
++
++ ldns_rr_set_owner(soa_rr, owner_rdf);
++ ldns_rr_set_type(soa_rr, LDNS_RR_TYPE_SOA);
++ ldns_rr_set_class(soa_rr, rr_class);
++ ldns_rr_set_question(soa_rr, false);
++
++ if (ldns_str2rdf_dname(&mname_rdf, ".") != LDNS_STATUS_OK) {
++ ldns_rr_free(soa_rr);
++ return NULL;
++ } else {
++ ldns_rr_push_rdf(soa_rr, mname_rdf);
++ }
++ if (ldns_str2rdf_dname(&rname_rdf, ".") != LDNS_STATUS_OK) {
++ ldns_rr_free(soa_rr);
++ return NULL;
++ } else {
++ ldns_rr_push_rdf(soa_rr, rname_rdf);
++ }
++ serial_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
++ if (!serial_rdf) {
++ ldns_rr_free(soa_rr);
++ return NULL;
++ } else {
++ ldns_rr_push_rdf(soa_rr, serial_rdf);
++ }
++ refresh_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
++ if (!refresh_rdf) {
++ ldns_rr_free(soa_rr);
++ return NULL;
++ } else {
++ ldns_rr_push_rdf(soa_rr, refresh_rdf);
++ }
++ retry_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
++ if (!retry_rdf) {
++ ldns_rr_free(soa_rr);
++ return NULL;
++ } else {
++ ldns_rr_push_rdf(soa_rr, retry_rdf);
++ }
++ expire_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
++ if (!expire_rdf) {
++ ldns_rr_free(soa_rr);
++ return NULL;
++ } else {
++ ldns_rr_push_rdf(soa_rr, expire_rdf);
++ }
++ minimum_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
++ if (!minimum_rdf) {
++ ldns_rr_free(soa_rr);
++ return NULL;
++ } else {
++ ldns_rr_push_rdf(soa_rr, minimum_rdf);
++ }
++ return soa_rr;
++}
++
++
++static ldns_status
++ldns_pkt_query_new_frm_str_internal(ldns_pkt **p, const char *name,
++ ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags,
++ ldns_rr* authsoa_rr)
++{
++ ldns_pkt *packet;
++ ldns_rr *question_rr;
++ ldns_rdf *name_rdf;
++
++ packet = ldns_pkt_new();
++ if (!packet) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ if (!ldns_pkt_set_flags(packet, flags)) {
++ return LDNS_STATUS_ERR;
++ }
++
++ question_rr = ldns_rr_new();
++ if (!question_rr) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ if (rr_type == 0) {
++ rr_type = LDNS_RR_TYPE_A;
++ }
++ if (rr_class == 0) {
++ rr_class = LDNS_RR_CLASS_IN;
++ }
++
++ if (ldns_str2rdf_dname(&name_rdf, name) == LDNS_STATUS_OK) {
++ ldns_rr_set_owner(question_rr, name_rdf);
++ ldns_rr_set_type(question_rr, rr_type);
++ ldns_rr_set_class(question_rr, rr_class);
++ ldns_rr_set_question(question_rr, true);
++
++ ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr);
++ } else {
++ ldns_rr_free(question_rr);
++ ldns_pkt_free(packet);
++ return LDNS_STATUS_ERR;
++ }
++
++ if (authsoa_rr) {
++ ldns_pkt_push_rr(packet, LDNS_SECTION_AUTHORITY, authsoa_rr);
++ }
++
++ packet->_tsig_rr = NULL;
++ ldns_pkt_set_answerfrom(packet, NULL);
++ if (p) {
++ *p = packet;
++ return LDNS_STATUS_OK;
++ } else {
++ ldns_pkt_free(packet);
++ return LDNS_STATUS_NULL;
++ }
++}
++
++ldns_status
++ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *name,
++ ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags)
++{
++ return ldns_pkt_query_new_frm_str_internal(p, name, rr_type,
++ rr_class, flags, NULL);
++}
++
++ldns_status
++ldns_pkt_ixfr_request_new_frm_str(ldns_pkt **p, const char *name,
++ ldns_rr_class rr_class, uint16_t flags, ldns_rr *soa)
++{
++ ldns_rr* authsoa_rr = soa;
++ if (!authsoa_rr) {
++ ldns_rdf *name_rdf;
++ if (ldns_str2rdf_dname(&name_rdf, name) == LDNS_STATUS_OK) {
++ authsoa_rr = ldns_pkt_authsoa(name_rdf, rr_class);
++ }
++ ldns_rdf_free(name_rdf);
++ }
++ return ldns_pkt_query_new_frm_str_internal(p, name, LDNS_RR_TYPE_IXFR,
++ rr_class, flags, authsoa_rr);
++}
++
++static ldns_pkt *
++ldns_pkt_query_new_internal(ldns_rdf *rr_name, ldns_rr_type rr_type,
++ ldns_rr_class rr_class, uint16_t flags, ldns_rr* authsoa_rr)
++{
++ ldns_pkt *packet;
++ ldns_rr *question_rr;
++
++ packet = ldns_pkt_new();
++ if (!packet) {
++ return NULL;
++ }
++
++ if (!ldns_pkt_set_flags(packet, flags)) {
++ return NULL;
++ }
++
++ question_rr = ldns_rr_new();
++ if (!question_rr) {
++ ldns_pkt_free(packet);
++ return NULL;
++ }
++
++ if (rr_type == 0) {
++ rr_type = LDNS_RR_TYPE_A;
++ }
++ if (rr_class == 0) {
++ rr_class = LDNS_RR_CLASS_IN;
++ }
++
++ ldns_rr_set_owner(question_rr, rr_name);
++ ldns_rr_set_type(question_rr, rr_type);
++ ldns_rr_set_class(question_rr, rr_class);
++ ldns_rr_set_question(question_rr, true);
++ ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr);
++
++ if (authsoa_rr) {
++ ldns_pkt_push_rr(packet, LDNS_SECTION_AUTHORITY, authsoa_rr);
++ }
++
++ packet->_tsig_rr = NULL;
++ return packet;
++}
++
++ldns_pkt *
++ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type,
++ ldns_rr_class rr_class, uint16_t flags)
++{
++ return ldns_pkt_query_new_internal(rr_name, rr_type,
++ rr_class, flags, NULL);
++}
++
++ldns_pkt *
++ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class,
++ uint16_t flags, ldns_rr* soa)
++{
++ ldns_rr* authsoa_rr = soa;
++ if (!authsoa_rr) {
++ authsoa_rr = ldns_pkt_authsoa(rr_name, rr_class);
++ }
++ return ldns_pkt_query_new_internal(rr_name, LDNS_RR_TYPE_IXFR,
++ rr_class, flags, authsoa_rr);
++}
++
++ldns_pkt_type
++ldns_pkt_reply_type(ldns_pkt *p)
++{
++ ldns_rr_list *tmp;
++
++ if (!p) {
++ return LDNS_PACKET_UNKNOWN;
++ }
++
++ if (ldns_pkt_get_rcode(p) == LDNS_RCODE_NXDOMAIN) {
++ return LDNS_PACKET_NXDOMAIN;
++ }
++
++ if (ldns_pkt_ancount(p) == 0 && ldns_pkt_arcount(p) == 0
++ && ldns_pkt_nscount(p) == 1) {
++
++ /* check for SOA */
++ tmp = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_SOA,
++ LDNS_SECTION_AUTHORITY);
++ if (tmp) {
++ ldns_rr_list_deep_free(tmp);
++ return LDNS_PACKET_NODATA;
++ } else {
++ /* I have no idea ... */
++ }
++ }
++
++ if (ldns_pkt_ancount(p) == 0 && ldns_pkt_nscount(p) > 0) {
++ tmp = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NS,
++ LDNS_SECTION_AUTHORITY);
++ if (tmp) {
++ /* there are nameservers here */
++ ldns_rr_list_deep_free(tmp);
++ return LDNS_PACKET_REFERRAL;
++ } else {
++ /* I have no idea */
++ }
++ ldns_rr_list_deep_free(tmp);
++ }
++
++ /* if we cannot determine the packet type, we say it's an
++ * answer...
++ */
++ return LDNS_PACKET_ANSWER;
++}
++
++ldns_pkt *
++ldns_pkt_clone(const ldns_pkt *pkt)
++{
++ ldns_pkt *new_pkt;
++
++ if (!pkt) {
++ return NULL;
++ }
++ new_pkt = ldns_pkt_new();
++
++ ldns_pkt_set_id(new_pkt, ldns_pkt_id(pkt));
++ ldns_pkt_set_qr(new_pkt, ldns_pkt_qr(pkt));
++ ldns_pkt_set_aa(new_pkt, ldns_pkt_aa(pkt));
++ ldns_pkt_set_tc(new_pkt, ldns_pkt_tc(pkt));
++ ldns_pkt_set_rd(new_pkt, ldns_pkt_rd(pkt));
++ ldns_pkt_set_cd(new_pkt, ldns_pkt_cd(pkt));
++ ldns_pkt_set_ra(new_pkt, ldns_pkt_ra(pkt));
++ ldns_pkt_set_ad(new_pkt, ldns_pkt_ad(pkt));
++ ldns_pkt_set_opcode(new_pkt, ldns_pkt_get_opcode(pkt));
++ ldns_pkt_set_rcode(new_pkt, ldns_pkt_get_rcode(pkt));
++ ldns_pkt_set_qdcount(new_pkt, ldns_pkt_qdcount(pkt));
++ ldns_pkt_set_ancount(new_pkt, ldns_pkt_ancount(pkt));
++ ldns_pkt_set_nscount(new_pkt, ldns_pkt_nscount(pkt));
++ ldns_pkt_set_arcount(new_pkt, ldns_pkt_arcount(pkt));
++ if (ldns_pkt_answerfrom(pkt))
++ ldns_pkt_set_answerfrom(new_pkt,
++ ldns_rdf_clone(ldns_pkt_answerfrom(pkt)));
++ ldns_pkt_set_timestamp(new_pkt, ldns_pkt_timestamp(pkt));
++ ldns_pkt_set_querytime(new_pkt, ldns_pkt_querytime(pkt));
++ ldns_pkt_set_size(new_pkt, ldns_pkt_size(pkt));
++ ldns_pkt_set_tsig(new_pkt, ldns_rr_clone(ldns_pkt_tsig(pkt)));
++
++ ldns_pkt_set_edns_udp_size(new_pkt, ldns_pkt_edns_udp_size(pkt));
++ ldns_pkt_set_edns_extended_rcode(new_pkt,
++ ldns_pkt_edns_extended_rcode(pkt));
++ ldns_pkt_set_edns_version(new_pkt, ldns_pkt_edns_version(pkt));
++ new_pkt->_edns_present = pkt->_edns_present;
++ ldns_pkt_set_edns_z(new_pkt, ldns_pkt_edns_z(pkt));
++ if(ldns_pkt_edns_data(pkt))
++ ldns_pkt_set_edns_data(new_pkt,
++ ldns_rdf_clone(ldns_pkt_edns_data(pkt)));
++ ldns_pkt_set_edns_do(new_pkt, ldns_pkt_edns_do(pkt));
++
++ ldns_rr_list_deep_free(new_pkt->_question);
++ ldns_rr_list_deep_free(new_pkt->_answer);
++ ldns_rr_list_deep_free(new_pkt->_authority);
++ ldns_rr_list_deep_free(new_pkt->_additional);
++ new_pkt->_question = ldns_rr_list_clone(ldns_pkt_question(pkt));
++ new_pkt->_answer = ldns_rr_list_clone(ldns_pkt_answer(pkt));
++ new_pkt->_authority = ldns_rr_list_clone(ldns_pkt_authority(pkt));
++ new_pkt->_additional = ldns_rr_list_clone(ldns_pkt_additional(pkt));
++ return new_pkt;
++}
+diff --git a/ldns/src/parse.c b/ldns/src/parse.c
+new file mode 100644
+index 0000000..e68627c
+--- /dev/null
++++ b/ldns/src/parse.c
+@@ -0,0 +1,434 @@
++/*
++ * a generic (simple) parser. Use to parse rr's, private key
++ * information and /etc/resolv.conf files
++ *
++ * a Net::DNS like library for C
++ * LibDNS Team @ NLnet Labs
++ * (c) NLnet Labs, 2005-2006
++ * See the file LICENSE for the license
++ */
++#include <ldns/config.h>
++#include <ldns/ldns.h>
++
++#include <limits.h>
++#include <strings.h>
++
++ldns_lookup_table ldns_directive_types[] = {
++ { LDNS_DIR_TTL, "$TTL" },
++ { LDNS_DIR_ORIGIN, "$ORIGIN" },
++ { LDNS_DIR_INCLUDE, "$INCLUDE" },
++ { 0, NULL }
++};
++
++/* add max_limit here? */
++ssize_t
++ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit)
++{
++ return ldns_fget_token_l(f, token, delim, limit, NULL);
++}
++
++ssize_t
++ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
++{
++ int c, prev_c;
++ int p; /* 0 -> no parenthese seen, >0 nr of ( seen */
++ int com, quoted;
++ char *t;
++ size_t i;
++ const char *d;
++ const char *del;
++
++ /* standard delimeters */
++ if (!delim) {
++ /* from isspace(3) */
++ del = LDNS_PARSE_NORMAL;
++ } else {
++ del = delim;
++ }
++
++ p = 0;
++ i = 0;
++ com = 0;
++ quoted = 0;
++ prev_c = 0;
++ t = token;
++ if (del[0] == '"') {
++ quoted = 1;
++ }
++ while ((c = getc(f)) != EOF) {
++ if (c == '\r') /* carriage return */
++ c = ' ';
++ if (c == '(' && prev_c != '\\' && !quoted) {
++ /* this only counts for non-comments */
++ if (com == 0) {
++ p++;
++ }
++ prev_c = c;
++ continue;
++ }
++
++ if (c == ')' && prev_c != '\\' && !quoted) {
++ /* this only counts for non-comments */
++ if (com == 0) {
++ p--;
++ }
++ prev_c = c;
++ continue;
++ }
++
++ if (p < 0) {
++ /* more ) then ( - close off the string */
++ *t = '\0';
++ return 0;
++ }
++
++ /* do something with comments ; */
++ if (c == ';' && quoted == 0) {
++ if (prev_c != '\\') {
++ com = 1;
++ }
++ }
++ if (c == '\"' && com == 0 && prev_c != '\\') {
++ quoted = 1 - quoted;
++ }
++
++ if (c == '\n' && com != 0) {
++ /* comments */
++ com = 0;
++ *t = ' ';
++ if (line_nr) {
++ *line_nr = *line_nr + 1;
++ }
++ if (p == 0 && i > 0) {
++ goto tokenread;
++ } else {
++ prev_c = c;
++ continue;
++ }
++ }
++
++ if (com == 1) {
++ *t = ' ';
++ prev_c = c;
++ continue;
++ }
++
++ if (c == '\n' && p != 0 && t > token) {
++ /* in parentheses */
++ if (line_nr) {
++ *line_nr = *line_nr + 1;
++ }
++ *t++ = ' ';
++ prev_c = c;
++ continue;
++ }
++
++ /* check if we hit the delim */
++ for (d = del; *d; d++) {
++ if (c == *d && i > 0 && prev_c != '\\' && p == 0) {
++ if (c == '\n' && line_nr) {
++ *line_nr = *line_nr + 1;
++ }
++ goto tokenread;
++ }
++ }
++ if (c != '\0' && c != '\n') {
++ i++;
++ }
++ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
++ *t = '\0';
++ return -1;
++ }
++ if (c != '\0' && c != '\n') {
++ *t++ = c;
++ }
++ if (c == '\\' && prev_c == '\\')
++ prev_c = 0;
++ else prev_c = c;
++ }
++ *t = '\0';
++ if (c == EOF) {
++ return (ssize_t)i;
++ }
++
++ if (i == 0) {
++ /* nothing read */
++ return -1;
++ }
++ if (p != 0) {
++ return -1;
++ }
++ return (ssize_t)i;
++
++tokenread:
++ if(*del == '"') /* do not skip over quotes, they are significant */
++ ldns_fskipcs_l(f, del+1, line_nr);
++ else ldns_fskipcs_l(f, del, line_nr);
++ *t = '\0';
++ if (p != 0) {
++ return -1;
++ }
++
++ return (ssize_t)i;
++}
++
++ssize_t
++ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data,
++ const char *d_del, size_t data_limit)
++{
++ return ldns_fget_keyword_data_l(f, keyword, k_del, data, d_del,
++ data_limit, NULL);
++}
++
++ssize_t
++ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data,
++ const char *d_del, size_t data_limit, int *line_nr)
++{
++ /* we assume: keyword|sep|data */
++ char *fkeyword;
++ ssize_t i;
++
++ if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN)
++ return -1;
++ fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN);
++ if(!fkeyword)
++ return -1;
++
++ i = ldns_fget_token(f, fkeyword, k_del, LDNS_MAX_KEYWORDLEN);
++ if(i==0 || i==-1) {
++ LDNS_FREE(fkeyword);
++ return -1;
++ }
++
++ /* case??? i instead of strlen? */
++ if (strncmp(fkeyword, keyword, LDNS_MAX_KEYWORDLEN - 1) == 0) {
++ /* whee! */
++ /* printf("%s\n%s\n", "Matching keyword", fkeyword); */
++ i = ldns_fget_token_l(f, data, d_del, data_limit, line_nr);
++ LDNS_FREE(fkeyword);
++ return i;
++ } else {
++ /*printf("no match for %s (read: %s)\n", keyword, fkeyword);*/
++ LDNS_FREE(fkeyword);
++ return -1;
++ }
++}
++
++
++ssize_t
++ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit)
++{
++ int c, lc;
++ int p; /* 0 -> no parenthese seen, >0 nr of ( seen */
++ int com, quoted;
++ char *t;
++ size_t i;
++ const char *d;
++ const char *del;
++
++ /* standard delimiters */
++ if (!delim) {
++ /* from isspace(3) */
++ del = LDNS_PARSE_NORMAL;
++ } else {
++ del = delim;
++ }
++
++ p = 0;
++ i = 0;
++ com = 0;
++ quoted = 0;
++ t = token;
++ lc = 0;
++ if (del[0] == '"') {
++ quoted = 1;
++ }
++
++ while ((c = ldns_bgetc(b)) != EOF) {
++ if (c == '\r') /* carriage return */
++ c = ' ';
++ if (c == '(' && lc != '\\' && !quoted) {
++ /* this only counts for non-comments */
++ if (com == 0) {
++ p++;
++ }
++ lc = c;
++ continue;
++ }
++
++ if (c == ')' && lc != '\\' && !quoted) {
++ /* this only counts for non-comments */
++ if (com == 0) {
++ p--;
++ }
++ lc = c;
++ continue;
++ }
++
++ if (p < 0) {
++ /* more ) then ( */
++ *t = '\0';
++ return 0;
++ }
++
++ /* do something with comments ; */
++ if (c == ';' && quoted == 0) {
++ if (lc != '\\') {
++ com = 1;
++ }
++ }
++ if (c == '"' && com == 0 && lc != '\\') {
++ quoted = 1 - quoted;
++ }
++
++ if (c == '\n' && com != 0) {
++ /* comments */
++ com = 0;
++ *t = ' ';
++ lc = c;
++ continue;
++ }
++
++ if (com == 1) {
++ *t = ' ';
++ lc = c;
++ continue;
++ }
++
++ if (c == '\n' && p != 0) {
++ /* in parentheses */
++ *t++ = ' ';
++ lc = c;
++ continue;
++ }
++
++ /* check if we hit the delim */
++ for (d = del; *d; d++) {
++ if (c == *d && lc != '\\' && p == 0) {
++ goto tokenread;
++ }
++ }
++
++ i++;
++ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
++ *t = '\0';
++ return -1;
++ }
++ *t++ = c;
++
++ if (c == '\\' && lc == '\\') {
++ lc = 0;
++ } else {
++ lc = c;
++ }
++ }
++ *t = '\0';
++ if (i == 0) {
++ /* nothing read */
++ return -1;
++ }
++ if (p != 0) {
++ return -1;
++ }
++ return (ssize_t)i;
++
++tokenread:
++ if(*del == '"') /* do not skip over quotes, they are significant */
++ ldns_bskipcs(b, del+1);
++ else ldns_bskipcs(b, del);
++ *t = '\0';
++
++ if (p != 0) {
++ return -1;
++ }
++ return (ssize_t)i;
++}
++
++
++void
++ldns_bskipcs(ldns_buffer *buffer, const char *s)
++{
++ bool found;
++ char c;
++ const char *d;
++
++ while(ldns_buffer_available_at(buffer, buffer->_position, sizeof(char))) {
++ c = (char) ldns_buffer_read_u8_at(buffer, buffer->_position);
++ found = false;
++ for (d = s; *d; d++) {
++ if (*d == c) {
++ found = true;
++ }
++ }
++ if (found && buffer->_limit > buffer->_position) {
++ buffer->_position += sizeof(char);
++ } else {
++ return;
++ }
++ }
++}
++
++void
++ldns_fskipcs(FILE *fp, const char *s)
++{
++ ldns_fskipcs_l(fp, s, NULL);
++}
++
++void
++ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr)
++{
++ bool found;
++ int c;
++ const char *d;
++
++ while ((c = fgetc(fp)) != EOF) {
++ if (line_nr && c == '\n') {
++ *line_nr = *line_nr + 1;
++ }
++ found = false;
++ for (d = s; *d; d++) {
++ if (*d == c) {
++ found = true;
++ }
++ }
++ if (!found) {
++ /* with getc, we've read too far */
++ ungetc(c, fp);
++ return;
++ }
++ }
++}
++
++ssize_t
++ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char
++*data, const char *d_del, size_t data_limit)
++{
++ /* we assume: keyword|sep|data */
++ char *fkeyword;
++ ssize_t i;
++
++ if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN)
++ return -1;
++ fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN);
++ if(!fkeyword)
++ return -1; /* out of memory */
++
++ i = ldns_bget_token(b, fkeyword, k_del, data_limit);
++ if(i==0 || i==-1) {
++ LDNS_FREE(fkeyword);
++ return -1; /* nothing read */
++ }
++
++ /* case??? */
++ if (strncmp(fkeyword, keyword, strlen(keyword)) == 0) {
++ LDNS_FREE(fkeyword);
++ /* whee, the match! */
++ /* retrieve it's data */
++ i = ldns_bget_token(b, data, d_del, 0);
++ return i;
++ } else {
++ LDNS_FREE(fkeyword);
++ return -1;
++ }
++}
++
+diff --git a/ldns/src/radix.c b/ldns/src/radix.c
+new file mode 100644
+index 0000000..7aac258
+--- /dev/null
++++ b/ldns/src/radix.c
+@@ -0,0 +1,1590 @@
++/*
++ * radix.c -- generic radix tree
++ *
++ * Taken from NSD4, modified for ldns
++ *
++ * Copyright (c) 2012, NLnet Labs. All rights reserved.
++ *
++ * This software is open source.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * Redistributions of source code must retain the above copyright notice,
++ * this list of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice,
++ * this list of conditions and the following disclaimer in the documentation
++ * and/or other materials provided with the distribution.
++ *
++ * Neither the name of the NLNET LABS nor the names of its contributors may
++ * be used to endorse or promote products derived from this software without
++ * specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
++ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
++ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
++ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++/**
++ * \file
++ * Implementation of a radix tree.
++ */
++
++#include <ldns/config.h>
++#include <ldns/radix.h>
++#include <ldns/util.h>
++#include <stdlib.h>
++
++/** Helper functions */
++static ldns_radix_node_t* ldns_radix_new_node(void* data, uint8_t* key,
++ radix_strlen_t len);
++static int ldns_radix_find_prefix(ldns_radix_t* tree, uint8_t* key,
++ radix_strlen_t len, ldns_radix_node_t** result, radix_strlen_t* pos);
++static int ldns_radix_array_space(ldns_radix_node_t* node, uint8_t byte);
++static int ldns_radix_array_grow(ldns_radix_node_t* node, unsigned need);
++static int ldns_radix_str_create(ldns_radix_array_t* array, uint8_t* key,
++ radix_strlen_t pos, radix_strlen_t len);
++static int ldns_radix_prefix_remainder(radix_strlen_t prefix_len,
++ uint8_t* longer_str, radix_strlen_t longer_len, uint8_t** split_str,
++ radix_strlen_t* split_len);
++static int ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key,
++ radix_strlen_t pos, radix_strlen_t len, ldns_radix_node_t* add);
++static int ldns_radix_str_is_prefix(uint8_t* str1, radix_strlen_t len1,
++ uint8_t* str2, radix_strlen_t len2);
++static radix_strlen_t ldns_radix_str_common(uint8_t* str1, radix_strlen_t len1,
++ uint8_t* str2, radix_strlen_t len2);
++static ldns_radix_node_t* ldns_radix_next_in_subtree(ldns_radix_node_t* node);
++static ldns_radix_node_t* ldns_radix_prev_from_index(ldns_radix_node_t* node,
++ uint8_t index);
++static ldns_radix_node_t* ldns_radix_last_in_subtree_incl_self(
++ ldns_radix_node_t* node);
++static ldns_radix_node_t* ldns_radix_last_in_subtree(ldns_radix_node_t* node);
++static void ldns_radix_del_fix(ldns_radix_t* tree, ldns_radix_node_t* node);
++static void ldns_radix_cleanup_onechild(ldns_radix_node_t* node);
++static void ldns_radix_cleanup_leaf(ldns_radix_node_t* node);
++static void ldns_radix_node_free(ldns_radix_node_t* node, void* arg);
++static void ldns_radix_node_array_free(ldns_radix_node_t* node);
++static void ldns_radix_node_array_free_front(ldns_radix_node_t* node);
++static void ldns_radix_node_array_free_end(ldns_radix_node_t* node);
++static void ldns_radix_array_reduce(ldns_radix_node_t* node);
++static void ldns_radix_self_or_prev(ldns_radix_node_t* node,
++ ldns_radix_node_t** result);
++
++
++/**
++ * Create a new radix node.
++ *
++ */
++static ldns_radix_node_t*
++ldns_radix_new_node(void* data, uint8_t* key, radix_strlen_t len)
++{
++ ldns_radix_node_t* node = LDNS_MALLOC(ldns_radix_node_t);
++ if (!node) {
++ return NULL;
++ }
++ node->data = data;
++ node->key = key;
++ node->klen = len;
++ node->parent = NULL;
++ node->parent_index = 0;
++ node->len = 0;
++ node->offset = 0;
++ node->capacity = 0;
++ node->array = NULL;
++ return node;
++}
++
++
++/**
++ * Create a new radix tree.
++ *
++ */
++ldns_radix_t *
++ldns_radix_create(void)
++{
++ ldns_radix_t* tree;
++
++ /** Allocate memory for it */
++ tree = (ldns_radix_t *) LDNS_MALLOC(ldns_radix_t);
++ if (!tree) {
++ return NULL;
++ }
++ /** Initialize it */
++ ldns_radix_init(tree);
++ return tree;
++}
++
++
++/**
++ * Initialize radix tree.
++ *
++ */
++void
++ldns_radix_init(ldns_radix_t* tree)
++{
++ /** Initialize it */
++ if (tree) {
++ tree->root = NULL;
++ tree->count = 0;
++ }
++ return;
++}
++
++
++/**
++ * Free radix tree.
++ *
++ */
++void
++ldns_radix_free(ldns_radix_t* tree)
++{
++ if (tree) {
++ if (tree->root) {
++ ldns_radix_traverse_postorder(tree->root,
++ ldns_radix_node_free, NULL);
++ }
++ LDNS_FREE(tree);
++ }
++ return;
++}
++
++
++/**
++ * Insert data into the tree.
++ *
++ */
++ldns_status
++ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len,
++ void* data)
++{
++ radix_strlen_t pos = 0;
++ ldns_radix_node_t* add = NULL;
++ ldns_radix_node_t* prefix = NULL;
++
++ if (!tree || !key || !data) {
++ return LDNS_STATUS_NULL;
++ }
++ add = ldns_radix_new_node(data, key, len);
++ if (!add) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ /** Search the trie until we can make no further process. */
++ if (!ldns_radix_find_prefix(tree, key, len, &prefix, &pos)) {
++ /** No prefix found */
++ assert(tree->root == NULL);
++ if (len == 0) {
++ /**
++ * Example 1: The root:
++ * | [0]
++ **/
++ tree->root = add;
++ } else {
++ /** Example 2: 'dns':
++ * | [0]
++ * --| [d+ns] dns
++ **/
++ prefix = ldns_radix_new_node(NULL, (uint8_t*)"", 0);
++ if (!prefix) {
++ LDNS_FREE(add);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ /** Find some space in the array for the first byte */
++ if (!ldns_radix_array_space(prefix, key[0])) {
++ LDNS_FREE(add);
++ LDNS_FREE(prefix->array);
++ LDNS_FREE(prefix);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ /** Set relational pointers */
++ add->parent = prefix;
++ add->parent_index = 0;
++ prefix->array[0].edge = add;
++ if (len > 1) {
++ /** Store the remainder of the prefix */
++ if (!ldns_radix_prefix_remainder(1, key,
++ len, &prefix->array[0].str,
++ &prefix->array[0].len)) {
++ LDNS_FREE(add);
++ LDNS_FREE(prefix->array);
++ LDNS_FREE(prefix);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ }
++ tree->root = prefix;
++ }
++ } else if (pos == len) {
++ /** Exact match found */
++ if (prefix->data) {
++ /* Element already exists */
++ LDNS_FREE(add);
++ return LDNS_STATUS_EXISTS_ERR;
++ }
++ prefix->data = data;
++ prefix->key = key;
++ prefix->klen = len; /* redundant */
++ } else {
++ /** Prefix found */
++ uint8_t byte = key[pos];
++ assert(pos < len);
++ if (byte < prefix->offset ||
++ (byte - prefix->offset) >= prefix->len) {
++ /** Find some space in the array for the byte. */
++ /**
++ * Example 3: 'ldns'
++ * | [0]
++ * --| [d+ns] dns
++ * --| [l+dns] ldns
++ **/
++ if (!ldns_radix_array_space(prefix, byte)) {
++ LDNS_FREE(add);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ assert(byte >= prefix->offset);
++ assert((byte - prefix->offset) <= prefix->len);
++ byte -= prefix->offset;
++ if (pos+1 < len) {
++ /** Create remainder of the string. */
++ if (!ldns_radix_str_create(
++ &prefix->array[byte], key, pos+1,
++ len)) {
++ LDNS_FREE(add);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ }
++ /** Add new node. */
++ add->parent = prefix;
++ add->parent_index = byte;
++ prefix->array[byte].edge = add;
++ } else if (prefix->array[byte-prefix->offset].edge == NULL) {
++ /** Use existing element. */
++ /**
++ * Example 4: 'edns'
++ * | [0]
++ * --| [d+ns] dns
++ * --| [e+dns] edns
++ * --| [l+dns] ldns
++ **/
++ byte -= prefix->offset;
++ if (pos+1 < len) {
++ /** Create remainder of the string. */
++ if (!ldns_radix_str_create(
++ &prefix->array[byte], key, pos+1,
++ len)) {
++ LDNS_FREE(add);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ }
++ /** Add new node. */
++ add->parent = prefix;
++ add->parent_index = byte;
++ prefix->array[byte].edge = add;
++ } else {
++ /**
++ * Use existing element, but it has a shared prefix,
++ * we need a split.
++ */
++ if (!ldns_radix_array_split(&prefix->array[byte-(prefix->offset)],
++ key, pos+1, len, add)) {
++ LDNS_FREE(add);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ }
++ }
++
++ tree->count ++;
++ return LDNS_STATUS_OK;
++}
++
++
++/**
++ * Delete data from the tree.
++ *
++ */
++void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len)
++{
++ ldns_radix_node_t* del = ldns_radix_search(tree, key, len);
++ void* data = NULL;
++ if (del) {
++ tree->count--;
++ data = del->data;
++ del->data = NULL;
++ ldns_radix_del_fix(tree, del);
++ return data;
++ }
++ return NULL;
++}
++
++
++/**
++ * Search data in the tree.
++ *
++ */
++ldns_radix_node_t*
++ldns_radix_search(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len)
++{
++ ldns_radix_node_t* node = NULL;
++ radix_strlen_t pos = 0;
++ uint8_t byte = 0;
++
++ if (!tree || !key) {
++ return NULL;
++ }
++ node = tree->root;
++ while (node) {
++ if (pos == len) {
++ return node->data?node:NULL;
++ }
++ byte = key[pos];
++ if (byte < node->offset) {
++ return NULL;
++ }
++ byte -= node->offset;
++ if (byte >= node->len) {
++ return NULL;
++ }
++ pos++;
++ if (node->array[byte].len > 0) {
++ /** Must match additional string. */
++ if (pos + node->array[byte].len > len) {
++ return NULL;
++ }
++ if (memcmp(&key[pos], node->array[byte].str,
++ node->array[byte].len) != 0) {
++ return NULL;
++ }
++ pos += node->array[byte].len;
++ }
++ node = node->array[byte].edge;
++ }
++ return NULL;
++}
++
++
++/**
++ * Search data in the tree, and if not found, find the closest smaller
++ * element in the tree.
++ *
++ */
++int
++ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key,
++ radix_strlen_t len, ldns_radix_node_t** result)
++{
++ ldns_radix_node_t* node = NULL;
++ radix_strlen_t pos = 0;
++ uint8_t byte;
++ int memcmp_res = 0;
++
++ if (!tree || !tree->root || !key) {
++ *result = NULL;
++ return 0;
++ }
++
++ node = tree->root;
++ while (pos < len) {
++ byte = key[pos];
++ if (byte < node->offset) {
++ /**
++ * No exact match. The lesser is in this or the
++ * previous node.
++ */
++ ldns_radix_self_or_prev(node, result);
++ return 0;
++ }
++ byte -= node->offset;
++ if (byte >= node->len) {
++ /**
++ * No exact match. The lesser is in this node or the
++ * last of this array, or something before this node.
++ */
++ *result = ldns_radix_last_in_subtree_incl_self(node);
++ if (*result == NULL) {
++ *result = ldns_radix_prev(node);
++ }
++ return 0;
++ }
++ pos++;
++ if (!node->array[byte].edge) {
++ /**
++ * No exact match. Find the previous in the array
++ * from this index.
++ */
++ *result = ldns_radix_prev_from_index(node, byte);
++ if (*result == NULL) {
++ ldns_radix_self_or_prev(node, result);
++ }
++ return 0;
++ }
++ if (node->array[byte].len != 0) {
++ /** Must match additional string. */
++ if (pos + node->array[byte].len > len) {
++ /** Additional string is longer than key. */
++ if (memcmp(&key[pos], node->array[byte].str,
++ len-pos) <= 0) {
++ /** Key is before this node. */
++ *result = ldns_radix_prev(
++ node->array[byte].edge);
++ } else {
++ /** Key is after additional string. */
++ *result = ldns_radix_last_in_subtree_incl_self(node->array[byte].edge);
++ if (*result == NULL) {
++ *result = ldns_radix_prev(node->array[byte].edge);
++ }
++ }
++ return 0;
++ }
++ memcmp_res = memcmp(&key[pos], node->array[byte].str,
++ node->array[byte].len);
++ if (memcmp_res < 0) {
++ *result = ldns_radix_prev(
++ node->array[byte].edge);
++ return 0;
++ } else if (memcmp_res > 0) {
++ *result = ldns_radix_last_in_subtree_incl_self(node->array[byte].edge);
++ if (*result == NULL) {
++ *result = ldns_radix_prev(node->array[byte].edge);
++ }
++ return 0;
++ }
++
++ pos += node->array[byte].len;
++ }
++ node = node->array[byte].edge;
++ }
++ if (node->data) {
++ /** Exact match. */
++ *result = node;
++ return 1;
++ }
++ /** There is a node which is an exact match, but has no element. */
++ *result = ldns_radix_prev(node);
++ return 0;
++}
++
++
++/**
++ * Get the first element in the tree.
++ *
++ */
++ldns_radix_node_t*
++ldns_radix_first(ldns_radix_t* tree)
++{
++ ldns_radix_node_t* first = NULL;
++ if (!tree || !tree->root) {
++ return NULL;
++ }
++ first = tree->root;
++ if (first->data) {
++ return first;
++ }
++ return ldns_radix_next(first);
++}
++
++
++/**
++ * Get the last element in the tree.
++ *
++ */
++ldns_radix_node_t*
++ldns_radix_last(ldns_radix_t* tree)
++{
++ if (!tree || !tree->root) {
++ return NULL;
++ }
++ return ldns_radix_last_in_subtree_incl_self(tree->root);
++}
++
++
++/**
++ * Next element.
++ *
++ */
++ldns_radix_node_t*
++ldns_radix_next(ldns_radix_node_t* node)
++{
++ if (!node) {
++ return NULL;
++ }
++ if (node->len) {
++ /** Go down: most-left child is the next. */
++ ldns_radix_node_t* next = ldns_radix_next_in_subtree(node);
++ if (next) {
++ return next;
++ }
++ }
++ /** No elements in subtree, get to parent and go down next branch. */
++ while (node->parent) {
++ uint8_t index = node->parent_index;
++ node = node->parent;
++ index++;
++ for (; index < node->len; index++) {
++ if (node->array[index].edge) {
++ ldns_radix_node_t* next;
++ /** Node itself. */
++ if (node->array[index].edge->data) {
++ return node->array[index].edge;
++ }
++ /** Dive into subtree. */
++ next = ldns_radix_next_in_subtree(node);
++ if (next) {
++ return next;
++ }
++ }
++ }
++ }
++ return NULL;
++}
++
++
++/**
++ * Previous element.
++ *
++ */
++ldns_radix_node_t*
++ldns_radix_prev(ldns_radix_node_t* node)
++{
++ if (!node) {
++ return NULL;
++ }
++
++ /** Get to parent and go down previous branch. */
++ while (node->parent) {
++ uint8_t index = node->parent_index;
++ ldns_radix_node_t* prev;
++ node = node->parent;
++ assert(node->len > 0);
++ prev = ldns_radix_prev_from_index(node, index);
++ if (prev) {
++ return prev;
++ }
++ if (node->data) {
++ return node;
++ }
++ }
++ return NULL;
++}
++
++
++/**
++ * Print node.
++ *
++ */
++static void
++ldns_radix_node_print(FILE* fd, ldns_radix_node_t* node,
++ uint8_t i, uint8_t* str, radix_strlen_t len, unsigned d)
++{
++ uint8_t j;
++ if (!node) {
++ return;
++ }
++ for (j = 0; j < d; j++) {
++ fprintf(fd, "--");
++ }
++ if (str) {
++ radix_strlen_t l;
++ fprintf(fd, "| [%u+", (unsigned) i);
++ for (l=0; l < len; l++) {
++ fprintf(fd, "%c", (char) str[l]);
++ }
++ fprintf(fd, "]%u", (unsigned) len);
++ } else {
++ fprintf(fd, "| [%u]", (unsigned) i);
++ }
++
++ if (node->data) {
++ fprintf(fd, " %s", (char*) node->data);
++ }
++ fprintf(fd, "\n");
++
++ for (j = 0; j < node->len; j++) {
++ if (node->array[j].edge) {
++ ldns_radix_node_print(fd, node->array[j].edge, j,
++ node->array[j].str, node->array[j].len, d+1);
++ }
++ }
++ return;
++}
++
++
++/**
++ * Print radix tree.
++ *
++ */
++void
++ldns_radix_printf(FILE* fd, ldns_radix_t* tree)
++{
++ if (!fd || !tree) {
++ return;
++ }
++ if (!tree->root) {
++ fprintf(fd, "; empty radix tree\n");
++ return;
++ }
++ ldns_radix_node_print(fd, tree->root, 0, NULL, 0, 0);
++ return;
++}
++
++
++/**
++ * Join two radix trees.
++ *
++ */
++ldns_status
++ldns_radix_join(ldns_radix_t* tree1, ldns_radix_t* tree2)
++{
++ ldns_radix_node_t* cur_node, *next_node;
++ ldns_status status;
++ if (!tree2 || !tree2->root) {
++ return LDNS_STATUS_OK;
++ }
++ /** Add all elements from tree2 into tree1. */
++
++ cur_node = ldns_radix_first(tree2);
++ while (cur_node) {
++ status = LDNS_STATUS_NO_DATA;
++ /** Insert current node into tree1 */
++ if (cur_node->data) {
++ status = ldns_radix_insert(tree1, cur_node->key,
++ cur_node->klen, cur_node->data);
++ /** Exist errors may occur */
++ if (status != LDNS_STATUS_OK &&
++ status != LDNS_STATUS_EXISTS_ERR) {
++ return status;
++ }
++ }
++ next_node = ldns_radix_next(cur_node);
++ if (status == LDNS_STATUS_OK) {
++ (void) ldns_radix_delete(tree2, cur_node->key,
++ cur_node->klen);
++ }
++ cur_node = next_node;
++ }
++
++ return LDNS_STATUS_OK;
++}
++
++
++/**
++ * Split a radix tree intwo.
++ *
++ */
++ldns_status
++ldns_radix_split(ldns_radix_t* tree1, size_t num, ldns_radix_t** tree2)
++{
++ size_t count = 0;
++ ldns_radix_node_t* cur_node;
++ ldns_status status = LDNS_STATUS_OK;
++ if (!tree1 || !tree1->root || num == 0) {
++ return LDNS_STATUS_OK;
++ }
++ if (!tree2) {
++ return LDNS_STATUS_NULL;
++ }
++ if (!*tree2) {
++ *tree2 = ldns_radix_create();
++ if (!*tree2) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ }
++ cur_node = ldns_radix_first(tree1);
++ while (count < num && cur_node) {
++ if (cur_node->data) {
++ /** Delete current node from tree1. */
++ uint8_t* cur_key = cur_node->key;
++ radix_strlen_t cur_len = cur_node->klen;
++ void* cur_data = ldns_radix_delete(tree1, cur_key,
++ cur_len);
++ /** Insert current node into tree2/ */
++ if (!cur_data) {
++ return LDNS_STATUS_NO_DATA;
++ }
++ status = ldns_radix_insert(*tree2, cur_key, cur_len,
++ cur_data);
++ if (status != LDNS_STATUS_OK &&
++ status != LDNS_STATUS_EXISTS_ERR) {
++ return status;
++ }
++/*
++ if (status == LDNS_STATUS_OK) {
++ cur_node->key = NULL;
++ cur_node->klen = 0;
++ }
++*/
++ /** Update count; get first element from tree1 again. */
++ count++;
++ cur_node = ldns_radix_first(tree1);
++ } else {
++ cur_node = ldns_radix_next(cur_node);
++ }
++ }
++ return LDNS_STATUS_OK;
++}
++
++
++/**
++ * Call function for all nodes in the tree, such that leaf nodes are
++ * called before parent nodes.
++ *
++ */
++void
++ldns_radix_traverse_postorder(ldns_radix_node_t* node,
++ void (*func)(ldns_radix_node_t*, void*), void* arg)
++{
++ uint8_t i;
++ if (!node) {
++ return;
++ }
++ for (i=0; i < node->len; i++) {
++ ldns_radix_traverse_postorder(node->array[i].edge,
++ func, arg);
++ }
++ /** Call user function */
++ (*func)(node, arg);
++ return;
++}
++
++
++/** Static helper functions */
++
++/**
++ * Find a prefix of the key.
++ * @param tree: tree.
++ * @param key: key.
++ * @param len: length of key.
++ * @param result: the longest prefix, the entry itself if *pos==len,
++ * otherwise an array entry.
++ * @param pos: position in string where next unmatched byte is.
++ * If *pos==len, an exact match is found.
++ * If *pos== 0, a "" match was found.
++ * @return 0 (false) if no prefix found.
++ *
++ */
++static int
++ldns_radix_find_prefix(ldns_radix_t* tree, uint8_t* key,
++ radix_strlen_t len, ldns_radix_node_t** result, radix_strlen_t* respos)
++{
++ /** Start searching at the root node */
++ ldns_radix_node_t* n = tree->root;
++ radix_strlen_t pos = 0;
++ uint8_t byte;
++ *respos = 0;
++ *result = n;
++ if (!n) {
++ /** No root, no prefix found */
++ return 0;
++ }
++ /** For each node, look if we can make further progress */
++ while (n) {
++ if (pos == len) {
++ /** Exact match */
++ return 1;
++ }
++ byte = key[pos];
++ if (byte < n->offset) {
++ /** key < node */
++ return 1;
++ }
++ byte -= n->offset;
++ if (byte >= n->len) {
++ /** key > node */
++ return 1;
++ }
++ /** So far, the trie matches */
++ pos++;
++ if (n->array[byte].len != 0) {
++ /** Must match additional string */
++ if (pos + n->array[byte].len > len) {
++ return 1; /* no match at child node */
++ }
++ if (memcmp(&key[pos], n->array[byte].str,
++ n->array[byte].len) != 0) {
++ return 1; /* no match at child node */
++ }
++ pos += n->array[byte].len;
++ }
++ /** Continue searching prefix at this child node */
++ n = n->array[byte].edge;
++ if (!n) {
++ return 1;
++ }
++ /** Update the prefix node */
++ *respos = pos;
++ *result = n;
++ }
++ /** Done */
++ return 1;
++}
++
++
++/**
++ * Make space in the node's array for another byte.
++ * @param node: node.
++ * @param byte: byte.
++ * @return 1 if successful, 0 otherwise.
++ *
++ */
++static int
++ldns_radix_array_space(ldns_radix_node_t* node, uint8_t byte)
++{
++ /** Is there an array? */
++ if (!node->array) {
++ assert(node->capacity == 0);
++ /** No array, create new array */
++ node->array = LDNS_MALLOC(ldns_radix_array_t);
++ if (!node->array) {
++ return 0;
++ }
++ memset(&node->array[0], 0, sizeof(ldns_radix_array_t));
++ node->len = 1;
++ node->capacity = 1;
++ node->offset = byte;
++ return 1;
++ }
++ /** Array exist */
++ assert(node->array != NULL);
++ assert(node->capacity > 0);
++
++ if (node->len == 0) {
++ /** Unused array */
++ node->len = 1;
++ node->offset = byte;
++ } else if (byte < node->offset) {
++ /** Byte is below the offset */
++ uint8_t index;
++ uint16_t need = node->offset - byte;
++ /** Is there enough capacity? */
++ if (node->len + need > node->capacity) {
++ /** Not enough capacity, grow array */
++ if (!ldns_radix_array_grow(node,
++ (unsigned) (node->len + need))) {
++ return 0; /* failed to grow array */
++ }
++ }
++ /** Move items to the end */
++ memmove(&node->array[need], &node->array[0],
++ node->len*sizeof(ldns_radix_array_t));
++ /** Fix parent index */
++ for (index = 0; index < node->len; index++) {
++ if (node->array[index+need].edge) {
++ node->array[index+need].edge->parent_index =
++ index + need;
++ }
++ }
++ /** Zero the first */
++ memset(&node->array[0], 0, need*sizeof(ldns_radix_array_t));
++ node->len += need;
++ node->offset = byte;
++ } else if (byte - node->offset >= node->len) {
++ /** Byte does not fit in array */
++ uint16_t need = (byte - node->offset) - node->len + 1;
++ /** Is there enough capacity? */
++ if (node->len + need > node->capacity) {
++ /** Not enough capacity, grow array */
++ if (!ldns_radix_array_grow(node,
++ (unsigned) (node->len + need))) {
++ return 0; /* failed to grow array */
++ }
++ }
++ /** Zero the added items */
++ memset(&node->array[node->len], 0,
++ need*sizeof(ldns_radix_array_t));
++ node->len += need;
++ }
++ return 1;
++}
++
++
++/**
++ * Grow the array.
++ * @param node: node.
++ * @param need: number of elements the array at least need to grow.
++ * Can't be bigger than 256.
++ * @return: 0 if failed, 1 if was successful.
++ *
++ */
++static int
++ldns_radix_array_grow(ldns_radix_node_t* node, unsigned need)
++{
++ unsigned size = ((unsigned)node->capacity)*2;
++ ldns_radix_array_t* a = NULL;
++ if (need > size) {
++ size = need;
++ }
++ if (size > 256) {
++ size = 256;
++ }
++ a = LDNS_XMALLOC(ldns_radix_array_t, size);
++ if (!a) {
++ return 0;
++ }
++ assert(node->len <= node->capacity);
++ assert(node->capacity < size);
++ memcpy(&a[0], &node->array[0], node->len*sizeof(ldns_radix_array_t));
++ LDNS_FREE(node->array);
++ node->array = a;
++ node->capacity = size;
++ return 1;
++}
++
++
++/**
++ * Create a prefix in the array string.
++ * @param array: array.
++ * @param key: key.
++ * @param pos: start position in key.
++ * @param len: length of key.
++ * @return 0 if failed, 1 if was successful.
++ *
++ */
++static int
++ldns_radix_str_create(ldns_radix_array_t* array, uint8_t* key,
++ radix_strlen_t pos, radix_strlen_t len)
++{
++ array->str = LDNS_XMALLOC(uint8_t, (len-pos));
++ if (!array->str) {
++ return 0;
++ }
++ memmove(array->str, key+pos, len-pos);
++ array->len = (len-pos);
++ return 1;
++}
++
++
++/**
++ * Allocate remainder from prefixes for a split.
++ * @param prefixlen: length of prefix.
++ * @param longer_str: the longer string.
++ * @param longer_len: the longer string length.
++ * @param split_str: the split string.
++ * @param split_len: the split string length.
++ * @return 0 if failed, 1 if successful.
++ *
++ */
++static int
++ldns_radix_prefix_remainder(radix_strlen_t prefix_len,
++ uint8_t* longer_str, radix_strlen_t longer_len,
++ uint8_t** split_str, radix_strlen_t* split_len)
++{
++ *split_len = longer_len - prefix_len;
++ *split_str = LDNS_XMALLOC(uint8_t, (*split_len));
++ if (!*split_str) {
++ return 0;
++ }
++ memmove(*split_str, longer_str+prefix_len, longer_len-prefix_len);
++ return 1;
++}
++
++
++/**
++ * Create a split when two nodes have a shared prefix.
++ * @param array: array.
++ * @param key: key.
++ * @param pos: start position in key.
++ * @param len: length of the key.
++ * @param add: node to be added.
++ * @return 0 if failed, 1 if was successful.
++ *
++ */
++static int
++ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key,
++ radix_strlen_t pos, radix_strlen_t len, ldns_radix_node_t* add)
++{
++ uint8_t* str_to_add = key + pos;
++ radix_strlen_t strlen_to_add = len - pos;
++
++ if (ldns_radix_str_is_prefix(str_to_add, strlen_to_add,
++ array->str, array->len)) {
++ /** The string to add is a prefix of the existing string */
++ uint8_t* split_str = NULL, *dup_str = NULL;
++ radix_strlen_t split_len = 0;
++ /**
++ * Example 5: 'ld'
++ * | [0]
++ * --| [d+ns] dns
++ * --| [e+dns] edns
++ * --| [l+d] ld
++ * ----| [n+s] ldns
++ **/
++ assert(strlen_to_add < array->len);
++ /** Store the remainder in the split string */
++ if (array->len - strlen_to_add > 1) {
++ if (!ldns_radix_prefix_remainder(strlen_to_add+1,
++ array->str, array->len, &split_str,
++ &split_len)) {
++ return 0;
++ }
++ }
++ /** Duplicate the string to add */
++ if (strlen_to_add != 0) {
++ dup_str = LDNS_XMALLOC(uint8_t, strlen_to_add);
++ if (!dup_str) {
++ LDNS_FREE(split_str);
++ return 0;
++ }
++ memcpy(dup_str, str_to_add, strlen_to_add);
++ }
++ /** Make space in array for the new node */
++ if (!ldns_radix_array_space(add,
++ array->str[strlen_to_add])) {
++ LDNS_FREE(split_str);
++ LDNS_FREE(dup_str);
++ return 0;
++ }
++ /**
++ * The added node should go direct under the existing parent.
++ * The existing node should go under the added node.
++ */
++ add->parent = array->edge->parent;
++ add->parent_index = array->edge->parent_index;
++ add->array[0].edge = array->edge;
++ add->array[0].str = split_str;
++ add->array[0].len = split_len;
++ array->edge->parent = add;
++ array->edge->parent_index = 0;
++ LDNS_FREE(array->str);
++ array->edge = add;
++ array->str = dup_str;
++ array->len = strlen_to_add;
++ } else if (ldns_radix_str_is_prefix(array->str, array->len,
++ str_to_add, strlen_to_add)) {
++ /** The existing string is a prefix of the string to add */
++ /**
++ * Example 6: 'dns-ng'
++ * | [0]
++ * --| [d+ns] dns
++ * ----| [-+ng] dns-ng
++ * --| [e+dns] edns
++ * --| [l+d] ld
++ * ----| [n+s] ldns
++ **/
++ uint8_t* split_str = NULL;
++ radix_strlen_t split_len = 0;
++ assert(array->len < strlen_to_add);
++ if (strlen_to_add - array->len > 1) {
++ if (!ldns_radix_prefix_remainder(array->len+1,
++ str_to_add, strlen_to_add, &split_str,
++ &split_len)) {
++ return 0;
++ }
++ }
++ /** Make space in array for the new node */
++ if (!ldns_radix_array_space(array->edge,
++ str_to_add[array->len])) {
++ LDNS_FREE(split_str);
++ return 0;
++ }
++ /**
++ * The added node should go direct under the existing node.
++ */
++ add->parent = array->edge;
++ add->parent_index = str_to_add[array->len] -
++ array->edge->offset;
++ array->edge->array[add->parent_index].edge = add;
++ array->edge->array[add->parent_index].str = split_str;
++ array->edge->array[add->parent_index].len = split_len;
++ } else {
++ /** Create a new split node. */
++ /**
++ * Example 7: 'dndns'
++ * | [0]
++ * --| [d+n]
++ * ----| [d+ns] dndns
++ * ----| [s] dns
++ * ------| [-+ng] dns-ng
++ * --| [e+dns] edns
++ * --| [l+d] ld
++ * ----| [n+s] ldns
++ **/
++ ldns_radix_node_t* common = NULL;
++ uint8_t* common_str = NULL, *s1 = NULL, *s2 = NULL;
++ radix_strlen_t common_len = 0, l1 = 0, l2 = 0;
++ common_len = ldns_radix_str_common(array->str, array->len,
++ str_to_add, strlen_to_add);
++ assert(common_len < array->len);
++ assert(common_len < strlen_to_add);
++ /** Create the new common node. */
++ common = ldns_radix_new_node(NULL, (uint8_t*)"", 0);
++ if (!common) {
++ return 0;
++ }
++ if (array->len - common_len > 1) {
++ if (!ldns_radix_prefix_remainder(common_len+1,
++ array->str, array->len, &s1, &l1)) {
++ return 0;
++ }
++ }
++ if (strlen_to_add - common_len > 1) {
++ if (!ldns_radix_prefix_remainder(common_len+1,
++ str_to_add, strlen_to_add, &s2, &l2)) {
++ return 0;
++ }
++ }
++ /** Create the shared prefix. */
++ if (common_len > 0) {
++ common_str = LDNS_XMALLOC(uint8_t, common_len);
++ if (!common_str) {
++ LDNS_FREE(common);
++ LDNS_FREE(s1);
++ LDNS_FREE(s2);
++ return 0;
++ }
++ memcpy(common_str, str_to_add, common_len);
++ }
++ /** Make space in the common node array. */
++ if (!ldns_radix_array_space(common, array->str[common_len]) ||
++ !ldns_radix_array_space(common, str_to_add[common_len])) {
++ LDNS_FREE(common->array);
++ LDNS_FREE(common);
++ LDNS_FREE(common_str);
++ LDNS_FREE(s1);
++ LDNS_FREE(s2);
++ return 0;
++ }
++ /**
++ * The common node should go direct under the parent node.
++ * The added and existing nodes go under the common node.
++ */
++ common->parent = array->edge->parent;
++ common->parent_index = array->edge->parent_index;
++ array->edge->parent = common;
++ array->edge->parent_index = array->str[common_len] -
++ common->offset;
++ add->parent = common;
++ add->parent_index = str_to_add[common_len] - common->offset;
++ common->array[array->edge->parent_index].edge = array->edge;
++ common->array[array->edge->parent_index].str = s1;
++ common->array[array->edge->parent_index].len = l1;
++ common->array[add->parent_index].edge = add;
++ common->array[add->parent_index].str = s2;
++ common->array[add->parent_index].len = l2;
++ LDNS_FREE(array->str);
++ array->edge = common;
++ array->str = common_str;
++ array->len = common_len;
++ }
++ return 1;
++}
++
++
++/**
++ * Check if one string prefix of other string.
++ * @param str1: one string.
++ * @param len1: one string length.
++ * @param str2: other string.
++ * @param len2: other string length.
++ * @return 1 if prefix, 0 otherwise.
++ *
++ */
++static int
++ldns_radix_str_is_prefix(uint8_t* str1, radix_strlen_t len1,
++ uint8_t* str2, radix_strlen_t len2)
++{
++ if (len1 == 0) {
++ return 1; /* empty prefix is also a prefix */
++ }
++ if (len1 > len2) {
++ return 0; /* len1 is longer so str1 cannot be a prefix */
++ }
++ return (memcmp(str1, str2, len1) == 0);
++}
++
++
++/**
++ * Return the number of bytes in common for the two strings.
++ * @param str1: one string.
++ * @param len1: one string length.
++ * @param str2: other string.
++ * @param len2: other string length.
++ * @return length of substring that the two strings have in common.
++ *
++ */
++static radix_strlen_t
++ldns_radix_str_common(uint8_t* str1, radix_strlen_t len1,
++ uint8_t* str2, radix_strlen_t len2)
++{
++ radix_strlen_t i, max = (len1<len2)?len1:len2;
++ for (i=0; i<max; i++) {
++ if (str1[i] != str2[i]) {
++ return i;
++ }
++ }
++ return max;
++}
++
++
++/**
++ * Find the next element in the subtree of this node.
++ * @param node: node.
++ * @return: node with next element.
++ *
++ */
++static ldns_radix_node_t*
++ldns_radix_next_in_subtree(ldns_radix_node_t* node)
++{
++ uint16_t i;
++ ldns_radix_node_t* next;
++ /** Try every subnode. */
++ for (i = 0; i < node->len; i++) {
++ if (node->array[i].edge) {
++ /** Node itself. */
++ if (node->array[i].edge->data) {
++ return node->array[i].edge;
++ }
++ /** Dive into subtree. */
++ next = ldns_radix_next_in_subtree(node->array[i].edge);
++ if (next) {
++ return next;
++ }
++ }
++ }
++ return NULL;
++}
++
++
++/**
++ * Find the previous element in the array of this node, from index.
++ * @param node: node.
++ * @param index: index.
++ * @return previous node from index.
++ *
++ */
++static ldns_radix_node_t*
++ldns_radix_prev_from_index(ldns_radix_node_t* node, uint8_t index)
++{
++ uint8_t i = index;
++ while (i > 0) {
++ i--;
++ if (node->array[i].edge) {
++ ldns_radix_node_t* prev =
++ ldns_radix_last_in_subtree_incl_self(node);
++ if (prev) {
++ return prev;
++ }
++ }
++ }
++ return NULL;
++}
++
++
++/**
++ * Find last node in subtree, or this node (if have data).
++ * @param node: node.
++ * @return last node in subtree, or this node, or NULL.
++ *
++ */
++static ldns_radix_node_t*
++ldns_radix_last_in_subtree_incl_self(ldns_radix_node_t* node)
++{
++ ldns_radix_node_t* last = ldns_radix_last_in_subtree(node);
++ if (last) {
++ return last;
++ } else if (node->data) {
++ return node;
++ }
++ return NULL;
++}
++
++
++/**
++ * Find last node in subtree.
++ * @param node: node.
++ * @return last node in subtree.
++ *
++ */
++static ldns_radix_node_t*
++ldns_radix_last_in_subtree(ldns_radix_node_t* node)
++{
++ int i;
++ /** Look for the most right leaf node. */
++ for (i=(int)(node->len)-1; i >= 0; i--) {
++ if (node->array[i].edge) {
++ /** Keep looking for the most right leaf node. */
++ if (node->array[i].edge->len > 0) {
++ ldns_radix_node_t* last =
++ ldns_radix_last_in_subtree(
++ node->array[i].edge);
++ if (last) {
++ return last;
++ }
++ }
++ /** Could this be the most right leaf node? */
++ if (node->array[i].edge->data) {
++ return node->array[i].edge;
++ }
++ }
++ }
++ return NULL;
++}
++
++
++/**
++ * Fix tree after deleting element.
++ * @param tree: tree.
++ * @param node: node with deleted element.
++ *
++ */
++static void
++ldns_radix_del_fix(ldns_radix_t* tree, ldns_radix_node_t* node)
++{
++ while (node) {
++ if (node->data) {
++ /** Thou should not delete nodes with data attached. */
++ return;
++ } else if (node->len == 1 && node->parent) {
++ /** Node with one child is fold back into. */
++ ldns_radix_cleanup_onechild(node);
++ return;
++ } else if (node->len == 0) {
++ /** Leaf node. */
++ ldns_radix_node_t* parent = node->parent;
++ if (!parent) {
++ /** The root is a leaf node. */
++ ldns_radix_node_free(node, NULL);
++ tree->root = NULL;
++ return;
++ }
++ /** Cleanup leaf node and continue with parent. */
++ ldns_radix_cleanup_leaf(node);
++ node = parent;
++ } else {
++ /**
++ * Node cannot be deleted, because it has edge nodes
++ * and no parent to fix up to.
++ */
++ return;
++ }
++ }
++ /** Not reached. */
++ return;
++}
++
++
++/**
++ * Clean up a node with one child.
++ * @param node: node with one child.
++ *
++ */
++static void
++ldns_radix_cleanup_onechild(ldns_radix_node_t* node)
++{
++ uint8_t* join_str;
++ radix_strlen_t join_len;
++ uint8_t parent_index = node->parent_index;
++ ldns_radix_node_t* child = node->array[0].edge;
++ ldns_radix_node_t* parent = node->parent;
++
++ /** Node has one child, merge the child node into the parent node. */
++ assert(parent_index < parent->len);
++ join_len = parent->array[parent_index].len + node->array[0].len + 1;
++
++ join_str = LDNS_XMALLOC(uint8_t, join_len);
++ if (!join_str) {
++ /**
++ * Cleanup failed due to out of memory.
++ * This tree is now inefficient, with the empty node still
++ * existing, but it is still valid.
++ */
++ return;
++ }
++
++ memcpy(join_str, parent->array[parent_index].str,
++ parent->array[parent_index].len);
++ join_str[parent->array[parent_index].len] = child->parent_index +
++ node->offset;
++ memmove(join_str + parent->array[parent_index].len+1,
++ node->array[0].str, node->array[0].len);
++
++ LDNS_FREE(parent->array[parent_index].str);
++ parent->array[parent_index].str = join_str;
++ parent->array[parent_index].len = join_len;
++ parent->array[parent_index].edge = child;
++ child->parent = parent;
++ child->parent_index = parent_index;
++ ldns_radix_node_free(node, NULL);
++ return;
++}
++
++
++/**
++ * Clean up a leaf node.
++ * @param node: leaf node.
++ *
++ */
++static void
++ldns_radix_cleanup_leaf(ldns_radix_node_t* node)
++{
++ uint8_t parent_index = node->parent_index;
++ ldns_radix_node_t* parent = node->parent;
++ /** Delete lead node and fix parent array. */
++ assert(parent_index < parent->len);
++ ldns_radix_node_free(node, NULL);
++ LDNS_FREE(parent->array[parent_index].str);
++ parent->array[parent_index].str = NULL;
++ parent->array[parent_index].len = 0;
++ parent->array[parent_index].edge = NULL;
++ /** Fix array in parent. */
++ if (parent->len == 1) {
++ ldns_radix_node_array_free(parent);
++ } else if (parent_index == 0) {
++ ldns_radix_node_array_free_front(parent);
++ } else {
++ ldns_radix_node_array_free_end(parent);
++ }
++ return;
++}
++
++
++/**
++ * Free a radix node.
++ * @param node: node.
++ * @param arg: user argument.
++ *
++ */
++static void
++ldns_radix_node_free(ldns_radix_node_t* node, void* arg)
++{
++ uint16_t i;
++ (void) arg;
++ if (!node) {
++ return;
++ }
++ for (i=0; i < node->len; i++) {
++ LDNS_FREE(node->array[i].str);
++ }
++ node->key = NULL;
++ node->klen = 0;
++ LDNS_FREE(node->array);
++ LDNS_FREE(node);
++ return;
++}
++
++
++/**
++ * Free select edge array.
++ * @param node: node.
++ *
++ */
++static void
++ldns_radix_node_array_free(ldns_radix_node_t* node)
++{
++ node->offset = 0;
++ node->len = 0;
++ LDNS_FREE(node->array);
++ node->array = NULL;
++ node->capacity = 0;
++ return;
++}
++
++
++/**
++ * Free front of select edge array.
++ * @param node: node.
++ *
++ */
++static void
++ldns_radix_node_array_free_front(ldns_radix_node_t* node)
++{
++ uint16_t i, n = 0;
++ /** Remove until a non NULL entry. */
++ while (n < node->len && node->array[n].edge == NULL) {
++ n++;
++ }
++ if (n == 0) {
++ return;
++ }
++ if (n == node->len) {
++ ldns_radix_node_array_free(node);
++ return;
++ }
++ assert(n < node->len);
++ assert((int) n <= (255 - (int) node->offset));
++ memmove(&node->array[0], &node->array[n],
++ (node->len - n)*sizeof(ldns_radix_array_t));
++ node->offset += n;
++ node->len -= n;
++ for (i=0; i < node->len; i++) {
++ if (node->array[i].edge) {
++ node->array[i].edge->parent_index = i;
++ }
++ }
++ ldns_radix_array_reduce(node);
++ return;
++}
++
++
++/**
++ * Free front of select edge array.
++ * @param node: node.
++ *
++ */
++static void
++ldns_radix_node_array_free_end(ldns_radix_node_t* node)
++{
++ uint16_t n = 0;
++ /** Shorten array. */
++ while (n < node->len && node->array[node->len-1-n].edge == NULL) {
++ n++;
++ }
++ if (n == 0) {
++ return;
++ }
++ if (n == node->len) {
++ ldns_radix_node_array_free(node);
++ return;
++ }
++ assert(n < node->len);
++ node->len -= n;
++ ldns_radix_array_reduce(node);
++ return;
++}
++
++
++/**
++ * Reduce the capacity of the array if needed.
++ * @param node: node.
++ *
++ */
++static void
++ldns_radix_array_reduce(ldns_radix_node_t* node)
++{
++ if (node->len <= node->capacity/2 && node->len != node->capacity) {
++ ldns_radix_array_t* a = LDNS_XMALLOC(ldns_radix_array_t,
++ node->len);
++ if (!a) {
++ return;
++ }
++ memcpy(a, node->array, sizeof(ldns_radix_array_t)*node->len);
++ LDNS_FREE(node->array);
++ node->array = a;
++ node->capacity = node->len;
++ }
++ return;
++}
++
++
++/**
++ * Return this element if it exists, the previous otherwise.
++ * @param node: from this node.
++ * @param result: result node.
++ *
++ */
++static void
++ldns_radix_self_or_prev(ldns_radix_node_t* node, ldns_radix_node_t** result)
++{
++ if (node->data) {
++ *result = node;
++ } else {
++ *result = ldns_radix_prev(node);
++ }
++ return;
++}
+diff --git a/ldns/src/rbtree.c b/ldns/src/rbtree.c
+new file mode 100644
+index 0000000..b89dff7
+--- /dev/null
++++ b/ldns/src/rbtree.c
+@@ -0,0 +1,670 @@
++/*
++ * rbtree.c -- generic red black tree
++ *
++ * Taken from Unbound, modified for ldns
++ *
++ * Copyright (c) 2001-2008, NLnet Labs. All rights reserved.
++ *
++ * This software is open source.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * Redistributions of source code must retain the above copyright notice,
++ * this list of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice,
++ * this list of conditions and the following disclaimer in the documentation
++ * and/or other materials provided with the distribution.
++ *
++ * Neither the name of the NLNET LABS nor the names of its contributors may
++ * be used to endorse or promote products derived from this software without
++ * specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
++ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
++ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
++ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++/**
++ * \file
++ * Implementation of a redblack tree.
++ */
++
++#include <ldns/config.h>
++#include <ldns/rbtree.h>
++#include <ldns/util.h>
++#include <stdlib.h>
++
++/** Node colour black */
++#define BLACK 0
++/** Node colour red */
++#define RED 1
++
++/** the NULL node, global alloc */
++ldns_rbnode_t ldns_rbtree_null_node = {
++ LDNS_RBTREE_NULL, /* Parent. */
++ LDNS_RBTREE_NULL, /* Left. */
++ LDNS_RBTREE_NULL, /* Right. */
++ NULL, /* Key. */
++ NULL, /* Data. */
++ BLACK /* Color. */
++};
++
++/** rotate subtree left (to preserve redblack property) */
++static void ldns_rbtree_rotate_left(ldns_rbtree_t *rbtree, ldns_rbnode_t *node);
++/** rotate subtree right (to preserve redblack property) */
++static void ldns_rbtree_rotate_right(ldns_rbtree_t *rbtree, ldns_rbnode_t *node);
++/** Fixup node colours when insert happened */
++static void ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node);
++/** Fixup node colours when delete happened */
++static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent);
++
++/*
++ * Creates a new red black tree, intializes and returns a pointer to it.
++ *
++ * Return NULL on failure.
++ *
++ */
++ldns_rbtree_t *
++ldns_rbtree_create (int (*cmpf)(const void *, const void *))
++{
++ ldns_rbtree_t *rbtree;
++
++ /* Allocate memory for it */
++ rbtree = (ldns_rbtree_t *) LDNS_MALLOC(ldns_rbtree_t);
++ if (!rbtree) {
++ return NULL;
++ }
++
++ /* Initialize it */
++ ldns_rbtree_init(rbtree, cmpf);
++
++ return rbtree;
++}
++
++void
++ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *))
++{
++ /* Initialize it */
++ rbtree->root = LDNS_RBTREE_NULL;
++ rbtree->count = 0;
++ rbtree->cmp = cmpf;
++}
++
++void
++ldns_rbtree_free(ldns_rbtree_t *rbtree)
++{
++ LDNS_FREE(rbtree);
++}
++
++/*
++ * Rotates the node to the left.
++ *
++ */
++static void
++ldns_rbtree_rotate_left(ldns_rbtree_t *rbtree, ldns_rbnode_t *node)
++{
++ ldns_rbnode_t *right = node->right;
++ node->right = right->left;
++ if (right->left != LDNS_RBTREE_NULL)
++ right->left->parent = node;
++
++ right->parent = node->parent;
++
++ if (node->parent != LDNS_RBTREE_NULL) {
++ if (node == node->parent->left) {
++ node->parent->left = right;
++ } else {
++ node->parent->right = right;
++ }
++ } else {
++ rbtree->root = right;
++ }
++ right->left = node;
++ node->parent = right;
++}
++
++/*
++ * Rotates the node to the right.
++ *
++ */
++static void
++ldns_rbtree_rotate_right(ldns_rbtree_t *rbtree, ldns_rbnode_t *node)
++{
++ ldns_rbnode_t *left = node->left;
++ node->left = left->right;
++ if (left->right != LDNS_RBTREE_NULL)
++ left->right->parent = node;
++
++ left->parent = node->parent;
++
++ if (node->parent != LDNS_RBTREE_NULL) {
++ if (node == node->parent->right) {
++ node->parent->right = left;
++ } else {
++ node->parent->left = left;
++ }
++ } else {
++ rbtree->root = left;
++ }
++ left->right = node;
++ node->parent = left;
++}
++
++static void
++ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node)
++{
++ ldns_rbnode_t *uncle;
++
++ /* While not at the root and need fixing... */
++ while (node != rbtree->root && node->parent->color == RED) {
++ /* If our parent is left child of our grandparent... */
++ if (node->parent == node->parent->parent->left) {
++ uncle = node->parent->parent->right;
++
++ /* If our uncle is red... */
++ if (uncle->color == RED) {
++ /* Paint the parent and the uncle black... */
++ node->parent->color = BLACK;
++ uncle->color = BLACK;
++
++ /* And the grandparent red... */
++ node->parent->parent->color = RED;
++
++ /* And continue fixing the grandparent */
++ node = node->parent->parent;
++ } else { /* Our uncle is black... */
++ /* Are we the right child? */
++ if (node == node->parent->right) {
++ node = node->parent;
++ ldns_rbtree_rotate_left(rbtree, node);
++ }
++ /* Now we're the left child, repaint and rotate... */
++ node->parent->color = BLACK;
++ node->parent->parent->color = RED;
++ ldns_rbtree_rotate_right(rbtree, node->parent->parent);
++ }
++ } else {
++ uncle = node->parent->parent->left;
++
++ /* If our uncle is red... */
++ if (uncle->color == RED) {
++ /* Paint the parent and the uncle black... */
++ node->parent->color = BLACK;
++ uncle->color = BLACK;
++
++ /* And the grandparent red... */
++ node->parent->parent->color = RED;
++
++ /* And continue fixing the grandparent */
++ node = node->parent->parent;
++ } else { /* Our uncle is black... */
++ /* Are we the right child? */
++ if (node == node->parent->left) {
++ node = node->parent;
++ ldns_rbtree_rotate_right(rbtree, node);
++ }
++ /* Now we're the right child, repaint and rotate... */
++ node->parent->color = BLACK;
++ node->parent->parent->color = RED;
++ ldns_rbtree_rotate_left(rbtree, node->parent->parent);
++ }
++ }
++ }
++ rbtree->root->color = BLACK;
++}
++
++void
++ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree)
++{
++ (void) ldns_rbtree_insert((ldns_rbtree_t *) rbtree,
++ data);
++}
++
++/*
++ * Inserts a node into a red black tree.
++ *
++ * Returns NULL on failure or the pointer to the newly added node
++ * otherwise.
++ */
++ldns_rbnode_t *
++ldns_rbtree_insert (ldns_rbtree_t *rbtree, ldns_rbnode_t *data)
++{
++ /* XXX Not necessary, but keeps compiler quiet... */
++ int r = 0;
++
++ /* We start at the root of the tree */
++ ldns_rbnode_t *node = rbtree->root;
++ ldns_rbnode_t *parent = LDNS_RBTREE_NULL;
++
++ /* Lets find the new parent... */
++ while (node != LDNS_RBTREE_NULL) {
++ /* Compare two keys, do we have a duplicate? */
++ if ((r = rbtree->cmp(data->key, node->key)) == 0) {
++ return NULL;
++ }
++ parent = node;
++
++ if (r < 0) {
++ node = node->left;
++ } else {
++ node = node->right;
++ }
++ }
++
++ /* Initialize the new node */
++ data->parent = parent;
++ data->left = data->right = LDNS_RBTREE_NULL;
++ data->color = RED;
++ rbtree->count++;
++
++ /* Insert it into the tree... */
++ if (parent != LDNS_RBTREE_NULL) {
++ if (r < 0) {
++ parent->left = data;
++ } else {
++ parent->right = data;
++ }
++ } else {
++ rbtree->root = data;
++ }
++
++ /* Fix up the red-black properties... */
++ ldns_rbtree_insert_fixup(rbtree, data);
++
++ return data;
++}
++
++/*
++ * Searches the red black tree, returns the data if key is found or NULL otherwise.
++ *
++ */
++ldns_rbnode_t *
++ldns_rbtree_search (ldns_rbtree_t *rbtree, const void *key)
++{
++ ldns_rbnode_t *node;
++
++ if (ldns_rbtree_find_less_equal(rbtree, key, &node)) {
++ return node;
++ } else {
++ return NULL;
++ }
++}
++
++/** helpers for delete: swap node colours */
++static void swap_int8(uint8_t* x, uint8_t* y)
++{
++ uint8_t t = *x; *x = *y; *y = t;
++}
++
++/** helpers for delete: swap node pointers */
++static void swap_np(ldns_rbnode_t** x, ldns_rbnode_t** y)
++{
++ ldns_rbnode_t* t = *x; *x = *y; *y = t;
++}
++
++/** Update parent pointers of child trees of 'parent' */
++static void change_parent_ptr(ldns_rbtree_t* rbtree, ldns_rbnode_t* parent, ldns_rbnode_t* old, ldns_rbnode_t* new)
++{
++ if(parent == LDNS_RBTREE_NULL)
++ {
++ if(rbtree->root == old) rbtree->root = new;
++ return;
++ }
++ if(parent->left == old) parent->left = new;
++ if(parent->right == old) parent->right = new;
++}
++/** Update parent pointer of a node 'child' */
++static void change_child_ptr(ldns_rbnode_t* child, ldns_rbnode_t* old, ldns_rbnode_t* new)
++{
++ if(child == LDNS_RBTREE_NULL) return;
++ if(child->parent == old) child->parent = new;
++}
++
++ldns_rbnode_t*
++ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key)
++{
++ ldns_rbnode_t *to_delete;
++ ldns_rbnode_t *child;
++ if((to_delete = ldns_rbtree_search(rbtree, key)) == 0) return 0;
++ rbtree->count--;
++
++ /* make sure we have at most one non-leaf child */
++ if(to_delete->left != LDNS_RBTREE_NULL &&
++ to_delete->right != LDNS_RBTREE_NULL)
++ {
++ /* swap with smallest from right subtree (or largest from left) */
++ ldns_rbnode_t *smright = to_delete->right;
++ while(smright->left != LDNS_RBTREE_NULL)
++ smright = smright->left;
++ /* swap the smright and to_delete elements in the tree,
++ * but the ldns_rbnode_t is first part of user data struct
++ * so cannot just swap the keys and data pointers. Instead
++ * readjust the pointers left,right,parent */
++
++ /* swap colors - colors are tied to the position in the tree */
++ swap_int8(&to_delete->color, &smright->color);
++
++ /* swap child pointers in parents of smright/to_delete */
++ change_parent_ptr(rbtree, to_delete->parent, to_delete, smright);
++ if(to_delete->right != smright)
++ change_parent_ptr(rbtree, smright->parent, smright, to_delete);
++
++ /* swap parent pointers in children of smright/to_delete */
++ change_child_ptr(smright->left, smright, to_delete);
++ change_child_ptr(smright->left, smright, to_delete);
++ change_child_ptr(smright->right, smright, to_delete);
++ change_child_ptr(smright->right, smright, to_delete);
++ change_child_ptr(to_delete->left, to_delete, smright);
++ if(to_delete->right != smright)
++ change_child_ptr(to_delete->right, to_delete, smright);
++ if(to_delete->right == smright)
++ {
++ /* set up so after swap they work */
++ to_delete->right = to_delete;
++ smright->parent = smright;
++ }
++
++ /* swap pointers in to_delete/smright nodes */
++ swap_np(&to_delete->parent, &smright->parent);
++ swap_np(&to_delete->left, &smright->left);
++ swap_np(&to_delete->right, &smright->right);
++
++ /* now delete to_delete (which is at the location where the smright previously was) */
++ }
++
++ if(to_delete->left != LDNS_RBTREE_NULL) child = to_delete->left;
++ else child = to_delete->right;
++
++ /* unlink to_delete from the tree, replace to_delete with child */
++ change_parent_ptr(rbtree, to_delete->parent, to_delete, child);
++ change_child_ptr(child, to_delete, to_delete->parent);
++
++ if(to_delete->color == RED)
++ {
++ /* if node is red then the child (black) can be swapped in */
++ }
++ else if(child->color == RED)
++ {
++ /* change child to BLACK, removing a RED node is no problem */
++ if(child!=LDNS_RBTREE_NULL) child->color = BLACK;
++ }
++ else ldns_rbtree_delete_fixup(rbtree, child, to_delete->parent);
++
++ /* unlink completely */
++ to_delete->parent = LDNS_RBTREE_NULL;
++ to_delete->left = LDNS_RBTREE_NULL;
++ to_delete->right = LDNS_RBTREE_NULL;
++ to_delete->color = BLACK;
++ return to_delete;
++}
++
++static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent)
++{
++ ldns_rbnode_t* sibling;
++ int go_up = 1;
++
++ /* determine sibling to the node that is one-black short */
++ if(child_parent->right == child) sibling = child_parent->left;
++ else sibling = child_parent->right;
++
++ while(go_up)
++ {
++ if(child_parent == LDNS_RBTREE_NULL)
++ {
++ /* removed parent==black from root, every path, so ok */
++ return;
++ }
++
++ if(sibling->color == RED)
++ { /* rotate to get a black sibling */
++ child_parent->color = RED;
++ sibling->color = BLACK;
++ if(child_parent->right == child)
++ ldns_rbtree_rotate_right(rbtree, child_parent);
++ else ldns_rbtree_rotate_left(rbtree, child_parent);
++ /* new sibling after rotation */
++ if(child_parent->right == child) sibling = child_parent->left;
++ else sibling = child_parent->right;
++ }
++
++ if(child_parent->color == BLACK
++ && sibling->color == BLACK
++ && sibling->left->color == BLACK
++ && sibling->right->color == BLACK)
++ { /* fixup local with recolor of sibling */
++ if(sibling != LDNS_RBTREE_NULL)
++ sibling->color = RED;
++
++ child = child_parent;
++ child_parent = child_parent->parent;
++ /* prepare to go up, new sibling */
++ if(child_parent->right == child) sibling = child_parent->left;
++ else sibling = child_parent->right;
++ }
++ else go_up = 0;
++ }
++
++ if(child_parent->color == RED
++ && sibling->color == BLACK
++ && sibling->left->color == BLACK
++ && sibling->right->color == BLACK)
++ {
++ /* move red to sibling to rebalance */
++ if(sibling != LDNS_RBTREE_NULL)
++ sibling->color = RED;
++ child_parent->color = BLACK;
++ return;
++ }
++
++ /* get a new sibling, by rotating at sibling. See which child
++ of sibling is red */
++ if(child_parent->right == child
++ && sibling->color == BLACK
++ && sibling->right->color == RED
++ && sibling->left->color == BLACK)
++ {
++ sibling->color = RED;
++ sibling->right->color = BLACK;
++ ldns_rbtree_rotate_left(rbtree, sibling);
++ /* new sibling after rotation */
++ if(child_parent->right == child) sibling = child_parent->left;
++ else sibling = child_parent->right;
++ }
++ else if(child_parent->left == child
++ && sibling->color == BLACK
++ && sibling->left->color == RED
++ && sibling->right->color == BLACK)
++ {
++ sibling->color = RED;
++ sibling->left->color = BLACK;
++ ldns_rbtree_rotate_right(rbtree, sibling);
++ /* new sibling after rotation */
++ if(child_parent->right == child) sibling = child_parent->left;
++ else sibling = child_parent->right;
++ }
++
++ /* now we have a black sibling with a red child. rotate and exchange colors. */
++ sibling->color = child_parent->color;
++ child_parent->color = BLACK;
++ if(child_parent->right == child)
++ {
++ sibling->left->color = BLACK;
++ ldns_rbtree_rotate_right(rbtree, child_parent);
++ }
++ else
++ {
++ sibling->right->color = BLACK;
++ ldns_rbtree_rotate_left(rbtree, child_parent);
++ }
++}
++
++int
++ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key, ldns_rbnode_t **result)
++{
++ int r;
++ ldns_rbnode_t *node;
++
++ /* We start at root... */
++ node = rbtree->root;
++
++ *result = NULL;
++
++ /* While there are children... */
++ while (node != LDNS_RBTREE_NULL) {
++ r = rbtree->cmp(key, node->key);
++ if (r == 0) {
++ /* Exact match */
++ *result = node;
++ return 1;
++ }
++ if (r < 0) {
++ node = node->left;
++ } else {
++ /* Temporary match */
++ *result = node;
++ node = node->right;
++ }
++ }
++ return 0;
++}
++
++/*
++ * Finds the first element in the red black tree
++ *
++ */
++ldns_rbnode_t *
++ldns_rbtree_first (ldns_rbtree_t *rbtree)
++{
++ ldns_rbnode_t *node = rbtree->root;
++
++ if (rbtree->root != LDNS_RBTREE_NULL) {
++ for (node = rbtree->root; node->left != LDNS_RBTREE_NULL; node = node->left);
++ }
++ return node;
++}
++
++ldns_rbnode_t *
++ldns_rbtree_last (ldns_rbtree_t *rbtree)
++{
++ ldns_rbnode_t *node = rbtree->root;
++
++ if (rbtree->root != LDNS_RBTREE_NULL) {
++ for (node = rbtree->root; node->right != LDNS_RBTREE_NULL; node = node->right);
++ }
++ return node;
++}
++
++/*
++ * Returns the next node...
++ *
++ */
++ldns_rbnode_t *
++ldns_rbtree_next (ldns_rbnode_t *node)
++{
++ ldns_rbnode_t *parent;
++
++ if (node->right != LDNS_RBTREE_NULL) {
++ /* One right, then keep on going left... */
++ for (node = node->right;
++ node->left != LDNS_RBTREE_NULL;
++ node = node->left);
++ } else {
++ parent = node->parent;
++ while (parent != LDNS_RBTREE_NULL && node == parent->right) {
++ node = parent;
++ parent = parent->parent;
++ }
++ node = parent;
++ }
++ return node;
++}
++
++ldns_rbnode_t *
++ldns_rbtree_previous(ldns_rbnode_t *node)
++{
++ ldns_rbnode_t *parent;
++
++ if (node->left != LDNS_RBTREE_NULL) {
++ /* One left, then keep on going right... */
++ for (node = node->left;
++ node->right != LDNS_RBTREE_NULL;
++ node = node->right);
++ } else {
++ parent = node->parent;
++ while (parent != LDNS_RBTREE_NULL && node == parent->left) {
++ node = parent;
++ parent = parent->parent;
++ }
++ node = parent;
++ }
++ return node;
++}
++
++/**
++ * split off elements number of elements from the start
++ * of the name tree and return a new tree
++ */
++ldns_rbtree_t *
++ldns_rbtree_split(ldns_rbtree_t *tree,
++ size_t elements)
++{
++ ldns_rbtree_t *new_tree;
++ ldns_rbnode_t *cur_node;
++ ldns_rbnode_t *move_node;
++ size_t count = 0;
++
++ new_tree = ldns_rbtree_create(tree->cmp);
++
++ cur_node = ldns_rbtree_first(tree);
++ while (count < elements && cur_node != LDNS_RBTREE_NULL) {
++ move_node = ldns_rbtree_delete(tree, cur_node->key);
++ (void)ldns_rbtree_insert(new_tree, move_node);
++ cur_node = ldns_rbtree_first(tree);
++ count++;
++ }
++
++ return new_tree;
++}
++
++/*
++ * add all node from the second tree to the first (removing them from the
++ * second), and fix up nsec(3)s if present
++ */
++void
++ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2)
++{
++ ldns_traverse_postorder(tree2, ldns_rbtree_insert_vref, tree1);
++}
++
++/** recursive descent traverse */
++static void
++traverse_post(void (*func)(ldns_rbnode_t*, void*), void* arg,
++ ldns_rbnode_t* node)
++{
++ if(!node || node == LDNS_RBTREE_NULL)
++ return;
++ /* recurse */
++ traverse_post(func, arg, node->left);
++ traverse_post(func, arg, node->right);
++ /* call user func */
++ (*func)(node, arg);
++}
++
++void
++ldns_traverse_postorder(ldns_rbtree_t* tree,
++ void (*func)(ldns_rbnode_t*, void*), void* arg)
++{
++ traverse_post(func, arg, tree->root);
++}
+diff --git a/ldns/src/rdata.c b/ldns/src/rdata.c
+new file mode 100644
+index 0000000..6eb0096
+--- /dev/null
++++ b/ldns/src/rdata.c
+@@ -0,0 +1,757 @@
++/*
++ * rdata.c
++ *
++ * rdata implementation
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++/*
++ * Access functions
++ * do this as functions to get type checking
++ */
++
++/* read */
++size_t
++ldns_rdf_size(const ldns_rdf *rd)
++{
++ assert(rd != NULL);
++ return rd->_size;
++}
++
++ldns_rdf_type
++ldns_rdf_get_type(const ldns_rdf *rd)
++{
++ assert(rd != NULL);
++ return rd->_type;
++}
++
++uint8_t *
++ldns_rdf_data(const ldns_rdf *rd)
++{
++ assert(rd != NULL);
++ return rd->_data;
++}
++
++/* write */
++void
++ldns_rdf_set_size(ldns_rdf *rd, size_t size)
++{
++ assert(rd != NULL);
++ rd->_size = size;
++}
++
++void
++ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type)
++{
++ assert(rd != NULL);
++ rd->_type = type;
++}
++
++void
++ldns_rdf_set_data(ldns_rdf *rd, void *data)
++{
++ /* only copy the pointer */
++ assert(rd != NULL);
++ rd->_data = data;
++}
++
++/* for types that allow it, return
++ * the native/host order type */
++uint8_t
++ldns_rdf2native_int8(const ldns_rdf *rd)
++{
++ uint8_t data;
++
++ /* only allow 8 bit rdfs */
++ if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_BYTE) {
++ return 0;
++ }
++
++ memcpy(&data, ldns_rdf_data(rd), sizeof(data));
++ return data;
++}
++
++uint16_t
++ldns_rdf2native_int16(const ldns_rdf *rd)
++{
++ uint16_t data;
++
++ /* only allow 16 bit rdfs */
++ if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_WORD) {
++ return 0;
++ }
++
++ memcpy(&data, ldns_rdf_data(rd), sizeof(data));
++ return ntohs(data);
++}
++
++uint32_t
++ldns_rdf2native_int32(const ldns_rdf *rd)
++{
++ uint32_t data;
++
++ /* only allow 32 bit rdfs */
++ if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_DOUBLEWORD) {
++ return 0;
++ }
++
++ memcpy(&data, ldns_rdf_data(rd), sizeof(data));
++ return ntohl(data);
++}
++
++time_t
++ldns_rdf2native_time_t(const ldns_rdf *rd)
++{
++ uint32_t data;
++
++ /* only allow 32 bit rdfs */
++ if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_DOUBLEWORD ||
++ ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_TIME) {
++ return 0;
++ }
++ memcpy(&data, ldns_rdf_data(rd), sizeof(data));
++ return (time_t)ntohl(data);
++}
++
++ldns_rdf *
++ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value)
++{
++ return ldns_rdf_new_frm_data(type, LDNS_RDF_SIZE_BYTE, &value);
++}
++
++ldns_rdf *
++ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
++{
++ uint16_t *rdf_data = LDNS_XMALLOC(uint16_t, 1);
++ ldns_rdf* rdf;
++ if (!rdf_data) {
++ return NULL;
++ }
++ ldns_write_uint16(rdf_data, value);
++ rdf = ldns_rdf_new(type, LDNS_RDF_SIZE_WORD, rdf_data);
++ if(!rdf)
++ LDNS_FREE(rdf_data);
++ return rdf;
++}
++
++ldns_rdf *
++ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value)
++{
++ uint32_t *rdf_data = LDNS_XMALLOC(uint32_t, 1);
++ ldns_rdf* rdf;
++ if (!rdf_data) {
++ return NULL;
++ }
++ ldns_write_uint32(rdf_data, value);
++ rdf = ldns_rdf_new(type, LDNS_RDF_SIZE_DOUBLEWORD, rdf_data);
++ if(!rdf)
++ LDNS_FREE(rdf_data);
++ return rdf;
++}
++
++ldns_rdf *
++ldns_native2rdf_int16_data(size_t size, uint8_t *data)
++{
++ uint8_t *rdf_data = LDNS_XMALLOC(uint8_t, size + 2);
++ ldns_rdf* rdf;
++ if (!rdf_data) {
++ return NULL;
++ }
++ ldns_write_uint16(rdf_data, size);
++ memcpy(rdf_data + 2, data, size);
++ rdf = ldns_rdf_new(LDNS_RDF_TYPE_INT16_DATA, size + 2, rdf_data);
++ if(!rdf)
++ LDNS_FREE(rdf_data);
++ return rdf;
++}
++
++/* note: data must be allocated memory */
++ldns_rdf *
++ldns_rdf_new(ldns_rdf_type type, size_t size, void *data)
++{
++ ldns_rdf *rd;
++ rd = LDNS_MALLOC(ldns_rdf);
++ if (!rd) {
++ return NULL;
++ }
++ ldns_rdf_set_size(rd, size);
++ ldns_rdf_set_type(rd, type);
++ ldns_rdf_set_data(rd, data);
++ return rd;
++}
++
++ldns_rdf *
++ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
++{
++ ldns_rdf *rdf;
++
++ /* if the size is too big, fail */
++ if (size > LDNS_MAX_RDFLEN) {
++ return NULL;
++ }
++
++ /* allocate space */
++ rdf = LDNS_MALLOC(ldns_rdf);
++ if (!rdf) {
++ return NULL;
++ }
++ rdf->_data = LDNS_XMALLOC(uint8_t, size);
++ if (!rdf->_data) {
++ LDNS_FREE(rdf);
++ return NULL;
++ }
++
++ /* set the values */
++ ldns_rdf_set_type(rdf, type);
++ ldns_rdf_set_size(rdf, size);
++ memcpy(rdf->_data, data, size);
++
++ return rdf;
++}
++
++ldns_rdf *
++ldns_rdf_clone(const ldns_rdf *rd)
++{
++ assert(rd != NULL);
++ return (ldns_rdf_new_frm_data( ldns_rdf_get_type(rd),
++ ldns_rdf_size(rd), ldns_rdf_data(rd)));
++}
++
++void
++ldns_rdf_deep_free(ldns_rdf *rd)
++{
++ if (rd) {
++ if (rd->_data) {
++ LDNS_FREE(rd->_data);
++ }
++ LDNS_FREE(rd);
++ }
++}
++
++void
++ldns_rdf_free(ldns_rdf *rd)
++{
++ if (rd) {
++ LDNS_FREE(rd);
++ }
++}
++
++ldns_rdf *
++ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str)
++{
++ ldns_rdf *rdf = NULL;
++ ldns_status status;
++
++ switch (type) {
++ case LDNS_RDF_TYPE_DNAME:
++ status = ldns_str2rdf_dname(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_INT8:
++ status = ldns_str2rdf_int8(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_INT16:
++ status = ldns_str2rdf_int16(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_INT32:
++ status = ldns_str2rdf_int32(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_A:
++ status = ldns_str2rdf_a(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_AAAA:
++ status = ldns_str2rdf_aaaa(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_STR:
++ status = ldns_str2rdf_str(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_APL:
++ status = ldns_str2rdf_apl(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_B64:
++ status = ldns_str2rdf_b64(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_B32_EXT:
++ status = ldns_str2rdf_b32_ext(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_HEX:
++ status = ldns_str2rdf_hex(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_NSEC:
++ status = ldns_str2rdf_nsec(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_TYPE:
++ status = ldns_str2rdf_type(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_CLASS:
++ status = ldns_str2rdf_class(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_CERT_ALG:
++ status = ldns_str2rdf_cert_alg(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_ALG:
++ status = ldns_str2rdf_alg(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_UNKNOWN:
++ status = ldns_str2rdf_unknown(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_TIME:
++ status = ldns_str2rdf_time(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_PERIOD:
++ status = ldns_str2rdf_period(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_HIP:
++ status = ldns_str2rdf_hip(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_SERVICE:
++ status = ldns_str2rdf_service(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_LOC:
++ status = ldns_str2rdf_loc(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_WKS:
++ status = ldns_str2rdf_wks(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_NSAP:
++ status = ldns_str2rdf_nsap(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_ATMA:
++ status = ldns_str2rdf_atma(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_IPSECKEY:
++ status = ldns_str2rdf_ipseckey(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_NSEC3_SALT:
++ status = ldns_str2rdf_nsec3_salt(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER:
++ status = ldns_str2rdf_b32_ext(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_ILNP64:
++ status = ldns_str2rdf_ilnp64(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_EUI48:
++ status = ldns_str2rdf_eui48(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_EUI64:
++ status = ldns_str2rdf_eui64(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_TAG:
++ status = ldns_str2rdf_tag(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_LONG_STR:
++ status = ldns_str2rdf_long_str(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_CERTIFICATE_USAGE:
++ status = ldns_str2rdf_certificate_usage(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_SELECTOR:
++ status = ldns_str2rdf_selector(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_MATCHING_TYPE:
++ status = ldns_str2rdf_matching_type(&rdf, str);
++ break;
++ case LDNS_RDF_TYPE_NONE:
++ default:
++ /* default default ??? */
++ status = LDNS_STATUS_ERR;
++ break;
++ }
++ if (LDNS_STATUS_OK == status) {
++ ldns_rdf_set_type(rdf, type);
++ return rdf;
++ }
++ if (rdf) {
++ LDNS_FREE(rdf);
++ }
++ return NULL;
++}
++
++ldns_status
++ldns_rdf_new_frm_fp(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp)
++{
++ return ldns_rdf_new_frm_fp_l(rdf, type, fp, NULL);
++}
++
++ldns_status
++ldns_rdf_new_frm_fp_l(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp, int *line_nr)
++{
++ char *line;
++ ldns_rdf *r;
++ ssize_t t;
++
++ line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
++ if (!line) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ /* read an entire line in from the file */
++ if ((t = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, 0, line_nr)) == -1 || t == 0) {
++ LDNS_FREE(line);
++ return LDNS_STATUS_SYNTAX_RDATA_ERR;
++ }
++ r = ldns_rdf_new_frm_str(type, (const char*) line);
++ LDNS_FREE(line);
++ if (rdf) {
++ *rdf = r;
++ return LDNS_STATUS_OK;
++ } else {
++ return LDNS_STATUS_NULL;
++ }
++}
++
++ldns_rdf *
++ldns_rdf_address_reverse(ldns_rdf *rd)
++{
++ uint8_t buf_4[LDNS_IP4ADDRLEN];
++ uint8_t buf_6[LDNS_IP6ADDRLEN * 2];
++ ldns_rdf *rev;
++ ldns_rdf *in_addr;
++ ldns_rdf *ret_dname;
++ uint8_t octet;
++ uint8_t nnibble;
++ uint8_t nibble;
++ uint8_t i, j;
++
++ char *char_dname;
++ int nbit;
++
++ if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_A &&
++ ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_AAAA) {
++ return NULL;
++ }
++
++ in_addr = NULL;
++ ret_dname = NULL;
++
++ switch(ldns_rdf_get_type(rd)) {
++ case LDNS_RDF_TYPE_A:
++ /* the length of the buffer is 4 */
++ buf_4[3] = ldns_rdf_data(rd)[0];
++ buf_4[2] = ldns_rdf_data(rd)[1];
++ buf_4[1] = ldns_rdf_data(rd)[2];
++ buf_4[0] = ldns_rdf_data(rd)[3];
++ in_addr = ldns_dname_new_frm_str("in-addr.arpa.");
++ if (!in_addr) {
++ return NULL;
++ }
++ /* make a new rdf and convert that back */
++ rev = ldns_rdf_new_frm_data( LDNS_RDF_TYPE_A,
++ LDNS_IP4ADDRLEN, (void*)&buf_4);
++ if (!rev) {
++ LDNS_FREE(in_addr);
++ return NULL;
++ }
++
++ /* convert rev to a string */
++ char_dname = ldns_rdf2str(rev);
++ if (!char_dname) {
++ LDNS_FREE(in_addr);
++ ldns_rdf_deep_free(rev);
++ return NULL;
++ }
++ /* transform back to rdf with type dname */
++ ret_dname = ldns_dname_new_frm_str(char_dname);
++ if (!ret_dname) {
++ LDNS_FREE(in_addr);
++ ldns_rdf_deep_free(rev);
++ LDNS_FREE(char_dname);
++ return NULL;
++ }
++ /* not needed anymore */
++ ldns_rdf_deep_free(rev);
++ LDNS_FREE(char_dname);
++ break;
++ case LDNS_RDF_TYPE_AAAA:
++ /* some foo magic to reverse the nibbles ... */
++
++ for (nbit = 127; nbit >= 0; nbit = nbit - 4) {
++ /* calculate octett (8 bit) */
++ octet = ( ((unsigned int) nbit) & 0x78) >> 3;
++ /* calculate nibble */
++ nnibble = ( ((unsigned int) nbit) & 0x04) >> 2;
++ /* extract nibble */
++ nibble = (ldns_rdf_data(rd)[octet] & ( 0xf << (4 * (1 -
++ nnibble)) ) ) >> ( 4 * (1 -
++ nnibble));
++
++ buf_6[(LDNS_IP6ADDRLEN * 2 - 1) -
++ (octet * 2 + nnibble)] =
++ (uint8_t)ldns_int_to_hexdigit((int)nibble);
++ }
++
++ char_dname = LDNS_XMALLOC(char, (LDNS_IP6ADDRLEN * 4));
++ if (!char_dname) {
++ return NULL;
++ }
++ char_dname[LDNS_IP6ADDRLEN * 4 - 1] = '\0'; /* closure */
++
++ /* walk the string and add . 's */
++ for (i = 0, j = 0; i < LDNS_IP6ADDRLEN * 2; i++, j = j + 2) {
++ char_dname[j] = (char)buf_6[i];
++ if (i != LDNS_IP6ADDRLEN * 2 - 1) {
++ char_dname[j + 1] = '.';
++ }
++ }
++ in_addr = ldns_dname_new_frm_str("ip6.arpa.");
++ if (!in_addr) {
++ LDNS_FREE(char_dname);
++ return NULL;
++ }
++
++ /* convert rev to a string */
++ ret_dname = ldns_dname_new_frm_str(char_dname);
++ LDNS_FREE(char_dname);
++ if (!ret_dname) {
++ ldns_rdf_deep_free(in_addr);
++ return NULL;
++ }
++ break;
++ default:
++ break;
++ }
++ /* add the suffix */
++ rev = ldns_dname_cat_clone(ret_dname, in_addr);
++
++ ldns_rdf_deep_free(ret_dname);
++ ldns_rdf_deep_free(in_addr);
++ return rev;
++}
++
++ldns_status
++ldns_rdf_hip_get_alg_hit_pk(ldns_rdf *rdf, uint8_t* alg,
++ uint8_t *hit_size, uint8_t** hit,
++ uint16_t *pk_size, uint8_t** pk)
++{
++ uint8_t *data;
++ size_t rdf_size;
++
++ if (! rdf || ! alg || ! hit || ! hit_size || ! pk || ! pk_size) {
++ return LDNS_STATUS_INVALID_POINTER;
++ } else if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_HIP) {
++ return LDNS_STATUS_INVALID_RDF_TYPE;
++ } else if ((rdf_size = ldns_rdf_size(rdf)) < 6) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ data = ldns_rdf_data(rdf);
++ *hit_size = data[0];
++ *alg = data[1];
++ *pk_size = ldns_read_uint16(data + 2);
++ *hit = data + 4;
++ *pk = data + 4 + *hit_size;
++ if (*hit_size == 0 || *pk_size == 0 ||
++ rdf_size < (size_t) *hit_size + *pk_size + 4) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_rdf_hip_new_frm_alg_hit_pk(ldns_rdf** rdf, uint8_t alg,
++ uint8_t hit_size, uint8_t *hit,
++ uint16_t pk_size, uint8_t *pk)
++{
++ uint8_t *data;
++
++ if (! rdf) {
++ return LDNS_STATUS_INVALID_POINTER;
++ }
++ if (4 + hit_size + pk_size > LDNS_MAX_RDFLEN) {
++ return LDNS_STATUS_RDATA_OVERFLOW;
++ }
++ data = LDNS_XMALLOC(uint8_t, 4 + hit_size + pk_size);
++ if (data == NULL) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ data[0] = hit_size;
++ data[1] = alg;
++ ldns_write_uint16(data + 2, pk_size);
++ memcpy(data + 4, hit, hit_size);
++ memcpy(data + 4 + hit_size, pk, pk_size);
++ *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HIP, 4 + hit_size + pk_size, data);
++ if (! *rdf) {
++ LDNS_FREE(data);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_octet(char *word, size_t *length)
++{
++ char *s;
++ char *p;
++ *length = 0;
++
++ for (s = p = word; *s != '\0'; s++,p++) {
++ switch (*s) {
++ case '.':
++ if (s[1] == '.') {
++ return LDNS_STATUS_EMPTY_LABEL;
++ }
++ *p = *s;
++ (*length)++;
++ break;
++ case '\\':
++ if ('0' <= s[1] && s[1] <= '9' &&
++ '0' <= s[2] && s[2] <= '9' &&
++ '0' <= s[3] && s[3] <= '9') {
++ /* \DDD seen */
++ int val = ((s[1] - '0') * 100 +
++ (s[2] - '0') * 10 + (s[3] - '0'));
++
++ if (0 <= val && val <= 255) {
++ /* this also handles \0 */
++ s += 3;
++ *p = val;
++ (*length)++;
++ } else {
++ return LDNS_STATUS_DDD_OVERFLOW;
++ }
++ } else {
++ /* an espaced character, like \<space> ?
++ * remove the '\' keep the rest */
++ *p = *++s;
++ (*length)++;
++ }
++ break;
++ case '\"':
++ /* non quoted " Is either first or the last character in
++ * the string */
++
++ *p = *++s; /* skip it */
++ (*length)++;
++ /* I'm not sure if this is needed in libdns... MG */
++ if ( *s == '\0' ) {
++ /* ok, it was the last one */
++ *p = '\0';
++ return LDNS_STATUS_OK;
++ }
++ break;
++ default:
++ *p = *s;
++ (*length)++;
++ break;
++ }
++ }
++ *p = '\0';
++ return LDNS_STATUS_OK;
++}
++
++int
++ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2)
++{
++ uint16_t i1, i2, i;
++ uint8_t *d1, *d2;
++
++ /* only when both are not NULL we can say anything about them */
++ if (!rd1 && !rd2) {
++ return 0;
++ }
++ if (!rd1 || !rd2) {
++ return -1;
++ }
++ i1 = ldns_rdf_size(rd1);
++ i2 = ldns_rdf_size(rd2);
++
++ if (i1 < i2) {
++ return -1;
++ } else if (i1 > i2) {
++ return +1;
++ } else {
++ d1 = (uint8_t*)ldns_rdf_data(rd1);
++ d2 = (uint8_t*)ldns_rdf_data(rd2);
++ for(i = 0; i < i1; i++) {
++ if (d1[i] < d2[i]) {
++ return -1;
++ } else if (d1[i] > d2[i]) {
++ return +1;
++ }
++ }
++ }
++ return 0;
++}
++
++uint32_t
++ldns_str2period(const char *nptr, const char **endptr)
++{
++ int sign = 0;
++ uint32_t i = 0;
++ uint32_t seconds = 0;
++
++ for(*endptr = nptr; **endptr; (*endptr)++) {
++ switch (**endptr) {
++ case ' ':
++ case '\t':
++ break;
++ case '-':
++ if(sign == 0) {
++ sign = -1;
++ } else {
++ return seconds;
++ }
++ break;
++ case '+':
++ if(sign == 0) {
++ sign = 1;
++ } else {
++ return seconds;
++ }
++ break;
++ case 's':
++ case 'S':
++ seconds += i;
++ i = 0;
++ break;
++ case 'm':
++ case 'M':
++ seconds += i * 60;
++ i = 0;
++ break;
++ case 'h':
++ case 'H':
++ seconds += i * 60 * 60;
++ i = 0;
++ break;
++ case 'd':
++ case 'D':
++ seconds += i * 60 * 60 * 24;
++ i = 0;
++ break;
++ case 'w':
++ case 'W':
++ seconds += i * 60 * 60 * 24 * 7;
++ i = 0;
++ break;
++ case '0':
++ case '1':
++ case '2':
++ case '3':
++ case '4':
++ case '5':
++ case '6':
++ case '7':
++ case '8':
++ case '9':
++ i *= 10;
++ i += (**endptr - '0');
++ break;
++ default:
++ seconds += i;
++ /* disregard signedness */
++ return seconds;
++ }
++ }
++ seconds += i;
++ /* disregard signedness */
++ return seconds;
++}
+diff --git a/ldns/src/resolver.c b/ldns/src/resolver.c
+new file mode 100644
+index 0000000..b092404
+--- /dev/null
++++ b/ldns/src/resolver.c
+@@ -0,0 +1,1603 @@
++/*
++ * resolver.c
++ *
++ * resolver implementation
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++#include <strings.h>
++
++/* Access function for reading
++ * and setting the different Resolver
++ * options */
++
++/* read */
++uint16_t
++ldns_resolver_port(const ldns_resolver *r)
++{
++ return r->_port;
++}
++
++ldns_rdf *
++ldns_resolver_source(const ldns_resolver *r)
++{
++ return r->_source;
++}
++
++uint16_t
++ldns_resolver_edns_udp_size(const ldns_resolver *r)
++{
++ return r->_edns_udp_size;
++}
++
++uint8_t
++ldns_resolver_retry(const ldns_resolver *r)
++{
++ return r->_retry;
++}
++
++uint8_t
++ldns_resolver_retrans(const ldns_resolver *r)
++{
++ return r->_retrans;
++}
++
++bool
++ldns_resolver_fallback(const ldns_resolver *r)
++{
++ return r->_fallback;
++}
++
++uint8_t
++ldns_resolver_ip6(const ldns_resolver *r)
++{
++ return r->_ip6;
++}
++
++bool
++ldns_resolver_recursive(const ldns_resolver *r)
++{
++ return r->_recursive;
++}
++
++bool
++ldns_resolver_debug(const ldns_resolver *r)
++{
++ return r->_debug;
++}
++
++bool
++ldns_resolver_dnsrch(const ldns_resolver *r)
++{
++ return r->_dnsrch;
++}
++
++bool
++ldns_resolver_fail(const ldns_resolver *r)
++{
++ return r->_fail;
++}
++
++bool
++ldns_resolver_defnames(const ldns_resolver *r)
++{
++ return r->_defnames;
++}
++
++ldns_rdf *
++ldns_resolver_domain(const ldns_resolver *r)
++{
++ return r->_domain;
++}
++
++ldns_rdf **
++ldns_resolver_searchlist(const ldns_resolver *r)
++{
++ return r->_searchlist;
++}
++
++ldns_rdf **
++ldns_resolver_nameservers(const ldns_resolver *r)
++{
++ return r->_nameservers;
++}
++
++size_t
++ldns_resolver_nameserver_count(const ldns_resolver *r)
++{
++ return r->_nameserver_count;
++}
++
++bool
++ldns_resolver_dnssec(const ldns_resolver *r)
++{
++ return r->_dnssec;
++}
++
++bool
++ldns_resolver_dnssec_cd(const ldns_resolver *r)
++{
++ return r->_dnssec_cd;
++}
++
++ldns_rr_list *
++ldns_resolver_dnssec_anchors(const ldns_resolver *r)
++{
++ return r->_dnssec_anchors;
++}
++
++bool
++ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys)
++{
++ size_t i;
++ bool result = false;
++
++ ldns_rr_list * trust_anchors;
++ ldns_rr * cur_rr;
++
++ if (!r || !keys) { return false; }
++
++ trust_anchors = ldns_resolver_dnssec_anchors(r);
++
++ if (!trust_anchors) { return false; }
++
++ for (i = 0; i < ldns_rr_list_rr_count(keys); i++) {
++
++ cur_rr = ldns_rr_list_rr(keys, i);
++ if (ldns_rr_list_contains_rr(trust_anchors, cur_rr)) {
++ if (trusted_keys) { ldns_rr_list_push_rr(trusted_keys, cur_rr); }
++ result = true;
++ }
++ }
++
++ return result;
++}
++
++bool
++ldns_resolver_igntc(const ldns_resolver *r)
++{
++ return r->_igntc;
++}
++
++bool
++ldns_resolver_usevc(const ldns_resolver *r)
++{
++ return r->_usevc;
++}
++
++size_t *
++ldns_resolver_rtt(const ldns_resolver *r)
++{
++ return r->_rtt;
++}
++
++size_t
++ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos)
++{
++ size_t *rtt;
++
++ assert(r != NULL);
++
++ rtt = ldns_resolver_rtt(r);
++
++ if (pos >= ldns_resolver_nameserver_count(r)) {
++ /* error ?*/
++ return 0;
++ } else {
++ return rtt[pos];
++ }
++
++}
++
++struct timeval
++ldns_resolver_timeout(const ldns_resolver *r)
++{
++ return r->_timeout;
++}
++
++char *
++ldns_resolver_tsig_keyname(const ldns_resolver *r)
++{
++ return r->_tsig_keyname;
++}
++
++char *
++ldns_resolver_tsig_algorithm(const ldns_resolver *r)
++{
++ return r->_tsig_algorithm;
++}
++
++char *
++ldns_resolver_tsig_keydata(const ldns_resolver *r)
++{
++ return r->_tsig_keydata;
++}
++
++bool
++ldns_resolver_random(const ldns_resolver *r)
++{
++ return r->_random;
++}
++
++size_t
++ldns_resolver_searchlist_count(const ldns_resolver *r)
++{
++ return r->_searchlist_count;
++}
++
++/* write */
++void
++ldns_resolver_set_port(ldns_resolver *r, uint16_t p)
++{
++ r->_port = p;
++}
++
++void
++ldns_resolver_set_source(ldns_resolver *r, ldns_rdf *s)
++{
++ r->_source = s;
++}
++
++ldns_rdf *
++ldns_resolver_pop_nameserver(ldns_resolver *r)
++{
++ ldns_rdf **nameservers;
++ ldns_rdf *pop;
++ size_t ns_count;
++ size_t *rtt;
++
++ assert(r != NULL);
++
++ ns_count = ldns_resolver_nameserver_count(r);
++ nameservers = ldns_resolver_nameservers(r);
++ rtt = ldns_resolver_rtt(r);
++ if (ns_count == 0 || !nameservers) {
++ return NULL;
++ }
++
++ pop = nameservers[ns_count - 1];
++
++ if (ns_count == 1) {
++ LDNS_FREE(nameservers);
++ LDNS_FREE(rtt);
++
++ ldns_resolver_set_nameservers(r, NULL);
++ ldns_resolver_set_rtt(r, NULL);
++ } else {
++ nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *,
++ (ns_count - 1));
++ rtt = LDNS_XREALLOC(rtt, size_t, (ns_count - 1));
++
++ ldns_resolver_set_nameservers(r, nameservers);
++ ldns_resolver_set_rtt(r, rtt);
++ }
++ /* decr the count */
++ ldns_resolver_dec_nameserver_count(r);
++ return pop;
++}
++
++ldns_status
++ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n)
++{
++ ldns_rdf **nameservers;
++ size_t ns_count;
++ size_t *rtt;
++
++ if (ldns_rdf_get_type(n) != LDNS_RDF_TYPE_A &&
++ ldns_rdf_get_type(n) != LDNS_RDF_TYPE_AAAA) {
++ return LDNS_STATUS_ERR;
++ }
++
++ ns_count = ldns_resolver_nameserver_count(r);
++ nameservers = ldns_resolver_nameservers(r);
++ rtt = ldns_resolver_rtt(r);
++
++ /* make room for the next one */
++ if (ns_count == 0) {
++ nameservers = LDNS_XMALLOC(ldns_rdf *, 1);
++ } else {
++ nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count + 1));
++ }
++ if(!nameservers)
++ return LDNS_STATUS_MEM_ERR;
++
++ /* set the new value in the resolver */
++ ldns_resolver_set_nameservers(r, nameservers);
++
++ /* don't forget the rtt */
++ if (ns_count == 0) {
++ rtt = LDNS_XMALLOC(size_t, 1);
++ } else {
++ rtt = LDNS_XREALLOC(rtt, size_t, (ns_count + 1));
++ }
++ if(!rtt)
++ return LDNS_STATUS_MEM_ERR;
++
++ /* slide n in its slot. */
++ /* we clone it here, because then we can free the original
++ * rr's where it stood */
++ nameservers[ns_count] = ldns_rdf_clone(n);
++ rtt[ns_count] = LDNS_RESOLV_RTT_MIN;
++ ldns_resolver_incr_nameserver_count(r);
++ ldns_resolver_set_rtt(r, rtt);
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr)
++{
++ ldns_rdf *address;
++ if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_A &&
++ ldns_rr_get_type(rr) != LDNS_RR_TYPE_AAAA)) {
++ return LDNS_STATUS_ERR;
++ }
++ address = ldns_rr_rdf(rr, 0); /* extract the ip number */
++ if (address) {
++ return ldns_resolver_push_nameserver(r, address);
++ } else {
++ return LDNS_STATUS_ERR;
++ }
++}
++
++ldns_status
++ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist)
++{
++ ldns_rr *rr;
++ ldns_status stat;
++ size_t i;
++
++ stat = LDNS_STATUS_OK;
++ if (rrlist) {
++ for(i = 0; i < ldns_rr_list_rr_count(rrlist); i++) {
++ rr = ldns_rr_list_rr(rrlist, i);
++ if (ldns_resolver_push_nameserver_rr(r, rr) != LDNS_STATUS_OK) {
++ stat = LDNS_STATUS_ERR;
++ break;
++ }
++ }
++ return stat;
++ } else {
++ return LDNS_STATUS_ERR;
++ }
++}
++
++void
++ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s)
++{
++ r->_edns_udp_size = s;
++}
++
++void
++ldns_resolver_set_recursive(ldns_resolver *r, bool re)
++{
++ r->_recursive = re;
++}
++
++void
++ldns_resolver_set_dnssec(ldns_resolver *r, bool d)
++{
++ r->_dnssec = d;
++}
++
++void
++ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool d)
++{
++ r->_dnssec_cd = d;
++}
++
++void
++ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l)
++{
++ r->_dnssec_anchors = l;
++}
++
++ldns_status
++ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr)
++{
++ ldns_rr_list * trust_anchors;
++
++ if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY &&
++ ldns_rr_get_type(rr) != LDNS_RR_TYPE_DS)) {
++
++ return LDNS_STATUS_ERR;
++ }
++
++ if (!(trust_anchors = ldns_resolver_dnssec_anchors(r))) { /* Initialize */
++ trust_anchors = ldns_rr_list_new();
++ ldns_resolver_set_dnssec_anchors(r, trust_anchors);
++ }
++
++ return (ldns_rr_list_push_rr(trust_anchors, ldns_rr_clone(rr))) ? LDNS_STATUS_OK : LDNS_STATUS_ERR;
++}
++
++void
++ldns_resolver_set_igntc(ldns_resolver *r, bool i)
++{
++ r->_igntc = i;
++}
++
++void
++ldns_resolver_set_usevc(ldns_resolver *r, bool vc)
++{
++ r->_usevc = vc;
++}
++
++void
++ldns_resolver_set_debug(ldns_resolver *r, bool d)
++{
++ r->_debug = d;
++}
++
++void
++ldns_resolver_set_ip6(ldns_resolver *r, uint8_t ip6)
++{
++ r->_ip6 = ip6;
++}
++
++void
++ldns_resolver_set_fail(ldns_resolver *r, bool f)
++{
++ r->_fail =f;
++}
++
++static void
++ldns_resolver_set_searchlist_count(ldns_resolver *r, size_t c)
++{
++ r->_searchlist_count = c;
++}
++
++void
++ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c)
++{
++ r->_nameserver_count = c;
++}
++
++void
++ldns_resolver_set_dnsrch(ldns_resolver *r, bool d)
++{
++ r->_dnsrch = d;
++}
++
++void
++ldns_resolver_set_retry(ldns_resolver *r, uint8_t retry)
++{
++ r->_retry = retry;
++}
++
++void
++ldns_resolver_set_retrans(ldns_resolver *r, uint8_t retrans)
++{
++ r->_retrans = retrans;
++}
++
++void
++ldns_resolver_set_fallback(ldns_resolver *r, bool fallback)
++{
++ r->_fallback = fallback;
++}
++
++void
++ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **n)
++{
++ r->_nameservers = n;
++}
++
++void
++ldns_resolver_set_defnames(ldns_resolver *r, bool d)
++{
++ r->_defnames = d;
++}
++
++void
++ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt)
++{
++ r->_rtt = rtt;
++}
++
++void
++ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value)
++{
++ size_t *rtt;
++
++ assert(r != NULL);
++
++ rtt = ldns_resolver_rtt(r);
++
++ if (pos >= ldns_resolver_nameserver_count(r)) {
++ /* error ?*/
++ } else {
++ rtt[pos] = value;
++ }
++
++}
++
++void
++ldns_resolver_incr_nameserver_count(ldns_resolver *r)
++{
++ size_t c;
++
++ c = ldns_resolver_nameserver_count(r);
++ ldns_resolver_set_nameserver_count(r, ++c);
++}
++
++void
++ldns_resolver_dec_nameserver_count(ldns_resolver *r)
++{
++ size_t c;
++
++ c = ldns_resolver_nameserver_count(r);
++ if (c == 0) {
++ return;
++ } else {
++ ldns_resolver_set_nameserver_count(r, --c);
++ }
++}
++
++void
++ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *d)
++{
++ r->_domain = d;
++}
++
++void
++ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout)
++{
++ r->_timeout.tv_sec = timeout.tv_sec;
++ r->_timeout.tv_usec = timeout.tv_usec;
++}
++
++void
++ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *d)
++{
++ ldns_rdf **searchlist;
++ size_t list_count;
++
++ if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) {
++ return;
++ }
++
++ list_count = ldns_resolver_searchlist_count(r);
++ searchlist = ldns_resolver_searchlist(r);
++
++ searchlist = LDNS_XREALLOC(searchlist, ldns_rdf *, (list_count + 1));
++ if (searchlist) {
++ r->_searchlist = searchlist;
++
++ searchlist[list_count] = ldns_rdf_clone(d);
++ ldns_resolver_set_searchlist_count(r, list_count + 1);
++ } /* no way to report mem err */
++}
++
++void
++ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname)
++{
++ LDNS_FREE(r->_tsig_keyname);
++ r->_tsig_keyname = strdup(tsig_keyname);
++}
++
++void
++ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm)
++{
++ LDNS_FREE(r->_tsig_algorithm);
++ r->_tsig_algorithm = strdup(tsig_algorithm);
++}
++
++void
++ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata)
++{
++ LDNS_FREE(r->_tsig_keydata);
++ r->_tsig_keydata = strdup(tsig_keydata);
++}
++
++void
++ldns_resolver_set_random(ldns_resolver *r, bool b)
++{
++ r->_random = b;
++}
++
++/* more sophisticated functions */
++ldns_resolver *
++ldns_resolver_new(void)
++{
++ ldns_resolver *r;
++
++ r = LDNS_MALLOC(ldns_resolver);
++ if (!r) {
++ return NULL;
++ }
++
++ r->_searchlist = NULL;
++ r->_nameservers = NULL;
++ r->_rtt = NULL;
++
++ /* defaults are filled out */
++ ldns_resolver_set_searchlist_count(r, 0);
++ ldns_resolver_set_nameserver_count(r, 0);
++ ldns_resolver_set_usevc(r, 0);
++ ldns_resolver_set_port(r, LDNS_PORT);
++ ldns_resolver_set_domain(r, NULL);
++ ldns_resolver_set_defnames(r, false);
++ ldns_resolver_set_retry(r, 3);
++ ldns_resolver_set_retrans(r, 2);
++ ldns_resolver_set_fallback(r, true);
++ ldns_resolver_set_fail(r, false);
++ ldns_resolver_set_edns_udp_size(r, 0);
++ ldns_resolver_set_dnssec(r, false);
++ ldns_resolver_set_dnssec_cd(r, false);
++ ldns_resolver_set_dnssec_anchors(r, NULL);
++ ldns_resolver_set_ip6(r, LDNS_RESOLV_INETANY);
++ ldns_resolver_set_igntc(r, false);
++ ldns_resolver_set_recursive(r, false);
++ ldns_resolver_set_dnsrch(r, true);
++ ldns_resolver_set_source(r, NULL);
++ ldns_resolver_set_ixfr_serial(r, 0);
++
++ /* randomize the nameserver to be queried
++ * when there are multiple
++ */
++ ldns_resolver_set_random(r, true);
++
++ ldns_resolver_set_debug(r, 0);
++
++ r->_timeout.tv_sec = LDNS_DEFAULT_TIMEOUT_SEC;
++ r->_timeout.tv_usec = LDNS_DEFAULT_TIMEOUT_USEC;
++
++ /* TODO: fd=0 is actually a valid socket (stdin),
++ replace with -1 */
++ r->_socket = 0;
++ r->_axfr_soa_count = 0;
++ r->_axfr_i = 0;
++ r->_cur_axfr_pkt = NULL;
++
++ r->_tsig_keyname = NULL;
++ r->_tsig_keydata = NULL;
++ r->_tsig_algorithm = NULL;
++ return r;
++}
++
++ldns_resolver *
++ldns_resolver_clone(ldns_resolver *src)
++{
++ ldns_resolver *dst;
++ size_t i;
++
++ assert(src != NULL);
++
++ if (!(dst = LDNS_MALLOC(ldns_resolver))) return NULL;
++ (void) memcpy(dst, src, sizeof(ldns_resolver));
++
++ if (dst->_searchlist_count == 0)
++ dst->_searchlist = NULL;
++ else {
++ if (!(dst->_searchlist =
++ LDNS_XMALLOC(ldns_rdf *, dst->_searchlist_count)))
++ goto error;
++ for (i = 0; i < dst->_searchlist_count; i++)
++ if (!(dst->_searchlist[i] =
++ ldns_rdf_clone(src->_searchlist[i]))) {
++ dst->_searchlist_count = i;
++ goto error_searchlist;
++ }
++ }
++ if (dst->_nameserver_count == 0) {
++ dst->_nameservers = NULL;
++ dst->_rtt = NULL;
++ } else {
++ if (!(dst->_nameservers =
++ LDNS_XMALLOC(ldns_rdf *, dst->_nameserver_count)))
++ goto error_searchlist;
++ for (i = 0; i < dst->_nameserver_count; i++)
++ if (!(dst->_nameservers[i] =
++ ldns_rdf_clone(src->_nameservers[i]))) {
++ dst->_nameserver_count = i;
++ goto error_nameservers;
++ }
++ if (!(dst->_rtt =
++ LDNS_XMALLOC(size_t, dst->_nameserver_count)))
++ goto error_nameservers;
++ (void) memcpy(dst->_rtt, src->_rtt,
++ sizeof(size_t) * dst->_nameserver_count);
++ }
++ if (dst->_domain && (!(dst->_domain = ldns_rdf_clone(src->_domain))))
++ goto error_rtt;
++
++ if (dst->_tsig_keyname &&
++ (!(dst->_tsig_keyname = strdup(src->_tsig_keyname))))
++ goto error_domain;
++
++ if (dst->_tsig_keydata &&
++ (!(dst->_tsig_keydata = strdup(src->_tsig_keydata))))
++ goto error_tsig_keyname;
++
++ if (dst->_tsig_algorithm &&
++ (!(dst->_tsig_algorithm = strdup(src->_tsig_algorithm))))
++ goto error_tsig_keydata;
++
++ if (dst->_cur_axfr_pkt &&
++ (!(dst->_cur_axfr_pkt = ldns_pkt_clone(src->_cur_axfr_pkt))))
++ goto error_tsig_algorithm;
++
++ if (dst->_dnssec_anchors &&
++ (!(dst->_dnssec_anchors=ldns_rr_list_clone(src->_dnssec_anchors))))
++ goto error_cur_axfr_pkt;
++
++ return dst;
++
++error_cur_axfr_pkt:
++ ldns_pkt_free(dst->_cur_axfr_pkt);
++error_tsig_algorithm:
++ LDNS_FREE(dst->_tsig_algorithm);
++error_tsig_keydata:
++ LDNS_FREE(dst->_tsig_keydata);
++error_tsig_keyname:
++ LDNS_FREE(dst->_tsig_keyname);
++error_domain:
++ ldns_rdf_deep_free(dst->_domain);
++error_rtt:
++ LDNS_FREE(dst->_rtt);
++error_nameservers:
++ for (i = 0; i < dst->_nameserver_count; i++)
++ ldns_rdf_deep_free(dst->_nameservers[i]);
++ LDNS_FREE(dst->_nameservers);
++error_searchlist:
++ for (i = 0; i < dst->_searchlist_count; i++)
++ ldns_rdf_deep_free(dst->_searchlist[i]);
++ LDNS_FREE(dst->_searchlist);
++error:
++ LDNS_FREE(dst);
++ return NULL;
++}
++
++
++ldns_status
++ldns_resolver_new_frm_fp(ldns_resolver **res, FILE *fp)
++{
++ return ldns_resolver_new_frm_fp_l(res, fp, NULL);
++}
++
++ldns_status
++ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
++{
++ ldns_resolver *r;
++ const char *keyword[LDNS_RESOLV_KEYWORDS];
++ char word[LDNS_MAX_LINELEN + 1];
++ int8_t expect;
++ uint8_t i;
++ ldns_rdf *tmp;
++#ifdef HAVE_SSL
++ ldns_rr *tmp_rr;
++#endif
++ ssize_t gtr, bgtr;
++ ldns_buffer *b;
++ int lnr = 0, oldline;
++ FILE* myfp = fp;
++ if(!line_nr) line_nr = &lnr;
++
++ if(!fp) {
++ myfp = fopen("/etc/resolv.conf", "r");
++ if(!myfp)
++ return LDNS_STATUS_FILE_ERR;
++ }
++
++ /* do this better
++ * expect =
++ * 0: keyword
++ * 1: default domain dname
++ * 2: NS aaaa or a record
++ */
++
++ /* recognized keywords */
++ keyword[LDNS_RESOLV_NAMESERVER] = "nameserver";
++ keyword[LDNS_RESOLV_DEFDOMAIN] = "domain";
++ keyword[LDNS_RESOLV_SEARCH] = "search";
++ /* these two are read but not used atm TODO */
++ keyword[LDNS_RESOLV_SORTLIST] = "sortlist";
++ keyword[LDNS_RESOLV_OPTIONS] = "options";
++ keyword[LDNS_RESOLV_ANCHOR] = "anchor";
++ expect = LDNS_RESOLV_KEYWORD;
++
++ r = ldns_resolver_new();
++ if (!r) {
++ if(!fp) fclose(myfp);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ gtr = 1;
++ word[0] = 0;
++ oldline = *line_nr;
++ expect = LDNS_RESOLV_KEYWORD;
++ while (gtr > 0) {
++ /* check comments */
++ if (word[0] == '#') {
++ word[0]='x';
++ if(oldline == *line_nr) {
++ /* skip until end of line */
++ int c;
++ do {
++ c = fgetc(myfp);
++ } while(c != EOF && c != '\n');
++ if(c=='\n') (*line_nr)++;
++ }
++ /* and read next to prepare for further parsing */
++ oldline = *line_nr;
++ continue;
++ }
++ oldline = *line_nr;
++ switch(expect) {
++ case LDNS_RESOLV_KEYWORD:
++ /* keyword */
++ gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
++ if (gtr != 0) {
++ if(word[0] == '#') continue;
++ for(i = 0; i < LDNS_RESOLV_KEYWORDS; i++) {
++ if (strcasecmp(keyword[i], word) == 0) {
++ /* chosen the keyword and
++ * expect values carefully
++ */
++ expect = i;
++ break;
++ }
++ }
++ /* no keyword recognized */
++ if (expect == LDNS_RESOLV_KEYWORD) {
++ /* skip line */
++ /*
++ ldns_resolver_deep_free(r);
++ if(!fp) fclose(myfp);
++ return LDNS_STATUS_SYNTAX_KEYWORD_ERR;
++ */
++ }
++ }
++ break;
++ case LDNS_RESOLV_DEFDOMAIN:
++ /* default domain dname */
++ gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
++ if (gtr == 0) {
++ if(!fp) fclose(myfp);
++ return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
++ }
++ if(word[0] == '#') {
++ expect = LDNS_RESOLV_KEYWORD;
++ continue;
++ }
++ tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word);
++ if (!tmp) {
++ ldns_resolver_deep_free(r);
++ if(!fp) fclose(myfp);
++ return LDNS_STATUS_SYNTAX_DNAME_ERR;
++ }
++
++ /* DOn't free, because we copy the pointer */
++ ldns_resolver_set_domain(r, tmp);
++ expect = LDNS_RESOLV_KEYWORD;
++ break;
++ case LDNS_RESOLV_NAMESERVER:
++ /* NS aaaa or a record */
++ gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
++ if (gtr == 0) {
++ if(!fp) fclose(myfp);
++ return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
++ }
++ if(word[0] == '#') {
++ expect = LDNS_RESOLV_KEYWORD;
++ continue;
++ }
++ if(strchr(word, '%')) {
++ /* snip off interface labels,
++ * fe80::222:19ff:fe31:4222%eth0 */
++ strchr(word, '%')[0]=0;
++ }
++ tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, word);
++ if (!tmp) {
++ /* try ip4 */
++ tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, word);
++ }
++ /* could not parse it, exit */
++ if (!tmp) {
++ ldns_resolver_deep_free(r);
++ if(!fp) fclose(myfp);
++ return LDNS_STATUS_SYNTAX_ERR;
++ }
++ (void)ldns_resolver_push_nameserver(r, tmp);
++ ldns_rdf_deep_free(tmp);
++ expect = LDNS_RESOLV_KEYWORD;
++ break;
++ case LDNS_RESOLV_SEARCH:
++ /* search list domain dname */
++ gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
++ b = LDNS_MALLOC(ldns_buffer);
++ if(!b) {
++ ldns_resolver_deep_free(r);
++ if(!fp) fclose(myfp);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ ldns_buffer_new_frm_data(b, word, (size_t) gtr);
++ if(ldns_buffer_status(b) != LDNS_STATUS_OK) {
++ LDNS_FREE(b);
++ ldns_resolver_deep_free(r);
++ if(!fp) fclose(myfp);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, (size_t) gtr + 1);
++ while (bgtr > 0) {
++ gtr -= bgtr;
++ if(word[0] == '#') {
++ expect = LDNS_RESOLV_KEYWORD;
++ break;
++ }
++ tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word);
++ if (!tmp) {
++ ldns_resolver_deep_free(r);
++ ldns_buffer_free(b);
++ if(!fp) fclose(myfp);
++ return LDNS_STATUS_SYNTAX_DNAME_ERR;
++ }
++
++ ldns_resolver_push_searchlist(r, tmp);
++
++ ldns_rdf_deep_free(tmp);
++ bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL,
++ (size_t) gtr + 1);
++ }
++ ldns_buffer_free(b);
++ if (expect != LDNS_RESOLV_KEYWORD) {
++ gtr = 1;
++ expect = LDNS_RESOLV_KEYWORD;
++ }
++ break;
++ case LDNS_RESOLV_SORTLIST:
++ gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
++ /* sortlist not implemented atm */
++ expect = LDNS_RESOLV_KEYWORD;
++ break;
++ case LDNS_RESOLV_OPTIONS:
++ gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
++ /* options not implemented atm */
++ expect = LDNS_RESOLV_KEYWORD;
++ break;
++ case LDNS_RESOLV_ANCHOR:
++ /* a file containing a DNSSEC trust anchor */
++ gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
++ if (gtr == 0) {
++ ldns_resolver_deep_free(r);
++ if(!fp) fclose(myfp);
++ return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
++ }
++ if(word[0] == '#') {
++ expect = LDNS_RESOLV_KEYWORD;
++ continue;
++ }
++
++#ifdef HAVE_SSL
++ tmp_rr = ldns_read_anchor_file(word);
++ (void) ldns_resolver_push_dnssec_anchor(r, tmp_rr);
++ ldns_rr_free(tmp_rr);
++#endif
++ expect = LDNS_RESOLV_KEYWORD;
++ break;
++ }
++ }
++
++ if(!fp)
++ fclose(myfp);
++
++ if (res) {
++ *res = r;
++ return LDNS_STATUS_OK;
++ } else {
++ ldns_resolver_deep_free(r);
++ return LDNS_STATUS_NULL;
++ }
++}
++
++ldns_status
++ldns_resolver_new_frm_file(ldns_resolver **res, const char *filename)
++{
++ ldns_resolver *r;
++ FILE *fp;
++ ldns_status s;
++
++ if (!filename) {
++ fp = fopen(LDNS_RESOLV_CONF, "r");
++
++ } else {
++ fp = fopen(filename, "r");
++ }
++ if (!fp) {
++ return LDNS_STATUS_FILE_ERR;
++ }
++
++ s = ldns_resolver_new_frm_fp(&r, fp);
++ fclose(fp);
++ if (s == LDNS_STATUS_OK) {
++ if (res) {
++ *res = r;
++ return LDNS_STATUS_OK;
++ } else {
++ ldns_resolver_free(r);
++ return LDNS_STATUS_NULL;
++ }
++ }
++ return s;
++}
++
++void
++ldns_resolver_free(ldns_resolver *res)
++{
++ LDNS_FREE(res);
++}
++
++void
++ldns_resolver_deep_free(ldns_resolver *res)
++{
++ size_t i;
++
++ if (res) {
++ if (res->_searchlist) {
++ for (i = 0; i < ldns_resolver_searchlist_count(res); i++) {
++ ldns_rdf_deep_free(res->_searchlist[i]);
++ }
++ LDNS_FREE(res->_searchlist);
++ }
++ if (res->_nameservers) {
++ for (i = 0; i < res->_nameserver_count; i++) {
++ ldns_rdf_deep_free(res->_nameservers[i]);
++ }
++ LDNS_FREE(res->_nameservers);
++ }
++ if (ldns_resolver_domain(res)) {
++ ldns_rdf_deep_free(ldns_resolver_domain(res));
++ }
++ if (res->_tsig_keyname) {
++ LDNS_FREE(res->_tsig_keyname);
++ }
++ if (res->_tsig_keydata) {
++ LDNS_FREE(res->_tsig_keydata);
++ }
++ if (res->_tsig_algorithm) {
++ LDNS_FREE(res->_tsig_algorithm);
++ }
++
++ if (res->_cur_axfr_pkt) {
++ ldns_pkt_free(res->_cur_axfr_pkt);
++ }
++
++ if (res->_rtt) {
++ LDNS_FREE(res->_rtt);
++ }
++ if (res->_dnssec_anchors) {
++ ldns_rr_list_deep_free(res->_dnssec_anchors);
++ }
++ LDNS_FREE(res);
++ }
++}
++
++ldns_status
++ldns_resolver_search_status(ldns_pkt** pkt,
++ ldns_resolver *r, const ldns_rdf *name,
++ ldns_rr_type t, ldns_rr_class c, uint16_t flags)
++{
++ ldns_rdf *new_name;
++ ldns_rdf **search_list;
++ size_t i;
++ ldns_status s = LDNS_STATUS_OK;
++ ldns_rdf root_dname = { 1, LDNS_RDF_TYPE_DNAME, (void *)"" };
++
++ if (ldns_dname_absolute(name)) {
++ /* query as-is */
++ return ldns_resolver_query_status(pkt, r, name, t, c, flags);
++ } else if (ldns_resolver_dnsrch(r)) {
++ search_list = ldns_resolver_searchlist(r);
++ for (i = 0; i <= ldns_resolver_searchlist_count(r); i++) {
++ if (i == ldns_resolver_searchlist_count(r)) {
++ new_name = ldns_dname_cat_clone(name,
++ &root_dname);
++ } else {
++ new_name = ldns_dname_cat_clone(name,
++ search_list[i]);
++ }
++
++ s = ldns_resolver_query_status(pkt, r,
++ new_name, t, c, flags);
++ ldns_rdf_free(new_name);
++ if (pkt && *pkt) {
++ if (s == LDNS_STATUS_OK &&
++ ldns_pkt_get_rcode(*pkt) ==
++ LDNS_RCODE_NOERROR) {
++
++ return LDNS_STATUS_OK;
++ }
++ ldns_pkt_free(*pkt);
++ *pkt = NULL;
++ }
++ }
++ }
++ return s;
++}
++
++ldns_pkt *
++ldns_resolver_search(const ldns_resolver *r,const ldns_rdf *name,
++ ldns_rr_type t, ldns_rr_class c, uint16_t flags)
++{
++ ldns_pkt* pkt = NULL;
++ if (ldns_resolver_search_status(&pkt, (ldns_resolver *)r,
++ name, t, c, flags) != LDNS_STATUS_OK) {
++ ldns_pkt_free(pkt);
++ }
++ return pkt;
++}
++
++ldns_status
++ldns_resolver_query_status(ldns_pkt** pkt,
++ ldns_resolver *r, const ldns_rdf *name,
++ ldns_rr_type t, ldns_rr_class c, uint16_t flags)
++{
++ ldns_rdf *newname;
++ ldns_status status;
++
++ if (!ldns_resolver_defnames(r) || !ldns_resolver_domain(r)) {
++ return ldns_resolver_send(pkt, r, name, t, c, flags);
++ }
++
++ newname = ldns_dname_cat_clone(name, ldns_resolver_domain(r));
++ if (!newname) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ status = ldns_resolver_send(pkt, r, newname, t, c, flags);
++ ldns_rdf_free(newname);
++ return status;
++}
++
++ldns_pkt *
++ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name,
++ ldns_rr_type t, ldns_rr_class c, uint16_t flags)
++{
++ ldns_pkt* pkt = NULL;
++ if (ldns_resolver_query_status(&pkt, (ldns_resolver *)r,
++ name, t, c, flags) != LDNS_STATUS_OK) {
++ ldns_pkt_free(pkt);
++ }
++ return pkt;
++}
++
++static size_t *
++ldns_resolver_backup_rtt(ldns_resolver *r)
++{
++ size_t *new_rtt;
++ size_t *old_rtt = ldns_resolver_rtt(r);
++
++ if (old_rtt && ldns_resolver_nameserver_count(r)) {
++ new_rtt = LDNS_XMALLOC(size_t
++ , ldns_resolver_nameserver_count(r));
++ memcpy(new_rtt, old_rtt, sizeof(size_t)
++ * ldns_resolver_nameserver_count(r));
++ ldns_resolver_set_rtt(r, new_rtt);
++ return old_rtt;
++ }
++ return NULL;
++}
++
++static void
++ldns_resolver_restore_rtt(ldns_resolver *r, size_t *old_rtt)
++{
++ size_t *cur_rtt = ldns_resolver_rtt(r);
++
++ if (cur_rtt) {
++ LDNS_FREE(cur_rtt);
++ }
++ ldns_resolver_set_rtt(r, old_rtt);
++}
++
++ldns_status
++ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r,
++ ldns_pkt *query_pkt)
++{
++ ldns_pkt *answer_pkt = NULL;
++ ldns_status stat = LDNS_STATUS_OK;
++ size_t *rtt;
++
++ stat = ldns_send(&answer_pkt, (ldns_resolver *)r, query_pkt);
++ if (stat != LDNS_STATUS_OK) {
++ if(answer_pkt) {
++ ldns_pkt_free(answer_pkt);
++ answer_pkt = NULL;
++ }
++ } else {
++ /* if tc=1 fall back to EDNS and/or TCP */
++ /* check for tcp first (otherwise we don't care about tc=1) */
++ if (!ldns_resolver_usevc(r) && ldns_resolver_fallback(r)) {
++ if (ldns_pkt_tc(answer_pkt)) {
++ /* was EDNS0 set? */
++ if (ldns_pkt_edns_udp_size(query_pkt) == 0) {
++ ldns_pkt_set_edns_udp_size(query_pkt
++ , 4096);
++ ldns_pkt_free(answer_pkt);
++ answer_pkt = NULL;
++ /* Nameservers should not become
++ * unreachable because fragments are
++ * dropped (network error). We might
++ * still have success with TCP.
++ * Therefore maintain reachability
++ * statuses of the nameservers by
++ * backup and restore the rtt list.
++ */
++ rtt = ldns_resolver_backup_rtt(r);
++ stat = ldns_send(&answer_pkt, r
++ , query_pkt);
++ ldns_resolver_restore_rtt(r, rtt);
++ }
++ /* either way, if it is still truncated, use TCP */
++ if (stat != LDNS_STATUS_OK ||
++ ldns_pkt_tc(answer_pkt)) {
++ ldns_resolver_set_usevc(r, true);
++ ldns_pkt_free(answer_pkt);
++ stat = ldns_send(&answer_pkt, r, query_pkt);
++ ldns_resolver_set_usevc(r, false);
++ }
++ }
++ }
++ }
++
++ if (answer) {
++ *answer = answer_pkt;
++ }
++
++ return stat;
++}
++
++ldns_status
++ldns_resolver_prepare_query_pkt(ldns_pkt **query_pkt, ldns_resolver *r,
++ const ldns_rdf *name, ldns_rr_type t,
++ ldns_rr_class c, uint16_t flags)
++{
++ struct timeval now;
++ ldns_rr* soa = NULL;
++
++ /* prepare a question pkt from the parameters
++ * and then send this */
++ if (t == LDNS_RR_TYPE_IXFR) {
++ ldns_rdf *owner_rdf;
++ ldns_rdf *mname_rdf;
++ ldns_rdf *rname_rdf;
++ ldns_rdf *serial_rdf;
++ ldns_rdf *refresh_rdf;
++ ldns_rdf *retry_rdf;
++ ldns_rdf *expire_rdf;
++ ldns_rdf *minimum_rdf;
++ soa = ldns_rr_new();
++
++ if (!soa) {
++ return LDNS_STATUS_ERR;
++ }
++ owner_rdf = ldns_rdf_clone(name);
++ if (!owner_rdf) {
++ ldns_rr_free(soa);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_rr_set_owner(soa, owner_rdf);
++ ldns_rr_set_type(soa, LDNS_RR_TYPE_SOA);
++ ldns_rr_set_class(soa, c);
++ ldns_rr_set_question(soa, false);
++ if (ldns_str2rdf_dname(&mname_rdf, ".") != LDNS_STATUS_OK) {
++ ldns_rr_free(soa);
++ return LDNS_STATUS_ERR;
++ } else ldns_rr_push_rdf(soa, mname_rdf);
++ if (ldns_str2rdf_dname(&rname_rdf, ".") != LDNS_STATUS_OK) {
++ ldns_rr_free(soa);
++ return LDNS_STATUS_ERR;
++ } else ldns_rr_push_rdf(soa, rname_rdf);
++ serial_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, ldns_resolver_get_ixfr_serial(r));
++ if (!serial_rdf) {
++ ldns_rr_free(soa);
++ return LDNS_STATUS_ERR;
++ } else ldns_rr_push_rdf(soa, serial_rdf);
++ refresh_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
++ if (!refresh_rdf) {
++ ldns_rr_free(soa);
++ return LDNS_STATUS_ERR;
++ } else ldns_rr_push_rdf(soa, refresh_rdf);
++ retry_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
++ if (!retry_rdf) {
++ ldns_rr_free(soa);
++ return LDNS_STATUS_ERR;
++ } else ldns_rr_push_rdf(soa, retry_rdf);
++ expire_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
++ if (!expire_rdf) {
++ ldns_rr_free(soa);
++ return LDNS_STATUS_ERR;
++ } else ldns_rr_push_rdf(soa, expire_rdf);
++ minimum_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
++ if (!minimum_rdf) {
++ ldns_rr_free(soa);
++ return LDNS_STATUS_ERR;
++ } else ldns_rr_push_rdf(soa, minimum_rdf);
++
++ *query_pkt = ldns_pkt_ixfr_request_new(ldns_rdf_clone(name),
++ c, flags, soa);
++ } else {
++ *query_pkt = ldns_pkt_query_new(ldns_rdf_clone(name), t, c, flags);
++ }
++ if (!*query_pkt) {
++ ldns_rr_free(soa);
++ return LDNS_STATUS_ERR;
++ }
++
++ /* set DO bit if necessary */
++ if (ldns_resolver_dnssec(r)) {
++ if (ldns_resolver_edns_udp_size(r) == 0) {
++ ldns_resolver_set_edns_udp_size(r, 4096);
++ }
++ ldns_pkt_set_edns_do(*query_pkt, true);
++ if (ldns_resolver_dnssec_cd(r) || (flags & LDNS_CD)) {
++ ldns_pkt_set_cd(*query_pkt, true);
++ }
++ }
++
++ /* transfer the udp_edns_size from the resolver to the packet */
++ if (ldns_resolver_edns_udp_size(r) != 0) {
++ ldns_pkt_set_edns_udp_size(*query_pkt, ldns_resolver_edns_udp_size(r));
++ }
++
++ /* set the timestamp */
++ now.tv_sec = time(NULL);
++ now.tv_usec = 0;
++ ldns_pkt_set_timestamp(*query_pkt, now);
++
++
++ if (ldns_resolver_debug(r)) {
++ ldns_pkt_print(stdout, *query_pkt);
++ }
++
++ /* only set the id if it is not set yet */
++ if (ldns_pkt_id(*query_pkt) == 0) {
++ ldns_pkt_set_random_id(*query_pkt);
++ }
++
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name,
++ ldns_rr_type t, ldns_rr_class c, uint16_t flags)
++{
++ ldns_pkt *query_pkt;
++ ldns_pkt *answer_pkt;
++ ldns_status status;
++
++ assert(r != NULL);
++ assert(name != NULL);
++
++ answer_pkt = NULL;
++
++ /* do all the preprocessing here, then fire of an query to
++ * the network */
++
++ if (0 == t) {
++ t= LDNS_RR_TYPE_A;
++ }
++ if (0 == c) {
++ c= LDNS_RR_CLASS_IN;
++ }
++ if (0 == ldns_resolver_nameserver_count(r)) {
++ return LDNS_STATUS_RES_NO_NS;
++ }
++ if (ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) {
++ return LDNS_STATUS_RES_QUERY;
++ }
++
++ status = ldns_resolver_prepare_query_pkt(&query_pkt, r, name,
++ t, c, flags);
++ if (status != LDNS_STATUS_OK) {
++ return status;
++ }
++
++ /* if tsig values are set, tsign it */
++ /* TODO: make last 3 arguments optional too? maybe make complete
++ rr instead of separate values in resolver (and packet)
++ Jelte
++ should this go in pkt_prepare?
++ */
++ if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) {
++#ifdef HAVE_SSL
++ status = ldns_pkt_tsig_sign(query_pkt,
++ ldns_resolver_tsig_keyname(r),
++ ldns_resolver_tsig_keydata(r),
++ 300, ldns_resolver_tsig_algorithm(r), NULL);
++ if (status != LDNS_STATUS_OK) {
++ ldns_pkt_free(query_pkt);
++ return LDNS_STATUS_CRYPTO_TSIG_ERR;
++ }
++#else
++ ldns_pkt_free(query_pkt);
++ return LDNS_STATUS_CRYPTO_TSIG_ERR;
++#endif /* HAVE_SSL */
++ }
++
++ status = ldns_resolver_send_pkt(&answer_pkt, r, query_pkt);
++ ldns_pkt_free(query_pkt);
++
++ /* allows answer to be NULL when not interested in return value */
++ if (answer) {
++ *answer = answer_pkt;
++ }
++ return status;
++}
++
++ldns_rr *
++ldns_axfr_next(ldns_resolver *resolver)
++{
++ ldns_rr *cur_rr;
++ uint8_t *packet_wire;
++ size_t packet_wire_size;
++ ldns_status status;
++
++ /* check if start() has been called */
++ if (!resolver || resolver->_socket == 0) {
++ return NULL;
++ }
++
++ if (resolver->_cur_axfr_pkt) {
++ if (resolver->_axfr_i == ldns_pkt_ancount(resolver->_cur_axfr_pkt)) {
++ ldns_pkt_free(resolver->_cur_axfr_pkt);
++ resolver->_cur_axfr_pkt = NULL;
++ return ldns_axfr_next(resolver);
++ }
++ cur_rr = ldns_rr_clone(ldns_rr_list_rr(
++ ldns_pkt_answer(resolver->_cur_axfr_pkt),
++ resolver->_axfr_i));
++ resolver->_axfr_i++;
++ if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SOA) {
++ resolver->_axfr_soa_count++;
++ if (resolver->_axfr_soa_count >= 2) {
++#ifndef USE_WINSOCK
++ close(resolver->_socket);
++#else
++ closesocket(resolver->_socket);
++#endif
++ resolver->_socket = 0;
++ ldns_pkt_free(resolver->_cur_axfr_pkt);
++ resolver->_cur_axfr_pkt = NULL;
++ }
++ }
++ return cur_rr;
++ } else {
++ packet_wire = ldns_tcp_read_wire_timeout(resolver->_socket, &packet_wire_size, resolver->_timeout);
++ if(!packet_wire)
++ return NULL;
++
++ status = ldns_wire2pkt(&resolver->_cur_axfr_pkt, packet_wire,
++ packet_wire_size);
++ LDNS_FREE(packet_wire);
++
++ resolver->_axfr_i = 0;
++ if (status != LDNS_STATUS_OK) {
++ /* TODO: make status return type of this function (...api change) */
++#ifdef STDERR_MSGS
++ fprintf(stderr, "Error parsing rr during AXFR: %s\n", ldns_get_errorstr_by_id(status));
++#endif
++
++ /* we must now also close the socket, otherwise subsequent uses of the
++ same resolver structure will fail because the link is still open or
++ in an undefined state */
++#ifndef USE_WINSOCK
++ close(resolver->_socket);
++#else
++ closesocket(resolver->_socket);
++#endif
++ resolver->_socket = 0;
++
++ return NULL;
++ } else if (ldns_pkt_get_rcode(resolver->_cur_axfr_pkt) != 0) {
++#ifdef STDERR_MSGS
++ ldns_lookup_table *rcode = ldns_lookup_by_id(
++ ldns_rcodes,(int) ldns_pkt_get_rcode(
++ resolver->_cur_axfr_pkt));
++ if (rcode) {
++ fprintf(stderr, "Error in AXFR: %s\n",
++ rcode->name);
++ } else {
++ fprintf(stderr, "Error in AXFR: %d\n",
++ (int) ldns_pkt_get_rcode(
++ resolver->_cur_axfr_pkt));
++ }
++#endif
++
++ /* we must now also close the socket, otherwise subsequent uses of the
++ same resolver structure will fail because the link is still open or
++ in an undefined state */
++#ifndef USE_WINSOCK
++ close(resolver->_socket);
++#else
++ closesocket(resolver->_socket);
++#endif
++ resolver->_socket = 0;
++
++ return NULL;
++ } else {
++ return ldns_axfr_next(resolver);
++ }
++
++ }
++
++}
++
++/* this function is needed to abort a transfer that is in progress;
++ * without it an aborted transfer will lead to the AXFR code in the
++ * library staying in an indetermined state because the socket for the
++ * AXFR is never closed
++ */
++void
++ldns_axfr_abort(ldns_resolver *resolver)
++{
++ /* Only abort if an actual AXFR is in progress */
++ if (resolver->_socket != 0)
++ {
++#ifndef USE_WINSOCK
++ close(resolver->_socket);
++#else
++ closesocket(resolver->_socket);
++#endif
++ resolver->_socket = 0;
++ }
++}
++
++bool
++ldns_axfr_complete(const ldns_resolver *res)
++{
++ /* complete when soa count is 2? */
++ return res->_axfr_soa_count == 2;
++}
++
++ldns_pkt *
++ldns_axfr_last_pkt(const ldns_resolver *res)
++{
++ return res->_cur_axfr_pkt;
++}
++
++void
++ldns_resolver_set_ixfr_serial(ldns_resolver *r, uint32_t serial)
++{
++ r->_serial = serial;
++}
++
++uint32_t
++ldns_resolver_get_ixfr_serial(const ldns_resolver *res)
++{
++ return res->_serial;
++}
++
++
++/* random isn't really that good */
++void
++ldns_resolver_nameservers_randomize(ldns_resolver *r)
++{
++ uint16_t i, j;
++ ldns_rdf **ns, *tmpns;
++ size_t *rtt, tmprtt;
++
++ /* should I check for ldns_resolver_random?? */
++ assert(r != NULL);
++
++ ns = ldns_resolver_nameservers(r);
++ rtt = ldns_resolver_rtt(r);
++ for (i = 0; i < ldns_resolver_nameserver_count(r); i++) {
++ j = ldns_get_random() % ldns_resolver_nameserver_count(r);
++ tmpns = ns[i];
++ ns[i] = ns[j];
++ ns[j] = tmpns;
++ tmprtt = rtt[i];
++ rtt[i] = rtt[j];
++ rtt[j] = tmprtt;
++ }
++ ldns_resolver_set_nameservers(r, ns);
++}
++
+diff --git a/ldns/src/rr.c b/ldns/src/rr.c
+new file mode 100644
+index 0000000..e52ea80
+--- /dev/null
++++ b/ldns/src/rr.c
+@@ -0,0 +1,2705 @@
++/* rr.c
++ *
++ * access functions for ldns_rr -
++ * a Net::DNS like library for C
++ * LibDNS Team @ NLnet Labs
++ *
++ * (c) NLnet Labs, 2004-2006
++ * See the file LICENSE for the license
++ */
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#include <strings.h>
++#include <limits.h>
++
++#include <errno.h>
++
++#define LDNS_SYNTAX_DATALEN 16
++#define LDNS_TTL_DATALEN 21
++#define LDNS_RRLIST_INIT 8
++
++ldns_rr *
++ldns_rr_new(void)
++{
++ ldns_rr *rr;
++ rr = LDNS_MALLOC(ldns_rr);
++ if (!rr) {
++ return NULL;
++ }
++
++ ldns_rr_set_owner(rr, NULL);
++ ldns_rr_set_question(rr, false);
++ ldns_rr_set_rd_count(rr, 0);
++ rr->_rdata_fields = NULL;
++ ldns_rr_set_class(rr, LDNS_RR_CLASS_IN);
++ ldns_rr_set_ttl(rr, LDNS_DEFAULT_TTL);
++ return rr;
++}
++
++ldns_rr *
++ldns_rr_new_frm_type(ldns_rr_type t)
++{
++ ldns_rr *rr;
++ const ldns_rr_descriptor *desc;
++ size_t i;
++
++ rr = LDNS_MALLOC(ldns_rr);
++ if (!rr) {
++ return NULL;
++ }
++
++ desc = ldns_rr_descript(t);
++
++ rr->_rdata_fields = LDNS_XMALLOC(ldns_rdf *, ldns_rr_descriptor_minimum(desc));
++ if(!rr->_rdata_fields) {
++ LDNS_FREE(rr);
++ return NULL;
++ }
++ for (i = 0; i < ldns_rr_descriptor_minimum(desc); i++) {
++ rr->_rdata_fields[i] = NULL;
++ }
++
++ ldns_rr_set_owner(rr, NULL);
++ ldns_rr_set_question(rr, false);
++ /* set the count to minimum */
++ ldns_rr_set_rd_count(rr, ldns_rr_descriptor_minimum(desc));
++ ldns_rr_set_class(rr, LDNS_RR_CLASS_IN);
++ ldns_rr_set_ttl(rr, LDNS_DEFAULT_TTL);
++ ldns_rr_set_type(rr, t);
++ return rr;
++}
++
++void
++ldns_rr_free(ldns_rr *rr)
++{
++ size_t i;
++ if (rr) {
++ if (ldns_rr_owner(rr)) {
++ ldns_rdf_deep_free(ldns_rr_owner(rr));
++ }
++ for (i = 0; i < ldns_rr_rd_count(rr); i++) {
++ ldns_rdf_deep_free(ldns_rr_rdf(rr, i));
++ }
++ LDNS_FREE(rr->_rdata_fields);
++ LDNS_FREE(rr);
++ }
++}
++
++/* Syntactic sugar for ldns_rr_new_frm_str_internal */
++INLINE bool
++ldns_rdf_type_maybe_quoted(ldns_rdf_type rdf_type)
++{
++ return rdf_type == LDNS_RDF_TYPE_STR ||
++ rdf_type == LDNS_RDF_TYPE_LONG_STR;
++}
++
++/*
++ * trailing spaces are allowed
++ * leading spaces are not allowed
++ * allow ttl to be optional
++ * class is optional too
++ * if ttl is missing, and default_ttl is 0, use DEF_TTL
++ * allow ttl to be written as 1d3h
++ * So the RR should look like. e.g.
++ * miek.nl. 3600 IN MX 10 elektron.atoom.net
++ * or
++ * miek.nl. 1h IN MX 10 elektron.atoom.net
++ * or
++ * miek.nl. IN MX 10 elektron.atoom.net
++ */
++static ldns_status
++ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
++ uint32_t default_ttl, ldns_rdf *origin,
++ ldns_rdf **prev, bool question)
++{
++ ldns_rr *new;
++ const ldns_rr_descriptor *desc;
++ ldns_rr_type rr_type;
++ ldns_buffer *rr_buf = NULL;
++ ldns_buffer *rd_buf = NULL;
++ uint32_t ttl_val;
++ char *owner = NULL;
++ char *ttl = NULL;
++ ldns_rr_class clas_val;
++ char *clas = NULL;
++ char *type = NULL;
++ char *rdata = NULL;
++ char *rd = NULL;
++ char *xtok = NULL; /* For RDF types with spaces (i.e. extra tokens) */
++ size_t rd_strlen;
++ const char *delimiters;
++ ssize_t c;
++ ldns_rdf *owner_dname;
++ const char* endptr;
++ int was_unknown_rr_format = 0;
++ ldns_status status = LDNS_STATUS_OK;
++
++ /* used for types with unknown number of rdatas */
++ bool done;
++ bool quoted;
++
++ ldns_rdf *r = NULL;
++ uint16_t r_cnt;
++ uint16_t r_min;
++ uint16_t r_max;
++ size_t pre_data_pos;
++
++ uint16_t hex_data_size;
++ char *hex_data_str = NULL;
++ uint16_t cur_hex_data_size;
++ size_t hex_pos = 0;
++ uint8_t *hex_data = NULL;
++
++ new = ldns_rr_new();
++
++ owner = LDNS_XMALLOC(char, LDNS_MAX_DOMAINLEN + 1);
++ ttl = LDNS_XMALLOC(char, LDNS_TTL_DATALEN);
++ clas = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN);
++ rdata = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN + 1);
++ rr_buf = LDNS_MALLOC(ldns_buffer);
++ rd_buf = LDNS_MALLOC(ldns_buffer);
++ rd = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN);
++ xtok = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN);
++ if (rr_buf) {
++ rr_buf->_data = NULL;
++ }
++ if (rd_buf) {
++ rd_buf->_data = NULL;
++ }
++ if (!new || !owner || !ttl || !clas || !rdata ||
++ !rr_buf || !rd_buf || !rd || !xtok) {
++
++ goto memerror;
++ }
++
++ ldns_buffer_new_frm_data(rr_buf, (char*)str, strlen(str));
++
++ /* split the rr in its parts -1 signals trouble */
++ if (ldns_bget_token(rr_buf, owner, "\t\n ", LDNS_MAX_DOMAINLEN) == -1){
++
++ status = LDNS_STATUS_SYNTAX_ERR;
++ goto error;
++ }
++
++ if (ldns_bget_token(rr_buf, ttl, "\t\n ", LDNS_TTL_DATALEN) == -1) {
++
++ status = LDNS_STATUS_SYNTAX_TTL_ERR;
++ goto error;
++ }
++ ttl_val = (uint32_t) ldns_str2period(ttl, &endptr);
++
++ if (strlen(ttl) > 0 && !isdigit((int) ttl[0])) {
++ /* ah, it's not there or something */
++ if (default_ttl == 0) {
++ ttl_val = LDNS_DEFAULT_TTL;
++ } else {
++ ttl_val = default_ttl;
++ }
++ /* we not ASSUMING the TTL is missing and that
++ * the rest of the RR is still there. That is
++ * CLASS TYPE RDATA
++ * so ttl value we read is actually the class
++ */
++ clas_val = ldns_get_rr_class_by_name(ttl);
++ /* class can be left out too, assume IN, current
++ * token must be type
++ */
++ if (clas_val == 0) {
++ clas_val = LDNS_RR_CLASS_IN;
++ type = LDNS_XMALLOC(char, strlen(ttl) + 1);
++ if (!type) {
++ goto memerror;
++ }
++ strncpy(type, ttl, strlen(ttl) + 1);
++ }
++ } else {
++ if (-1 == ldns_bget_token(
++ rr_buf, clas, "\t\n ", LDNS_SYNTAX_DATALEN)) {
++
++ status = LDNS_STATUS_SYNTAX_CLASS_ERR;
++ goto error;
++ }
++ clas_val = ldns_get_rr_class_by_name(clas);
++ /* class can be left out too, assume IN, current
++ * token must be type
++ */
++ if (clas_val == 0) {
++ clas_val = LDNS_RR_CLASS_IN;
++ type = LDNS_XMALLOC(char, strlen(clas) + 1);
++ if (!type) {
++ goto memerror;
++ }
++ strncpy(type, clas, strlen(clas) + 1);
++ }
++ }
++ /* the rest should still be waiting for us */
++
++ if (!type) {
++ type = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN);
++ if (!type) {
++ goto memerror;
++ }
++ if (-1 == ldns_bget_token(
++ rr_buf, type, "\t\n ", LDNS_SYNTAX_DATALEN)) {
++
++ status = LDNS_STATUS_SYNTAX_TYPE_ERR;
++ goto error;
++ }
++ }
++
++ if (ldns_bget_token(rr_buf, rdata, "\0", LDNS_MAX_PACKETLEN) == -1) {
++ /* apparently we are done, and it's only a question RR
++ * so do not set status and go to ldnserror here
++ */
++ }
++ ldns_buffer_new_frm_data(rd_buf, rdata, strlen(rdata));
++
++ if (strlen(owner) <= 1 && strncmp(owner, "@", 1) == 0) {
++ if (origin) {
++ ldns_rr_set_owner(new, ldns_rdf_clone(origin));
++ } else if (prev && *prev) {
++ ldns_rr_set_owner(new, ldns_rdf_clone(*prev));
++ } else {
++ /* default to root */
++ ldns_rr_set_owner(new, ldns_dname_new_frm_str("."));
++ }
++
++ /* @ also overrides prev */
++ if (prev) {
++ ldns_rdf_deep_free(*prev);
++ *prev = ldns_rdf_clone(ldns_rr_owner(new));
++ if (!*prev) {
++ goto memerror;
++ }
++ }
++ } else {
++ if (strlen(owner) == 0) {
++ /* no ownername was given, try prev, if that fails
++ * origin, else default to root */
++ if (prev && *prev) {
++ ldns_rr_set_owner(new, ldns_rdf_clone(*prev));
++ } else if (origin) {
++ ldns_rr_set_owner(new, ldns_rdf_clone(origin));
++ } else {
++ ldns_rr_set_owner(new,
++ ldns_dname_new_frm_str("."));
++ }
++ if(!ldns_rr_owner(new)) {
++ goto memerror;
++ }
++ } else {
++ owner_dname = ldns_dname_new_frm_str(owner);
++ if (!owner_dname) {
++ status = LDNS_STATUS_SYNTAX_ERR;
++ goto error;
++ }
++
++ ldns_rr_set_owner(new, owner_dname);
++ if (!ldns_dname_str_absolute(owner) && origin) {
++ if(ldns_dname_cat(ldns_rr_owner(new), origin)
++ != LDNS_STATUS_OK) {
++
++ status = LDNS_STATUS_SYNTAX_ERR;
++ goto error;
++ }
++ }
++ if (prev) {
++ ldns_rdf_deep_free(*prev);
++ *prev = ldns_rdf_clone(ldns_rr_owner(new));
++ if (!*prev) {
++ goto error;
++ }
++ }
++ }
++ }
++ LDNS_FREE(owner);
++
++ ldns_rr_set_question(new, question);
++
++ ldns_rr_set_ttl(new, ttl_val);
++ LDNS_FREE(ttl);
++
++ ldns_rr_set_class(new, clas_val);
++ LDNS_FREE(clas);
++
++ rr_type = ldns_get_rr_type_by_name(type);
++ LDNS_FREE(type);
++
++ desc = ldns_rr_descript((uint16_t)rr_type);
++ ldns_rr_set_type(new, rr_type);
++ if (desc) {
++ /* only the rdata remains */
++ r_max = ldns_rr_descriptor_maximum(desc);
++ r_min = ldns_rr_descriptor_minimum(desc);
++ } else {
++ r_min = 0;
++ r_max = 1;
++ }
++
++ for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) {
++ quoted = false;
++
++ switch (ldns_rr_descriptor_field_type(desc, r_cnt)) {
++ case LDNS_RDF_TYPE_B64 :
++ case LDNS_RDF_TYPE_HEX : /* These rdf types may con- */
++ case LDNS_RDF_TYPE_LOC : /* tain whitespace, only if */
++ case LDNS_RDF_TYPE_WKS : /* it is the last rd field. */
++ case LDNS_RDF_TYPE_IPSECKEY :
++ case LDNS_RDF_TYPE_NSEC : if (r_cnt == r_max - 1) {
++ delimiters = "\n";
++ break;
++ }
++ default : delimiters = "\n\t ";
++ }
++
++ if (ldns_rdf_type_maybe_quoted(
++ ldns_rr_descriptor_field_type(
++ desc, r_cnt)) &&
++ ldns_buffer_remaining(rd_buf) > 0){
++
++ /* skip spaces */
++ while (*(ldns_buffer_current(rd_buf)) == ' ') {
++ ldns_buffer_skip(rd_buf, 1);
++ }
++
++ if (*(ldns_buffer_current(rd_buf)) == '\"') {
++ delimiters = "\"\0";
++ ldns_buffer_skip(rd_buf, 1);
++ quoted = true;
++ }
++ }
++
++ /* because number of fields can be variable, we can't rely on
++ * _maximum() only
++ */
++
++ /* skip spaces */
++ while (ldns_buffer_position(rd_buf) < ldns_buffer_limit(rd_buf)
++ && *(ldns_buffer_current(rd_buf)) == ' '
++ && !quoted) {
++
++ ldns_buffer_skip(rd_buf, 1);
++ }
++
++ pre_data_pos = ldns_buffer_position(rd_buf);
++ if (-1 == (c = ldns_bget_token(
++ rd_buf, rd, delimiters, LDNS_MAX_RDFLEN))) {
++
++ done = true;
++ break;
++ }
++ /* hmmz, rfc3597 specifies that any type can be represented
++ * with \# method, which can contain spaces...
++ * it does specify size though...
++ */
++ rd_strlen = strlen(rd);
++
++ /* unknown RR data */
++ if (strncmp(rd, "\\#", 2) == 0 && !quoted &&
++ (rd_strlen == 2 || rd[2]==' ')) {
++
++ was_unknown_rr_format = 1;
++ /* go back to before \#
++ * and skip it while setting delimiters better
++ */
++ ldns_buffer_set_position(rd_buf, pre_data_pos);
++ delimiters = "\n\t ";
++ (void)ldns_bget_token(rd_buf, rd,
++ delimiters, LDNS_MAX_RDFLEN);
++ /* read rdata octet length */
++ c = ldns_bget_token(rd_buf, rd,
++ delimiters, LDNS_MAX_RDFLEN);
++ if (c == -1) {
++ /* something goes very wrong here */
++ status = LDNS_STATUS_SYNTAX_RDATA_ERR;
++ goto error;
++ }
++ hex_data_size = (uint16_t) atoi(rd);
++ /* copy hex chars into hex str (2 chars per byte) */
++ hex_data_str = LDNS_XMALLOC(char, 2*hex_data_size + 1);
++ if (!hex_data_str) {
++ /* malloc error */
++ goto memerror;
++ }
++ cur_hex_data_size = 0;
++ while(cur_hex_data_size < 2 * hex_data_size) {
++ c = ldns_bget_token(rd_buf, rd,
++ delimiters, LDNS_MAX_RDFLEN);
++ if (c != -1) {
++ rd_strlen = strlen(rd);
++ }
++ if (c == -1 ||
++ (size_t)cur_hex_data_size + rd_strlen >
++ 2 * (size_t)hex_data_size) {
++
++ status = LDNS_STATUS_SYNTAX_RDATA_ERR;
++ goto error;
++ }
++ strncpy(hex_data_str + cur_hex_data_size, rd,
++ rd_strlen);
++
++ cur_hex_data_size += rd_strlen;
++ }
++ hex_data_str[cur_hex_data_size] = '\0';
++
++ /* correct the rdf type */
++ /* if *we* know the type, interpret it as wireformat */
++ if (desc) {
++ hex_pos = 0;
++ hex_data =
++ LDNS_XMALLOC(uint8_t, hex_data_size+2);
++
++ if (!hex_data) {
++ goto memerror;
++ }
++ ldns_write_uint16(hex_data, hex_data_size);
++ ldns_hexstring_to_data(
++ hex_data + 2, hex_data_str);
++ status = ldns_wire2rdf(new, hex_data,
++ hex_data_size + 2, &hex_pos);
++ if (status != LDNS_STATUS_OK) {
++ goto error;
++ }
++ LDNS_FREE(hex_data);
++ } else {
++ r = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_HEX,
++ hex_data_str);
++ if (!r) {
++ goto memerror;
++ }
++ ldns_rdf_set_type(r, LDNS_RDF_TYPE_UNKNOWN);
++ if (!ldns_rr_push_rdf(new, r)) {
++ goto memerror;
++ }
++ }
++ LDNS_FREE(hex_data_str);
++
++ } else if(rd_strlen > 0 || quoted) {
++ /* Normal RR */
++ switch(ldns_rr_descriptor_field_type(desc, r_cnt)) {
++
++ case LDNS_RDF_TYPE_HEX:
++ case LDNS_RDF_TYPE_B64:
++ /* When this is the last rdata field, then the
++ * rest should be read in (cause then these
++ * rdf types may contain spaces).
++ */
++ if (r_cnt == r_max - 1) {
++ c = ldns_bget_token(rd_buf, xtok,
++ "\n", LDNS_MAX_RDFLEN);
++ if (c != -1) {
++ (void) strncat(rd, xtok,
++ LDNS_MAX_RDFLEN -
++ strlen(rd) - 1);
++ }
++ }
++ r = ldns_rdf_new_frm_str(
++ ldns_rr_descriptor_field_type(
++ desc, r_cnt), rd);
++ break;
++
++ case LDNS_RDF_TYPE_HIP:
++ /*
++ * In presentation format this RDATA type has
++ * three tokens: An algorithm byte, then a
++ * variable length HIT (in hexbytes) and then
++ * a variable length Public Key (in base64).
++ *
++ * We have just read the algorithm, so we need
++ * two more tokens: HIT and Public Key.
++ */
++ do {
++ /* Read and append HIT */
++ if (ldns_bget_token(rd_buf,
++ xtok, delimiters,
++ LDNS_MAX_RDFLEN) == -1)
++ break;
++
++ (void) strncat(rd, " ",
++ LDNS_MAX_RDFLEN -
++ strlen(rd) - 1);
++ (void) strncat(rd, xtok,
++ LDNS_MAX_RDFLEN -
++ strlen(rd) - 1);
++
++ /* Read and append Public Key*/
++ if (ldns_bget_token(rd_buf,
++ xtok, delimiters,
++ LDNS_MAX_RDFLEN) == -1)
++ break;
++
++ (void) strncat(rd, " ",
++ LDNS_MAX_RDFLEN -
++ strlen(rd) - 1);
++ (void) strncat(rd, xtok,
++ LDNS_MAX_RDFLEN -
++ strlen(rd) - 1);
++ } while (false);
++
++ r = ldns_rdf_new_frm_str(
++ ldns_rr_descriptor_field_type(
++ desc, r_cnt), rd);
++ break;
++
++ case LDNS_RDF_TYPE_DNAME:
++ r = ldns_rdf_new_frm_str(
++ ldns_rr_descriptor_field_type(
++ desc, r_cnt), rd);
++
++ /* check if the origin should be used
++ * or concatenated
++ */
++ if (r && ldns_rdf_size(r) > 1 &&
++ ldns_rdf_data(r)[0] == 1 &&
++ ldns_rdf_data(r)[1] == '@') {
++
++ ldns_rdf_deep_free(r);
++
++ r = origin ? ldns_rdf_clone(origin)
++
++ : ( rr_type == LDNS_RR_TYPE_SOA ?
++
++ ldns_rdf_clone(
++ ldns_rr_owner(new))
++
++ : ldns_rdf_new_frm_str(
++ LDNS_RDF_TYPE_DNAME, ".")
++ );
++
++ } else if (r && rd_strlen >= 1 && origin &&
++ !ldns_dname_str_absolute(rd)) {
++
++ status = ldns_dname_cat(r, origin);
++ if (status != LDNS_STATUS_OK) {
++ goto error;
++ }
++ }
++ break;
++ default:
++ r = ldns_rdf_new_frm_str(
++ ldns_rr_descriptor_field_type(
++ desc, r_cnt), rd);
++ break;
++ }
++ if (!r) {
++ status = LDNS_STATUS_SYNTAX_RDATA_ERR;
++ goto error;
++ }
++ ldns_rr_push_rdf(new, r);
++ }
++ if (quoted) {
++ if (ldns_buffer_available(rd_buf, 1)) {
++ ldns_buffer_skip(rd_buf, 1);
++ } else {
++ done = true;
++ }
++ }
++
++ } /* for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) */
++ LDNS_FREE(rd);
++ LDNS_FREE(xtok);
++ ldns_buffer_free(rd_buf);
++ ldns_buffer_free(rr_buf);
++ LDNS_FREE(rdata);
++
++ if (!question && desc && !was_unknown_rr_format &&
++ ldns_rr_rd_count(new) < r_min) {
++
++ ldns_rr_free(new);
++ return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
++ }
++
++ if (newrr) {
++ *newrr = new;
++ } else {
++ /* Maybe the caller just wanted to see if it would parse? */
++ ldns_rr_free(new);
++ }
++ return LDNS_STATUS_OK;
++
++memerror:
++ status = LDNS_STATUS_MEM_ERR;
++error:
++ if (rd_buf && rd_buf->_data) {
++ ldns_buffer_free(rd_buf);
++ } else {
++ LDNS_FREE(rd_buf);
++ }
++ if (rr_buf && rr_buf->_data) {
++ ldns_buffer_free(rr_buf);
++ } else {
++ LDNS_FREE(rr_buf);
++ }
++ LDNS_FREE(type);
++ LDNS_FREE(owner);
++ LDNS_FREE(ttl);
++ LDNS_FREE(clas);
++ LDNS_FREE(hex_data);
++ LDNS_FREE(hex_data_str);
++ LDNS_FREE(xtok);
++ LDNS_FREE(rd);
++ LDNS_FREE(rdata);
++ ldns_rr_free(new);
++ return status;
++}
++
++ldns_status
++ldns_rr_new_frm_str(ldns_rr **newrr, const char *str,
++ uint32_t default_ttl, ldns_rdf *origin,
++ ldns_rdf **prev)
++{
++ return ldns_rr_new_frm_str_internal(newrr,
++ str,
++ default_ttl,
++ origin,
++ prev,
++ false);
++}
++
++ldns_status
++ldns_rr_new_question_frm_str(ldns_rr **newrr, const char *str,
++ ldns_rdf *origin, ldns_rdf **prev)
++{
++ return ldns_rr_new_frm_str_internal(newrr,
++ str,
++ 0,
++ origin,
++ prev,
++ true);
++}
++
++/* Strip whitespace from the start and the end of <line>. */
++static char *
++ldns_strip_ws(char *line)
++{
++ char *s = line, *e;
++
++ for (s = line; *s && isspace(*s); s++)
++ ;
++
++ for (e = strchr(s, 0); e > s+2 && isspace(e[-1]) && e[-2] != '\\'; e--)
++ ;
++ *e = 0;
++
++ return s;
++}
++
++ldns_status
++ldns_rr_new_frm_fp(ldns_rr **newrr, FILE *fp, uint32_t *ttl, ldns_rdf **origin, ldns_rdf **prev)
++{
++ return ldns_rr_new_frm_fp_l(newrr, fp, ttl, origin, prev, NULL);
++}
++
++ldns_status
++ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr)
++{
++ char *line;
++ const char *endptr; /* unused */
++ ldns_rr *rr;
++ uint32_t ttl;
++ ldns_rdf *tmp;
++ ldns_status s;
++ ssize_t size;
++
++ if (default_ttl) {
++ ttl = *default_ttl;
++ } else {
++ ttl = 0;
++ }
++
++ line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
++ if (!line) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ /* read an entire line in from the file */
++ if ((size = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, LDNS_MAX_LINELEN, line_nr)) == -1) {
++ LDNS_FREE(line);
++ /* if last line was empty, we are now at feof, which is not
++ * always a parse error (happens when for instance last line
++ * was a comment)
++ */
++ return LDNS_STATUS_SYNTAX_ERR;
++ }
++
++ /* we can have the situation, where we've read ok, but still got
++ * no bytes to play with, in this case size is 0
++ */
++ if (size == 0) {
++ LDNS_FREE(line);
++ return LDNS_STATUS_SYNTAX_EMPTY;
++ }
++
++ if (strncmp(line, "$ORIGIN", 7) == 0 && isspace(line[7])) {
++ if (*origin) {
++ ldns_rdf_deep_free(*origin);
++ *origin = NULL;
++ }
++ tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
++ ldns_strip_ws(line + 8));
++ if (!tmp) {
++ /* could not parse what next to $ORIGIN */
++ LDNS_FREE(line);
++ return LDNS_STATUS_SYNTAX_DNAME_ERR;
++ }
++ *origin = tmp;
++ s = LDNS_STATUS_SYNTAX_ORIGIN;
++ } else if (strncmp(line, "$TTL", 4) == 0 && isspace(line[4])) {
++ if (default_ttl) {
++ *default_ttl = ldns_str2period(
++ ldns_strip_ws(line + 5), &endptr);
++ }
++ s = LDNS_STATUS_SYNTAX_TTL;
++ } else if (strncmp(line, "$INCLUDE", 8) == 0) {
++ s = LDNS_STATUS_SYNTAX_INCLUDE;
++ } else if (!*ldns_strip_ws(line)) {
++ LDNS_FREE(line);
++ return LDNS_STATUS_SYNTAX_EMPTY;
++ } else {
++ if (origin && *origin) {
++ s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, *origin, prev);
++ } else {
++ s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, NULL, prev);
++ }
++ }
++ LDNS_FREE(line);
++ if (s == LDNS_STATUS_OK) {
++ if (newrr) {
++ *newrr = rr;
++ } else {
++ /* Just testing if it would parse? */
++ ldns_rr_free(rr);
++ }
++ }
++ return s;
++}
++
++void
++ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
++{
++ rr->_owner = owner;
++}
++
++void
++ldns_rr_set_question(ldns_rr *rr, bool question)
++{
++ rr->_rr_question = question;
++}
++
++void
++ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl)
++{
++ rr->_ttl = ttl;
++}
++
++void
++ldns_rr_set_rd_count(ldns_rr *rr, size_t count)
++{
++ rr->_rd_count = count;
++}
++
++void
++ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type)
++{
++ rr->_rr_type = rr_type;
++}
++
++void
++ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class)
++{
++ rr->_rr_class = rr_class;
++}
++
++ldns_rdf *
++ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position)
++{
++ size_t rd_count;
++ ldns_rdf *pop;
++
++ rd_count = ldns_rr_rd_count(rr);
++ if (position < rd_count) {
++ /* dicard the old one */
++ pop = rr->_rdata_fields[position];
++ rr->_rdata_fields[position] = (ldns_rdf*)f;
++ return pop;
++ } else {
++ return NULL;
++ }
++}
++
++bool
++ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f)
++{
++ size_t rd_count;
++ ldns_rdf **rdata_fields;
++
++ rd_count = ldns_rr_rd_count(rr);
++
++ /* grow the array */
++ rdata_fields = LDNS_XREALLOC(
++ rr->_rdata_fields, ldns_rdf *, rd_count + 1);
++ if (!rdata_fields) {
++ return false;
++ }
++
++ /* add the new member */
++ rr->_rdata_fields = rdata_fields;
++ rr->_rdata_fields[rd_count] = (ldns_rdf*)f;
++
++ ldns_rr_set_rd_count(rr, rd_count + 1);
++ return true;
++}
++
++ldns_rdf *
++ldns_rr_pop_rdf(ldns_rr *rr)
++{
++ size_t rd_count;
++ ldns_rdf *pop;
++ ldns_rdf** newrd;
++
++ rd_count = ldns_rr_rd_count(rr);
++
++ if (rd_count == 0) {
++ return NULL;
++ }
++
++ pop = rr->_rdata_fields[rd_count - 1];
++
++ /* try to shrink the array */
++ if(rd_count > 1) {
++ newrd = LDNS_XREALLOC(
++ rr->_rdata_fields, ldns_rdf *, rd_count - 1);
++ if(newrd)
++ rr->_rdata_fields = newrd;
++ } else {
++ LDNS_FREE(rr->_rdata_fields);
++ }
++
++ ldns_rr_set_rd_count(rr, rd_count - 1);
++ return pop;
++}
++
++ldns_rdf *
++ldns_rr_rdf(const ldns_rr *rr, size_t nr)
++{
++ if (rr && nr < ldns_rr_rd_count(rr)) {
++ return rr->_rdata_fields[nr];
++ } else {
++ return NULL;
++ }
++}
++
++ldns_rdf *
++ldns_rr_owner(const ldns_rr *rr)
++{
++ return rr->_owner;
++}
++
++bool
++ldns_rr_is_question(const ldns_rr *rr)
++{
++ return rr->_rr_question;
++}
++
++uint32_t
++ldns_rr_ttl(const ldns_rr *rr)
++{
++ return rr->_ttl;
++}
++
++size_t
++ldns_rr_rd_count(const ldns_rr *rr)
++{
++ return rr->_rd_count;
++}
++
++ldns_rr_type
++ldns_rr_get_type(const ldns_rr *rr)
++{
++ return rr->_rr_type;
++}
++
++ldns_rr_class
++ldns_rr_get_class(const ldns_rr *rr)
++{
++ return rr->_rr_class;
++}
++
++/* rr_lists */
++
++size_t
++ldns_rr_list_rr_count(const ldns_rr_list *rr_list)
++{
++ if (rr_list) {
++ return rr_list->_rr_count;
++ } else {
++ return 0;
++ }
++}
++
++ldns_rr *
++ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count)
++{
++ ldns_rr *old;
++
++ if (count > ldns_rr_list_rr_count(rr_list)) {
++ return NULL;
++ }
++
++ old = ldns_rr_list_rr(rr_list, count);
++
++ /* overwrite old's pointer */
++ rr_list->_rrs[count] = (ldns_rr*)r;
++ return old;
++}
++
++void
++ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count)
++{
++ assert(count <= rr_list->_rr_capacity);
++ rr_list->_rr_count = count;
++}
++
++ldns_rr *
++ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr)
++{
++ if (nr < ldns_rr_list_rr_count(rr_list)) {
++ return rr_list->_rrs[nr];
++ } else {
++ return NULL;
++ }
++}
++
++ldns_rr_list *
++ldns_rr_list_new(void)
++{
++ ldns_rr_list *rr_list = LDNS_MALLOC(ldns_rr_list);
++ if(!rr_list) return NULL;
++ rr_list->_rr_count = 0;
++ rr_list->_rr_capacity = 0;
++ rr_list->_rrs = NULL;
++ return rr_list;
++}
++
++void
++ldns_rr_list_free(ldns_rr_list *rr_list)
++{
++ if (rr_list) {
++ LDNS_FREE(rr_list->_rrs);
++ LDNS_FREE(rr_list);
++ }
++}
++
++void
++ldns_rr_list_deep_free(ldns_rr_list *rr_list)
++{
++ size_t i;
++
++ if (rr_list) {
++ for (i=0; i < ldns_rr_list_rr_count(rr_list); i++) {
++ ldns_rr_free(ldns_rr_list_rr(rr_list, i));
++ }
++ LDNS_FREE(rr_list->_rrs);
++ LDNS_FREE(rr_list);
++ }
++}
++
++
++/* add right to left. So we modify *left! */
++bool
++ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right)
++{
++ size_t r_rr_count;
++ size_t i;
++
++ if (!left) {
++ return false;
++ }
++
++ if (right) {
++ r_rr_count = ldns_rr_list_rr_count(right);
++ } else {
++ r_rr_count = 0;
++ }
++
++ /* push right to left */
++ for(i = 0; i < r_rr_count; i++) {
++ ldns_rr_list_push_rr(left, ldns_rr_list_rr(right, i));
++ }
++ return true;
++}
++
++ldns_rr_list *
++ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right)
++{
++ size_t l_rr_count;
++ size_t r_rr_count;
++ size_t i;
++ ldns_rr_list *cat;
++
++ if (left) {
++ l_rr_count = ldns_rr_list_rr_count(left);
++ } else {
++ return ldns_rr_list_clone(right);
++ }
++
++ if (right) {
++ r_rr_count = ldns_rr_list_rr_count(right);
++ } else {
++ r_rr_count = 0;
++ }
++
++ cat = ldns_rr_list_new();
++
++ if (!cat) {
++ return NULL;
++ }
++
++ /* left */
++ for(i = 0; i < l_rr_count; i++) {
++ ldns_rr_list_push_rr(cat,
++ ldns_rr_clone(ldns_rr_list_rr(left, i)));
++ }
++ /* right */
++ for(i = 0; i < r_rr_count; i++) {
++ ldns_rr_list_push_rr(cat,
++ ldns_rr_clone(ldns_rr_list_rr(right, i)));
++ }
++ return cat;
++}
++
++ldns_rr_list *
++ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos)
++{
++ size_t i;
++ ldns_rr_list *subtyped;
++ ldns_rdf *list_rdf;
++
++ subtyped = ldns_rr_list_new();
++
++ for(i = 0; i < ldns_rr_list_rr_count(l); i++) {
++ list_rdf = ldns_rr_rdf(
++ ldns_rr_list_rr(l, i),
++ pos);
++ if (!list_rdf) {
++ /* pos is too large or any other error */
++ ldns_rr_list_deep_free(subtyped);
++ return NULL;
++ }
++
++ if (ldns_rdf_compare(list_rdf, r) == 0) {
++ /* a match */
++ ldns_rr_list_push_rr(subtyped,
++ ldns_rr_clone(ldns_rr_list_rr(l, i)));
++ }
++ }
++
++ if (ldns_rr_list_rr_count(subtyped) > 0) {
++ return subtyped;
++ } else {
++ ldns_rr_list_free(subtyped);
++ return NULL;
++ }
++}
++
++bool
++ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr)
++{
++ size_t rr_count;
++ size_t cap;
++
++ rr_count = ldns_rr_list_rr_count(rr_list);
++ cap = rr_list->_rr_capacity;
++
++ /* grow the array */
++ if(rr_count+1 > cap) {
++ ldns_rr **rrs;
++
++ if(cap == 0)
++ cap = LDNS_RRLIST_INIT; /* initial list size */
++ else cap *= 2;
++ rrs = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap);
++ if (!rrs) {
++ return false;
++ }
++ rr_list->_rrs = rrs;
++ rr_list->_rr_capacity = cap;
++ }
++
++ /* add the new member */
++ rr_list->_rrs[rr_count] = (ldns_rr*)rr;
++
++ ldns_rr_list_set_rr_count(rr_list, rr_count + 1);
++ return true;
++}
++
++bool
++ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list)
++{
++ size_t i;
++
++ for(i = 0; i < ldns_rr_list_rr_count(push_list); i++) {
++ if (!ldns_rr_list_push_rr(rr_list,
++ ldns_rr_list_rr(push_list, i))) {
++ return false;
++ }
++ }
++ return true;
++}
++
++ldns_rr *
++ldns_rr_list_pop_rr(ldns_rr_list *rr_list)
++{
++ size_t rr_count;
++ size_t cap;
++ ldns_rr *pop;
++
++ rr_count = ldns_rr_list_rr_count(rr_list);
++
++ if (rr_count == 0) {
++ return NULL;
++ }
++
++ cap = rr_list->_rr_capacity;
++ pop = ldns_rr_list_rr(rr_list, rr_count - 1);
++
++ /* shrink the array */
++ if(cap > LDNS_RRLIST_INIT && rr_count-1 <= cap/2) {
++ ldns_rr** a;
++ cap /= 2;
++ a = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap);
++ if(a) {
++ rr_list->_rrs = a;
++ rr_list->_rr_capacity = cap;
++ }
++ }
++
++ ldns_rr_list_set_rr_count(rr_list, rr_count - 1);
++
++ return pop;
++}
++
++ldns_rr_list *
++ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t howmany)
++{
++ /* pop a number of rr's and put them in a rr_list */
++ ldns_rr_list *popped;
++ ldns_rr *p;
++ size_t i = howmany;
++
++ popped = ldns_rr_list_new();
++
++ if (!popped) {
++ return NULL;
++ }
++
++
++ while(i > 0 &&
++ (p = ldns_rr_list_pop_rr(rr_list)) != NULL) {
++ ldns_rr_list_push_rr(popped, p);
++ i--;
++ }
++
++ if (i == howmany) { /* so i <= 0 */
++ ldns_rr_list_free(popped);
++ return NULL;
++ } else {
++ return popped;
++ }
++}
++
++
++bool
++ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr)
++{
++ size_t i;
++
++ if (!rr_list || !rr || ldns_rr_list_rr_count(rr_list) == 0) {
++ return false;
++ }
++
++ for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
++ if (rr == ldns_rr_list_rr(rr_list, i)) {
++ return true;
++ } else if (ldns_rr_compare(rr, ldns_rr_list_rr(rr_list, i)) == 0) {
++ return true;
++ }
++ }
++ return false;
++}
++
++bool
++ldns_is_rrset(ldns_rr_list *rr_list)
++{
++ ldns_rr_type t;
++ ldns_rr_class c;
++ ldns_rdf *o;
++ ldns_rr *tmp;
++ size_t i;
++
++ if (!rr_list || ldns_rr_list_rr_count(rr_list) == 0) {
++ return false;
++ }
++
++ tmp = ldns_rr_list_rr(rr_list, 0);
++
++ t = ldns_rr_get_type(tmp);
++ c = ldns_rr_get_class(tmp);
++ o = ldns_rr_owner(tmp);
++
++ /* compare these with the rest of the rr_list, start with 1 */
++ for (i = 1; i < ldns_rr_list_rr_count(rr_list); i++) {
++ tmp = ldns_rr_list_rr(rr_list, i);
++ if (t != ldns_rr_get_type(tmp)) {
++ return false;
++ }
++ if (c != ldns_rr_get_class(tmp)) {
++ return false;
++ }
++ if (ldns_rdf_compare(o, ldns_rr_owner(tmp)) != 0) {
++ return false;
++ }
++ }
++ return true;
++}
++
++bool
++ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr)
++{
++ size_t rr_count;
++ size_t i;
++ ldns_rr *last;
++
++ assert(rr != NULL);
++
++ rr_count = ldns_rr_list_rr_count(rr_list);
++
++ if (rr_count == 0) {
++ /* nothing there, so checking it is
++ * not needed */
++ return ldns_rr_list_push_rr(rr_list, rr);
++ } else {
++ /* check with the final rr in the rr_list */
++ last = ldns_rr_list_rr(rr_list, rr_count - 1);
++
++ if (ldns_rr_get_class(last) != ldns_rr_get_class(rr)) {
++ return false;
++ }
++ if (ldns_rr_get_type(last) != ldns_rr_get_type(rr)) {
++ return false;
++ }
++ /* only check if not equal to RRSIG */
++ if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) {
++ if (ldns_rr_ttl(last) != ldns_rr_ttl(rr)) {
++ return false;
++ }
++ }
++ if (ldns_rdf_compare(ldns_rr_owner(last),
++ ldns_rr_owner(rr)) != 0) {
++ return false;
++ }
++ /* ok, still alive - check if the rr already
++ * exists - if so, dont' add it */
++ for(i = 0; i < rr_count; i++) {
++ if(ldns_rr_compare(
++ ldns_rr_list_rr(rr_list, i), rr) == 0) {
++ return false;
++ }
++ }
++ /* it's safe, push it */
++ return ldns_rr_list_push_rr(rr_list, rr);
++ }
++}
++
++ldns_rr *
++ldns_rr_set_pop_rr(ldns_rr_list *rr_list)
++{
++ return ldns_rr_list_pop_rr(rr_list);
++}
++
++ldns_rr_list *
++ldns_rr_list_pop_rrset(ldns_rr_list *rr_list)
++{
++ ldns_rr_list *rrset;
++ ldns_rr *last_rr = NULL;
++ ldns_rr *next_rr;
++
++ if (!rr_list) {
++ return NULL;
++ }
++
++ rrset = ldns_rr_list_new();
++ if (!last_rr) {
++ last_rr = ldns_rr_list_pop_rr(rr_list);
++ if (!last_rr) {
++ ldns_rr_list_free(rrset);
++ return NULL;
++ } else {
++ ldns_rr_list_push_rr(rrset, last_rr);
++ }
++ }
++
++ if (ldns_rr_list_rr_count(rr_list) > 0) {
++ next_rr = ldns_rr_list_rr(rr_list, ldns_rr_list_rr_count(rr_list) - 1);
++ } else {
++ next_rr = NULL;
++ }
++
++ while (next_rr) {
++ if (
++ ldns_rdf_compare(ldns_rr_owner(next_rr),
++ ldns_rr_owner(last_rr)) == 0
++ &&
++ ldns_rr_get_type(next_rr) == ldns_rr_get_type(last_rr)
++ &&
++ ldns_rr_get_class(next_rr) == ldns_rr_get_class(last_rr)
++ ) {
++ ldns_rr_list_push_rr(rrset, ldns_rr_list_pop_rr(rr_list));
++ if (ldns_rr_list_rr_count(rr_list) > 0) {
++ last_rr = next_rr;
++ next_rr = ldns_rr_list_rr(rr_list, ldns_rr_list_rr_count(rr_list) - 1);
++ } else {
++ next_rr = NULL;
++ }
++ } else {
++ next_rr = NULL;
++ }
++ }
++
++ return rrset;
++}
++
++ldns_rr *
++ldns_rr_clone(const ldns_rr *rr)
++{
++ size_t i;
++ ldns_rr *new_rr;
++
++ if (!rr) {
++ return NULL;
++ }
++
++ new_rr = ldns_rr_new();
++ if (!new_rr) {
++ return NULL;
++ }
++ if (ldns_rr_owner(rr)) {
++ ldns_rr_set_owner(new_rr, ldns_rdf_clone(ldns_rr_owner(rr)));
++ }
++ ldns_rr_set_ttl(new_rr, ldns_rr_ttl(rr));
++ ldns_rr_set_type(new_rr, ldns_rr_get_type(rr));
++ ldns_rr_set_class(new_rr, ldns_rr_get_class(rr));
++ ldns_rr_set_question(new_rr, ldns_rr_is_question(rr));
++
++ for (i = 0; i < ldns_rr_rd_count(rr); i++) {
++ if (ldns_rr_rdf(rr,i)) {
++ ldns_rr_push_rdf(new_rr, ldns_rdf_clone(ldns_rr_rdf(rr, i)));
++ }
++ }
++
++ return new_rr;
++}
++
++ldns_rr_list *
++ldns_rr_list_clone(const ldns_rr_list *rrlist)
++{
++ size_t i;
++ ldns_rr_list *new_list;
++ ldns_rr *r;
++
++ if (!rrlist) {
++ return NULL;
++ }
++
++ new_list = ldns_rr_list_new();
++ if (!new_list) {
++ return NULL;
++ }
++ for (i = 0; i < ldns_rr_list_rr_count(rrlist); i++) {
++ r = ldns_rr_clone(
++ ldns_rr_list_rr(rrlist, i)
++ );
++ if (!r) {
++ /* huh, failure in cloning */
++ ldns_rr_list_deep_free(new_list);
++ return NULL;
++ }
++ ldns_rr_list_push_rr(new_list, r);
++ }
++ return new_list;
++}
++
++
++static int
++qsort_schwartz_rr_compare(const void *a, const void *b)
++{
++ int result = 0;
++ ldns_rr *rr1, *rr2;
++ ldns_buffer *rr1_buf, *rr2_buf;
++ struct ldns_schwartzian_compare_struct *sa = *(struct ldns_schwartzian_compare_struct **) a;
++ struct ldns_schwartzian_compare_struct *sb = *(struct ldns_schwartzian_compare_struct **) b;
++ /* if we are doing 2wire, we need to do lowercasing on the dname (and maybe on the rdata)
++ * this must be done for comparison only, so we need to have a temp var for both buffers,
++ * which is only used when the transformed object value isn't there yet
++ */
++ ldns_rr *canonical_a, *canonical_b;
++
++ rr1 = (ldns_rr *) sa->original_object;
++ rr2 = (ldns_rr *) sb->original_object;
++
++ result = ldns_rr_compare_no_rdata(rr1, rr2);
++
++ if (result == 0) {
++ if (!sa->transformed_object) {
++ canonical_a = ldns_rr_clone(sa->original_object);
++ ldns_rr2canonical(canonical_a);
++ sa->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_a));
++ if (ldns_rr2buffer_wire(sa->transformed_object, canonical_a, LDNS_SECTION_ANY) != LDNS_STATUS_OK) {
++ ldns_buffer_free((ldns_buffer *)sa->transformed_object);
++ sa->transformed_object = NULL;
++ ldns_rr_free(canonical_a);
++ return 0;
++ }
++ ldns_rr_free(canonical_a);
++ }
++ if (!sb->transformed_object) {
++ canonical_b = ldns_rr_clone(sb->original_object);
++ ldns_rr2canonical(canonical_b);
++ sb->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_b));
++ if (ldns_rr2buffer_wire(sb->transformed_object, canonical_b, LDNS_SECTION_ANY) != LDNS_STATUS_OK) {
++ ldns_buffer_free((ldns_buffer *)sa->transformed_object);
++ ldns_buffer_free((ldns_buffer *)sb->transformed_object);
++ sa->transformed_object = NULL;
++ sb->transformed_object = NULL;
++ ldns_rr_free(canonical_b);
++ return 0;
++ }
++ ldns_rr_free(canonical_b);
++ }
++ rr1_buf = (ldns_buffer *) sa->transformed_object;
++ rr2_buf = (ldns_buffer *) sb->transformed_object;
++
++ result = ldns_rr_compare_wire(rr1_buf, rr2_buf);
++ }
++
++ return result;
++}
++
++void
++ldns_rr_list_sort(ldns_rr_list *unsorted)
++{
++ struct ldns_schwartzian_compare_struct **sortables;
++ size_t item_count;
++ size_t i;
++
++ if (unsorted) {
++ item_count = ldns_rr_list_rr_count(unsorted);
++
++ sortables = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct *,
++ item_count);
++ if(!sortables) return; /* no way to return error */
++ for (i = 0; i < item_count; i++) {
++ sortables[i] = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct, 1);
++ if(!sortables[i]) {
++ /* free the allocated parts */
++ while(i>0) {
++ i--;
++ LDNS_FREE(sortables[i]);
++ }
++ /* no way to return error */
++ LDNS_FREE(sortables);
++ return;
++ }
++ sortables[i]->original_object = ldns_rr_list_rr(unsorted, i);
++ sortables[i]->transformed_object = NULL;
++ }
++ qsort(sortables,
++ item_count,
++ sizeof(struct ldns_schwartzian_compare_struct *),
++ qsort_schwartz_rr_compare);
++ for (i = 0; i < item_count; i++) {
++ unsorted->_rrs[i] = sortables[i]->original_object;
++ if (sortables[i]->transformed_object) {
++ ldns_buffer_free(sortables[i]->transformed_object);
++ }
++ LDNS_FREE(sortables[i]);
++ }
++ LDNS_FREE(sortables);
++ }
++}
++
++int
++ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2)
++{
++ size_t rr1_len;
++ size_t rr2_len;
++ size_t offset;
++
++ assert(rr1 != NULL);
++ assert(rr2 != NULL);
++
++ rr1_len = ldns_rr_uncompressed_size(rr1);
++ rr2_len = ldns_rr_uncompressed_size(rr2);
++
++ if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) < 0) {
++ return -1;
++ } else if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) > 0) {
++ return 1;
++ }
++
++ /* should return -1 if rr1 comes before rr2, so need to do rr1 - rr2, not rr2 - rr1 */
++ if (ldns_rr_get_class(rr1) != ldns_rr_get_class(rr2)) {
++ return ldns_rr_get_class(rr1) - ldns_rr_get_class(rr2);
++ }
++
++ /* should return -1 if rr1 comes before rr2, so need to do rr1 - rr2, not rr2 - rr1 */
++ if (ldns_rr_get_type(rr1) != ldns_rr_get_type(rr2)) {
++ return ldns_rr_get_type(rr1) - ldns_rr_get_type(rr2);
++ }
++
++ /* offset is the owername length + ttl + type + class + rdlen == start of wire format rdata */
++ offset = ldns_rdf_size(ldns_rr_owner(rr1)) + 4 + 2 + 2 + 2;
++ /* if either record doesn't have any RDATA... */
++ if (offset > rr1_len || offset > rr2_len) {
++ if (rr1_len == rr2_len) {
++ return 0;
++ }
++ return ((int) rr2_len - (int) rr1_len);
++ }
++
++ return 0;
++}
++
++int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf)
++{
++ size_t rr1_len, rr2_len, min_len, i, offset;
++
++ rr1_len = ldns_buffer_capacity(rr1_buf);
++ rr2_len = ldns_buffer_capacity(rr2_buf);
++
++ /* jump past dname (checked in earlier part)
++ * and especially past TTL */
++ offset = 0;
++ while (offset < rr1_len && *ldns_buffer_at(rr1_buf, offset) != 0) {
++ offset += *ldns_buffer_at(rr1_buf, offset) + 1;
++ }
++ /* jump to rdata section (PAST the rdata length field, otherwise
++ rrs with different lengths might be sorted erroneously */
++ offset += 11;
++ min_len = (rr1_len < rr2_len) ? rr1_len : rr2_len;
++ /* Compare RRs RDATA byte for byte. */
++ for(i = offset; i < min_len; i++) {
++ if (*ldns_buffer_at(rr1_buf,i) < *ldns_buffer_at(rr2_buf,i)) {
++ return -1;
++ } else if (*ldns_buffer_at(rr1_buf,i) > *ldns_buffer_at(rr2_buf,i)) {
++ return +1;
++ }
++ }
++
++ /* If both RDATAs are the same up to min_len, then the shorter one sorts first. */
++ if (rr1_len < rr2_len) {
++ return -1;
++ } else if (rr1_len > rr2_len) {
++ return +1;
++ }
++ /* The RDATAs are equal. */
++ return 0;
++
++}
++
++int
++ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2)
++{
++ int result;
++ size_t rr1_len, rr2_len;
++
++ ldns_buffer *rr1_buf;
++ ldns_buffer *rr2_buf;
++
++ result = ldns_rr_compare_no_rdata(rr1, rr2);
++ if (result == 0) {
++ rr1_len = ldns_rr_uncompressed_size(rr1);
++ rr2_len = ldns_rr_uncompressed_size(rr2);
++
++ rr1_buf = ldns_buffer_new(rr1_len);
++ rr2_buf = ldns_buffer_new(rr2_len);
++
++ if (ldns_rr2buffer_wire_canonical(rr1_buf,
++ rr1,
++ LDNS_SECTION_ANY)
++ != LDNS_STATUS_OK) {
++ ldns_buffer_free(rr1_buf);
++ ldns_buffer_free(rr2_buf);
++ return 0;
++ }
++ if (ldns_rr2buffer_wire_canonical(rr2_buf,
++ rr2,
++ LDNS_SECTION_ANY)
++ != LDNS_STATUS_OK) {
++ ldns_buffer_free(rr1_buf);
++ ldns_buffer_free(rr2_buf);
++ return 0;
++ }
++
++ result = ldns_rr_compare_wire(rr1_buf, rr2_buf);
++
++ ldns_buffer_free(rr1_buf);
++ ldns_buffer_free(rr2_buf);
++ }
++
++ return result;
++}
++
++/* convert dnskey to a ds with the given algorithm,
++ * then compare the result with the given ds */
++static int
++ldns_rr_compare_ds_dnskey(ldns_rr *ds,
++ ldns_rr *dnskey)
++{
++ ldns_rr *ds_gen;
++ bool result = false;
++ ldns_hash algo;
++
++ if (!dnskey || !ds ||
++ ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS ||
++ ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_DNSKEY) {
++ return false;
++ }
++
++ if (ldns_rr_rdf(ds, 2) == NULL) {
++ return false;
++ }
++ algo = ldns_rdf2native_int8(ldns_rr_rdf(ds, 2));
++
++ ds_gen = ldns_key_rr2ds(dnskey, algo);
++ if (ds_gen) {
++ result = ldns_rr_compare(ds, ds_gen) == 0;
++ ldns_rr_free(ds_gen);
++ }
++ return result;
++}
++
++bool
++ldns_rr_compare_ds(const ldns_rr *orr1, const ldns_rr *orr2)
++{
++ bool result;
++ ldns_rr *rr1 = ldns_rr_clone(orr1);
++ ldns_rr *rr2 = ldns_rr_clone(orr2);
++
++ /* set ttls to zero */
++ ldns_rr_set_ttl(rr1, 0);
++ ldns_rr_set_ttl(rr2, 0);
++
++ if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DS &&
++ ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DNSKEY) {
++ result = ldns_rr_compare_ds_dnskey(rr1, rr2);
++ } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DNSKEY &&
++ ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DS) {
++ result = ldns_rr_compare_ds_dnskey(rr2, rr1);
++ } else {
++ result = (ldns_rr_compare(rr1, rr2) == 0);
++ }
++
++ ldns_rr_free(rr1);
++ ldns_rr_free(rr2);
++
++ return result;
++}
++
++int
++ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2)
++{
++ size_t i = 0;
++ int rr_cmp;
++
++ assert(rrl1 != NULL);
++ assert(rrl2 != NULL);
++
++ for (i = 0; i < ldns_rr_list_rr_count(rrl1) && i < ldns_rr_list_rr_count(rrl2); i++) {
++ rr_cmp = ldns_rr_compare(ldns_rr_list_rr(rrl1, i), ldns_rr_list_rr(rrl2, i));
++ if (rr_cmp != 0) {
++ return rr_cmp;
++ }
++ }
++
++ if (i == ldns_rr_list_rr_count(rrl1) &&
++ i != ldns_rr_list_rr_count(rrl2)) {
++ return 1;
++ } else if (i == ldns_rr_list_rr_count(rrl2) &&
++ i != ldns_rr_list_rr_count(rrl1)) {
++ return -1;
++ } else {
++ return 0;
++ }
++}
++
++size_t
++ldns_rr_uncompressed_size(const ldns_rr *r)
++{
++ size_t rrsize;
++ size_t i;
++
++ rrsize = 0;
++ /* add all the rdf sizes */
++ for(i = 0; i < ldns_rr_rd_count(r); i++) {
++ rrsize += ldns_rdf_size(ldns_rr_rdf(r, i));
++ }
++ /* ownername */
++ rrsize += ldns_rdf_size(ldns_rr_owner(r));
++ rrsize += LDNS_RR_OVERHEAD;
++ return rrsize;
++}
++
++void
++ldns_rr2canonical(ldns_rr *rr)
++{
++ uint16_t i;
++
++ if (!rr) {
++ return;
++ }
++
++ ldns_dname2canonical(ldns_rr_owner(rr));
++
++ /*
++ * lowercase the rdata dnames if the rr type is one
++ * of the list in chapter 7 of RFC3597
++ * Also added RRSIG, because a "Signer's Name" should be canonicalized
++ * too. See dnssec-bis-updates-16. We can add it to this list because
++ * the "Signer's Name" is the only dname type rdata field in a RRSIG.
++ */
++ switch(ldns_rr_get_type(rr)) {
++ case LDNS_RR_TYPE_NS:
++ case LDNS_RR_TYPE_MD:
++ case LDNS_RR_TYPE_MF:
++ case LDNS_RR_TYPE_CNAME:
++ case LDNS_RR_TYPE_SOA:
++ case LDNS_RR_TYPE_MB:
++ case LDNS_RR_TYPE_MG:
++ case LDNS_RR_TYPE_MR:
++ case LDNS_RR_TYPE_PTR:
++ case LDNS_RR_TYPE_MINFO:
++ case LDNS_RR_TYPE_MX:
++ case LDNS_RR_TYPE_RP:
++ case LDNS_RR_TYPE_AFSDB:
++ case LDNS_RR_TYPE_RT:
++ case LDNS_RR_TYPE_SIG:
++ case LDNS_RR_TYPE_PX:
++ case LDNS_RR_TYPE_NXT:
++ case LDNS_RR_TYPE_NAPTR:
++ case LDNS_RR_TYPE_KX:
++ case LDNS_RR_TYPE_SRV:
++ case LDNS_RR_TYPE_DNAME:
++ case LDNS_RR_TYPE_A6:
++ case LDNS_RR_TYPE_RRSIG:
++ for (i = 0; i < ldns_rr_rd_count(rr); i++) {
++ ldns_dname2canonical(ldns_rr_rdf(rr, i));
++ }
++ return;
++ default:
++ /* do nothing */
++ return;
++ }
++}
++
++void
++ldns_rr_list2canonical(ldns_rr_list *rr_list)
++{
++ size_t i;
++ for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
++ ldns_rr2canonical(ldns_rr_list_rr(rr_list, i));
++ }
++}
++
++uint8_t
++ldns_rr_label_count(ldns_rr *rr)
++{
++ if (!rr) {
++ return 0;
++ }
++ return ldns_dname_label_count(
++ ldns_rr_owner(rr));
++}
++
++/** \cond */
++static const ldns_rdf_type type_0_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN };
++static const ldns_rdf_type type_a_wireformat[] = { LDNS_RDF_TYPE_A };
++static const ldns_rdf_type type_ns_wireformat[] = { LDNS_RDF_TYPE_DNAME };
++static const ldns_rdf_type type_md_wireformat[] = { LDNS_RDF_TYPE_DNAME };
++static const ldns_rdf_type type_mf_wireformat[] = { LDNS_RDF_TYPE_DNAME };
++static const ldns_rdf_type type_cname_wireformat[] = { LDNS_RDF_TYPE_DNAME };
++static const ldns_rdf_type type_soa_wireformat[] = {
++ LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_INT32,
++ LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD,
++ LDNS_RDF_TYPE_PERIOD
++};
++static const ldns_rdf_type type_mb_wireformat[] = { LDNS_RDF_TYPE_DNAME };
++static const ldns_rdf_type type_mg_wireformat[] = { LDNS_RDF_TYPE_DNAME };
++static const ldns_rdf_type type_mr_wireformat[] = { LDNS_RDF_TYPE_DNAME };
++static const ldns_rdf_type type_wks_wireformat[] = {
++ LDNS_RDF_TYPE_A, LDNS_RDF_TYPE_WKS
++};
++static const ldns_rdf_type type_ptr_wireformat[] = { LDNS_RDF_TYPE_DNAME };
++static const ldns_rdf_type type_hinfo_wireformat[] = {
++ LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR
++};
++static const ldns_rdf_type type_minfo_wireformat[] = {
++ LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME
++};
++static const ldns_rdf_type type_mx_wireformat[] = {
++ LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
++};
++static const ldns_rdf_type type_rp_wireformat[] = {
++ LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME
++};
++static const ldns_rdf_type type_afsdb_wireformat[] = {
++ LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
++};
++static const ldns_rdf_type type_x25_wireformat[] = { LDNS_RDF_TYPE_STR };
++static const ldns_rdf_type type_isdn_wireformat[] = {
++ LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR
++};
++static const ldns_rdf_type type_rt_wireformat[] = {
++ LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
++};
++static const ldns_rdf_type type_nsap_wireformat[] = {
++ LDNS_RDF_TYPE_NSAP
++};
++static const ldns_rdf_type type_nsap_ptr_wireformat[] = {
++ LDNS_RDF_TYPE_STR
++};
++static const ldns_rdf_type type_sig_wireformat[] = {
++ LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32,
++ LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64
++};
++static const ldns_rdf_type type_key_wireformat[] = {
++ LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64
++};
++static const ldns_rdf_type type_px_wireformat[] = {
++ LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME
++};
++static const ldns_rdf_type type_gpos_wireformat[] = {
++ LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR
++};
++static const ldns_rdf_type type_aaaa_wireformat[] = { LDNS_RDF_TYPE_AAAA };
++static const ldns_rdf_type type_loc_wireformat[] = { LDNS_RDF_TYPE_LOC };
++static const ldns_rdf_type type_nxt_wireformat[] = {
++ LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_UNKNOWN
++};
++static const ldns_rdf_type type_eid_wireformat[] = {
++ LDNS_RDF_TYPE_HEX
++};
++static const ldns_rdf_type type_nimloc_wireformat[] = {
++ LDNS_RDF_TYPE_HEX
++};
++static const ldns_rdf_type type_srv_wireformat[] = {
++ LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
++};
++static const ldns_rdf_type type_atma_wireformat[] = {
++ LDNS_RDF_TYPE_ATMA
++};
++static const ldns_rdf_type type_naptr_wireformat[] = {
++ LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_DNAME
++};
++static const ldns_rdf_type type_kx_wireformat[] = {
++ LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
++};
++static const ldns_rdf_type type_cert_wireformat[] = {
++ LDNS_RDF_TYPE_CERT_ALG, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_B64
++};
++static const ldns_rdf_type type_a6_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN };
++static const ldns_rdf_type type_dname_wireformat[] = { LDNS_RDF_TYPE_DNAME };
++static const ldns_rdf_type type_sink_wireformat[] = { LDNS_RDF_TYPE_INT8,
++ LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64
++};
++static const ldns_rdf_type type_apl_wireformat[] = {
++ LDNS_RDF_TYPE_APL
++};
++static const ldns_rdf_type type_ds_wireformat[] = {
++ LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX
++};
++static const ldns_rdf_type type_sshfp_wireformat[] = {
++ LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX
++};
++static const ldns_rdf_type type_ipseckey_wireformat[] = {
++ LDNS_RDF_TYPE_IPSECKEY
++};
++static const ldns_rdf_type type_rrsig_wireformat[] = {
++ LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32,
++ LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64
++};
++static const ldns_rdf_type type_nsec_wireformat[] = {
++ LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_NSEC
++};
++static const ldns_rdf_type type_dhcid_wireformat[] = {
++ LDNS_RDF_TYPE_B64
++};
++static const ldns_rdf_type type_talink_wireformat[] = {
++ LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME
++};
++/*@unused@*/ static const ldns_rdf_type type_openpgpkey_wireformat[] = {
++ LDNS_RDF_TYPE_B64
++};
++/* nsec3 is some vars, followed by same type of data of nsec */
++static const ldns_rdf_type type_nsec3_wireformat[] = {
++/* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/
++ LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC3_SALT, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC
++};
++
++static const ldns_rdf_type type_nsec3param_wireformat[] = {
++/* LDNS_RDF_TYPE_NSEC3_PARAMS_VARS*/
++ LDNS_RDF_TYPE_INT8,
++ LDNS_RDF_TYPE_INT8,
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_NSEC3_SALT
++};
++
++static const ldns_rdf_type type_dnskey_wireformat[] = {
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_INT8,
++ LDNS_RDF_TYPE_ALG,
++ LDNS_RDF_TYPE_B64
++};
++static const ldns_rdf_type type_tkey_wireformat[] = {
++ LDNS_RDF_TYPE_DNAME,
++ LDNS_RDF_TYPE_TIME,
++ LDNS_RDF_TYPE_TIME,
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_INT16_DATA,
++ LDNS_RDF_TYPE_INT16_DATA,
++};
++static const ldns_rdf_type type_tsig_wireformat[] = {
++ LDNS_RDF_TYPE_DNAME,
++ LDNS_RDF_TYPE_TSIGTIME,
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_INT16_DATA,
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_INT16_DATA
++};
++static const ldns_rdf_type type_tlsa_wireformat[] = {
++ LDNS_RDF_TYPE_CERTIFICATE_USAGE,
++ LDNS_RDF_TYPE_SELECTOR,
++ LDNS_RDF_TYPE_MATCHING_TYPE,
++ LDNS_RDF_TYPE_HEX
++};
++static const ldns_rdf_type type_hip_wireformat[] = {
++ LDNS_RDF_TYPE_HIP
++};
++static const ldns_rdf_type type_nid_wireformat[] = {
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_ILNP64
++};
++static const ldns_rdf_type type_l32_wireformat[] = {
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_A
++};
++static const ldns_rdf_type type_l64_wireformat[] = {
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_ILNP64
++};
++static const ldns_rdf_type type_lp_wireformat[] = {
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_DNAME
++};
++static const ldns_rdf_type type_eui48_wireformat[] = {
++ LDNS_RDF_TYPE_EUI48
++};
++static const ldns_rdf_type type_eui64_wireformat[] = {
++ LDNS_RDF_TYPE_EUI64
++};
++#ifdef RRTYPE_URI
++static const ldns_rdf_type type_uri_wireformat[] = {
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_INT16,
++ LDNS_RDF_TYPE_LONG_STR
++};
++#endif
++static const ldns_rdf_type type_caa_wireformat[] = {
++ LDNS_RDF_TYPE_INT8,
++ LDNS_RDF_TYPE_TAG,
++ LDNS_RDF_TYPE_LONG_STR
++};
++/** \endcond */
++
++/** \cond */
++/* All RR's defined in 1035 are well known and can thus
++ * be compressed. See RFC3597. These RR's are:
++ * CNAME HINFO MB MD MF MG MINFO MR MX NULL NS PTR SOA TXT
++ */
++static ldns_rr_descriptor rdata_field_descriptors[] = {
++ /* 0 */
++ { 0, NULL, 0, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 1 */
++ {LDNS_RR_TYPE_A, "A", 1, 1, type_a_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 2 */
++ {LDNS_RR_TYPE_NS, "NS", 1, 1, type_ns_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
++ /* 3 */
++ {LDNS_RR_TYPE_MD, "MD", 1, 1, type_md_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
++ /* 4 */
++ {LDNS_RR_TYPE_MF, "MF", 1, 1, type_mf_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
++ /* 5 */
++ {LDNS_RR_TYPE_CNAME, "CNAME", 1, 1, type_cname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
++ /* 6 */
++ {LDNS_RR_TYPE_SOA, "SOA", 7, 7, type_soa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 },
++ /* 7 */
++ {LDNS_RR_TYPE_MB, "MB", 1, 1, type_mb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
++ /* 8 */
++ {LDNS_RR_TYPE_MG, "MG", 1, 1, type_mg_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
++ /* 9 */
++ {LDNS_RR_TYPE_MR, "MR", 1, 1, type_mr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
++ /* 10 */
++ {LDNS_RR_TYPE_NULL, "NULL", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 11 */
++ {LDNS_RR_TYPE_WKS, "WKS", 2, 2, type_wks_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 12 */
++ {LDNS_RR_TYPE_PTR, "PTR", 1, 1, type_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
++ /* 13 */
++ {LDNS_RR_TYPE_HINFO, "HINFO", 2, 2, type_hinfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 14 */
++ {LDNS_RR_TYPE_MINFO, "MINFO", 2, 2, type_minfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 },
++ /* 15 */
++ {LDNS_RR_TYPE_MX, "MX", 2, 2, type_mx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
++ /* 16 */
++ {LDNS_RR_TYPE_TXT, "TXT", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 },
++ /* 17 */
++ {LDNS_RR_TYPE_RP, "RP", 2, 2, type_rp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 },
++ /* 18 */
++ {LDNS_RR_TYPE_AFSDB, "AFSDB", 2, 2, type_afsdb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 19 */
++ {LDNS_RR_TYPE_X25, "X25", 1, 1, type_x25_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 20 */
++ {LDNS_RR_TYPE_ISDN, "ISDN", 1, 2, type_isdn_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 21 */
++ {LDNS_RR_TYPE_RT, "RT", 2, 2, type_rt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 22 */
++ {LDNS_RR_TYPE_NSAP, "NSAP", 1, 1, type_nsap_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 23 */
++ {LDNS_RR_TYPE_NSAP_PTR, "NSAP-PTR", 1, 1, type_nsap_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 24 */
++ {LDNS_RR_TYPE_SIG, "SIG", 9, 9, type_sig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 25 */
++ {LDNS_RR_TYPE_KEY, "KEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 26 */
++ {LDNS_RR_TYPE_PX, "PX", 3, 3, type_px_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 },
++ /* 27 */
++ {LDNS_RR_TYPE_GPOS, "GPOS", 3, 3, type_gpos_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 28 */
++ {LDNS_RR_TYPE_AAAA, "AAAA", 1, 1, type_aaaa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 29 */
++ {LDNS_RR_TYPE_LOC, "LOC", 1, 1, type_loc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 30 */
++ {LDNS_RR_TYPE_NXT, "NXT", 2, 2, type_nxt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 31 */
++ {LDNS_RR_TYPE_EID, "EID", 1, 1, type_eid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 32 */
++ {LDNS_RR_TYPE_NIMLOC, "NIMLOC", 1, 1, type_nimloc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 33 */
++ {LDNS_RR_TYPE_SRV, "SRV", 4, 4, type_srv_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 34 */
++ {LDNS_RR_TYPE_ATMA, "ATMA", 1, 1, type_atma_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 35 */
++ {LDNS_RR_TYPE_NAPTR, "NAPTR", 6, 6, type_naptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 36 */
++ {LDNS_RR_TYPE_KX, "KX", 2, 2, type_kx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 37 */
++ {LDNS_RR_TYPE_CERT, "CERT", 4, 4, type_cert_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 38 */
++ {LDNS_RR_TYPE_A6, "A6", 1, 1, type_a6_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 39 */
++ {LDNS_RR_TYPE_DNAME, "DNAME", 1, 1, type_dname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 40 */
++ {LDNS_RR_TYPE_SINK, "SINK", 1, 1, type_sink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 41 */
++ {LDNS_RR_TYPE_OPT, "OPT", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 42 */
++ {LDNS_RR_TYPE_APL, "APL", 0, 0, type_apl_wireformat, LDNS_RDF_TYPE_APL, LDNS_RR_NO_COMPRESS, 0 },
++ /* 43 */
++ {LDNS_RR_TYPE_DS, "DS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 44 */
++ {LDNS_RR_TYPE_SSHFP, "SSHFP", 3, 3, type_sshfp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 45 */
++ {LDNS_RR_TYPE_IPSECKEY, "IPSECKEY", 1, 1, type_ipseckey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 46 */
++ {LDNS_RR_TYPE_RRSIG, "RRSIG", 9, 9, type_rrsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 47 */
++ {LDNS_RR_TYPE_NSEC, "NSEC", 1, 2, type_nsec_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 48 */
++ {LDNS_RR_TYPE_DNSKEY, "DNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 49 */
++ {LDNS_RR_TYPE_DHCID, "DHCID", 1, 1, type_dhcid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 50 */
++ {LDNS_RR_TYPE_NSEC3, "NSEC3", 5, 6, type_nsec3_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 51 */
++ {LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 52 */
++ {LDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++
++{LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++
++ /* 55
++ * Hip ends with 0 or more Rendezvous Servers represented as dname's.
++ * Hence the LDNS_RDF_TYPE_DNAME _variable field and the _maximum field
++ * set to 0.
++ */
++ {LDNS_RR_TYPE_HIP, "HIP", 1, 1, type_hip_wireformat, LDNS_RDF_TYPE_DNAME, LDNS_RR_NO_COMPRESS, 0 },
++
++#ifdef RRTYPE_NINFO
++ /* 56 */
++ {LDNS_RR_TYPE_NINFO, "NINFO", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 },
++#else
++{LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++#endif
++#ifdef RRTYPE_RKEY
++ /* 57 */
++ {LDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++#else
++{LDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++#endif
++ /* 58 */
++ {LDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 },
++
++ /* 59 */
++ {LDNS_RR_TYPE_CDS, "CDS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 60 */
++ {LDNS_RR_TYPE_CDNSKEY, "CDNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++
++#ifdef RRTYPE_OPENPGPKEY
++ /* 61 */
++ {LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++#else
++{LDNS_RR_TYPE_NULL, "TYPE61", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++#endif
++
++{LDNS_RR_TYPE_NULL, "TYPE62", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE72", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE73", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE74", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE75", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE76", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE77", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE78", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE79", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE80", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE81", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE82", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE83", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE84", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE85", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE86", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE87", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE88", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE89", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE90", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE91", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE92", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE93", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE94", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE95", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE96", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE97", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE98", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++
++ /* 99 */
++ {LDNS_RR_TYPE_SPF, "SPF", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 },
++
++ /* UINFO [IANA-Reserved] */
++{LDNS_RR_TYPE_NULL, "TYPE100", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* UID [IANA-Reserved] */
++{LDNS_RR_TYPE_NULL, "TYPE101", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* GID [IANA-Reserved] */
++{LDNS_RR_TYPE_NULL, "TYPE102", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* UNSPEC [IANA-Reserved] */
++{LDNS_RR_TYPE_NULL, "TYPE103", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++
++ /* 104 */
++ {LDNS_RR_TYPE_NID, "NID", 2, 2, type_nid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 105 */
++ {LDNS_RR_TYPE_L32, "L32", 2, 2, type_l32_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 106 */
++ {LDNS_RR_TYPE_L64, "L64", 2, 2, type_l64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 107 */
++ {LDNS_RR_TYPE_LP, "LP", 2, 2, type_lp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* 108 */
++ {LDNS_RR_TYPE_EUI48, "EUI48", 1, 1, type_eui48_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* 109 */
++ {LDNS_RR_TYPE_EUI64, "EUI64", 1, 1, type_eui64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++
++{LDNS_RR_TYPE_NULL, "TYPE110", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE111", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE112", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE113", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE114", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE115", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE116", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE117", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE118", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE119", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE120", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE121", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE122", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE123", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE124", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE125", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE126", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE127", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE128", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE129", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE130", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE131", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE132", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE133", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE134", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE135", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE136", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE137", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE138", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE139", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE140", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE141", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE142", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE143", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE144", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE145", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE146", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE147", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE148", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE149", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE150", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE151", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE152", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE153", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE154", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE155", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE156", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE157", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE158", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE159", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE160", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE161", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE162", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE163", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE164", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE165", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE166", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE167", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE168", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE169", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE170", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE171", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE172", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE173", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE174", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE175", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE176", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE177", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE178", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE179", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE180", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE181", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE182", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE183", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE184", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE185", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE186", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE187", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE188", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE189", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE190", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE191", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE192", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE193", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE194", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE195", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE196", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE197", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE198", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE199", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE200", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE201", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE202", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE203", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE204", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE205", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE206", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE207", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE208", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE209", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE210", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE211", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE212", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE213", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE214", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE215", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE216", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE217", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE218", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE219", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE220", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE221", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE222", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE223", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE224", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE225", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE226", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE227", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE228", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE229", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE230", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE231", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE232", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE233", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE234", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE235", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE236", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE237", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE238", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE239", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE240", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE241", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE242", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE243", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE244", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE245", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE246", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE247", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++{LDNS_RR_TYPE_NULL, "TYPE248", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++
++ /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one.
++ * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9.
++ */
++ /* 249 */
++ {LDNS_RR_TYPE_TKEY, "TKEY", 7, 7, type_tkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++ /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one.
++ * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9.
++ */
++ /* 250 */
++ {LDNS_RR_TYPE_TSIG, "TSIG", 7, 7, type_tsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
++
++ /* IXFR: A request for a transfer of an incremental zone transfer */
++{LDNS_RR_TYPE_NULL, "TYPE251", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* AXFR: A request for a transfer of an entire zone */
++{LDNS_RR_TYPE_NULL, "TYPE252", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* MAILB: A request for mailbox-related records (MB, MG or MR) */
++{LDNS_RR_TYPE_NULL, "TYPE253", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* MAILA: A request for mail agent RRs (Obsolete - see MX) */
++{LDNS_RR_TYPE_NULL, "TYPE254", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++ /* ANY: A request for all (available) records */
++{LDNS_RR_TYPE_NULL, "TYPE255", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++
++#ifdef RRTYPE_URI
++ /* 256 */
++ {LDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++#else
++{LDNS_RR_TYPE_NULL, "TYPE256", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++#endif
++ /* 257 */
++ {LDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++
++/* split in array, no longer contiguous */
++
++#ifdef RRTYPE_TA
++ /* 32768 */
++ {LDNS_RR_TYPE_TA, "TA", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++#else
++{LDNS_RR_TYPE_NULL, "TYPE32768", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
++#endif
++ /* 32769 */
++ {LDNS_RR_TYPE_DLV, "DLV", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }
++};
++/** \endcond */
++
++/**
++ * \def LDNS_RDATA_FIELD_DESCRIPTORS_COUNT
++ * computes the number of rdata fields
++ */
++#define LDNS_RDATA_FIELD_DESCRIPTORS_COUNT \
++ (sizeof(rdata_field_descriptors)/sizeof(rdata_field_descriptors[0]))
++
++
++/*---------------------------------------------------------------------------*
++ * The functions below return an bitmap RDF with the space required to set
++ * or unset all known RR types. Arguably these functions are better situated
++ * in rdata.c, however for the space calculation it is necesarry to walk
++ * through rdata_field_descriptors which is not easily possible from anywhere
++ * other than rr.c where it is declared static.
++ *
++ * Alternatively rr.c could have provided an iterator for rr_type or
++ * rdf_descriptors, but this seemed overkill for internal use only.
++ */
++static ldns_rr_descriptor* rdata_field_descriptors_end =
++ &rdata_field_descriptors[LDNS_RDATA_FIELD_DESCRIPTORS_COUNT];
++
++/* From RFC3845:
++ *
++ * 2.1.2. The List of Type Bit Map(s) Field
++ *
++ * The RR type space is split into 256 window blocks, each representing
++ * the low-order 8 bits of the 16-bit RR type space. Each block that
++ * has at least one active RR type is encoded using a single octet
++ * window number (from 0 to 255), a single octet bitmap length (from 1
++ * to 32) indicating the number of octets used for the window block's
++ * bitmap, and up to 32 octets (256 bits) of bitmap.
++ *
++ * Window blocks are present in the NSEC RR RDATA in increasing
++ * numerical order.
++ *
++ * "|" denotes concatenation
++ *
++ * Type Bit Map(s) Field = ( Window Block # | Bitmap Length | Bitmap ) +
++ *
++ * <cut>
++ *
++ * Blocks with no types present MUST NOT be included. Trailing zero
++ * octets in the bitmap MUST be omitted. The length of each block's
++ * bitmap is determined by the type code with the largest numerical
++ * value within that block, among the set of RR types present at the
++ * NSEC RR's owner name. Trailing zero octets not specified MUST be
++ * interpreted as zero octets.
++ */
++static ldns_status
++ldns_rdf_bitmap_known_rr_types_set(ldns_rdf** rdf, int value)
++{
++ uint8_t window; /* most significant octet of type */
++ uint8_t subtype; /* least significant octet of type */
++ uint16_t windows[256] /* Max subtype per window */
++#ifndef S_SPLINT_S
++ = { 0 }
++#endif
++ ;
++ ldns_rr_descriptor* d; /* used to traverse rdata_field_descriptors */
++ size_t i; /* used to traverse windows array */
++
++ size_t sz; /* size needed for type bitmap rdf */
++ uint8_t* data = NULL; /* rdf data */
++ uint8_t* dptr; /* used to itraverse rdf data */
++
++ assert(rdf != NULL);
++
++ /* Which windows need to be in the bitmap rdf?
++ */
++ for (d=rdata_field_descriptors; d < rdata_field_descriptors_end; d++) {
++ window = d->_type >> 8;
++ subtype = d->_type & 0xff;
++ if (windows[window] < subtype) {
++ windows[window] = subtype;
++ }
++ }
++
++ /* How much space do we need in the rdf for those windows?
++ */
++ sz = 0;
++ for (i = 0; i < 256; i++) {
++ if (windows[i]) {
++ sz += windows[i] / 8 + 3;
++ }
++ }
++ if (sz > 0) {
++ /* Format rdf data according RFC3845 Section 2.1.2 (see above)
++ */
++ dptr = data = LDNS_XMALLOC(uint8_t, sz);
++ memset(data, value, sz);
++ if (!data) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ for (i = 0; i < 256; i++) {
++ if (windows[i]) {
++ *dptr++ = (uint8_t)i;
++ *dptr++ = (uint8_t)(windows[i] / 8 + 1);
++ dptr += dptr[-1];
++ }
++ }
++ }
++ /* Allocate and return rdf structure for the data
++ */
++ *rdf = ldns_rdf_new(LDNS_RDF_TYPE_BITMAP, sz, data);
++ if (!*rdf) {
++ LDNS_FREE(data);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_rdf_bitmap_known_rr_types_space(ldns_rdf** rdf)
++{
++ return ldns_rdf_bitmap_known_rr_types_set(rdf, 0);
++}
++
++ldns_status
++ldns_rdf_bitmap_known_rr_types(ldns_rdf** rdf)
++{
++ return ldns_rdf_bitmap_known_rr_types_set(rdf, 255);
++}
++/* End of RDF bitmap functions
++ *---------------------------------------------------------------------------*/
++
++
++const ldns_rr_descriptor *
++ldns_rr_descript(uint16_t type)
++{
++ size_t i;
++ if (type < LDNS_RDATA_FIELD_DESCRIPTORS_COMMON) {
++ return &rdata_field_descriptors[type];
++ } else {
++ /* because not all array index equals type code */
++ for (i = LDNS_RDATA_FIELD_DESCRIPTORS_COMMON;
++ i < LDNS_RDATA_FIELD_DESCRIPTORS_COUNT;
++ i++) {
++ if (rdata_field_descriptors[i]._type == type) {
++ return &rdata_field_descriptors[i];
++ }
++ }
++ return &rdata_field_descriptors[0];
++ }
++}
++
++size_t
++ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor)
++{
++ if (descriptor) {
++ return descriptor->_minimum;
++ } else {
++ return 0;
++ }
++}
++
++size_t
++ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor)
++{
++ if (descriptor) {
++ if (descriptor->_variable != LDNS_RDF_TYPE_NONE) {
++ /* Should really be SIZE_MAX... bad FreeBSD. */
++ return UINT_MAX;
++ } else {
++ return descriptor->_maximum;
++ }
++ } else {
++ return 0;
++ }
++}
++
++ldns_rdf_type
++ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor,
++ size_t index)
++{
++ assert(descriptor != NULL);
++ assert(index < descriptor->_maximum
++ || descriptor->_variable != LDNS_RDF_TYPE_NONE);
++ if (index < descriptor->_maximum) {
++ return descriptor->_wireformat[index];
++ } else {
++ return descriptor->_variable;
++ }
++}
++
++ldns_rr_type
++ldns_get_rr_type_by_name(const char *name)
++{
++ unsigned int i;
++ const char *desc_name;
++ const ldns_rr_descriptor *desc;
++
++ /* TYPEXX representation */
++ if (strlen(name) > 4 && strncasecmp(name, "TYPE", 4) == 0) {
++ return atoi(name + 4);
++ }
++
++ /* Normal types */
++ for (i = 0; i < (unsigned int) LDNS_RDATA_FIELD_DESCRIPTORS_COUNT; i++) {
++ desc = &rdata_field_descriptors[i];
++ desc_name = desc->_name;
++ if(desc_name &&
++ strlen(name) == strlen(desc_name) &&
++ strncasecmp(name, desc_name, strlen(desc_name)) == 0) {
++ /* because not all array index equals type code */
++ return desc->_type;
++ }
++ }
++
++ /* special cases for query types */
++ if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) {
++ return 251;
++ } else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) {
++ return 252;
++ } else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) {
++ return 253;
++ } else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) {
++ return 254;
++ } else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) {
++ return 255;
++ }
++
++ return 0;
++}
++
++ldns_rr_class
++ldns_get_rr_class_by_name(const char *name)
++{
++ ldns_lookup_table *lt;
++
++ /* CLASSXX representation */
++ if (strlen(name) > 5 && strncasecmp(name, "CLASS", 5) == 0) {
++ return atoi(name + 5);
++ }
++
++ /* Normal types */
++ lt = ldns_lookup_by_name(ldns_rr_classes, name);
++
++ if (lt) {
++ return lt->id;
++ }
++ return 0;
++}
++
++
++ldns_rr_type
++ldns_rdf2rr_type(const ldns_rdf *rd)
++{
++ ldns_rr_type r;
++
++ if (!rd) {
++ return 0;
++ }
++
++ if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_TYPE) {
++ return 0;
++ }
++
++ r = (ldns_rr_type) ldns_rdf2native_int16(rd);
++ return r;
++}
++
++ldns_rr_type
++ldns_rr_list_type(const ldns_rr_list *rr_list)
++{
++ if (rr_list && ldns_rr_list_rr_count(rr_list) > 0) {
++ return ldns_rr_get_type(ldns_rr_list_rr(rr_list, 0));
++ } else {
++ return 0;
++ }
++}
++
++ldns_rdf *
++ldns_rr_list_owner(const ldns_rr_list *rr_list)
++{
++ if (rr_list && ldns_rr_list_rr_count(rr_list) > 0) {
++ return ldns_rr_owner(ldns_rr_list_rr(rr_list, 0));
++ } else {
++ return NULL;
++ }
++}
+diff --git a/ldns/src/rr_functions.c b/ldns/src/rr_functions.c
+new file mode 100644
+index 0000000..b03751b
+--- /dev/null
++++ b/ldns/src/rr_functions.c
+@@ -0,0 +1,419 @@
++/*
++ * rr_function.c
++ *
++ * function that operate on specific rr types
++ *
++ * (c) NLnet Labs, 2004-2006
++ * See the file LICENSE for the license
++ */
++
++/*
++ * These come strait from perldoc Net::DNS::RR::xxx
++ * first the read variant, then the write. This is
++ * not complete.
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#include <limits.h>
++#include <strings.h>
++
++/**
++ * return a specific rdf
++ * \param[in] type type of RR
++ * \param[in] rr the rr itself
++ * \param[in] pos at which postion to get it
++ * \return the rdf sought
++ */
++static ldns_rdf *
++ldns_rr_function(ldns_rr_type type, const ldns_rr *rr, size_t pos)
++{
++ if (!rr || ldns_rr_get_type(rr) != type) {
++ return NULL;
++ }
++ return ldns_rr_rdf(rr, pos);
++}
++
++/**
++ * set a specific rdf
++ * \param[in] type type of RR
++ * \param[in] rr the rr itself
++ * \param[in] rdf the rdf to set
++ * \param[in] pos at which postion to set it
++ * \return true or false
++ */
++static bool
++ldns_rr_set_function(ldns_rr_type type, ldns_rr *rr, ldns_rdf *rdf, size_t pos)
++{
++ ldns_rdf *pop;
++ if (!rr || ldns_rr_get_type(rr) != type) {
++ return false;
++ }
++ pop = ldns_rr_set_rdf(rr, rdf, pos);
++ ldns_rdf_deep_free(pop);
++ return true;
++}
++
++/* A/AAAA records */
++ldns_rdf *
++ldns_rr_a_address(const ldns_rr *r)
++{
++ /* 2 types to check, cannot use the macro */
++ if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A &&
++ ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) {
++ return NULL;
++ }
++ return ldns_rr_rdf(r, 0);
++}
++
++bool
++ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f)
++{
++ /* 2 types to check, cannot use the macro... */
++ ldns_rdf *pop;
++ if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A &&
++ ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) {
++ return false;
++ }
++ pop = ldns_rr_set_rdf(r, f, 0);
++ if (pop) {
++ LDNS_FREE(pop);
++ return true;
++ } else {
++ return false;
++ }
++}
++
++/* NS record */
++ldns_rdf *
++ldns_rr_ns_nsdname(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_NS, r, 0);
++}
++
++/* MX record */
++ldns_rdf *
++ldns_rr_mx_preference(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_MX, r, 0);
++}
++
++ldns_rdf *
++ldns_rr_mx_exchange(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_MX, r, 1);
++}
++
++/* RRSIG record */
++ldns_rdf *
++ldns_rr_rrsig_typecovered(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 0);
++}
++
++bool
++ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 0);
++}
++
++ldns_rdf *
++ldns_rr_rrsig_algorithm(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 1);
++}
++
++bool
++ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 1);
++}
++
++ldns_rdf *
++ldns_rr_rrsig_labels(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 2);
++}
++
++bool
++ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 2);
++}
++
++ldns_rdf *
++ldns_rr_rrsig_origttl(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 3);
++}
++
++bool
++ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 3);
++}
++
++ldns_rdf *
++ldns_rr_rrsig_expiration(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 4);
++}
++
++bool
++ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 4);
++}
++
++ldns_rdf *
++ldns_rr_rrsig_inception(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 5);
++}
++
++bool
++ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 5);
++}
++
++ldns_rdf *
++ldns_rr_rrsig_keytag(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 6);
++}
++
++bool
++ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 6);
++}
++
++ldns_rdf *
++ldns_rr_rrsig_signame(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 7);
++}
++
++bool
++ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 7);
++}
++
++ldns_rdf *
++ldns_rr_rrsig_sig(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 8);
++}
++
++bool
++ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 8);
++}
++
++/* DNSKEY record */
++ldns_rdf *
++ldns_rr_dnskey_flags(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 0);
++}
++
++bool
++ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 0);
++}
++
++ldns_rdf *
++ldns_rr_dnskey_protocol(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 1);
++}
++
++bool
++ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 1);
++}
++
++ldns_rdf *
++ldns_rr_dnskey_algorithm(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 2);
++}
++
++bool
++ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 2);
++}
++
++ldns_rdf *
++ldns_rr_dnskey_key(const ldns_rr *r)
++{
++ return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 3);
++}
++
++bool
++ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f)
++{
++ return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 3);
++}
++
++size_t
++ldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
++ const size_t len,
++ const ldns_algorithm alg)
++{
++ /* for DSA keys */
++ uint8_t t;
++
++ /* for RSA keys */
++ uint16_t exp;
++ uint16_t int16;
++
++ switch ((ldns_signing_algorithm)alg) {
++ case LDNS_SIGN_DSA:
++ case LDNS_SIGN_DSA_NSEC3:
++ if (len > 0) {
++ t = keydata[0];
++ return (64 + t*8)*8;
++ } else {
++ return 0;
++ }
++ break;
++ case LDNS_SIGN_RSAMD5:
++ case LDNS_SIGN_RSASHA1:
++ case LDNS_SIGN_RSASHA1_NSEC3:
++#ifdef USE_SHA2
++ case LDNS_SIGN_RSASHA256:
++ case LDNS_SIGN_RSASHA512:
++#endif
++ if (len > 0) {
++ if (keydata[0] == 0) {
++ /* big exponent */
++ if (len > 3) {
++ memmove(&int16, keydata + 1, 2);
++ exp = ntohs(int16);
++ return (len - exp - 3)*8;
++ } else {
++ return 0;
++ }
++ } else {
++ exp = keydata[0];
++ return (len-exp-1)*8;
++ }
++ } else {
++ return 0;
++ }
++ break;
++#ifdef USE_GOST
++ case LDNS_SIGN_ECC_GOST:
++ return 512;
++#endif
++#ifdef USE_ECDSA
++ case LDNS_SIGN_ECDSAP256SHA256:
++ return 256;
++ case LDNS_SIGN_ECDSAP384SHA384:
++ return 384;
++#endif
++ case LDNS_SIGN_HMACMD5:
++ return len;
++ default:
++ return 0;
++ }
++}
++
++size_t
++ldns_rr_dnskey_key_size(const ldns_rr *key)
++{
++ if (!key || !ldns_rr_dnskey_key(key)
++ || !ldns_rr_dnskey_algorithm(key)) {
++ return 0;
++ }
++ return ldns_rr_dnskey_key_size_raw((unsigned char*)ldns_rdf_data(ldns_rr_dnskey_key(key)),
++ ldns_rdf_size(ldns_rr_dnskey_key(key)),
++ ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(key))
++ );
++}
++
++uint32_t ldns_soa_serial_identity(uint32_t ATTR_UNUSED(unused), void *data)
++{
++ return (uint32_t) (intptr_t) data;
++}
++
++uint32_t ldns_soa_serial_increment(uint32_t s, void *ATTR_UNUSED(unused))
++{
++ return ldns_soa_serial_increment_by(s, (void *)1);
++}
++
++uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data)
++{
++ return s + (intptr_t) data;
++}
++
++uint32_t ldns_soa_serial_datecounter(uint32_t s, void *data)
++{
++ struct tm tm;
++ char s_str[11];
++ int32_t new_s;
++ time_t t = data ? (time_t) (intptr_t) data : ldns_time(NULL);
++
++ (void) strftime(s_str, 11, "%Y%m%d00", localtime_r(&t, &tm));
++ new_s = (int32_t) atoi(s_str);
++ return new_s - ((int32_t) s) <= 0 ? s+1 : ((uint32_t) new_s);
++}
++
++uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data)
++{
++ int32_t new_s = data ? (int32_t) (intptr_t) data
++ : (int32_t) ldns_time(NULL);
++ return new_s - ((int32_t) s) <= 0 ? s+1 : ((uint32_t) new_s);
++}
++
++void
++ldns_rr_soa_increment(ldns_rr *soa)
++{
++ ldns_rr_soa_increment_func_data(soa, ldns_soa_serial_increment, NULL);
++}
++
++void
++ldns_rr_soa_increment_func(ldns_rr *soa, ldns_soa_serial_increment_func_t f)
++{
++ ldns_rr_soa_increment_func_data(soa, f, NULL);
++}
++
++void
++ldns_rr_soa_increment_func_data(ldns_rr *soa,
++ ldns_soa_serial_increment_func_t f, void *data)
++{
++ ldns_rdf *prev_soa_serial_rdf;
++ if ( !soa || !f || ldns_rr_get_type(soa) != LDNS_RR_TYPE_SOA
++ || !ldns_rr_rdf(soa, 2)) {
++ return;
++ }
++ prev_soa_serial_rdf = ldns_rr_set_rdf(
++ soa
++ , ldns_native2rdf_int32(
++ LDNS_RDF_TYPE_INT32
++ , (*f)( ldns_rdf2native_int32(
++ ldns_rr_rdf(soa, 2))
++ , data
++ )
++ )
++ , 2
++ );
++ LDNS_FREE(prev_soa_serial_rdf);
++}
++
++void
++ldns_rr_soa_increment_func_int(ldns_rr *soa,
++ ldns_soa_serial_increment_func_t f, int data)
++{
++ ldns_rr_soa_increment_func_data(soa, f, (void *) (intptr_t) data);
++}
++
+diff --git a/ldns/src/sha1.c b/ldns/src/sha1.c
+new file mode 100644
+index 0000000..18a4dd2
+--- /dev/null
++++ b/ldns/src/sha1.c
+@@ -0,0 +1,177 @@
++/*
++ * modified for ldns by Jelte Jansen, original taken from OpenBSD:
++ *
++ * SHA-1 in C
++ * By Steve Reid <steve at edmweb.com>
++ * 100% Public Domain
++ *
++ * Test Vectors (from FIPS PUB 180-1)
++ * "abc"
++ * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
++ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
++ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
++ * A million repetitions of "a"
++ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
++*/
++
++/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
++
++#include <ldns/config.h>
++#include <ldns/ldns.h>
++#include <strings.h>
++
++#define SHA1HANDSOFF 1 /* Copies data before messing with it. */
++#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
++
++/* blk0() and blk() perform the initial expand. */
++/* I got the idea of expanding during the round function from SSLeay */
++#if BYTE_ORDER == LITTLE_ENDIAN
++#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
++ |(rol(block->l[i],8)&0x00FF00FF))
++#else
++#define blk0(i) block->l[i]
++#endif
++#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
++ ^block->l[(i+2)&15]^block->l[i&15],1))
++
++/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
++#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
++#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
++#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
++#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
++#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
++
++/* Hash a single 512-bit block. This is the core of the algorithm. */
++
++void
++ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH])
++{
++ uint32_t a, b, c, d, e;
++ typedef union {
++ unsigned char c[64];
++ unsigned int l[16];
++ } CHAR64LONG16;
++ CHAR64LONG16* block;
++#ifdef SHA1HANDSOFF
++ unsigned char workspace[LDNS_SHA1_BLOCK_LENGTH];
++
++ block = (CHAR64LONG16 *)workspace;
++ memmove(block, buffer, LDNS_SHA1_BLOCK_LENGTH);
++#else
++ block = (CHAR64LONG16 *)buffer;
++#endif
++ /* Copy context->state[] to working vars */
++ a = state[0];
++ b = state[1];
++ c = state[2];
++ d = state[3];
++ e = state[4];
++
++ /* 4 rounds of 20 operations each. Loop unrolled. */
++ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
++ R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
++ R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
++ R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
++ R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
++ R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
++ R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
++ R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
++ R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
++ R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
++ R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
++ R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
++ R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
++ R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
++ R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
++ R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
++ R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
++ R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
++ R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
++ R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
++
++ /* Add the working vars back into context.state[] */
++ state[0] += a;
++ state[1] += b;
++ state[2] += c;
++ state[3] += d;
++ state[4] += e;
++ /* Wipe variables */
++ a = b = c = d = e = 0;
++}
++
++
++/* SHA1Init - Initialize new context */
++
++void
++ldns_sha1_init(ldns_sha1_ctx *context)
++{
++ /* SHA1 initialization constants */
++ context->count = 0;
++ context->state[0] = 0x67452301;
++ context->state[1] = 0xEFCDAB89;
++ context->state[2] = 0x98BADCFE;
++ context->state[3] = 0x10325476;
++ context->state[4] = 0xC3D2E1F0;
++}
++
++
++/* Run your data through this. */
++
++void
++ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len)
++{
++ unsigned int i;
++ unsigned int j;
++
++ j = (unsigned)(uint32_t)((context->count >> 3) & 63);
++ context->count += (len << 3);
++ if ((j + len) > 63) {
++ memmove(&context->buffer[j], data, (i = 64 - j));
++ ldns_sha1_transform(context->state, context->buffer);
++ for ( ; i + 63 < len; i += 64) {
++ ldns_sha1_transform(context->state, &data[i]);
++ }
++ j = 0;
++ }
++ else i = 0;
++ memmove(&context->buffer[j], &data[i], len - i);
++}
++
++
++/* Add padding and return the message digest. */
++
++void
++ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context)
++{
++ unsigned int i;
++ unsigned char finalcount[8];
++
++ for (i = 0; i < 8; i++) {
++ finalcount[i] = (unsigned char)((context->count >>
++ ((7 - (i & 7)) * 8)) & 255); /* Endian independent */
++ }
++ ldns_sha1_update(context, (unsigned char *)"\200", 1);
++ while ((context->count & 504) != 448) {
++ ldns_sha1_update(context, (unsigned char *)"\0", 1);
++ }
++ ldns_sha1_update(context, finalcount, 8); /* Should cause a SHA1Transform() */
++
++ if (digest != NULL)
++ for (i = 0; i < LDNS_SHA1_DIGEST_LENGTH; i++) {
++ digest[i] = (unsigned char)((context->state[i >> 2] >>
++ ((3 - (i & 3)) * 8)) & 255);
++ }
++#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */
++ ldns_sha1_transform(context->state, context->buffer);
++#endif
++}
++
++unsigned char *
++ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest)
++{
++ ldns_sha1_ctx ctx;
++ ldns_sha1_init(&ctx);
++ ldns_sha1_update(&ctx, data, data_len);
++ ldns_sha1_final(digest, &ctx);
++ return digest;
++}
+diff --git a/ldns/src/sha2.c b/ldns/src/sha2.c
+new file mode 100644
+index 0000000..9a27122
+--- /dev/null
++++ b/ldns/src/sha2.c
+@@ -0,0 +1,991 @@
++/*
++ * FILE: sha2.c
++ * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/
++ *
++ * Copyright (c) 2000-2001, Aaron D. Gifford
++ * All rights reserved.
++ *
++ * Modified by Jelte Jansen to fit in ldns, and not clash with any
++ * system-defined SHA code.
++ * Changes:
++ * - Renamed (external) functions and constants to fit ldns style
++ * - Removed _End and _Data functions
++ * - Added ldns_shaX(data, len, digest) convenience functions
++ * - Removed prototypes of _Transform functions and made those static
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. Neither the name of the copyright holder nor the names of contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
++ */
++
++#include <ldns/config.h>
++#include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
++#include <assert.h> /* assert() */
++#include <ldns/sha2.h>
++
++/*
++ * ASSERT NOTE:
++ * Some sanity checking code is included using assert(). On my FreeBSD
++ * system, this additional code can be removed by compiling with NDEBUG
++ * defined. Check your own systems manpage on assert() to see how to
++ * compile WITHOUT the sanity checking code on your system.
++ *
++ * UNROLLED TRANSFORM LOOP NOTE:
++ * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
++ * loop version for the hash transform rounds (defined using macros
++ * later in this file). Either define on the command line, for example:
++ *
++ * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
++ *
++ * or define below:
++ *
++ * #define SHA2_UNROLL_TRANSFORM
++ *
++ */
++
++
++/*** SHA-256/384/512 Machine Architecture Definitions *****************/
++/*
++ * BYTE_ORDER NOTE:
++ *
++ * Please make sure that your system defines BYTE_ORDER. If your
++ * architecture is little-endian, make sure it also defines
++ * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
++ * equivilent.
++ *
++ * If your system does not define the above, then you can do so by
++ * hand like this:
++ *
++ * #define LITTLE_ENDIAN 1234
++ * #define BIG_ENDIAN 4321
++ *
++ * And for little-endian machines, add:
++ *
++ * #define BYTE_ORDER LITTLE_ENDIAN
++ *
++ * Or for big-endian machines:
++ *
++ * #define BYTE_ORDER BIG_ENDIAN
++ *
++ * The FreeBSD machine this was written on defines BYTE_ORDER
++ * appropriately by including <sys/types.h> (which in turn includes
++ * <machine/endian.h> where the appropriate definitions are actually
++ * made).
++ */
++#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
++#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
++#endif
++
++typedef uint8_t sha2_byte; /* Exactly 1 byte */
++typedef uint32_t sha2_word32; /* Exactly 4 bytes */
++#ifdef S_SPLINT_S
++typedef unsigned long long sha2_word64; /* lint 8 bytes */
++#else
++typedef uint64_t sha2_word64; /* Exactly 8 bytes */
++#endif
++
++/*** SHA-256/384/512 Various Length Definitions ***********************/
++/* NOTE: Most of these are in sha2.h */
++#define ldns_sha256_SHORT_BLOCK_LENGTH (LDNS_SHA256_BLOCK_LENGTH - 8)
++#define ldns_sha384_SHORT_BLOCK_LENGTH (LDNS_SHA384_BLOCK_LENGTH - 16)
++#define ldns_sha512_SHORT_BLOCK_LENGTH (LDNS_SHA512_BLOCK_LENGTH - 16)
++
++
++/*** ENDIAN REVERSAL MACROS *******************************************/
++#if BYTE_ORDER == LITTLE_ENDIAN
++#define REVERSE32(w,x) { \
++ sha2_word32 tmp = (w); \
++ tmp = (tmp >> 16) | (tmp << 16); \
++ (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
++}
++#ifndef S_SPLINT_S
++#define REVERSE64(w,x) { \
++ sha2_word64 tmp = (w); \
++ tmp = (tmp >> 32) | (tmp << 32); \
++ tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
++ ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
++ (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
++ ((tmp & 0x0000ffff0000ffffULL) << 16); \
++}
++#else /* splint */
++#define REVERSE64(w,x) /* splint */
++#endif /* splint */
++#endif /* BYTE_ORDER == LITTLE_ENDIAN */
++
++/*
++ * Macro for incrementally adding the unsigned 64-bit integer n to the
++ * unsigned 128-bit integer (represented using a two-element array of
++ * 64-bit words):
++ */
++#define ADDINC128(w,n) { \
++ (w)[0] += (sha2_word64)(n); \
++ if ((w)[0] < (n)) { \
++ (w)[1]++; \
++ } \
++}
++#ifdef S_SPLINT_S
++#undef ADDINC128
++#define ADDINC128(w,n) /* splint */
++#endif
++
++/*
++ * Macros for copying blocks of memory and for zeroing out ranges
++ * of memory. Using these macros makes it easy to switch from
++ * using memset()/memcpy() and using bzero()/bcopy().
++ *
++ * Please define either SHA2_USE_MEMSET_MEMCPY or define
++ * SHA2_USE_BZERO_BCOPY depending on which function set you
++ * choose to use:
++ */
++#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
++/* Default to memset()/memcpy() if no option is specified */
++#define SHA2_USE_MEMSET_MEMCPY 1
++#endif
++#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
++/* Abort with an error if BOTH options are defined */
++#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
++#endif
++
++#ifdef SHA2_USE_MEMSET_MEMCPY
++#define MEMSET_BZERO(p,l) memset((p), 0, (l))
++#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
++#endif
++#ifdef SHA2_USE_BZERO_BCOPY
++#define MEMSET_BZERO(p,l) bzero((p), (l))
++#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
++#endif
++
++
++/*** THE SIX LOGICAL FUNCTIONS ****************************************/
++/*
++ * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
++ *
++ * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
++ * S is a ROTATION) because the SHA-256/384/512 description document
++ * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
++ * same "backwards" definition.
++ */
++/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
++#define R(b,x) ((x) >> (b))
++/* 32-bit Rotate-right (used in SHA-256): */
++#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
++/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
++#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
++
++/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
++#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
++#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
++
++/* Four of six logical functions used in SHA-256: */
++#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
++#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
++#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
++#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
++
++/* Four of six logical functions used in SHA-384 and SHA-512: */
++#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
++#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
++#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
++#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
++
++/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
++/* Hash constant words K for SHA-256: */
++static const sha2_word32 K256[64] = {
++ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
++ 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
++ 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
++ 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
++ 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
++ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
++ 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
++ 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
++ 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
++ 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
++ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
++ 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
++ 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
++ 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
++ 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
++ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
++};
++
++/* initial hash value H for SHA-256: */
++static const sha2_word32 ldns_sha256_initial_hash_value[8] = {
++ 0x6a09e667UL,
++ 0xbb67ae85UL,
++ 0x3c6ef372UL,
++ 0xa54ff53aUL,
++ 0x510e527fUL,
++ 0x9b05688cUL,
++ 0x1f83d9abUL,
++ 0x5be0cd19UL
++};
++
++/* Hash constant words K for SHA-384 and SHA-512: */
++static const sha2_word64 K512[80] = {
++ 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
++ 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
++ 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
++ 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
++ 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
++ 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
++ 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
++ 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
++ 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
++ 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
++ 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
++ 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
++ 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
++ 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
++ 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
++ 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
++ 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
++ 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
++ 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
++ 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
++ 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
++ 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
++ 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
++ 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
++ 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
++ 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
++ 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
++ 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
++ 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
++ 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
++ 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
++ 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
++ 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
++ 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
++ 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
++ 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
++ 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
++ 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
++ 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
++ 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
++};
++
++/* initial hash value H for SHA-384 */
++static const sha2_word64 sha384_initial_hash_value[8] = {
++ 0xcbbb9d5dc1059ed8ULL,
++ 0x629a292a367cd507ULL,
++ 0x9159015a3070dd17ULL,
++ 0x152fecd8f70e5939ULL,
++ 0x67332667ffc00b31ULL,
++ 0x8eb44a8768581511ULL,
++ 0xdb0c2e0d64f98fa7ULL,
++ 0x47b5481dbefa4fa4ULL
++};
++
++/* initial hash value H for SHA-512 */
++static const sha2_word64 sha512_initial_hash_value[8] = {
++ 0x6a09e667f3bcc908ULL,
++ 0xbb67ae8584caa73bULL,
++ 0x3c6ef372fe94f82bULL,
++ 0xa54ff53a5f1d36f1ULL,
++ 0x510e527fade682d1ULL,
++ 0x9b05688c2b3e6c1fULL,
++ 0x1f83d9abfb41bd6bULL,
++ 0x5be0cd19137e2179ULL
++};
++
++/*** SHA-256: *********************************************************/
++void ldns_sha256_init(ldns_sha256_CTX* context) {
++ if (context == (ldns_sha256_CTX*)0) {
++ return;
++ }
++ MEMCPY_BCOPY(context->state, ldns_sha256_initial_hash_value, LDNS_SHA256_DIGEST_LENGTH);
++ MEMSET_BZERO(context->buffer, LDNS_SHA256_BLOCK_LENGTH);
++ context->bitcount = 0;
++}
++
++#ifdef SHA2_UNROLL_TRANSFORM
++
++/* Unrolled SHA-256 round macros: */
++
++#if BYTE_ORDER == LITTLE_ENDIAN
++
++#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
++ REVERSE32(*data++, W256[j]); \
++ T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
++ K256[j] + W256[j]; \
++ (d) += T1; \
++ (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
++ j++
++
++
++#else /* BYTE_ORDER == LITTLE_ENDIAN */
++
++#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
++ T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
++ K256[j] + (W256[j] = *data++); \
++ (d) += T1; \
++ (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
++ j++
++
++#endif /* BYTE_ORDER == LITTLE_ENDIAN */
++
++#define ROUND256(a,b,c,d,e,f,g,h) \
++ s0 = W256[(j+1)&0x0f]; \
++ s0 = sigma0_256(s0); \
++ s1 = W256[(j+14)&0x0f]; \
++ s1 = sigma1_256(s1); \
++ T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
++ (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
++ (d) += T1; \
++ (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
++ j++
++
++static void ldns_sha256_Transform(ldns_sha256_CTX* context,
++ const sha2_word32* data) {
++ sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
++ sha2_word32 T1, *W256;
++ int j;
++
++ W256 = (sha2_word32*)context->buffer;
++
++ /* initialize registers with the prev. intermediate value */
++ a = context->state[0];
++ b = context->state[1];
++ c = context->state[2];
++ d = context->state[3];
++ e = context->state[4];
++ f = context->state[5];
++ g = context->state[6];
++ h = context->state[7];
++
++ j = 0;
++ do {
++ /* Rounds 0 to 15 (unrolled): */
++ ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
++ ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
++ ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
++ ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
++ ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
++ ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
++ ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
++ ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
++ } while (j < 16);
++
++ /* Now for the remaining rounds to 64: */
++ do {
++ ROUND256(a,b,c,d,e,f,g,h);
++ ROUND256(h,a,b,c,d,e,f,g);
++ ROUND256(g,h,a,b,c,d,e,f);
++ ROUND256(f,g,h,a,b,c,d,e);
++ ROUND256(e,f,g,h,a,b,c,d);
++ ROUND256(d,e,f,g,h,a,b,c);
++ ROUND256(c,d,e,f,g,h,a,b);
++ ROUND256(b,c,d,e,f,g,h,a);
++ } while (j < 64);
++
++ /* Compute the current intermediate hash value */
++ context->state[0] += a;
++ context->state[1] += b;
++ context->state[2] += c;
++ context->state[3] += d;
++ context->state[4] += e;
++ context->state[5] += f;
++ context->state[6] += g;
++ context->state[7] += h;
++
++ /* Clean up */
++ a = b = c = d = e = f = g = h = T1 = 0;
++}
++
++#else /* SHA2_UNROLL_TRANSFORM */
++
++static void ldns_sha256_Transform(ldns_sha256_CTX* context,
++ const sha2_word32* data) {
++ sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
++ sha2_word32 T1, T2, *W256;
++ int j;
++
++ W256 = (sha2_word32*)context->buffer;
++
++ /* initialize registers with the prev. intermediate value */
++ a = context->state[0];
++ b = context->state[1];
++ c = context->state[2];
++ d = context->state[3];
++ e = context->state[4];
++ f = context->state[5];
++ g = context->state[6];
++ h = context->state[7];
++
++ j = 0;
++ do {
++#if BYTE_ORDER == LITTLE_ENDIAN
++ /* Copy data while converting to host byte order */
++ REVERSE32(*data++,W256[j]);
++ /* Apply the SHA-256 compression function to update a..h */
++ T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
++#else /* BYTE_ORDER == LITTLE_ENDIAN */
++ /* Apply the SHA-256 compression function to update a..h with copy */
++ T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
++#endif /* BYTE_ORDER == LITTLE_ENDIAN */
++ T2 = Sigma0_256(a) + Maj(a, b, c);
++ h = g;
++ g = f;
++ f = e;
++ e = d + T1;
++ d = c;
++ c = b;
++ b = a;
++ a = T1 + T2;
++
++ j++;
++ } while (j < 16);
++
++ do {
++ /* Part of the message block expansion: */
++ s0 = W256[(j+1)&0x0f];
++ s0 = sigma0_256(s0);
++ s1 = W256[(j+14)&0x0f];
++ s1 = sigma1_256(s1);
++
++ /* Apply the SHA-256 compression function to update a..h */
++ T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
++ (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
++ T2 = Sigma0_256(a) + Maj(a, b, c);
++ h = g;
++ g = f;
++ f = e;
++ e = d + T1;
++ d = c;
++ c = b;
++ b = a;
++ a = T1 + T2;
++
++ j++;
++ } while (j < 64);
++
++ /* Compute the current intermediate hash value */
++ context->state[0] += a;
++ context->state[1] += b;
++ context->state[2] += c;
++ context->state[3] += d;
++ context->state[4] += e;
++ context->state[5] += f;
++ context->state[6] += g;
++ context->state[7] += h;
++
++ /* Clean up */
++ a = b = c = d = e = f = g = h = T1 = T2 = 0;
++}
++
++#endif /* SHA2_UNROLL_TRANSFORM */
++
++void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t len) {
++ size_t freespace, usedspace;
++
++ if (len == 0) {
++ /* Calling with no data is valid - we do nothing */
++ return;
++ }
++
++ /* Sanity check: */
++ assert(context != (ldns_sha256_CTX*)0 && data != (sha2_byte*)0);
++
++ usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH;
++ if (usedspace > 0) {
++ /* Calculate how much free space is available in the buffer */
++ freespace = LDNS_SHA256_BLOCK_LENGTH - usedspace;
++
++ if (len >= freespace) {
++ /* Fill the buffer completely and process it */
++ MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
++ context->bitcount += freespace << 3;
++ len -= freespace;
++ data += freespace;
++ ldns_sha256_Transform(context, (sha2_word32*)context->buffer);
++ } else {
++ /* The buffer is not yet full */
++ MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
++ context->bitcount += len << 3;
++ /* Clean up: */
++ usedspace = freespace = 0;
++ return;
++ }
++ }
++ while (len >= LDNS_SHA256_BLOCK_LENGTH) {
++ /* Process as many complete blocks as we can */
++ ldns_sha256_Transform(context, (sha2_word32*)data);
++ context->bitcount += LDNS_SHA256_BLOCK_LENGTH << 3;
++ len -= LDNS_SHA256_BLOCK_LENGTH;
++ data += LDNS_SHA256_BLOCK_LENGTH;
++ }
++ if (len > 0) {
++ /* There's left-overs, so save 'em */
++ MEMCPY_BCOPY(context->buffer, data, len);
++ context->bitcount += len << 3;
++ }
++ /* Clean up: */
++ usedspace = freespace = 0;
++}
++
++typedef union _ldns_sha2_buffer_union {
++ uint8_t* theChars;
++ uint64_t* theLongs;
++} ldns_sha2_buffer_union;
++
++void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) {
++ sha2_word32 *d = (sha2_word32*)digest;
++ size_t usedspace;
++ ldns_sha2_buffer_union cast_var;
++
++ /* Sanity check: */
++ assert(context != (ldns_sha256_CTX*)0);
++
++ /* If no digest buffer is passed, we don't bother doing this: */
++ if (digest != (sha2_byte*)0) {
++ usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH;
++#if BYTE_ORDER == LITTLE_ENDIAN
++ /* Convert FROM host byte order */
++ REVERSE64(context->bitcount,context->bitcount);
++#endif
++ if (usedspace > 0) {
++ /* Begin padding with a 1 bit: */
++ context->buffer[usedspace++] = 0x80;
++
++ if (usedspace <= ldns_sha256_SHORT_BLOCK_LENGTH) {
++ /* Set-up for the last transform: */
++ MEMSET_BZERO(&context->buffer[usedspace], ldns_sha256_SHORT_BLOCK_LENGTH - usedspace);
++ } else {
++ if (usedspace < LDNS_SHA256_BLOCK_LENGTH) {
++ MEMSET_BZERO(&context->buffer[usedspace], LDNS_SHA256_BLOCK_LENGTH - usedspace);
++ }
++ /* Do second-to-last transform: */
++ ldns_sha256_Transform(context, (sha2_word32*)context->buffer);
++
++ /* And set-up for the last transform: */
++ MEMSET_BZERO(context->buffer, ldns_sha256_SHORT_BLOCK_LENGTH);
++ }
++ } else {
++ /* Set-up for the last transform: */
++ MEMSET_BZERO(context->buffer, ldns_sha256_SHORT_BLOCK_LENGTH);
++
++ /* Begin padding with a 1 bit: */
++ *context->buffer = 0x80;
++ }
++ /* Set the bit count: */
++ cast_var.theChars = context->buffer;
++ cast_var.theLongs[ldns_sha256_SHORT_BLOCK_LENGTH / 8] = context->bitcount;
++
++ /* final transform: */
++ ldns_sha256_Transform(context, (sha2_word32*)context->buffer);
++
++#if BYTE_ORDER == LITTLE_ENDIAN
++ {
++ /* Convert TO host byte order */
++ int j;
++ for (j = 0; j < 8; j++) {
++ REVERSE32(context->state[j],context->state[j]);
++ *d++ = context->state[j];
++ }
++ }
++#else
++ MEMCPY_BCOPY(d, context->state, LDNS_SHA256_DIGEST_LENGTH);
++#endif
++ }
++
++ /* Clean up state data: */
++ MEMSET_BZERO(context, sizeof(ldns_sha256_CTX));
++ usedspace = 0;
++}
++
++unsigned char *
++ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest)
++{
++ ldns_sha256_CTX ctx;
++ ldns_sha256_init(&ctx);
++ ldns_sha256_update(&ctx, data, data_len);
++ ldns_sha256_final(digest, &ctx);
++ return digest;
++}
++
++/*** SHA-512: *********************************************************/
++void ldns_sha512_init(ldns_sha512_CTX* context) {
++ if (context == (ldns_sha512_CTX*)0) {
++ return;
++ }
++ MEMCPY_BCOPY(context->state, sha512_initial_hash_value, LDNS_SHA512_DIGEST_LENGTH);
++ MEMSET_BZERO(context->buffer, LDNS_SHA512_BLOCK_LENGTH);
++ context->bitcount[0] = context->bitcount[1] = 0;
++}
++
++#ifdef SHA2_UNROLL_TRANSFORM
++
++/* Unrolled SHA-512 round macros: */
++#if BYTE_ORDER == LITTLE_ENDIAN
++
++#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
++ REVERSE64(*data++, W512[j]); \
++ T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
++ K512[j] + W512[j]; \
++ (d) += T1, \
++ (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
++ j++
++
++
++#else /* BYTE_ORDER == LITTLE_ENDIAN */
++
++#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
++ T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
++ K512[j] + (W512[j] = *data++); \
++ (d) += T1; \
++ (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
++ j++
++
++#endif /* BYTE_ORDER == LITTLE_ENDIAN */
++
++#define ROUND512(a,b,c,d,e,f,g,h) \
++ s0 = W512[(j+1)&0x0f]; \
++ s0 = sigma0_512(s0); \
++ s1 = W512[(j+14)&0x0f]; \
++ s1 = sigma1_512(s1); \
++ T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
++ (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
++ (d) += T1; \
++ (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
++ j++
++
++static void ldns_sha512_Transform(ldns_sha512_CTX* context,
++ const sha2_word64* data) {
++ sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
++ sha2_word64 T1, *W512 = (sha2_word64*)context->buffer;
++ int j;
++
++ /* initialize registers with the prev. intermediate value */
++ a = context->state[0];
++ b = context->state[1];
++ c = context->state[2];
++ d = context->state[3];
++ e = context->state[4];
++ f = context->state[5];
++ g = context->state[6];
++ h = context->state[7];
++
++ j = 0;
++ do {
++ ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
++ ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
++ ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
++ ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
++ ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
++ ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
++ ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
++ ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
++ } while (j < 16);
++
++ /* Now for the remaining rounds up to 79: */
++ do {
++ ROUND512(a,b,c,d,e,f,g,h);
++ ROUND512(h,a,b,c,d,e,f,g);
++ ROUND512(g,h,a,b,c,d,e,f);
++ ROUND512(f,g,h,a,b,c,d,e);
++ ROUND512(e,f,g,h,a,b,c,d);
++ ROUND512(d,e,f,g,h,a,b,c);
++ ROUND512(c,d,e,f,g,h,a,b);
++ ROUND512(b,c,d,e,f,g,h,a);
++ } while (j < 80);
++
++ /* Compute the current intermediate hash value */
++ context->state[0] += a;
++ context->state[1] += b;
++ context->state[2] += c;
++ context->state[3] += d;
++ context->state[4] += e;
++ context->state[5] += f;
++ context->state[6] += g;
++ context->state[7] += h;
++
++ /* Clean up */
++ a = b = c = d = e = f = g = h = T1 = 0;
++}
++
++#else /* SHA2_UNROLL_TRANSFORM */
++
++static void ldns_sha512_Transform(ldns_sha512_CTX* context,
++ const sha2_word64* data) {
++ sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
++ sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
++ int j;
++
++ /* initialize registers with the prev. intermediate value */
++ a = context->state[0];
++ b = context->state[1];
++ c = context->state[2];
++ d = context->state[3];
++ e = context->state[4];
++ f = context->state[5];
++ g = context->state[6];
++ h = context->state[7];
++
++ j = 0;
++ do {
++#if BYTE_ORDER == LITTLE_ENDIAN
++ /* Convert TO host byte order */
++ REVERSE64(*data++, W512[j]);
++ /* Apply the SHA-512 compression function to update a..h */
++ T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
++#else /* BYTE_ORDER == LITTLE_ENDIAN */
++ /* Apply the SHA-512 compression function to update a..h with copy */
++ T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
++#endif /* BYTE_ORDER == LITTLE_ENDIAN */
++ T2 = Sigma0_512(a) + Maj(a, b, c);
++ h = g;
++ g = f;
++ f = e;
++ e = d + T1;
++ d = c;
++ c = b;
++ b = a;
++ a = T1 + T2;
++
++ j++;
++ } while (j < 16);
++
++ do {
++ /* Part of the message block expansion: */
++ s0 = W512[(j+1)&0x0f];
++ s0 = sigma0_512(s0);
++ s1 = W512[(j+14)&0x0f];
++ s1 = sigma1_512(s1);
++
++ /* Apply the SHA-512 compression function to update a..h */
++ T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
++ (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
++ T2 = Sigma0_512(a) + Maj(a, b, c);
++ h = g;
++ g = f;
++ f = e;
++ e = d + T1;
++ d = c;
++ c = b;
++ b = a;
++ a = T1 + T2;
++
++ j++;
++ } while (j < 80);
++
++ /* Compute the current intermediate hash value */
++ context->state[0] += a;
++ context->state[1] += b;
++ context->state[2] += c;
++ context->state[3] += d;
++ context->state[4] += e;
++ context->state[5] += f;
++ context->state[6] += g;
++ context->state[7] += h;
++
++ /* Clean up */
++ a = b = c = d = e = f = g = h = T1 = T2 = 0;
++}
++
++#endif /* SHA2_UNROLL_TRANSFORM */
++
++void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t len) {
++ size_t freespace, usedspace;
++
++ if (len == 0) {
++ /* Calling with no data is valid - we do nothing */
++ return;
++ }
++
++ /* Sanity check: */
++ assert(context != (ldns_sha512_CTX*)0 && data != (sha2_byte*)0);
++
++ usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH;
++ if (usedspace > 0) {
++ /* Calculate how much free space is available in the buffer */
++ freespace = LDNS_SHA512_BLOCK_LENGTH - usedspace;
++
++ if (len >= freespace) {
++ /* Fill the buffer completely and process it */
++ MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
++ ADDINC128(context->bitcount, freespace << 3);
++ len -= freespace;
++ data += freespace;
++ ldns_sha512_Transform(context, (sha2_word64*)context->buffer);
++ } else {
++ /* The buffer is not yet full */
++ MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
++ ADDINC128(context->bitcount, len << 3);
++ /* Clean up: */
++ usedspace = freespace = 0;
++ return;
++ }
++ }
++ while (len >= LDNS_SHA512_BLOCK_LENGTH) {
++ /* Process as many complete blocks as we can */
++ ldns_sha512_Transform(context, (sha2_word64*)data);
++ ADDINC128(context->bitcount, LDNS_SHA512_BLOCK_LENGTH << 3);
++ len -= LDNS_SHA512_BLOCK_LENGTH;
++ data += LDNS_SHA512_BLOCK_LENGTH;
++ }
++ if (len > 0) {
++ /* There's left-overs, so save 'em */
++ MEMCPY_BCOPY(context->buffer, data, len);
++ ADDINC128(context->bitcount, len << 3);
++ }
++ /* Clean up: */
++ usedspace = freespace = 0;
++}
++
++static void ldns_sha512_Last(ldns_sha512_CTX* context) {
++ size_t usedspace;
++ ldns_sha2_buffer_union cast_var;
++
++ usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH;
++#if BYTE_ORDER == LITTLE_ENDIAN
++ /* Convert FROM host byte order */
++ REVERSE64(context->bitcount[0],context->bitcount[0]);
++ REVERSE64(context->bitcount[1],context->bitcount[1]);
++#endif
++ if (usedspace > 0) {
++ /* Begin padding with a 1 bit: */
++ context->buffer[usedspace++] = 0x80;
++
++ if (usedspace <= ldns_sha512_SHORT_BLOCK_LENGTH) {
++ /* Set-up for the last transform: */
++ MEMSET_BZERO(&context->buffer[usedspace], ldns_sha512_SHORT_BLOCK_LENGTH - usedspace);
++ } else {
++ if (usedspace < LDNS_SHA512_BLOCK_LENGTH) {
++ MEMSET_BZERO(&context->buffer[usedspace], LDNS_SHA512_BLOCK_LENGTH - usedspace);
++ }
++ /* Do second-to-last transform: */
++ ldns_sha512_Transform(context, (sha2_word64*)context->buffer);
++
++ /* And set-up for the last transform: */
++ MEMSET_BZERO(context->buffer, LDNS_SHA512_BLOCK_LENGTH - 2);
++ }
++ } else {
++ /* Prepare for final transform: */
++ MEMSET_BZERO(context->buffer, ldns_sha512_SHORT_BLOCK_LENGTH);
++
++ /* Begin padding with a 1 bit: */
++ *context->buffer = 0x80;
++ }
++ /* Store the length of input data (in bits): */
++ cast_var.theChars = context->buffer;
++ cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8] = context->bitcount[1];
++ cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8 + 1] = context->bitcount[0];
++
++ /* final transform: */
++ ldns_sha512_Transform(context, (sha2_word64*)context->buffer);
++}
++
++void ldns_sha512_final(sha2_byte digest[], ldns_sha512_CTX* context) {
++ sha2_word64 *d = (sha2_word64*)digest;
++
++ /* Sanity check: */
++ assert(context != (ldns_sha512_CTX*)0);
++
++ /* If no digest buffer is passed, we don't bother doing this: */
++ if (digest != (sha2_byte*)0) {
++ ldns_sha512_Last(context);
++
++ /* Save the hash data for output: */
++#if BYTE_ORDER == LITTLE_ENDIAN
++ {
++ /* Convert TO host byte order */
++ int j;
++ for (j = 0; j < 8; j++) {
++ REVERSE64(context->state[j],context->state[j]);
++ *d++ = context->state[j];
++ }
++ }
++#else
++ MEMCPY_BCOPY(d, context->state, LDNS_SHA512_DIGEST_LENGTH);
++#endif
++ }
++
++ /* Zero out state data */
++ MEMSET_BZERO(context, sizeof(ldns_sha512_CTX));
++}
++
++unsigned char *
++ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest)
++{
++ ldns_sha512_CTX ctx;
++ ldns_sha512_init(&ctx);
++ ldns_sha512_update(&ctx, data, data_len);
++ ldns_sha512_final(digest, &ctx);
++ return digest;
++}
++
++/*** SHA-384: *********************************************************/
++void ldns_sha384_init(ldns_sha384_CTX* context) {
++ if (context == (ldns_sha384_CTX*)0) {
++ return;
++ }
++ MEMCPY_BCOPY(context->state, sha384_initial_hash_value, LDNS_SHA512_DIGEST_LENGTH);
++ MEMSET_BZERO(context->buffer, LDNS_SHA384_BLOCK_LENGTH);
++ context->bitcount[0] = context->bitcount[1] = 0;
++}
++
++void ldns_sha384_update(ldns_sha384_CTX* context, const sha2_byte* data, size_t len) {
++ ldns_sha512_update((ldns_sha512_CTX*)context, data, len);
++}
++
++void ldns_sha384_final(sha2_byte digest[], ldns_sha384_CTX* context) {
++ sha2_word64 *d = (sha2_word64*)digest;
++
++ /* Sanity check: */
++ assert(context != (ldns_sha384_CTX*)0);
++
++ /* If no digest buffer is passed, we don't bother doing this: */
++ if (digest != (sha2_byte*)0) {
++ ldns_sha512_Last((ldns_sha512_CTX*)context);
++
++ /* Save the hash data for output: */
++#if BYTE_ORDER == LITTLE_ENDIAN
++ {
++ /* Convert TO host byte order */
++ int j;
++ for (j = 0; j < 6; j++) {
++ REVERSE64(context->state[j],context->state[j]);
++ *d++ = context->state[j];
++ }
++ }
++#else
++ MEMCPY_BCOPY(d, context->state, LDNS_SHA384_DIGEST_LENGTH);
++#endif
++ }
++
++ /* Zero out state data */
++ MEMSET_BZERO(context, sizeof(ldns_sha384_CTX));
++}
++
++unsigned char *
++ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest)
++{
++ ldns_sha384_CTX ctx;
++ ldns_sha384_init(&ctx);
++ ldns_sha384_update(&ctx, data, data_len);
++ ldns_sha384_final(digest, &ctx);
++ return digest;
++}
+diff --git a/ldns/src/str2host.c b/ldns/src/str2host.c
+new file mode 100644
+index 0000000..cd07c89
+--- /dev/null
++++ b/ldns/src/str2host.c
+@@ -0,0 +1,1604 @@
++/*
++ * str2host.c
++ *
++ * conversion routines from the presentation format
++ * to the host format
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#ifdef HAVE_SYS_SOCKET_H
++#include <sys/socket.h>
++#endif
++#ifdef HAVE_ARPA_INET_H
++#include <arpa/inet.h>
++#endif
++#include <time.h>
++
++#include <errno.h>
++#ifdef HAVE_NETDB_H
++#include <netdb.h>
++#endif
++
++#include <limits.h>
++#ifdef HAVE_SYS_PARAM_H
++#include <sys/param.h>
++#endif
++
++ldns_status
++ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr)
++{
++ char *end = NULL;
++ uint16_t *r;
++ r = LDNS_MALLOC(uint16_t);
++ if(!r) return LDNS_STATUS_MEM_ERR;
++
++ *r = htons((uint16_t)strtol((char *)shortstr, &end, 10));
++
++ if(*end != 0) {
++ LDNS_FREE(r);
++ return LDNS_STATUS_INVALID_INT;
++ } else {
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_INT16, sizeof(uint16_t), r);
++ LDNS_FREE(r);
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++ }
++}
++
++ldns_status
++ldns_str2rdf_time(ldns_rdf **rd, const char *time)
++{
++ /* convert a time YYYYDDMMHHMMSS to wireformat */
++ uint16_t *r = NULL;
++ struct tm tm;
++ uint32_t l;
++ char *end;
++
++ /* Try to scan the time... */
++ r = (uint16_t*)LDNS_MALLOC(uint32_t);
++ if(!r) return LDNS_STATUS_MEM_ERR;
++
++ memset(&tm, 0, sizeof(tm));
++
++ if (strlen(time) == 14 &&
++ sscanf(time, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) == 6
++ ) {
++ tm.tm_year -= 1900;
++ tm.tm_mon--;
++ /* Check values */
++ if (tm.tm_year < 70) {
++ goto bad_format;
++ }
++ if (tm.tm_mon < 0 || tm.tm_mon > 11) {
++ goto bad_format;
++ }
++ if (tm.tm_mday < 1 || tm.tm_mday > 31) {
++ goto bad_format;
++ }
++
++ if (tm.tm_hour < 0 || tm.tm_hour > 23) {
++ goto bad_format;
++ }
++
++ if (tm.tm_min < 0 || tm.tm_min > 59) {
++ goto bad_format;
++ }
++
++ if (tm.tm_sec < 0 || tm.tm_sec > 59) {
++ goto bad_format;
++ }
++
++ l = htonl(ldns_mktime_from_utc(&tm));
++ memcpy(r, &l, sizeof(uint32_t));
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_TIME, sizeof(uint32_t), r);
++ LDNS_FREE(r);
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++ } else {
++ /* handle it as 32 bits timestamp */
++ l = htonl((uint32_t)strtol((char*)time, &end, 10));
++ if(*end != 0) {
++ LDNS_FREE(r);
++ return LDNS_STATUS_ERR;
++ } else {
++ memcpy(r, &l, sizeof(uint32_t));
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r);
++ LDNS_FREE(r);
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++ }
++ }
++
++ bad_format:
++ LDNS_FREE(r);
++ return LDNS_STATUS_INVALID_TIME;
++}
++
++ldns_status
++ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *salt_str)
++{
++ uint8_t salt_length;
++ int c;
++ int salt_length_str;
++
++ uint8_t *salt;
++ uint8_t *data;
++ if(rd == NULL) {
++ return LDNS_STATUS_NULL;
++ }
++
++ salt_length_str = (int)strlen(salt_str);
++ if (salt_length_str == 1 && salt_str[0] == '-') {
++ salt_length_str = 0;
++ } else if (salt_length_str % 2 != 0) {
++ return LDNS_STATUS_INVALID_HEX;
++ }
++ if (salt_length_str > 512) {
++ return LDNS_STATUS_INVALID_HEX;
++ }
++
++ salt = LDNS_XMALLOC(uint8_t, salt_length_str / 2);
++ if(!salt) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ for (c = 0; c < salt_length_str; c += 2) {
++ if (isxdigit((int) salt_str[c]) && isxdigit((int) salt_str[c+1])) {
++ salt[c/2] = (uint8_t) ldns_hexdigit_to_int(salt_str[c]) * 16 +
++ ldns_hexdigit_to_int(salt_str[c+1]);
++ } else {
++ LDNS_FREE(salt);
++ return LDNS_STATUS_INVALID_HEX;
++ }
++ }
++ salt_length = (uint8_t) (salt_length_str / 2);
++
++ data = LDNS_XMALLOC(uint8_t, 1 + salt_length);
++ if(!data) {
++ LDNS_FREE(salt);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ data[0] = salt_length;
++ memcpy(&data[1], salt, salt_length);
++ *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, 1 + salt_length, data);
++ LDNS_FREE(data);
++ LDNS_FREE(salt);
++
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_period(ldns_rdf **rd,const char *period)
++{
++ uint32_t p;
++ const char *end;
++
++ /* Allocate required space... */
++ p = ldns_str2period(period, &end);
++
++ if (*end != 0) {
++ return LDNS_STATUS_ERR;
++ } else {
++ p = (uint32_t) htonl(p);
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_PERIOD, sizeof(uint32_t), &p);
++ }
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr)
++{
++ char *end;
++ uint16_t *r = NULL;
++ uint32_t l;
++
++ r = (uint16_t*)LDNS_MALLOC(uint32_t);
++ if(!r) return LDNS_STATUS_MEM_ERR;
++ errno = 0; /* must set to zero before call,
++ note race condition on errno */
++ if(*longstr == '-')
++ l = htonl((uint32_t)strtol((char*)longstr, &end, 10));
++ else l = htonl((uint32_t)strtoul((char*)longstr, &end, 10));
++
++ if(*end != 0) {
++ LDNS_FREE(r);
++ return LDNS_STATUS_ERR;
++ } else {
++ if (errno == ERANGE) {
++ LDNS_FREE(r);
++ return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW;
++ }
++ memcpy(r, &l, sizeof(uint32_t));
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r);
++ LDNS_FREE(r);
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++ }
++}
++
++ldns_status
++ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr)
++{
++ char *end;
++ uint8_t *r = NULL;
++
++ r = LDNS_MALLOC(uint8_t);
++ if(!r) return LDNS_STATUS_MEM_ERR;
++
++ *r = (uint8_t)strtol((char*)bytestr, &end, 10);
++
++ if(*end != 0) {
++ LDNS_FREE(r);
++ return LDNS_STATUS_ERR;
++ } else {
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_INT8, sizeof(uint8_t), r);
++ LDNS_FREE(r);
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++ }
++}
++
++
++/*
++ * Checks whether the escaped value at **s is an decimal value or
++ * a 'normally' escaped character (and not eos)
++ *
++ * The string pointer at *s is increased by either 0 (on error), 1 (on
++ * normal escapes), or 3 (on decimals)
++ *
++ * Returns the number of bytes read from the escaped string, or
++ * 0 on error
++ */
++INLINE bool
++parse_escape(uint8_t *ch_p, const char** str_p)
++{
++ uint16_t val;
++
++ if ((*str_p)[0] && isdigit((*str_p)[0]) &&
++ (*str_p)[1] && isdigit((*str_p)[1]) &&
++ (*str_p)[2] && isdigit((*str_p)[2])) {
++
++ val = (uint16_t)(((*str_p)[0] - '0') * 100 +
++ ((*str_p)[1] - '0') * 10 +
++ ((*str_p)[2] - '0'));
++
++ if (val > 255) {
++ goto error;
++ }
++ *ch_p = (uint8_t)val;
++ *str_p += 3;
++ return true;
++
++ } else if ((*str_p)[0] && !isdigit((*str_p)[0])) {
++
++ *ch_p = (uint8_t)*(*str_p)++;
++ return true;
++ }
++error:
++ *str_p = NULL;
++ return false; /* LDNS_STATUS_SYNTAX_BAD_ESCAPE */
++}
++
++INLINE bool
++parse_char(uint8_t *ch_p, const char** str_p)
++{
++ switch (**str_p) {
++
++ case '\0': return false;
++
++ case '\\': *str_p += 1;
++ return parse_escape(ch_p, str_p);
++
++ default: *ch_p = (uint8_t)*(*str_p)++;
++ return true;
++ }
++}
++
++/*
++ * No special care is taken, all dots are translated into
++ * label seperators.
++ * Could be made more efficient....we do 3 memcpy's in total...
++ */
++ldns_status
++ldns_str2rdf_dname(ldns_rdf **d, const char *str)
++{
++ size_t len;
++
++ const char *s;
++ uint8_t *q, *pq, label_len;
++ uint8_t buf[LDNS_MAX_DOMAINLEN + 1];
++ *d = NULL;
++
++ len = strlen((char*)str);
++ /* octet representation can make strings a lot longer than actual length */
++ if (len > LDNS_MAX_DOMAINLEN * 4) {
++ return LDNS_STATUS_DOMAINNAME_OVERFLOW;
++ }
++ if (0 == len) {
++ return LDNS_STATUS_DOMAINNAME_UNDERFLOW;
++ }
++
++ /* root label */
++ if (1 == len && *str == '.') {
++ *d = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, 1, "\0");
++ return LDNS_STATUS_OK;
++ }
++
++ /* get on with the rest */
++
++ /* s is on the current character in the string
++ * pq points to where the labellength is going to go
++ * label_len keeps track of the current label's length
++ * q builds the dname inside the buf array
++ */
++ len = 0;
++ q = buf+1;
++ pq = buf;
++ label_len = 0;
++ for (s = str; *s; s++, q++) {
++ if (q > buf + LDNS_MAX_DOMAINLEN) {
++ return LDNS_STATUS_DOMAINNAME_OVERFLOW;
++ }
++ *q = 0;
++ switch (*s) {
++ case '.':
++ if (label_len > LDNS_MAX_LABELLEN) {
++ return LDNS_STATUS_LABEL_OVERFLOW;
++ }
++ if (label_len == 0) {
++ return LDNS_STATUS_EMPTY_LABEL;
++ }
++ len += label_len + 1;
++ *pq = label_len;
++ label_len = 0;
++ pq = q;
++ break;
++ case '\\':
++ /* octet value or literal char */
++ s += 1;
++ if (! parse_escape(q, &s)) {
++ return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
++ }
++ s -= 1;
++ label_len++;
++ break;
++ default:
++ *q = (uint8_t)*s;
++ label_len++;
++ }
++ }
++
++ /* add root label if last char was not '.' */
++ if (!ldns_dname_str_absolute(str)) {
++ if (q > buf + LDNS_MAX_DOMAINLEN) {
++ return LDNS_STATUS_DOMAINNAME_OVERFLOW;
++ }
++ if (label_len > LDNS_MAX_LABELLEN) {
++ return LDNS_STATUS_LABEL_OVERFLOW;
++ }
++ if (label_len == 0) { /* label_len 0 but not . at end? */
++ return LDNS_STATUS_EMPTY_LABEL;
++ }
++ len += label_len + 1;
++ *pq = label_len;
++ *q = 0;
++ }
++ len++;
++
++ *d = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, len, buf);
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_str2rdf_a(ldns_rdf **rd, const char *str)
++{
++ in_addr_t address;
++ if (inet_pton(AF_INET, (char*)str, &address) != 1) {
++ return LDNS_STATUS_INVALID_IP4;
++ } else {
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_A, sizeof(address), &address);
++ }
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str)
++{
++ uint8_t address[LDNS_IP6ADDRLEN + 1];
++
++ if (inet_pton(AF_INET6, (char*)str, address) != 1) {
++ return LDNS_STATUS_INVALID_IP6;
++ } else {
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_AAAA, sizeof(address) - 1, &address);
++ }
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_str(ldns_rdf **rd, const char *str)
++{
++ uint8_t *data, *dp, ch = 0;
++ size_t length;
++
++ /* Worst case space requirement. We'll realloc to actual size later. */
++ dp = data = LDNS_XMALLOC(uint8_t, strlen(str) > 255 ? 256 : (strlen(str) + 1));
++ if (! data) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ /* Fill data (up to 255 characters) */
++ while (parse_char(&ch, &str)) {
++ if (dp - data >= 255) {
++ LDNS_FREE(data);
++ return LDNS_STATUS_INVALID_STR;
++ }
++ *++dp = ch;
++ }
++ if (! str) {
++ return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
++ }
++ length = (size_t)(dp - data);
++ /* Fix last length byte */
++ data[0] = (uint8_t)length;
++
++ /* Lose the overmeasure */
++ data = LDNS_XREALLOC(dp = data, uint8_t, length + 1);
++ if (! data) {
++ LDNS_FREE(dp);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ /* Create rdf */
++ *rd = ldns_rdf_new(LDNS_RDF_TYPE_STR, length + 1, data);
++ if (! *rd) {
++ LDNS_FREE(data);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_str2rdf_apl(ldns_rdf **rd, const char *str)
++{
++ const char *my_str = str;
++
++ char *my_ip_str;
++ size_t ip_str_len;
++
++ uint16_t family;
++ bool negation;
++ uint8_t afdlength = 0;
++ uint8_t *afdpart;
++ uint8_t prefix;
++
++ uint8_t *data;
++
++ size_t i = 0;
++
++ /* [!]afi:address/prefix */
++ if (strlen(my_str) < 2
++ || strchr(my_str, ':') == NULL
++ || strchr(my_str, '/') == NULL
++ || strchr(my_str, ':') > strchr(my_str, '/')) {
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ if (my_str[0] == '!') {
++ negation = true;
++ my_str += 1;
++ } else {
++ negation = false;
++ }
++
++ family = (uint16_t) atoi(my_str);
++
++ my_str = strchr(my_str, ':') + 1;
++
++ /* need ip addr and only ip addr for inet_pton */
++ ip_str_len = (size_t) (strchr(my_str, '/') - my_str);
++ my_ip_str = LDNS_XMALLOC(char, ip_str_len + 1);
++ if(!my_ip_str) return LDNS_STATUS_MEM_ERR;
++ strncpy(my_ip_str, my_str, ip_str_len + 1);
++ my_ip_str[ip_str_len] = '\0';
++
++ if (family == 1) {
++ /* ipv4 */
++ afdpart = LDNS_XMALLOC(uint8_t, 4);
++ if(!afdpart) {
++ LDNS_FREE(my_ip_str);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ if (inet_pton(AF_INET, my_ip_str, afdpart) == 0) {
++ LDNS_FREE(my_ip_str);
++ LDNS_FREE(afdpart);
++ return LDNS_STATUS_INVALID_STR;
++ }
++ for (i = 0; i < 4; i++) {
++ if (afdpart[i] != 0) {
++ afdlength = i + 1;
++ }
++ }
++ } else if (family == 2) {
++ /* ipv6 */
++ afdpart = LDNS_XMALLOC(uint8_t, 16);
++ if(!afdpart) {
++ LDNS_FREE(my_ip_str);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ if (inet_pton(AF_INET6, my_ip_str, afdpart) == 0) {
++ LDNS_FREE(my_ip_str);
++ LDNS_FREE(afdpart);
++ return LDNS_STATUS_INVALID_STR;
++ }
++ for (i = 0; i < 16; i++) {
++ if (afdpart[i] != 0) {
++ afdlength = i + 1;
++ }
++ }
++ } else {
++ /* unknown family */
++ LDNS_FREE(my_ip_str);
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ my_str = strchr(my_str, '/') + 1;
++ prefix = (uint8_t) atoi(my_str);
++
++ data = LDNS_XMALLOC(uint8_t, 4 + afdlength);
++ if(!data) {
++ LDNS_FREE(afdpart);
++ LDNS_FREE(my_ip_str);
++ return LDNS_STATUS_INVALID_STR;
++ }
++ ldns_write_uint16(data, family);
++ data[2] = prefix;
++ data[3] = afdlength;
++ if (negation) {
++ /* set bit 1 of byte 3 */
++ data[3] = data[3] | 0x80;
++ }
++
++ memcpy(data + 4, afdpart, afdlength);
++
++ *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_APL, afdlength + 4, data);
++ LDNS_FREE(afdpart);
++ LDNS_FREE(data);
++ LDNS_FREE(my_ip_str);
++
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_b64(ldns_rdf **rd, const char *str)
++{
++ uint8_t *buffer;
++ int16_t i;
++
++ buffer = LDNS_XMALLOC(uint8_t, ldns_b64_ntop_calculate_size(strlen(str)));
++ if(!buffer) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ i = (uint16_t)ldns_b64_pton((const char*)str, buffer,
++ ldns_b64_ntop_calculate_size(strlen(str)));
++ if (-1 == i) {
++ LDNS_FREE(buffer);
++ return LDNS_STATUS_INVALID_B64;
++ } else {
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_B64, (uint16_t) i, buffer);
++ }
++ LDNS_FREE(buffer);
++
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str)
++{
++ uint8_t *buffer;
++ int i;
++ /* first byte contains length of actual b32 data */
++ uint8_t len = ldns_b32_pton_calculate_size(strlen(str));
++ buffer = LDNS_XMALLOC(uint8_t, len + 1);
++ if(!buffer) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ buffer[0] = len;
++
++ i = ldns_b32_pton_extended_hex((const char*)str, strlen(str), buffer + 1,
++ ldns_b32_ntop_calculate_size(strlen(str)));
++ if (i < 0) {
++ LDNS_FREE(buffer);
++ return LDNS_STATUS_INVALID_B32_EXT;
++ } else {
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_B32_EXT, (uint16_t) i + 1, buffer);
++ }
++ LDNS_FREE(buffer);
++
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_hex(ldns_rdf **rd, const char *str)
++{
++ uint8_t *t, *t_orig;
++ int i;
++ size_t len;
++
++ len = strlen(str);
++
++ if (len > LDNS_MAX_RDFLEN * 2) {
++ return LDNS_STATUS_LABEL_OVERFLOW;
++ } else {
++ t = LDNS_XMALLOC(uint8_t, (len / 2) + 1);
++ if(!t) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ t_orig = t;
++ /* Now process octet by octet... */
++ while (*str) {
++ *t = 0;
++ if (isspace((int) *str)) {
++ str++;
++ } else {
++ for (i = 16; i >= 1; i -= 15) {
++ while (*str && isspace((int) *str)) { str++; }
++ if (*str) {
++ if (isxdigit((int) *str)) {
++ *t += ldns_hexdigit_to_int(*str) * i;
++ } else {
++ LDNS_FREE(t_orig);
++ return LDNS_STATUS_ERR;
++ }
++ ++str;
++ }
++ }
++ ++t;
++ }
++ }
++ *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
++ (size_t) (t - t_orig),
++ t_orig);
++ LDNS_FREE(t_orig);
++ }
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_nsec(ldns_rdf **rd, const char *str)
++{
++ const char *delimiters = "\n\t ";
++ char *token = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN);
++ ldns_buffer *str_buf;
++ ssize_t c;
++ uint16_t cur_type;
++ size_t type_count = 0;
++ ldns_rr_type type_list[65536];
++ if(!token) return LDNS_STATUS_MEM_ERR;
++ if(rd == NULL) {
++ LDNS_FREE(token);
++ return LDNS_STATUS_NULL;
++ }
++
++ str_buf = LDNS_MALLOC(ldns_buffer);
++ if(!str_buf) {
++ LDNS_FREE(token);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str));
++ if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) {
++ LDNS_FREE(str_buf);
++ LDNS_FREE(token);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ while ((c = ldns_bget_token(str_buf, token, delimiters, LDNS_MAX_RDFLEN)) != -1 && c != 0) {
++ if(type_count >= sizeof(type_list)) {
++ LDNS_FREE(str_buf);
++ LDNS_FREE(token);
++ return LDNS_STATUS_ERR;
++ }
++ cur_type = ldns_get_rr_type_by_name(token);
++ type_list[type_count] = cur_type;
++ type_count++;
++ }
++
++ *rd = ldns_dnssec_create_nsec_bitmap(type_list,
++ type_count,
++ LDNS_RR_TYPE_NSEC);
++
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_type(ldns_rdf **rd, const char *str)
++{
++ uint16_t type;
++ type = htons(ldns_get_rr_type_by_name(str));
++ /* ldns_rr_type is a 16 bit value */
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_TYPE, sizeof(uint16_t), &type);
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_class(ldns_rdf **rd, const char *str)
++{
++ uint16_t klass;
++ klass = htons(ldns_get_rr_class_by_name(str));
++ /* class is 16 bit */
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_CLASS, sizeof(uint16_t), &klass);
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++/* An certificate alg field can either be specified as a 8 bits number
++ * or by its symbolic name. Handle both
++ */
++ldns_status
++ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str)
++{
++ ldns_lookup_table *lt;
++ ldns_status st;
++ uint8_t idd[2];
++ lt = ldns_lookup_by_name(ldns_cert_algorithms, str);
++ st = LDNS_STATUS_OK;
++
++ if (lt) {
++ ldns_write_uint16(idd, (uint16_t) lt->id);
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_INT16, sizeof(uint16_t), idd);
++ if (!*rd) {
++ st = LDNS_STATUS_ERR;
++ }
++ } else {
++ /* try as-is (a number) */
++ st = ldns_str2rdf_int16(rd, str);
++ if (st == LDNS_STATUS_OK &&
++ ldns_rdf2native_int16(*rd) == 0) {
++ st = LDNS_STATUS_CERT_BAD_ALGORITHM;
++ }
++ }
++
++ return st;
++}
++
++static ldns_lookup_table ldns_tlsa_certificate_usages[] = {
++ { LDNS_TLSA_USAGE_PKIX_TA , "PKIX-TA" },
++ { LDNS_TLSA_USAGE_PKIX_EE , "PKIX-EE" },
++ { LDNS_TLSA_USAGE_DANE_TA , "DANE-TA" },
++ { LDNS_TLSA_USAGE_DANE_EE , "DANE-EE" },
++ { LDNS_TLSA_USAGE_PRIVCERT , "PrivCert" }
++};
++
++static ldns_lookup_table ldns_tlsa_selectors[] = {
++ { LDNS_TLSA_SELECTOR_CERT , "Cert" },
++ { LDNS_TLSA_SELECTOR_SPKI , "SPKI" },
++ { LDNS_TLSA_SELECTOR_PRIVSEL , "PrivSel" }
++};
++
++static ldns_lookup_table ldns_tlsa_matching_types[] = {
++ { LDNS_TLSA_MATCHING_TYPE_FULL , "Full" },
++ { LDNS_TLSA_MATCHING_TYPE_SHA2_256 , "SHA2-256" },
++ { LDNS_TLSA_MATCHING_TYPE_SHA2_512 , "SHA2-512" },
++ { LDNS_TLSA_MATCHING_TYPE_PRIVMATCH , "PrivMatch" }
++};
++
++static ldns_status
++ldns_str2rdf_mnemonic4int8(ldns_lookup_table *lt,
++ ldns_rdf **rd, const char *str)
++{
++ if ((lt = ldns_lookup_by_name(lt, str))) {
++ /* it was given as a integer */
++ *rd = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t) lt->id);
++ if (!*rd)
++ return LDNS_STATUS_ERR;
++ else
++ return LDNS_STATUS_OK;
++ }
++ return ldns_str2rdf_int8(rd, str);
++}
++
++/* An alg field can either be specified as a 8 bits number
++ * or by its symbolic name. Handle both
++ */
++ldns_status
++ldns_str2rdf_alg(ldns_rdf **rd, const char *str)
++{
++ return ldns_str2rdf_mnemonic4int8(ldns_algorithms, rd, str);
++}
++
++ldns_status
++ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str)
++{
++ return ldns_str2rdf_mnemonic4int8(
++ ldns_tlsa_certificate_usages, rd, str);
++}
++
++ldns_status
++ldns_str2rdf_selector(ldns_rdf **rd, const char *str)
++{
++ return ldns_str2rdf_mnemonic4int8(ldns_tlsa_selectors, rd, str);
++}
++
++ldns_status
++ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str)
++{
++ return ldns_str2rdf_mnemonic4int8(ldns_tlsa_matching_types, rd, str);
++}
++
++ldns_status
++ldns_str2rdf_unknown( ATTR_UNUSED(ldns_rdf **rd)
++ , ATTR_UNUSED(const char *str)
++ )
++{
++ /* this should be caught in an earlier time (general str2host for
++ rr's */
++ return LDNS_STATUS_NOT_IMPL;
++}
++
++ldns_status
++ldns_str2rdf_service( ATTR_UNUSED(ldns_rdf **rd)
++ , ATTR_UNUSED(const char *str)
++ )
++{
++ /* is this used? is this actually WKS? or SRV? */
++ return LDNS_STATUS_NOT_IMPL;
++}
++
++static int
++loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e)
++{
++ /* read <digits>[.<digits>][mM] */
++ /* into mantissa exponent format for LOC type */
++ uint32_t meters = 0, cm = 0, val;
++ while (isblank(*my_str)) {
++ my_str++;
++ }
++ meters = (uint32_t)strtol(my_str, &my_str, 10);
++ if (*my_str == '.') {
++ my_str++;
++ cm = (uint32_t)strtol(my_str, &my_str, 10);
++ }
++ if (meters >= 1) {
++ *e = 2;
++ val = meters;
++ } else {
++ *e = 0;
++ val = cm;
++ }
++ while(val >= 10) {
++ (*e)++;
++ val /= 10;
++ }
++ *m = (uint8_t)val;
++
++ if (*e > 9)
++ return 0;
++ if (*my_str == 'm' || *my_str == 'M') {
++ my_str++;
++ }
++ *endstr = my_str;
++ return 1;
++}
++
++ldns_status
++ldns_str2rdf_loc(ldns_rdf **rd, const char *str)
++{
++ uint32_t latitude = 0;
++ uint32_t longitude = 0;
++ uint32_t altitude = 0;
++
++ uint8_t *data;
++ uint32_t equator = (uint32_t) ldns_power(2, 31);
++
++ uint32_t h = 0;
++ uint32_t m = 0;
++ uint8_t size_b = 1, size_e = 2;
++ uint8_t horiz_pre_b = 1, horiz_pre_e = 6;
++ uint8_t vert_pre_b = 1, vert_pre_e = 3;
++
++ double s = 0.0;
++ bool northerness;
++ bool easterness;
++
++ char *my_str = (char *) str;
++
++ /* only support version 0 */
++ if (isdigit((int) *my_str)) {
++ h = (uint32_t) strtol(my_str, &my_str, 10);
++ } else {
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ while (isblank((int) *my_str)) {
++ my_str++;
++ }
++
++ if (isdigit((int) *my_str)) {
++ m = (uint32_t) strtol(my_str, &my_str, 10);
++ } else if (*my_str == 'N' || *my_str == 'S') {
++ goto north;
++ } else {
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ while (isblank((int) *my_str)) {
++ my_str++;
++ }
++
++ if (isdigit((int) *my_str)) {
++ s = strtod(my_str, &my_str);
++ }
++north:
++ while (isblank((int) *my_str)) {
++ my_str++;
++ }
++
++ if (*my_str == 'N') {
++ northerness = true;
++ } else if (*my_str == 'S') {
++ northerness = false;
++ } else {
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ my_str++;
++
++ /* store number */
++ s = 1000.0 * s;
++ /* add a little to make floor in conversion a round */
++ s += 0.0005;
++ latitude = (uint32_t) s;
++ latitude += 1000 * 60 * m;
++ latitude += 1000 * 60 * 60 * h;
++ if (northerness) {
++ latitude = equator + latitude;
++ } else {
++ latitude = equator - latitude;
++ }
++ while (isblank(*my_str)) {
++ my_str++;
++ }
++
++ if (isdigit((int) *my_str)) {
++ h = (uint32_t) strtol(my_str, &my_str, 10);
++ } else {
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ while (isblank((int) *my_str)) {
++ my_str++;
++ }
++
++ if (isdigit((int) *my_str)) {
++ m = (uint32_t) strtol(my_str, &my_str, 10);
++ } else if (*my_str == 'E' || *my_str == 'W') {
++ goto east;
++ } else {
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ while (isblank(*my_str)) {
++ my_str++;
++ }
++
++ if (isdigit((int) *my_str)) {
++ s = strtod(my_str, &my_str);
++ }
++
++east:
++ while (isblank(*my_str)) {
++ my_str++;
++ }
++
++ if (*my_str == 'E') {
++ easterness = true;
++ } else if (*my_str == 'W') {
++ easterness = false;
++ } else {
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ my_str++;
++
++ /* store number */
++ s *= 1000.0;
++ /* add a little to make floor in conversion a round */
++ s += 0.0005;
++ longitude = (uint32_t) s;
++ longitude += 1000 * 60 * m;
++ longitude += 1000 * 60 * 60 * h;
++
++ if (easterness) {
++ longitude += equator;
++ } else {
++ longitude = equator - longitude;
++ }
++
++ altitude = (uint32_t)(strtod(my_str, &my_str)*100.0 +
++ 10000000.0 + 0.5);
++ if (*my_str == 'm' || *my_str == 'M') {
++ my_str++;
++ }
++
++ if (strlen(my_str) > 0) {
++ if(!loc_parse_cm(my_str, &my_str, &size_b, &size_e))
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ if (strlen(my_str) > 0) {
++ if(!loc_parse_cm(my_str, &my_str, &horiz_pre_b, &horiz_pre_e))
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ if (strlen(my_str) > 0) {
++ if(!loc_parse_cm(my_str, &my_str, &vert_pre_b, &vert_pre_e))
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ data = LDNS_XMALLOC(uint8_t, 16);
++ if(!data) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ data[0] = 0;
++ data[1] = 0;
++ data[1] = ((size_b << 4) & 0xf0) | (size_e & 0x0f);
++ data[2] = ((horiz_pre_b << 4) & 0xf0) | (horiz_pre_e & 0x0f);
++ data[3] = ((vert_pre_b << 4) & 0xf0) | (vert_pre_e & 0x0f);
++ ldns_write_uint32(data + 4, latitude);
++ ldns_write_uint32(data + 8, longitude);
++ ldns_write_uint32(data + 12, altitude);
++
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_LOC, 16, data);
++
++ LDNS_FREE(data);
++ return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_wks(ldns_rdf **rd, const char *str)
++{
++ uint8_t *bitmap = NULL;
++ uint8_t *data;
++ int bm_len = 0;
++
++ struct protoent *proto = NULL;
++ struct servent *serv = NULL;
++ int serv_port;
++
++ ldns_buffer *str_buf;
++
++ char *proto_str = NULL;
++ char *token;
++ if(strlen(str) == 0)
++ token = LDNS_XMALLOC(char, 50);
++ else token = LDNS_XMALLOC(char, strlen(str)+2);
++ if(!token) return LDNS_STATUS_MEM_ERR;
++
++ str_buf = LDNS_MALLOC(ldns_buffer);
++ if(!str_buf) {LDNS_FREE(token); return LDNS_STATUS_MEM_ERR;}
++ ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str));
++ if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) {
++ LDNS_FREE(str_buf);
++ LDNS_FREE(token);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) {
++ if (!proto_str) {
++ proto_str = strdup(token);
++ if (!proto_str) {
++ LDNS_FREE(bitmap);
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ return LDNS_STATUS_INVALID_STR;
++ }
++ } else {
++ serv = getservbyname(token, proto_str);
++ if (serv) {
++ serv_port = (int) ntohs((uint16_t) serv->s_port);
++ } else {
++ serv_port = atoi(token);
++ }
++ if (serv_port / 8 >= bm_len) {
++ uint8_t *b2 = LDNS_XREALLOC(bitmap, uint8_t, (serv_port / 8) + 1);
++ if(!b2) {
++ LDNS_FREE(bitmap);
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ free(proto_str);
++ return LDNS_STATUS_INVALID_STR;
++ }
++ bitmap = b2;
++ /* set to zero to be sure */
++ for (; bm_len <= serv_port / 8; bm_len++) {
++ bitmap[bm_len] = 0;
++ }
++ }
++ ldns_set_bit(bitmap + (serv_port / 8), 7 - (serv_port % 8), true);
++ }
++ }
++
++ if (!proto_str || !bitmap) {
++ LDNS_FREE(bitmap);
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ free(proto_str);
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ data = LDNS_XMALLOC(uint8_t, bm_len + 1);
++ if(!data) {
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ LDNS_FREE(bitmap);
++ free(proto_str);
++ return LDNS_STATUS_INVALID_STR;
++ }
++ if (proto_str)
++ proto = getprotobyname(proto_str);
++ if (proto) {
++ data[0] = (uint8_t) proto->p_proto;
++ } else if (proto_str) {
++ data[0] = (uint8_t) atoi(proto_str);
++ }
++ memcpy(data + 1, bitmap, (size_t) bm_len);
++
++ *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_WKS, (uint16_t) (bm_len + 1), data);
++
++ LDNS_FREE(data);
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ LDNS_FREE(bitmap);
++ free(proto_str);
++#ifdef HAVE_ENDSERVENT
++ endservent();
++#endif
++#ifdef HAVE_ENDPROTOENT
++ endprotoent();
++#endif
++
++ if(!*rd) return LDNS_STATUS_MEM_ERR;
++
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_str2rdf_nsap(ldns_rdf **rd, const char *str)
++{
++ size_t len, i;
++ char* nsap_str = (char*) str;
++
++ /* just a hex string with optional dots? */
++ if (str[0] != '0' || str[1] != 'x') {
++ return LDNS_STATUS_INVALID_STR;
++ } else {
++ len = strlen(str);
++ for (i=0; i < len; i++) {
++ if (nsap_str[i] == '.')
++ nsap_str[i] = ' ';
++ }
++ return ldns_str2rdf_hex(rd, str+2);
++ }
++}
++
++ldns_status
++ldns_str2rdf_atma(ldns_rdf **rd, const char *str)
++{
++ size_t len, i;
++ char* atma_str = (char*) str;
++ ldns_status status;
++
++ /* just a hex string with optional dots? */
++ len = strlen(str);
++ for (i=0; i < len; i++) {
++ if (atma_str[i] == '.')
++ atma_str[i] = ' ';
++ }
++ status = ldns_str2rdf_hex(rd, str);
++ if (status != LDNS_STATUS_OK) {
++ ; /* probably in e.164 format than */
++ }
++ return status;
++}
++
++ldns_status
++ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str)
++{
++ uint8_t precedence = 0;
++ uint8_t gateway_type = 0;
++ uint8_t algorithm = 0;
++ char* gateway = NULL;
++ char* publickey = NULL;
++ uint8_t *data;
++ ldns_buffer *str_buf;
++ char *token;
++ int token_count = 0;
++ int ipseckey_len = 0;
++ ldns_rdf* gateway_rdf = NULL;
++ ldns_rdf* publickey_rdf = NULL;
++ ldns_status status = LDNS_STATUS_OK;
++
++ if(strlen(str) == 0)
++ token = LDNS_XMALLOC(char, 256);
++ else token = LDNS_XMALLOC(char, strlen(str)+2);
++ if(!token) return LDNS_STATUS_MEM_ERR;
++
++ str_buf = LDNS_MALLOC(ldns_buffer);
++ if(!str_buf) {LDNS_FREE(token); return LDNS_STATUS_MEM_ERR;}
++ ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str));
++ if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) {
++ LDNS_FREE(str_buf);
++ LDNS_FREE(token);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) {
++ switch (token_count) {
++ case 0:
++ precedence = (uint8_t)atoi(token);
++ break;
++ case 1:
++ gateway_type = (uint8_t)atoi(token);
++ break;
++ case 2:
++ algorithm = (uint8_t)atoi(token);
++ break;
++ case 3:
++ gateway = strdup(token);
++ if (!gateway || (gateway_type == 0 &&
++ (token[0] != '.' || token[1] != '\0'))) {
++ LDNS_FREE(gateway);
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ return LDNS_STATUS_INVALID_STR;
++ }
++ break;
++ case 4:
++ publickey = strdup(token);
++ break;
++ default:
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ return LDNS_STATUS_INVALID_STR;
++ break;
++ }
++ token_count++;
++ }
++
++ if (!gateway || !publickey) {
++ if (gateway)
++ LDNS_FREE(gateway);
++ if (publickey)
++ LDNS_FREE(publickey);
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ if (gateway_type == 1) {
++ status = ldns_str2rdf_a(&gateway_rdf, gateway);
++ } else if (gateway_type == 2) {
++ status = ldns_str2rdf_aaaa(&gateway_rdf, gateway);
++ } else if (gateway_type == 3) {
++ status = ldns_str2rdf_dname(&gateway_rdf, gateway);
++ }
++
++ if (status != LDNS_STATUS_OK) {
++ if (gateway)
++ LDNS_FREE(gateway);
++ if (publickey)
++ LDNS_FREE(publickey);
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ status = ldns_str2rdf_b64(&publickey_rdf, publickey);
++
++ if (status != LDNS_STATUS_OK) {
++ if (gateway)
++ LDNS_FREE(gateway);
++ if (publickey)
++ LDNS_FREE(publickey);
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ if (gateway_rdf) ldns_rdf_free(gateway_rdf);
++ return LDNS_STATUS_INVALID_STR;
++ }
++
++ /* now copy all into one ipseckey rdf */
++ if (gateway_type)
++ ipseckey_len = 3 + (int)ldns_rdf_size(gateway_rdf) + (int)ldns_rdf_size(publickey_rdf);
++ else
++ ipseckey_len = 3 + (int)ldns_rdf_size(publickey_rdf);
++
++ data = LDNS_XMALLOC(uint8_t, ipseckey_len);
++ if(!data) {
++ if (gateway)
++ LDNS_FREE(gateway);
++ if (publickey)
++ LDNS_FREE(publickey);
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ if (gateway_rdf) ldns_rdf_free(gateway_rdf);
++ if (publickey_rdf) ldns_rdf_free(publickey_rdf);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ data[0] = precedence;
++ data[1] = gateway_type;
++ data[2] = algorithm;
++
++ if (gateway_type) {
++ memcpy(data + 3,
++ ldns_rdf_data(gateway_rdf), ldns_rdf_size(gateway_rdf));
++ memcpy(data + 3 + ldns_rdf_size(gateway_rdf),
++ ldns_rdf_data(publickey_rdf), ldns_rdf_size(publickey_rdf));
++ } else {
++ memcpy(data + 3,
++ ldns_rdf_data(publickey_rdf), ldns_rdf_size(publickey_rdf));
++ }
++
++ *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_IPSECKEY, (uint16_t) ipseckey_len, data);
++
++ if (gateway)
++ LDNS_FREE(gateway);
++ if (publickey)
++ LDNS_FREE(publickey);
++ LDNS_FREE(token);
++ ldns_buffer_free(str_buf);
++ ldns_rdf_free(gateway_rdf);
++ ldns_rdf_free(publickey_rdf);
++ LDNS_FREE(data);
++ if(!*rd) return LDNS_STATUS_MEM_ERR;
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_str2rdf_ilnp64(ldns_rdf **rd, const char *str)
++{
++ unsigned int a, b, c, d;
++ uint16_t shorts[4];
++ int l;
++
++ if (sscanf(str, "%4x:%4x:%4x:%4x%n", &a, &b, &c, &d, &l) != 4 ||
++ l != (int)strlen(str) || /* more data to read */
++ strpbrk(str, "+-") /* signed hexes */
++ ) {
++ return LDNS_STATUS_INVALID_ILNP64;
++ } else {
++ shorts[0] = htons(a);
++ shorts[1] = htons(b);
++ shorts[2] = htons(c);
++ shorts[3] = htons(d);
++ *rd = ldns_rdf_new_frm_data(
++ LDNS_RDF_TYPE_ILNP64, 4 * sizeof(uint16_t), &shorts);
++ }
++ return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_eui48(ldns_rdf **rd, const char *str)
++{
++ unsigned int a, b, c, d, e, f;
++ uint8_t bytes[6];
++ int l;
++
++ if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x%n",
++ &a, &b, &c, &d, &e, &f, &l) != 6 ||
++ l != (int)strlen(str)) {
++ return LDNS_STATUS_INVALID_EUI48;
++ } else {
++ bytes[0] = a;
++ bytes[1] = b;
++ bytes[2] = c;
++ bytes[3] = d;
++ bytes[4] = e;
++ bytes[5] = f;
++ *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_EUI48, 6, &bytes);
++ }
++ return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_eui64(ldns_rdf **rd, const char *str)
++{
++ unsigned int a, b, c, d, e, f, g, h;
++ uint8_t bytes[8];
++ int l;
++
++ if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x-%2x-%2x%n",
++ &a, &b, &c, &d, &e, &f, &g, &h, &l) != 8 ||
++ l != (int)strlen(str)) {
++ return LDNS_STATUS_INVALID_EUI64;
++ } else {
++ bytes[0] = a;
++ bytes[1] = b;
++ bytes[2] = c;
++ bytes[3] = d;
++ bytes[4] = e;
++ bytes[5] = f;
++ bytes[6] = g;
++ bytes[7] = h;
++ *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_EUI64, 8, &bytes);
++ }
++ return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
++}
++
++ldns_status
++ldns_str2rdf_tag(ldns_rdf **rd, const char *str)
++{
++ uint8_t *data;
++ const char* ptr;
++
++ if (strlen(str) > 255) {
++ return LDNS_STATUS_INVALID_TAG;
++ }
++ for (ptr = str; *ptr; ptr++) {
++ if (! isalnum(*ptr)) {
++ return LDNS_STATUS_INVALID_TAG;
++ }
++ }
++ data = LDNS_XMALLOC(uint8_t, strlen(str) + 1);
++ if (!data) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ data[0] = strlen(str);
++ memcpy(data + 1, str, strlen(str));
++
++ *rd = ldns_rdf_new(LDNS_RDF_TYPE_TAG, strlen(str) + 1, data);
++ if (!*rd) {
++ LDNS_FREE(data);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)
++{
++ uint8_t *data, *dp, ch = 0;
++ size_t length;
++
++ /* Worst case space requirement. We'll realloc to actual size later. */
++ dp = data = LDNS_XMALLOC(uint8_t, strlen(str));
++ if (! data) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ /* Fill data with parsed bytes */
++ while (parse_char(&ch, &str)) {
++ *dp++ = ch;
++ if (dp - data > LDNS_MAX_RDFLEN) {
++ LDNS_FREE(data);
++ return LDNS_STATUS_INVALID_STR;
++ }
++ }
++ if (! str) {
++ return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
++ }
++ length = (size_t)(dp - data);
++
++ /* Lose the overmeasure */
++ data = LDNS_XREALLOC(dp = data, uint8_t, length);
++ if (! data) {
++ LDNS_FREE(dp);
++ return LDNS_STATUS_MEM_ERR;
++ }
++
++ /* Create rdf */
++ *rd = ldns_rdf_new(LDNS_RDF_TYPE_LONG_STR, length, data);
++ if (! *rd) {
++ LDNS_FREE(data);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ return LDNS_STATUS_OK;
++}
++
++ldns_status
++ldns_str2rdf_hip(ldns_rdf **rd, const char *str)
++{
++ const char *hit = strchr(str, ' ') + 1;
++ const char *pk = hit == NULL ? NULL : strchr(hit, ' ') + 1;
++ size_t hit_size = hit == NULL ? 0
++ : pk == NULL ? strlen(hit) : (size_t) (pk - hit) - 1;
++ size_t pk_size = pk == NULL ? 0 : strlen(pk);
++ size_t hit_wire_size = (hit_size + 1) / 2;
++ size_t pk_wire_size = ldns_b64_pton_calculate_size(pk_size);
++ size_t rdf_size = 4 + hit_wire_size + pk_wire_size;
++
++ char *endptr; /* utility var for strtol usage */
++ int algorithm = strtol(str, &endptr, 10);
++
++ uint8_t *data, *dp;
++ int hi, lo, written;
++
++ if (hit_size == 0 || pk_size == 0 || (hit_size + 1) / 2 > 255
++ || rdf_size > LDNS_MAX_RDFLEN
++ || algorithm < 0 || algorithm > 255
++ || (errno != 0 && algorithm == 0) /* out of range */
++ || endptr == str /* no digits */) {
++
++ return LDNS_STATUS_SYNTAX_ERR;
++ }
++ if ((data = LDNS_XMALLOC(uint8_t, rdf_size)) == NULL) {
++
++ return LDNS_STATUS_MEM_ERR;
++ }
++ /* From RFC 5205 section 5. HIP RR Storage Format:
++ *************************************************
++
++ 0 1 2 3
++ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
++ | HIT length | PK algorithm | PK length |
++ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
++ | |
++ ~ HIT ~
++ | |
++ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
++ | | |
++ +-+-+-+-+-+-+-+-+-+-+-+ +
++ | Public Key |
++ ~ ~
++ | |
++ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
++ | | |
++ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
++ | |
++ ~ Rendezvous Servers ~
++ | |
++ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
++ | |
++ +-+-+-+-+-+-+-+ */
++
++ data[0] = (uint8_t) hit_wire_size;
++ data[1] = (uint8_t) algorithm;
++
++ for (dp = data + 4; *hit && *hit != ' '; dp++) {
++
++ if ((hi = ldns_hexdigit_to_int(*hit++)) == -1 ||
++ (lo = ldns_hexdigit_to_int(*hit++)) == -1) {
++
++ LDNS_FREE(data);
++ return LDNS_STATUS_INVALID_HEX;
++ }
++ *dp = (uint8_t) hi << 4 | lo;
++ }
++ if ((written = ldns_b64_pton(pk, dp, pk_wire_size)) <= 0) {
++
++ LDNS_FREE(data);
++ return LDNS_STATUS_INVALID_B64;
++ }
++
++ /* Because ldns_b64_pton_calculate_size isn't always correct:
++ * (we have to fix it at some point)
++ */
++ pk_wire_size = (uint16_t) written;
++ ldns_write_uint16(data + 2, pk_wire_size);
++ rdf_size = 4 + hit_wire_size + pk_wire_size;
++
++ /* Create rdf */
++ if (! (*rd = ldns_rdf_new(LDNS_RDF_TYPE_HIP, rdf_size, data))) {
++
++ LDNS_FREE(data);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ return LDNS_STATUS_OK;
++}
+diff --git a/ldns/src/tsig.c b/ldns/src/tsig.c
+new file mode 100644
+index 0000000..53aa85e
+--- /dev/null
++++ b/ldns/src/tsig.c
+@@ -0,0 +1,470 @@
++/*
++ * tsig.c
++ *
++ * contains the functions needed for TSIG [RFC2845]
++ *
++ * (c) 2005-2006 NLnet Labs
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#include <strings.h>
++
++#ifdef HAVE_SSL
++#include <openssl/hmac.h>
++#include <openssl/md5.h>
++#endif /* HAVE_SSL */
++
++char *
++ldns_tsig_algorithm(ldns_tsig_credentials *tc)
++{
++ return tc->algorithm;
++}
++
++char *
++ldns_tsig_keyname(ldns_tsig_credentials *tc)
++{
++ return tc->keyname;
++}
++
++char *
++ldns_tsig_keydata(ldns_tsig_credentials *tc)
++{
++ return tc->keydata;
++}
++
++char *
++ldns_tsig_keyname_clone(ldns_tsig_credentials *tc)
++{
++ return strdup(tc->keyname);
++}
++
++char *
++ldns_tsig_keydata_clone(ldns_tsig_credentials *tc)
++{
++ return strdup(tc->keydata);
++}
++
++/*
++ * Makes an exact copy of the wire, but with the tsig rr removed
++ */
++static uint8_t *
++ldns_tsig_prepare_pkt_wire(uint8_t *wire, size_t wire_len, size_t *result_len)
++{
++ uint8_t *wire2 = NULL;
++ uint16_t qd_count;
++ uint16_t an_count;
++ uint16_t ns_count;
++ uint16_t ar_count;
++ ldns_rr *rr;
++
++ size_t pos;
++ uint16_t i;
++
++ ldns_status status;
++
++ if(wire_len < LDNS_HEADER_SIZE) {
++ return NULL;
++ }
++ /* fake parse the wire */
++ qd_count = LDNS_QDCOUNT(wire);
++ an_count = LDNS_ANCOUNT(wire);
++ ns_count = LDNS_NSCOUNT(wire);
++ ar_count = LDNS_ARCOUNT(wire);
++
++ if (ar_count > 0) {
++ ar_count--;
++ } else {
++ return NULL;
++ }
++
++ pos = LDNS_HEADER_SIZE;
++
++ for (i = 0; i < qd_count; i++) {
++ status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_QUESTION);
++ if (status != LDNS_STATUS_OK) {
++ return NULL;
++ }
++ ldns_rr_free(rr);
++ }
++
++ for (i = 0; i < an_count; i++) {
++ status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_ANSWER);
++ if (status != LDNS_STATUS_OK) {
++ return NULL;
++ }
++ ldns_rr_free(rr);
++ }
++
++ for (i = 0; i < ns_count; i++) {
++ status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_AUTHORITY);
++ if (status != LDNS_STATUS_OK) {
++ return NULL;
++ }
++ ldns_rr_free(rr);
++ }
++
++ for (i = 0; i < ar_count; i++) {
++ status = ldns_wire2rr(&rr, wire, wire_len, &pos,
++ LDNS_SECTION_ADDITIONAL);
++ if (status != LDNS_STATUS_OK) {
++ return NULL;
++ }
++ ldns_rr_free(rr);
++ }
++
++ *result_len = pos;
++ wire2 = LDNS_XMALLOC(uint8_t, *result_len);
++ if(!wire2) {
++ return NULL;
++ }
++ memcpy(wire2, wire, *result_len);
++
++ ldns_write_uint16(wire2 + LDNS_ARCOUNT_OFF, ar_count);
++
++ return wire2;
++}
++
++#ifdef HAVE_SSL
++static const EVP_MD *
++ldns_digest_function(char *name)
++{
++ /* these are the mandatory algorithms from RFC4635 */
++ /* The optional algorithms are not yet implemented */
++ if (strcasecmp(name, "hmac-sha256.") == 0) {
++#ifdef HAVE_EVP_SHA256
++ return EVP_sha256();
++#else
++ return NULL;
++#endif
++ } else if (strcasecmp(name, "hmac-sha1.") == 0) {
++ return EVP_sha1();
++ } else if (strcasecmp(name, "hmac-md5.sig-alg.reg.int.") == 0) {
++ return EVP_md5();
++ } else {
++ return NULL;
++ }
++}
++#endif
++
++#ifdef HAVE_SSL
++static ldns_status
++ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size,
++ const char *key_data, ldns_rdf *key_name_rdf, ldns_rdf *fudge_rdf,
++ ldns_rdf *algorithm_rdf, ldns_rdf *time_signed_rdf, ldns_rdf *error_rdf,
++ ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
++{
++ ldns_status status;
++ char *wireformat;
++ int wiresize;
++ unsigned char *mac_bytes = NULL;
++ unsigned char *key_bytes = NULL;
++ int key_size;
++ const EVP_MD *digester;
++ char *algorithm_name = NULL;
++ unsigned int md_len = EVP_MAX_MD_SIZE;
++ ldns_rdf *result = NULL;
++ ldns_buffer *data_buffer = NULL;
++ ldns_rdf *canonical_key_name_rdf = NULL;
++ ldns_rdf *canonical_algorithm_rdf = NULL;
++
++ if (key_name_rdf == NULL || algorithm_rdf == NULL) {
++ return LDNS_STATUS_NULL;
++ }
++ canonical_key_name_rdf = ldns_rdf_clone(key_name_rdf);
++ if (canonical_key_name_rdf == NULL) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ canonical_algorithm_rdf = ldns_rdf_clone(algorithm_rdf);
++ if (canonical_algorithm_rdf == NULL) {
++ ldns_rdf_deep_free(canonical_key_name_rdf);
++ return LDNS_STATUS_MEM_ERR;
++ }
++ /*
++ * prepare the digestable information
++ */
++ data_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
++ if (!data_buffer) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto clean;
++ }
++ /* if orig_mac is not NULL, add it too */
++ if (orig_mac_rdf) {
++ (void) ldns_rdf2buffer_wire(data_buffer, orig_mac_rdf);
++ }
++ ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size);
++ if (!tsig_timers_only) {
++ ldns_dname2canonical(canonical_key_name_rdf);
++ (void)ldns_rdf2buffer_wire(data_buffer,
++ canonical_key_name_rdf);
++ ldns_buffer_write_u16(data_buffer, LDNS_RR_CLASS_ANY);
++ ldns_buffer_write_u32(data_buffer, 0);
++ ldns_dname2canonical(canonical_algorithm_rdf);
++ (void)ldns_rdf2buffer_wire(data_buffer,
++ canonical_algorithm_rdf);
++ }
++ (void)ldns_rdf2buffer_wire(data_buffer, time_signed_rdf);
++ (void)ldns_rdf2buffer_wire(data_buffer, fudge_rdf);
++ if (!tsig_timers_only) {
++ (void)ldns_rdf2buffer_wire(data_buffer, error_rdf);
++ (void)ldns_rdf2buffer_wire(data_buffer, other_data_rdf);
++ }
++
++ wireformat = (char *) data_buffer->_data;
++ wiresize = (int) ldns_buffer_position(data_buffer);
++
++ algorithm_name = ldns_rdf2str(algorithm_rdf);
++ if(!algorithm_name) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto clean;
++ }
++
++ /* prepare the key */
++ key_bytes = LDNS_XMALLOC(unsigned char,
++ ldns_b64_pton_calculate_size(strlen(key_data)));
++ if(!key_bytes) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto clean;
++ }
++ key_size = ldns_b64_pton(key_data, key_bytes,
++ ldns_b64_pton_calculate_size(strlen(key_data)));
++ if (key_size < 0) {
++ status = LDNS_STATUS_INVALID_B64;
++ goto clean;
++ }
++ /* hmac it */
++ /* 2 spare bytes for the length */
++ mac_bytes = LDNS_XMALLOC(unsigned char, md_len+2);
++ if(!mac_bytes) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto clean;
++ }
++ memset(mac_bytes, 0, md_len+2);
++
++ digester = ldns_digest_function(algorithm_name);
++
++ if (digester) {
++ (void) HMAC(digester, key_bytes, key_size, (void *)wireformat,
++ (size_t) wiresize, mac_bytes + 2, &md_len);
++
++ ldns_write_uint16(mac_bytes, md_len);
++ result = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16_DATA, md_len + 2,
++ mac_bytes);
++ } else {
++ status = LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
++ goto clean;
++ }
++ *tsig_mac = result;
++ status = LDNS_STATUS_OK;
++ clean:
++ LDNS_FREE(mac_bytes);
++ LDNS_FREE(key_bytes);
++ LDNS_FREE(algorithm_name);
++ ldns_buffer_free(data_buffer);
++ ldns_rdf_deep_free(canonical_algorithm_rdf);
++ ldns_rdf_deep_free(canonical_key_name_rdf);
++ return status;
++}
++#endif /* HAVE_SSL */
++
++
++#ifdef HAVE_SSL
++bool
++ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char *key_name,
++ const char *key_data, ldns_rdf *orig_mac_rdf)
++{
++ return ldns_pkt_tsig_verify_next(pkt, wire, wirelen, key_name, key_data, orig_mac_rdf, 0);
++}
++
++bool
++ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char* key_name,
++ const char *key_data, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
++{
++ ldns_rdf *fudge_rdf;
++ ldns_rdf *algorithm_rdf;
++ ldns_rdf *time_signed_rdf;
++ ldns_rdf *orig_id_rdf;
++ ldns_rdf *error_rdf;
++ ldns_rdf *other_data_rdf;
++ ldns_rdf *pkt_mac_rdf;
++ ldns_rdf *my_mac_rdf;
++ ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name);
++ uint16_t pkt_id, orig_pkt_id;
++ ldns_status status;
++
++ uint8_t *prepared_wire = NULL;
++ size_t prepared_wire_size = 0;
++
++ ldns_rr *orig_tsig = ldns_pkt_tsig(pkt);
++
++ if (!orig_tsig || ldns_rr_rd_count(orig_tsig) <= 6) {
++ ldns_rdf_deep_free(key_name_rdf);
++ return false;
++ }
++ algorithm_rdf = ldns_rr_rdf(orig_tsig, 0);
++ time_signed_rdf = ldns_rr_rdf(orig_tsig, 1);
++ fudge_rdf = ldns_rr_rdf(orig_tsig, 2);
++ pkt_mac_rdf = ldns_rr_rdf(orig_tsig, 3);
++ orig_id_rdf = ldns_rr_rdf(orig_tsig, 4);
++ error_rdf = ldns_rr_rdf(orig_tsig, 5);
++ other_data_rdf = ldns_rr_rdf(orig_tsig, 6);
++
++ /* remove temporarily */
++ ldns_pkt_set_tsig(pkt, NULL);
++ /* temporarily change the id to the original id */
++ pkt_id = ldns_pkt_id(pkt);
++ orig_pkt_id = ldns_rdf2native_int16(orig_id_rdf);
++ ldns_pkt_set_id(pkt, orig_pkt_id);
++
++ prepared_wire = ldns_tsig_prepare_pkt_wire(wire, wirelen, &prepared_wire_size);
++
++ status = ldns_tsig_mac_new(&my_mac_rdf, prepared_wire, prepared_wire_size,
++ key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
++ time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf, tsig_timers_only);
++
++ LDNS_FREE(prepared_wire);
++
++ if (status != LDNS_STATUS_OK) {
++ ldns_rdf_deep_free(key_name_rdf);
++ return false;
++ }
++ /* Put back the values */
++ ldns_pkt_set_tsig(pkt, orig_tsig);
++ ldns_pkt_set_id(pkt, pkt_id);
++
++ ldns_rdf_deep_free(key_name_rdf);
++
++ if (ldns_rdf_compare(pkt_mac_rdf, my_mac_rdf) == 0) {
++ ldns_rdf_deep_free(my_mac_rdf);
++ return true;
++ } else {
++ ldns_rdf_deep_free(my_mac_rdf);
++ return false;
++ }
++}
++#endif /* HAVE_SSL */
++
++#ifdef HAVE_SSL
++ldns_status
++ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data,
++ uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac)
++{
++ return ldns_pkt_tsig_sign_next(pkt, key_name, key_data, fudge, algorithm_name, query_mac, 0);
++}
++
++ldns_status
++ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data,
++ uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only)
++{
++ ldns_rr *tsig_rr;
++ ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name);
++ ldns_rdf *fudge_rdf = NULL;
++ ldns_rdf *orig_id_rdf = NULL;
++ ldns_rdf *algorithm_rdf;
++ ldns_rdf *error_rdf = NULL;
++ ldns_rdf *mac_rdf = NULL;
++ ldns_rdf *other_data_rdf = NULL;
++
++ ldns_status status = LDNS_STATUS_OK;
++
++ uint8_t *pkt_wire = NULL;
++ size_t pkt_wire_len;
++
++ struct timeval tv_time_signed;
++ uint8_t *time_signed = NULL;
++ ldns_rdf *time_signed_rdf = NULL;
++
++ algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name);
++ if(!key_name_rdf || !algorithm_rdf) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto clean;
++ }
++
++ /* eww don't have create tsigtime rdf yet :( */
++ /* bleh :p */
++ if (gettimeofday(&tv_time_signed, NULL) == 0) {
++ time_signed = LDNS_XMALLOC(uint8_t, 6);
++ if(!time_signed) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto clean;
++ }
++ ldns_write_uint64_as_uint48(time_signed,
++ (uint64_t)tv_time_signed.tv_sec);
++ } else {
++ status = LDNS_STATUS_INTERNAL_ERR;
++ goto clean;
++ }
++
++ time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed);
++ if(!time_signed_rdf) {
++ LDNS_FREE(time_signed);
++ status = LDNS_STATUS_MEM_ERR;
++ goto clean;
++ }
++
++ fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge);
++
++ orig_id_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, ldns_pkt_id(pkt));
++
++ error_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, 0);
++
++ other_data_rdf = ldns_native2rdf_int16_data(0, NULL);
++
++ if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto clean;
++ }
++
++ if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) {
++ status = LDNS_STATUS_ERR;
++ goto clean;
++ }
++
++ status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len,
++ key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
++ time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only);
++
++ if (!mac_rdf) {
++ goto clean;
++ }
++
++ LDNS_FREE(pkt_wire);
++
++ /* Create the TSIG RR */
++ tsig_rr = ldns_rr_new();
++ if(!tsig_rr) {
++ status = LDNS_STATUS_MEM_ERR;
++ goto clean;
++ }
++ ldns_rr_set_owner(tsig_rr, key_name_rdf);
++ ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY);
++ ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG);
++ ldns_rr_set_ttl(tsig_rr, 0);
++
++ ldns_rr_push_rdf(tsig_rr, algorithm_rdf);
++ ldns_rr_push_rdf(tsig_rr, time_signed_rdf);
++ ldns_rr_push_rdf(tsig_rr, fudge_rdf);
++ ldns_rr_push_rdf(tsig_rr, mac_rdf);
++ ldns_rr_push_rdf(tsig_rr, orig_id_rdf);
++ ldns_rr_push_rdf(tsig_rr, error_rdf);
++ ldns_rr_push_rdf(tsig_rr, other_data_rdf);
++
++ ldns_pkt_set_tsig(pkt, tsig_rr);
++
++ return status;
++
++ clean:
++ LDNS_FREE(pkt_wire);
++ ldns_rdf_free(key_name_rdf);
++ ldns_rdf_free(algorithm_rdf);
++ ldns_rdf_free(time_signed_rdf);
++ ldns_rdf_free(fudge_rdf);
++ ldns_rdf_free(orig_id_rdf);
++ ldns_rdf_free(error_rdf);
++ ldns_rdf_free(other_data_rdf);
++ return status;
++}
++#endif /* HAVE_SSL */
+diff --git a/ldns/src/update.c b/ldns/src/update.c
+new file mode 100644
+index 0000000..74e9d19
+--- /dev/null
++++ b/ldns/src/update.c
+@@ -0,0 +1,325 @@
++/* update.c
++ *
++ * Functions for RFC 2136 Dynamic Update
++ *
++ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
++ *
++ * See LICENSE for the license.
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#include <strings.h>
++#include <stdlib.h>
++#include <limits.h>
++
++/*
++ * RFC 2136 sections mapped to RFC 1035:
++ * zone/ZO -- QD/question
++ * prerequisites/PR -- AN/answers
++ * updates/UP -- NS/authority records
++ * additional data/AD -- AR/additional records
++ */
++
++ldns_pkt *
++ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class c,
++ ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist)
++{
++ ldns_pkt *p;
++
++ if (!zone_rdf || !up_rrlist) {
++ return NULL;
++ }
++
++ if (c == 0) {
++ c = LDNS_RR_CLASS_IN;
++ }
++
++ /* Create packet, fill in Zone Section. */
++ p = ldns_pkt_query_new(zone_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD);
++ if (!p) {
++ return NULL;
++ }
++ zone_rdf = NULL; /* No longer safe to use. */
++
++ ldns_pkt_set_opcode(p, LDNS_PACKET_UPDATE);
++
++ ldns_rr_list_deep_free(p->_authority);
++
++ ldns_pkt_set_authority(p, ldns_rr_list_clone(up_rrlist));
++
++ ldns_update_set_upcount(p, ldns_rr_list_rr_count(up_rrlist));
++
++ if (pr_rrlist) {
++ ldns_rr_list_deep_free(p->_answer); /*XXX access function */
++ ldns_pkt_set_answer(p, ldns_rr_list_clone(pr_rrlist));
++ ldns_update_set_prcount(p, ldns_rr_list_rr_count(pr_rrlist));
++ }
++
++ if (ad_rrlist) {
++ ldns_rr_list_deep_free(p->_additional);
++ ldns_pkt_set_additional(p, ldns_rr_list_clone(ad_rrlist));
++ ldns_update_set_adcount(p, ldns_rr_list_rr_count(ad_rrlist));
++ }
++ return p;
++}
++
++ldns_status
++ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r)
++{
++#ifdef HAVE_SSL
++ uint16_t fudge = 300; /* Recommended fudge. [RFC2845 6.4] */
++ if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r))
++ return ldns_pkt_tsig_sign(p, ldns_resolver_tsig_keyname(r),
++ ldns_resolver_tsig_keydata(r), fudge,
++ ldns_resolver_tsig_algorithm(r), NULL);
++#else
++ /* do nothing */
++ (void)p;
++ (void)r;
++#endif /* HAVE_SSL */
++ /* No TSIG to do. */
++ return LDNS_STATUS_OK;
++}
++
++/* Move to higher.c or similar? */
++/* XXX doc */
++ldns_status
++ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r,
++ ldns_rr_class c, ldns_rdf **mname)
++{
++ ldns_rr *soa_rr;
++ ldns_pkt *query, *resp;
++
++ /* Nondestructive, so clone 'zone' here */
++ query = ldns_pkt_query_new(ldns_rdf_clone(zone), LDNS_RR_TYPE_SOA,
++ c, LDNS_RD);
++ if (!query) {
++ return LDNS_STATUS_ERR;
++ }
++
++ ldns_pkt_set_random_id(query);
++ if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) {
++ ldns_pkt_free(query);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_pkt_free(query);
++ if (!resp) {
++ return LDNS_STATUS_ERR;
++ }
++
++ /* Expect a SOA answer. */
++ *mname = NULL;
++ while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)))) {
++ if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA
++ || ldns_rr_rdf(soa_rr, 0) == NULL)
++ continue;
++ /* [RFC1035 3.3.13] */
++ *mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0));
++ break;
++ }
++ ldns_pkt_free(resp);
++
++ return *mname ? LDNS_STATUS_OK : LDNS_STATUS_ERR;
++}
++
++/* Try to get zone and MNAME from SOA queries. */
++ldns_status
++ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r,
++ ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf)
++{
++ ldns_rr *soa_rr, *rr;
++ ldns_rdf *soa_zone = NULL, *soa_mname = NULL;
++ ldns_rdf *ipaddr, *fqdn_rdf, *tmp;
++ ldns_rdf **nslist;
++ ldns_pkt *query, *resp;
++ ldns_resolver *tmp_r;
++ size_t i;
++
++ /*
++ * XXX Ok, this cannot be the best way to find this...?
++ * XXX (I run into weird cache-related stuff here)
++ */
++
++ /* Step 1 - first find a nameserver that should know *something* */
++ fqdn_rdf = ldns_dname_new_frm_str(fqdn);
++ query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD);
++ if (!query) {
++ return LDNS_STATUS_ERR;
++ }
++ fqdn_rdf = NULL;
++
++ ldns_pkt_set_random_id(query);
++ if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) {
++ ldns_pkt_free(query);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_pkt_free(query);
++ if (!resp) {
++ return LDNS_STATUS_ERR;
++ }
++
++ /* XXX Is it safe to only look in authority section here? */
++ while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) {
++ if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA
++ || ldns_rr_rdf(soa_rr, 0) == NULL)
++ continue;
++ /* [RFC1035 3.3.13] */
++ soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0));
++ break;
++ }
++ ldns_pkt_free(resp);
++ if (!soa_rr) {
++ return LDNS_STATUS_ERR;
++ }
++
++ /* Step 2 - find SOA MNAME IP address, add to resolver */
++ query = ldns_pkt_query_new(soa_mname, LDNS_RR_TYPE_A, c, LDNS_RD);
++ if (!query) {
++ return LDNS_STATUS_ERR;
++ }
++ soa_mname = NULL;
++
++ ldns_pkt_set_random_id(query);
++ if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) {
++ ldns_pkt_free(query);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_pkt_free(query);
++ if (!resp) {
++ return LDNS_STATUS_ERR;
++ }
++
++ if (ldns_pkt_ancount(resp) == 0) {
++ ldns_pkt_free(resp);
++ return LDNS_STATUS_ERR;
++ }
++
++ /* XXX There may be more than one answer RR here. */
++ rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp));
++ ipaddr = ldns_rr_rdf(rr, 0);
++
++ /* Put the SOA mname IP first in the nameserver list. */
++ if (!(tmp_r = ldns_resolver_clone(r))) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ nslist = ldns_resolver_nameservers(tmp_r);
++ for (i = 0; i < ldns_resolver_nameserver_count(tmp_r); i++) {
++ if (ldns_rdf_compare(ipaddr, nslist[i]) == 0) {
++ if (i) {
++ tmp = nslist[0];
++ nslist[0] = nslist[i];
++ nslist[i] = tmp;
++ }
++ break;
++ }
++ }
++ if (i >= ldns_resolver_nameserver_count(tmp_r)) {
++ /* SOA mname was not part of the resolver so add it first. */
++ (void) ldns_resolver_push_nameserver(tmp_r, ipaddr);
++ nslist = ldns_resolver_nameservers(tmp_r);
++ i = ldns_resolver_nameserver_count(tmp_r) - 1;
++ tmp = nslist[0];
++ nslist[0] = nslist[i];
++ nslist[i] = tmp;
++ }
++ ldns_pkt_free(resp);
++
++ /* Make sure to ask the first in the list, i.e SOA mname */
++ ldns_resolver_set_random(tmp_r, false);
++
++ /* Step 3 - Redo SOA query, sending to SOA MNAME directly. */
++ fqdn_rdf = ldns_dname_new_frm_str(fqdn);
++ query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD);
++ if (!query) {
++ ldns_resolver_free(tmp_r);
++ return LDNS_STATUS_ERR;
++ }
++ fqdn_rdf = NULL;
++
++ ldns_pkt_set_random_id(query);
++ if (ldns_resolver_send_pkt(&resp, tmp_r, query) != LDNS_STATUS_OK) {
++ ldns_pkt_free(query);
++ ldns_resolver_free(tmp_r);
++ return LDNS_STATUS_ERR;
++ }
++ ldns_resolver_free(tmp_r);
++ ldns_pkt_free(query);
++ if (!resp) {
++ return LDNS_STATUS_ERR;
++ }
++
++ /* XXX Is it safe to only look in authority section here, too? */
++ while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) {
++ if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA
++ || ldns_rr_rdf(soa_rr, 0) == NULL)
++ continue;
++ /* [RFC1035 3.3.13] */
++ soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0));
++ soa_zone = ldns_rdf_clone(ldns_rr_owner(soa_rr));
++ break;
++ }
++ ldns_pkt_free(resp);
++ if (!soa_rr) {
++ return LDNS_STATUS_ERR;
++ }
++
++ /* That seems to have worked, pass results to caller. */
++ *zone_rdf = soa_zone;
++ *mname_rdf = soa_mname;
++ return LDNS_STATUS_OK;
++}
++
++/*
++ * ldns_update_{get,set}_{zo,pr,up,ad}count
++ */
++
++uint16_t
++ldns_update_zocount(const ldns_pkt *p)
++{
++ return ldns_pkt_qdcount(p);
++}
++
++uint16_t
++ldns_update_prcount(const ldns_pkt *p)
++{
++ return ldns_pkt_ancount(p);
++}
++
++uint16_t
++ldns_update_upcount(const ldns_pkt *p)
++{
++ return ldns_pkt_nscount(p);
++}
++
++uint16_t
++ldns_update_ad(const ldns_pkt *p)
++{
++ return ldns_pkt_arcount(p);
++}
++
++void
++ldns_update_set_zo(ldns_pkt *p, uint16_t v)
++{
++ ldns_pkt_set_qdcount(p, v);
++}
++
++void
++ldns_update_set_prcount(ldns_pkt *p, uint16_t v)
++{
++ ldns_pkt_set_ancount(p, v);
++}
++
++void
++ldns_update_set_upcount(ldns_pkt *p, uint16_t v)
++{
++ ldns_pkt_set_nscount(p, v);
++}
++
++void
++ldns_update_set_adcount(ldns_pkt *p, uint16_t v)
++{
++ ldns_pkt_set_arcount(p, v);
++}
+diff --git a/ldns/src/util.c b/ldns/src/util.c
+new file mode 100644
+index 0000000..33060d9
+--- /dev/null
++++ b/ldns/src/util.c
+@@ -0,0 +1,773 @@
++/*
++ * util.c
++ *
++ * some general memory functions
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++#include <ldns/config.h>
++
++#include <ldns/rdata.h>
++#include <ldns/rr.h>
++#include <ldns/util.h>
++#include <strings.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <sys/time.h>
++#include <time.h>
++#include <ctype.h>
++
++#ifdef HAVE_SSL
++#include <openssl/rand.h>
++#endif
++
++ldns_lookup_table *
++ldns_lookup_by_name(ldns_lookup_table *table, const char *name)
++{
++ while (table->name != NULL) {
++ if (strcasecmp(name, table->name) == 0)
++ return table;
++ table++;
++ }
++ return NULL;
++}
++
++ldns_lookup_table *
++ldns_lookup_by_id(ldns_lookup_table *table, int id)
++{
++ while (table->name != NULL) {
++ if (table->id == id)
++ return table;
++ table++;
++ }
++ return NULL;
++}
++
++int
++ldns_get_bit(uint8_t bits[], size_t index)
++{
++ /*
++ * The bits are counted from left to right, so bit #0 is the
++ * left most bit.
++ */
++ return (int) (bits[index / 8] & (1 << (7 - index % 8)));
++}
++
++int
++ldns_get_bit_r(uint8_t bits[], size_t index)
++{
++ /*
++ * The bits are counted from right to left, so bit #0 is the
++ * right most bit.
++ */
++ return (int) bits[index / 8] & (1 << (index % 8));
++}
++
++void
++ldns_set_bit(uint8_t *byte, int bit_nr, bool value)
++{
++ /*
++ * The bits are counted from right to left, so bit #0 is the
++ * right most bit.
++ */
++ if (bit_nr >= 0 && bit_nr < 8) {
++ if (value) {
++ *byte = *byte | (0x01 << bit_nr);
++ } else {
++ *byte = *byte & ~(0x01 << bit_nr);
++ }
++ }
++}
++
++int
++ldns_hexdigit_to_int(char ch)
++{
++ switch (ch) {
++ case '0': return 0;
++ case '1': return 1;
++ case '2': return 2;
++ case '3': return 3;
++ case '4': return 4;
++ case '5': return 5;
++ case '6': return 6;
++ case '7': return 7;
++ case '8': return 8;
++ case '9': return 9;
++ case 'a': case 'A': return 10;
++ case 'b': case 'B': return 11;
++ case 'c': case 'C': return 12;
++ case 'd': case 'D': return 13;
++ case 'e': case 'E': return 14;
++ case 'f': case 'F': return 15;
++ default:
++ return -1;
++ }
++}
++
++char
++ldns_int_to_hexdigit(int i)
++{
++ switch (i) {
++ case 0: return '0';
++ case 1: return '1';
++ case 2: return '2';
++ case 3: return '3';
++ case 4: return '4';
++ case 5: return '5';
++ case 6: return '6';
++ case 7: return '7';
++ case 8: return '8';
++ case 9: return '9';
++ case 10: return 'a';
++ case 11: return 'b';
++ case 12: return 'c';
++ case 13: return 'd';
++ case 14: return 'e';
++ case 15: return 'f';
++ default:
++ abort();
++ }
++}
++
++int
++ldns_hexstring_to_data(uint8_t *data, const char *str)
++{
++ size_t i;
++
++ if (!str || !data) {
++ return -1;
++ }
++
++ if (strlen(str) % 2 != 0) {
++ return -2;
++ }
++
++ for (i = 0; i < strlen(str) / 2; i++) {
++ data[i] =
++ 16 * (uint8_t) ldns_hexdigit_to_int(str[i*2]) +
++ (uint8_t) ldns_hexdigit_to_int(str[i*2 + 1]);
++ }
++
++ return (int) i;
++}
++
++const char *
++ldns_version(void)
++{
++ return (char*)LDNS_VERSION;
++}
++
++/* Number of days per month (except for February in leap years). */
++static const int mdays[] = {
++ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
++};
++
++#define LDNS_MOD(x,y) (((x) % (y) < 0) ? ((x) % (y) + (y)) : ((x) % (y)))
++#define LDNS_DIV(x,y) (((x) % (y) < 0) ? ((x) / (y) - 1 ) : ((x) / (y)))
++
++static int
++is_leap_year(int year)
++{
++ return LDNS_MOD(year, 4) == 0 && (LDNS_MOD(year, 100) != 0
++ || LDNS_MOD(year, 400) == 0);
++}
++
++static int
++leap_days(int y1, int y2)
++{
++ --y1;
++ --y2;
++ return (LDNS_DIV(y2, 4) - LDNS_DIV(y1, 4)) -
++ (LDNS_DIV(y2, 100) - LDNS_DIV(y1, 100)) +
++ (LDNS_DIV(y2, 400) - LDNS_DIV(y1, 400));
++}
++
++/*
++ * Code adapted from Python 2.4.1 sources (Lib/calendar.py).
++ */
++time_t
++ldns_mktime_from_utc(const struct tm *tm)
++{
++ int year = 1900 + tm->tm_year;
++ time_t days = 365 * ((time_t) year - 1970) + leap_days(1970, year);
++ time_t hours;
++ time_t minutes;
++ time_t seconds;
++ int i;
++
++ for (i = 0; i < tm->tm_mon; ++i) {
++ days += mdays[i];
++ }
++ if (tm->tm_mon > 1 && is_leap_year(year)) {
++ ++days;
++ }
++ days += tm->tm_mday - 1;
++
++ hours = days * 24 + tm->tm_hour;
++ minutes = hours * 60 + tm->tm_min;
++ seconds = minutes * 60 + tm->tm_sec;
++
++ return seconds;
++}
++
++time_t
++mktime_from_utc(const struct tm *tm)
++{
++ return ldns_mktime_from_utc(tm);
++}
++
++#if SIZEOF_TIME_T <= 4
++
++static void
++ldns_year_and_yday_from_days_since_epoch(int64_t days, struct tm *result)
++{
++ int year = 1970;
++ int new_year;
++
++ while (days < 0 || days >= (int64_t) (is_leap_year(year) ? 366 : 365)) {
++ new_year = year + (int) LDNS_DIV(days, 365);
++ days -= (new_year - year) * 365;
++ days -= leap_days(year, new_year);
++ year = new_year;
++ }
++ result->tm_year = year;
++ result->tm_yday = (int) days;
++}
++
++/* Number of days per month in a leap year. */
++static const int leap_year_mdays[] = {
++ 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
++};
++
++static void
++ldns_mon_and_mday_from_year_and_yday(struct tm *result)
++{
++ int idays = result->tm_yday;
++ const int *mon_lengths = is_leap_year(result->tm_year) ?
++ leap_year_mdays : mdays;
++
++ result->tm_mon = 0;
++ while (idays >= mon_lengths[result->tm_mon]) {
++ idays -= mon_lengths[result->tm_mon++];
++ }
++ result->tm_mday = idays + 1;
++}
++
++static void
++ldns_wday_from_year_and_yday(struct tm *result)
++{
++ result->tm_wday = 4 /* 1-1-1970 was a thursday */
++ + LDNS_MOD((result->tm_year - 1970), 7) * LDNS_MOD(365, 7)
++ + leap_days(1970, result->tm_year)
++ + result->tm_yday;
++ result->tm_wday = LDNS_MOD(result->tm_wday, 7);
++ if (result->tm_wday < 0) {
++ result->tm_wday += 7;
++ }
++}
++
++static struct tm *
++ldns_gmtime64_r(int64_t clock, struct tm *result)
++{
++ result->tm_isdst = 0;
++ result->tm_sec = (int) LDNS_MOD(clock, 60);
++ clock = LDNS_DIV(clock, 60);
++ result->tm_min = (int) LDNS_MOD(clock, 60);
++ clock = LDNS_DIV(clock, 60);
++ result->tm_hour = (int) LDNS_MOD(clock, 24);
++ clock = LDNS_DIV(clock, 24);
++
++ ldns_year_and_yday_from_days_since_epoch(clock, result);
++ ldns_mon_and_mday_from_year_and_yday(result);
++ ldns_wday_from_year_and_yday(result);
++ result->tm_year -= 1900;
++
++ return result;
++}
++
++#endif /* SIZEOF_TIME_T <= 4 */
++
++static int64_t
++ldns_serial_arithmitics_time(int32_t time, time_t now)
++{
++ int32_t offset = time - (int32_t) now;
++ return (int64_t) now + offset;
++}
++
++
++struct tm *
++ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result)
++{
++#if SIZEOF_TIME_T <= 4
++ int64_t secs_since_epoch = ldns_serial_arithmitics_time(time, now);
++ return ldns_gmtime64_r(secs_since_epoch, result);
++#else
++ time_t secs_since_epoch = ldns_serial_arithmitics_time(time, now);
++ return gmtime_r(&secs_since_epoch, result);
++#endif
++}
++
++/**
++ * Init the random source
++ * applications should call this if they need entropy data within ldns
++ * If openSSL is available, it is automatically seeded from /dev/urandom
++ * or /dev/random
++ *
++ * If you need more entropy, or have no openssl available, this function
++ * MUST be called at the start of the program
++ *
++ * If openssl *is* available, this function just adds more entropy
++ **/
++int
++ldns_init_random(FILE *fd, unsigned int size)
++{
++ /* if fp is given, seed srandom with data from file
++ otherwise use /dev/urandom */
++ FILE *rand_f;
++ uint8_t *seed;
++ size_t read = 0;
++ unsigned int seed_i;
++ struct timeval tv;
++
++ /* we'll need at least sizeof(unsigned int) bytes for the
++ standard prng seed */
++ if (size < (unsigned int) sizeof(seed_i)){
++ size = (unsigned int) sizeof(seed_i);
++ }
++
++ seed = LDNS_XMALLOC(uint8_t, size);
++ if(!seed) {
++ return 1;
++ }
++
++ if (!fd) {
++ if ((rand_f = fopen("/dev/urandom", "r")) == NULL) {
++ /* no readable /dev/urandom, try /dev/random */
++ if ((rand_f = fopen("/dev/random", "r")) == NULL) {
++ /* no readable /dev/random either, and no entropy
++ source given. we'll have to improvise */
++ for (read = 0; read < size; read++) {
++ gettimeofday(&tv, NULL);
++ seed[read] = (uint8_t) (tv.tv_usec % 256);
++ }
++ } else {
++ read = fread(seed, 1, size, rand_f);
++ }
++ } else {
++ read = fread(seed, 1, size, rand_f);
++ }
++ } else {
++ rand_f = fd;
++ read = fread(seed, 1, size, rand_f);
++ }
++
++ if (read < size) {
++ LDNS_FREE(seed);
++ if (!fd) fclose(rand_f);
++ return 1;
++ } else {
++#ifdef HAVE_SSL
++ /* Seed the OpenSSL prng (most systems have it seeded
++ automatically, in that case this call just adds entropy */
++ RAND_seed(seed, (int) size);
++#else
++ /* Seed the standard prng, only uses the first
++ * unsigned sizeof(unsiged int) bytes found in the entropy pool
++ */
++ memcpy(&seed_i, seed, sizeof(seed_i));
++ srandom(seed_i);
++#endif
++ LDNS_FREE(seed);
++ }
++
++ if (!fd) {
++ if (rand_f) fclose(rand_f);
++ }
++
++ return 0;
++}
++
++/**
++ * Get random number.
++ *
++ */
++uint16_t
++ldns_get_random(void)
++{
++ uint16_t rid = 0;
++#ifdef HAVE_SSL
++ if (RAND_bytes((unsigned char*)&rid, 2) != 1) {
++ rid = (uint16_t) random();
++ }
++#else
++ rid = (uint16_t) random();
++#endif
++ return rid;
++}
++
++/*
++ * BubbleBabble code taken from OpenSSH
++ * Copyright (c) 2001 Carsten Raskgaard. All rights reserved.
++ */
++char *
++ldns_bubblebabble(uint8_t *data, size_t len)
++{
++ char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
++ char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
++ 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
++ size_t i, j = 0, rounds, seed = 1;
++ char *retval;
++
++ rounds = (len / 2) + 1;
++ retval = LDNS_XMALLOC(char, rounds * 6);
++ if(!retval) return NULL;
++ retval[j++] = 'x';
++ for (i = 0; i < rounds; i++) {
++ size_t idx0, idx1, idx2, idx3, idx4;
++ if ((i + 1 < rounds) || (len % 2 != 0)) {
++ idx0 = (((((size_t)(data[2 * i])) >> 6) & 3) +
++ seed) % 6;
++ idx1 = (((size_t)(data[2 * i])) >> 2) & 15;
++ idx2 = ((((size_t)(data[2 * i])) & 3) +
++ (seed / 6)) % 6;
++ retval[j++] = vowels[idx0];
++ retval[j++] = consonants[idx1];
++ retval[j++] = vowels[idx2];
++ if ((i + 1) < rounds) {
++ idx3 = (((size_t)(data[(2 * i) + 1])) >> 4) & 15;
++ idx4 = (((size_t)(data[(2 * i) + 1]))) & 15;
++ retval[j++] = consonants[idx3];
++ retval[j++] = '-';
++ retval[j++] = consonants[idx4];
++ seed = ((seed * 5) +
++ ((((size_t)(data[2 * i])) * 7) +
++ ((size_t)(data[(2 * i) + 1])))) % 36;
++ }
++ } else {
++ idx0 = seed % 6;
++ idx1 = 16;
++ idx2 = seed / 6;
++ retval[j++] = vowels[idx0];
++ retval[j++] = consonants[idx1];
++ retval[j++] = vowels[idx2];
++ }
++ }
++ retval[j++] = 'x';
++ retval[j++] = '\0';
++ return retval;
++}
++
++/*
++ * For backwards compatibility, because we have always exported this symbol.
++ */
++#ifdef HAVE_B64_NTOP
++int ldns_b64_ntop(const uint8_t* src, size_t srclength,
++ char *target, size_t targsize);
++{
++ return b64_ntop(src, srclength, target, targsize);
++}
++#endif
++
++/*
++ * For backwards compatibility, because we have always exported this symbol.
++ */
++#ifdef HAVE_B64_PTON
++int ldns_b64_pton(const char* src, uint8_t *target, size_t targsize)
++{
++ return b64_pton(src, target, targsize);
++}
++#endif
++
++
++static int
++ldns_b32_ntop_base(const uint8_t* src, size_t src_sz,
++ char* dst, size_t dst_sz,
++ bool extended_hex, bool add_padding)
++{
++ size_t ret_sz;
++ const char* b32 = extended_hex ? "0123456789abcdefghijklmnopqrstuv"
++ : "abcdefghijklmnopqrstuvwxyz234567";
++
++ size_t c = 0; /* c is used to carry partial base32 character over
++ * byte boundaries for sizes with a remainder.
++ * (i.e. src_sz % 5 != 0)
++ */
++
++ ret_sz = add_padding ? ldns_b32_ntop_calculate_size(src_sz)
++ : ldns_b32_ntop_calculate_size_no_padding(src_sz);
++
++ /* Do we have enough space? */
++ if (dst_sz < ret_sz + 1)
++ return -1;
++
++ /* We know the size; terminate the string */
++ dst[ret_sz] = '\0';
++
++ /* First process all chunks of five */
++ while (src_sz >= 5) {
++ /* 00000... ........ ........ ........ ........ */
++ dst[0] = b32[(src[0] ) >> 3];
++
++ /* .....111 11...... ........ ........ ........ */
++ dst[1] = b32[(src[0] & 0x07) << 2 | src[1] >> 6];
++
++ /* ........ ..22222. ........ ........ ........ */
++ dst[2] = b32[(src[1] & 0x3e) >> 1];
++
++ /* ........ .......3 3333.... ........ ........ */
++ dst[3] = b32[(src[1] & 0x01) << 4 | src[2] >> 4];
++
++ /* ........ ........ ....4444 4....... ........ */
++ dst[4] = b32[(src[2] & 0x0f) << 1 | src[3] >> 7];
++
++ /* ........ ........ ........ .55555.. ........ */
++ dst[5] = b32[(src[3] & 0x7c) >> 2];
++
++ /* ........ ........ ........ ......66 666..... */
++ dst[6] = b32[(src[3] & 0x03) << 3 | src[4] >> 5];
++
++ /* ........ ........ ........ ........ ...77777 */
++ dst[7] = b32[(src[4] & 0x1f) ];
++
++ src_sz -= 5;
++ src += 5;
++ dst += 8;
++ }
++ /* Process what remains */
++ switch (src_sz) {
++ case 4: /* ........ ........ ........ ......66 666..... */
++ dst[6] = b32[(src[3] & 0x03) << 3];
++
++ /* ........ ........ ........ .55555.. ........ */
++ dst[5] = b32[(src[3] & 0x7c) >> 2];
++
++ /* ........ ........ ....4444 4....... ........ */
++ c = src[3] >> 7 ;
++ case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c];
++
++ /* ........ .......3 3333.... ........ ........ */
++ c = src[2] >> 4 ;
++ case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c];
++
++ /* ........ ..22222. ........ ........ ........ */
++ dst[2] = b32[(src[1] & 0x3e) >> 1];
++
++ /* .....111 11...... ........ ........ ........ */
++ c = src[1] >> 6 ;
++ case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c];
++
++ /* 00000... ........ ........ ........ ........ */
++ dst[0] = b32[ src[0] >> 3];
++ }
++ /* Add padding */
++ if (add_padding) {
++ switch (src_sz) {
++ case 1: dst[2] = '=';
++ dst[3] = '=';
++ case 2: dst[4] = '=';
++ case 3: dst[5] = '=';
++ dst[6] = '=';
++ case 4: dst[7] = '=';
++ }
++ }
++ return (int)ret_sz;
++}
++
++int
++ldns_b32_ntop(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz)
++{
++ return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, false, true);
++}
++
++int
++ldns_b32_ntop_extended_hex(const uint8_t* src, size_t src_sz,
++ char* dst, size_t dst_sz)
++{
++ return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, true, true);
++}
++
++#ifndef HAVE_B32_NTOP
++
++int
++b32_ntop(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz)
++{
++ return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, false, true);
++}
++
++int
++b32_ntop_extended_hex(const uint8_t* src, size_t src_sz,
++ char* dst, size_t dst_sz)
++{
++ return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, true, true);
++}
++
++#endif /* ! HAVE_B32_NTOP */
++
++static int
++ldns_b32_pton_base(const char* src, size_t src_sz,
++ uint8_t* dst, size_t dst_sz,
++ bool extended_hex, bool check_padding)
++{
++ size_t i = 0;
++ char ch = '\0';
++ uint8_t buf[8];
++ uint8_t* start = dst;
++
++ while (src_sz) {
++ /* Collect 8 characters in buf (if possible) */
++ for (i = 0; i < 8; i++) {
++
++ do {
++ ch = *src++;
++ --src_sz;
++
++ } while (isspace(ch) && src_sz > 0);
++
++ if (ch == '=' || ch == '\0')
++ break;
++
++ else if (extended_hex)
++
++ if (ch >= '0' && ch <= '9')
++ buf[i] = (uint8_t)ch - '0';
++ else if (ch >= 'a' && ch <= 'v')
++ buf[i] = (uint8_t)ch - 'a' + 10;
++ else if (ch >= 'A' && ch <= 'V')
++ buf[i] = (uint8_t)ch - 'A' + 10;
++ else
++ return -1;
++
++ else if (ch >= 'a' && ch <= 'z')
++ buf[i] = (uint8_t)ch - 'a';
++ else if (ch >= 'A' && ch <= 'Z')
++ buf[i] = (uint8_t)ch - 'A';
++ else if (ch >= '2' && ch <= '7')
++ buf[i] = (uint8_t)ch - '2' + 26;
++ else
++ return -1;
++ }
++ /* Less that 8 characters. We're done. */
++ if (i < 8)
++ break;
++
++ /* Enough space available at the destination? */
++ if (dst_sz < 5)
++ return -1;
++
++ /* 00000... ........ ........ ........ ........ */
++ /* .....111 11...... ........ ........ ........ */
++ dst[0] = buf[0] << 3 | buf[1] >> 2;
++
++ /* .....111 11...... ........ ........ ........ */
++ /* ........ ..22222. ........ ........ ........ */
++ /* ........ .......3 3333.... ........ ........ */
++ dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4;
++
++ /* ........ .......3 3333.... ........ ........ */
++ /* ........ ........ ....4444 4....... ........ */
++ dst[2] = buf[3] << 4 | buf[4] >> 1;
++
++ /* ........ ........ ....4444 4....... ........ */
++ /* ........ ........ ........ .55555.. ........ */
++ /* ........ ........ ........ ......66 666..... */
++ dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3;
++
++ /* ........ ........ ........ ......66 666..... */
++ /* ........ ........ ........ ........ ...77777 */
++ dst[4] = buf[6] << 5 | buf[7];
++
++ dst += 5;
++ dst_sz -= 5;
++ }
++ /* Not ending on a eight byte boundary? */
++ if (i > 0 && i < 8) {
++
++ /* Enough space available at the destination? */
++ if (dst_sz < (i + 1) / 2)
++ return -1;
++
++ switch (i) {
++ case 7: /* ........ ........ ........ ......66 666..... */
++ /* ........ ........ ........ .55555.. ........ */
++ /* ........ ........ ....4444 4....... ........ */
++ dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3;
++
++ case 5: /* ........ ........ ....4444 4....... ........ */
++ /* ........ .......3 3333.... ........ ........ */
++ dst[2] = buf[3] << 4 | buf[4] >> 1;
++
++ case 4: /* ........ .......3 3333.... ........ ........ */
++ /* ........ ..22222. ........ ........ ........ */
++ /* .....111 11...... ........ ........ ........ */
++ dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4;
++
++ case 2: /* .....111 11...... ........ ........ ........ */
++ /* 00000... ........ ........ ........ ........ */
++ dst[0] = buf[0] << 3 | buf[1] >> 2;
++
++ break;
++
++ default:
++ return -1;
++ }
++ dst += (i + 1) / 2;
++
++ if (check_padding) {
++ /* Check remaining padding characters */
++ if (ch != '=')
++ return -1;
++
++ /* One down, 8 - i - 1 more to come... */
++ for (i = 8 - i - 1; i > 0; i--) {
++
++ do {
++ if (src_sz == 0)
++ return -1;
++ ch = *src++;
++ src_sz--;
++
++ } while (isspace(ch));
++
++ if (ch != '=')
++ return -1;
++ }
++ }
++ }
++ return dst - start;
++}
++
++int
++ldns_b32_pton(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz)
++{
++ return ldns_b32_pton_base(src, src_sz, dst, dst_sz, false, true);
++}
++
++int
++ldns_b32_pton_extended_hex(const char* src, size_t src_sz,
++ uint8_t* dst, size_t dst_sz)
++{
++ return ldns_b32_pton_base(src, src_sz, dst, dst_sz, true, true);
++}
++
++#ifndef HAVE_B32_PTON
++
++int
++b32_pton(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz)
++{
++ return ldns_b32_pton_base(src, src_sz, dst, dst_sz, false, true);
++}
++
++int
++b32_pton_extended_hex(const char* src, size_t src_sz,
++ uint8_t* dst, size_t dst_sz)
++{
++ return ldns_b32_pton_base(src, src_sz, dst, dst_sz, true, true);
++}
++
++#endif /* ! HAVE_B32_PTON */
++
+diff --git a/ldns/src/wire2host.c b/ldns/src/wire2host.c
+new file mode 100644
+index 0000000..e492215
+--- /dev/null
++++ b/ldns/src/wire2host.c
+@@ -0,0 +1,491 @@
++/*
++ * wire2host.c
++ *
++ * conversion routines from the wire to the host
++ * format.
++ * This will usually just a re-ordering of the
++ * data (as we store it in network format)
++ *
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2004-2006
++ *
++ * See the file LICENSE for the license
++ */
++
++
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++/*#include <ldns/wire2host.h>*/
++
++#include <strings.h>
++#include <limits.h>
++
++
++
++/*
++ * Set of macro's to deal with the dns message header as specified
++ * in RFC1035 in portable way.
++ *
++ */
++
++/*
++ *
++ * 1 1 1 1 1 1
++ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
++ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ * | ID |
++ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ * |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE |
++ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ * | QDCOUNT |
++ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ * | ANCOUNT |
++ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ * | NSCOUNT |
++ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ * | ARCOUNT |
++ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
++ *
++ */
++
++
++/* allocates memory to *dname! */
++ldns_status
++ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos)
++{
++ uint8_t label_size;
++ uint16_t pointer_target;
++ uint8_t pointer_target_buf[2];
++ size_t dname_pos = 0;
++ size_t uncompressed_length = 0;
++ size_t compression_pos = 0;
++ uint8_t tmp_dname[LDNS_MAX_DOMAINLEN];
++ unsigned int pointer_count = 0;
++
++ if (pos == NULL) {
++ return LDNS_STATUS_WIRE_RDATA_ERR;
++ }
++ if (*pos >= max) {
++ return LDNS_STATUS_PACKET_OVERFLOW;
++ }
++ label_size = wire[*pos];
++ while (label_size > 0) {
++ /* compression */
++ while (label_size >= 192) {
++ if (compression_pos == 0) {
++ compression_pos = *pos + 2;
++ }
++
++ pointer_count++;
++
++ /* remove first two bits */
++ if (*pos + 2 > max) {
++ return LDNS_STATUS_PACKET_OVERFLOW;
++ }
++ pointer_target_buf[0] = wire[*pos] & 63;
++ pointer_target_buf[1] = wire[*pos + 1];
++ pointer_target = ldns_read_uint16(pointer_target_buf);
++
++ if (pointer_target == 0) {
++ return LDNS_STATUS_INVALID_POINTER;
++ } else if (pointer_target >= max) {
++ return LDNS_STATUS_INVALID_POINTER;
++ } else if (pointer_count > LDNS_MAX_POINTERS) {
++ return LDNS_STATUS_INVALID_POINTER;
++ }
++ *pos = pointer_target;
++ label_size = wire[*pos];
++ }
++ if(label_size == 0)
++ break; /* break from pointer to 0 byte */
++ if (label_size > LDNS_MAX_LABELLEN) {
++ return LDNS_STATUS_LABEL_OVERFLOW;
++ }
++ if (*pos + 1 + label_size > max) {
++ return LDNS_STATUS_LABEL_OVERFLOW;
++ }
++
++ /* check space for labelcount itself */
++ if (dname_pos + 1 > LDNS_MAX_DOMAINLEN) {
++ return LDNS_STATUS_DOMAINNAME_OVERFLOW;
++ }
++ tmp_dname[dname_pos] = label_size;
++ if (label_size > 0) {
++ dname_pos++;
++ }
++ *pos = *pos + 1;
++ if (dname_pos + label_size > LDNS_MAX_DOMAINLEN) {
++ return LDNS_STATUS_DOMAINNAME_OVERFLOW;
++ }
++ memcpy(&tmp_dname[dname_pos], &wire[*pos], label_size);
++ uncompressed_length += label_size + 1;
++ dname_pos += label_size;
++ *pos = *pos + label_size;
++
++ if (*pos < max) {
++ label_size = wire[*pos];
++ }
++ }
++
++ if (compression_pos > 0) {
++ *pos = compression_pos;
++ } else {
++ *pos = *pos + 1;
++ }
++
++ if (dname_pos >= LDNS_MAX_DOMAINLEN) {
++ return LDNS_STATUS_DOMAINNAME_OVERFLOW;
++ }
++
++ tmp_dname[dname_pos] = 0;
++ dname_pos++;
++
++ *dname = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME,
++ (uint16_t) dname_pos, tmp_dname);
++ if (!*dname) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ return LDNS_STATUS_OK;
++}
++
++/* maybe make this a goto error so data can be freed or something/ */
++#define LDNS_STATUS_CHECK_RETURN(st) {if (st != LDNS_STATUS_OK) { return st; }}
++#define LDNS_STATUS_CHECK_GOTO(st, label) {if (st != LDNS_STATUS_OK) { /*printf("STG %s:%d: status code %d\n", __FILE__, __LINE__, st);*/ goto label; }}
++
++ldns_status
++ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos)
++{
++ size_t end;
++ size_t cur_rdf_length;
++ uint8_t rdf_index;
++ uint8_t *data;
++ uint16_t rd_length;
++ ldns_rdf *cur_rdf = NULL;
++ ldns_rdf_type cur_rdf_type;
++ const ldns_rr_descriptor *descriptor;
++ ldns_status status;
++
++ assert(rr != NULL);
++
++ descriptor = ldns_rr_descript(ldns_rr_get_type(rr));
++
++ if (*pos + 2 > max) {
++ return LDNS_STATUS_PACKET_OVERFLOW;
++ }
++
++ rd_length = ldns_read_uint16(&wire[*pos]);
++ *pos = *pos + 2;
++
++ if (*pos + rd_length > max) {
++ return LDNS_STATUS_PACKET_OVERFLOW;
++ }
++
++ end = *pos + (size_t) rd_length;
++
++ rdf_index = 0;
++ while (*pos < end &&
++ rdf_index < ldns_rr_descriptor_maximum(descriptor)) {
++
++ cur_rdf_length = 0;
++
++ cur_rdf_type = ldns_rr_descriptor_field_type(
++ descriptor, rdf_index);
++
++ /* handle special cases immediately, set length
++ for fixed length rdata and do them below */
++ switch (cur_rdf_type) {
++ case LDNS_RDF_TYPE_DNAME:
++ status = ldns_wire2dname(&cur_rdf, wire, max, pos);
++ LDNS_STATUS_CHECK_RETURN(status);
++ break;
++ case LDNS_RDF_TYPE_CLASS:
++ case LDNS_RDF_TYPE_ALG:
++ case LDNS_RDF_TYPE_CERTIFICATE_USAGE:
++ case LDNS_RDF_TYPE_SELECTOR:
++ case LDNS_RDF_TYPE_MATCHING_TYPE:
++ case LDNS_RDF_TYPE_INT8:
++ cur_rdf_length = LDNS_RDF_SIZE_BYTE;
++ break;
++ case LDNS_RDF_TYPE_TYPE:
++ case LDNS_RDF_TYPE_INT16:
++ case LDNS_RDF_TYPE_CERT_ALG:
++ cur_rdf_length = LDNS_RDF_SIZE_WORD;
++ break;
++ case LDNS_RDF_TYPE_TIME:
++ case LDNS_RDF_TYPE_INT32:
++ case LDNS_RDF_TYPE_A:
++ case LDNS_RDF_TYPE_PERIOD:
++ cur_rdf_length = LDNS_RDF_SIZE_DOUBLEWORD;
++ break;
++ case LDNS_RDF_TYPE_TSIGTIME:
++ case LDNS_RDF_TYPE_EUI48:
++ cur_rdf_length = LDNS_RDF_SIZE_6BYTES;
++ break;
++ case LDNS_RDF_TYPE_ILNP64:
++ case LDNS_RDF_TYPE_EUI64:
++ cur_rdf_length = LDNS_RDF_SIZE_8BYTES;
++ break;
++ case LDNS_RDF_TYPE_AAAA:
++ cur_rdf_length = LDNS_RDF_SIZE_16BYTES;
++ break;
++ case LDNS_RDF_TYPE_STR:
++ case LDNS_RDF_TYPE_NSEC3_SALT:
++ case LDNS_RDF_TYPE_TAG:
++ /* len is stored in first byte
++ * it should be in the rdf too, so just
++ * copy len+1 from this position
++ */
++ cur_rdf_length = ((size_t) wire[*pos]) + 1;
++ break;
++
++ case LDNS_RDF_TYPE_INT16_DATA:
++ if (*pos + 2 > end) {
++ return LDNS_STATUS_PACKET_OVERFLOW;
++ }
++ cur_rdf_length =
++ (size_t) ldns_read_uint16(&wire[*pos]) + 2;
++ break;
++ case LDNS_RDF_TYPE_HIP:
++ if (*pos + 4 > end) {
++ return LDNS_STATUS_PACKET_OVERFLOW;
++ }
++ cur_rdf_length =
++ (size_t) wire[*pos] +
++ (size_t) ldns_read_uint16(&wire[*pos + 2]) + 4;
++ break;
++ case LDNS_RDF_TYPE_B32_EXT:
++ case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER:
++ /* length is stored in first byte */
++ cur_rdf_length = ((size_t) wire[*pos]) + 1;
++ break;
++ case LDNS_RDF_TYPE_APL:
++ case LDNS_RDF_TYPE_B64:
++ case LDNS_RDF_TYPE_HEX:
++ case LDNS_RDF_TYPE_NSEC:
++ case LDNS_RDF_TYPE_UNKNOWN:
++ case LDNS_RDF_TYPE_SERVICE:
++ case LDNS_RDF_TYPE_LOC:
++ case LDNS_RDF_TYPE_WKS:
++ case LDNS_RDF_TYPE_NSAP:
++ case LDNS_RDF_TYPE_ATMA:
++ case LDNS_RDF_TYPE_IPSECKEY:
++ case LDNS_RDF_TYPE_LONG_STR:
++ case LDNS_RDF_TYPE_NONE:
++ /*
++ * Read to end of rr rdata
++ */
++ cur_rdf_length = end - *pos;
++ break;
++ }
++
++ /* fixed length rdata */
++ if (cur_rdf_length > 0) {
++ if (cur_rdf_length + *pos > end) {
++ return LDNS_STATUS_PACKET_OVERFLOW;
++ }
++ data = LDNS_XMALLOC(uint8_t, rd_length);
++ if (!data) {
++ return LDNS_STATUS_MEM_ERR;
++ }
++ memcpy(data, &wire[*pos], cur_rdf_length);
++
++ cur_rdf = ldns_rdf_new(cur_rdf_type,
++ cur_rdf_length, data);
++ *pos = *pos + cur_rdf_length;
++ }
++
++ if (cur_rdf) {
++ ldns_rr_push_rdf(rr, cur_rdf);
++ cur_rdf = NULL;
++ }
++
++ rdf_index++;
++
++ } /* while (rdf_index < ldns_rr_descriptor_maximum(descriptor)) */
++
++
++ return LDNS_STATUS_OK;
++}
++
++
++/* TODO:
++ can *pos be incremented at READ_INT? or maybe use something like
++ RR_CLASS(wire)?
++ uhhm Jelte??
++*/
++ldns_status
++ldns_wire2rr(ldns_rr **rr_p, const uint8_t *wire, size_t max,
++ size_t *pos, ldns_pkt_section section)
++{
++ ldns_rdf *owner = NULL;
++ ldns_rr *rr = ldns_rr_new();
++ ldns_status status;
++
++ status = ldns_wire2dname(&owner, wire, max, pos);
++ LDNS_STATUS_CHECK_GOTO(status, status_error);
++
++ ldns_rr_set_owner(rr, owner);
++
++ if (*pos + 4 > max) {
++ status = LDNS_STATUS_PACKET_OVERFLOW;
++ goto status_error;
++ }
++
++ ldns_rr_set_type(rr, ldns_read_uint16(&wire[*pos]));
++ *pos = *pos + 2;
++
++ ldns_rr_set_class(rr, ldns_read_uint16(&wire[*pos]));
++ *pos = *pos + 2;
++
++ if (section != LDNS_SECTION_QUESTION) {
++ if (*pos + 4 > max) {
++ status = LDNS_STATUS_PACKET_OVERFLOW;
++ goto status_error;
++ }
++ ldns_rr_set_ttl(rr, ldns_read_uint32(&wire[*pos]));
++
++ *pos = *pos + 4;
++ status = ldns_wire2rdf(rr, wire, max, pos);
++
++ LDNS_STATUS_CHECK_GOTO(status, status_error);
++ ldns_rr_set_question(rr, false);
++ } else {
++ ldns_rr_set_question(rr, true);
++ }
++
++ *rr_p = rr;
++ return LDNS_STATUS_OK;
++
++status_error:
++ ldns_rr_free(rr);
++ return status;
++}
++
++static ldns_status
++ldns_wire2pkt_hdr(ldns_pkt *packet, const uint8_t *wire, size_t max, size_t *pos)
++{
++ if (*pos + LDNS_HEADER_SIZE > max) {
++ return LDNS_STATUS_WIRE_INCOMPLETE_HEADER;
++ } else {
++ ldns_pkt_set_id(packet, LDNS_ID_WIRE(wire));
++ ldns_pkt_set_qr(packet, LDNS_QR_WIRE(wire));
++ ldns_pkt_set_opcode(packet, LDNS_OPCODE_WIRE(wire));
++ ldns_pkt_set_aa(packet, LDNS_AA_WIRE(wire));
++ ldns_pkt_set_tc(packet, LDNS_TC_WIRE(wire));
++ ldns_pkt_set_rd(packet, LDNS_RD_WIRE(wire));
++ ldns_pkt_set_ra(packet, LDNS_RA_WIRE(wire));
++ ldns_pkt_set_ad(packet, LDNS_AD_WIRE(wire));
++ ldns_pkt_set_cd(packet, LDNS_CD_WIRE(wire));
++ ldns_pkt_set_rcode(packet, LDNS_RCODE_WIRE(wire));
++
++ ldns_pkt_set_qdcount(packet, LDNS_QDCOUNT(wire));
++ ldns_pkt_set_ancount(packet, LDNS_ANCOUNT(wire));
++ ldns_pkt_set_nscount(packet, LDNS_NSCOUNT(wire));
++ ldns_pkt_set_arcount(packet, LDNS_ARCOUNT(wire));
++
++ *pos += LDNS_HEADER_SIZE;
++
++ return LDNS_STATUS_OK;
++ }
++}
++
++ldns_status
++ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer)
++{
++ /* lazy */
++ return ldns_wire2pkt(packet, ldns_buffer_begin(buffer),
++ ldns_buffer_limit(buffer));
++
++}
++
++ldns_status
++ldns_wire2pkt(ldns_pkt **packet_p, const uint8_t *wire, size_t max)
++{
++ size_t pos = 0;
++ uint16_t i;
++ ldns_rr *rr;
++ ldns_pkt *packet = ldns_pkt_new();
++ ldns_status status = LDNS_STATUS_OK;
++ uint8_t have_edns = 0;
++
++ uint8_t data[4];
++
++ status = ldns_wire2pkt_hdr(packet, wire, max, &pos);
++ LDNS_STATUS_CHECK_GOTO(status, status_error);
++
++ for (i = 0; i < ldns_pkt_qdcount(packet); i++) {
++
++ status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_QUESTION);
++ if (status == LDNS_STATUS_PACKET_OVERFLOW) {
++ status = LDNS_STATUS_WIRE_INCOMPLETE_QUESTION;
++ }
++ LDNS_STATUS_CHECK_GOTO(status, status_error);
++ if (!ldns_rr_list_push_rr(ldns_pkt_question(packet), rr)) {
++ ldns_pkt_free(packet);
++ return LDNS_STATUS_INTERNAL_ERR;
++ }
++ }
++ for (i = 0; i < ldns_pkt_ancount(packet); i++) {
++ status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_ANSWER);
++ if (status == LDNS_STATUS_PACKET_OVERFLOW) {
++ status = LDNS_STATUS_WIRE_INCOMPLETE_ANSWER;
++ }
++ LDNS_STATUS_CHECK_GOTO(status, status_error);
++ if (!ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr)) {
++ ldns_pkt_free(packet);
++ return LDNS_STATUS_INTERNAL_ERR;
++ }
++ }
++ for (i = 0; i < ldns_pkt_nscount(packet); i++) {
++ status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_AUTHORITY);
++ if (status == LDNS_STATUS_PACKET_OVERFLOW) {
++ status = LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY;
++ }
++ LDNS_STATUS_CHECK_GOTO(status, status_error);
++ if (!ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr)) {
++ ldns_pkt_free(packet);
++ return LDNS_STATUS_INTERNAL_ERR;
++ }
++ }
++ for (i = 0; i < ldns_pkt_arcount(packet); i++) {
++ status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_ADDITIONAL);
++ if (status == LDNS_STATUS_PACKET_OVERFLOW) {
++ status = LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL;
++ }
++ LDNS_STATUS_CHECK_GOTO(status, status_error);
++
++ if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_OPT) {
++ ldns_pkt_set_edns_udp_size(packet, ldns_rr_get_class(rr));
++ ldns_write_uint32(data, ldns_rr_ttl(rr));
++ ldns_pkt_set_edns_extended_rcode(packet, data[0]);
++ ldns_pkt_set_edns_version(packet, data[1]);
++ ldns_pkt_set_edns_z(packet, ldns_read_uint16(&data[2]));
++ /* edns might not have rdfs */
++ if (ldns_rr_rdf(rr, 0)) {
++ ldns_pkt_set_edns_data(packet, ldns_rdf_clone(ldns_rr_rdf(rr, 0)));
++ }
++ ldns_rr_free(rr);
++ have_edns += 1;
++ } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_TSIG) {
++ ldns_pkt_set_tsig(packet, rr);
++ ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) - 1);
++ } else if (!ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr)) {
++ ldns_pkt_free(packet);
++ return LDNS_STATUS_INTERNAL_ERR;
++ }
++ }
++ ldns_pkt_set_size(packet, max);
++ if(have_edns)
++ ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet)
++ - have_edns);
++ packet->_edns_present = have_edns;
++
++ *packet_p = packet;
++ return status;
++
++status_error:
++ ldns_pkt_free(packet);
++ return status;
++}
+diff --git a/ldns/src/zone.c b/ldns/src/zone.c
+new file mode 100644
+index 0000000..d97a81e
+--- /dev/null
++++ b/ldns/src/zone.c
+@@ -0,0 +1,318 @@
++/* zone.c
++ *
++ * Functions for ldns_zone structure
++ * a Net::DNS like library for C
++ *
++ * (c) NLnet Labs, 2005-2006
++ * See the file LICENSE for the license
++ */
++#include <ldns/config.h>
++
++#include <ldns/ldns.h>
++
++#include <strings.h>
++#include <limits.h>
++
++ldns_rr *
++ldns_zone_soa(const ldns_zone *z)
++{
++ return z->_soa;
++}
++
++size_t
++ldns_zone_rr_count(const ldns_zone *z)
++{
++ return ldns_rr_list_rr_count(z->_rrs);
++}
++
++void
++ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa)
++{
++ z->_soa = soa;
++}
++
++ldns_rr_list *
++ldns_zone_rrs(const ldns_zone *z)
++{
++ return z->_rrs;
++}
++
++void
++ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist)
++{
++ z->_rrs = rrlist;
++}
++
++bool
++ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list)
++{
++ return ldns_rr_list_cat(ldns_zone_rrs(z), list);
++
++}
++
++bool
++ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr)
++{
++ return ldns_rr_list_push_rr( ldns_zone_rrs(z), rr);
++}
++
++
++/*
++ * Get the list of glue records in a zone
++ * XXX: there should be a way for this to return error, other than NULL,
++ * since NULL is a valid return
++ */
++ldns_rr_list *
++ldns_zone_glue_rr_list(const ldns_zone *z)
++{
++ /* when do we find glue? It means we find an IP address
++ * (AAAA/A) for a nameserver listed in the zone
++ *
++ * Alg used here:
++ * first find all the zonecuts (NS records)
++ * find all the AAAA or A records (can be done it the
++ * above loop).
++ *
++ * Check if the aaaa/a list are subdomains under the
++ * NS domains.
++ * If yes -> glue, if no -> not glue
++ */
++
++ ldns_rr_list *zone_cuts;
++ ldns_rr_list *addr;
++ ldns_rr_list *glue;
++ ldns_rr *r, *ns, *a;
++ ldns_rdf *dname_a, *ns_owner;
++ size_t i,j;
++
++ zone_cuts = NULL;
++ addr = NULL;
++ glue = NULL;
++
++ /* we cannot determine glue in a 'zone' without a SOA */
++ if (!ldns_zone_soa(z)) {
++ return NULL;
++ }
++
++ zone_cuts = ldns_rr_list_new();
++ if (!zone_cuts) goto memory_error;
++ addr = ldns_rr_list_new();
++ if (!addr) goto memory_error;
++ glue = ldns_rr_list_new();
++ if (!glue) goto memory_error;
++
++ for(i = 0; i < ldns_zone_rr_count(z); i++) {
++ r = ldns_rr_list_rr(ldns_zone_rrs(z), i);
++ if (ldns_rr_get_type(r) == LDNS_RR_TYPE_A ||
++ ldns_rr_get_type(r) == LDNS_RR_TYPE_AAAA) {
++ /* possibly glue */
++ if (!ldns_rr_list_push_rr(addr, r)) goto memory_error;
++ continue;
++ }
++ if (ldns_rr_get_type(r) == LDNS_RR_TYPE_NS) {
++ /* multiple zones will end up here -
++ * for now; not a problem
++ */
++ /* don't add NS records for the current zone itself */
++ if (ldns_rdf_compare(ldns_rr_owner(r),
++ ldns_rr_owner(ldns_zone_soa(z))) != 0) {
++ if (!ldns_rr_list_push_rr(zone_cuts, r)) goto memory_error;
++ }
++ continue;
++ }
++ }
++
++ /* will sorting make it quicker ?? */
++ for(i = 0; i < ldns_rr_list_rr_count(zone_cuts); i++) {
++ ns = ldns_rr_list_rr(zone_cuts, i);
++ ns_owner = ldns_rr_owner(ns);
++
++ for(j = 0; j < ldns_rr_list_rr_count(addr); j++) {
++ a = ldns_rr_list_rr(addr, j);
++ dname_a = ldns_rr_owner(a);
++
++ if (ldns_dname_is_subdomain(dname_a, ns_owner) ||
++ ldns_dname_compare(dname_a, ns_owner) == 0) {
++ /* GLUE! */
++ if (!ldns_rr_list_push_rr(glue, a)) goto memory_error;
++ }
++ }
++ }
++
++ ldns_rr_list_free(addr);
++ ldns_rr_list_free(zone_cuts);
++
++ if (ldns_rr_list_rr_count(glue) == 0) {
++ ldns_rr_list_free(glue);
++ return NULL;
++ } else {
++ return glue;
++ }
++
++memory_error:
++ if (zone_cuts) {
++ LDNS_FREE(zone_cuts);
++ }
++ if (addr) {
++ ldns_rr_list_free(addr);
++ }
++ if (glue) {
++ ldns_rr_list_free(glue);
++ }
++ return NULL;
++}
++
++ldns_zone *
++ldns_zone_new(void)
++{
++ ldns_zone *z;
++
++ z = LDNS_MALLOC(ldns_zone);
++ if (!z) {
++ return NULL;
++ }
++
++ z->_rrs = ldns_rr_list_new();
++ if (!z->_rrs) {
++ LDNS_FREE(z);
++ return NULL;
++ }
++ ldns_zone_set_soa(z, NULL);
++ return z;
++}
++
++/* we regocnize:
++ * $TTL, $ORIGIN
++ */
++ldns_status
++ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c)
++{
++ return ldns_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL);
++}
++
++/* XXX: class is never used */
++ldns_status
++ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl,
++ ldns_rr_class ATTR_UNUSED(c), int *line_nr)
++{
++ ldns_zone *newzone;
++ ldns_rr *rr;
++ uint32_t my_ttl;
++ ldns_rdf *my_origin;
++ ldns_rdf *my_prev;
++ bool soa_seen = false; /* 2 soa are an error */
++ ldns_status s;
++ ldns_status ret;
++
++ /* most cases of error are memory problems */
++ ret = LDNS_STATUS_MEM_ERR;
++
++ newzone = NULL;
++ my_origin = NULL;
++ my_prev = NULL;
++
++ my_ttl = ttl;
++
++ if (origin) {
++ my_origin = ldns_rdf_clone(origin);
++ if (!my_origin) goto error;
++ /* also set the prev */
++ my_prev = ldns_rdf_clone(origin);
++ if (!my_prev) goto error;
++ }
++
++ newzone = ldns_zone_new();
++ if (!newzone) goto error;
++
++ while(!feof(fp)) {
++ s = ldns_rr_new_frm_fp_l(&rr, fp, &my_ttl, &my_origin, &my_prev, line_nr);
++ switch (s) {
++ case LDNS_STATUS_OK:
++ if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
++ if (soa_seen) {
++ /* second SOA
++ * just skip, maybe we want to say
++ * something??? */
++ ldns_rr_free(rr);
++ continue;
++ }
++ soa_seen = true;
++ ldns_zone_set_soa(newzone, rr);
++ /* set origin to soa if not specified */
++ if (!my_origin) {
++ my_origin = ldns_rdf_clone(ldns_rr_owner(rr));
++ }
++ continue;
++ }
++
++ /* a normal RR - as sofar the DNS is normal */
++ if (!ldns_zone_push_rr(newzone, rr)) goto error;
++
++ case LDNS_STATUS_SYNTAX_EMPTY:
++ /* empty line was seen */
++ case LDNS_STATUS_SYNTAX_TTL:
++ /* the function set the ttl */
++ break;
++ case LDNS_STATUS_SYNTAX_ORIGIN:
++ /* the function set the origin */
++ break;
++ case LDNS_STATUS_SYNTAX_INCLUDE:
++ ret = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL;
++ break;
++ default:
++ ret = s;
++ goto error;
++ }
++ }
++
++ if (my_origin) {
++ ldns_rdf_deep_free(my_origin);
++ }
++ if (my_prev) {
++ ldns_rdf_deep_free(my_prev);
++ }
++ if (z) {
++ *z = newzone;
++ } else {
++ ldns_zone_free(newzone);
++ }
++
++ return LDNS_STATUS_OK;
++
++error:
++ if (my_origin) {
++ ldns_rdf_deep_free(my_origin);
++ }
++ if (my_prev) {
++ ldns_rdf_deep_free(my_prev);
++ }
++ if (newzone) {
++ ldns_zone_free(newzone);
++ }
++ return ret;
++}
++
++void
++ldns_zone_sort(ldns_zone *zone)
++{
++ ldns_rr_list *zrr;
++ assert(zone != NULL);
++
++ zrr = ldns_zone_rrs(zone);
++ ldns_rr_list_sort(zrr);
++}
++
++void
++ldns_zone_free(ldns_zone *zone)
++{
++ ldns_rr_list_free(zone->_rrs);
++ LDNS_FREE(zone);
++}
++
++void
++ldns_zone_deep_free(ldns_zone *zone)
++{
++ ldns_rr_free(zone->_soa);
++ ldns_rr_list_deep_free(zone->_rrs);
++ LDNS_FREE(zone);
++}
+diff --git a/src/ldns/buffer.c b/src/ldns/buffer.c
+deleted file mode 100644
+index fc6c17e..0000000
+--- a/src/ldns/buffer.c
++++ /dev/null
+@@ -1,177 +0,0 @@
+-/*
+- * buffer.c -- generic memory buffer .
+- *
+- * Copyright (c) 2001-2008, NLnet Labs. All rights reserved.
+- *
+- * See LICENSE for the license.
+- *
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-#include <ldns/buffer.h>
+-
+-ldns_buffer *
+-ldns_buffer_new(size_t capacity)
+-{
+- ldns_buffer *buffer = LDNS_MALLOC(ldns_buffer);
+-
+- if (!buffer) {
+- return NULL;
+- }
+-
+- buffer->_data = (uint8_t *) LDNS_XMALLOC(uint8_t, capacity);
+- if (!buffer->_data) {
+- LDNS_FREE(buffer);
+- return NULL;
+- }
+-
+- buffer->_position = 0;
+- buffer->_limit = buffer->_capacity = capacity;
+- buffer->_fixed = 0;
+- buffer->_status = LDNS_STATUS_OK;
+-
+- ldns_buffer_invariant(buffer);
+-
+- return buffer;
+-}
+-
+-void
+-ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size)
+-{
+- assert(data != NULL);
+-
+- buffer->_position = 0;
+- buffer->_limit = buffer->_capacity = size;
+- buffer->_fixed = 0;
+- buffer->_data = LDNS_XMALLOC(uint8_t, size);
+- if(!buffer->_data) {
+- buffer->_status = LDNS_STATUS_MEM_ERR;
+- return;
+- }
+- memcpy(buffer->_data, data, size);
+- buffer->_status = LDNS_STATUS_OK;
+-
+- ldns_buffer_invariant(buffer);
+-}
+-
+-bool
+-ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity)
+-{
+- void *data;
+-
+- ldns_buffer_invariant(buffer);
+- assert(buffer->_position <= capacity);
+-
+- data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity);
+- if (!data) {
+- buffer->_status = LDNS_STATUS_MEM_ERR;
+- return false;
+- } else {
+- buffer->_data = data;
+- buffer->_limit = buffer->_capacity = capacity;
+- return true;
+- }
+-}
+-
+-bool
+-ldns_buffer_reserve(ldns_buffer *buffer, size_t amount)
+-{
+- ldns_buffer_invariant(buffer);
+- assert(!buffer->_fixed);
+- if (buffer->_capacity < buffer->_position + amount) {
+- size_t new_capacity = buffer->_capacity * 3 / 2;
+-
+- if (new_capacity < buffer->_position + amount) {
+- new_capacity = buffer->_position + amount;
+- }
+- if (!ldns_buffer_set_capacity(buffer, new_capacity)) {
+- buffer->_status = LDNS_STATUS_MEM_ERR;
+- return false;
+- }
+- }
+- buffer->_limit = buffer->_capacity;
+- return true;
+-}
+-
+-int
+-ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...)
+-{
+- va_list args;
+- int written = 0;
+- size_t remaining;
+-
+- if (ldns_buffer_status_ok(buffer)) {
+- ldns_buffer_invariant(buffer);
+- assert(buffer->_limit == buffer->_capacity);
+-
+- remaining = ldns_buffer_remaining(buffer);
+- va_start(args, format);
+- written = vsnprintf((char *) ldns_buffer_current(buffer), remaining,
+- format, args);
+- va_end(args);
+- if (written == -1) {
+- buffer->_status = LDNS_STATUS_INTERNAL_ERR;
+- return -1;
+- } else if ((size_t) written >= remaining) {
+- if (!ldns_buffer_reserve(buffer, (size_t) written + 1)) {
+- buffer->_status = LDNS_STATUS_MEM_ERR;
+- return -1;
+- }
+- va_start(args, format);
+- written = vsnprintf((char *) ldns_buffer_current(buffer),
+- ldns_buffer_remaining(buffer), format, args);
+- va_end(args);
+- if (written == -1) {
+- buffer->_status = LDNS_STATUS_INTERNAL_ERR;
+- return -1;
+- }
+- }
+- buffer->_position += written;
+- }
+- return written;
+-}
+-
+-void
+-ldns_buffer_free(ldns_buffer *buffer)
+-{
+- if (!buffer) {
+- return;
+- }
+-
+- if (!buffer->_fixed)
+- LDNS_FREE(buffer->_data);
+-
+- LDNS_FREE(buffer);
+-}
+-
+-void *
+-ldns_buffer_export(ldns_buffer *buffer)
+-{
+- buffer->_fixed = 1;
+- return buffer->_data;
+-}
+-
+-int
+-ldns_bgetc(ldns_buffer *buffer)
+-{
+- if (!ldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) {
+- ldns_buffer_set_position(buffer, ldns_buffer_limit(buffer));
+- /* ldns_buffer_rewind(buffer);*/
+- return EOF;
+- }
+- return (int)ldns_buffer_read_u8(buffer);
+-}
+-
+-void
+-ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from)
+-{
+- size_t tocopy = ldns_buffer_limit(from);
+-
+- if(tocopy > ldns_buffer_capacity(result))
+- tocopy = ldns_buffer_capacity(result);
+- ldns_buffer_clear(result);
+- ldns_buffer_write(result, ldns_buffer_begin(from), tocopy);
+- ldns_buffer_flip(result);
+-}
+diff --git a/src/ldns/compat/b64_ntop.c b/src/ldns/compat/b64_ntop.c
+deleted file mode 100644
+index 6895aca..0000000
+--- a/src/ldns/compat/b64_ntop.c
++++ /dev/null
+@@ -1,185 +0,0 @@
+-/*
+- * Copyright (c) 1996, 1998 by Internet Software Consortium.
+- *
+- * Permission to use, copy, modify, and distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+- * SOFTWARE.
+- */
+-
+-/*
+- * Portions Copyright (c) 1995 by International Business Machines, Inc.
+- *
+- * International Business Machines, Inc. (hereinafter called IBM) grants
+- * permission under its copyrights to use, copy, modify, and distribute this
+- * Software with or without fee, provided that the above copyright notice and
+- * all paragraphs of this notice appear in all copies, and that the name of IBM
+- * not be used in connection with the marketing of any product incorporating
+- * the Software or modifications thereof, without specific, written prior
+- * permission.
+- *
+- * To the extent it has a right to do so, IBM grants an immunity from suit
+- * under its patents, if any, for the use, sale or manufacture of products to
+- * the extent that such products are used for performing Domain Name System
+- * dynamic updates in TCP/IP networks by means of the Software. No immunity is
+- * granted for any product per se or for any other function of any product.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
+- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+- * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
+- * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
+- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
+- * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
+- */
+-#include <ldns/config.h>
+-#include <ctype.h>
+-#include <stdlib.h>
+-#include <string.h>
+-
+-static const char Base64[] =
+- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+-static const char Pad64 = '=';
+-
+-/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
+- The following encoding technique is taken from RFC 1521 by Borenstein
+- and Freed. It is reproduced here in a slightly edited form for
+- convenience.
+-
+- A 65-character subset of US-ASCII is used, enabling 6 bits to be
+- represented per printable character. (The extra 65th character, "=",
+- is used to signify a special processing function.)
+-
+- The encoding process represents 24-bit groups of input bits as output
+- strings of 4 encoded characters. Proceeding from left to right, a
+- 24-bit input group is formed by concatenating 3 8-bit input groups.
+- These 24 bits are then treated as 4 concatenated 6-bit groups, each
+- of which is translated into a single digit in the base64 alphabet.
+-
+- Each 6-bit group is used as an index into an array of 64 printable
+- characters. The character referenced by the index is placed in the
+- output string.
+-
+- Table 1: The Base64 Alphabet
+-
+- Value Encoding Value Encoding Value Encoding Value Encoding
+- 0 A 17 R 34 i 51 z
+- 1 B 18 S 35 j 52 0
+- 2 C 19 T 36 k 53 1
+- 3 D 20 U 37 l 54 2
+- 4 E 21 V 38 m 55 3
+- 5 F 22 W 39 n 56 4
+- 6 G 23 X 40 o 57 5
+- 7 H 24 Y 41 p 58 6
+- 8 I 25 Z 42 q 59 7
+- 9 J 26 a 43 r 60 8
+- 10 K 27 b 44 s 61 9
+- 11 L 28 c 45 t 62 +
+- 12 M 29 d 46 u 63 /
+- 13 N 30 e 47 v
+- 14 O 31 f 48 w (pad) =
+- 15 P 32 g 49 x
+- 16 Q 33 h 50 y
+-
+- Special processing is performed if fewer than 24 bits are available
+- at the end of the data being encoded. A full encoding quantum is
+- always completed at the end of a quantity. When fewer than 24 input
+- bits are available in an input group, zero bits are added (on the
+- right) to form an integral number of 6-bit groups. Padding at the
+- end of the data is performed using the '=' character.
+-
+- Since all base64 input is an integral number of octets, only the
+- -------------------------------------------------
+- following cases can arise:
+-
+- (1) the final quantum of encoding input is an integral
+- multiple of 24 bits; here, the final unit of encoded
+- output will be an integral multiple of 4 characters
+- with no "=" padding,
+- (2) the final quantum of encoding input is exactly 8 bits;
+- here, the final unit of encoded output will be two
+- characters followed by two "=" padding characters, or
+- (3) the final quantum of encoding input is exactly 16 bits;
+- here, the final unit of encoded output will be three
+- characters followed by one "=" padding character.
+- */
+-
+-int
+-ldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) {
+- size_t datalength = 0;
+- uint8_t input[3];
+- uint8_t output[4];
+- size_t i;
+-
+- if (srclength == 0) {
+- if (targsize > 0) {
+- target[0] = '\0';
+- return 0;
+- } else {
+- return -1;
+- }
+- }
+-
+- while (2 < srclength) {
+- input[0] = *src++;
+- input[1] = *src++;
+- input[2] = *src++;
+- srclength -= 3;
+-
+- output[0] = input[0] >> 2;
+- output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+- output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+- output[3] = input[2] & 0x3f;
+- assert(output[0] < 64);
+- assert(output[1] < 64);
+- assert(output[2] < 64);
+- assert(output[3] < 64);
+-
+- if (datalength + 4 > targsize) {
+- return (-1);
+- }
+- target[datalength++] = Base64[output[0]];
+- target[datalength++] = Base64[output[1]];
+- target[datalength++] = Base64[output[2]];
+- target[datalength++] = Base64[output[3]];
+- }
+-
+- /* Now we worry about padding. */
+- if (0 != srclength) {
+- /* Get what's left. */
+- input[0] = input[1] = input[2] = (uint8_t) '\0';
+- for (i = 0; i < srclength; i++)
+- input[i] = *src++;
+-
+- output[0] = input[0] >> 2;
+- output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+- output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+- assert(output[0] < 64);
+- assert(output[1] < 64);
+- assert(output[2] < 64);
+-
+- if (datalength + 4 > targsize) {
+- return (-2);
+- }
+- target[datalength++] = Base64[output[0]];
+- target[datalength++] = Base64[output[1]];
+- if (srclength == 1) {
+- target[datalength++] = Pad64;
+- } else {
+- target[datalength++] = Base64[output[2]];
+- }
+- target[datalength++] = Pad64;
+- }
+- if (datalength >= targsize) {
+- return (-3);
+- }
+- target[datalength] = '\0'; /* Returned value doesn't count \0. */
+- return (int) (datalength);
+-}
+diff --git a/src/ldns/compat/b64_pton.c b/src/ldns/compat/b64_pton.c
+deleted file mode 100644
+index 18d8c8e..0000000
+--- a/src/ldns/compat/b64_pton.c
++++ /dev/null
+@@ -1,244 +0,0 @@
+-/*
+- * Copyright (c) 1996, 1998 by Internet Software Consortium.
+- *
+- * Permission to use, copy, modify, and distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+- * SOFTWARE.
+- */
+-
+-/*
+- * Portions Copyright (c) 1995 by International Business Machines, Inc.
+- *
+- * International Business Machines, Inc. (hereinafter called IBM) grants
+- * permission under its copyrights to use, copy, modify, and distribute this
+- * Software with or without fee, provided that the above copyright notice and
+- * all paragraphs of this notice appear in all copies, and that the name of IBM
+- * not be used in connection with the marketing of any product incorporating
+- * the Software or modifications thereof, without specific, written prior
+- * permission.
+- *
+- * To the extent it has a right to do so, IBM grants an immunity from suit
+- * under its patents, if any, for the use, sale or manufacture of products to
+- * the extent that such products are used for performing Domain Name System
+- * dynamic updates in TCP/IP networks by means of the Software. No immunity is
+- * granted for any product per se or for any other function of any product.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
+- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+- * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
+- * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
+- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
+- * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
+- */
+-#include <ldns/config.h>
+-#include <ctype.h>
+-#include <stdlib.h>
+-#include <string.h>
+-
+-static const char Base64[] =
+- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+-static const char Pad64 = '=';
+-
+-/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
+- The following encoding technique is taken from RFC 1521 by Borenstein
+- and Freed. It is reproduced here in a slightly edited form for
+- convenience.
+-
+- A 65-character subset of US-ASCII is used, enabling 6 bits to be
+- represented per printable character. (The extra 65th character, "=",
+- is used to signify a special processing function.)
+-
+- The encoding process represents 24-bit groups of input bits as output
+- strings of 4 encoded characters. Proceeding from left to right, a
+- 24-bit input group is formed by concatenating 3 8-bit input groups.
+- These 24 bits are then treated as 4 concatenated 6-bit groups, each
+- of which is translated into a single digit in the base64 alphabet.
+-
+- Each 6-bit group is used as an index into an array of 64 printable
+- characters. The character referenced by the index is placed in the
+- output string.
+-
+- Table 1: The Base64 Alphabet
+-
+- Value Encoding Value Encoding Value Encoding Value Encoding
+- 0 A 17 R 34 i 51 z
+- 1 B 18 S 35 j 52 0
+- 2 C 19 T 36 k 53 1
+- 3 D 20 U 37 l 54 2
+- 4 E 21 V 38 m 55 3
+- 5 F 22 W 39 n 56 4
+- 6 G 23 X 40 o 57 5
+- 7 H 24 Y 41 p 58 6
+- 8 I 25 Z 42 q 59 7
+- 9 J 26 a 43 r 60 8
+- 10 K 27 b 44 s 61 9
+- 11 L 28 c 45 t 62 +
+- 12 M 29 d 46 u 63 /
+- 13 N 30 e 47 v
+- 14 O 31 f 48 w (pad) =
+- 15 P 32 g 49 x
+- 16 Q 33 h 50 y
+-
+- Special processing is performed if fewer than 24 bits are available
+- at the end of the data being encoded. A full encoding quantum is
+- always completed at the end of a quantity. When fewer than 24 input
+- bits are available in an input group, zero bits are added (on the
+- right) to form an integral number of 6-bit groups. Padding at the
+- end of the data is performed using the '=' character.
+-
+- Since all base64 input is an integral number of octets, only the
+- -------------------------------------------------
+- following cases can arise:
+-
+- (1) the final quantum of encoding input is an integral
+- multiple of 24 bits; here, the final unit of encoded
+- output will be an integral multiple of 4 characters
+- with no "=" padding,
+- (2) the final quantum of encoding input is exactly 8 bits;
+- here, the final unit of encoded output will be two
+- characters followed by two "=" padding characters, or
+- (3) the final quantum of encoding input is exactly 16 bits;
+- here, the final unit of encoded output will be three
+- characters followed by one "=" padding character.
+- */
+-
+-/* skips all whitespace anywhere.
+- converts characters, four at a time, starting at (or after)
+- src from base - 64 numbers into three 8 bit bytes in the target area.
+- it returns the number of data bytes stored at the target, or -1 on error.
+- */
+-
+-int
+-ldns_b64_pton(char const *origsrc, uint8_t *target, size_t targsize)
+-{
+- unsigned char const* src = (unsigned char*)origsrc;
+- int tarindex, state, ch;
+- char *pos;
+-
+- state = 0;
+- tarindex = 0;
+-
+- if (strlen(origsrc) == 0) {
+- return 0;
+- }
+-
+- while ((ch = *src++) != '\0') {
+- if (isspace((unsigned char)ch)) /* Skip whitespace anywhere. */
+- continue;
+-
+- if (ch == Pad64)
+- break;
+-
+- pos = strchr(Base64, ch);
+- if (pos == 0) {
+- /* A non-base64 character. */
+- return (-1);
+- }
+-
+- switch (state) {
+- case 0:
+- if (target) {
+- if ((size_t)tarindex >= targsize)
+- return (-1);
+- target[tarindex] = (pos - Base64) << 2;
+- }
+- state = 1;
+- break;
+- case 1:
+- if (target) {
+- if ((size_t)tarindex + 1 >= targsize)
+- return (-1);
+- target[tarindex] |= (pos - Base64) >> 4;
+- target[tarindex+1] = ((pos - Base64) & 0x0f)
+- << 4 ;
+- }
+- tarindex++;
+- state = 2;
+- break;
+- case 2:
+- if (target) {
+- if ((size_t)tarindex + 1 >= targsize)
+- return (-1);
+- target[tarindex] |= (pos - Base64) >> 2;
+- target[tarindex+1] = ((pos - Base64) & 0x03)
+- << 6;
+- }
+- tarindex++;
+- state = 3;
+- break;
+- case 3:
+- if (target) {
+- if ((size_t)tarindex >= targsize)
+- return (-1);
+- target[tarindex] |= (pos - Base64);
+- }
+- tarindex++;
+- state = 0;
+- break;
+- default:
+- abort();
+- }
+- }
+-
+- /*
+- * We are done decoding Base-64 chars. Let's see if we ended
+- * on a byte boundary, and/or with erroneous trailing characters.
+- */
+-
+- if (ch == Pad64) { /* We got a pad char. */
+- ch = *src++; /* Skip it, get next. */
+- switch (state) {
+- case 0: /* Invalid = in first position */
+- case 1: /* Invalid = in second position */
+- return (-1);
+-
+- case 2: /* Valid, means one byte of info */
+- /* Skip any number of spaces. */
+- for ((void)NULL; ch != '\0'; ch = *src++)
+- if (!isspace((unsigned char)ch))
+- break;
+- /* Make sure there is another trailing = sign. */
+- if (ch != Pad64)
+- return (-1);
+- ch = *src++; /* Skip the = */
+- /* Fall through to "single trailing =" case. */
+- /* FALLTHROUGH */
+-
+- case 3: /* Valid, means two bytes of info */
+- /*
+- * We know this char is an =. Is there anything but
+- * whitespace after it?
+- */
+- for ((void)NULL; ch != '\0'; ch = *src++)
+- if (!isspace((unsigned char)ch))
+- return (-1);
+-
+- /*
+- * Now make sure for cases 2 and 3 that the "extra"
+- * bits that slopped past the last full byte were
+- * zeros. If we don't check them, they become a
+- * subliminal channel.
+- */
+- if (target && target[tarindex] != 0)
+- return (-1);
+- }
+- } else {
+- /*
+- * We ended by seeing the end of the string. Make sure we
+- * have no partial bytes lying around.
+- */
+- if (state != 0)
+- return (-1);
+- }
+-
+- return (tarindex);
+-}
+diff --git a/src/ldns/compat/strlcpy.c b/src/ldns/compat/strlcpy.c
+deleted file mode 100644
+index d6c34c1..0000000
+--- a/src/ldns/compat/strlcpy.c
++++ /dev/null
+@@ -1,57 +0,0 @@
+-/* from openssh 4.3p2 compat/strlcpy.c */
+-/*
+- * Copyright (c) 1998 Todd C. Miller <Todd.Miller at courtesan.com>
+- *
+- * Permission to use, copy, modify, and distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+- */
+-
+-/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
+-
+-#include <ldns/config.h>
+-#ifndef HAVE_STRLCPY
+-
+-#include <sys/types.h>
+-#include <string.h>
+-
+-/*
+- * Copy src to string dst of size siz. At most siz-1 characters
+- * will be copied. Always NUL terminates (unless siz == 0).
+- * Returns strlen(src); if retval >= siz, truncation occurred.
+- */
+-size_t
+-strlcpy(char *dst, const char *src, size_t siz)
+-{
+- char *d = dst;
+- const char *s = src;
+- size_t n = siz;
+-
+- /* Copy as many bytes as will fit */
+- if (n != 0 && --n != 0) {
+- do {
+- if ((*d++ = *s++) == 0)
+- break;
+- } while (--n != 0);
+- }
+-
+- /* Not enough room in dst, add NUL and traverse rest of src */
+- if (n == 0) {
+- if (siz != 0)
+- *d = '\0'; /* NUL-terminate dst */
+- while (*s++)
+- ;
+- }
+-
+- return(s - src - 1); /* count does not include NUL */
+-}
+-
+-#endif /* !HAVE_STRLCPY */
+diff --git a/src/ldns/dane.c b/src/ldns/dane.c
+deleted file mode 100644
+index 675dfa8..0000000
+--- a/src/ldns/dane.c
++++ /dev/null
+@@ -1,748 +0,0 @@
+-/*
+- * Verify or create TLS authentication with DANE (RFC6698)
+- *
+- * (c) NLnetLabs 2012
+- *
+- * See the file LICENSE for the license.
+- *
+- */
+-
+-#include <ldns/config.h>
+-#ifdef USE_DANE
+-
+-#include <ldns/ldns.h>
+-#include <ldns/dane.h>
+-
+-#include <unistd.h>
+-#include <stdlib.h>
+-#include <sys/types.h>
+-#ifdef HAVE_SYS_SOCKET_H
+-#include <sys/socket.h>
+-#endif
+-#ifdef HAVE_NETDB_H
+-#include <netdb.h>
+-#endif
+-
+-#ifdef HAVE_SSL
+-#include <openssl/ssl.h>
+-#include <openssl/err.h>
+-#include <openssl/x509v3.h>
+-#endif
+-
+-ldns_status
+-ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
+- uint16_t port, ldns_dane_transport transport)
+-{
+- char buf[LDNS_MAX_DOMAINLEN];
+- size_t s;
+-
+- assert(tlsa_owner != NULL);
+- assert(name != NULL);
+- assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
+-
+- s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
+- buf[0] = (char)(s - 1);
+-
+- switch(transport) {
+- case LDNS_DANE_TRANSPORT_TCP:
+- s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp");
+- break;
+-
+- case LDNS_DANE_TRANSPORT_UDP:
+- s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp");
+- break;
+-
+- case LDNS_DANE_TRANSPORT_SCTP:
+- s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp");
+- break;
+-
+- default:
+- return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT;
+- }
+- if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) {
+- return LDNS_STATUS_DOMAINNAME_OVERFLOW;
+- }
+- memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name));
+- *tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME,
+- s + ldns_rdf_size(name), buf);
+- if (*tlsa_owner == NULL) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-
+-#ifdef HAVE_SSL
+-ldns_status
+-ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
+- ldns_tlsa_selector selector,
+- ldns_tlsa_matching_type matching_type)
+-{
+- unsigned char* buf = NULL;
+- size_t len;
+-
+- X509_PUBKEY* xpubkey;
+- EVP_PKEY* epubkey;
+-
+- unsigned char* digest;
+-
+- assert(rdf != NULL);
+- assert(cert != NULL);
+-
+- switch(selector) {
+- case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
+-
+- len = (size_t)i2d_X509(cert, &buf);
+- break;
+-
+- case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
+-
+-#ifndef S_SPLINT_S
+- xpubkey = X509_get_X509_PUBKEY(cert);
+-#endif
+- if (! xpubkey) {
+- return LDNS_STATUS_SSL_ERR;
+- }
+- epubkey = X509_PUBKEY_get(xpubkey);
+- if (! epubkey) {
+- return LDNS_STATUS_SSL_ERR;
+- }
+- len = (size_t)i2d_PUBKEY(epubkey, &buf);
+- break;
+-
+- default:
+- return LDNS_STATUS_DANE_UNKNOWN_SELECTOR;
+- }
+-
+- switch(matching_type) {
+- case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED:
+-
+- *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf);
+-
+- return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
+- break;
+-
+- case LDNS_TLSA_MATCHING_TYPE_SHA256:
+-
+- digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH);
+- if (digest == NULL) {
+- LDNS_FREE(buf);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- (void) ldns_sha256(buf, (unsigned int)len, digest);
+- *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH,
+- digest);
+- LDNS_FREE(buf);
+-
+- return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
+- break;
+-
+- case LDNS_TLSA_MATCHING_TYPE_SHA512:
+-
+- digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH);
+- if (digest == NULL) {
+- LDNS_FREE(buf);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- (void) ldns_sha512(buf, (unsigned int)len, digest);
+- *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH,
+- digest);
+- LDNS_FREE(buf);
+-
+- return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
+- break;
+-
+- default:
+- LDNS_FREE(buf);
+- return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE;
+- }
+-}
+-
+-
+-/* Ordinary PKIX validation of cert (with extra_certs to help)
+- * against the CA's in store
+- */
+-static ldns_status
+-ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs,
+- X509_STORE* store)
+-{
+- X509_STORE_CTX* vrfy_ctx;
+- ldns_status s;
+-
+- if (! store) {
+- return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
+- }
+- vrfy_ctx = X509_STORE_CTX_new();
+- if (! vrfy_ctx) {
+-
+- return LDNS_STATUS_SSL_ERR;
+-
+- } else if (X509_STORE_CTX_init(vrfy_ctx, store,
+- cert, extra_certs) != 1) {
+- s = LDNS_STATUS_SSL_ERR;
+-
+- } else if (X509_verify_cert(vrfy_ctx) == 1) {
+-
+- s = LDNS_STATUS_OK;
+-
+- } else {
+- s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
+- }
+- X509_STORE_CTX_free(vrfy_ctx);
+- return s;
+-}
+-
+-
+-/* Orinary PKIX validation of cert (with extra_certs to help)
+- * against the CA's in store, but also return the validation chain.
+- */
+-static ldns_status
+-ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert,
+- STACK_OF(X509)* extra_certs, X509_STORE* store)
+-{
+- ldns_status s;
+- X509_STORE* empty_store = NULL;
+- X509_STORE_CTX* vrfy_ctx;
+-
+- assert(chain != NULL);
+-
+- if (! store) {
+- store = empty_store = X509_STORE_new();
+- }
+- s = LDNS_STATUS_SSL_ERR;
+- vrfy_ctx = X509_STORE_CTX_new();
+- if (! vrfy_ctx) {
+-
+- goto exit_free_empty_store;
+-
+- } else if (X509_STORE_CTX_init(vrfy_ctx, store,
+- cert, extra_certs) != 1) {
+- goto exit_free_vrfy_ctx;
+-
+- } else if (X509_verify_cert(vrfy_ctx) == 1) {
+-
+- s = LDNS_STATUS_OK;
+-
+- } else {
+- s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
+- }
+- *chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
+- if (! *chain) {
+- s = LDNS_STATUS_SSL_ERR;
+- }
+-
+-exit_free_vrfy_ctx:
+- X509_STORE_CTX_free(vrfy_ctx);
+-
+-exit_free_empty_store:
+- if (empty_store) {
+- X509_STORE_free(empty_store);
+- }
+- return s;
+-}
+-
+-
+-/* Return the validation chain that can be build out of cert, with extra_certs.
+- */
+-static ldns_status
+-ldns_dane_pkix_get_chain(STACK_OF(X509)** chain,
+- X509* cert, STACK_OF(X509)* extra_certs)
+-{
+- ldns_status s;
+- X509_STORE* empty_store = NULL;
+- X509_STORE_CTX* vrfy_ctx;
+-
+- assert(chain != NULL);
+-
+- empty_store = X509_STORE_new();
+- s = LDNS_STATUS_SSL_ERR;
+- vrfy_ctx = X509_STORE_CTX_new();
+- if (! vrfy_ctx) {
+-
+- goto exit_free_empty_store;
+-
+- } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
+- cert, extra_certs) != 1) {
+- goto exit_free_vrfy_ctx;
+- }
+- (void) X509_verify_cert(vrfy_ctx);
+- *chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
+- if (! *chain) {
+- s = LDNS_STATUS_SSL_ERR;
+- } else {
+- s = LDNS_STATUS_OK;
+- }
+-exit_free_vrfy_ctx:
+- X509_STORE_CTX_free(vrfy_ctx);
+-
+-exit_free_empty_store:
+- X509_STORE_free(empty_store);
+- return s;
+-}
+-
+-
+-/* Pop n+1 certs and return the last popped.
+- */
+-static ldns_status
+-ldns_dane_get_nth_cert_from_validation_chain(
+- X509** cert, STACK_OF(X509)* chain, int n, bool ca)
+-{
+- if (n >= sk_X509_num(chain) || n < 0) {
+- return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE;
+- }
+- *cert = sk_X509_pop(chain);
+- while (n-- > 0) {
+- X509_free(*cert);
+- *cert = sk_X509_pop(chain);
+- }
+- if (ca && ! X509_check_ca(*cert)) {
+- return LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-
+-/* Create validation chain with cert and extra_certs and returns the last
+- * self-signed (if present).
+- */
+-static ldns_status
+-ldns_dane_pkix_get_last_self_signed(X509** out_cert,
+- X509* cert, STACK_OF(X509)* extra_certs)
+-{
+- ldns_status s;
+- X509_STORE* empty_store = NULL;
+- X509_STORE_CTX* vrfy_ctx;
+-
+- assert(out_cert != NULL);
+-
+- empty_store = X509_STORE_new();
+- s = LDNS_STATUS_SSL_ERR;
+- vrfy_ctx = X509_STORE_CTX_new();
+- if (! vrfy_ctx) {
+- goto exit_free_empty_store;
+-
+- } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
+- cert, extra_certs) != 1) {
+- goto exit_free_vrfy_ctx;
+-
+- }
+- (void) X509_verify_cert(vrfy_ctx);
+- if (vrfy_ctx->error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
+- vrfy_ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){
+-
+- *out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx);
+- s = LDNS_STATUS_OK;
+- } else {
+- s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR;
+- }
+-exit_free_vrfy_ctx:
+- X509_STORE_CTX_free(vrfy_ctx);
+-
+-exit_free_empty_store:
+- X509_STORE_free(empty_store);
+- return s;
+-}
+-
+-
+-ldns_status
+-ldns_dane_select_certificate(X509** selected_cert,
+- X509* cert, STACK_OF(X509)* extra_certs,
+- X509_STORE* pkix_validation_store,
+- ldns_tlsa_certificate_usage cert_usage, int offset)
+-{
+- ldns_status s;
+- STACK_OF(X509)* pkix_validation_chain = NULL;
+-
+- assert(selected_cert != NULL);
+- assert(cert != NULL);
+-
+- /* With PKIX validation explicitely turned off (pkix_validation_store
+- * == NULL), treat the "CA constraint" and "Service certificate
+- * constraint" the same as "Trust anchor assertion" and "Domain issued
+- * certificate" respectively.
+- */
+- if (pkix_validation_store == NULL) {
+- switch (cert_usage) {
+-
+- case LDNS_TLSA_USAGE_CA_CONSTRAINT:
+-
+- cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION;
+- break;
+-
+- case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
+-
+- cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE;
+- break;
+-
+- default:
+- break;
+- }
+- }
+-
+- /* Now what to do with each Certificate usage...
+- */
+- switch (cert_usage) {
+-
+- case LDNS_TLSA_USAGE_CA_CONSTRAINT:
+-
+- s = ldns_dane_pkix_validate_and_get_chain(
+- &pkix_validation_chain,
+- cert, extra_certs,
+- pkix_validation_store);
+- if (! pkix_validation_chain) {
+- return s;
+- }
+- if (s == LDNS_STATUS_OK) {
+- if (offset == -1) {
+- offset = 0;
+- }
+- s = ldns_dane_get_nth_cert_from_validation_chain(
+- selected_cert, pkix_validation_chain,
+- offset, true);
+- }
+- sk_X509_pop_free(pkix_validation_chain, X509_free);
+- return s;
+- break;
+-
+-
+- case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
+-
+- *selected_cert = cert;
+- return ldns_dane_pkix_validate(cert, extra_certs,
+- pkix_validation_store);
+- break;
+-
+-
+- case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
+-
+- if (offset == -1) {
+- s = ldns_dane_pkix_get_last_self_signed(
+- selected_cert, cert, extra_certs);
+- return s;
+- } else {
+- s = ldns_dane_pkix_get_chain(
+- &pkix_validation_chain,
+- cert, extra_certs);
+- if (s == LDNS_STATUS_OK) {
+- s =
+- ldns_dane_get_nth_cert_from_validation_chain(
+- selected_cert, pkix_validation_chain,
+- offset, false);
+- } else if (! pkix_validation_chain) {
+- return s;
+- }
+- sk_X509_pop_free(pkix_validation_chain, X509_free);
+- return s;
+- }
+- break;
+-
+-
+- case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
+-
+- *selected_cert = cert;
+- return LDNS_STATUS_OK;
+- break;
+-
+- default:
+- return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
+- break;
+- }
+-}
+-
+-
+-ldns_status
+-ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
+- ldns_tlsa_certificate_usage certificate_usage,
+- ldns_tlsa_selector selector,
+- ldns_tlsa_matching_type matching_type,
+- X509* cert)
+-{
+- ldns_rdf* rdf;
+- ldns_status s;
+-
+- assert(tlsa != NULL);
+- assert(cert != NULL);
+-
+- /* create rr */
+- *tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA);
+- if (*tlsa == NULL) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8,
+- (uint8_t)certificate_usage);
+- if (rdf == NULL) {
+- goto memerror;
+- }
+- (void) ldns_rr_set_rdf(*tlsa, rdf, 0);
+-
+- rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector);
+- if (rdf == NULL) {
+- goto memerror;
+- }
+- (void) ldns_rr_set_rdf(*tlsa, rdf, 1);
+-
+- rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type);
+- if (rdf == NULL) {
+- goto memerror;
+- }
+- (void) ldns_rr_set_rdf(*tlsa, rdf, 2);
+-
+- s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type);
+- if (s == LDNS_STATUS_OK) {
+- (void) ldns_rr_set_rdf(*tlsa, rdf, 3);
+- return LDNS_STATUS_OK;
+- }
+- ldns_rr_free(*tlsa);
+- *tlsa = NULL;
+- return s;
+-
+-memerror:
+- ldns_rr_free(*tlsa);
+- *tlsa = NULL;
+- return LDNS_STATUS_MEM_ERR;
+-}
+-
+-
+-/* Return tlsas that actually are TLSA resource records with known values
+- * for the Certificate usage, Selector and Matching type rdata fields.
+- */
+-static ldns_rr_list*
+-ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas)
+-{
+- size_t i;
+- ldns_rr_list* r = ldns_rr_list_new();
+- ldns_rr* tlsa_rr;
+-
+- if (! r) {
+- return NULL;
+- }
+- for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
+- tlsa_rr = ldns_rr_list_rr(tlsas, i);
+- if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA &&
+- ldns_rr_rd_count(tlsa_rr) == 4 &&
+- ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 &&
+- ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 &&
+- ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) {
+-
+- if (! ldns_rr_list_push_rr(r, tlsa_rr)) {
+- ldns_rr_list_free(r);
+- return NULL;
+- }
+- }
+- }
+- return r;
+-}
+-
+-
+-/* Return whether cert/selector/matching_type matches data.
+- */
+-static ldns_status
+-ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector,
+- ldns_tlsa_matching_type matching_type, ldns_rdf* data)
+-{
+- ldns_status s;
+- ldns_rdf* match_data;
+-
+- s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type);
+- if (s == LDNS_STATUS_OK) {
+- if (ldns_rdf_compare(data, match_data) != 0) {
+- s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
+- }
+- ldns_rdf_free(match_data);
+- }
+- return s;
+-}
+-
+-
+-/* Return whether any certificate from the chain with selector/matching_type
+- * matches data.
+- * ca should be true if the certificate has to be a CA certificate too.
+- */
+-static ldns_status
+-ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
+- ldns_tlsa_selector selector,
+- ldns_tlsa_matching_type matching_type,
+- ldns_rdf* data, bool ca)
+-{
+- ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
+- size_t n, i;
+- X509* cert;
+-
+- n = (size_t)sk_X509_num(chain);
+- for (i = 0; i < n; i++) {
+- cert = sk_X509_pop(chain);
+- if (! cert) {
+- s = LDNS_STATUS_SSL_ERR;
+- break;
+- }
+- s = ldns_dane_match_cert_with_data(cert,
+- selector, matching_type, data);
+- if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) {
+- s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
+- }
+- X509_free(cert);
+- if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) {
+- break;
+- }
+- /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
+- * try to match the next certificate
+- */
+- }
+- return s;
+-}
+-
+-
+-ldns_status
+-ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
+- X509* cert, STACK_OF(X509)* extra_certs,
+- X509_STORE* pkix_validation_store)
+-{
+- ldns_status s;
+-
+- STACK_OF(X509)* pkix_validation_chain = NULL;
+-
+- ldns_tlsa_certificate_usage cert_usage;
+- ldns_tlsa_selector selector;
+- ldns_tlsa_matching_type matching_type;
+- ldns_rdf* data;
+-
+- if (! tlsa_rr) {
+- /* No TLSA, so regular PKIX validation
+- */
+- return ldns_dane_pkix_validate(cert, extra_certs,
+- pkix_validation_store);
+- }
+- cert_usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0));
+- selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1));
+- matching_type = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2));
+- data = ldns_rr_rdf(tlsa_rr, 3) ;
+-
+- switch (cert_usage) {
+- case LDNS_TLSA_USAGE_CA_CONSTRAINT:
+- s = ldns_dane_pkix_validate_and_get_chain(
+- &pkix_validation_chain,
+- cert, extra_certs,
+- pkix_validation_store);
+- if (! pkix_validation_chain) {
+- return s;
+- }
+- if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
+- /*
+- * NO PKIX validation. We still try to match *any*
+- * certificate from the chain, so we return
+- * TLSA errors over PKIX errors.
+- *
+- * i.e. When the TLSA matches no certificate, we return
+- * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE
+- */
+- s = ldns_dane_match_any_cert_with_data(
+- pkix_validation_chain,
+- selector, matching_type, data, true);
+-
+- if (s == LDNS_STATUS_OK) {
+- /* A TLSA record did match a cert from the
+- * chain, thus the error is failed PKIX
+- * validation.
+- */
+- s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
+- }
+-
+- } else if (s == LDNS_STATUS_OK) {
+- /* PKIX validated, does the TLSA match too? */
+-
+- s = ldns_dane_match_any_cert_with_data(
+- pkix_validation_chain,
+- selector, matching_type, data, true);
+- }
+- sk_X509_pop_free(pkix_validation_chain, X509_free);
+- return s;
+- break;
+-
+- case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
+- s = ldns_dane_match_cert_with_data(cert,
+- selector, matching_type, data);
+-
+- if (s == LDNS_STATUS_OK) {
+- return ldns_dane_pkix_validate(cert, extra_certs,
+- pkix_validation_store);
+- }
+- return s;
+- break;
+-
+- case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
+- s = ldns_dane_pkix_get_chain(&pkix_validation_chain,
+- cert, extra_certs);
+-
+- if (s == LDNS_STATUS_OK) {
+- s = ldns_dane_match_any_cert_with_data(
+- pkix_validation_chain,
+- selector, matching_type, data, false);
+-
+- } else if (! pkix_validation_chain) {
+- return s;
+- }
+- sk_X509_pop_free(pkix_validation_chain, X509_free);
+- return s;
+- break;
+-
+- case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
+- return ldns_dane_match_cert_with_data(cert,
+- selector, matching_type, data);
+- break;
+-
+- default:
+- break;
+- }
+- return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
+-}
+-
+-
+-ldns_status
+-ldns_dane_verify(ldns_rr_list* tlsas,
+- X509* cert, STACK_OF(X509)* extra_certs,
+- X509_STORE* pkix_validation_store)
+-{
+- size_t i;
+- ldns_rr* tlsa_rr;
+- ldns_status s = LDNS_STATUS_OK, ps;
+-
+- assert(cert != NULL);
+-
+- if (tlsas && ldns_rr_list_rr_count(tlsas) > 0) {
+- tlsas = ldns_dane_filter_unusable_records(tlsas);
+- if (! tlsas) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- }
+- if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0) {
+- /* No TLSA's, so regular PKIX validation
+- */
+- return ldns_dane_pkix_validate(cert, extra_certs,
+- pkix_validation_store);
+- } else {
+- for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
+- tlsa_rr = ldns_rr_list_rr(tlsas, i);
+- ps = s;
+- s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs,
+- pkix_validation_store);
+-
+- if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH &&
+- s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
+-
+- /* which would be LDNS_STATUS_OK (match)
+- * or some fatal error preventing use from
+- * trying the next TLSA record.
+- */
+- break;
+- }
+- s = (s > ps ? s : ps); /* prefer PKIX_DID_NOT_VALIDATE
+- * over TLSA_DID_NOT_MATCH
+- */
+- }
+- ldns_rr_list_free(tlsas);
+- }
+- return s;
+-}
+-#endif /* HAVE_SSL */
+-#endif /* USE_DANE */
+diff --git a/src/ldns/dname.c b/src/ldns/dname.c
+deleted file mode 100644
+index 55aba5d..0000000
+--- a/src/ldns/dname.c
++++ /dev/null
+@@ -1,598 +0,0 @@
+-/*
+- * dname.c
+- *
+- * dname specific rdata implementations
+- * A dname is a rdf structure with type LDNS_RDF_TYPE_DNAME
+- * It is not a /real/ type! All function must therefor check
+- * for LDNS_RDF_TYPE_DNAME.
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#ifdef HAVE_NETINET_IN_H
+-#include <netinet/in.h>
+-#endif
+-#ifdef HAVE_SYS_SOCKET_H
+-#include <sys/socket.h>
+-#endif
+-#ifdef HAVE_NETDB_H
+-#include <netdb.h>
+-#endif
+-#ifdef HAVE_ARPA_INET_H
+-#include <arpa/inet.h>
+-#endif
+-
+-/* Returns whether the last label in the name is a root label (a empty label).
+- * Note that it is not enough to just test the last character to be 0,
+- * because it may be part of the last label itself.
+- */
+-static bool
+-ldns_dname_last_label_is_root_label(const ldns_rdf* dname)
+-{
+- size_t src_pos;
+- size_t len = 0;
+-
+- for (src_pos = 0; src_pos < ldns_rdf_size(dname); src_pos += len + 1) {
+- len = ldns_rdf_data(dname)[src_pos];
+- }
+- assert(src_pos == ldns_rdf_size(dname));
+-
+- return src_pos > 0 && len == 0;
+-}
+-
+-ldns_rdf *
+-ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2)
+-{
+- ldns_rdf *new;
+- uint16_t new_size;
+- uint8_t *buf;
+- uint16_t left_size;
+-
+- if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME ||
+- ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) {
+- return NULL;
+- }
+-
+- /* remove root label if it is present at the end of the left
+- * rd, by reducing the size with 1
+- */
+- left_size = ldns_rdf_size(rd1);
+- if (ldns_dname_last_label_is_root_label(rd1)) {
+- left_size--;
+- }
+-
+- /* we overwrite the nullbyte of rd1 */
+- new_size = left_size + ldns_rdf_size(rd2);
+- buf = LDNS_XMALLOC(uint8_t, new_size);
+- if (!buf) {
+- return NULL;
+- }
+-
+- /* put the two dname's after each other */
+- memcpy(buf, ldns_rdf_data(rd1), left_size);
+- memcpy(buf + left_size, ldns_rdf_data(rd2), ldns_rdf_size(rd2));
+-
+- new = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, new_size, buf);
+-
+- LDNS_FREE(buf);
+- return new;
+-}
+-
+-ldns_status
+-ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2)
+-{
+- uint16_t left_size;
+- uint16_t size;
+- uint8_t* newd;
+-
+- if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME ||
+- ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* remove root label if it is present at the end of the left
+- * rd, by reducing the size with 1
+- */
+- left_size = ldns_rdf_size(rd1);
+- if (ldns_dname_last_label_is_root_label(rd1)) {
+- left_size--;
+- }
+-
+- size = left_size + ldns_rdf_size(rd2);
+- newd = LDNS_XREALLOC(ldns_rdf_data(rd1), uint8_t, size);
+- if(!newd) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- ldns_rdf_set_data(rd1, newd);
+- memcpy(ldns_rdf_data(rd1) + left_size, ldns_rdf_data(rd2),
+- ldns_rdf_size(rd2));
+- ldns_rdf_set_size(rd1, size);
+-
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_rdf*
+-ldns_dname_reverse(const ldns_rdf *dname)
+-{
+- size_t rd_size;
+- uint8_t* buf;
+- ldns_rdf* new;
+- size_t src_pos;
+- size_t len ;
+-
+- assert(ldns_rdf_get_type(dname) == LDNS_RDF_TYPE_DNAME);
+-
+- rd_size = ldns_rdf_size(dname);
+- buf = LDNS_XMALLOC(uint8_t, rd_size);
+- if (! buf) {
+- return NULL;
+- }
+- new = ldns_rdf_new(LDNS_RDF_TYPE_DNAME, rd_size, buf);
+- if (! new) {
+- LDNS_FREE(buf);
+- return NULL;
+- }
+-
+- /* If dname ends in a root label, the reverse should too.
+- */
+- if (ldns_dname_last_label_is_root_label(dname)) {
+- buf[rd_size - 1] = 0;
+- rd_size -= 1;
+- }
+- for (src_pos = 0; src_pos < rd_size; src_pos += len + 1) {
+- len = ldns_rdf_data(dname)[src_pos];
+- memcpy(&buf[rd_size - src_pos - len - 1],
+- &ldns_rdf_data(dname)[src_pos], len + 1);
+- }
+- return new;
+-}
+-
+-ldns_rdf *
+-ldns_dname_clone_from(const ldns_rdf *d, uint16_t n)
+-{
+- uint8_t *data;
+- uint8_t label_size;
+- size_t data_size;
+-
+- if (!d ||
+- ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME ||
+- ldns_dname_label_count(d) < n) {
+- return NULL;
+- }
+-
+- data = ldns_rdf_data(d);
+- data_size = ldns_rdf_size(d);
+- while (n > 0) {
+- label_size = data[0] + 1;
+- data += label_size;
+- if (data_size < label_size) {
+- /* this label is very broken */
+- return NULL;
+- }
+- data_size -= label_size;
+- n--;
+- }
+-
+- return ldns_dname_new_frm_data(data_size, data);
+-}
+-
+-ldns_rdf *
+-ldns_dname_left_chop(const ldns_rdf *d)
+-{
+- uint8_t label_pos;
+- ldns_rdf *chop;
+-
+- if (!d) {
+- return NULL;
+- }
+-
+- if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) {
+- return NULL;
+- }
+- if (ldns_dname_label_count(d) == 0) {
+- /* root label */
+- return NULL;
+- }
+- /* 05blaat02nl00 */
+- label_pos = ldns_rdf_data(d)[0];
+-
+- chop = ldns_dname_new_frm_data(ldns_rdf_size(d) - label_pos - 1,
+- ldns_rdf_data(d) + label_pos + 1);
+- return chop;
+-}
+-
+-uint8_t
+-ldns_dname_label_count(const ldns_rdf *r)
+-{
+- uint16_t src_pos;
+- uint16_t len;
+- uint8_t i;
+- size_t r_size;
+-
+- if (!r) {
+- return 0;
+- }
+-
+- i = 0;
+- src_pos = 0;
+- r_size = ldns_rdf_size(r);
+-
+- if (ldns_rdf_get_type(r) != LDNS_RDF_TYPE_DNAME) {
+- return 0;
+- } else {
+- len = ldns_rdf_data(r)[src_pos]; /* start of the label */
+-
+- /* single root label */
+- if (1 == r_size) {
+- return 0;
+- } else {
+- while ((len > 0) && src_pos < r_size) {
+- src_pos++;
+- src_pos += len;
+- len = ldns_rdf_data(r)[src_pos];
+- i++;
+- }
+- }
+- }
+- return i;
+-}
+-
+-ldns_rdf *
+-ldns_dname_new(uint16_t s, void *d)
+-{
+- ldns_rdf *rd;
+-
+- rd = LDNS_MALLOC(ldns_rdf);
+- if (!rd) {
+- return NULL;
+- }
+- ldns_rdf_set_size(rd, s);
+- ldns_rdf_set_type(rd, LDNS_RDF_TYPE_DNAME);
+- ldns_rdf_set_data(rd, d);
+- return rd;
+-}
+-
+-ldns_rdf *
+-ldns_dname_new_frm_str(const char *str)
+-{
+- return ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, str);
+-}
+-
+-ldns_rdf *
+-ldns_dname_new_frm_data(uint16_t size, const void *data)
+-{
+- return ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, size, data);
+-}
+-
+-void
+-ldns_dname2canonical(const ldns_rdf *rd)
+-{
+- uint8_t *rdd;
+- uint16_t i;
+-
+- if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_DNAME) {
+- return;
+- }
+-
+- rdd = (uint8_t*)ldns_rdf_data(rd);
+- for (i = 0; i < ldns_rdf_size(rd); i++, rdd++) {
+- *rdd = (uint8_t)LDNS_DNAME_NORMALIZE((int)*rdd);
+- }
+-}
+-
+-bool
+-ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent)
+-{
+- uint8_t sub_lab;
+- uint8_t par_lab;
+- int8_t i, j;
+- ldns_rdf *tmp_sub = NULL;
+- ldns_rdf *tmp_par = NULL;
+- ldns_rdf *sub_clone;
+- ldns_rdf *parent_clone;
+- bool result = true;
+-
+- if (ldns_rdf_get_type(sub) != LDNS_RDF_TYPE_DNAME ||
+- ldns_rdf_get_type(parent) != LDNS_RDF_TYPE_DNAME ||
+- ldns_rdf_compare(sub, parent) == 0) {
+- return false;
+- }
+-
+- /* would be nicer if we do not have to clone... */
+- sub_clone = ldns_dname_clone_from(sub, 0);
+- parent_clone = ldns_dname_clone_from(parent, 0);
+- ldns_dname2canonical(sub_clone);
+- ldns_dname2canonical(parent_clone);
+-
+- sub_lab = ldns_dname_label_count(sub_clone);
+- par_lab = ldns_dname_label_count(parent_clone);
+-
+- /* if sub sits above parent, it cannot be a child/sub domain */
+- if (sub_lab < par_lab) {
+- result = false;
+- } else {
+- /* check all labels the from the parent labels, from right to left.
+- * When they /all/ match we have found a subdomain
+- */
+- j = sub_lab - 1; /* we count from zero, thank you */
+- for (i = par_lab -1; i >= 0; i--) {
+- tmp_sub = ldns_dname_label(sub_clone, j);
+- tmp_par = ldns_dname_label(parent_clone, i);
+- if (!tmp_sub || !tmp_par) {
+- /* deep free does null check */
+- ldns_rdf_deep_free(tmp_sub);
+- ldns_rdf_deep_free(tmp_par);
+- result = false;
+- break;
+- }
+-
+- if (ldns_rdf_compare(tmp_sub, tmp_par) != 0) {
+- /* they are not equal */
+- ldns_rdf_deep_free(tmp_sub);
+- ldns_rdf_deep_free(tmp_par);
+- result = false;
+- break;
+- }
+- ldns_rdf_deep_free(tmp_sub);
+- ldns_rdf_deep_free(tmp_par);
+- j--;
+- }
+- }
+- ldns_rdf_deep_free(sub_clone);
+- ldns_rdf_deep_free(parent_clone);
+- return result;
+-}
+-
+-int
+-ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2)
+-{
+- size_t lc1, lc2, lc1f, lc2f;
+- size_t i;
+- int result = 0;
+- uint8_t *lp1, *lp2;
+-
+- /* see RFC4034 for this algorithm */
+- /* this algorithm assumes the names are normalized to case */
+-
+- /* only when both are not NULL we can say anything about them */
+- if (!dname1 && !dname2) {
+- return 0;
+- }
+- if (!dname1 || !dname2) {
+- return -1;
+- }
+- /* asserts must happen later as we are looking in the
+- * dname, which could be NULL. But this case is handled
+- * above
+- */
+- assert(ldns_rdf_get_type(dname1) == LDNS_RDF_TYPE_DNAME);
+- assert(ldns_rdf_get_type(dname2) == LDNS_RDF_TYPE_DNAME);
+-
+- lc1 = ldns_dname_label_count(dname1);
+- lc2 = ldns_dname_label_count(dname2);
+-
+- if (lc1 == 0 && lc2 == 0) {
+- return 0;
+- }
+- if (lc1 == 0) {
+- return -1;
+- }
+- if (lc2 == 0) {
+- return 1;
+- }
+- lc1--;
+- lc2--;
+- /* we start at the last label */
+- while (true) {
+- /* find the label first */
+- lc1f = lc1;
+- lp1 = ldns_rdf_data(dname1);
+- while (lc1f > 0) {
+- lp1 += *lp1 + 1;
+- lc1f--;
+- }
+-
+- /* and find the other one */
+- lc2f = lc2;
+- lp2 = ldns_rdf_data(dname2);
+- while (lc2f > 0) {
+- lp2 += *lp2 + 1;
+- lc2f--;
+- }
+-
+- /* now check the label character for character. */
+- for (i = 1; i < (size_t)(*lp1 + 1); i++) {
+- if (i > *lp2) {
+- /* apparently label 1 is larger */
+- result = 1;
+- goto done;
+- }
+- if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) <
+- LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) {
+- result = -1;
+- goto done;
+- } else if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) >
+- LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) {
+- result = 1;
+- goto done;
+- }
+- }
+- if (*lp1 < *lp2) {
+- /* apparently label 2 is larger */
+- result = -1;
+- goto done;
+- }
+- if (lc1 == 0 && lc2 > 0) {
+- result = -1;
+- goto done;
+- } else if (lc1 > 0 && lc2 == 0) {
+- result = 1;
+- goto done;
+- } else if (lc1 == 0 && lc2 == 0) {
+- result = 0;
+- goto done;
+- }
+- lc1--;
+- lc2--;
+- }
+-
+- done:
+- return result;
+-}
+-
+-int
+-ldns_dname_is_wildcard(const ldns_rdf* dname)
+-{
+- return ( ldns_dname_label_count(dname) > 0 &&
+- ldns_rdf_data(dname)[0] == 1 &&
+- ldns_rdf_data(dname)[1] == '*');
+-}
+-
+-int
+-ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard)
+-{
+- ldns_rdf *wc_chopped;
+- int result;
+- /* check whether it really is a wildcard */
+- if (ldns_dname_is_wildcard(wildcard)) {
+- /* ok, so the dname needs to be a subdomain of the wildcard
+- * without the *
+- */
+- wc_chopped = ldns_dname_left_chop(wildcard);
+- result = (int) ldns_dname_is_subdomain(dname, wc_chopped);
+- ldns_rdf_deep_free(wc_chopped);
+- } else {
+- result = (ldns_dname_compare(dname, wildcard) == 0);
+- }
+- return result;
+-}
+-
+-/* nsec test: does prev <= middle < next
+- * -1 = yes
+- * 0 = error/can't tell
+- * 1 = no
+- */
+-int
+-ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle,
+- const ldns_rdf *next)
+-{
+- int prev_check, next_check;
+-
+- assert(ldns_rdf_get_type(prev) == LDNS_RDF_TYPE_DNAME);
+- assert(ldns_rdf_get_type(middle) == LDNS_RDF_TYPE_DNAME);
+- assert(ldns_rdf_get_type(next) == LDNS_RDF_TYPE_DNAME);
+-
+- prev_check = ldns_dname_compare(prev, middle);
+- next_check = ldns_dname_compare(middle, next);
+- /* <= next. This cannot be the case for nsec, because then we would
+- * have gotten the nsec of next...
+- */
+- if (next_check == 0) {
+- return 0;
+- }
+-
+- /* <= */
+- if ((prev_check == -1 || prev_check == 0) &&
+- /* < */
+- next_check == -1) {
+- return -1;
+- } else {
+- return 1;
+- }
+-}
+-
+-
+-bool
+-ldns_dname_str_absolute(const char *dname_str)
+-{
+- const char* s;
+- if(dname_str && strcmp(dname_str, ".") == 0)
+- return 1;
+- if(!dname_str || strlen(dname_str) < 2)
+- return 0;
+- if(dname_str[strlen(dname_str) - 1] != '.')
+- return 0;
+- if(dname_str[strlen(dname_str) - 2] != '\\')
+- return 1; /* ends in . and no \ before it */
+- /* so we have the case of ends in . and there is \ before it */
+- for(s=dname_str; *s; s++) {
+- if(*s == '\\') {
+- if(s[1] && s[2] && s[3] /* check length */
+- && isdigit(s[1]) && isdigit(s[2]) &&
+- isdigit(s[3]))
+- s += 3;
+- else if(!s[1] || isdigit(s[1])) /* escape of nul,0-9 */
+- return 0; /* parse error */
+- else s++; /* another character escaped */
+- }
+- else if(!*(s+1) && *s == '.')
+- return 1; /* trailing dot, unescaped */
+- }
+- return 0;
+-}
+-
+-bool
+-ldns_dname_absolute(const ldns_rdf *rdf)
+-{
+- char *str = ldns_rdf2str(rdf);
+- if (str) {
+- bool r = ldns_dname_str_absolute(str);
+- LDNS_FREE(str);
+- return r;
+- }
+- return false;
+-}
+-
+-ldns_rdf *
+-ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos)
+-{
+- uint8_t labelcnt;
+- uint16_t src_pos;
+- uint16_t len;
+- ldns_rdf *tmpnew;
+- size_t s;
+- uint8_t *data;
+-
+- if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_DNAME) {
+- return NULL;
+- }
+-
+- labelcnt = 0;
+- src_pos = 0;
+- s = ldns_rdf_size(rdf);
+-
+- len = ldns_rdf_data(rdf)[src_pos]; /* label start */
+- while ((len > 0) && src_pos < s) {
+- if (labelcnt == labelpos) {
+- /* found our label */
+- data = LDNS_XMALLOC(uint8_t, len + 2);
+- if (!data) {
+- return NULL;
+- }
+- memcpy(data, ldns_rdf_data(rdf) + src_pos, len + 1);
+- data[len + 2 - 1] = 0;
+-
+- tmpnew = ldns_rdf_new( LDNS_RDF_TYPE_DNAME
+- , len + 2, data);
+- if (!tmpnew) {
+- LDNS_FREE(data);
+- return NULL;
+- }
+- return tmpnew;
+- }
+- src_pos++;
+- src_pos += len;
+- len = ldns_rdf_data(rdf)[src_pos];
+- labelcnt++;
+- }
+- return NULL;
+-}
+diff --git a/src/ldns/dnssec.c b/src/ldns/dnssec.c
+deleted file mode 100644
+index a41a9f6..0000000
+--- a/src/ldns/dnssec.c
++++ /dev/null
+@@ -1,1869 +0,0 @@
+-/*
+- * dnssec.c
+- *
+- * contains the cryptographic function needed for DNSSEC in ldns
+- * The crypto library used is openssl
+- *
+- * (c) NLnet Labs, 2004-2008
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-#include <ldns/dnssec.h>
+-
+-#include <strings.h>
+-#include <time.h>
+-
+-#ifdef HAVE_SSL
+-#include <openssl/ssl.h>
+-#include <openssl/evp.h>
+-#include <openssl/rand.h>
+-#include <openssl/err.h>
+-#include <openssl/md5.h>
+-#endif
+-
+-ldns_rr *
+-ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name,
+- const ldns_rr_type type,
+- const ldns_rr_list *rrs)
+-{
+- size_t i;
+- ldns_rr *candidate;
+-
+- if (!name || !rrs) {
+- return NULL;
+- }
+-
+- for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
+- candidate = ldns_rr_list_rr(rrs, i);
+- if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_RRSIG) {
+- if (ldns_dname_compare(ldns_rr_owner(candidate),
+- name) == 0 &&
+- ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(candidate))
+- == type
+- ) {
+- return candidate;
+- }
+- }
+- }
+-
+- return NULL;
+-}
+-
+-ldns_rr *
+-ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig,
+- const ldns_rr_list *rrs)
+-{
+- size_t i;
+- ldns_rr *candidate;
+-
+- if (!rrsig || !rrs) {
+- return NULL;
+- }
+-
+- for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
+- candidate = ldns_rr_list_rr(rrs, i);
+- if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_DNSKEY) {
+- if (ldns_dname_compare(ldns_rr_owner(candidate),
+- ldns_rr_rrsig_signame(rrsig)) == 0 &&
+- ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig)) ==
+- ldns_calc_keytag(candidate)
+- ) {
+- return candidate;
+- }
+- }
+- }
+-
+- return NULL;
+-}
+-
+-ldns_rdf *
+-ldns_nsec_get_bitmap(ldns_rr *nsec) {
+- if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) {
+- return ldns_rr_rdf(nsec, 1);
+- } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) {
+- return ldns_rr_rdf(nsec, 5);
+- } else {
+- return NULL;
+- }
+-}
+-
+-/*return the owner name of the closest encloser for name from the list of rrs */
+-/* this is NOT the hash, but the original name! */
+-ldns_rdf *
+-ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
+- ATTR_UNUSED(ldns_rr_type qtype),
+- ldns_rr_list *nsec3s)
+-{
+- /* remember parameters, they must match */
+- uint8_t algorithm;
+- uint32_t iterations;
+- uint8_t salt_length;
+- uint8_t *salt;
+-
+- ldns_rdf *sname, *hashed_sname, *tmp;
+- bool flag;
+-
+- bool exact_match_found;
+- bool in_range_found;
+-
+- ldns_status status;
+- ldns_rdf *zone_name;
+-
+- size_t nsec_i;
+- ldns_rr *nsec;
+- ldns_rdf *result = NULL;
+-
+- if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) {
+- return NULL;
+- }
+-
+- nsec = ldns_rr_list_rr(nsec3s, 0);
+- algorithm = ldns_nsec3_algorithm(nsec);
+- salt_length = ldns_nsec3_salt_length(nsec);
+- salt = ldns_nsec3_salt_data(nsec);
+- iterations = ldns_nsec3_iterations(nsec);
+-
+- sname = ldns_rdf_clone(qname);
+-
+- flag = false;
+-
+- zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec));
+-
+- /* algorithm from nsec3-07 8.3 */
+- while (ldns_dname_label_count(sname) > 0) {
+- exact_match_found = false;
+- in_range_found = false;
+-
+- hashed_sname = ldns_nsec3_hash_name(sname,
+- algorithm,
+- iterations,
+- salt_length,
+- salt);
+-
+- status = ldns_dname_cat(hashed_sname, zone_name);
+- if(status != LDNS_STATUS_OK) {
+- LDNS_FREE(salt);
+- ldns_rdf_deep_free(zone_name);
+- ldns_rdf_deep_free(sname);
+- return NULL;
+- }
+-
+- for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsec3s); nsec_i++) {
+- nsec = ldns_rr_list_rr(nsec3s, nsec_i);
+-
+- /* check values of iterations etc! */
+-
+- /* exact match? */
+- if (ldns_dname_compare(ldns_rr_owner(nsec), hashed_sname) == 0) {
+- exact_match_found = true;
+- } else if (ldns_nsec_covers_name(nsec, hashed_sname)) {
+- in_range_found = true;
+- }
+-
+- }
+- if (!exact_match_found && in_range_found) {
+- flag = true;
+- } else if (exact_match_found && flag) {
+- result = ldns_rdf_clone(sname);
+- /* RFC 5155: 8.3. 2.** "The proof is complete" */
+- ldns_rdf_deep_free(hashed_sname);
+- goto done;
+- } else if (exact_match_found && !flag) {
+- /* error! */
+- ldns_rdf_deep_free(hashed_sname);
+- goto done;
+- } else {
+- flag = false;
+- }
+-
+- ldns_rdf_deep_free(hashed_sname);
+- tmp = sname;
+- sname = ldns_dname_left_chop(sname);
+- ldns_rdf_deep_free(tmp);
+- }
+-
+- done:
+- LDNS_FREE(salt);
+- ldns_rdf_deep_free(zone_name);
+- ldns_rdf_deep_free(sname);
+-
+- return result;
+-}
+-
+-bool
+-ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt)
+-{
+- size_t i;
+- for (i = 0; i < ldns_pkt_ancount(pkt); i++) {
+- if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_answer(pkt), i)) ==
+- LDNS_RR_TYPE_RRSIG) {
+- return true;
+- }
+- }
+- for (i = 0; i < ldns_pkt_nscount(pkt); i++) {
+- if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_authority(pkt), i)) ==
+- LDNS_RR_TYPE_RRSIG) {
+- return true;
+- }
+- }
+- return false;
+-}
+-
+-ldns_rr_list *
+-ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt,
+- ldns_rdf *name,
+- ldns_rr_type type)
+-{
+- uint16_t t_netorder;
+- ldns_rr_list *sigs;
+- ldns_rr_list *sigs_covered;
+- ldns_rdf *rdf_t;
+-
+- sigs = ldns_pkt_rr_list_by_name_and_type(pkt,
+- name,
+- LDNS_RR_TYPE_RRSIG,
+- LDNS_SECTION_ANY_NOQUESTION
+- );
+-
+- t_netorder = htons(type); /* rdf are in network order! */
+- rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, LDNS_RDF_SIZE_WORD, &t_netorder);
+- sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0);
+-
+- ldns_rdf_free(rdf_t);
+- ldns_rr_list_deep_free(sigs);
+-
+- return sigs_covered;
+-
+-}
+-
+-ldns_rr_list *
+-ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type)
+-{
+- uint16_t t_netorder;
+- ldns_rr_list *sigs;
+- ldns_rr_list *sigs_covered;
+- ldns_rdf *rdf_t;
+-
+- sigs = ldns_pkt_rr_list_by_type(pkt,
+- LDNS_RR_TYPE_RRSIG,
+- LDNS_SECTION_ANY_NOQUESTION
+- );
+-
+- t_netorder = htons(type); /* rdf are in network order! */
+- rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE,
+- 2,
+- &t_netorder);
+- sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0);
+-
+- ldns_rdf_free(rdf_t);
+- ldns_rr_list_deep_free(sigs);
+-
+- return sigs_covered;
+-
+-}
+-
+-/* used only on the public key RR */
+-uint16_t
+-ldns_calc_keytag(const ldns_rr *key)
+-{
+- uint16_t ac16;
+- ldns_buffer *keybuf;
+- size_t keysize;
+-
+- if (!key) {
+- return 0;
+- }
+-
+- if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY &&
+- ldns_rr_get_type(key) != LDNS_RR_TYPE_KEY
+- ) {
+- return 0;
+- }
+-
+- /* rdata to buf - only put the rdata in a buffer */
+- keybuf = ldns_buffer_new(LDNS_MIN_BUFLEN); /* grows */
+- if (!keybuf) {
+- return 0;
+- }
+- (void)ldns_rr_rdata2buffer_wire(keybuf, key);
+- /* the current pos in the buffer is the keysize */
+- keysize= ldns_buffer_position(keybuf);
+-
+- ac16 = ldns_calc_keytag_raw(ldns_buffer_begin(keybuf), keysize);
+- ldns_buffer_free(keybuf);
+- return ac16;
+-}
+-
+-uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize)
+-{
+- unsigned int i;
+- uint32_t ac32;
+- uint16_t ac16;
+-
+- if(keysize < 4) {
+- return 0;
+- }
+- /* look at the algorithm field, copied from 2535bis */
+- if (key[3] == LDNS_RSAMD5) {
+- ac16 = 0;
+- if (keysize > 4) {
+- memmove(&ac16, key + keysize - 3, 2);
+- }
+- ac16 = ntohs(ac16);
+- return (uint16_t) ac16;
+- } else {
+- ac32 = 0;
+- for (i = 0; (size_t)i < keysize; ++i) {
+- ac32 += (i & 1) ? key[i] : key[i] << 8;
+- }
+- ac32 += (ac32 >> 16) & 0xFFFF;
+- return (uint16_t) (ac32 & 0xFFFF);
+- }
+-}
+-
+-#ifdef HAVE_SSL
+-DSA *
+-ldns_key_buf2dsa(ldns_buffer *key)
+-{
+- return ldns_key_buf2dsa_raw((unsigned char*)ldns_buffer_begin(key),
+- ldns_buffer_position(key));
+-}
+-
+-DSA *
+-ldns_key_buf2dsa_raw(unsigned char* key, size_t len)
+-{
+- uint8_t T;
+- uint16_t length;
+- uint16_t offset;
+- DSA *dsa;
+- BIGNUM *Q; BIGNUM *P;
+- BIGNUM *G; BIGNUM *Y;
+-
+- if(len == 0)
+- return NULL;
+- T = (uint8_t)key[0];
+- length = (64 + T * 8);
+- offset = 1;
+-
+- if (T > 8) {
+- return NULL;
+- }
+- if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length)
+- return NULL;
+-
+- Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
+- offset += SHA_DIGEST_LENGTH;
+-
+- P = BN_bin2bn(key+offset, (int)length, NULL);
+- offset += length;
+-
+- G = BN_bin2bn(key+offset, (int)length, NULL);
+- offset += length;
+-
+- Y = BN_bin2bn(key+offset, (int)length, NULL);
+- offset += length;
+-
+- /* create the key and set its properties */
+- if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
+- BN_free(Q);
+- BN_free(P);
+- BN_free(G);
+- BN_free(Y);
+- return NULL;
+- }
+-#ifndef S_SPLINT_S
+- dsa->p = P;
+- dsa->q = Q;
+- dsa->g = G;
+- dsa->pub_key = Y;
+-#endif /* splint */
+-
+- return dsa;
+-}
+-
+-RSA *
+-ldns_key_buf2rsa(ldns_buffer *key)
+-{
+- return ldns_key_buf2rsa_raw((unsigned char*)ldns_buffer_begin(key),
+- ldns_buffer_position(key));
+-}
+-
+-RSA *
+-ldns_key_buf2rsa_raw(unsigned char* key, size_t len)
+-{
+- uint16_t offset;
+- uint16_t exp;
+- uint16_t int16;
+- RSA *rsa;
+- BIGNUM *modulus;
+- BIGNUM *exponent;
+-
+- if (len == 0)
+- return NULL;
+- if (key[0] == 0) {
+- if(len < 3)
+- return NULL;
+- /* need some smart comment here XXX*/
+- /* the exponent is too large so it's places
+- * futher...???? */
+- memmove(&int16, key+1, 2);
+- exp = ntohs(int16);
+- offset = 3;
+- } else {
+- exp = key[0];
+- offset = 1;
+- }
+-
+- /* key length at least one */
+- if(len < (size_t)offset + exp + 1)
+- return NULL;
+-
+- /* Exponent */
+- exponent = BN_new();
+- if(!exponent) return NULL;
+- (void) BN_bin2bn(key+offset, (int)exp, exponent);
+- offset += exp;
+-
+- /* Modulus */
+- modulus = BN_new();
+- if(!modulus) {
+- BN_free(exponent);
+- return NULL;
+- }
+- /* length of the buffer must match the key length! */
+- (void) BN_bin2bn(key+offset, (int)(len - offset), modulus);
+-
+- rsa = RSA_new();
+- if(!rsa) {
+- BN_free(exponent);
+- BN_free(modulus);
+- return NULL;
+- }
+-#ifndef S_SPLINT_S
+- rsa->n = modulus;
+- rsa->e = exponent;
+-#endif /* splint */
+-
+- return rsa;
+-}
+-
+-int
+-ldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
+- const EVP_MD* md)
+-{
+- EVP_MD_CTX* ctx;
+- ctx = EVP_MD_CTX_create();
+- if(!ctx)
+- return false;
+- if(!EVP_DigestInit_ex(ctx, md, NULL) ||
+- !EVP_DigestUpdate(ctx, data, len) ||
+- !EVP_DigestFinal_ex(ctx, dest, NULL)) {
+- EVP_MD_CTX_destroy(ctx);
+- return false;
+- }
+- EVP_MD_CTX_destroy(ctx);
+- return true;
+-}
+-#endif /* HAVE_SSL */
+-
+-ldns_rr *
+-ldns_key_rr2ds(const ldns_rr *key, ldns_hash h)
+-{
+- ldns_rdf *tmp;
+- ldns_rr *ds;
+- uint16_t keytag;
+- uint8_t sha1hash;
+- uint8_t *digest;
+- ldns_buffer *data_buf;
+-#ifdef USE_GOST
+- const EVP_MD* md = NULL;
+-#endif
+-
+- if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) {
+- return NULL;
+- }
+-
+- ds = ldns_rr_new();
+- if (!ds) {
+- return NULL;
+- }
+- ldns_rr_set_type(ds, LDNS_RR_TYPE_DS);
+- ldns_rr_set_owner(ds, ldns_rdf_clone(
+- ldns_rr_owner(key)));
+- ldns_rr_set_ttl(ds, ldns_rr_ttl(key));
+- ldns_rr_set_class(ds, ldns_rr_get_class(key));
+-
+- switch(h) {
+- default:
+- case LDNS_SHA1:
+- digest = LDNS_XMALLOC(uint8_t, LDNS_SHA1_DIGEST_LENGTH);
+- if (!digest) {
+- ldns_rr_free(ds);
+- return NULL;
+- }
+- break;
+- case LDNS_SHA256:
+- digest = LDNS_XMALLOC(uint8_t, LDNS_SHA256_DIGEST_LENGTH);
+- if (!digest) {
+- ldns_rr_free(ds);
+- return NULL;
+- }
+- break;
+- case LDNS_HASH_GOST:
+-#ifdef USE_GOST
+- (void)ldns_key_EVP_load_gost_id();
+- md = EVP_get_digestbyname("md_gost94");
+- if(!md) {
+- ldns_rr_free(ds);
+- return NULL;
+- }
+- digest = LDNS_XMALLOC(uint8_t, EVP_MD_size(md));
+- if (!digest) {
+- ldns_rr_free(ds);
+- return NULL;
+- }
+- break;
+-#else
+- /* not implemented */
+- ldns_rr_free(ds);
+- return NULL;
+-#endif
+- case LDNS_SHA384:
+-#ifdef USE_ECDSA
+- digest = LDNS_XMALLOC(uint8_t, SHA384_DIGEST_LENGTH);
+- if (!digest) {
+- ldns_rr_free(ds);
+- return NULL;
+- }
+- break;
+-#else
+- /* not implemented */
+- ldns_rr_free(ds);
+- return NULL;
+-#endif
+- }
+-
+- data_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- if (!data_buf) {
+- LDNS_FREE(digest);
+- ldns_rr_free(ds);
+- return NULL;
+- }
+-
+- /* keytag */
+- keytag = htons(ldns_calc_keytag((ldns_rr*)key));
+- tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16,
+- sizeof(uint16_t),
+- &keytag);
+- ldns_rr_push_rdf(ds, tmp);
+-
+- /* copy the algorithm field */
+- if ((tmp = ldns_rr_rdf(key, 2)) == NULL) {
+- LDNS_FREE(digest);
+- ldns_buffer_free(data_buf);
+- ldns_rr_free(ds);
+- return NULL;
+- } else {
+- ldns_rr_push_rdf(ds, ldns_rdf_clone( tmp ));
+- }
+-
+- /* digest hash type */
+- sha1hash = (uint8_t)h;
+- tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8,
+- sizeof(uint8_t),
+- &sha1hash);
+- ldns_rr_push_rdf(ds, tmp);
+-
+- /* digest */
+- /* owner name */
+- tmp = ldns_rdf_clone(ldns_rr_owner(key));
+- ldns_dname2canonical(tmp);
+- if (ldns_rdf2buffer_wire(data_buf, tmp) != LDNS_STATUS_OK) {
+- LDNS_FREE(digest);
+- ldns_buffer_free(data_buf);
+- ldns_rr_free(ds);
+- ldns_rdf_deep_free(tmp);
+- return NULL;
+- }
+- ldns_rdf_deep_free(tmp);
+-
+- /* all the rdata's */
+- if (ldns_rr_rdata2buffer_wire(data_buf,
+- (ldns_rr*)key) != LDNS_STATUS_OK) {
+- LDNS_FREE(digest);
+- ldns_buffer_free(data_buf);
+- ldns_rr_free(ds);
+- return NULL;
+- }
+- switch(h) {
+- case LDNS_SHA1:
+- (void) ldns_sha1((unsigned char *) ldns_buffer_begin(data_buf),
+- (unsigned int) ldns_buffer_position(data_buf),
+- (unsigned char *) digest);
+-
+- tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
+- LDNS_SHA1_DIGEST_LENGTH,
+- digest);
+- ldns_rr_push_rdf(ds, tmp);
+-
+- break;
+- case LDNS_SHA256:
+- (void) ldns_sha256((unsigned char *) ldns_buffer_begin(data_buf),
+- (unsigned int) ldns_buffer_position(data_buf),
+- (unsigned char *) digest);
+- tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
+- LDNS_SHA256_DIGEST_LENGTH,
+- digest);
+- ldns_rr_push_rdf(ds, tmp);
+- break;
+- case LDNS_HASH_GOST:
+-#ifdef USE_GOST
+- if(!ldns_digest_evp((unsigned char *) ldns_buffer_begin(data_buf),
+- (unsigned int) ldns_buffer_position(data_buf),
+- (unsigned char *) digest, md)) {
+- LDNS_FREE(digest);
+- ldns_buffer_free(data_buf);
+- ldns_rr_free(ds);
+- return NULL;
+- }
+- tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
+- (size_t)EVP_MD_size(md),
+- digest);
+- ldns_rr_push_rdf(ds, tmp);
+-#endif
+- break;
+- case LDNS_SHA384:
+-#ifdef USE_ECDSA
+- (void) SHA384((unsigned char *) ldns_buffer_begin(data_buf),
+- (unsigned int) ldns_buffer_position(data_buf),
+- (unsigned char *) digest);
+- tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
+- SHA384_DIGEST_LENGTH,
+- digest);
+- ldns_rr_push_rdf(ds, tmp);
+-#endif
+- break;
+- }
+-
+- LDNS_FREE(digest);
+- ldns_buffer_free(data_buf);
+- return ds;
+-}
+-
+-/* From RFC3845:
+- *
+- * 2.1.2. The List of Type Bit Map(s) Field
+- *
+- * The RR type space is split into 256 window blocks, each representing
+- * the low-order 8 bits of the 16-bit RR type space. Each block that
+- * has at least one active RR type is encoded using a single octet
+- * window number (from 0 to 255), a single octet bitmap length (from 1
+- * to 32) indicating the number of octets used for the window block's
+- * bitmap, and up to 32 octets (256 bits) of bitmap.
+- *
+- * Window blocks are present in the NSEC RR RDATA in increasing
+- * numerical order.
+- *
+- * "|" denotes concatenation
+- *
+- * Type Bit Map(s) Field = ( Window Block # | Bitmap Length | Bitmap ) +
+- *
+- * <cut>
+- *
+- * Blocks with no types present MUST NOT be included. Trailing zero
+- * octets in the bitmap MUST be omitted. The length of each block's
+- * bitmap is determined by the type code with the largest numerical
+- * value within that block, among the set of RR types present at the
+- * NSEC RR's owner name. Trailing zero octets not specified MUST be
+- * interpreted as zero octets.
+- */
+-ldns_rdf *
+-ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
+- size_t size,
+- ldns_rr_type nsec_type)
+-{
+- uint8_t window; /* most significant octet of type */
+- uint8_t subtype; /* least significant octet of type */
+- uint16_t windows[256] /* Max subtype per window */
+-#ifndef S_SPLINT_S
+- = { 0 } /* Initialize ALL elements with 0 */
+-#endif
+- ;
+- ldns_rr_type* d; /* used to traverse rr_type_list*/
+- size_t i; /* used to traverse windows array */
+-
+- size_t sz; /* size needed for type bitmap rdf */
+- uint8_t* data = NULL; /* rdf data */
+- uint8_t* dptr; /* used to itraverse rdf data */
+- ldns_rdf* rdf; /* bitmap rdf to return */
+-
+- if (nsec_type != LDNS_RR_TYPE_NSEC &&
+- nsec_type != LDNS_RR_TYPE_NSEC3) {
+- return NULL;
+- }
+-
+- /* Which other windows need to be in the bitmap rdf?
+- */
+- for (d = rr_type_list; d < rr_type_list + size; d++) {
+- window = *d >> 8;
+- subtype = *d & 0xff;
+- if (windows[window] < subtype) {
+- windows[window] = subtype;
+- }
+- }
+-
+- /* How much space do we need in the rdf for those windows?
+- */
+- sz = 0;
+- for (i = 0; i < 256; i++) {
+- if (windows[i]) {
+- sz += windows[i] / 8 + 3;
+- }
+- }
+- if (sz > 0) {
+- /* Format rdf data according RFC3845 Section 2.1.2 (see above)
+- */
+- dptr = data = LDNS_CALLOC(uint8_t, sz);
+- if (!data) {
+- return NULL;
+- }
+- for (i = 0; i < 256; i++) {
+- if (windows[i]) {
+- *dptr++ = (uint8_t)i;
+- *dptr++ = (uint8_t)(windows[i] / 8 + 1);
+-
+- /* Now let windows[i] index the bitmap
+- * within data
+- */
+- windows[i] = (uint16_t)(dptr - data);
+-
+- dptr += dptr[-1];
+- }
+- }
+- }
+-
+- /* Set the bits?
+- */
+- for (d = rr_type_list; d < rr_type_list + size; d++) {
+- subtype = *d & 0xff;
+- data[windows[*d >> 8] + subtype/8] |= (0x80 >> (subtype % 8));
+- }
+-
+- /* Allocate and return rdf structure for the data
+- */
+- rdf = ldns_rdf_new(LDNS_RDF_TYPE_BITMAP, sz, data);
+- if (!rdf) {
+- LDNS_FREE(data);
+- return NULL;
+- }
+- return rdf;
+-}
+-
+-int
+-ldns_dnssec_rrsets_contains_type(ldns_dnssec_rrsets *rrsets,
+- ldns_rr_type type)
+-{
+- ldns_dnssec_rrsets *cur_rrset = rrsets;
+- while (cur_rrset) {
+- if (cur_rrset->type == type) {
+- return 1;
+- }
+- cur_rrset = cur_rrset->next;
+- }
+- return 0;
+-}
+-
+-ldns_rr *
+-ldns_dnssec_create_nsec(ldns_dnssec_name *from,
+- ldns_dnssec_name *to,
+- ldns_rr_type nsec_type)
+-{
+- ldns_rr *nsec_rr;
+- ldns_rr_type types[65536];
+- size_t type_count = 0;
+- ldns_dnssec_rrsets *cur_rrsets;
+- int on_delegation_point;
+-
+- if (!from || !to || (nsec_type != LDNS_RR_TYPE_NSEC)) {
+- return NULL;
+- }
+-
+- nsec_rr = ldns_rr_new();
+- ldns_rr_set_type(nsec_rr, nsec_type);
+- ldns_rr_set_owner(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(from)));
+- ldns_rr_push_rdf(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(to)));
+-
+- on_delegation_point = ldns_dnssec_rrsets_contains_type(
+- from->rrsets, LDNS_RR_TYPE_NS)
+- && !ldns_dnssec_rrsets_contains_type(
+- from->rrsets, LDNS_RR_TYPE_SOA);
+-
+- cur_rrsets = from->rrsets;
+- while (cur_rrsets) {
+- /* Do not include non-authoritative rrsets on the delegation point
+- * in the type bitmap */
+- if ((on_delegation_point && (
+- cur_rrsets->type == LDNS_RR_TYPE_NS
+- || cur_rrsets->type == LDNS_RR_TYPE_DS))
+- || (!on_delegation_point &&
+- cur_rrsets->type != LDNS_RR_TYPE_RRSIG
+- && cur_rrsets->type != LDNS_RR_TYPE_NSEC)) {
+-
+- types[type_count] = cur_rrsets->type;
+- type_count++;
+- }
+- cur_rrsets = cur_rrsets->next;
+-
+- }
+- types[type_count] = LDNS_RR_TYPE_RRSIG;
+- type_count++;
+- types[type_count] = LDNS_RR_TYPE_NSEC;
+- type_count++;
+-
+- ldns_rr_push_rdf(nsec_rr, ldns_dnssec_create_nsec_bitmap(types,
+- type_count,
+- nsec_type));
+-
+- return nsec_rr;
+-}
+-
+-ldns_rr *
+-ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
+- ldns_dnssec_name *to,
+- ldns_rdf *zone_name,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt)
+-{
+- ldns_rr *nsec_rr;
+- ldns_rr_type types[65536];
+- size_t type_count = 0;
+- ldns_dnssec_rrsets *cur_rrsets;
+- ldns_status status;
+- int on_delegation_point;
+-
+- if (!from) {
+- return NULL;
+- }
+-
+- nsec_rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3);
+- ldns_rr_set_owner(nsec_rr,
+- ldns_nsec3_hash_name(ldns_dnssec_name_name(from),
+- algorithm,
+- iterations,
+- salt_length,
+- salt));
+- status = ldns_dname_cat(ldns_rr_owner(nsec_rr), zone_name);
+- if(status != LDNS_STATUS_OK) {
+- ldns_rr_free(nsec_rr);
+- return NULL;
+- }
+- ldns_nsec3_add_param_rdfs(nsec_rr,
+- algorithm,
+- flags,
+- iterations,
+- salt_length,
+- salt);
+-
+- on_delegation_point = ldns_dnssec_rrsets_contains_type(
+- from->rrsets, LDNS_RR_TYPE_NS)
+- && !ldns_dnssec_rrsets_contains_type(
+- from->rrsets, LDNS_RR_TYPE_SOA);
+- cur_rrsets = from->rrsets;
+- while (cur_rrsets) {
+- /* Do not include non-authoritative rrsets on the delegation point
+- * in the type bitmap. Potentionally not skipping insecure
+- * delegation should have been done earlier, in function
+- * ldns_dnssec_zone_create_nsec3s, or even earlier in:
+- * ldns_dnssec_zone_sign_nsec3_flg .
+- */
+- if ((on_delegation_point && (
+- cur_rrsets->type == LDNS_RR_TYPE_NS
+- || cur_rrsets->type == LDNS_RR_TYPE_DS))
+- || (!on_delegation_point &&
+- cur_rrsets->type != LDNS_RR_TYPE_RRSIG)) {
+-
+- types[type_count] = cur_rrsets->type;
+- type_count++;
+- }
+- cur_rrsets = cur_rrsets->next;
+- }
+- /* always add rrsig type if this is not an unsigned
+- * delegation
+- */
+- if (type_count > 0 &&
+- !(type_count == 1 && types[0] == LDNS_RR_TYPE_NS)) {
+- types[type_count] = LDNS_RR_TYPE_RRSIG;
+- type_count++;
+- }
+-
+- /* leave next rdata empty if they weren't precomputed yet */
+- if (to && to->hashed_name) {
+- (void) ldns_rr_set_rdf(nsec_rr,
+- ldns_rdf_clone(to->hashed_name),
+- 4);
+- } else {
+- (void) ldns_rr_set_rdf(nsec_rr, NULL, 4);
+- }
+-
+- ldns_rr_push_rdf(nsec_rr,
+- ldns_dnssec_create_nsec_bitmap(types,
+- type_count,
+- LDNS_RR_TYPE_NSEC3));
+-
+- return nsec_rr;
+-}
+-
+-ldns_rr *
+-ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs)
+-{
+- /* we do not do any check here - garbage in, garbage out */
+-
+- /* the the start and end names - get the type from the
+- * before rrlist */
+-
+- /* inefficient, just give it a name, a next name, and a list of rrs */
+- /* we make 1 big uberbitmap first, then windows */
+- /* todo: make something more efficient :) */
+- uint16_t i;
+- ldns_rr *i_rr;
+- uint16_t i_type;
+-
+- ldns_rr *nsec = NULL;
+- ldns_rr_type i_type_list[65536];
+- size_t type_count = 0;
+-
+- nsec = ldns_rr_new();
+- ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC);
+- ldns_rr_set_owner(nsec, ldns_rdf_clone(cur_owner));
+- ldns_rr_push_rdf(nsec, ldns_rdf_clone(next_owner));
+-
+- for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
+- i_rr = ldns_rr_list_rr(rrs, i);
+- if (ldns_rdf_compare(cur_owner,
+- ldns_rr_owner(i_rr)) == 0) {
+- i_type = ldns_rr_get_type(i_rr);
+- if (i_type != LDNS_RR_TYPE_RRSIG && i_type != LDNS_RR_TYPE_NSEC) {
+- if (type_count == 0 || i_type_list[type_count-1] != i_type) {
+- i_type_list[type_count] = i_type;
+- type_count++;
+- }
+- }
+- }
+- }
+-
+- i_type_list[type_count] = LDNS_RR_TYPE_RRSIG;
+- type_count++;
+- i_type_list[type_count] = LDNS_RR_TYPE_NSEC;
+- type_count++;
+-
+- ldns_rr_push_rdf(nsec,
+- ldns_dnssec_create_nsec_bitmap(i_type_list,
+- type_count, LDNS_RR_TYPE_NSEC));
+-
+- return nsec;
+-}
+-
+-ldns_rdf *
+-ldns_nsec3_hash_name(ldns_rdf *name,
+- uint8_t algorithm,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt)
+-{
+- size_t hashed_owner_str_len;
+- ldns_rdf *cann;
+- ldns_rdf *hashed_owner;
+- unsigned char *hashed_owner_str;
+- char *hashed_owner_b32;
+- size_t hashed_owner_b32_len;
+- uint32_t cur_it;
+- /* define to contain the largest possible hash, which is
+- * sha1 at the moment */
+- unsigned char hash[LDNS_SHA1_DIGEST_LENGTH];
+- ldns_status status;
+-
+- /* TODO: mnemonic list for hash algs SHA-1, default to 1 now (sha1) */
+- if (algorithm != LDNS_SHA1) {
+- return NULL;
+- }
+-
+- /* prepare the owner name according to the draft section bla */
+- cann = ldns_rdf_clone(name);
+- if(!cann) {
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "Memory error\n");
+-#endif
+- return NULL;
+- }
+- ldns_dname2canonical(cann);
+-
+- hashed_owner_str_len = salt_length + ldns_rdf_size(cann);
+- hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len);
+- if(!hashed_owner_str) {
+- ldns_rdf_deep_free(cann);
+- return NULL;
+- }
+- memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann));
+- memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length);
+- ldns_rdf_deep_free(cann);
+-
+- for (cur_it = iterations + 1; cur_it > 0; cur_it--) {
+- (void) ldns_sha1((unsigned char *) hashed_owner_str,
+- (unsigned int) hashed_owner_str_len, hash);
+-
+- LDNS_FREE(hashed_owner_str);
+- hashed_owner_str_len = salt_length + LDNS_SHA1_DIGEST_LENGTH;
+- hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len);
+- if (!hashed_owner_str) {
+- return NULL;
+- }
+- memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH);
+- memcpy(hashed_owner_str + LDNS_SHA1_DIGEST_LENGTH, salt, salt_length);
+- hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH + salt_length;
+- }
+-
+- LDNS_FREE(hashed_owner_str);
+- hashed_owner_str = hash;
+- hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH;
+-
+- hashed_owner_b32 = LDNS_XMALLOC(char,
+- ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1);
+- if(!hashed_owner_b32) {
+- return NULL;
+- }
+- hashed_owner_b32_len = (size_t) ldns_b32_ntop_extended_hex(
+- (uint8_t *) hashed_owner_str,
+- hashed_owner_str_len,
+- hashed_owner_b32,
+- ldns_b32_ntop_calculate_size(hashed_owner_str_len)+1);
+- if (hashed_owner_b32_len < 1) {
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "Error in base32 extended hex encoding ");
+- fprintf(stderr, "of hashed owner name (name: ");
+- ldns_rdf_print(stderr, name);
+- fprintf(stderr, ", return code: %u)\n",
+- (unsigned int) hashed_owner_b32_len);
+-#endif
+- LDNS_FREE(hashed_owner_b32);
+- return NULL;
+- }
+- hashed_owner_b32[hashed_owner_b32_len] = '\0';
+-
+- status = ldns_str2rdf_dname(&hashed_owner, hashed_owner_b32);
+- if (status != LDNS_STATUS_OK) {
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "Error creating rdf from %s\n", hashed_owner_b32);
+-#endif
+- LDNS_FREE(hashed_owner_b32);
+- return NULL;
+- }
+-
+- LDNS_FREE(hashed_owner_b32);
+- return hashed_owner;
+-}
+-
+-void
+-ldns_nsec3_add_param_rdfs(ldns_rr *rr,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt)
+-{
+- ldns_rdf *salt_rdf = NULL;
+- uint8_t *salt_data = NULL;
+- ldns_rdf *old;
+-
+- old = ldns_rr_set_rdf(rr,
+- ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8,
+- 1, (void*)&algorithm),
+- 0);
+- if (old) ldns_rdf_deep_free(old);
+-
+- old = ldns_rr_set_rdf(rr,
+- ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8,
+- 1, (void*)&flags),
+- 1);
+- if (old) ldns_rdf_deep_free(old);
+-
+- old = ldns_rr_set_rdf(rr,
+- ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
+- iterations),
+- 2);
+- if (old) ldns_rdf_deep_free(old);
+-
+- salt_data = LDNS_XMALLOC(uint8_t, salt_length + 1);
+- if(!salt_data) {
+- /* no way to return error */
+- return;
+- }
+- salt_data[0] = salt_length;
+- memcpy(salt_data + 1, salt, salt_length);
+- salt_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT,
+- salt_length + 1,
+- salt_data);
+- if(!salt_rdf) {
+- LDNS_FREE(salt_data);
+- /* no way to return error */
+- return;
+- }
+-
+- old = ldns_rr_set_rdf(rr, salt_rdf, 3);
+- if (old) ldns_rdf_deep_free(old);
+- LDNS_FREE(salt_data);
+-}
+-
+-static int
+-rr_list_delegation_only(ldns_rdf *origin, ldns_rr_list *rr_list)
+-{
+- size_t i;
+- ldns_rr *cur_rr;
+- if (!origin || !rr_list) return 0;
+- for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
+- cur_rr = ldns_rr_list_rr(rr_list, i);
+- if (ldns_dname_compare(ldns_rr_owner(cur_rr), origin) == 0) {
+- return 0;
+- }
+- if (ldns_rr_get_type(cur_rr) != LDNS_RR_TYPE_NS) {
+- return 0;
+- }
+- }
+- return 1;
+-}
+-
+-/* this will NOT return the NSEC3 completed, you will have to run the
+- finalize function on the rrlist later! */
+-ldns_rr *
+-ldns_create_nsec3(ldns_rdf *cur_owner,
+- ldns_rdf *cur_zone,
+- ldns_rr_list *rrs,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt,
+- bool emptynonterminal)
+-{
+- size_t i;
+- ldns_rr *i_rr;
+- uint16_t i_type;
+-
+- ldns_rr *nsec = NULL;
+- ldns_rdf *hashed_owner = NULL;
+-
+- ldns_status status;
+-
+- ldns_rr_type i_type_list[1024];
+- size_t type_count = 0;
+-
+- hashed_owner = ldns_nsec3_hash_name(cur_owner,
+- algorithm,
+- iterations,
+- salt_length,
+- salt);
+- status = ldns_dname_cat(hashed_owner, cur_zone);
+- if(status != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(hashed_owner);
+- return NULL;
+- }
+- nsec = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3);
+- if(!nsec) {
+- ldns_rdf_deep_free(hashed_owner);
+- return NULL;
+- }
+- ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC3);
+- ldns_rr_set_owner(nsec, hashed_owner);
+-
+- ldns_nsec3_add_param_rdfs(nsec,
+- algorithm,
+- flags,
+- iterations,
+- salt_length,
+- salt);
+- (void) ldns_rr_set_rdf(nsec, NULL, 4);
+-
+-
+- for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
+- i_rr = ldns_rr_list_rr(rrs, i);
+- if (ldns_rdf_compare(cur_owner,
+- ldns_rr_owner(i_rr)) == 0) {
+- i_type = ldns_rr_get_type(i_rr);
+- if (type_count == 0 || i_type_list[type_count-1] != i_type) {
+- i_type_list[type_count] = i_type;
+- type_count++;
+- }
+- }
+- }
+-
+- /* add RRSIG anyway, but only if this is not an ENT or
+- * an unsigned delegation */
+- if (!emptynonterminal && !rr_list_delegation_only(cur_zone, rrs)) {
+- i_type_list[type_count] = LDNS_RR_TYPE_RRSIG;
+- type_count++;
+- }
+-
+- /* and SOA if owner == zone */
+- if (ldns_dname_compare(cur_zone, cur_owner) == 0) {
+- i_type_list[type_count] = LDNS_RR_TYPE_SOA;
+- type_count++;
+- }
+-
+- ldns_rr_push_rdf(nsec,
+- ldns_dnssec_create_nsec_bitmap(i_type_list,
+- type_count, LDNS_RR_TYPE_NSEC3));
+-
+- return nsec;
+-}
+-
+-uint8_t
+-ldns_nsec3_algorithm(const ldns_rr *nsec3_rr)
+-{
+- if (nsec3_rr &&
+- (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 ||
+- ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM)
+- && (ldns_rr_rdf(nsec3_rr, 0) != NULL)
+- && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 0)) > 0) {
+- return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 0));
+- }
+- return 0;
+-}
+-
+-uint8_t
+-ldns_nsec3_flags(const ldns_rr *nsec3_rr)
+-{
+- if (nsec3_rr &&
+- (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 ||
+- ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM)
+- && (ldns_rr_rdf(nsec3_rr, 1) != NULL)
+- && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 1)) > 0) {
+- return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 1));
+- }
+- return 0;
+-}
+-
+-bool
+-ldns_nsec3_optout(const ldns_rr *nsec3_rr)
+-{
+- return (ldns_nsec3_flags(nsec3_rr) & LDNS_NSEC3_VARS_OPTOUT_MASK);
+-}
+-
+-uint16_t
+-ldns_nsec3_iterations(const ldns_rr *nsec3_rr)
+-{
+- if (nsec3_rr &&
+- (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 ||
+- ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM)
+- && (ldns_rr_rdf(nsec3_rr, 2) != NULL)
+- && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 2)) > 0) {
+- return ldns_rdf2native_int16(ldns_rr_rdf(nsec3_rr, 2));
+- }
+- return 0;
+-
+-}
+-
+-ldns_rdf *
+-ldns_nsec3_salt(const ldns_rr *nsec3_rr)
+-{
+- if (nsec3_rr &&
+- (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 ||
+- ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM)
+- ) {
+- return ldns_rr_rdf(nsec3_rr, 3);
+- }
+- return NULL;
+-}
+-
+-uint8_t
+-ldns_nsec3_salt_length(const ldns_rr *nsec3_rr)
+-{
+- ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr);
+- if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) {
+- return (uint8_t) ldns_rdf_data(salt_rdf)[0];
+- }
+- return 0;
+-}
+-
+-/* allocs data, free with LDNS_FREE() */
+-uint8_t *
+-ldns_nsec3_salt_data(const ldns_rr *nsec3_rr)
+-{
+- uint8_t salt_length;
+- uint8_t *salt;
+-
+- ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr);
+- if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) {
+- salt_length = ldns_rdf_data(salt_rdf)[0];
+- salt = LDNS_XMALLOC(uint8_t, salt_length);
+- if(!salt) return NULL;
+- memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length);
+- return salt;
+- }
+- return NULL;
+-}
+-
+-ldns_rdf *
+-ldns_nsec3_next_owner(const ldns_rr *nsec3_rr)
+-{
+- if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) {
+- return NULL;
+- } else {
+- return ldns_rr_rdf(nsec3_rr, 4);
+- }
+-}
+-
+-ldns_rdf *
+-ldns_nsec3_bitmap(const ldns_rr *nsec3_rr)
+-{
+- if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) {
+- return NULL;
+- } else {
+- return ldns_rr_rdf(nsec3_rr, 5);
+- }
+-}
+-
+-ldns_rdf *
+-ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name)
+-{
+- uint8_t algorithm;
+- uint16_t iterations;
+- uint8_t salt_length;
+- uint8_t *salt = 0;
+-
+- ldns_rdf *hashed_owner;
+-
+- algorithm = ldns_nsec3_algorithm(nsec);
+- salt_length = ldns_nsec3_salt_length(nsec);
+- salt = ldns_nsec3_salt_data(nsec);
+- iterations = ldns_nsec3_iterations(nsec);
+-
+- hashed_owner = ldns_nsec3_hash_name(name,
+- algorithm,
+- iterations,
+- salt_length,
+- salt);
+-
+- LDNS_FREE(salt);
+- return hashed_owner;
+-}
+-
+-bool
+-ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type)
+-{
+- uint8_t* dptr;
+- uint8_t* dend;
+-
+- /* From RFC3845 Section 2.1.2:
+- *
+- * "The RR type space is split into 256 window blocks, each re-
+- * presenting the low-order 8 bits of the 16-bit RR type space."
+- */
+- uint8_t window = type >> 8;
+- uint8_t subtype = type & 0xff;
+-
+- if (! bitmap) {
+- return false;
+- }
+- assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP);
+-
+- dptr = ldns_rdf_data(bitmap);
+- dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap);
+-
+- /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) +
+- * dptr[0] dptr[1] dptr[2:]
+- */
+- while (dptr < dend && dptr[0] <= window) {
+-
+- if (dptr[0] == window && subtype / 8 < dptr[1] &&
+- dptr + dptr[1] + 2 <= dend) {
+-
+- return dptr[2 + subtype / 8] & (0x80 >> (subtype % 8));
+- }
+- dptr += dptr[1] + 2; /* next window */
+- }
+- return false;
+-}
+-
+-ldns_status
+-ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type)
+-{
+- uint8_t* dptr;
+- uint8_t* dend;
+-
+- /* From RFC3845 Section 2.1.2:
+- *
+- * "The RR type space is split into 256 window blocks, each re-
+- * presenting the low-order 8 bits of the 16-bit RR type space."
+- */
+- uint8_t window = type >> 8;
+- uint8_t subtype = type & 0xff;
+-
+- if (! bitmap) {
+- return false;
+- }
+- assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP);
+-
+- dptr = ldns_rdf_data(bitmap);
+- dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap);
+-
+- /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) +
+- * dptr[0] dptr[1] dptr[2:]
+- */
+- while (dptr < dend && dptr[0] <= window) {
+-
+- if (dptr[0] == window && subtype / 8 < dptr[1] &&
+- dptr + dptr[1] + 2 <= dend) {
+-
+- dptr[2 + subtype / 8] |= (0x80 >> (subtype % 8));
+- return LDNS_STATUS_OK;
+- }
+- dptr += dptr[1] + 2; /* next window */
+- }
+- return LDNS_STATUS_TYPE_NOT_IN_BITMAP;
+-}
+-
+-ldns_status
+-ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type)
+-{
+- uint8_t* dptr;
+- uint8_t* dend;
+-
+- /* From RFC3845 Section 2.1.2:
+- *
+- * "The RR type space is split into 256 window blocks, each re-
+- * presenting the low-order 8 bits of the 16-bit RR type space."
+- */
+- uint8_t window = type >> 8;
+- uint8_t subtype = type & 0xff;
+-
+- if (! bitmap) {
+- return false;
+- }
+-
+- assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP);
+-
+- dptr = ldns_rdf_data(bitmap);
+- dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap);
+-
+- /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) +
+- * dptr[0] dptr[1] dptr[2:]
+- */
+- while (dptr < dend && dptr[0] <= window) {
+-
+- if (dptr[0] == window && subtype / 8 < dptr[1] &&
+- dptr + dptr[1] + 2 <= dend) {
+-
+- dptr[2 + subtype / 8] &= ~(0x80 >> (subtype % 8));
+- return LDNS_STATUS_OK;
+- }
+- dptr += dptr[1] + 2; /* next window */
+- }
+- return LDNS_STATUS_TYPE_NOT_IN_BITMAP;
+-}
+-
+-
+-bool
+-ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name)
+-{
+- ldns_rdf *nsec_owner = ldns_rr_owner(nsec);
+- ldns_rdf *hash_next;
+- char *next_hash_str;
+- ldns_rdf *nsec_next = NULL;
+- ldns_status status;
+- ldns_rdf *chopped_dname;
+- bool result;
+-
+- if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) {
+- if (ldns_rr_rdf(nsec, 0) != NULL) {
+- nsec_next = ldns_rdf_clone(ldns_rr_rdf(nsec, 0));
+- } else {
+- return false;
+- }
+- } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) {
+- hash_next = ldns_nsec3_next_owner(nsec);
+- next_hash_str = ldns_rdf2str(hash_next);
+- nsec_next = ldns_dname_new_frm_str(next_hash_str);
+- LDNS_FREE(next_hash_str);
+- chopped_dname = ldns_dname_left_chop(nsec_owner);
+- status = ldns_dname_cat(nsec_next, chopped_dname);
+- ldns_rdf_deep_free(chopped_dname);
+- if (status != LDNS_STATUS_OK) {
+- printf("error catting: %s\n", ldns_get_errorstr_by_id(status));
+- }
+- } else {
+- ldns_rdf_deep_free(nsec_next);
+- return false;
+- }
+-
+- /* in the case of the last nsec */
+- if(ldns_dname_compare(nsec_owner, nsec_next) > 0) {
+- result = (ldns_dname_compare(nsec_owner, name) <= 0 ||
+- ldns_dname_compare(name, nsec_next) < 0);
+- } else if(ldns_dname_compare(nsec_owner, nsec_next) < 0) {
+- result = (ldns_dname_compare(nsec_owner, name) <= 0 &&
+- ldns_dname_compare(name, nsec_next) < 0);
+- } else {
+- result = true;
+- }
+-
+- ldns_rdf_deep_free(nsec_next);
+- return result;
+-}
+-
+-#ifdef HAVE_SSL
+-/* sig may be null - if so look in the packet */
+-
+-ldns_status
+-ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
+- ldns_rr_list *k, ldns_rr_list *s,
+- time_t check_time, ldns_rr_list *good_keys)
+-{
+- ldns_rr_list *rrset;
+- ldns_rr_list *sigs;
+- ldns_rr_list *sigs_covered;
+- ldns_rdf *rdf_t;
+- ldns_rr_type t_netorder;
+-
+- if (!k) {
+- return LDNS_STATUS_ERR;
+- /* return LDNS_STATUS_CRYPTO_NO_DNSKEY; */
+- }
+-
+- if (t == LDNS_RR_TYPE_RRSIG) {
+- /* we don't have RRSIG(RRSIG) (yet? ;-) ) */
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (s) {
+- /* if s is not NULL, the sigs are given to use */
+- sigs = s;
+- } else {
+- /* otherwise get them from the packet */
+- sigs = ldns_pkt_rr_list_by_name_and_type(p, o,
+- LDNS_RR_TYPE_RRSIG,
+- LDNS_SECTION_ANY_NOQUESTION);
+- if (!sigs) {
+- /* no sigs */
+- return LDNS_STATUS_ERR;
+- /* return LDNS_STATUS_CRYPTO_NO_RRSIG; */
+- }
+- }
+-
+- /* rrsig are subtyped, so now we need to find the correct
+- * sigs for the type t
+- */
+- t_netorder = htons(t); /* rdf are in network order! */
+- /* a type identifier is a 16-bit number, so the size is 2 bytes */
+- rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, 2, &t_netorder);
+-
+- sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0);
+- ldns_rdf_free(rdf_t);
+- if (! sigs_covered) {
+- if (! s) {
+- ldns_rr_list_deep_free(sigs);
+- }
+- return LDNS_STATUS_ERR;
+- }
+- ldns_rr_list_deep_free(sigs_covered);
+-
+- rrset = ldns_pkt_rr_list_by_name_and_type(p, o, t,
+- LDNS_SECTION_ANY_NOQUESTION);
+- if (!rrset) {
+- if (! s) {
+- ldns_rr_list_deep_free(sigs);
+- }
+- return LDNS_STATUS_ERR;
+- }
+- return ldns_verify_time(rrset, sigs, k, check_time, good_keys);
+-}
+-
+-ldns_status
+-ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
+- ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys)
+-{
+- return ldns_pkt_verify_time(p, t, o, k, s, ldns_time(NULL), good_keys);
+-}
+-#endif /* HAVE_SSL */
+-
+-ldns_status
+-ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs)
+-{
+- size_t i;
+- char *next_nsec_owner_str;
+- ldns_rdf *next_nsec_owner_label;
+- ldns_rdf *next_nsec_rdf;
+- ldns_status status = LDNS_STATUS_OK;
+-
+- for (i = 0; i < ldns_rr_list_rr_count(nsec3_rrs); i++) {
+- if (i == ldns_rr_list_rr_count(nsec3_rrs) - 1) {
+- next_nsec_owner_label =
+- ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs,
+- 0)), 0);
+- next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label);
+- if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
+- == '.') {
+- next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
+- = '\0';
+- }
+- status = ldns_str2rdf_b32_ext(&next_nsec_rdf,
+- next_nsec_owner_str);
+- if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i),
+- next_nsec_rdf, 4)) {
+- /* todo: error */
+- }
+-
+- ldns_rdf_deep_free(next_nsec_owner_label);
+- LDNS_FREE(next_nsec_owner_str);
+- } else {
+- next_nsec_owner_label =
+- ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs,
+- i + 1)),
+- 0);
+- next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label);
+- if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
+- == '.') {
+- next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
+- = '\0';
+- }
+- status = ldns_str2rdf_b32_ext(&next_nsec_rdf,
+- next_nsec_owner_str);
+- ldns_rdf_deep_free(next_nsec_owner_label);
+- LDNS_FREE(next_nsec_owner_str);
+- if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i),
+- next_nsec_rdf, 4)) {
+- /* todo: error */
+- }
+- }
+- }
+- return status;
+-}
+-
+-int
+-qsort_rr_compare_nsec3(const void *a, const void *b)
+-{
+- const ldns_rr *rr1 = * (const ldns_rr **) a;
+- const ldns_rr *rr2 = * (const ldns_rr **) b;
+- if (rr1 == NULL && rr2 == NULL) {
+- return 0;
+- }
+- if (rr1 == NULL) {
+- return -1;
+- }
+- if (rr2 == NULL) {
+- return 1;
+- }
+- return ldns_rdf_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2));
+-}
+-
+-void
+-ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted)
+-{
+- qsort(unsorted->_rrs,
+- ldns_rr_list_rr_count(unsorted),
+- sizeof(ldns_rr *),
+- qsort_rr_compare_nsec3);
+-}
+-
+-int
+-ldns_dnssec_default_add_to_signatures( ATTR_UNUSED(ldns_rr *sig)
+- , ATTR_UNUSED(void *n)
+- )
+-{
+- return LDNS_SIGNATURE_LEAVE_ADD_NEW;
+-}
+-
+-int
+-ldns_dnssec_default_leave_signatures( ATTR_UNUSED(ldns_rr *sig)
+- , ATTR_UNUSED(void *n)
+- )
+-{
+- return LDNS_SIGNATURE_LEAVE_NO_ADD;
+-}
+-
+-int
+-ldns_dnssec_default_delete_signatures( ATTR_UNUSED(ldns_rr *sig)
+- , ATTR_UNUSED(void *n)
+- )
+-{
+- return LDNS_SIGNATURE_REMOVE_NO_ADD;
+-}
+-
+-int
+-ldns_dnssec_default_replace_signatures( ATTR_UNUSED(ldns_rr *sig)
+- , ATTR_UNUSED(void *n)
+- )
+-{
+- return LDNS_SIGNATURE_REMOVE_ADD_NEW;
+-}
+-
+-#ifdef HAVE_SSL
+-ldns_rdf *
+-ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
+- const long sig_len)
+-{
+- ldns_rdf *sigdata_rdf;
+- DSA_SIG *dsasig;
+- unsigned char *dsasig_data = (unsigned char*)ldns_buffer_begin(sig);
+- size_t byte_offset;
+-
+- dsasig = d2i_DSA_SIG(NULL,
+- (const unsigned char **)&dsasig_data,
+- sig_len);
+- if (!dsasig) {
+- DSA_SIG_free(dsasig);
+- return NULL;
+- }
+-
+- dsasig_data = LDNS_XMALLOC(unsigned char, 41);
+- if(!dsasig_data) {
+- DSA_SIG_free(dsasig);
+- return NULL;
+- }
+- dsasig_data[0] = 0;
+- byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r));
+- if (byte_offset > 20) {
+- DSA_SIG_free(dsasig);
+- LDNS_FREE(dsasig_data);
+- return NULL;
+- }
+- memset(&dsasig_data[1], 0, byte_offset);
+- BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]);
+- byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s));
+- if (byte_offset > 20) {
+- DSA_SIG_free(dsasig);
+- LDNS_FREE(dsasig_data);
+- return NULL;
+- }
+- memset(&dsasig_data[21], 0, byte_offset);
+- BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]);
+-
+- sigdata_rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, 41, dsasig_data);
+- if(!sigdata_rdf) {
+- LDNS_FREE(dsasig_data);
+- }
+- DSA_SIG_free(dsasig);
+-
+- return sigdata_rdf;
+-}
+-
+-ldns_status
+-ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
+- const ldns_rdf *sig_rdf)
+-{
+- /* the EVP api wants the DER encoding of the signature... */
+- BIGNUM *R, *S;
+- DSA_SIG *dsasig;
+- unsigned char *raw_sig = NULL;
+- int raw_sig_len;
+-
+- if(ldns_rdf_size(sig_rdf) < 1 + 2*SHA_DIGEST_LENGTH)
+- return LDNS_STATUS_SYNTAX_RDATA_ERR;
+- /* extract the R and S field from the sig buffer */
+- R = BN_new();
+- if(!R) return LDNS_STATUS_MEM_ERR;
+- (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 1,
+- SHA_DIGEST_LENGTH, R);
+- S = BN_new();
+- if(!S) {
+- BN_free(R);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 21,
+- SHA_DIGEST_LENGTH, S);
+-
+- dsasig = DSA_SIG_new();
+- if (!dsasig) {
+- BN_free(R);
+- BN_free(S);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- dsasig->r = R;
+- dsasig->s = S;
+-
+- raw_sig_len = i2d_DSA_SIG(dsasig, &raw_sig);
+- if (raw_sig_len < 0) {
+- DSA_SIG_free(dsasig);
+- free(raw_sig);
+- return LDNS_STATUS_SSL_ERR;
+- }
+- if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) {
+- ldns_buffer_write(target_buffer, raw_sig, (size_t)raw_sig_len);
+- }
+-
+- DSA_SIG_free(dsasig);
+- free(raw_sig);
+-
+- return ldns_buffer_status(target_buffer);
+-}
+-
+-#ifdef USE_ECDSA
+-#ifndef S_SPLINT_S
+-ldns_rdf *
+-ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
+-{
+- ECDSA_SIG* ecdsa_sig;
+- unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
+- ldns_rdf* rdf;
+- ecdsa_sig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&data, sig_len);
+- if(!ecdsa_sig) return NULL;
+-
+- /* "r | s". */
+- data = LDNS_XMALLOC(unsigned char,
+- BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s));
+- if(!data) {
+- ECDSA_SIG_free(ecdsa_sig);
+- return NULL;
+- }
+- BN_bn2bin(ecdsa_sig->r, data);
+- BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r));
+- rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)(
+- BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)), data);
+- ECDSA_SIG_free(ecdsa_sig);
+- return rdf;
+-}
+-
+-ldns_status
+-ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
+- const ldns_rdf *sig_rdf)
+-{
+- ECDSA_SIG* sig;
+- int raw_sig_len;
+- long bnsize = (long)ldns_rdf_size(sig_rdf) / 2;
+- /* if too short, or not even length, do not bother */
+- if(bnsize < 16 || (size_t)bnsize*2 != ldns_rdf_size(sig_rdf))
+- return LDNS_STATUS_ERR;
+-
+- /* use the raw data to parse two evenly long BIGNUMs, "r | s". */
+- sig = ECDSA_SIG_new();
+- if(!sig) return LDNS_STATUS_MEM_ERR;
+- sig->r = BN_bin2bn((const unsigned char*)ldns_rdf_data(sig_rdf),
+- bnsize, sig->r);
+- sig->s = BN_bin2bn((const unsigned char*)ldns_rdf_data(sig_rdf)+bnsize,
+- bnsize, sig->s);
+- if(!sig->r || !sig->s) {
+- ECDSA_SIG_free(sig);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- raw_sig_len = i2d_ECDSA_SIG(sig, NULL);
+- if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) {
+- unsigned char* pp = (unsigned char*)
+- ldns_buffer_current(target_buffer);
+- raw_sig_len = i2d_ECDSA_SIG(sig, &pp);
+- ldns_buffer_skip(target_buffer, (ssize_t) raw_sig_len);
+- }
+- ECDSA_SIG_free(sig);
+-
+- return ldns_buffer_status(target_buffer);
+-}
+-
+-#endif /* S_SPLINT_S */
+-#endif /* USE_ECDSA */
+-#endif /* HAVE_SSL */
+diff --git a/src/ldns/dnssec_sign.c b/src/ldns/dnssec_sign.c
+deleted file mode 100644
+index 4af882a..0000000
+--- a/src/ldns/dnssec_sign.c
++++ /dev/null
+@@ -1,1456 +0,0 @@
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#include <ldns/dnssec.h>
+-#include <ldns/dnssec_sign.h>
+-
+-#include <strings.h>
+-#include <time.h>
+-
+-#ifdef HAVE_SSL
+-/* this entire file is rather useless when you don't have
+- * crypto...
+- */
+-#include <openssl/ssl.h>
+-#include <openssl/evp.h>
+-#include <openssl/rand.h>
+-#include <openssl/err.h>
+-#include <openssl/md5.h>
+-#endif /* HAVE_SSL */
+-
+-ldns_rr *
+-ldns_create_empty_rrsig(ldns_rr_list *rrset,
+- ldns_key *current_key)
+-{
+- uint32_t orig_ttl;
+- ldns_rr_class orig_class;
+- time_t now;
+- ldns_rr *current_sig;
+- uint8_t label_count;
+- ldns_rdf *signame;
+-
+- label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset,
+- 0)));
+- /* RFC4035 2.2: not counting the leftmost label if it is a wildcard */
+- if(ldns_dname_is_wildcard(ldns_rr_owner(ldns_rr_list_rr(rrset, 0))))
+- label_count --;
+-
+- current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG);
+-
+- /* set the type on the new signature */
+- orig_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrset, 0));
+- orig_class = ldns_rr_get_class(ldns_rr_list_rr(rrset, 0));
+-
+- ldns_rr_set_ttl(current_sig, orig_ttl);
+- ldns_rr_set_class(current_sig, orig_class);
+- ldns_rr_set_owner(current_sig,
+- ldns_rdf_clone(
+- ldns_rr_owner(
+- ldns_rr_list_rr(rrset,
+- 0))));
+-
+- /* fill in what we know of the signature */
+-
+- /* set the orig_ttl */
+- (void)ldns_rr_rrsig_set_origttl(
+- current_sig,
+- ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
+- orig_ttl));
+- /* the signers name */
+- signame = ldns_rdf_clone(ldns_key_pubkey_owner(current_key));
+- ldns_dname2canonical(signame);
+- (void)ldns_rr_rrsig_set_signame(
+- current_sig,
+- signame);
+- /* label count - get it from the first rr in the rr_list */
+- (void)ldns_rr_rrsig_set_labels(
+- current_sig,
+- ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8,
+- label_count));
+- /* inception, expiration */
+- now = time(NULL);
+- if (ldns_key_inception(current_key) != 0) {
+- (void)ldns_rr_rrsig_set_inception(
+- current_sig,
+- ldns_native2rdf_int32(
+- LDNS_RDF_TYPE_TIME,
+- ldns_key_inception(current_key)));
+- } else {
+- (void)ldns_rr_rrsig_set_inception(
+- current_sig,
+- ldns_native2rdf_int32(LDNS_RDF_TYPE_TIME, now));
+- }
+- if (ldns_key_expiration(current_key) != 0) {
+- (void)ldns_rr_rrsig_set_expiration(
+- current_sig,
+- ldns_native2rdf_int32(
+- LDNS_RDF_TYPE_TIME,
+- ldns_key_expiration(current_key)));
+- } else {
+- (void)ldns_rr_rrsig_set_expiration(
+- current_sig,
+- ldns_native2rdf_int32(
+- LDNS_RDF_TYPE_TIME,
+- now + LDNS_DEFAULT_EXP_TIME));
+- }
+-
+- (void)ldns_rr_rrsig_set_keytag(
+- current_sig,
+- ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
+- ldns_key_keytag(current_key)));
+-
+- (void)ldns_rr_rrsig_set_algorithm(
+- current_sig,
+- ldns_native2rdf_int8(
+- LDNS_RDF_TYPE_ALG,
+- ldns_key_algorithm(current_key)));
+-
+- (void)ldns_rr_rrsig_set_typecovered(
+- current_sig,
+- ldns_native2rdf_int16(
+- LDNS_RDF_TYPE_TYPE,
+- ldns_rr_get_type(ldns_rr_list_rr(rrset,
+- 0))));
+- return current_sig;
+-}
+-
+-#ifdef HAVE_SSL
+-ldns_rdf *
+-ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
+-{
+- ldns_rdf *b64rdf = NULL;
+-
+- switch(ldns_key_algorithm(current_key)) {
+- case LDNS_SIGN_DSA:
+- case LDNS_SIGN_DSA_NSEC3:
+- b64rdf = ldns_sign_public_evp(
+- sign_buf,
+- ldns_key_evp_key(current_key),
+- EVP_dss1());
+- break;
+- case LDNS_SIGN_RSASHA1:
+- case LDNS_SIGN_RSASHA1_NSEC3:
+- b64rdf = ldns_sign_public_evp(
+- sign_buf,
+- ldns_key_evp_key(current_key),
+- EVP_sha1());
+- break;
+-#ifdef USE_SHA2
+- case LDNS_SIGN_RSASHA256:
+- b64rdf = ldns_sign_public_evp(
+- sign_buf,
+- ldns_key_evp_key(current_key),
+- EVP_sha256());
+- break;
+- case LDNS_SIGN_RSASHA512:
+- b64rdf = ldns_sign_public_evp(
+- sign_buf,
+- ldns_key_evp_key(current_key),
+- EVP_sha512());
+- break;
+-#endif /* USE_SHA2 */
+-#ifdef USE_GOST
+- case LDNS_SIGN_ECC_GOST:
+- b64rdf = ldns_sign_public_evp(
+- sign_buf,
+- ldns_key_evp_key(current_key),
+- EVP_get_digestbyname("md_gost94"));
+- break;
+-#endif /* USE_GOST */
+-#ifdef USE_ECDSA
+- case LDNS_SIGN_ECDSAP256SHA256:
+- b64rdf = ldns_sign_public_evp(
+- sign_buf,
+- ldns_key_evp_key(current_key),
+- EVP_sha256());
+- break;
+- case LDNS_SIGN_ECDSAP384SHA384:
+- b64rdf = ldns_sign_public_evp(
+- sign_buf,
+- ldns_key_evp_key(current_key),
+- EVP_sha384());
+- break;
+-#endif
+- case LDNS_SIGN_RSAMD5:
+- b64rdf = ldns_sign_public_evp(
+- sign_buf,
+- ldns_key_evp_key(current_key),
+- EVP_md5());
+- break;
+- default:
+- /* do _you_ know this alg? */
+- printf("unknown algorithm, ");
+- printf("is the one used available on this system?\n");
+- break;
+- }
+-
+- return b64rdf;
+-}
+-
+-/**
+- * use this function to sign with a public/private key alg
+- * return the created signatures
+- */
+-ldns_rr_list *
+-ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
+-{
+- ldns_rr_list *signatures;
+- ldns_rr_list *rrset_clone;
+- ldns_rr *current_sig;
+- ldns_rdf *b64rdf;
+- ldns_key *current_key;
+- size_t key_count;
+- uint16_t i;
+- ldns_buffer *sign_buf;
+- ldns_rdf *new_owner;
+-
+- if (!rrset || ldns_rr_list_rr_count(rrset) < 1 || !keys) {
+- return NULL;
+- }
+-
+- new_owner = NULL;
+-
+- signatures = ldns_rr_list_new();
+-
+- /* prepare a signature and add all the know data
+- * prepare the rrset. Sign this together. */
+- rrset_clone = ldns_rr_list_clone(rrset);
+- if (!rrset_clone) {
+- return NULL;
+- }
+-
+- /* make it canonical */
+- for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) {
+- ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i),
+- ldns_rr_ttl(ldns_rr_list_rr(rrset, 0)));
+- ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i));
+- }
+- /* sort */
+- ldns_rr_list_sort(rrset_clone);
+-
+- for (key_count = 0;
+- key_count < ldns_key_list_key_count(keys);
+- key_count++) {
+- if (!ldns_key_use(ldns_key_list_key(keys, key_count))) {
+- continue;
+- }
+- sign_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- if (!sign_buf) {
+- ldns_rr_list_free(rrset_clone);
+- ldns_rr_list_free(signatures);
+- ldns_rdf_free(new_owner);
+- return NULL;
+- }
+- b64rdf = NULL;
+-
+- current_key = ldns_key_list_key(keys, key_count);
+- /* sign all RRs with keys that have ZSKbit, !SEPbit.
+- sign DNSKEY RRs with keys that have ZSKbit&SEPbit */
+- if (ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY) {
+- current_sig = ldns_create_empty_rrsig(rrset_clone,
+- current_key);
+-
+- /* right now, we have: a key, a semi-sig and an rrset. For
+- * which we can create the sig and base64 encode that and
+- * add that to the signature */
+-
+- if (ldns_rrsig2buffer_wire(sign_buf, current_sig)
+- != LDNS_STATUS_OK) {
+- ldns_buffer_free(sign_buf);
+- /* ERROR */
+- ldns_rr_list_deep_free(rrset_clone);
+- ldns_rr_free(current_sig);
+- ldns_rr_list_deep_free(signatures);
+- return NULL;
+- }
+-
+- /* add the rrset in sign_buf */
+- if (ldns_rr_list2buffer_wire(sign_buf, rrset_clone)
+- != LDNS_STATUS_OK) {
+- ldns_buffer_free(sign_buf);
+- ldns_rr_list_deep_free(rrset_clone);
+- ldns_rr_free(current_sig);
+- ldns_rr_list_deep_free(signatures);
+- return NULL;
+- }
+-
+- b64rdf = ldns_sign_public_buffer(sign_buf, current_key);
+-
+- if (!b64rdf) {
+- /* signing went wrong */
+- ldns_rr_list_deep_free(rrset_clone);
+- ldns_rr_free(current_sig);
+- ldns_rr_list_deep_free(signatures);
+- return NULL;
+- }
+-
+- ldns_rr_rrsig_set_sig(current_sig, b64rdf);
+-
+- /* push the signature to the signatures list */
+- ldns_rr_list_push_rr(signatures, current_sig);
+- }
+- ldns_buffer_free(sign_buf); /* restart for the next key */
+- }
+- ldns_rr_list_deep_free(rrset_clone);
+-
+- return signatures;
+-}
+-
+-/**
+- * Sign data with DSA
+- *
+- * \param[in] to_sign The ldns_buffer containing raw data that is
+- * to be signed
+- * \param[in] key The DSA key structure to sign with
+- * \return ldns_rdf for the RRSIG ldns_rr
+- */
+-ldns_rdf *
+-ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
+-{
+- unsigned char *sha1_hash;
+- ldns_rdf *sigdata_rdf;
+- ldns_buffer *b64sig;
+-
+- DSA_SIG *sig;
+- uint8_t *data;
+- size_t pad;
+-
+- b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- if (!b64sig) {
+- return NULL;
+- }
+-
+- sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign),
+- ldns_buffer_position(to_sign), NULL);
+- if (!sha1_hash) {
+- ldns_buffer_free(b64sig);
+- return NULL;
+- }
+-
+- sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key);
+- if(!sig) {
+- ldns_buffer_free(b64sig);
+- return NULL;
+- }
+-
+- data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH);
+- if(!data) {
+- ldns_buffer_free(b64sig);
+- DSA_SIG_free(sig);
+- return NULL;
+- }
+-
+- data[0] = 1;
+- pad = 20 - (size_t) BN_num_bytes(sig->r);
+- if (pad > 0) {
+- memset(data + 1, 0, pad);
+- }
+- BN_bn2bin(sig->r, (unsigned char *) (data + 1) + pad);
+-
+- pad = 20 - (size_t) BN_num_bytes(sig->s);
+- if (pad > 0) {
+- memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad);
+- }
+- BN_bn2bin(sig->s, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad));
+-
+- sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64,
+- 1 + 2 * SHA_DIGEST_LENGTH,
+- data);
+-
+- ldns_buffer_free(b64sig);
+- LDNS_FREE(data);
+- DSA_SIG_free(sig);
+-
+- return sigdata_rdf;
+-}
+-
+-#ifdef USE_ECDSA
+-#ifndef S_SPLINT_S
+-static int
+-ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
+-{
+- EC_KEY* ec;
+- const EC_GROUP* g;
+- if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC)
+- return 0;
+- ec = EVP_PKEY_get1_EC_KEY(pkey);
+- g = EC_KEY_get0_group(ec);
+- if(!g) {
+- EC_KEY_free(ec);
+- return 0;
+- }
+- if(EC_GROUP_get_curve_name(g) == NID_secp224r1 ||
+- EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 ||
+- EC_GROUP_get_curve_name(g) == NID_secp384r1) {
+- EC_KEY_free(ec);
+- return 1;
+- }
+- /* downref the eckey, the original is still inside the pkey */
+- EC_KEY_free(ec);
+- return 0;
+-}
+-#endif /* splint */
+-#endif /* USE_ECDSA */
+-
+-ldns_rdf *
+-ldns_sign_public_evp(ldns_buffer *to_sign,
+- EVP_PKEY *key,
+- const EVP_MD *digest_type)
+-{
+- unsigned int siglen;
+- ldns_rdf *sigdata_rdf;
+- ldns_buffer *b64sig;
+- EVP_MD_CTX ctx;
+- const EVP_MD *md_type;
+- int r;
+-
+- siglen = 0;
+- b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- if (!b64sig) {
+- return NULL;
+- }
+-
+- /* initializes a signing context */
+- md_type = digest_type;
+- if(!md_type) {
+- /* unknown message difest */
+- ldns_buffer_free(b64sig);
+- return NULL;
+- }
+-
+- EVP_MD_CTX_init(&ctx);
+- r = EVP_SignInit(&ctx, md_type);
+- if(r == 1) {
+- r = EVP_SignUpdate(&ctx, (unsigned char*)
+- ldns_buffer_begin(to_sign),
+- ldns_buffer_position(to_sign));
+- } else {
+- ldns_buffer_free(b64sig);
+- return NULL;
+- }
+- if(r == 1) {
+- r = EVP_SignFinal(&ctx, (unsigned char*)
+- ldns_buffer_begin(b64sig), &siglen, key);
+- } else {
+- ldns_buffer_free(b64sig);
+- return NULL;
+- }
+- if(r != 1) {
+- ldns_buffer_free(b64sig);
+- return NULL;
+- }
+-
+- /* unfortunately, OpenSSL output is differenct from DNS DSA format */
+-#ifndef S_SPLINT_S
+- if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
+- sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen);
+-#ifdef USE_ECDSA
+- } else if(EVP_PKEY_type(key->type) == EVP_PKEY_EC &&
+- ldns_pkey_is_ecdsa(key)) {
+- sigdata_rdf = ldns_convert_ecdsa_rrsig_asn12rdf(b64sig, siglen);
+-#endif
+- } else {
+- /* ok output for other types is the same */
+- sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen,
+- ldns_buffer_begin(b64sig));
+- }
+-#endif /* splint */
+- ldns_buffer_free(b64sig);
+- EVP_MD_CTX_cleanup(&ctx);
+- return sigdata_rdf;
+-}
+-
+-ldns_rdf *
+-ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key)
+-{
+- unsigned char *sha1_hash;
+- unsigned int siglen;
+- ldns_rdf *sigdata_rdf;
+- ldns_buffer *b64sig;
+- int result;
+-
+- siglen = 0;
+- b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- if (!b64sig) {
+- return NULL;
+- }
+-
+- sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign),
+- ldns_buffer_position(to_sign), NULL);
+- if (!sha1_hash) {
+- ldns_buffer_free(b64sig);
+- return NULL;
+- }
+-
+- result = RSA_sign(NID_sha1, sha1_hash, SHA_DIGEST_LENGTH,
+- (unsigned char*)ldns_buffer_begin(b64sig),
+- &siglen, key);
+- if (result != 1) {
+- ldns_buffer_free(b64sig);
+- return NULL;
+- }
+-
+- sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen,
+- ldns_buffer_begin(b64sig));
+- ldns_buffer_free(b64sig); /* can't free this buffer ?? */
+- return sigdata_rdf;
+-}
+-
+-ldns_rdf *
+-ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key)
+-{
+- unsigned char *md5_hash;
+- unsigned int siglen;
+- ldns_rdf *sigdata_rdf;
+- ldns_buffer *b64sig;
+-
+- b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- if (!b64sig) {
+- return NULL;
+- }
+-
+- md5_hash = MD5((unsigned char*)ldns_buffer_begin(to_sign),
+- ldns_buffer_position(to_sign), NULL);
+- if (!md5_hash) {
+- ldns_buffer_free(b64sig);
+- return NULL;
+- }
+-
+- RSA_sign(NID_md5, md5_hash, MD5_DIGEST_LENGTH,
+- (unsigned char*)ldns_buffer_begin(b64sig),
+- &siglen, key);
+-
+- sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen,
+- ldns_buffer_begin(b64sig));
+- ldns_buffer_free(b64sig);
+- return sigdata_rdf;
+-}
+-#endif /* HAVE_SSL */
+-
+-/**
+- * Pushes all rrs from the rrsets of type A and AAAA on gluelist.
+- */
+-static ldns_status
+-ldns_dnssec_addresses_on_glue_list(
+- ldns_dnssec_rrsets *cur_rrset,
+- ldns_rr_list *glue_list)
+-{
+- ldns_dnssec_rrs *cur_rrs;
+- while (cur_rrset) {
+- if (cur_rrset->type == LDNS_RR_TYPE_A
+- || cur_rrset->type == LDNS_RR_TYPE_AAAA) {
+- for (cur_rrs = cur_rrset->rrs;
+- cur_rrs;
+- cur_rrs = cur_rrs->next) {
+- if (cur_rrs->rr) {
+- if (!ldns_rr_list_push_rr(glue_list,
+- cur_rrs->rr)) {
+- return LDNS_STATUS_MEM_ERR;
+- /* ldns_rr_list_push_rr()
+- * returns false when unable
+- * to increase the capacity
+- * of the ldsn_rr_list
+- */
+- }
+- }
+- }
+- }
+- cur_rrset = cur_rrset->next;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-/**
+- * Marks the names in the zone that are occluded. Those names will be skipped
+- * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
+- * function. But watch out! Names that are partially occluded (like glue with
+- * the same name as the delegation) will not be marked and should specifically
+- * be taken into account separately.
+- *
+- * When glue_list is given (not NULL), in the process of marking the names, all
+- * glue resource records will be pushed to that list, even glue at delegation names.
+- *
+- * \param[in] zone the zone in which to mark the names
+- * \param[in] glue_list the list to which to push the glue rrs
+- * \return LDNS_STATUS_OK on success, an error code otherwise
+- */
+-ldns_status
+-ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
+- ldns_rr_list *glue_list)
+-{
+- ldns_rbnode_t *node;
+- ldns_dnssec_name *name;
+- ldns_rdf *owner;
+- ldns_rdf *cut = NULL; /* keeps track of zone cuts */
+- /* When the cut is caused by a delegation, below_delegation will be 1.
+- * When caused by a DNAME, below_delegation will be 0.
+- */
+- int below_delegation = -1; /* init suppresses comiler warning */
+- ldns_status s;
+-
+- if (!zone || !zone->names) {
+- return LDNS_STATUS_NULL;
+- }
+- for (node = ldns_rbtree_first(zone->names);
+- node != LDNS_RBTREE_NULL;
+- node = ldns_rbtree_next(node)) {
+- name = (ldns_dnssec_name *) node->data;
+- owner = ldns_dnssec_name_name(name);
+-
+- if (cut) {
+- /* The previous node was a zone cut, or a subdomain
+- * below a zone cut. Is this node (still) a subdomain
+- * below the cut? Then the name is occluded. Unless
+- * the name contains a SOA, after which we are
+- * authoritative again.
+- *
+- * FIXME! If there are labels in between the SOA and
+- * the cut, going from the authoritative space (below
+- * the SOA) up into occluded space again, will not be
+- * detected with the contruct below!
+- */
+- if (ldns_dname_is_subdomain(owner, cut) &&
+- !ldns_dnssec_rrsets_contains_type(
+- name->rrsets, LDNS_RR_TYPE_SOA)) {
+-
+- if (below_delegation && glue_list) {
+- s = ldns_dnssec_addresses_on_glue_list(
+- name->rrsets, glue_list);
+- if (s != LDNS_STATUS_OK) {
+- return s;
+- }
+- }
+- name->is_glue = true; /* Mark occluded name! */
+- continue;
+- } else {
+- cut = NULL;
+- }
+- }
+-
+- /* The node is not below a zone cut. Is it a zone cut itself?
+- * Everything below a SOA is authoritative of course; Except
+- * when the name also contains a DNAME :).
+- */
+- if (ldns_dnssec_rrsets_contains_type(
+- name->rrsets, LDNS_RR_TYPE_NS)
+- && !ldns_dnssec_rrsets_contains_type(
+- name->rrsets, LDNS_RR_TYPE_SOA)) {
+- cut = owner;
+- below_delegation = 1;
+- if (glue_list) { /* record glue on the zone cut */
+- s = ldns_dnssec_addresses_on_glue_list(
+- name->rrsets, glue_list);
+- if (s != LDNS_STATUS_OK) {
+- return s;
+- }
+- }
+- } else if (ldns_dnssec_rrsets_contains_type(
+- name->rrsets, LDNS_RR_TYPE_DNAME)) {
+- cut = owner;
+- below_delegation = 0;
+- }
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-/**
+- * Marks the names in the zone that are occluded. Those names will be skipped
+- * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
+- * function. But watch out! Names that are partially occluded (like glue with
+- * the same name as the delegation) will not be marked and should specifically
+- * be taken into account separately.
+- *
+- * \param[in] zone the zone in which to mark the names
+- * \return LDNS_STATUS_OK on success, an error code otherwise
+- */
+-ldns_status
+-ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
+-{
+- return ldns_dnssec_zone_mark_and_get_glue(zone, NULL);
+-}
+-
+-ldns_rbnode_t *
+-ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node)
+-{
+- ldns_rbnode_t *next_node = NULL;
+- ldns_dnssec_name *next_name = NULL;
+- bool done = false;
+-
+- if (node == LDNS_RBTREE_NULL) {
+- return NULL;
+- }
+- next_node = node;
+- while (!done) {
+- if (next_node == LDNS_RBTREE_NULL) {
+- return NULL;
+- } else {
+- next_name = (ldns_dnssec_name *)next_node->data;
+- if (!next_name->is_glue) {
+- done = true;
+- } else {
+- next_node = ldns_rbtree_next(next_node);
+- }
+- }
+- }
+- return next_node;
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs)
+-{
+-
+- ldns_rbnode_t *first_node, *cur_node, *next_node;
+- ldns_dnssec_name *cur_name, *next_name;
+- ldns_rr *nsec_rr;
+- uint32_t nsec_ttl;
+- ldns_dnssec_rrsets *soa;
+-
+- /* the TTL of NSEC rrs should be set to the minimum TTL of
+- * the zone SOA (RFC4035 Section 2.3)
+- */
+- soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA);
+-
+- /* did the caller actually set it? if not,
+- * fall back to default ttl
+- */
+- if (soa && soa->rrs && soa->rrs->rr
+- && (ldns_rr_rdf(soa->rrs->rr, 6) != NULL)) {
+- nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6));
+- } else {
+- nsec_ttl = LDNS_DEFAULT_TTL;
+- }
+-
+- first_node = ldns_dnssec_name_node_next_nonglue(
+- ldns_rbtree_first(zone->names));
+- cur_node = first_node;
+- if (cur_node) {
+- next_node = ldns_dnssec_name_node_next_nonglue(
+- ldns_rbtree_next(cur_node));
+- } else {
+- next_node = NULL;
+- }
+-
+- while (cur_node && next_node) {
+- cur_name = (ldns_dnssec_name *)cur_node->data;
+- next_name = (ldns_dnssec_name *)next_node->data;
+- nsec_rr = ldns_dnssec_create_nsec(cur_name,
+- next_name,
+- LDNS_RR_TYPE_NSEC);
+- ldns_rr_set_ttl(nsec_rr, nsec_ttl);
+- if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){
+- ldns_rr_free(nsec_rr);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_rr_list_push_rr(new_rrs, nsec_rr);
+- cur_node = next_node;
+- if (cur_node) {
+- next_node = ldns_dnssec_name_node_next_nonglue(
+- ldns_rbtree_next(cur_node));
+- }
+- }
+-
+- if (cur_node && !next_node) {
+- cur_name = (ldns_dnssec_name *)cur_node->data;
+- next_name = (ldns_dnssec_name *)first_node->data;
+- nsec_rr = ldns_dnssec_create_nsec(cur_name,
+- next_name,
+- LDNS_RR_TYPE_NSEC);
+- ldns_rr_set_ttl(nsec_rr, nsec_ttl);
+- if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){
+- ldns_rr_free(nsec_rr);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_rr_list_push_rr(new_rrs, nsec_rr);
+- } else {
+- printf("error\n");
+- }
+-
+- return LDNS_STATUS_OK;
+-}
+-
+-#ifdef HAVE_SSL
+-static void
+-ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) {
+- (void) arg;
+- LDNS_FREE(node);
+-}
+-
+-static ldns_status
+-ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt,
+- ldns_rbtree_t **map)
+-{
+- ldns_rbnode_t *first_name_node;
+- ldns_rbnode_t *current_name_node;
+- ldns_dnssec_name *current_name;
+- ldns_status result = LDNS_STATUS_OK;
+- ldns_rr *nsec_rr;
+- ldns_rr_list *nsec3_list;
+- uint32_t nsec_ttl;
+- ldns_dnssec_rrsets *soa;
+- ldns_rbnode_t *hashmap_node;
+-
+- if (!zone || !new_rrs || !zone->names) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* the TTL of NSEC rrs should be set to the minimum TTL of
+- * the zone SOA (RFC4035 Section 2.3)
+- */
+- soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA);
+-
+- /* did the caller actually set it? if not,
+- * fall back to default ttl
+- */
+- if (soa && soa->rrs && soa->rrs->rr
+- && ldns_rr_rdf(soa->rrs->rr, 6) != NULL) {
+- nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6));
+- } else {
+- nsec_ttl = LDNS_DEFAULT_TTL;
+- }
+-
+- if (zone->hashed_names) {
+- ldns_traverse_postorder(zone->hashed_names,
+- ldns_hashed_names_node_free, NULL);
+- LDNS_FREE(zone->hashed_names);
+- }
+- zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v);
+- if (zone->hashed_names && map) {
+- *map = zone->hashed_names;
+- }
+-
+- first_name_node = ldns_dnssec_name_node_next_nonglue(
+- ldns_rbtree_first(zone->names));
+-
+- current_name_node = first_name_node;
+-
+- while (current_name_node && current_name_node != LDNS_RBTREE_NULL &&
+- result == LDNS_STATUS_OK) {
+-
+- current_name = (ldns_dnssec_name *) current_name_node->data;
+- nsec_rr = ldns_dnssec_create_nsec3(current_name,
+- NULL,
+- zone->soa->name,
+- algorithm,
+- flags,
+- iterations,
+- salt_length,
+- salt);
+- /* by default, our nsec based generator adds rrsigs
+- * remove the bitmap for empty nonterminals */
+- if (!current_name->rrsets) {
+- ldns_rdf_deep_free(ldns_rr_pop_rdf(nsec_rr));
+- }
+- ldns_rr_set_ttl(nsec_rr, nsec_ttl);
+- result = ldns_dnssec_name_add_rr(current_name, nsec_rr);
+- ldns_rr_list_push_rr(new_rrs, nsec_rr);
+- if (ldns_rr_owner(nsec_rr)) {
+- hashmap_node = LDNS_MALLOC(ldns_rbnode_t);
+- if (hashmap_node == NULL) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- current_name->hashed_name =
+- ldns_dname_label(ldns_rr_owner(nsec_rr), 0);
+-
+- if (current_name->hashed_name == NULL) {
+- LDNS_FREE(hashmap_node);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- hashmap_node->key = current_name->hashed_name;
+- hashmap_node->data = current_name;
+-
+- if (! ldns_rbtree_insert(zone->hashed_names
+- , hashmap_node)) {
+- LDNS_FREE(hashmap_node);
+- }
+- }
+- current_name_node = ldns_dnssec_name_node_next_nonglue(
+- ldns_rbtree_next(current_name_node));
+- }
+- if (result != LDNS_STATUS_OK) {
+- return result;
+- }
+-
+- /* Make sorted list of nsec3s (via zone->hashed_names)
+- */
+- nsec3_list = ldns_rr_list_new();
+- if (nsec3_list == NULL) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- for ( hashmap_node = ldns_rbtree_first(zone->hashed_names)
+- ; hashmap_node != LDNS_RBTREE_NULL
+- ; hashmap_node = ldns_rbtree_next(hashmap_node)
+- ) {
+- current_name = (ldns_dnssec_name *) hashmap_node->data;
+- nsec_rr = ((ldns_dnssec_name *) hashmap_node->data)->nsec;
+- if (nsec_rr) {
+- ldns_rr_list_push_rr(nsec3_list, nsec_rr);
+- }
+- }
+- result = ldns_dnssec_chain_nsec3_list(nsec3_list);
+- ldns_rr_list_free(nsec3_list);
+-
+- return result;
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt)
+-{
+- return ldns_dnssec_zone_create_nsec3s_mkmap(zone, new_rrs, algorithm,
+- flags, iterations, salt_length, salt, NULL);
+-
+-}
+-#endif /* HAVE_SSL */
+-
+-ldns_dnssec_rrs *
+-ldns_dnssec_remove_signatures( ldns_dnssec_rrs *signatures
+- , ATTR_UNUSED(ldns_key_list *key_list)
+- , int (*func)(ldns_rr *, void *)
+- , void *arg
+- )
+-{
+- ldns_dnssec_rrs *base_rrs = signatures;
+- ldns_dnssec_rrs *cur_rr = base_rrs;
+- ldns_dnssec_rrs *prev_rr = NULL;
+- ldns_dnssec_rrs *next_rr;
+-
+- uint16_t keytag;
+- size_t i;
+-
+- if (!cur_rr) {
+- switch(func(NULL, arg)) {
+- case LDNS_SIGNATURE_LEAVE_ADD_NEW:
+- case LDNS_SIGNATURE_REMOVE_ADD_NEW:
+- break;
+- case LDNS_SIGNATURE_LEAVE_NO_ADD:
+- case LDNS_SIGNATURE_REMOVE_NO_ADD:
+- ldns_key_list_set_use(key_list, false);
+- break;
+- default:
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "[XX] unknown return value from callback\n");
+-#endif
+- break;
+- }
+- return NULL;
+- }
+- (void)func(cur_rr->rr, arg);
+-
+- while (cur_rr) {
+- next_rr = cur_rr->next;
+-
+- switch (func(cur_rr->rr, arg)) {
+- case LDNS_SIGNATURE_LEAVE_ADD_NEW:
+- prev_rr = cur_rr;
+- break;
+- case LDNS_SIGNATURE_LEAVE_NO_ADD:
+- keytag = ldns_rdf2native_int16(
+- ldns_rr_rrsig_keytag(cur_rr->rr));
+- for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
+- if (ldns_key_keytag(ldns_key_list_key(key_list, i)) ==
+- keytag) {
+- ldns_key_set_use(ldns_key_list_key(key_list, i),
+- false);
+- }
+- }
+- prev_rr = cur_rr;
+- break;
+- case LDNS_SIGNATURE_REMOVE_NO_ADD:
+- keytag = ldns_rdf2native_int16(
+- ldns_rr_rrsig_keytag(cur_rr->rr));
+- for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
+- if (ldns_key_keytag(ldns_key_list_key(key_list, i))
+- == keytag) {
+- ldns_key_set_use(ldns_key_list_key(key_list, i),
+- false);
+- }
+- }
+- if (prev_rr) {
+- prev_rr->next = next_rr;
+- } else {
+- base_rrs = next_rr;
+- }
+- LDNS_FREE(cur_rr);
+- break;
+- case LDNS_SIGNATURE_REMOVE_ADD_NEW:
+- if (prev_rr) {
+- prev_rr->next = next_rr;
+- } else {
+- base_rrs = next_rr;
+- }
+- LDNS_FREE(cur_rr);
+- break;
+- default:
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "[XX] unknown return value from callback\n");
+-#endif
+- break;
+- }
+- cur_rr = next_rr;
+- }
+-
+- return base_rrs;
+-}
+-
+-#ifdef HAVE_SSL
+-ldns_status
+-ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void*),
+- void *arg)
+-{
+- return ldns_dnssec_zone_create_rrsigs_flg(zone, new_rrs, key_list,
+- func, arg, 0);
+-}
+-
+-/** If there are KSKs use only them and mark ZSKs unused */
+-static void
+-ldns_key_list_filter_for_dnskey(ldns_key_list *key_list)
+-{
+- int saw_ksk = 0;
+- size_t i;
+- for(i=0; i<ldns_key_list_key_count(key_list); i++)
+- if((ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY)) {
+- saw_ksk = 1;
+- break;
+- }
+- if(!saw_ksk)
+- return;
+- for(i=0; i<ldns_key_list_key_count(key_list); i++)
+- if(!(ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY))
+- ldns_key_set_use(ldns_key_list_key(key_list, i), 0);
+-}
+-
+-/** If there are no ZSKs use KSK as ZSK */
+-static void
+-ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list)
+-{
+- int saw_zsk = 0;
+- size_t i;
+- for(i=0; i<ldns_key_list_key_count(key_list); i++)
+- if(!(ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY)) {
+- saw_zsk = 1;
+- break;
+- }
+- if(!saw_zsk)
+- return;
+- /* else filter all KSKs */
+- for(i=0; i<ldns_key_list_key_count(key_list); i++)
+- if((ldns_key_flags(ldns_key_list_key(key_list, i))&LDNS_KEY_SEP_KEY))
+- ldns_key_set_use(ldns_key_list_key(key_list, i), 0);
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_create_rrsigs_flg( ldns_dnssec_zone *zone
+- , ldns_rr_list *new_rrs
+- , ldns_key_list *key_list
+- , int (*func)(ldns_rr *, void*)
+- , void *arg
+- , int flags
+- )
+-{
+- ldns_status result = LDNS_STATUS_OK;
+-
+- ldns_rbnode_t *cur_node;
+- ldns_rr_list *rr_list;
+-
+- ldns_dnssec_name *cur_name;
+- ldns_dnssec_rrsets *cur_rrset;
+- ldns_dnssec_rrs *cur_rr;
+-
+- ldns_rr_list *siglist;
+-
+- size_t i;
+-
+- int on_delegation_point = 0; /* handle partially occluded names */
+-
+- ldns_rr_list *pubkey_list = ldns_rr_list_new();
+- for (i = 0; i<ldns_key_list_key_count(key_list); i++) {
+- ldns_rr_list_push_rr( pubkey_list
+- , ldns_key2rr(ldns_key_list_key(
+- key_list, i))
+- );
+- }
+- /* TODO: callback to see is list should be signed */
+- /* TODO: remove 'old' signatures from signature list */
+- cur_node = ldns_rbtree_first(zone->names);
+- while (cur_node != LDNS_RBTREE_NULL) {
+- cur_name = (ldns_dnssec_name *) cur_node->data;
+-
+- if (!cur_name->is_glue) {
+- on_delegation_point = ldns_dnssec_rrsets_contains_type(
+- cur_name->rrsets, LDNS_RR_TYPE_NS)
+- && !ldns_dnssec_rrsets_contains_type(
+- cur_name->rrsets, LDNS_RR_TYPE_SOA);
+- cur_rrset = cur_name->rrsets;
+- while (cur_rrset) {
+- /* reset keys to use */
+- ldns_key_list_set_use(key_list, true);
+-
+- /* walk through old sigs, remove the old,
+- and mark which keys (not) to use) */
+- cur_rrset->signatures =
+- ldns_dnssec_remove_signatures(cur_rrset->signatures,
+- key_list,
+- func,
+- arg);
+- if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK) &&
+- cur_rrset->type == LDNS_RR_TYPE_DNSKEY)
+- ldns_key_list_filter_for_dnskey(key_list);
+-
+- if(cur_rrset->type != LDNS_RR_TYPE_DNSKEY)
+- ldns_key_list_filter_for_non_dnskey(key_list);
+-
+- /* TODO: just set count to zero? */
+- rr_list = ldns_rr_list_new();
+-
+- cur_rr = cur_rrset->rrs;
+- while (cur_rr) {
+- ldns_rr_list_push_rr(rr_list, cur_rr->rr);
+- cur_rr = cur_rr->next;
+- }
+-
+- /* only sign non-delegation RRsets */
+- /* (glue should have been marked earlier,
+- * except on the delegation points itself) */
+- if (!on_delegation_point ||
+- ldns_rr_list_type(rr_list)
+- == LDNS_RR_TYPE_DS ||
+- ldns_rr_list_type(rr_list)
+- == LDNS_RR_TYPE_NSEC ||
+- ldns_rr_list_type(rr_list)
+- == LDNS_RR_TYPE_NSEC3) {
+- siglist = ldns_sign_public(rr_list, key_list);
+- for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) {
+- if (cur_rrset->signatures) {
+- result = ldns_dnssec_rrs_add_rr(cur_rrset->signatures,
+- ldns_rr_list_rr(siglist,
+- i));
+- } else {
+- cur_rrset->signatures = ldns_dnssec_rrs_new();
+- cur_rrset->signatures->rr =
+- ldns_rr_list_rr(siglist, i);
+- }
+- if (new_rrs) {
+- ldns_rr_list_push_rr(new_rrs,
+- ldns_rr_list_rr(siglist,
+- i));
+- }
+- }
+- ldns_rr_list_free(siglist);
+- }
+-
+- ldns_rr_list_free(rr_list);
+-
+- cur_rrset = cur_rrset->next;
+- }
+-
+- /* sign the nsec */
+- ldns_key_list_set_use(key_list, true);
+- cur_name->nsec_signatures =
+- ldns_dnssec_remove_signatures(cur_name->nsec_signatures,
+- key_list,
+- func,
+- arg);
+- ldns_key_list_filter_for_non_dnskey(key_list);
+-
+- rr_list = ldns_rr_list_new();
+- ldns_rr_list_push_rr(rr_list, cur_name->nsec);
+- siglist = ldns_sign_public(rr_list, key_list);
+-
+- for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) {
+- if (cur_name->nsec_signatures) {
+- result = ldns_dnssec_rrs_add_rr(cur_name->nsec_signatures,
+- ldns_rr_list_rr(siglist, i));
+- } else {
+- cur_name->nsec_signatures = ldns_dnssec_rrs_new();
+- cur_name->nsec_signatures->rr =
+- ldns_rr_list_rr(siglist, i);
+- }
+- if (new_rrs) {
+- ldns_rr_list_push_rr(new_rrs,
+- ldns_rr_list_rr(siglist, i));
+- }
+- }
+-
+- ldns_rr_list_free(siglist);
+- ldns_rr_list_free(rr_list);
+- }
+- cur_node = ldns_rbtree_next(cur_node);
+- }
+-
+- ldns_rr_list_deep_free(pubkey_list);
+- return result;
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_sign(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg)
+-{
+- return ldns_dnssec_zone_sign_flg(zone, new_rrs, key_list, func, arg, 0);
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg,
+- int flags)
+-{
+- ldns_status result = LDNS_STATUS_OK;
+-
+- if (!zone || !new_rrs || !key_list) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* zone is already sorted */
+- result = ldns_dnssec_zone_mark_glue(zone);
+- if (result != LDNS_STATUS_OK) {
+- return result;
+- }
+-
+- /* check whether we need to add nsecs */
+- if (zone->names && !((ldns_dnssec_name *)zone->names->root->data)->nsec) {
+- result = ldns_dnssec_zone_create_nsecs(zone, new_rrs);
+- if (result != LDNS_STATUS_OK) {
+- return result;
+- }
+- }
+-
+- result = ldns_dnssec_zone_create_rrsigs_flg(zone,
+- new_rrs,
+- key_list,
+- func,
+- arg,
+- flags);
+-
+- return result;
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt)
+-{
+- return ldns_dnssec_zone_sign_nsec3_flg_mkmap(zone, new_rrs, key_list,
+- func, arg, algorithm, flags, iterations, salt_length, salt, 0,
+- NULL);
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt,
+- int signflags,
+- ldns_rbtree_t **map)
+-{
+- ldns_rr *nsec3, *nsec3param;
+- ldns_status result = LDNS_STATUS_OK;
+-
+- /* zone is already sorted */
+- result = ldns_dnssec_zone_mark_glue(zone);
+- if (result != LDNS_STATUS_OK) {
+- return result;
+- }
+-
+- /* TODO if there are already nsec3s presents and their
+- * parameters are the same as these, we don't have to recreate
+- */
+- if (zone->names) {
+- /* add empty nonterminals */
+- result = ldns_dnssec_zone_add_empty_nonterminals(zone);
+- if (result != LDNS_STATUS_OK) {
+- return result;
+- }
+-
+- nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec;
+- if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) {
+- /* no need to recreate */
+- } else {
+- if (!ldns_dnssec_zone_find_rrset(zone,
+- zone->soa->name,
+- LDNS_RR_TYPE_NSEC3PARAM)) {
+- /* create and add the nsec3param rr */
+- nsec3param =
+- ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAM);
+- ldns_rr_set_owner(nsec3param,
+- ldns_rdf_clone(zone->soa->name));
+- ldns_nsec3_add_param_rdfs(nsec3param,
+- algorithm,
+- flags,
+- iterations,
+- salt_length,
+- salt);
+- /* always set bit 7 of the flags to zero, according to
+- * rfc5155 section 11. The bits are counted from right to left,
+- * so bit 7 in rfc5155 is bit 0 in ldns */
+- ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 0, 0);
+- result = ldns_dnssec_zone_add_rr(zone, nsec3param);
+- if (result != LDNS_STATUS_OK) {
+- return result;
+- }
+- ldns_rr_list_push_rr(new_rrs, nsec3param);
+- }
+- result = ldns_dnssec_zone_create_nsec3s_mkmap(zone,
+- new_rrs,
+- algorithm,
+- flags,
+- iterations,
+- salt_length,
+- salt,
+- map);
+- if (result != LDNS_STATUS_OK) {
+- return result;
+- }
+- }
+-
+- result = ldns_dnssec_zone_create_rrsigs_flg(zone,
+- new_rrs,
+- key_list,
+- func,
+- arg,
+- signflags);
+- }
+-
+- return result;
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone,
+- ldns_rr_list *new_rrs,
+- ldns_key_list *key_list,
+- int (*func)(ldns_rr *, void *),
+- void *arg,
+- uint8_t algorithm,
+- uint8_t flags,
+- uint16_t iterations,
+- uint8_t salt_length,
+- uint8_t *salt,
+- int signflags)
+-{
+- return ldns_dnssec_zone_sign_nsec3_flg_mkmap(zone, new_rrs, key_list,
+- func, arg, algorithm, flags, iterations, salt_length, salt,
+- signflags, NULL);
+-}
+-
+-ldns_zone *
+-ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list)
+-{
+- ldns_dnssec_zone *dnssec_zone;
+- ldns_zone *signed_zone;
+- ldns_rr_list *new_rrs;
+- size_t i;
+-
+- signed_zone = ldns_zone_new();
+- dnssec_zone = ldns_dnssec_zone_new();
+-
+- (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone));
+- ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone)));
+-
+- for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) {
+- (void) ldns_dnssec_zone_add_rr(dnssec_zone,
+- ldns_rr_list_rr(ldns_zone_rrs(zone),
+- i));
+- ldns_zone_push_rr(signed_zone,
+- ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone),
+- i)));
+- }
+-
+- new_rrs = ldns_rr_list_new();
+- (void) ldns_dnssec_zone_sign(dnssec_zone,
+- new_rrs,
+- key_list,
+- ldns_dnssec_default_replace_signatures,
+- NULL);
+-
+- for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) {
+- ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone),
+- ldns_rr_clone(ldns_rr_list_rr(new_rrs, i)));
+- }
+-
+- ldns_rr_list_deep_free(new_rrs);
+- ldns_dnssec_zone_free(dnssec_zone);
+-
+- return signed_zone;
+-}
+-
+-ldns_zone *
+-ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
+-{
+- ldns_dnssec_zone *dnssec_zone;
+- ldns_zone *signed_zone;
+- ldns_rr_list *new_rrs;
+- size_t i;
+-
+- signed_zone = ldns_zone_new();
+- dnssec_zone = ldns_dnssec_zone_new();
+-
+- (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone));
+- ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone)));
+-
+- for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) {
+- (void) ldns_dnssec_zone_add_rr(dnssec_zone,
+- ldns_rr_list_rr(ldns_zone_rrs(zone),
+- i));
+- ldns_zone_push_rr(signed_zone,
+- ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone),
+- i)));
+- }
+-
+- new_rrs = ldns_rr_list_new();
+- (void) ldns_dnssec_zone_sign_nsec3(dnssec_zone,
+- new_rrs,
+- key_list,
+- ldns_dnssec_default_replace_signatures,
+- NULL,
+- algorithm,
+- flags,
+- iterations,
+- salt_length,
+- salt);
+-
+- for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) {
+- ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone),
+- ldns_rr_clone(ldns_rr_list_rr(new_rrs, i)));
+- }
+-
+- ldns_rr_list_deep_free(new_rrs);
+- ldns_dnssec_zone_free(dnssec_zone);
+-
+- return signed_zone;
+-}
+-#endif /* HAVE_SSL */
+-
+-
+diff --git a/src/ldns/dnssec_verify.c b/src/ldns/dnssec_verify.c
+deleted file mode 100644
+index 1af6635..0000000
+--- a/src/ldns/dnssec_verify.c
++++ /dev/null
+@@ -1,2684 +0,0 @@
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#include <strings.h>
+-#include <time.h>
+-
+-#ifdef HAVE_SSL
+-/* this entire file is rather useless when you don't have
+- * crypto...
+- */
+-#include <openssl/ssl.h>
+-#include <openssl/evp.h>
+-#include <openssl/rand.h>
+-#include <openssl/err.h>
+-#include <openssl/md5.h>
+-
+-ldns_dnssec_data_chain *
+-ldns_dnssec_data_chain_new(void)
+-{
+- ldns_dnssec_data_chain *nc = LDNS_CALLOC(ldns_dnssec_data_chain, 1);
+- if(!nc) return NULL;
+- /*
+- * not needed anymore because CALLOC initalizes everything to zero.
+-
+- nc->rrset = NULL;
+- nc->parent_type = 0;
+- nc->parent = NULL;
+- nc->signatures = NULL;
+- nc->packet_rcode = 0;
+- nc->packet_qtype = 0;
+- nc->packet_nodata = false;
+-
+- */
+- return nc;
+-}
+-
+-void
+-ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain)
+-{
+- LDNS_FREE(chain);
+-}
+-
+-void
+-ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain)
+-{
+- ldns_rr_list_deep_free(chain->rrset);
+- ldns_rr_list_deep_free(chain->signatures);
+- if (chain->parent) {
+- ldns_dnssec_data_chain_deep_free(chain->parent);
+- }
+- LDNS_FREE(chain);
+-}
+-
+-void
+-ldns_dnssec_data_chain_print_fmt(FILE *out, const ldns_output_format *fmt,
+- const ldns_dnssec_data_chain *chain)
+-{
+- ldns_lookup_table *rcode;
+- const ldns_rr_descriptor *rr_descriptor;
+- if (chain) {
+- ldns_dnssec_data_chain_print_fmt(out, fmt, chain->parent);
+- if (ldns_rr_list_rr_count(chain->rrset) > 0) {
+- rcode = ldns_lookup_by_id(ldns_rcodes,
+- (int) chain->packet_rcode);
+- if (rcode) {
+- fprintf(out, ";; rcode: %s\n", rcode->name);
+- }
+-
+- rr_descriptor = ldns_rr_descript(chain->packet_qtype);
+- if (rr_descriptor && rr_descriptor->_name) {
+- fprintf(out, ";; qtype: %s\n", rr_descriptor->_name);
+- } else if (chain->packet_qtype != 0) {
+- fprintf(out, "TYPE%u",
+- chain->packet_qtype);
+- }
+- if (chain->packet_nodata) {
+- fprintf(out, ";; NODATA response\n");
+- }
+- fprintf(out, "rrset:\n");
+- ldns_rr_list_print_fmt(out, fmt, chain->rrset);
+- fprintf(out, "sigs:\n");
+- ldns_rr_list_print_fmt(out, fmt, chain->signatures);
+- fprintf(out, "---\n");
+- } else {
+- fprintf(out, "<no data>\n");
+- }
+- }
+-}
+-void
+-ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain)
+-{
+- ldns_dnssec_data_chain_print_fmt(
+- out, ldns_output_format_default, chain);
+-}
+-
+-
+-static void
+-ldns_dnssec_build_data_chain_dnskey(ldns_resolver *res,
+- uint16_t qflags,
+- const ldns_pkt *pkt,
+- ldns_rr_list *signatures,
+- ldns_dnssec_data_chain *new_chain,
+- ldns_rdf *key_name,
+- ldns_rr_class c) {
+- ldns_rr_list *keys;
+- ldns_pkt *my_pkt;
+- if (signatures && ldns_rr_list_rr_count(signatures) > 0) {
+- new_chain->signatures = ldns_rr_list_clone(signatures);
+- new_chain->parent_type = 0;
+-
+- keys = ldns_pkt_rr_list_by_name_and_type(
+- pkt,
+- key_name,
+- LDNS_RR_TYPE_DNSKEY,
+- LDNS_SECTION_ANY_NOQUESTION
+- );
+- if (!keys) {
+- my_pkt = ldns_resolver_query(res,
+- key_name,
+- LDNS_RR_TYPE_DNSKEY,
+- c,
+- qflags);
+- if (my_pkt) {
+- keys = ldns_pkt_rr_list_by_name_and_type(
+- my_pkt,
+- key_name,
+- LDNS_RR_TYPE_DNSKEY,
+- LDNS_SECTION_ANY_NOQUESTION
+- );
+- new_chain->parent = ldns_dnssec_build_data_chain(res,
+- qflags,
+- keys,
+- my_pkt,
+- NULL);
+- new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY;
+- ldns_pkt_free(my_pkt);
+- }
+- } else {
+- new_chain->parent = ldns_dnssec_build_data_chain(res,
+- qflags,
+- keys,
+- pkt,
+- NULL);
+- new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY;
+- }
+- ldns_rr_list_deep_free(keys);
+- }
+-}
+-
+-static void
+-ldns_dnssec_build_data_chain_other(ldns_resolver *res,
+- uint16_t qflags,
+- ldns_dnssec_data_chain *new_chain,
+- ldns_rdf *key_name,
+- ldns_rr_class c,
+- ldns_rr_list *dss)
+-{
+- /* 'self-signed', parent is a DS */
+-
+- /* okay, either we have other keys signing the current one,
+- * or the current
+- * one should have a DS record in the parent zone.
+- * How do we find this out? Try both?
+- *
+- * request DNSKEYS for current zone,
+- * add all signatures to current level
+- */
+- ldns_pkt *my_pkt;
+- ldns_rr_list *signatures2;
+-
+- new_chain->parent_type = 1;
+-
+- my_pkt = ldns_resolver_query(res,
+- key_name,
+- LDNS_RR_TYPE_DS,
+- c,
+- qflags);
+- if (my_pkt) {
+- dss = ldns_pkt_rr_list_by_name_and_type(my_pkt,
+- key_name,
+- LDNS_RR_TYPE_DS,
+- LDNS_SECTION_ANY_NOQUESTION
+- );
+- if (dss) {
+- new_chain->parent = ldns_dnssec_build_data_chain(res,
+- qflags,
+- dss,
+- my_pkt,
+- NULL);
+- new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS;
+- ldns_rr_list_deep_free(dss);
+- }
+- ldns_pkt_free(my_pkt);
+- }
+-
+- my_pkt = ldns_resolver_query(res,
+- key_name,
+- LDNS_RR_TYPE_DNSKEY,
+- c,
+- qflags);
+- if (my_pkt) {
+- signatures2 = ldns_pkt_rr_list_by_name_and_type(my_pkt,
+- key_name,
+- LDNS_RR_TYPE_RRSIG,
+- LDNS_SECTION_ANSWER);
+- if (signatures2) {
+- if (new_chain->signatures) {
+- printf("There were already sigs!\n");
+- ldns_rr_list_deep_free(new_chain->signatures);
+- printf("replacing the old sigs\n");
+- }
+- new_chain->signatures = signatures2;
+- }
+- ldns_pkt_free(my_pkt);
+- }
+-}
+-
+-static ldns_dnssec_data_chain *
+-ldns_dnssec_build_data_chain_nokeyname(ldns_resolver *res,
+- uint16_t qflags,
+- ldns_rr *orig_rr,
+- const ldns_rr_list *rrset,
+- ldns_dnssec_data_chain *new_chain)
+-{
+- ldns_rdf *possible_parent_name;
+- ldns_pkt *my_pkt;
+- /* apparently we were not able to find a signing key, so
+- we assume the chain ends here
+- */
+- /* try parents for auth denial of DS */
+- if (orig_rr) {
+- possible_parent_name = ldns_rr_owner(orig_rr);
+- } else if (rrset && ldns_rr_list_rr_count(rrset) > 0) {
+- possible_parent_name = ldns_rr_owner(ldns_rr_list_rr(rrset, 0));
+- } else {
+- /* no information to go on, give up */
+- return new_chain;
+- }
+-
+- my_pkt = ldns_resolver_query(res,
+- possible_parent_name,
+- LDNS_RR_TYPE_DS,
+- LDNS_RR_CLASS_IN,
+- qflags);
+- if (!my_pkt) {
+- return new_chain;
+- }
+-
+- if (ldns_pkt_ancount(my_pkt) > 0) {
+- /* add error, no sigs but DS in parent */
+- /*ldns_pkt_print(stdout, my_pkt);*/
+- ldns_pkt_free(my_pkt);
+- } else {
+- /* are there signatures? */
+- new_chain->parent = ldns_dnssec_build_data_chain(res,
+- qflags,
+- NULL,
+- my_pkt,
+- NULL);
+-
+- new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS;
+-
+- }
+- return new_chain;
+-}
+-
+-
+-ldns_dnssec_data_chain *
+-ldns_dnssec_build_data_chain(ldns_resolver *res,
+- uint16_t qflags,
+- const ldns_rr_list *rrset,
+- const ldns_pkt *pkt,
+- ldns_rr *orig_rr)
+-{
+- ldns_rr_list *signatures = NULL;
+- ldns_rr_list *dss = NULL;
+-
+- ldns_rr_list *my_rrset;
+-
+- ldns_pkt *my_pkt;
+-
+- ldns_rdf *name = NULL, *key_name = NULL;
+- ldns_rr_type type = 0;
+- ldns_rr_class c = 0;
+-
+- bool other_rrset = false;
+-
+- ldns_dnssec_data_chain *new_chain = ldns_dnssec_data_chain_new();
+-
+- assert(pkt != NULL);
+-
+- if (!ldns_dnssec_pkt_has_rrsigs(pkt)) {
+- /* hmm. no dnssec data in the packet. go up to try and deny
+- * DS? */
+- return new_chain;
+- }
+-
+- if (orig_rr) {
+- new_chain->rrset = ldns_rr_list_new();
+- ldns_rr_list_push_rr(new_chain->rrset, orig_rr);
+- new_chain->parent = ldns_dnssec_build_data_chain(res,
+- qflags,
+- rrset,
+- pkt,
+- NULL);
+- new_chain->packet_rcode = ldns_pkt_get_rcode(pkt);
+- new_chain->packet_qtype = ldns_rr_get_type(orig_rr);
+- if (ldns_pkt_ancount(pkt) == 0) {
+- new_chain->packet_nodata = true;
+- }
+- return new_chain;
+- }
+-
+- if (!rrset || ldns_rr_list_rr_count(rrset) < 1) {
+- /* hmm, no data, do we have denial? only works if pkt was given,
+- otherwise caller has to do the check himself */
+- new_chain->packet_nodata = true;
+- if (pkt) {
+- my_rrset = ldns_pkt_rr_list_by_type(pkt,
+- LDNS_RR_TYPE_NSEC,
+- LDNS_SECTION_ANY_NOQUESTION
+- );
+- if (my_rrset) {
+- if (ldns_rr_list_rr_count(my_rrset) > 0) {
+- type = LDNS_RR_TYPE_NSEC;
+- other_rrset = true;
+- } else {
+- ldns_rr_list_deep_free(my_rrset);
+- my_rrset = NULL;
+- }
+- } else {
+- /* nothing, try nsec3 */
+- my_rrset = ldns_pkt_rr_list_by_type(pkt,
+- LDNS_RR_TYPE_NSEC3,
+- LDNS_SECTION_ANY_NOQUESTION);
+- if (my_rrset) {
+- if (ldns_rr_list_rr_count(my_rrset) > 0) {
+- type = LDNS_RR_TYPE_NSEC3;
+- other_rrset = true;
+- } else {
+- ldns_rr_list_deep_free(my_rrset);
+- my_rrset = NULL;
+- }
+- } else {
+- /* nothing, stop */
+- /* try parent zone? for denied insecure? */
+- return new_chain;
+- }
+- }
+- } else {
+- return new_chain;
+- }
+- } else {
+- my_rrset = (ldns_rr_list *) rrset;
+- }
+-
+- if (my_rrset && ldns_rr_list_rr_count(my_rrset) > 0) {
+- new_chain->rrset = ldns_rr_list_clone(my_rrset);
+- name = ldns_rr_owner(ldns_rr_list_rr(my_rrset, 0));
+- type = ldns_rr_get_type(ldns_rr_list_rr(my_rrset, 0));
+- c = ldns_rr_get_class(ldns_rr_list_rr(my_rrset, 0));
+- }
+-
+- if (other_rrset) {
+- ldns_rr_list_deep_free(my_rrset);
+- }
+-
+- /* normally there will only be 1 signature 'set'
+- but there can be more than 1 denial (wildcards)
+- so check for NSEC
+- */
+- if (type == LDNS_RR_TYPE_NSEC || type == LDNS_RR_TYPE_NSEC3) {
+- /* just throw in all signatures, the tree builder must sort
+- this out */
+- if (pkt) {
+- signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type);
+- } else {
+- my_pkt = ldns_resolver_query(res, name, type, c, qflags);
+- if (my_pkt) {
+- signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type);
+- ldns_pkt_free(my_pkt);
+- }
+- }
+- } else {
+- if (pkt) {
+- signatures =
+- ldns_dnssec_pkt_get_rrsigs_for_name_and_type(pkt,
+- name,
+- type);
+- }
+- if (!signatures) {
+- my_pkt = ldns_resolver_query(res, name, type, c, qflags);
+- if (my_pkt) {
+- signatures =
+- ldns_dnssec_pkt_get_rrsigs_for_name_and_type(my_pkt,
+- name,
+- type);
+- ldns_pkt_free(my_pkt);
+- }
+- }
+- }
+-
+- if (signatures && ldns_rr_list_rr_count(signatures) > 0) {
+- key_name = ldns_rr_rdf(ldns_rr_list_rr(signatures, 0), 7);
+- }
+- if (!key_name) {
+- if (signatures) {
+- ldns_rr_list_deep_free(signatures);
+- }
+- return ldns_dnssec_build_data_chain_nokeyname(res,
+- qflags,
+- orig_rr,
+- rrset,
+- new_chain);
+- }
+- if (type != LDNS_RR_TYPE_DNSKEY) {
+- ldns_dnssec_build_data_chain_dnskey(res,
+- qflags,
+- pkt,
+- signatures,
+- new_chain,
+- key_name,
+- c
+- );
+- } else {
+- ldns_dnssec_build_data_chain_other(res,
+- qflags,
+- new_chain,
+- key_name,
+- c,
+- dss
+- );
+- }
+- if (signatures) {
+- ldns_rr_list_deep_free(signatures);
+- }
+- return new_chain;
+-}
+-
+-ldns_dnssec_trust_tree *
+-ldns_dnssec_trust_tree_new(void)
+-{
+- ldns_dnssec_trust_tree *new_tree = LDNS_XMALLOC(ldns_dnssec_trust_tree,
+- 1);
+- if(!new_tree) return NULL;
+- new_tree->rr = NULL;
+- new_tree->rrset = NULL;
+- new_tree->parent_count = 0;
+-
+- return new_tree;
+-}
+-
+-void
+-ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree)
+-{
+- size_t i;
+- if (tree) {
+- for (i = 0; i < tree->parent_count; i++) {
+- ldns_dnssec_trust_tree_free(tree->parents[i]);
+- }
+- }
+- LDNS_FREE(tree);
+-}
+-
+-size_t
+-ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree)
+-{
+- size_t result = 0;
+- size_t parent = 0;
+- size_t i;
+-
+- for (i = 0; i < tree->parent_count; i++) {
+- parent = ldns_dnssec_trust_tree_depth(tree->parents[i]);
+- if (parent > result) {
+- result = parent;
+- }
+- }
+- return 1 + result;
+-}
+-
+-/* TODO ldns_ */
+-static void
+-print_tabs(FILE *out, size_t nr, uint8_t *map, size_t treedepth)
+-{
+- size_t i;
+- for (i = 0; i < nr; i++) {
+- if (i == nr - 1) {
+- fprintf(out, "|---");
+- } else if (map && i < treedepth && map[i] == 1) {
+- fprintf(out, "| ");
+- } else {
+- fprintf(out, " ");
+- }
+- }
+-}
+-
+-static void
+-ldns_dnssec_trust_tree_print_sm_fmt(FILE *out,
+- const ldns_output_format *fmt,
+- ldns_dnssec_trust_tree *tree,
+- size_t tabs,
+- bool extended,
+- uint8_t *sibmap,
+- size_t treedepth)
+-{
+- size_t i;
+- const ldns_rr_descriptor *descriptor;
+- bool mapset = false;
+-
+- if (!sibmap) {
+- treedepth = ldns_dnssec_trust_tree_depth(tree);
+- sibmap = LDNS_XMALLOC(uint8_t, treedepth);
+- if(!sibmap)
+- return; /* mem err */
+- memset(sibmap, 0, treedepth);
+- mapset = true;
+- }
+-
+- if (tree) {
+- if (tree->rr) {
+- print_tabs(out, tabs, sibmap, treedepth);
+- ldns_rdf_print(out, ldns_rr_owner(tree->rr));
+- descriptor = ldns_rr_descript(ldns_rr_get_type(tree->rr));
+-
+- if (descriptor->_name) {
+- fprintf(out, " (%s", descriptor->_name);
+- } else {
+- fprintf(out, " (TYPE%d",
+- ldns_rr_get_type(tree->rr));
+- }
+- if (tabs > 0) {
+- if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DNSKEY) {
+- fprintf(out, " keytag: %u",
+- (unsigned int) ldns_calc_keytag(tree->rr));
+- fprintf(out, " alg: ");
+- ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2));
+- fprintf(out, " flags: ");
+- ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0));
+- } else if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DS) {
+- fprintf(out, " keytag: ");
+- ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0));
+- fprintf(out, " digest type: ");
+- ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2));
+- }
+- if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NSEC) {
+- fprintf(out, " ");
+- ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0));
+- fprintf(out, " ");
+- ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 1));
+- }
+- }
+-
+- fprintf(out, ")\n");
+- for (i = 0; i < tree->parent_count; i++) {
+- if (tree->parent_count > 1 && i < tree->parent_count - 1) {
+- sibmap[tabs] = 1;
+- } else {
+- sibmap[tabs] = 0;
+- }
+- /* only print errors */
+- if (ldns_rr_get_type(tree->parents[i]->rr) ==
+- LDNS_RR_TYPE_NSEC ||
+- ldns_rr_get_type(tree->parents[i]->rr) ==
+- LDNS_RR_TYPE_NSEC3) {
+- if (tree->parent_status[i] == LDNS_STATUS_OK) {
+- print_tabs(out, tabs + 1, sibmap, treedepth);
+- if (tabs == 0 &&
+- ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS &&
+- ldns_rr_rd_count(tree->rr) > 0) {
+- fprintf(out, "Existence of DS is denied by:\n");
+- } else {
+- fprintf(out, "Existence is denied by:\n");
+- }
+- } else {
+- /* NS records aren't signed */
+- if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS) {
+- fprintf(out, "Existence of DS is denied by:\n");
+- } else {
+- print_tabs(out, tabs + 1, sibmap, treedepth);
+- fprintf(out,
+- "Error in denial of existence: %s\n",
+- ldns_get_errorstr_by_id(
+- tree->parent_status[i]));
+- }
+- }
+- } else
+- if (tree->parent_status[i] != LDNS_STATUS_OK) {
+- print_tabs(out, tabs + 1, sibmap, treedepth);
+- fprintf(out,
+- "%s:\n",
+- ldns_get_errorstr_by_id(
+- tree->parent_status[i]));
+- if (tree->parent_status[i]
+- == LDNS_STATUS_SSL_ERR) {
+- printf("; SSL Error: ");
+- ERR_load_crypto_strings();
+- ERR_print_errors_fp(stdout);
+- printf("\n");
+- }
+- ldns_rr_print_fmt(out, fmt,
+- tree->
+- parent_signature[i]);
+- printf("For RRset:\n");
+- ldns_rr_list_print_fmt(out, fmt,
+- tree->rrset);
+- printf("With key:\n");
+- ldns_rr_print_fmt(out, fmt,
+- tree->parents[i]->rr);
+- }
+- ldns_dnssec_trust_tree_print_sm_fmt(out, fmt,
+- tree->parents[i],
+- tabs+1,
+- extended,
+- sibmap,
+- treedepth);
+- }
+- } else {
+- print_tabs(out, tabs, sibmap, treedepth);
+- fprintf(out, "<no data>\n");
+- }
+- } else {
+- fprintf(out, "<null pointer>\n");
+- }
+-
+- if (mapset) {
+- LDNS_FREE(sibmap);
+- }
+-}
+-
+-void
+-ldns_dnssec_trust_tree_print_fmt(FILE *out, const ldns_output_format *fmt,
+- ldns_dnssec_trust_tree *tree,
+- size_t tabs,
+- bool extended)
+-{
+- ldns_dnssec_trust_tree_print_sm_fmt(out, fmt,
+- tree, tabs, extended, NULL, 0);
+-}
+-
+-void
+-ldns_dnssec_trust_tree_print(FILE *out,
+- ldns_dnssec_trust_tree *tree,
+- size_t tabs,
+- bool extended)
+-{
+- ldns_dnssec_trust_tree_print_fmt(out, ldns_output_format_default,
+- tree, tabs, extended);
+-}
+-
+-
+-ldns_status
+-ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree,
+- const ldns_dnssec_trust_tree *parent,
+- const ldns_rr *signature,
+- const ldns_status parent_status)
+-{
+- if (tree
+- && parent
+- && tree->parent_count < LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS) {
+- /*
+- printf("Add parent for: ");
+- ldns_rr_print(stdout, tree->rr);
+- printf("parent: ");
+- ldns_rr_print(stdout, parent->rr);
+- */
+- tree->parents[tree->parent_count] =
+- (ldns_dnssec_trust_tree *) parent;
+- tree->parent_status[tree->parent_count] = parent_status;
+- tree->parent_signature[tree->parent_count] = (ldns_rr *) signature;
+- tree->parent_count++;
+- return LDNS_STATUS_OK;
+- } else {
+- return LDNS_STATUS_ERR;
+- }
+-}
+-
+-/* if rr is null, take the first from the rrset */
+-ldns_dnssec_trust_tree *
+-ldns_dnssec_derive_trust_tree_time(
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *rr,
+- time_t check_time
+- )
+-{
+- ldns_rr_list *cur_rrset;
+- ldns_rr_list *cur_sigs;
+- ldns_rr *cur_rr = NULL;
+- ldns_rr *cur_sig_rr;
+- size_t i, j;
+-
+- ldns_dnssec_trust_tree *new_tree = ldns_dnssec_trust_tree_new();
+- if(!new_tree)
+- return NULL;
+-
+- if (data_chain && data_chain->rrset) {
+- cur_rrset = data_chain->rrset;
+-
+- cur_sigs = data_chain->signatures;
+-
+- if (rr) {
+- cur_rr = rr;
+- }
+-
+- if (!cur_rr && ldns_rr_list_rr_count(cur_rrset) > 0) {
+- cur_rr = ldns_rr_list_rr(cur_rrset, 0);
+- }
+-
+- if (cur_rr) {
+- new_tree->rr = cur_rr;
+- new_tree->rrset = cur_rrset;
+- /* there are three possibilities:
+- 1 - 'normal' rrset, signed by a key
+- 2 - dnskey signed by other dnskey
+- 3 - dnskey proven by higher level DS
+- (data denied by nsec is a special case that can
+- occur in multiple places)
+-
+- */
+- if (cur_sigs) {
+- for (i = 0; i < ldns_rr_list_rr_count(cur_sigs); i++) {
+- /* find the appropriate key in the parent list */
+- cur_sig_rr = ldns_rr_list_rr(cur_sigs, i);
+-
+- if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_NSEC) {
+- if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr),
+- ldns_rr_owner(cur_rr)))
+- {
+- /* find first that does match */
+-
+- for (j = 0;
+- j < ldns_rr_list_rr_count(cur_rrset) &&
+- ldns_dname_compare(ldns_rr_owner(cur_sig_rr),ldns_rr_owner(cur_rr)) != 0;
+- j++) {
+- cur_rr = ldns_rr_list_rr(cur_rrset, j);
+-
+- }
+- if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr),
+- ldns_rr_owner(cur_rr)))
+- {
+- break;
+- }
+- }
+-
+- }
+- /* option 1 */
+- if (data_chain->parent) {
+- ldns_dnssec_derive_trust_tree_normal_rrset_time(
+- new_tree,
+- data_chain,
+- cur_sig_rr,
+- check_time);
+- }
+-
+- /* option 2 */
+- ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
+- new_tree,
+- data_chain,
+- cur_rr,
+- cur_sig_rr,
+- check_time);
+- }
+-
+- ldns_dnssec_derive_trust_tree_ds_rrset_time(
+- new_tree, data_chain,
+- cur_rr, check_time);
+- } else {
+- /* no signatures? maybe it's nsec data */
+-
+- /* just add every rr from parent as new parent */
+- ldns_dnssec_derive_trust_tree_no_sig_time(
+- new_tree, data_chain, check_time);
+- }
+- }
+- }
+-
+- return new_tree;
+-}
+-
+-ldns_dnssec_trust_tree *
+-ldns_dnssec_derive_trust_tree(ldns_dnssec_data_chain *data_chain, ldns_rr *rr)
+-{
+- return ldns_dnssec_derive_trust_tree_time(data_chain, rr, ldns_time(NULL));
+-}
+-
+-void
+-ldns_dnssec_derive_trust_tree_normal_rrset_time(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_sig_rr,
+- time_t check_time)
+-{
+- size_t i, j;
+- ldns_rr_list *cur_rrset = ldns_rr_list_clone(data_chain->rrset);
+- ldns_dnssec_trust_tree *cur_parent_tree;
+- ldns_rr *cur_parent_rr;
+- uint16_t cur_keytag;
+- ldns_rr_list *tmp_rrset = NULL;
+- ldns_status cur_status;
+-
+- cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr));
+-
+- for (j = 0; j < ldns_rr_list_rr_count(data_chain->parent->rrset); j++) {
+- cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j);
+- if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) {
+- if (ldns_calc_keytag(cur_parent_rr) == cur_keytag) {
+-
+- /* TODO: check wildcard nsec too */
+- if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) {
+- tmp_rrset = cur_rrset;
+- if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0))
+- == LDNS_RR_TYPE_NSEC ||
+- ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0))
+- == LDNS_RR_TYPE_NSEC3) {
+- /* might contain different names!
+- sort and split */
+- ldns_rr_list_sort(cur_rrset);
+- assert(tmp_rrset == cur_rrset);
+- tmp_rrset = ldns_rr_list_pop_rrset(cur_rrset);
+-
+- /* with nsecs, this might be the wrong one */
+- while (tmp_rrset &&
+- ldns_rr_list_rr_count(cur_rrset) > 0 &&
+- ldns_dname_compare(
+- ldns_rr_owner(ldns_rr_list_rr(
+- tmp_rrset, 0)),
+- ldns_rr_owner(cur_sig_rr)) != 0) {
+- ldns_rr_list_deep_free(tmp_rrset);
+- tmp_rrset =
+- ldns_rr_list_pop_rrset(cur_rrset);
+- }
+- }
+- cur_status = ldns_verify_rrsig_time(
+- tmp_rrset,
+- cur_sig_rr,
+- cur_parent_rr,
+- check_time);
+- if (tmp_rrset && tmp_rrset != cur_rrset
+- ) {
+- ldns_rr_list_deep_free(
+- tmp_rrset);
+- tmp_rrset = NULL;
+- }
+- /* avoid dupes */
+- for (i = 0; i < new_tree->parent_count; i++) {
+- if (cur_parent_rr == new_tree->parents[i]->rr) {
+- goto done;
+- }
+- }
+-
+- cur_parent_tree =
+- ldns_dnssec_derive_trust_tree_time(
+- data_chain->parent,
+- cur_parent_rr,
+- check_time);
+- (void)ldns_dnssec_trust_tree_add_parent(new_tree,
+- cur_parent_tree,
+- cur_sig_rr,
+- cur_status);
+- }
+- }
+- }
+- }
+- done:
+- ldns_rr_list_deep_free(cur_rrset);
+-}
+-
+-void
+-ldns_dnssec_derive_trust_tree_normal_rrset(ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_sig_rr)
+-{
+- ldns_dnssec_derive_trust_tree_normal_rrset_time(
+- new_tree, data_chain, cur_sig_rr, ldns_time(NULL));
+-}
+-
+-void
+-ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_rr,
+- ldns_rr *cur_sig_rr,
+- time_t check_time)
+-{
+- size_t j;
+- ldns_rr_list *cur_rrset = data_chain->rrset;
+- ldns_dnssec_trust_tree *cur_parent_tree;
+- ldns_rr *cur_parent_rr;
+- uint16_t cur_keytag;
+- ldns_status cur_status;
+-
+- cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr));
+-
+- for (j = 0; j < ldns_rr_list_rr_count(cur_rrset); j++) {
+- cur_parent_rr = ldns_rr_list_rr(cur_rrset, j);
+- if (cur_parent_rr != cur_rr &&
+- ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) {
+- if (ldns_calc_keytag(cur_parent_rr) == cur_keytag
+- ) {
+- cur_parent_tree = ldns_dnssec_trust_tree_new();
+- cur_parent_tree->rr = cur_parent_rr;
+- cur_parent_tree->rrset = cur_rrset;
+- cur_status = ldns_verify_rrsig_time(
+- cur_rrset, cur_sig_rr,
+- cur_parent_rr, check_time);
+- (void) ldns_dnssec_trust_tree_add_parent(new_tree,
+- cur_parent_tree, cur_sig_rr, cur_status);
+- }
+- }
+- }
+-}
+-
+-void
+-ldns_dnssec_derive_trust_tree_dnskey_rrset(ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_rr,
+- ldns_rr *cur_sig_rr)
+-{
+- ldns_dnssec_derive_trust_tree_dnskey_rrset_time(
+- new_tree, data_chain, cur_rr, cur_sig_rr, ldns_time(NULL));
+-}
+-
+-void
+-ldns_dnssec_derive_trust_tree_ds_rrset_time(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_rr,
+- time_t check_time)
+-{
+- size_t j, h;
+- ldns_rr_list *cur_rrset = data_chain->rrset;
+- ldns_dnssec_trust_tree *cur_parent_tree;
+- ldns_rr *cur_parent_rr;
+-
+- /* try the parent to see whether there are DSs there */
+- if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_DNSKEY &&
+- data_chain->parent &&
+- data_chain->parent->rrset
+- ) {
+- for (j = 0;
+- j < ldns_rr_list_rr_count(data_chain->parent->rrset);
+- j++) {
+- cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j);
+- if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DS) {
+- for (h = 0; h < ldns_rr_list_rr_count(cur_rrset); h++) {
+- cur_rr = ldns_rr_list_rr(cur_rrset, h);
+- if (ldns_rr_compare_ds(cur_rr, cur_parent_rr)) {
+- cur_parent_tree =
+- ldns_dnssec_derive_trust_tree_time(
+- data_chain->parent,
+- cur_parent_rr,
+- check_time);
+- (void) ldns_dnssec_trust_tree_add_parent(
+- new_tree,
+- cur_parent_tree,
+- NULL,
+- LDNS_STATUS_OK);
+- } else {
+- /*ldns_rr_print(stdout, cur_parent_rr);*/
+- }
+- }
+- }
+- }
+- }
+-}
+-
+-void
+-ldns_dnssec_derive_trust_tree_ds_rrset(ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- ldns_rr *cur_rr)
+-{
+- ldns_dnssec_derive_trust_tree_ds_rrset_time(
+- new_tree, data_chain, cur_rr, ldns_time(NULL));
+-}
+-
+-void
+-ldns_dnssec_derive_trust_tree_no_sig_time(
+- ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain,
+- time_t check_time)
+-{
+- size_t i;
+- ldns_rr_list *cur_rrset;
+- ldns_rr *cur_parent_rr;
+- ldns_dnssec_trust_tree *cur_parent_tree;
+- ldns_status result;
+-
+- if (data_chain->parent && data_chain->parent->rrset) {
+- cur_rrset = data_chain->parent->rrset;
+- /* nsec? */
+- if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) {
+- if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) ==
+- LDNS_RR_TYPE_NSEC3) {
+- result = ldns_dnssec_verify_denial_nsec3(
+- new_tree->rr,
+- cur_rrset,
+- data_chain->parent->signatures,
+- data_chain->packet_rcode,
+- data_chain->packet_qtype,
+- data_chain->packet_nodata);
+- } else if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) ==
+- LDNS_RR_TYPE_NSEC) {
+- result = ldns_dnssec_verify_denial(
+- new_tree->rr,
+- cur_rrset,
+- data_chain->parent->signatures);
+- } else {
+- /* unsigned zone, unsigned parent */
+- result = LDNS_STATUS_OK;
+- }
+- } else {
+- result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
+- }
+- for (i = 0; i < ldns_rr_list_rr_count(cur_rrset); i++) {
+- cur_parent_rr = ldns_rr_list_rr(cur_rrset, i);
+- cur_parent_tree =
+- ldns_dnssec_derive_trust_tree_time(
+- data_chain->parent,
+- cur_parent_rr,
+- check_time);
+- (void) ldns_dnssec_trust_tree_add_parent(new_tree,
+- cur_parent_tree, NULL, result);
+- }
+- }
+-}
+-
+-void
+-ldns_dnssec_derive_trust_tree_no_sig(ldns_dnssec_trust_tree *new_tree,
+- ldns_dnssec_data_chain *data_chain)
+-{
+- ldns_dnssec_derive_trust_tree_no_sig_time(
+- new_tree, data_chain, ldns_time(NULL));
+-}
+-
+-/*
+- * returns OK if there is a path from tree to key with only OK
+- * the (first) error in between otherwise
+- * or NOT_FOUND if the key wasn't present at all
+- */
+-ldns_status
+-ldns_dnssec_trust_tree_contains_keys(ldns_dnssec_trust_tree *tree,
+- ldns_rr_list *trusted_keys)
+-{
+- size_t i;
+- ldns_status result = LDNS_STATUS_CRYPTO_NO_DNSKEY;
+- bool equal;
+- ldns_status parent_result;
+-
+- if (tree && trusted_keys && ldns_rr_list_rr_count(trusted_keys) > 0)
+- { if (tree->rr) {
+- for (i = 0; i < ldns_rr_list_rr_count(trusted_keys); i++) {
+- equal = ldns_rr_compare_ds(
+- tree->rr,
+- ldns_rr_list_rr(trusted_keys, i));
+- if (equal) {
+- result = LDNS_STATUS_OK;
+- return result;
+- }
+- }
+- }
+- for (i = 0; i < tree->parent_count; i++) {
+- parent_result =
+- ldns_dnssec_trust_tree_contains_keys(tree->parents[i],
+- trusted_keys);
+- if (parent_result != LDNS_STATUS_CRYPTO_NO_DNSKEY) {
+- if (tree->parent_status[i] != LDNS_STATUS_OK) {
+- result = tree->parent_status[i];
+- } else {
+- if (tree->rr &&
+- ldns_rr_get_type(tree->rr)
+- == LDNS_RR_TYPE_NSEC &&
+- parent_result == LDNS_STATUS_OK
+- ) {
+- result =
+- LDNS_STATUS_DNSSEC_EXISTENCE_DENIED;
+- } else {
+- result = parent_result;
+- }
+- }
+- }
+- }
+- } else {
+- result = LDNS_STATUS_ERR;
+- }
+-
+- return result;
+-}
+-
+-ldns_status
+-ldns_verify_time(
+- ldns_rr_list *rrset,
+- ldns_rr_list *rrsig,
+- const ldns_rr_list *keys,
+- time_t check_time,
+- ldns_rr_list *good_keys
+- )
+-{
+- uint16_t i;
+- ldns_status verify_result = LDNS_STATUS_ERR;
+-
+- if (!rrset || !rrsig || !keys) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (ldns_rr_list_rr_count(rrset) < 1) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (ldns_rr_list_rr_count(rrsig) < 1) {
+- return LDNS_STATUS_CRYPTO_NO_RRSIG;
+- }
+-
+- if (ldns_rr_list_rr_count(keys) < 1) {
+- verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
+- } else {
+- for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) {
+- ldns_status s = ldns_verify_rrsig_keylist_time(
+- rrset, ldns_rr_list_rr(rrsig, i),
+- keys, check_time, good_keys);
+- /* try a little to get more descriptive error */
+- if(s == LDNS_STATUS_OK) {
+- verify_result = LDNS_STATUS_OK;
+- } else if(verify_result == LDNS_STATUS_ERR)
+- verify_result = s;
+- else if(s != LDNS_STATUS_ERR && verify_result ==
+- LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY)
+- verify_result = s;
+- }
+- }
+- return verify_result;
+-}
+-
+-ldns_status
+-ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, const ldns_rr_list *keys,
+- ldns_rr_list *good_keys)
+-{
+- return ldns_verify_time(rrset, rrsig, keys, ldns_time(NULL), good_keys);
+-}
+-
+-ldns_status
+-ldns_verify_notime(ldns_rr_list *rrset, ldns_rr_list *rrsig,
+- const ldns_rr_list *keys, ldns_rr_list *good_keys)
+-{
+- uint16_t i;
+- ldns_status verify_result = LDNS_STATUS_ERR;
+-
+- if (!rrset || !rrsig || !keys) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (ldns_rr_list_rr_count(rrset) < 1) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (ldns_rr_list_rr_count(rrsig) < 1) {
+- return LDNS_STATUS_CRYPTO_NO_RRSIG;
+- }
+-
+- if (ldns_rr_list_rr_count(keys) < 1) {
+- verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
+- } else {
+- for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) {
+- ldns_status s = ldns_verify_rrsig_keylist_notime(rrset,
+- ldns_rr_list_rr(rrsig, i), keys, good_keys);
+-
+- /* try a little to get more descriptive error */
+- if (s == LDNS_STATUS_OK) {
+- verify_result = LDNS_STATUS_OK;
+- } else if (verify_result == LDNS_STATUS_ERR) {
+- verify_result = s;
+- } else if (s != LDNS_STATUS_ERR && verify_result ==
+- LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) {
+- verify_result = s;
+- }
+- }
+- }
+- return verify_result;
+-}
+-
+-ldns_rr_list *
+-ldns_fetch_valid_domain_keys_time(const ldns_resolver *res,
+- const ldns_rdf *domain,
+- const ldns_rr_list *keys,
+- time_t check_time,
+- ldns_status *status)
+-{
+- ldns_rr_list * trusted_keys = NULL;
+- ldns_rr_list * ds_keys = NULL;
+- ldns_rdf * prev_parent_domain;
+- ldns_rdf * parent_domain;
+- ldns_rr_list * parent_keys = NULL;
+-
+- if (res && domain && keys) {
+-
+- if ((trusted_keys = ldns_validate_domain_dnskey_time(res,
+- domain, keys, check_time))) {
+- *status = LDNS_STATUS_OK;
+- } else {
+- /* No trusted keys in this domain, we'll have to find some in the parent domain */
+- *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
+-
+- parent_domain = ldns_dname_left_chop(domain);
+- while (parent_domain && /* Fail if we are at the root*/
+- ldns_rdf_size(parent_domain) > 0) {
+-
+- if ((parent_keys =
+- ldns_fetch_valid_domain_keys_time(res,
+- parent_domain,
+- keys,
+- check_time,
+- status))) {
+- /* Check DS records */
+- if ((ds_keys =
+- ldns_validate_domain_ds_time(res,
+- domain,
+- parent_keys,
+- check_time))) {
+- trusted_keys =
+- ldns_fetch_valid_domain_keys_time(
+- res,
+- domain,
+- ds_keys,
+- check_time,
+- status);
+- ldns_rr_list_deep_free(ds_keys);
+- } else {
+- /* No valid DS at the parent -- fail */
+- *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DS ;
+- }
+- ldns_rr_list_deep_free(parent_keys);
+- break;
+- } else {
+- parent_domain = ldns_dname_left_chop((
+- prev_parent_domain
+- = parent_domain
+- ));
+- ldns_rdf_deep_free(prev_parent_domain);
+- }
+- }
+- if (parent_domain) {
+- ldns_rdf_deep_free(parent_domain);
+- }
+- }
+- }
+- return trusted_keys;
+-}
+-
+-ldns_rr_list *
+-ldns_fetch_valid_domain_keys(const ldns_resolver *res,
+- const ldns_rdf *domain,
+- const ldns_rr_list *keys,
+- ldns_status *status)
+-{
+- return ldns_fetch_valid_domain_keys_time(
+- res, domain, keys, ldns_time(NULL), status);
+-}
+-
+-ldns_rr_list *
+-ldns_validate_domain_dnskey_time(
+- const ldns_resolver * res,
+- const ldns_rdf * domain,
+- const ldns_rr_list * keys,
+- time_t check_time
+- )
+-{
+- ldns_pkt * keypkt;
+- ldns_rr * cur_key;
+- uint16_t key_i; uint16_t key_j; uint16_t key_k;
+- uint16_t sig_i; ldns_rr * cur_sig;
+-
+- ldns_rr_list * domain_keys = NULL;
+- ldns_rr_list * domain_sigs = NULL;
+- ldns_rr_list * trusted_keys = NULL;
+-
+- /* Fetch keys for the domain */
+- keypkt = ldns_resolver_query(res, domain,
+- LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD);
+- if (keypkt) {
+- domain_keys = ldns_pkt_rr_list_by_type(keypkt,
+- LDNS_RR_TYPE_DNSKEY,
+- LDNS_SECTION_ANSWER);
+- domain_sigs = ldns_pkt_rr_list_by_type(keypkt,
+- LDNS_RR_TYPE_RRSIG,
+- LDNS_SECTION_ANSWER);
+-
+- /* Try to validate the record using our keys */
+- for (key_i=0; key_i< ldns_rr_list_rr_count(domain_keys); key_i++) {
+-
+- cur_key = ldns_rr_list_rr(domain_keys, key_i);
+- for (key_j=0; key_j<ldns_rr_list_rr_count(keys); key_j++) {
+- if (ldns_rr_compare_ds(ldns_rr_list_rr(keys, key_j),
+- cur_key)) {
+-
+- /* Current key is trusted -- validate */
+- trusted_keys = ldns_rr_list_new();
+-
+- for (sig_i=0;
+- sig_i<ldns_rr_list_rr_count(domain_sigs);
+- sig_i++) {
+- cur_sig = ldns_rr_list_rr(domain_sigs, sig_i);
+- /* Avoid non-matching sigs */
+- if (ldns_rdf2native_int16(
+- ldns_rr_rrsig_keytag(cur_sig))
+- == ldns_calc_keytag(cur_key)) {
+- if (ldns_verify_rrsig_time(
+- domain_keys,
+- cur_sig,
+- cur_key,
+- check_time)
+- == LDNS_STATUS_OK) {
+-
+- /* Push the whole rrset
+- -- we can't do much more */
+- for (key_k=0;
+- key_k<ldns_rr_list_rr_count(
+- domain_keys);
+- key_k++) {
+- ldns_rr_list_push_rr(
+- trusted_keys,
+- ldns_rr_clone(
+- ldns_rr_list_rr(
+- domain_keys,
+- key_k)));
+- }
+-
+- ldns_rr_list_deep_free(domain_keys);
+- ldns_rr_list_deep_free(domain_sigs);
+- ldns_pkt_free(keypkt);
+- return trusted_keys;
+- }
+- }
+- }
+-
+- /* Only push our trusted key */
+- ldns_rr_list_push_rr(trusted_keys,
+- ldns_rr_clone(cur_key));
+- }
+- }
+- }
+-
+- ldns_rr_list_deep_free(domain_keys);
+- ldns_rr_list_deep_free(domain_sigs);
+- ldns_pkt_free(keypkt);
+-
+- } else {
+- /* LDNS_STATUS_CRYPTO_NO_DNSKEY */
+- }
+-
+- return trusted_keys;
+-}
+-
+-ldns_rr_list *
+-ldns_validate_domain_dnskey(const ldns_resolver * res,
+- const ldns_rdf * domain,
+- const ldns_rr_list * keys)
+-{
+- return ldns_validate_domain_dnskey_time(
+- res, domain, keys, ldns_time(NULL));
+-}
+-
+-ldns_rr_list *
+-ldns_validate_domain_ds_time(
+- const ldns_resolver *res,
+- const ldns_rdf * domain,
+- const ldns_rr_list * keys,
+- time_t check_time)
+-{
+- ldns_pkt * dspkt;
+- uint16_t key_i;
+- ldns_rr_list * rrset = NULL;
+- ldns_rr_list * sigs = NULL;
+- ldns_rr_list * trusted_keys = NULL;
+-
+- /* Fetch DS for the domain */
+- dspkt = ldns_resolver_query(res, domain,
+- LDNS_RR_TYPE_DS, LDNS_RR_CLASS_IN, LDNS_RD);
+- if (dspkt) {
+- rrset = ldns_pkt_rr_list_by_type(dspkt,
+- LDNS_RR_TYPE_DS,
+- LDNS_SECTION_ANSWER);
+- sigs = ldns_pkt_rr_list_by_type(dspkt,
+- LDNS_RR_TYPE_RRSIG,
+- LDNS_SECTION_ANSWER);
+-
+- /* Validate sigs */
+- if (ldns_verify_time(rrset, sigs, keys, check_time, NULL)
+- == LDNS_STATUS_OK) {
+- trusted_keys = ldns_rr_list_new();
+- for (key_i=0; key_i<ldns_rr_list_rr_count(rrset); key_i++) {
+- ldns_rr_list_push_rr(trusted_keys,
+- ldns_rr_clone(ldns_rr_list_rr(rrset,
+- key_i)
+- )
+- );
+- }
+- }
+-
+- ldns_rr_list_deep_free(rrset);
+- ldns_rr_list_deep_free(sigs);
+- ldns_pkt_free(dspkt);
+-
+- } else {
+- /* LDNS_STATUS_CRYPTO_NO_DS */
+- }
+-
+- return trusted_keys;
+-}
+-
+-ldns_rr_list *
+-ldns_validate_domain_ds(const ldns_resolver *res,
+- const ldns_rdf * domain,
+- const ldns_rr_list * keys)
+-{
+- return ldns_validate_domain_ds_time(res, domain, keys, ldns_time(NULL));
+-}
+-
+-ldns_status
+-ldns_verify_trusted_time(
+- ldns_resolver *res,
+- ldns_rr_list *rrset,
+- ldns_rr_list * rrsigs,
+- time_t check_time,
+- ldns_rr_list * validating_keys
+- )
+-{
+- uint16_t sig_i; uint16_t key_i;
+- ldns_rr * cur_sig; ldns_rr * cur_key;
+- ldns_rr_list * trusted_keys = NULL;
+- ldns_status result = LDNS_STATUS_ERR;
+-
+- if (!res || !rrset || !rrsigs) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (ldns_rr_list_rr_count(rrset) < 1) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (ldns_rr_list_rr_count(rrsigs) < 1) {
+- return LDNS_STATUS_CRYPTO_NO_RRSIG;
+- }
+-
+- /* Look at each sig */
+- for (sig_i=0; sig_i < ldns_rr_list_rr_count(rrsigs); sig_i++) {
+-
+- cur_sig = ldns_rr_list_rr(rrsigs, sig_i);
+- /* Get a valid signer key and validate the sig */
+- if ((trusted_keys = ldns_fetch_valid_domain_keys_time(
+- res,
+- ldns_rr_rrsig_signame(cur_sig),
+- ldns_resolver_dnssec_anchors(res),
+- check_time,
+- &result))) {
+-
+- for (key_i = 0;
+- key_i < ldns_rr_list_rr_count(trusted_keys);
+- key_i++) {
+- cur_key = ldns_rr_list_rr(trusted_keys, key_i);
+-
+- if ((result = ldns_verify_rrsig_time(rrset,
+- cur_sig,
+- cur_key,
+- check_time))
+- == LDNS_STATUS_OK) {
+- if (validating_keys) {
+- ldns_rr_list_push_rr(validating_keys,
+- ldns_rr_clone(cur_key));
+- }
+- ldns_rr_list_deep_free(trusted_keys);
+- return LDNS_STATUS_OK;
+- }
+- }
+- }
+- }
+-
+- ldns_rr_list_deep_free(trusted_keys);
+- return result;
+-}
+-
+-ldns_status
+-ldns_verify_trusted(
+- ldns_resolver *res,
+- ldns_rr_list *rrset,
+- ldns_rr_list * rrsigs,
+- ldns_rr_list * validating_keys)
+-{
+- return ldns_verify_trusted_time(
+- res, rrset, rrsigs, ldns_time(NULL), validating_keys);
+-}
+-
+-
+-ldns_status
+-ldns_dnssec_verify_denial(ldns_rr *rr,
+- ldns_rr_list *nsecs,
+- ldns_rr_list *rrsigs)
+-{
+- ldns_rdf *rr_name;
+- ldns_rdf *wildcard_name;
+- ldns_rdf *chopped_dname;
+- ldns_rr *cur_nsec;
+- size_t i;
+- ldns_status result;
+- /* needed for wildcard check on exact match */
+- ldns_rr *rrsig;
+- bool name_covered = false;
+- bool type_covered = false;
+- bool wildcard_covered = false;
+- bool wildcard_type_covered = false;
+-
+- wildcard_name = ldns_dname_new_frm_str("*");
+- rr_name = ldns_rr_owner(rr);
+- chopped_dname = ldns_dname_left_chop(rr_name);
+- result = ldns_dname_cat(wildcard_name, chopped_dname);
+- ldns_rdf_deep_free(chopped_dname);
+- if (result != LDNS_STATUS_OK) {
+- return result;
+- }
+-
+- for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
+- cur_nsec = ldns_rr_list_rr(nsecs, i);
+- if (ldns_dname_compare(rr_name, ldns_rr_owner(cur_nsec)) == 0) {
+- /* see section 5.4 of RFC4035, if the label count of the NSEC's
+- RRSIG is equal, then it is proven that wildcard expansion
+- could not have been used to match the request */
+- rrsig = ldns_dnssec_get_rrsig_for_name_and_type(
+- ldns_rr_owner(cur_nsec),
+- ldns_rr_get_type(cur_nsec),
+- rrsigs);
+- if (rrsig && ldns_rdf2native_int8(ldns_rr_rrsig_labels(rrsig))
+- == ldns_dname_label_count(rr_name)) {
+- wildcard_covered = true;
+- }
+-
+- if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(cur_nsec),
+- ldns_rr_get_type(rr))) {
+- type_covered = true;
+- }
+- }
+- if (ldns_nsec_covers_name(cur_nsec, rr_name)) {
+- name_covered = true;
+- }
+-
+- if (ldns_dname_compare(wildcard_name,
+- ldns_rr_owner(cur_nsec)) == 0) {
+- if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(cur_nsec),
+- ldns_rr_get_type(rr))) {
+- wildcard_type_covered = true;
+- }
+- }
+-
+- if (ldns_nsec_covers_name(cur_nsec, wildcard_name)) {
+- wildcard_covered = true;
+- }
+-
+- }
+-
+- ldns_rdf_deep_free(wildcard_name);
+-
+- if (type_covered || !name_covered) {
+- return LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
+- }
+-
+- if (wildcard_type_covered || !wildcard_covered) {
+- return LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED;
+- }
+-
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
+- , ldns_rr_list *nsecs
+- , ATTR_UNUSED(ldns_rr_list *rrsigs)
+- , ldns_pkt_rcode packet_rcode
+- , ldns_rr_type packet_qtype
+- , bool packet_nodata
+- , ldns_rr **match
+- )
+-{
+- ldns_rdf *closest_encloser;
+- ldns_rdf *wildcard;
+- ldns_rdf *hashed_wildcard_name;
+- bool wildcard_covered = false;
+- ldns_rdf *zone_name;
+- ldns_rdf *hashed_name;
+- /* self assignment to suppress uninitialized warning */
+- ldns_rdf *next_closer = next_closer;
+- ldns_rdf *hashed_next_closer;
+- size_t i;
+- ldns_status result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
+-
+- if (match) {
+- *match = NULL;
+- }
+-
+- zone_name = ldns_dname_left_chop(ldns_rr_owner(ldns_rr_list_rr(nsecs,0)));
+-
+- /* section 8.4 */
+- if (packet_rcode == LDNS_RCODE_NXDOMAIN) {
+- closest_encloser = ldns_dnssec_nsec3_closest_encloser(
+- ldns_rr_owner(rr),
+- ldns_rr_get_type(rr),
+- nsecs);
+- if(!closest_encloser) {
+- result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
+- goto done;
+- }
+-
+- wildcard = ldns_dname_new_frm_str("*");
+- (void) ldns_dname_cat(wildcard, closest_encloser);
+-
+- for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
+- hashed_wildcard_name =
+- ldns_nsec3_hash_name_frm_nsec3(ldns_rr_list_rr(nsecs, 0),
+- wildcard
+- );
+- (void) ldns_dname_cat(hashed_wildcard_name, zone_name);
+-
+- if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, i),
+- hashed_wildcard_name)) {
+- wildcard_covered = true;
+- if (match) {
+- *match = ldns_rr_list_rr(nsecs, i);
+- }
+- }
+- ldns_rdf_deep_free(hashed_wildcard_name);
+- }
+-
+- if (! wildcard_covered) {
+- result = LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED;
+- } else {
+- result = LDNS_STATUS_OK;
+- }
+- ldns_rdf_deep_free(closest_encloser);
+- ldns_rdf_deep_free(wildcard);
+-
+- } else if (packet_nodata && packet_qtype != LDNS_RR_TYPE_DS) {
+- /* section 8.5 */
+- hashed_name = ldns_nsec3_hash_name_frm_nsec3(
+- ldns_rr_list_rr(nsecs, 0),
+- ldns_rr_owner(rr));
+- (void) ldns_dname_cat(hashed_name, zone_name);
+- for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
+- if (ldns_dname_compare(hashed_name,
+- ldns_rr_owner(ldns_rr_list_rr(nsecs, i)))
+- == 0) {
+- if (!ldns_nsec_bitmap_covers_type(
+- ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
+- packet_qtype)
+- &&
+- !ldns_nsec_bitmap_covers_type(
+- ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
+- LDNS_RR_TYPE_CNAME)) {
+- result = LDNS_STATUS_OK;
+- if (match) {
+- *match = ldns_rr_list_rr(nsecs, i);
+- }
+- goto done;
+- }
+- }
+- }
+- result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
+- /* wildcard no data? section 8.7 */
+- closest_encloser = ldns_dnssec_nsec3_closest_encloser(
+- ldns_rr_owner(rr),
+- ldns_rr_get_type(rr),
+- nsecs);
+- if(!closest_encloser) {
+- result = LDNS_STATUS_NSEC3_ERR;
+- goto done;
+- }
+- wildcard = ldns_dname_new_frm_str("*");
+- (void) ldns_dname_cat(wildcard, closest_encloser);
+- for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
+- hashed_wildcard_name =
+- ldns_nsec3_hash_name_frm_nsec3(ldns_rr_list_rr(nsecs, 0),
+- wildcard);
+- (void) ldns_dname_cat(hashed_wildcard_name, zone_name);
+-
+- if (ldns_dname_compare(hashed_wildcard_name,
+- ldns_rr_owner(ldns_rr_list_rr(nsecs, i)))
+- == 0) {
+- if (!ldns_nsec_bitmap_covers_type(
+- ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
+- packet_qtype)
+- &&
+- !ldns_nsec_bitmap_covers_type(
+- ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
+- LDNS_RR_TYPE_CNAME)) {
+- result = LDNS_STATUS_OK;
+- if (match) {
+- *match = ldns_rr_list_rr(nsecs, i);
+- }
+- }
+- }
+- ldns_rdf_deep_free(hashed_wildcard_name);
+- if (result == LDNS_STATUS_OK) {
+- break;
+- }
+- }
+- ldns_rdf_deep_free(closest_encloser);
+- ldns_rdf_deep_free(wildcard);
+- } else if (packet_nodata && packet_qtype == LDNS_RR_TYPE_DS) {
+- /* section 8.6 */
+- /* note: up to XXX this is the same as for 8.5 */
+- hashed_name = ldns_nsec3_hash_name_frm_nsec3(ldns_rr_list_rr(nsecs,
+- 0),
+- ldns_rr_owner(rr)
+- );
+- (void) ldns_dname_cat(hashed_name, zone_name);
+- for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
+- if (ldns_dname_compare(hashed_name,
+- ldns_rr_owner(ldns_rr_list_rr(nsecs,
+- i)))
+- == 0) {
+- if (!ldns_nsec_bitmap_covers_type(
+- ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
+- LDNS_RR_TYPE_DS)
+- &&
+- !ldns_nsec_bitmap_covers_type(
+- ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)),
+- LDNS_RR_TYPE_CNAME)) {
+- result = LDNS_STATUS_OK;
+- if (match) {
+- *match = ldns_rr_list_rr(nsecs, i);
+- }
+- goto done;
+- }
+- }
+- }
+-
+- /* XXX see note above */
+- result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
+-
+- closest_encloser = ldns_dnssec_nsec3_closest_encloser(
+- ldns_rr_owner(rr),
+- ldns_rr_get_type(rr),
+- nsecs);
+- if(!closest_encloser) {
+- result = LDNS_STATUS_NSEC3_ERR;
+- goto done;
+- }
+- /* Now check if we have a Opt-Out NSEC3 that covers the "next closer"*/
+-
+- if (ldns_dname_label_count(closest_encloser) + 1
+- >= ldns_dname_label_count(ldns_rr_owner(rr))) {
+-
+- /* Query name *is* the "next closer". */
+- hashed_next_closer = hashed_name;
+- } else {
+-
+- /* "next closer" has less labels than the query name.
+- * Create the name and hash it.
+- */
+- next_closer = ldns_dname_clone_from(
+- ldns_rr_owner(rr),
+- ldns_dname_label_count(ldns_rr_owner(rr))
+- - (ldns_dname_label_count(closest_encloser) + 1)
+- );
+- hashed_next_closer = ldns_nsec3_hash_name_frm_nsec3(
+- ldns_rr_list_rr(nsecs, 0),
+- next_closer
+- );
+- (void) ldns_dname_cat(hashed_next_closer, zone_name);
+- }
+- /* Find the NSEC3 that covers the "next closer" */
+- for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
+- if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, i),
+- hashed_next_closer) &&
+- ldns_nsec3_optout(ldns_rr_list_rr(nsecs, i))) {
+-
+- result = LDNS_STATUS_OK;
+- if (match) {
+- *match = ldns_rr_list_rr(nsecs, i);
+- }
+- break;
+- }
+- }
+- if (ldns_dname_label_count(closest_encloser) + 1
+- < ldns_dname_label_count(ldns_rr_owner(rr))) {
+-
+- /* "next closer" has less labels than the query name.
+- * Dispose of the temporary variables that held that name.
+- */
+- ldns_rdf_deep_free(hashed_next_closer);
+- ldns_rdf_deep_free(next_closer);
+- }
+- ldns_rdf_deep_free(closest_encloser);
+- }
+-
+- done:
+- ldns_rdf_deep_free(zone_name);
+- return result;
+-}
+-
+-ldns_status
+-ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
+- ldns_rr_list *nsecs,
+- ldns_rr_list *rrsigs,
+- ldns_pkt_rcode packet_rcode,
+- ldns_rr_type packet_qtype,
+- bool packet_nodata)
+-{
+- return ldns_dnssec_verify_denial_nsec3_match(
+- rr, nsecs, rrsigs, packet_rcode,
+- packet_qtype, packet_nodata, NULL
+- );
+-}
+-
+-#ifdef USE_GOST
+-EVP_PKEY*
+-ldns_gost2pkey_raw(unsigned char* key, size_t keylen)
+-{
+- /* prefix header for X509 encoding */
+- uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85,
+- 0x03, 0x02, 0x02, 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85,
+- 0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07, 0x2a, 0x85, 0x03,
+- 0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40};
+- unsigned char encoded[37+64];
+- const unsigned char* pp;
+- if(keylen != 64) {
+- /* key wrong size */
+- return NULL;
+- }
+-
+- /* create evp_key */
+- memmove(encoded, asn, 37);
+- memmove(encoded+37, key, 64);
+- pp = (unsigned char*)&encoded[0];
+-
+- return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded));
+-}
+-
+-static ldns_status
+-ldns_verify_rrsig_gost_raw(unsigned char* sig, size_t siglen,
+- ldns_buffer* rrset, unsigned char* key, size_t keylen)
+-{
+- EVP_PKEY *evp_key;
+- ldns_status result;
+-
+- (void) ldns_key_EVP_load_gost_id();
+- evp_key = ldns_gost2pkey_raw(key, keylen);
+- if(!evp_key) {
+- /* could not convert key */
+- return LDNS_STATUS_CRYPTO_BOGUS;
+- }
+-
+- /* verify signature */
+- result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset,
+- evp_key, EVP_get_digestbyname("md_gost94"));
+- EVP_PKEY_free(evp_key);
+-
+- return result;
+-}
+-#endif
+-
+-#ifdef USE_ECDSA
+-EVP_PKEY*
+-ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
+-{
+- unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
+- const unsigned char* pp = buf;
+- EVP_PKEY *evp_key;
+- EC_KEY *ec;
+- /* check length, which uncompressed must be 2 bignums */
+- if(algo == LDNS_ECDSAP256SHA256) {
+- if(keylen != 2*256/8) return NULL;
+- ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+- } else if(algo == LDNS_ECDSAP384SHA384) {
+- if(keylen != 2*384/8) return NULL;
+- ec = EC_KEY_new_by_curve_name(NID_secp384r1);
+- } else ec = NULL;
+- if(!ec) return NULL;
+- if(keylen+1 > sizeof(buf))
+- return NULL; /* sanity check */
+- /* prepend the 0x02 (from docs) (or actually 0x04 from implementation
+- * of openssl) for uncompressed data */
+- buf[0] = POINT_CONVERSION_UNCOMPRESSED;
+- memmove(buf+1, key, keylen);
+- if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) {
+- EC_KEY_free(ec);
+- return NULL;
+- }
+- evp_key = EVP_PKEY_new();
+- if(!evp_key) {
+- EC_KEY_free(ec);
+- return NULL;
+- }
+- if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
+- EVP_PKEY_free(evp_key);
+- EC_KEY_free(ec);
+- return NULL;
+- }
+- return evp_key;
+-}
+-
+-static ldns_status
+-ldns_verify_rrsig_ecdsa_raw(unsigned char* sig, size_t siglen,
+- ldns_buffer* rrset, unsigned char* key, size_t keylen, uint8_t algo)
+-{
+- EVP_PKEY *evp_key;
+- ldns_status result;
+- const EVP_MD *d;
+-
+- evp_key = ldns_ecdsa2pkey_raw(key, keylen, algo);
+- if(!evp_key) {
+- /* could not convert key */
+- return LDNS_STATUS_CRYPTO_BOGUS;
+- }
+- if(algo == LDNS_ECDSAP256SHA256)
+- d = EVP_sha256();
+- else d = EVP_sha384(); /* LDNS_ECDSAP384SHA384 */
+- result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, d);
+- EVP_PKEY_free(evp_key);
+- return result;
+-}
+-#endif
+-
+-ldns_status
+-ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf, ldns_buffer *verify_buf,
+- ldns_buffer *key_buf, uint8_t algo)
+-{
+- return ldns_verify_rrsig_buffers_raw(
+- (unsigned char*)ldns_buffer_begin(rawsig_buf),
+- ldns_buffer_position(rawsig_buf),
+- verify_buf,
+- (unsigned char*)ldns_buffer_begin(key_buf),
+- ldns_buffer_position(key_buf), algo);
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_buffers_raw(unsigned char* sig, size_t siglen,
+- ldns_buffer *verify_buf, unsigned char* key, size_t keylen,
+- uint8_t algo)
+-{
+- /* check for right key */
+- switch(algo) {
+- case LDNS_DSA:
+- case LDNS_DSA_NSEC3:
+- return ldns_verify_rrsig_dsa_raw(sig,
+- siglen,
+- verify_buf,
+- key,
+- keylen);
+- break;
+- case LDNS_RSASHA1:
+- case LDNS_RSASHA1_NSEC3:
+- return ldns_verify_rrsig_rsasha1_raw(sig,
+- siglen,
+- verify_buf,
+- key,
+- keylen);
+- break;
+-#ifdef USE_SHA2
+- case LDNS_RSASHA256:
+- return ldns_verify_rrsig_rsasha256_raw(sig,
+- siglen,
+- verify_buf,
+- key,
+- keylen);
+- break;
+- case LDNS_RSASHA512:
+- return ldns_verify_rrsig_rsasha512_raw(sig,
+- siglen,
+- verify_buf,
+- key,
+- keylen);
+- break;
+-#endif
+-#ifdef USE_GOST
+- case LDNS_ECC_GOST:
+- return ldns_verify_rrsig_gost_raw(sig, siglen, verify_buf,
+- key, keylen);
+- break;
+-#endif
+-#ifdef USE_ECDSA
+- case LDNS_ECDSAP256SHA256:
+- case LDNS_ECDSAP384SHA384:
+- return ldns_verify_rrsig_ecdsa_raw(sig, siglen, verify_buf,
+- key, keylen, algo);
+- break;
+-#endif
+- case LDNS_RSAMD5:
+- return ldns_verify_rrsig_rsamd5_raw(sig,
+- siglen,
+- verify_buf,
+- key,
+- keylen);
+- break;
+- default:
+- /* do you know this alg?! */
+- return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
+- }
+-}
+-
+-
+-/**
+- * Reset the ttl in the rrset with the orig_ttl from the sig
+- * and update owner name if it was wildcard
+- * Also canonicalizes the rrset.
+- * @param rrset: rrset to modify
+- * @param sig: signature to take TTL and wildcard values from
+- */
+-static void
+-ldns_rrset_use_signature_ttl(ldns_rr_list* rrset_clone, ldns_rr* rrsig)
+-{
+- uint32_t orig_ttl;
+- uint16_t i;
+- uint8_t label_count;
+- ldns_rdf *wildcard_name;
+- ldns_rdf *wildcard_chopped;
+- ldns_rdf *wildcard_chopped_tmp;
+-
+- if ((rrsig == NULL) || ldns_rr_rd_count(rrsig) < 4) {
+- return;
+- }
+-
+- orig_ttl = ldns_rdf2native_int32( ldns_rr_rdf(rrsig, 3));
+- label_count = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 2));
+-
+- for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) {
+- if (label_count <
+- ldns_dname_label_count(
+- ldns_rr_owner(ldns_rr_list_rr(rrset_clone, i)))) {
+- (void) ldns_str2rdf_dname(&wildcard_name, "*");
+- wildcard_chopped = ldns_rdf_clone(ldns_rr_owner(
+- ldns_rr_list_rr(rrset_clone, i)));
+- while (label_count < ldns_dname_label_count(wildcard_chopped)) {
+- wildcard_chopped_tmp = ldns_dname_left_chop(
+- wildcard_chopped);
+- ldns_rdf_deep_free(wildcard_chopped);
+- wildcard_chopped = wildcard_chopped_tmp;
+- }
+- (void) ldns_dname_cat(wildcard_name, wildcard_chopped);
+- ldns_rdf_deep_free(wildcard_chopped);
+- ldns_rdf_deep_free(ldns_rr_owner(ldns_rr_list_rr(
+- rrset_clone, i)));
+- ldns_rr_set_owner(ldns_rr_list_rr(rrset_clone, i),
+- wildcard_name);
+- }
+- ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i), orig_ttl);
+- /* convert to lowercase */
+- ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i));
+- }
+-}
+-
+-/**
+- * Make raw signature buffer out of rrsig
+- * @param rawsig_buf: raw signature buffer for result
+- * @param rrsig: signature to convert
+- * @return OK or more specific error.
+- */
+-static ldns_status
+-ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, ldns_rr* rrsig)
+-{
+- uint8_t sig_algo;
+-
+- if (rrsig == NULL) {
+- return LDNS_STATUS_CRYPTO_NO_RRSIG;
+- }
+- if (ldns_rr_rdf(rrsig, 1) == NULL) {
+- return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
+- }
+- sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1));
+- /* check for known and implemented algo's now (otherwise
+- * the function could return a wrong error
+- */
+- /* create a buffer with signature rdata */
+- /* for some algorithms we need other data than for others... */
+- /* (the DSA API wants DER encoding for instance) */
+-
+- switch(sig_algo) {
+- case LDNS_RSAMD5:
+- case LDNS_RSASHA1:
+- case LDNS_RSASHA1_NSEC3:
+-#ifdef USE_SHA2
+- case LDNS_RSASHA256:
+- case LDNS_RSASHA512:
+-#endif
+-#ifdef USE_GOST
+- case LDNS_ECC_GOST:
+-#endif
+- if (ldns_rr_rdf(rrsig, 8) == NULL) {
+- return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
+- }
+- if (ldns_rdf2buffer_wire(rawsig_buf, ldns_rr_rdf(rrsig, 8))
+- != LDNS_STATUS_OK) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- break;
+- case LDNS_DSA:
+- case LDNS_DSA_NSEC3:
+- /* EVP takes rfc2459 format, which is a tad longer than dns format */
+- if (ldns_rr_rdf(rrsig, 8) == NULL) {
+- return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
+- }
+- if (ldns_convert_dsa_rrsig_rdf2asn1(
+- rawsig_buf, ldns_rr_rdf(rrsig, 8))
+- != LDNS_STATUS_OK) {
+- /*
+- if (ldns_rdf2buffer_wire(rawsig_buf,
+- ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) {
+- */
+- return LDNS_STATUS_MEM_ERR;
+- }
+- break;
+-#ifdef USE_ECDSA
+- case LDNS_ECDSAP256SHA256:
+- case LDNS_ECDSAP384SHA384:
+- /* EVP produces an ASN prefix on the signature, which is
+- * not used in the DNS */
+- if (ldns_rr_rdf(rrsig, 8) == NULL) {
+- return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
+- }
+- if (ldns_convert_ecdsa_rrsig_rdf2asn1(
+- rawsig_buf, ldns_rr_rdf(rrsig, 8))
+- != LDNS_STATUS_OK) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- break;
+-#endif
+- case LDNS_DH:
+- case LDNS_ECC:
+- case LDNS_INDIRECT:
+- return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL;
+- default:
+- return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-/**
+- * Check RRSIG timestamps against the given 'now' time.
+- * @param rrsig: signature to check.
+- * @param now: the current time in seconds epoch.
+- * @return status code LDNS_STATUS_OK if all is fine.
+- */
+-static ldns_status
+-ldns_rrsig_check_timestamps(ldns_rr* rrsig, time_t now)
+-{
+- int32_t inception, expiration;
+-
+- /* check the signature time stamps */
+- inception = (int32_t)ldns_rdf2native_time_t(
+- ldns_rr_rrsig_inception(rrsig));
+- expiration = (int32_t)ldns_rdf2native_time_t(
+- ldns_rr_rrsig_expiration(rrsig));
+-
+- if (expiration - inception < 0) {
+- /* bad sig, expiration before inception?? Tsssg */
+- return LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION;
+- }
+- if (((int32_t) now) - inception < 0) {
+- /* bad sig, inception date has not yet come to pass */
+- return LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED;
+- }
+- if (expiration - ((int32_t) now) < 0) {
+- /* bad sig, expiration date has passed */
+- return LDNS_STATUS_CRYPTO_SIG_EXPIRED;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-/**
+- * Prepare for verification.
+- * @param rawsig_buf: raw signature buffer made ready.
+- * @param verify_buf: data for verification buffer made ready.
+- * @param rrset_clone: made ready.
+- * @param rrsig: signature to prepare for.
+- * @return LDNS_STATUS_OK is all went well. Otherwise specific error.
+- */
+-static ldns_status
+-ldns_prepare_for_verify(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf,
+- ldns_rr_list* rrset_clone, ldns_rr* rrsig)
+-{
+- ldns_status result;
+-
+- /* canonicalize the sig */
+- ldns_dname2canonical(ldns_rr_owner(rrsig));
+-
+- /* check if the typecovered is equal to the type checked */
+- if (ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rrsig)) !=
+- ldns_rr_get_type(ldns_rr_list_rr(rrset_clone, 0)))
+- return LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR;
+-
+- /* create a buffer with b64 signature rdata */
+- result = ldns_rrsig2rawsig_buffer(rawsig_buf, rrsig);
+- if(result != LDNS_STATUS_OK)
+- return result;
+-
+- /* use TTL from signature. Use wildcard names for wildcards */
+- /* also canonicalizes rrset_clone */
+- ldns_rrset_use_signature_ttl(rrset_clone, rrsig);
+-
+- /* sort the rrset in canonical order */
+- ldns_rr_list_sort(rrset_clone);
+-
+- /* put the signature rr (without the b64) to the verify_buf */
+- if (ldns_rrsig2buffer_wire(verify_buf, rrsig) != LDNS_STATUS_OK)
+- return LDNS_STATUS_MEM_ERR;
+-
+- /* add the rrset in verify_buf */
+- if(ldns_rr_list2buffer_wire(verify_buf, rrset_clone)
+- != LDNS_STATUS_OK)
+- return LDNS_STATUS_MEM_ERR;
+-
+- return LDNS_STATUS_OK;
+-}
+-
+-/**
+- * Check if a key matches a signature.
+- * Checks keytag, sigalgo and signature.
+- * @param rawsig_buf: raw signature buffer for verify
+- * @param verify_buf: raw data buffer for verify
+- * @param rrsig: the rrsig
+- * @param key: key to attempt.
+- * @return LDNS_STATUS_OK if OK, else some specific error.
+- */
+-static ldns_status
+-ldns_verify_test_sig_key(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf,
+- ldns_rr* rrsig, ldns_rr* key)
+-{
+- uint8_t sig_algo;
+-
+- if (rrsig == NULL) {
+- return LDNS_STATUS_CRYPTO_NO_RRSIG;
+- }
+- if (ldns_rr_rdf(rrsig, 1) == NULL) {
+- return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG;
+- }
+- sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1));
+-
+- /* before anything, check if the keytags match */
+- if (ldns_calc_keytag(key)
+- ==
+- ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig))
+- ) {
+- ldns_buffer* key_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- ldns_status result = LDNS_STATUS_ERR;
+-
+- /* put the key-data in a buffer, that's the third rdf, with
+- * the base64 encoded key data */
+- if (ldns_rr_rdf(key, 3) == NULL) {
+- ldns_buffer_free(key_buf);
+- return LDNS_STATUS_MISSING_RDATA_FIELDS_KEY;
+- }
+- if (ldns_rdf2buffer_wire(key_buf, ldns_rr_rdf(key, 3))
+- != LDNS_STATUS_OK) {
+- ldns_buffer_free(key_buf);
+- /* returning is bad might screw up
+- good keys later in the list
+- what to do? */
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (ldns_rr_rdf(key, 2) == NULL) {
+- result = LDNS_STATUS_MISSING_RDATA_FIELDS_KEY;
+- }
+- else if (sig_algo == ldns_rdf2native_int8(
+- ldns_rr_rdf(key, 2))) {
+- result = ldns_verify_rrsig_buffers(rawsig_buf,
+- verify_buf, key_buf, sig_algo);
+- } else {
+- /* No keys with the corresponding algorithm are found */
+- result = LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY;
+- }
+-
+- ldns_buffer_free(key_buf);
+- return result;
+- }
+- else {
+- /* No keys with the corresponding keytag are found */
+- return LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY;
+- }
+-}
+-
+-/*
+- * to verify:
+- * - create the wire fmt of the b64 key rdata
+- * - create the wire fmt of the sorted rrset
+- * - create the wire fmt of the b64 sig rdata
+- * - create the wire fmt of the sig without the b64 rdata
+- * - cat the sig data (without b64 rdata) to the rrset
+- * - verify the rrset+sig, with the b64 data and the b64 key data
+- */
+-ldns_status
+-ldns_verify_rrsig_keylist_time(
+- ldns_rr_list *rrset,
+- ldns_rr *rrsig,
+- const ldns_rr_list *keys,
+- time_t check_time,
+- ldns_rr_list *good_keys)
+-{
+- ldns_status result;
+- ldns_rr_list *valid = ldns_rr_list_new();
+- if (!valid)
+- return LDNS_STATUS_MEM_ERR;
+-
+- result = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, valid);
+- if(result != LDNS_STATUS_OK) {
+- ldns_rr_list_free(valid);
+- return result;
+- }
+-
+- /* check timestamps last; its OK except time */
+- result = ldns_rrsig_check_timestamps(rrsig, check_time);
+- if(result != LDNS_STATUS_OK) {
+- ldns_rr_list_free(valid);
+- return result;
+- }
+-
+- ldns_rr_list_cat(good_keys, valid);
+- ldns_rr_list_free(valid);
+- return LDNS_STATUS_OK;
+-}
+-
+-/*
+- * to verify:
+- * - create the wire fmt of the b64 key rdata
+- * - create the wire fmt of the sorted rrset
+- * - create the wire fmt of the b64 sig rdata
+- * - create the wire fmt of the sig without the b64 rdata
+- * - cat the sig data (without b64 rdata) to the rrset
+- * - verify the rrset+sig, with the b64 data and the b64 key data
+- */
+-ldns_status
+-ldns_verify_rrsig_keylist(ldns_rr_list *rrset,
+- ldns_rr *rrsig,
+- const ldns_rr_list *keys,
+- ldns_rr_list *good_keys)
+-{
+- return ldns_verify_rrsig_keylist_time(
+- rrset, rrsig, keys, ldns_time(NULL), good_keys);
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset,
+- ldns_rr *rrsig,
+- const ldns_rr_list *keys,
+- ldns_rr_list *good_keys)
+-{
+- ldns_buffer *rawsig_buf;
+- ldns_buffer *verify_buf;
+- uint16_t i;
+- ldns_status result, status;
+- ldns_rr_list *rrset_clone;
+- ldns_rr_list *validkeys;
+-
+- if (!rrset) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- validkeys = ldns_rr_list_new();
+- if (!validkeys) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- /* clone the rrset so that we can fiddle with it */
+- rrset_clone = ldns_rr_list_clone(rrset);
+-
+- /* create the buffers which will certainly hold the raw data */
+- rawsig_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- verify_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+-
+- result = ldns_prepare_for_verify(rawsig_buf, verify_buf,
+- rrset_clone, rrsig);
+- if(result != LDNS_STATUS_OK) {
+- ldns_buffer_free(verify_buf);
+- ldns_buffer_free(rawsig_buf);
+- ldns_rr_list_deep_free(rrset_clone);
+- ldns_rr_list_free(validkeys);
+- return result;
+- }
+-
+- result = LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY;
+- for(i = 0; i < ldns_rr_list_rr_count(keys); i++) {
+- status = ldns_verify_test_sig_key(rawsig_buf, verify_buf,
+- rrsig, ldns_rr_list_rr(keys, i));
+- if (status == LDNS_STATUS_OK) {
+- /* one of the keys has matched, don't break
+- * here, instead put the 'winning' key in
+- * the validkey list and return the list
+- * later */
+- if (!ldns_rr_list_push_rr(validkeys,
+- ldns_rr_list_rr(keys,i))) {
+- /* couldn't push the key?? */
+- ldns_buffer_free(rawsig_buf);
+- ldns_buffer_free(verify_buf);
+- ldns_rr_list_deep_free(rrset_clone);
+- ldns_rr_list_free(validkeys);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- result = status;
+- }
+-
+- if (result == LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) {
+- result = status;
+- }
+- }
+-
+- /* no longer needed */
+- ldns_rr_list_deep_free(rrset_clone);
+- ldns_buffer_free(rawsig_buf);
+- ldns_buffer_free(verify_buf);
+-
+- if (ldns_rr_list_rr_count(validkeys) == 0) {
+- /* no keys were added, return last error */
+- ldns_rr_list_free(validkeys);
+- return result;
+- }
+-
+- /* do not check timestamps */
+-
+- ldns_rr_list_cat(good_keys, validkeys);
+- ldns_rr_list_free(validkeys);
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_time(
+- ldns_rr_list *rrset,
+- ldns_rr *rrsig,
+- ldns_rr *key,
+- time_t check_time)
+-{
+- ldns_buffer *rawsig_buf;
+- ldns_buffer *verify_buf;
+- ldns_status result;
+- ldns_rr_list *rrset_clone;
+-
+- if (!rrset) {
+- return LDNS_STATUS_NO_DATA;
+- }
+- /* clone the rrset so that we can fiddle with it */
+- rrset_clone = ldns_rr_list_clone(rrset);
+- /* create the buffers which will certainly hold the raw data */
+- rawsig_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- verify_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+-
+- result = ldns_prepare_for_verify(rawsig_buf, verify_buf,
+- rrset_clone, rrsig);
+- if(result != LDNS_STATUS_OK) {
+- ldns_rr_list_deep_free(rrset_clone);
+- ldns_buffer_free(rawsig_buf);
+- ldns_buffer_free(verify_buf);
+- return result;
+- }
+- result = ldns_verify_test_sig_key(rawsig_buf, verify_buf,
+- rrsig, key);
+- /* no longer needed */
+- ldns_rr_list_deep_free(rrset_clone);
+- ldns_buffer_free(rawsig_buf);
+- ldns_buffer_free(verify_buf);
+-
+- /* check timestamp last, apart from time its OK */
+- if(result == LDNS_STATUS_OK)
+- result = ldns_rrsig_check_timestamps(rrsig, check_time);
+-
+- return result;
+-}
+-
+-ldns_status
+-ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key)
+-{
+- return ldns_verify_rrsig_time(rrset, rrsig, key, ldns_time(NULL));
+-}
+-
+-
+-ldns_status
+-ldns_verify_rrsig_evp(ldns_buffer *sig,
+- ldns_buffer *rrset,
+- EVP_PKEY *key,
+- const EVP_MD *digest_type)
+-{
+- return ldns_verify_rrsig_evp_raw(
+- (unsigned char*)ldns_buffer_begin(sig),
+- ldns_buffer_position(sig),
+- rrset,
+- key,
+- digest_type);
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_evp_raw(unsigned char *sig, size_t siglen,
+- ldns_buffer *rrset, EVP_PKEY *key, const EVP_MD *digest_type)
+-{
+- EVP_MD_CTX ctx;
+- int res;
+-
+- EVP_MD_CTX_init(&ctx);
+-
+- EVP_VerifyInit(&ctx, digest_type);
+- EVP_VerifyUpdate(&ctx,
+- ldns_buffer_begin(rrset),
+- ldns_buffer_position(rrset));
+- res = EVP_VerifyFinal(&ctx, sig, (unsigned int) siglen, key);
+-
+- EVP_MD_CTX_cleanup(&ctx);
+-
+- if (res == 1) {
+- return LDNS_STATUS_OK;
+- } else if (res == 0) {
+- return LDNS_STATUS_CRYPTO_BOGUS;
+- }
+- /* TODO how to communicate internal SSL error?
+- let caller use ssl's get_error() */
+- return LDNS_STATUS_SSL_ERR;
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_dsa(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
+-{
+- return ldns_verify_rrsig_dsa_raw(
+- (unsigned char*) ldns_buffer_begin(sig),
+- ldns_buffer_position(sig),
+- rrset,
+- (unsigned char*) ldns_buffer_begin(key),
+- ldns_buffer_position(key));
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_rsasha1(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
+-{
+- return ldns_verify_rrsig_rsasha1_raw(
+- (unsigned char*)ldns_buffer_begin(sig),
+- ldns_buffer_position(sig),
+- rrset,
+- (unsigned char*) ldns_buffer_begin(key),
+- ldns_buffer_position(key));
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_rsamd5(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
+-{
+- return ldns_verify_rrsig_rsamd5_raw(
+- (unsigned char*)ldns_buffer_begin(sig),
+- ldns_buffer_position(sig),
+- rrset,
+- (unsigned char*) ldns_buffer_begin(key),
+- ldns_buffer_position(key));
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_dsa_raw(unsigned char* sig, size_t siglen,
+- ldns_buffer* rrset, unsigned char* key, size_t keylen)
+-{
+- EVP_PKEY *evp_key;
+- ldns_status result;
+-
+- evp_key = EVP_PKEY_new();
+- if (EVP_PKEY_assign_DSA(evp_key, ldns_key_buf2dsa_raw(key, keylen))) {
+- result = ldns_verify_rrsig_evp_raw(sig,
+- siglen,
+- rrset,
+- evp_key,
+- EVP_dss1());
+- } else {
+- result = LDNS_STATUS_SSL_ERR;
+- }
+- EVP_PKEY_free(evp_key);
+- return result;
+-
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_rsasha1_raw(unsigned char* sig, size_t siglen,
+- ldns_buffer* rrset, unsigned char* key, size_t keylen)
+-{
+- EVP_PKEY *evp_key;
+- ldns_status result;
+-
+- evp_key = EVP_PKEY_new();
+- if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
+- result = ldns_verify_rrsig_evp_raw(sig,
+- siglen,
+- rrset,
+- evp_key,
+- EVP_sha1());
+- } else {
+- result = LDNS_STATUS_SSL_ERR;
+- }
+- EVP_PKEY_free(evp_key);
+-
+- return result;
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_rsasha256_raw(unsigned char* sig,
+- size_t siglen,
+- ldns_buffer* rrset,
+- unsigned char* key,
+- size_t keylen)
+-{
+-#ifdef USE_SHA2
+- EVP_PKEY *evp_key;
+- ldns_status result;
+-
+- evp_key = EVP_PKEY_new();
+- if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
+- result = ldns_verify_rrsig_evp_raw(sig,
+- siglen,
+- rrset,
+- evp_key,
+- EVP_sha256());
+- } else {
+- result = LDNS_STATUS_SSL_ERR;
+- }
+- EVP_PKEY_free(evp_key);
+-
+- return result;
+-#else
+- /* touch these to prevent compiler warnings */
+- (void) sig;
+- (void) siglen;
+- (void) rrset;
+- (void) key;
+- (void) keylen;
+- return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
+-#endif
+-}
+-
+-ldns_status
+-ldns_verify_rrsig_rsasha512_raw(unsigned char* sig,
+- size_t siglen,
+- ldns_buffer* rrset,
+- unsigned char* key,
+- size_t keylen)
+-{
+-#ifdef USE_SHA2
+- EVP_PKEY *evp_key;
+- ldns_status result;
+-
+- evp_key = EVP_PKEY_new();
+- if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
+- result = ldns_verify_rrsig_evp_raw(sig,
+- siglen,
+- rrset,
+- evp_key,
+- EVP_sha512());
+- } else {
+- result = LDNS_STATUS_SSL_ERR;
+- }
+- EVP_PKEY_free(evp_key);
+-
+- return result;
+-#else
+- /* touch these to prevent compiler warnings */
+- (void) sig;
+- (void) siglen;
+- (void) rrset;
+- (void) key;
+- (void) keylen;
+- return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
+-#endif
+-}
+-
+-
+-ldns_status
+-ldns_verify_rrsig_rsamd5_raw(unsigned char* sig,
+- size_t siglen,
+- ldns_buffer* rrset,
+- unsigned char* key,
+- size_t keylen)
+-{
+- EVP_PKEY *evp_key;
+- ldns_status result;
+-
+- evp_key = EVP_PKEY_new();
+- if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) {
+- result = ldns_verify_rrsig_evp_raw(sig,
+- siglen,
+- rrset,
+- evp_key,
+- EVP_md5());
+- } else {
+- result = LDNS_STATUS_SSL_ERR;
+- }
+- EVP_PKEY_free(evp_key);
+-
+- return result;
+-}
+-
+-#endif
+diff --git a/src/ldns/dnssec_zone.c b/src/ldns/dnssec_zone.c
+deleted file mode 100644
+index 0fec48c..0000000
+--- a/src/ldns/dnssec_zone.c
++++ /dev/null
+@@ -1,1192 +0,0 @@
+-/*
+- * special zone file structures and functions for better dnssec handling
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-ldns_dnssec_rrs *
+-ldns_dnssec_rrs_new(void)
+-{
+- ldns_dnssec_rrs *new_rrs;
+- new_rrs = LDNS_MALLOC(ldns_dnssec_rrs);
+- if(!new_rrs) return NULL;
+- new_rrs->rr = NULL;
+- new_rrs->next = NULL;
+- return new_rrs;
+-}
+-
+-INLINE void
+-ldns_dnssec_rrs_free_internal(ldns_dnssec_rrs *rrs, int deep)
+-{
+- ldns_dnssec_rrs *next;
+- while (rrs) {
+- next = rrs->next;
+- if (deep) {
+- ldns_rr_free(rrs->rr);
+- }
+- LDNS_FREE(rrs);
+- rrs = next;
+- }
+-}
+-
+-void
+-ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs)
+-{
+- ldns_dnssec_rrs_free_internal(rrs, 0);
+-}
+-
+-void
+-ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs)
+-{
+- ldns_dnssec_rrs_free_internal(rrs, 1);
+-}
+-
+-ldns_status
+-ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr)
+-{
+- int cmp;
+- ldns_dnssec_rrs *new_rrs;
+- if (!rrs || !rr) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* this could be done more efficiently; name and type should already
+- be equal */
+- cmp = ldns_rr_compare(rrs->rr, rr);
+- if (cmp < 0) {
+- if (rrs->next) {
+- return ldns_dnssec_rrs_add_rr(rrs->next, rr);
+- } else {
+- new_rrs = ldns_dnssec_rrs_new();
+- new_rrs->rr = rr;
+- rrs->next = new_rrs;
+- }
+- } else if (cmp > 0) {
+- /* put the current old rr in the new next, put the new
+- rr in the current container */
+- new_rrs = ldns_dnssec_rrs_new();
+- new_rrs->rr = rrs->rr;
+- new_rrs->next = rrs->next;
+- rrs->rr = rr;
+- rrs->next = new_rrs;
+- }
+- /* Silently ignore equal rr's */
+- return LDNS_STATUS_OK;
+-}
+-
+-void
+-ldns_dnssec_rrs_print_fmt(FILE *out, const ldns_output_format *fmt,
+- ldns_dnssec_rrs *rrs)
+-{
+- if (!rrs) {
+- if ((fmt->flags & LDNS_COMMENT_LAYOUT))
+- fprintf(out, "; <void>");
+- } else {
+- if (rrs->rr) {
+- ldns_rr_print_fmt(out, fmt, rrs->rr);
+- }
+- if (rrs->next) {
+- ldns_dnssec_rrs_print_fmt(out, fmt, rrs->next);
+- }
+- }
+-}
+-
+-void
+-ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs)
+-{
+- ldns_dnssec_rrs_print_fmt(out, ldns_output_format_default, rrs);
+-}
+-
+-
+-ldns_dnssec_rrsets *
+-ldns_dnssec_rrsets_new(void)
+-{
+- ldns_dnssec_rrsets *new_rrsets;
+- new_rrsets = LDNS_MALLOC(ldns_dnssec_rrsets);
+- if(!new_rrsets) return NULL;
+- new_rrsets->rrs = NULL;
+- new_rrsets->type = 0;
+- new_rrsets->signatures = NULL;
+- new_rrsets->next = NULL;
+- return new_rrsets;
+-}
+-
+-INLINE void
+-ldns_dnssec_rrsets_free_internal(ldns_dnssec_rrsets *rrsets, int deep)
+-{
+- if (rrsets) {
+- if (rrsets->rrs) {
+- ldns_dnssec_rrs_free_internal(rrsets->rrs, deep);
+- }
+- if (rrsets->next) {
+- ldns_dnssec_rrsets_free_internal(rrsets->next, deep);
+- }
+- if (rrsets->signatures) {
+- ldns_dnssec_rrs_free_internal(rrsets->signatures, deep);
+- }
+- LDNS_FREE(rrsets);
+- }
+-}
+-
+-void
+-ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets)
+-{
+- ldns_dnssec_rrsets_free_internal(rrsets, 0);
+-}
+-
+-void
+-ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets)
+-{
+- ldns_dnssec_rrsets_free_internal(rrsets, 1);
+-}
+-
+-ldns_rr_type
+-ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets)
+-{
+- if (rrsets) {
+- return rrsets->type;
+- } else {
+- return 0;
+- }
+-}
+-
+-ldns_status
+-ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets,
+- ldns_rr_type type)
+-{
+- if (rrsets) {
+- rrsets->type = type;
+- return LDNS_STATUS_OK;
+- }
+- return LDNS_STATUS_ERR;
+-}
+-
+-static ldns_dnssec_rrsets *
+-ldns_dnssec_rrsets_new_frm_rr(ldns_rr *rr)
+-{
+- ldns_dnssec_rrsets *new_rrsets;
+- ldns_rr_type rr_type;
+- bool rrsig;
+-
+- new_rrsets = ldns_dnssec_rrsets_new();
+- rr_type = ldns_rr_get_type(rr);
+- if (rr_type == LDNS_RR_TYPE_RRSIG) {
+- rrsig = true;
+- rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
+- } else {
+- rrsig = false;
+- }
+- if (!rrsig) {
+- new_rrsets->rrs = ldns_dnssec_rrs_new();
+- new_rrsets->rrs->rr = rr;
+- } else {
+- new_rrsets->signatures = ldns_dnssec_rrs_new();
+- new_rrsets->signatures->rr = rr;
+- }
+- new_rrsets->type = rr_type;
+- return new_rrsets;
+-}
+-
+-ldns_status
+-ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr)
+-{
+- ldns_dnssec_rrsets *new_rrsets;
+- ldns_rr_type rr_type;
+- bool rrsig = false;
+- ldns_status result = LDNS_STATUS_OK;
+-
+- if (!rrsets || !rr) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- rr_type = ldns_rr_get_type(rr);
+-
+- if (rr_type == LDNS_RR_TYPE_RRSIG) {
+- rrsig = true;
+- rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
+- }
+-
+- if (!rrsets->rrs && rrsets->type == 0 && !rrsets->signatures) {
+- if (!rrsig) {
+- rrsets->rrs = ldns_dnssec_rrs_new();
+- rrsets->rrs->rr = rr;
+- rrsets->type = rr_type;
+- } else {
+- rrsets->signatures = ldns_dnssec_rrs_new();
+- rrsets->signatures->rr = rr;
+- rrsets->type = rr_type;
+- }
+- return LDNS_STATUS_OK;
+- }
+-
+- if (rr_type > ldns_dnssec_rrsets_type(rrsets)) {
+- if (rrsets->next) {
+- result = ldns_dnssec_rrsets_add_rr(rrsets->next, rr);
+- } else {
+- new_rrsets = ldns_dnssec_rrsets_new_frm_rr(rr);
+- rrsets->next = new_rrsets;
+- }
+- } else if (rr_type < ldns_dnssec_rrsets_type(rrsets)) {
+- /* move the current one into the new next,
+- replace field of current with data from new rr */
+- new_rrsets = ldns_dnssec_rrsets_new();
+- new_rrsets->rrs = rrsets->rrs;
+- new_rrsets->type = rrsets->type;
+- new_rrsets->signatures = rrsets->signatures;
+- new_rrsets->next = rrsets->next;
+- if (!rrsig) {
+- rrsets->rrs = ldns_dnssec_rrs_new();
+- rrsets->rrs->rr = rr;
+- rrsets->signatures = NULL;
+- } else {
+- rrsets->rrs = NULL;
+- rrsets->signatures = ldns_dnssec_rrs_new();
+- rrsets->signatures->rr = rr;
+- }
+- rrsets->type = rr_type;
+- rrsets->next = new_rrsets;
+- } else {
+- /* equal, add to current rrsets */
+- if (rrsig) {
+- if (rrsets->signatures) {
+- result = ldns_dnssec_rrs_add_rr(rrsets->signatures, rr);
+- } else {
+- rrsets->signatures = ldns_dnssec_rrs_new();
+- rrsets->signatures->rr = rr;
+- }
+- } else {
+- if (rrsets->rrs) {
+- result = ldns_dnssec_rrs_add_rr(rrsets->rrs, rr);
+- } else {
+- rrsets->rrs = ldns_dnssec_rrs_new();
+- rrsets->rrs->rr = rr;
+- }
+- }
+- }
+-
+- return result;
+-}
+-
+-static void
+-ldns_dnssec_rrsets_print_soa_fmt(FILE *out, const ldns_output_format *fmt,
+- ldns_dnssec_rrsets *rrsets,
+- bool follow,
+- bool show_soa)
+-{
+- if (!rrsets) {
+- if ((fmt->flags & LDNS_COMMENT_LAYOUT))
+- fprintf(out, "; <void>\n");
+- } else {
+- if (rrsets->rrs &&
+- (show_soa ||
+- ldns_rr_get_type(rrsets->rrs->rr) != LDNS_RR_TYPE_SOA
+- )
+- ) {
+- ldns_dnssec_rrs_print_fmt(out, fmt, rrsets->rrs);
+- if (rrsets->signatures) {
+- ldns_dnssec_rrs_print_fmt(out, fmt,
+- rrsets->signatures);
+- }
+- }
+- if (follow && rrsets->next) {
+- ldns_dnssec_rrsets_print_soa_fmt(out, fmt,
+- rrsets->next, follow, show_soa);
+- }
+- }
+-}
+-
+-
+-void
+-ldns_dnssec_rrsets_print_fmt(FILE *out, const ldns_output_format *fmt,
+- ldns_dnssec_rrsets *rrsets,
+- bool follow)
+-{
+- ldns_dnssec_rrsets_print_soa_fmt(out, fmt, rrsets, follow, true);
+-}
+-
+-void
+-ldns_dnssec_rrsets_print(FILE *out, ldns_dnssec_rrsets *rrsets, bool follow)
+-{
+- ldns_dnssec_rrsets_print_fmt(out, ldns_output_format_default,
+- rrsets, follow);
+-}
+-
+-ldns_dnssec_name *
+-ldns_dnssec_name_new(void)
+-{
+- ldns_dnssec_name *new_name;
+-
+- new_name = LDNS_CALLOC(ldns_dnssec_name, 1);
+- if (!new_name) {
+- return NULL;
+- }
+- /*
+- * not needed anymore because CALLOC initalizes everything to zero.
+-
+- new_name->name = NULL;
+- new_name->rrsets = NULL;
+- new_name->name_alloced = false;
+- new_name->nsec = NULL;
+- new_name->nsec_signatures = NULL;
+-
+- new_name->is_glue = false;
+- new_name->hashed_name = NULL;
+-
+- */
+- return new_name;
+-}
+-
+-ldns_dnssec_name *
+-ldns_dnssec_name_new_frm_rr(ldns_rr *rr)
+-{
+- ldns_dnssec_name *new_name = ldns_dnssec_name_new();
+-
+- new_name->name = ldns_rr_owner(rr);
+- if(ldns_dnssec_name_add_rr(new_name, rr) != LDNS_STATUS_OK) {
+- ldns_dnssec_name_free(new_name);
+- return NULL;
+- }
+-
+- return new_name;
+-}
+-
+-INLINE void
+-ldns_dnssec_name_free_internal(ldns_dnssec_name *name,
+- int deep)
+-{
+- if (name) {
+- if (name->name_alloced) {
+- ldns_rdf_deep_free(name->name);
+- }
+- if (name->rrsets) {
+- ldns_dnssec_rrsets_free_internal(name->rrsets, deep);
+- }
+- if (name->nsec && deep) {
+- ldns_rr_free(name->nsec);
+- }
+- if (name->nsec_signatures) {
+- ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep);
+- }
+- if (name->hashed_name) {
+- if (deep) {
+- ldns_rdf_deep_free(name->hashed_name);
+- }
+- }
+- LDNS_FREE(name);
+- }
+-}
+-
+-void
+-ldns_dnssec_name_free(ldns_dnssec_name *name)
+-{
+- ldns_dnssec_name_free_internal(name, 0);
+-}
+-
+-void
+-ldns_dnssec_name_deep_free(ldns_dnssec_name *name)
+-{
+- ldns_dnssec_name_free_internal(name, 1);
+-}
+-
+-ldns_rdf *
+-ldns_dnssec_name_name(ldns_dnssec_name *name)
+-{
+- if (name) {
+- return name->name;
+- }
+- return NULL;
+-}
+-
+-bool
+-ldns_dnssec_name_is_glue(ldns_dnssec_name *name)
+-{
+- if (name) {
+- return name->is_glue;
+- }
+- return false;
+-}
+-
+-void
+-ldns_dnssec_name_set_name(ldns_dnssec_name *rrset,
+- ldns_rdf *dname)
+-{
+- if (rrset && dname) {
+- rrset->name = dname;
+- }
+-}
+-
+-
+-void
+-ldns_dnssec_name_set_nsec(ldns_dnssec_name *rrset, ldns_rr *nsec)
+-{
+- if (rrset && nsec) {
+- rrset->nsec = nsec;
+- }
+-}
+-
+-int
+-ldns_dnssec_name_cmp(const void *a, const void *b)
+-{
+- ldns_dnssec_name *na = (ldns_dnssec_name *) a;
+- ldns_dnssec_name *nb = (ldns_dnssec_name *) b;
+-
+- if (na && nb) {
+- return ldns_dname_compare(ldns_dnssec_name_name(na),
+- ldns_dnssec_name_name(nb));
+- } else if (na) {
+- return 1;
+- } else if (nb) {
+- return -1;
+- } else {
+- return 0;
+- }
+-}
+-
+-ldns_status
+-ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
+- ldns_rr *rr)
+-{
+- ldns_status result = LDNS_STATUS_OK;
+- ldns_rr_type rr_type;
+- ldns_rr_type typecovered = 0;
+-
+- /* special handling for NSEC3 and NSECX covering RRSIGS */
+-
+- if (!name || !rr) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- rr_type = ldns_rr_get_type(rr);
+-
+- if (rr_type == LDNS_RR_TYPE_RRSIG) {
+- typecovered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
+- }
+-
+- if (rr_type == LDNS_RR_TYPE_NSEC ||
+- rr_type == LDNS_RR_TYPE_NSEC3) {
+- /* XX check if is already set (and error?) */
+- name->nsec = rr;
+- } else if (typecovered == LDNS_RR_TYPE_NSEC ||
+- typecovered == LDNS_RR_TYPE_NSEC3) {
+- if (name->nsec_signatures) {
+- result = ldns_dnssec_rrs_add_rr(name->nsec_signatures, rr);
+- } else {
+- name->nsec_signatures = ldns_dnssec_rrs_new();
+- name->nsec_signatures->rr = rr;
+- }
+- } else {
+- /* it's a 'normal' RR, add it to the right rrset */
+- if (name->rrsets) {
+- result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr);
+- } else {
+- name->rrsets = ldns_dnssec_rrsets_new();
+- result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr);
+- }
+- }
+- return result;
+-}
+-
+-ldns_dnssec_rrsets *
+-ldns_dnssec_name_find_rrset(ldns_dnssec_name *name,
+- ldns_rr_type type) {
+- ldns_dnssec_rrsets *result;
+-
+- result = name->rrsets;
+- while (result) {
+- if (result->type == type) {
+- return result;
+- } else {
+- result = result->next;
+- }
+- }
+- return NULL;
+-}
+-
+-ldns_dnssec_rrsets *
+-ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone,
+- ldns_rdf *dname,
+- ldns_rr_type type)
+-{
+- ldns_rbnode_t *node;
+-
+- if (!zone || !dname || !zone->names) {
+- return NULL;
+- }
+-
+- node = ldns_rbtree_search(zone->names, dname);
+- if (node) {
+- return ldns_dnssec_name_find_rrset((ldns_dnssec_name *)node->data,
+- type);
+- } else {
+- return NULL;
+- }
+-}
+-
+-static void
+-ldns_dnssec_name_print_soa_fmt(FILE *out, const ldns_output_format *fmt,
+- ldns_dnssec_name *name,
+- bool show_soa)
+-{
+- if (name) {
+- if(name->rrsets) {
+- ldns_dnssec_rrsets_print_soa_fmt(out, fmt,
+- name->rrsets, true, show_soa);
+- } else if ((fmt->flags & LDNS_COMMENT_LAYOUT)) {
+- fprintf(out, ";; Empty nonterminal: ");
+- ldns_rdf_print(out, name->name);
+- fprintf(out, "\n");
+- }
+- if(name->nsec) {
+- ldns_rr_print_fmt(out, fmt, name->nsec);
+- }
+- if (name->nsec_signatures) {
+- ldns_dnssec_rrs_print_fmt(out, fmt,
+- name->nsec_signatures);
+- }
+- } else if ((fmt->flags & LDNS_COMMENT_LAYOUT)) {
+- fprintf(out, "; <void>\n");
+- }
+-}
+-
+-
+-void
+-ldns_dnssec_name_print_fmt(FILE *out, const ldns_output_format *fmt,
+- ldns_dnssec_name *name)
+-{
+- ldns_dnssec_name_print_soa_fmt(out, fmt, name, true);
+-}
+-
+-void
+-ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name)
+-{
+- ldns_dnssec_name_print_fmt(out, ldns_output_format_default, name);
+-}
+-
+-
+-ldns_dnssec_zone *
+-ldns_dnssec_zone_new(void)
+-{
+- ldns_dnssec_zone *zone = LDNS_MALLOC(ldns_dnssec_zone);
+- if(!zone) return NULL;
+- zone->soa = NULL;
+- zone->names = NULL;
+- zone->hashed_names = NULL;
+- zone->_nsec3params = NULL;
+-
+- return zone;
+-}
+-
+-static bool
+-rr_is_rrsig_covering(ldns_rr* rr, ldns_rr_type t)
+-{
+- return ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG
+- && ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)) == t;
+-}
+-
+-/* When the zone is first read into an list and then inserted into an
+- * ldns_dnssec_zone (rbtree) the nodes of the rbtree are allocated close (next)
+- * to each other. Because ldns-verify-zone (the only program that uses this
+- * function) uses the rbtree mostly for sequentual walking, this results
+- * in a speed increase (of 15% on linux) because we have less CPU-cache misses.
+- */
+-#define FASTER_DNSSEC_ZONE_NEW_FRM_FP 1 /* Because of L2 cache efficiency */
+-
+-static ldns_status
+-ldns_dnssec_zone_add_empty_nonterminals_nsec3(
+- ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s);
+-
+-static void
+-ldns_todo_nsec3_ents_node_free(ldns_rbnode_t *node, void *arg) {
+- (void) arg;
+- ldns_rdf_deep_free((ldns_rdf *)node->key);
+- LDNS_FREE(node);
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin,
+- uint32_t ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr)
+-{
+- ldns_rr* cur_rr;
+- size_t i;
+-
+- ldns_rdf *my_origin = NULL;
+- ldns_rdf *my_prev = NULL;
+-
+- ldns_dnssec_zone *newzone = ldns_dnssec_zone_new();
+- /* NSEC3s may occur before the names they refer to. We must remember
+- them and add them to the name later on, after the name is read.
+- We track not yet matching NSEC3s*n the todo_nsec3s list */
+- ldns_rr_list* todo_nsec3s = ldns_rr_list_new();
+- /* when reading NSEC3s, there is a chance that we encounter nsecs
+- for empty nonterminals, whose nonterminals we cannot derive yet
+- because the needed information is to be read later.
+-
+- nsec3_ents (where ent is e.n.t.; i.e. empty non terminal) will
+- hold the NSEC3s that still didn't have a matching name in the
+- zone tree, even after all names were read. They can only match
+- after the zone is equiped with all the empty non terminals. */
+- ldns_rbtree_t todo_nsec3_ents;
+- ldns_rbnode_t *new_node;
+- ldns_rr_list* todo_nsec3_rrsigs = ldns_rr_list_new();
+-
+- ldns_status status;
+-
+-#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
+- ldns_zone* zone = NULL;
+-#else
+- uint32_t my_ttl = ttl;
+-#endif
+-
+- ldns_rbtree_init(&todo_nsec3_ents, ldns_dname_compare_v);
+-
+-#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
+- status = ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr);
+- if (status != LDNS_STATUS_OK)
+- goto error;
+-#endif
+- if (!newzone || !todo_nsec3s || !todo_nsec3_rrsigs ) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto error;
+- }
+- if (origin) {
+- if (!(my_origin = ldns_rdf_clone(origin))) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto error;
+- }
+- if (!(my_prev = ldns_rdf_clone(origin))) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto error;
+- }
+- }
+-
+-#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
+- if (ldns_zone_soa(zone)) {
+- status = ldns_dnssec_zone_add_rr(newzone, ldns_zone_soa(zone));
+- if (status != LDNS_STATUS_OK)
+- goto error;
+- }
+- for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) {
+- cur_rr = ldns_rr_list_rr(ldns_zone_rrs(zone), i);
+- status = LDNS_STATUS_OK;
+-#else
+- while (!feof(fp)) {
+- status = ldns_rr_new_frm_fp_l(&cur_rr, fp, &my_ttl, &my_origin,
+- &my_prev, line_nr);
+-
+-#endif
+- switch (status) {
+- case LDNS_STATUS_OK:
+-
+- status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
+- if (status ==
+- LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) {
+-
+- if (rr_is_rrsig_covering(cur_rr,
+- LDNS_RR_TYPE_NSEC3)){
+- ldns_rr_list_push_rr(todo_nsec3_rrsigs,
+- cur_rr);
+- } else {
+- ldns_rr_list_push_rr(todo_nsec3s,
+- cur_rr);
+- }
+- status = LDNS_STATUS_OK;
+-
+- } else if (status != LDNS_STATUS_OK)
+- goto error;
+-
+- break;
+-
+-
+- case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */
+- case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/
+- case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/
+- status = LDNS_STATUS_OK;
+- break;
+-
+- case LDNS_STATUS_SYNTAX_INCLUDE:/* $include not implemented */
+- status = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL;
+- break;
+-
+- default:
+- goto error;
+- }
+- }
+-
+- for (i = 0; status == LDNS_STATUS_OK &&
+- i < ldns_rr_list_rr_count(todo_nsec3s); i++) {
+- cur_rr = ldns_rr_list_rr(todo_nsec3s, i);
+- status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
+- if (status == LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) {
+- if (!(new_node = LDNS_MALLOC(ldns_rbnode_t))) {
+- status = LDNS_STATUS_MEM_ERR;
+- break;
+- }
+- new_node->key = ldns_dname_label(ldns_rr_owner(cur_rr), 0);
+- new_node->data = cur_rr;
+- if (!ldns_rbtree_insert(&todo_nsec3_ents, new_node)) {
+- LDNS_FREE(new_node);
+- status = LDNS_STATUS_MEM_ERR;
+- break;
+- }
+- status = LDNS_STATUS_OK;
+- }
+- }
+- if (todo_nsec3_ents.count > 0)
+- (void) ldns_dnssec_zone_add_empty_nonterminals_nsec3(
+- newzone, &todo_nsec3_ents);
+- for (i = 0; status == LDNS_STATUS_OK &&
+- i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++) {
+- cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i);
+- status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
+- }
+- if (z) {
+- *z = newzone;
+- newzone = NULL;
+- } else {
+- ldns_dnssec_zone_free(newzone);
+- }
+-
+-error:
+-#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
+- if (zone) {
+- ldns_zone_free(zone);
+- }
+-#endif
+- ldns_rr_list_free(todo_nsec3_rrsigs);
+- ldns_traverse_postorder(&todo_nsec3_ents,
+- ldns_todo_nsec3_ents_node_free, NULL);
+- ldns_rr_list_free(todo_nsec3s);
+-
+- if (my_origin) {
+- ldns_rdf_deep_free(my_origin);
+- }
+- if (my_prev) {
+- ldns_rdf_deep_free(my_prev);
+- }
+- if (newzone) {
+- ldns_dnssec_zone_free(newzone);
+- }
+- return status;
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin,
+- uint32_t ttl, ldns_rr_class ATTR_UNUSED(c))
+-{
+- return ldns_dnssec_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL);
+-}
+-
+-static void
+-ldns_dnssec_name_node_free(ldns_rbnode_t *node, void *arg) {
+- (void) arg;
+- ldns_dnssec_name_free((ldns_dnssec_name *)node->data);
+- LDNS_FREE(node);
+-}
+-
+-static void
+-ldns_dnssec_name_node_deep_free(ldns_rbnode_t *node, void *arg) {
+- (void) arg;
+- ldns_dnssec_name_deep_free((ldns_dnssec_name *)node->data);
+- LDNS_FREE(node);
+-}
+-
+-void
+-ldns_dnssec_zone_free(ldns_dnssec_zone *zone)
+-{
+- if (zone) {
+- if (zone->names) {
+- /* destroy all name structures within the tree */
+- ldns_traverse_postorder(zone->names,
+- ldns_dnssec_name_node_free,
+- NULL);
+- LDNS_FREE(zone->names);
+- }
+- LDNS_FREE(zone);
+- }
+-}
+-
+-void
+-ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone)
+-{
+- if (zone) {
+- if (zone->names) {
+- /* destroy all name structures within the tree */
+- ldns_traverse_postorder(zone->names,
+- ldns_dnssec_name_node_deep_free,
+- NULL);
+- LDNS_FREE(zone->names);
+- }
+- LDNS_FREE(zone);
+- }
+-}
+-
+-/* use for dname comparison in tree */
+-int
+-ldns_dname_compare_v(const void *a, const void *b) {
+- return ldns_dname_compare((ldns_rdf *)a, (ldns_rdf *)b);
+-}
+-
+-static void
+-ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone,
+- ldns_dnssec_name* name, ldns_rr* nsec3rr);
+-
+-static void
+-ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) {
+- (void) arg;
+- LDNS_FREE(node);
+-}
+-
+-static void
+-ldns_dnssec_zone_hashed_names_from_nsec3(
+- ldns_dnssec_zone* zone, ldns_rr* nsec3rr)
+-{
+- ldns_rbnode_t* current_node;
+- ldns_dnssec_name* current_name;
+-
+- assert(zone != NULL);
+- assert(nsec3rr != NULL);
+-
+- if (zone->hashed_names) {
+- ldns_traverse_postorder(zone->hashed_names,
+- ldns_hashed_names_node_free, NULL);
+- LDNS_FREE(zone->hashed_names);
+- }
+- zone->_nsec3params = nsec3rr;
+-
+- /* So this is a NSEC3 zone.
+- * Calculate hashes for all names already in the zone
+- */
+- zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v);
+- if (zone->hashed_names == NULL) {
+- return;
+- }
+- for ( current_node = ldns_rbtree_first(zone->names)
+- ; current_node != LDNS_RBTREE_NULL
+- ; current_node = ldns_rbtree_next(current_node)
+- ) {
+- current_name = (ldns_dnssec_name *) current_node->data;
+- ldns_dnssec_name_make_hashed_name(zone, current_name, nsec3rr);
+-
+- }
+-}
+-
+-static void
+-ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone,
+- ldns_dnssec_name* name, ldns_rr* nsec3rr)
+-{
+- ldns_rbnode_t* new_node;
+-
+- assert(name != NULL);
+- if (! zone->_nsec3params) {
+- if (! nsec3rr) {
+- return;
+- }
+- ldns_dnssec_zone_hashed_names_from_nsec3(zone, nsec3rr);
+-
+- } else if (! nsec3rr) {
+- nsec3rr = zone->_nsec3params;
+- }
+- name->hashed_name = ldns_nsec3_hash_name_frm_nsec3(nsec3rr, name->name);
+-
+- /* Also store in zone->hashed_names */
+- if ((new_node = LDNS_MALLOC(ldns_rbnode_t))) {
+-
+- new_node->key = name->hashed_name;
+- new_node->data = name;
+-
+- if (ldns_rbtree_insert(zone->hashed_names, new_node) == NULL) {
+-
+- LDNS_FREE(new_node);
+- }
+- }
+-}
+-
+-
+-static ldns_rbnode_t *
+-ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone, ldns_rr *rr) {
+- ldns_rdf *hashed_name;
+-
+- hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0);
+- if (hashed_name == NULL) {
+- return NULL;
+- }
+- if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 && ! zone->_nsec3params){
+-
+- ldns_dnssec_zone_hashed_names_from_nsec3(zone, rr);
+- }
+- if (zone->hashed_names == NULL) {
+- ldns_rdf_deep_free(hashed_name);
+- return NULL;
+- }
+- return ldns_rbtree_search(zone->hashed_names, hashed_name);
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
+-{
+- ldns_status result = LDNS_STATUS_OK;
+- ldns_dnssec_name *cur_name;
+- ldns_rbnode_t *cur_node;
+- ldns_rr_type type_covered = 0;
+-
+- if (!zone || !rr) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (!zone->names) {
+- zone->names = ldns_rbtree_create(ldns_dname_compare_v);
+- if(!zone->names) return LDNS_STATUS_MEM_ERR;
+- }
+-
+- /* we need the original of the hashed name if this is
+- an NSEC3, or an RRSIG that covers an NSEC3 */
+- if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) {
+- type_covered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
+- }
+- if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 ||
+- type_covered == LDNS_RR_TYPE_NSEC3) {
+- cur_node = ldns_dnssec_zone_find_nsec3_original(zone, rr);
+- if (!cur_node) {
+- return LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND;
+- }
+- } else {
+- cur_node = ldns_rbtree_search(zone->names, ldns_rr_owner(rr));
+- }
+- if (!cur_node) {
+- /* add */
+- cur_name = ldns_dnssec_name_new_frm_rr(rr);
+- if(!cur_name) return LDNS_STATUS_MEM_ERR;
+- cur_node = LDNS_MALLOC(ldns_rbnode_t);
+- if(!cur_node) {
+- ldns_dnssec_name_free(cur_name);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- cur_node->key = ldns_rr_owner(rr);
+- cur_node->data = cur_name;
+- (void)ldns_rbtree_insert(zone->names, cur_node);
+- ldns_dnssec_name_make_hashed_name(zone, cur_name, NULL);
+- } else {
+- cur_name = (ldns_dnssec_name *) cur_node->data;
+- result = ldns_dnssec_name_add_rr(cur_name, rr);
+- }
+- if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
+- zone->soa = cur_name;
+- }
+- return result;
+-}
+-
+-void
+-ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt,
+- ldns_rbtree_t *tree,
+- bool print_soa)
+-{
+- ldns_rbnode_t *node;
+- ldns_dnssec_name *name;
+-
+- node = ldns_rbtree_first(tree);
+- while (node != LDNS_RBTREE_NULL) {
+- name = (ldns_dnssec_name *) node->data;
+- ldns_dnssec_name_print_soa_fmt(out, fmt, name, print_soa);
+- if ((fmt->flags & LDNS_COMMENT_LAYOUT))
+- fprintf(out, ";\n");
+- node = ldns_rbtree_next(node);
+- }
+-}
+-
+-void
+-ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa)
+-{
+- ldns_dnssec_zone_names_print_fmt(out, ldns_output_format_default,
+- tree, print_soa);
+-}
+-
+-void
+-ldns_dnssec_zone_print_fmt(FILE *out, const ldns_output_format *fmt,
+- ldns_dnssec_zone *zone)
+-{
+- if (zone) {
+- if (zone->soa) {
+- if ((fmt->flags & LDNS_COMMENT_LAYOUT)) {
+- fprintf(out, ";; Zone: ");
+- ldns_rdf_print(out, ldns_dnssec_name_name(
+- zone->soa));
+- fprintf(out, "\n;\n");
+- }
+- ldns_dnssec_rrsets_print_fmt(out, fmt,
+- ldns_dnssec_name_find_rrset(
+- zone->soa,
+- LDNS_RR_TYPE_SOA),
+- false);
+- if ((fmt->flags & LDNS_COMMENT_LAYOUT))
+- fprintf(out, ";\n");
+- }
+-
+- if (zone->names) {
+- ldns_dnssec_zone_names_print_fmt(out, fmt,
+- zone->names, false);
+- }
+- }
+-}
+-
+-void
+-ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone)
+-{
+- ldns_dnssec_zone_print_fmt(out, ldns_output_format_default, zone);
+-}
+-
+-static ldns_status
+-ldns_dnssec_zone_add_empty_nonterminals_nsec3(
+- ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s)
+-{
+- ldns_dnssec_name *new_name;
+- ldns_rdf *cur_name;
+- ldns_rdf *next_name;
+- ldns_rbnode_t *cur_node, *next_node, *new_node;
+-
+- /* for the detection */
+- uint16_t i, cur_label_count, next_label_count;
+- uint16_t soa_label_count = 0;
+- ldns_rdf *l1, *l2;
+- int lpos;
+-
+- if (!zone) {
+- return LDNS_STATUS_ERR;
+- }
+- if (zone->soa && zone->soa->name) {
+- soa_label_count = ldns_dname_label_count(zone->soa->name);
+- }
+-
+- cur_node = ldns_rbtree_first(zone->names);
+- while (cur_node != LDNS_RBTREE_NULL) {
+- next_node = ldns_rbtree_next(cur_node);
+-
+- /* skip glue */
+- while (next_node != LDNS_RBTREE_NULL &&
+- next_node->data &&
+- ((ldns_dnssec_name *)next_node->data)->is_glue
+- ) {
+- next_node = ldns_rbtree_next(next_node);
+- }
+-
+- if (next_node == LDNS_RBTREE_NULL) {
+- next_node = ldns_rbtree_first(zone->names);
+- }
+- if (! cur_node->data || ! next_node->data) {
+- return LDNS_STATUS_ERR;
+- }
+- cur_name = ((ldns_dnssec_name *)cur_node->data)->name;
+- next_name = ((ldns_dnssec_name *)next_node->data)->name;
+- cur_label_count = ldns_dname_label_count(cur_name);
+- next_label_count = ldns_dname_label_count(next_name);
+-
+- /* Since the names are in canonical order, we can
+- * recognize empty non-terminals by their labels;
+- * every label after the first one on the next owner
+- * name is a non-terminal if it either does not exist
+- * in the current name or is different from the same
+- * label in the current name (counting from the end)
+- */
+- for (i = 1; i < next_label_count - soa_label_count; i++) {
+- lpos = (int)cur_label_count - (int)next_label_count + (int)i;
+- if (lpos >= 0) {
+- l1 = ldns_dname_clone_from(cur_name, (uint8_t)lpos);
+- } else {
+- l1 = NULL;
+- }
+- l2 = ldns_dname_clone_from(next_name, i);
+-
+- if (!l1 || ldns_dname_compare(l1, l2) != 0) {
+- /* We have an empty nonterminal, add it to the
+- * tree
+- */
+- ldns_rbnode_t *node = NULL;
+- ldns_rdf *ent_name;
+-
+- if (!(ent_name = ldns_dname_clone_from(
+- next_name, i)))
+- return LDNS_STATUS_MEM_ERR;
+-
+- if (nsec3s && zone->_nsec3params) {
+- ldns_rdf *ent_hashed_name;
+-
+- if (!(ent_hashed_name =
+- ldns_nsec3_hash_name_frm_nsec3(
+- zone->_nsec3params,
+- ent_name)))
+- return LDNS_STATUS_MEM_ERR;
+- node = ldns_rbtree_search(nsec3s,
+- ent_hashed_name);
+- if (!node) {
+- ldns_rdf_deep_free(l1);
+- ldns_rdf_deep_free(l2);
+- continue;
+- }
+- }
+- new_name = ldns_dnssec_name_new();
+- if (!new_name) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- new_name->name = ent_name;
+- if (!new_name->name) {
+- ldns_dnssec_name_free(new_name);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- new_name->name_alloced = true;
+- new_node = LDNS_MALLOC(ldns_rbnode_t);
+- if (!new_node) {
+- ldns_dnssec_name_free(new_name);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- new_node->key = new_name->name;
+- new_node->data = new_name;
+- (void)ldns_rbtree_insert(zone->names, new_node);
+- ldns_dnssec_name_make_hashed_name(
+- zone, new_name, NULL);
+- if (node)
+- (void) ldns_dnssec_zone_add_rr(zone,
+- (ldns_rr *)node->data);
+- }
+- ldns_rdf_deep_free(l1);
+- ldns_rdf_deep_free(l2);
+- }
+-
+- /* we might have inserted a new node after
+- * the current one so we can't just use next()
+- */
+- if (next_node != ldns_rbtree_first(zone->names)) {
+- cur_node = next_node;
+- } else {
+- cur_node = LDNS_RBTREE_NULL;
+- }
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
+-{
+- return ldns_dnssec_zone_add_empty_nonterminals_nsec3(zone, NULL);
+-}
+-
+-bool
+-ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone)
+-{
+- ldns_rr* nsec3;
+- ldns_rbnode_t* node;
+-
+- if (ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_NSEC3PARAM)) {
+- node = ldns_rbtree_first(zone->names);
+- while (node != LDNS_RBTREE_NULL) {
+- nsec3 = ((ldns_dnssec_name*)node->data)->nsec;
+- if (nsec3 &&ldns_rr_get_type(nsec3)
+- == LDNS_RR_TYPE_NSEC3 &&
+- ldns_nsec3_optout(nsec3)) {
+- return true;
+- }
+- node = ldns_rbtree_next(node);
+- }
+- }
+- return false;
+-}
+diff --git a/src/ldns/duration.c b/src/ldns/duration.c
+deleted file mode 100644
+index 6d0a388..0000000
+--- a/src/ldns/duration.c
++++ /dev/null
+@@ -1,354 +0,0 @@
+-/*
+- * $Id: duration.c 4518 2011-02-24 15:39:09Z matthijs $
+- *
+- * Copyright (c) 2009 NLNet Labs. All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+- * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+- * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+- * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+- *
+- */
+-
+-/**
+- *
+- * This file is copied from the OpenDNSSEC source repository
+- * and only slightly adapted to make it fit.
+- */
+-
+-/**
+- *
+- * Durations.
+- */
+-
+-#include <ldns/config.h>
+-#include <ldns/duration.h>
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <string.h>
+-#include <time.h>
+-
+-
+-/**
+- * Create a new 'instant' duration.
+- *
+- */
+-ldns_duration_type*
+-ldns_duration_create(void)
+-{
+- ldns_duration_type* duration;
+-
+- duration = malloc(sizeof(ldns_duration_type));
+- if (!duration) {
+- return NULL;
+- }
+- duration->years = 0;
+- duration->months = 0;
+- duration->weeks = 0;
+- duration->days = 0;
+- duration->hours = 0;
+- duration->minutes = 0;
+- duration->seconds = 0;
+- return duration;
+-}
+-
+-
+-/**
+- * Compare durations.
+- *
+- */
+-int
+-ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2)
+-{
+- if (!d1 && !d2) {
+- return 0;
+- }
+- if (!d1 || !d2) {
+- return d1?-1:1;
+- }
+-
+- if (d1->years != d2->years) {
+- return (int) (d1->years - d2->years);
+- }
+- if (d1->months != d2->months) {
+- return (int) (d1->months - d2->months);
+- }
+- if (d1->weeks != d2->weeks) {
+- return (int) (d1->weeks - d2->weeks);
+- }
+- if (d1->days != d2->days) {
+- return (int) (d1->days - d2->days);
+- }
+- if (d1->hours != d2->hours) {
+- return (int) (d1->hours - d2->hours);
+- }
+- if (d1->minutes != d2->minutes) {
+- return (int) (d1->minutes - d2->minutes);
+- }
+- if (d1->seconds != d2->seconds) {
+- return (int) (d1->seconds - d2->seconds);
+- }
+-
+- return 0;
+-}
+-
+-
+-/**
+- * Create a duration from string.
+- *
+- */
+-ldns_duration_type*
+-ldns_duration_create_from_string(const char* str)
+-{
+- ldns_duration_type* duration = ldns_duration_create();
+- char* P, *X, *T, *W;
+- int not_weeks = 0;
+-
+- if (!duration) {
+- return NULL;
+- }
+- if (!str) {
+- return duration;
+- }
+-
+- P = strchr(str, 'P');
+- if (!P) {
+- ldns_duration_cleanup(duration);
+- return NULL;
+- }
+-
+- T = strchr(str, 'T');
+- X = strchr(str, 'Y');
+- if (X) {
+- duration->years = (time_t) atoi(str+1);
+- str = X;
+- not_weeks = 1;
+- }
+- X = strchr(str, 'M');
+- if (X && (!T || (size_t) (X-P) < (size_t) (T-P))) {
+- duration->months = (time_t) atoi(str+1);
+- str = X;
+- not_weeks = 1;
+- }
+- X = strchr(str, 'D');
+- if (X) {
+- duration->days = (time_t) atoi(str+1);
+- str = X;
+- not_weeks = 1;
+- }
+- if (T) {
+- str = T;
+- not_weeks = 1;
+- }
+- X = strchr(str, 'H');
+- if (X && T) {
+- duration->hours = (time_t) atoi(str+1);
+- str = X;
+- not_weeks = 1;
+- }
+- X = strrchr(str, 'M');
+- if (X && T && (size_t) (X-P) > (size_t) (T-P)) {
+- duration->minutes = (time_t) atoi(str+1);
+- str = X;
+- not_weeks = 1;
+- }
+- X = strchr(str, 'S');
+- if (X && T) {
+- duration->seconds = (time_t) atoi(str+1);
+- str = X;
+- not_weeks = 1;
+- }
+-
+- W = strchr(str, 'W');
+- if (W) {
+- if (not_weeks) {
+- ldns_duration_cleanup(duration);
+- return NULL;
+- } else {
+- duration->weeks = (time_t) atoi(str+1);
+- str = W;
+- }
+- }
+- return duration;
+-}
+-
+-
+-/**
+- * Get the number of digits in a number.
+- *
+- */
+-static size_t
+-digits_in_number(time_t duration)
+-{
+- uint32_t period = (uint32_t) duration;
+- size_t count = 0;
+-
+- while (period > 0) {
+- count++;
+- period /= 10;
+- }
+- return count;
+-}
+-
+-
+-/**
+- * Convert a duration to a string.
+- *
+- */
+-char*
+-ldns_duration2string(ldns_duration_type* duration)
+-{
+- char* str = NULL, *num = NULL;
+- size_t count = 2;
+- int T = 0;
+-
+- if (!duration) {
+- return NULL;
+- }
+-
+- if (duration->years > 0) {
+- count = count + 1 + digits_in_number(duration->years);
+- }
+- if (duration->months > 0) {
+- count = count + 1 + digits_in_number(duration->months);
+- }
+- if (duration->weeks > 0) {
+- count = count + 1 + digits_in_number(duration->weeks);
+- }
+- if (duration->days > 0) {
+- count = count + 1 + digits_in_number(duration->days);
+- }
+- if (duration->hours > 0) {
+- count = count + 1 + digits_in_number(duration->hours);
+- T = 1;
+- }
+- if (duration->minutes > 0) {
+- count = count + 1 + digits_in_number(duration->minutes);
+- T = 1;
+- }
+- if (duration->seconds > 0) {
+- count = count + 1 + digits_in_number(duration->seconds);
+- T = 1;
+- }
+- if (T) {
+- count++;
+- }
+-
+- str = (char*) calloc(count, sizeof(char));
+- str[0] = 'P';
+- str[1] = '\0';
+-
+- if (duration->years > 0) {
+- count = digits_in_number(duration->years);
+- num = (char*) calloc(count+2, sizeof(char));
+- snprintf(num, count+2, "%uY", (unsigned int) duration->years);
+- str = strncat(str, num, count+2);
+- free((void*) num);
+- }
+- if (duration->months > 0) {
+- count = digits_in_number(duration->months);
+- num = (char*) calloc(count+2, sizeof(char));
+- snprintf(num, count+2, "%uM", (unsigned int) duration->months);
+- str = strncat(str, num, count+2);
+- free((void*) num);
+- }
+- if (duration->weeks > 0) {
+- count = digits_in_number(duration->weeks);
+- num = (char*) calloc(count+2, sizeof(char));
+- snprintf(num, count+2, "%uW", (unsigned int) duration->weeks);
+- str = strncat(str, num, count+2);
+- free((void*) num);
+- }
+- if (duration->days > 0) {
+- count = digits_in_number(duration->days);
+- num = (char*) calloc(count+2, sizeof(char));
+- snprintf(num, count+2, "%uD", (unsigned int) duration->days);
+- str = strncat(str, num, count+2);
+- free((void*) num);
+- }
+- if (T) {
+- str = strncat(str, "T", 1);
+- }
+- if (duration->hours > 0) {
+- count = digits_in_number(duration->hours);
+- num = (char*) calloc(count+2, sizeof(char));
+- snprintf(num, count+2, "%uH", (unsigned int) duration->hours);
+- str = strncat(str, num, count+2);
+- free((void*) num);
+- }
+- if (duration->minutes > 0) {
+- count = digits_in_number(duration->minutes);
+- num = (char*) calloc(count+2, sizeof(char));
+- snprintf(num, count+2, "%uM", (unsigned int) duration->minutes);
+- str = strncat(str, num, count+2);
+- free((void*) num);
+- }
+- if (duration->seconds > 0) {
+- count = digits_in_number(duration->seconds);
+- num = (char*) calloc(count+2, sizeof(char));
+- snprintf(num, count+2, "%uS", (unsigned int) duration->seconds);
+- str = strncat(str, num, count+2);
+- free((void*) num);
+- }
+- return str;
+-}
+-
+-
+-/**
+- * Convert a duration to a time.
+- *
+- */
+-time_t
+-ldns_duration2time(ldns_duration_type* duration)
+-{
+- time_t period = 0;
+-
+- if (duration) {
+- period += (duration->seconds);
+- period += (duration->minutes)*60;
+- period += (duration->hours)*3600;
+- period += (duration->days)*86400;
+- period += (duration->weeks)*86400*7;
+- period += (duration->months)*86400*31;
+- period += (duration->years)*86400*365;
+-
+- /* [TODO] calculate correct number of days in this month/year */
+- /*
+- if (duration->months || duration->years) {
+- }
+- */
+- }
+- return period;
+-}
+-
+-
+-/**
+- * Clean up duration.
+- *
+- */
+-void
+-ldns_duration_cleanup(ldns_duration_type* duration)
+-{
+- if (!duration) {
+- return;
+- }
+- free(duration);
+- return;
+-}
+diff --git a/src/ldns/error.c b/src/ldns/error.c
+deleted file mode 100644
+index 82ea61a..0000000
+--- a/src/ldns/error.c
++++ /dev/null
+@@ -1,160 +0,0 @@
+-/*
+- * a error2str function to make sense of all the
+- * error codes we have laying ardoun
+- *
+- * a Net::DNS like library for C
+- * LibDNS Team @ NLnet Labs
+- * (c) NLnet Labs, 2005-2006
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-ldns_lookup_table ldns_error_str[] = {
+- { LDNS_STATUS_OK, "All OK" },
+- { LDNS_STATUS_EMPTY_LABEL, "Empty label" },
+- { LDNS_STATUS_LABEL_OVERFLOW, "Label length overflow" },
+- { LDNS_STATUS_DOMAINNAME_OVERFLOW, "Domainname length overflow" },
+- { LDNS_STATUS_DOMAINNAME_UNDERFLOW, "Domainname length underflow (zero length)" },
+- { LDNS_STATUS_DDD_OVERFLOW, "\\DDD sequence overflow (>255)" },
+- { LDNS_STATUS_PACKET_OVERFLOW, "Packet size overflow" },
+- { LDNS_STATUS_INVALID_POINTER, "Invalid compression pointer" },
+- { LDNS_STATUS_MEM_ERR, "General memory error" },
+- { LDNS_STATUS_INTERNAL_ERR, "Internal error, this should not happen" },
+- { LDNS_STATUS_SSL_ERR, "Error in SSL library" },
+- { LDNS_STATUS_ERR, "General LDNS error" },
+- { LDNS_STATUS_INVALID_INT, "Conversion error, integer expected" },
+- { LDNS_STATUS_INVALID_IP4, "Conversion error, ip4 addr expected" },
+- { LDNS_STATUS_INVALID_IP6, "Conversion error, ip6 addr expected" },
+- { LDNS_STATUS_INVALID_STR, "Conversion error, string expected" },
+- { LDNS_STATUS_INVALID_B32_EXT, "Conversion error, b32 ext encoding expected" },
+- { LDNS_STATUS_INVALID_B64, "Conversion error, b64 encoding expected" },
+- { LDNS_STATUS_INVALID_HEX, "Conversion error, hex encoding expected" },
+- { LDNS_STATUS_INVALID_TIME, "Conversion error, time encoding expected" },
+- { LDNS_STATUS_NETWORK_ERR, "Could not send or receive, because of network error" },
+- { LDNS_STATUS_ADDRESS_ERR, "Could not start AXFR, because of address error" },
+- { LDNS_STATUS_FILE_ERR, "Could not open the files" },
+- { LDNS_STATUS_UNKNOWN_INET, "Uknown address family" },
+- { LDNS_STATUS_NOT_IMPL, "This function is not implemented (yet), please notify the developers - or not..." },
+- { LDNS_STATUS_NULL, "Supplied value pointer null" },
+- { LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, "Unknown cryptographic algorithm" },
+- { LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL, "Cryptographic algorithm not implemented" },
+- { LDNS_STATUS_CRYPTO_NO_RRSIG, "No DNSSEC signature(s)" },
+- { LDNS_STATUS_CRYPTO_NO_DNSKEY, "No DNSSEC public key(s)" },
+- { LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR, "The signature does not cover this RRset" },
+- { LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY, "No signatures found for trusted DNSSEC public key(s)" },
+- { LDNS_STATUS_CRYPTO_NO_DS, "No DS record(s)" },
+- { LDNS_STATUS_CRYPTO_NO_TRUSTED_DS, "Could not validate DS record(s)" },
+- { LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY, "No keys with the keytag and algorithm from the RRSIG found" },
+- { LDNS_STATUS_CRYPTO_VALIDATED, "Valid DNSSEC signature" },
+- { LDNS_STATUS_CRYPTO_BOGUS, "Bogus DNSSEC signature" },
+- { LDNS_STATUS_CRYPTO_SIG_EXPIRED, "DNSSEC signature has expired" },
+- { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED, "DNSSEC signature not incepted yet" },
+- { LDNS_STATUS_CRYPTO_TSIG_BOGUS, "Bogus TSIG signature" },
+- { LDNS_STATUS_CRYPTO_TSIG_ERR, "Could not create TSIG signature" },
+- { LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION, "DNSSEC signature has expiration date earlier than inception date" },
+- { LDNS_STATUS_ENGINE_KEY_NOT_LOADED, "Unable to load private key from engine" },
+- { LDNS_STATUS_NSEC3_ERR, "Error in NSEC3 denial of existence proof" },
+- { LDNS_STATUS_RES_NO_NS, "No (valid) nameservers defined in the resolver" },
+- { LDNS_STATUS_RES_QUERY, "No correct query given to resolver" },
+- { LDNS_STATUS_WIRE_INCOMPLETE_HEADER, "header section incomplete" },
+- { LDNS_STATUS_WIRE_INCOMPLETE_QUESTION, "question section incomplete" },
+- { LDNS_STATUS_WIRE_INCOMPLETE_ANSWER, "answer section incomplete" },
+- { LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY, "authority section incomplete" },
+- { LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL, "additional section incomplete" },
+- { LDNS_STATUS_NO_DATA, "No data" },
+- { LDNS_STATUS_EXISTS_ERR, "Element already exists" },
+- { LDNS_STATUS_CERT_BAD_ALGORITHM, "Bad algorithm type for CERT record" },
+- { LDNS_STATUS_SYNTAX_TYPE_ERR, "Syntax error, could not parse the RR's type" },
+- { LDNS_STATUS_SYNTAX_CLASS_ERR, "Syntax error, could not parse the RR's class" },
+- { LDNS_STATUS_SYNTAX_TTL_ERR, "Syntax error, could not parse the RR's TTL" },
+- { LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL, "Syntax error, $INCLUDE not implemented" },
+- { LDNS_STATUS_SYNTAX_RDATA_ERR, "Syntax error, could not parse the RR's rdata" },
+- { LDNS_STATUS_SYNTAX_DNAME_ERR, "Syntax error, could not parse the RR's dname(s)" },
+- { LDNS_STATUS_SYNTAX_VERSION_ERR, "Syntax error, version mismatch" },
+- { LDNS_STATUS_SYNTAX_ALG_ERR, "Syntax error, algorithm unknown or non parseable" },
+- { LDNS_STATUS_SYNTAX_KEYWORD_ERR, "Syntax error, unknown keyword in input" },
+- { LDNS_STATUS_SYNTAX_ERR, "Syntax error, could not parse the RR" },
+- { LDNS_STATUS_SYNTAX_EMPTY, "Empty line was returned" },
+- { LDNS_STATUS_SYNTAX_TTL, "$TTL directive was seen in the zone" },
+- { LDNS_STATUS_SYNTAX_ORIGIN, "$ORIGIN directive was seen in the zone" },
+- { LDNS_STATUS_SYNTAX_INCLUDE, "$INCLUDE directive was seen in the zone" },
+- { LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW, "Iterations count for NSEC3 record higher than maximum" },
+- { LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR, "Syntax error, value expected" },
+- { LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer value too large" },
+- { LDNS_STATUS_SYNTAX_BAD_ESCAPE, "Syntax error, bad escape sequence" },
+- { LDNS_STATUS_SOCKET_ERROR, "Error creating socket" },
+- { LDNS_STATUS_DNSSEC_EXISTENCE_DENIED, "Existence denied by NSEC" },
+- { LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED, "RR not covered by the given NSEC RRs" },
+- { LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED, "wildcard not covered by the given NSEC RRs" },
+- { LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND, "original of NSEC3 hashed name could not be found" },
+- { LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG, "The RRSIG has to few rdata fields" },
+- { LDNS_STATUS_MISSING_RDATA_FIELDS_KEY, "The DNSKEY has to few rdata fields" },
+- { LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN,
+- "DNSSEC signature will expire too soon" },
+- { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN,
+- "DNSSEC signature not incepted long enough" },
+- { LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE,
+- "Unknown TLSA Certificate Usage" },
+- { LDNS_STATUS_DANE_UNKNOWN_SELECTOR, "Unknown TLSA Selector" },
+- { LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE,
+- "Unknown TLSA Matching Type" },
+- { LDNS_STATUS_DANE_UNKNOWN_PROTOCOL,
+- "Unknown protocol. Only IPv4 and IPv6 are understood" },
+- { LDNS_STATUS_DANE_UNKNOWN_TRANSPORT,
+- "Unknown transport. Should be one of {tcp, udp, sctp}" },
+- { LDNS_STATUS_DANE_MISSING_EXTRA_CERTS, /* Trust anchor assertion */
+- "More than one certificate should be provided" },
+- { LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED, /* Trust anchor assertion */
+- "Non of the extra certificates is used to sign the first" },
+- { LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE, /* Trust anchor assertion */
+- "The offset was out of range" },
+- { LDNS_STATUS_DANE_INSECURE, /* Unused by library */
+- "The queried resource records were insecure" },
+- { LDNS_STATUS_DANE_BOGUS, /* Unused by library */
+- "The queried resource records were bogus" },
+- { LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
+- "The TLSA record(s) "
+- "did not match with the server certificate (chain)" },
+- { LDNS_STATUS_DANE_NON_CA_CERTIFICATE,
+- "The certificate was not a CA certificate" },
+- { LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE,
+- "Could not PKIX validate" },
+- { LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR,
+- "The validation path "
+- "did not end in a self-signed certificate" },
+- { LDNS_STATUS_INVALID_ILNP64,
+- "Conversion error, 4 colon separated hex numbers expected" },
+- { LDNS_STATUS_INVALID_EUI48,
+- "Conversion error, 6 two character hex numbers "
+- "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx" },
+- { LDNS_STATUS_INVALID_EUI64,
+- "Conversion error, 8 two character hex numbers "
+- "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx-xx-xx" },
+- { LDNS_STATUS_WIRE_RDATA_ERR, "invalid rdata in wire format" },
+- { LDNS_STATUS_INVALID_TAG,
+- "Conversion error, a non-zero sequence of US-ASCII letters "
+- "and numbers in lower case expected" },
+- { LDNS_STATUS_TYPE_NOT_IN_BITMAP,
+- "The RR type bitmap rdata field did not have "
+- "a bit reserved for the specific RR type" },
+- { LDNS_STATUS_INVALID_RDF_TYPE,
+- "The rdata field was not of the expected type" },
+- { LDNS_STATUS_RDATA_OVERFLOW, "Rdata size overflow" },
+- { 0, NULL }
+-};
+-
+-const char *
+-ldns_get_errorstr_by_id(ldns_status err)
+-{
+- ldns_lookup_table *lt;
+-
+- lt = ldns_lookup_by_id(ldns_error_str, err);
+-
+- if (lt) {
+- return lt->name;
+- }
+- return NULL;
+-}
+diff --git a/src/ldns/higher.c b/src/ldns/higher.c
+deleted file mode 100644
+index 8ce86a4..0000000
+--- a/src/ldns/higher.c
++++ /dev/null
+@@ -1,344 +0,0 @@
+-/*
+- * higher.c
+- *
+- * Specify some higher level functions that would
+- * be usefull to would be developers
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#ifdef HAVE_SSL
+-#include <openssl/ssl.h>
+-#include <openssl/sha.h>
+-#endif /* HAVE_SSL */
+-
+-ldns_rr_list *
+-ldns_get_rr_list_addr_by_name(ldns_resolver *res, ldns_rdf *name, ldns_rr_class c,
+- uint16_t flags)
+-{
+- ldns_pkt *pkt;
+- ldns_rr_list *aaaa;
+- ldns_rr_list *a;
+- ldns_rr_list *result = NULL;
+- ldns_rr_list *hostsfilenames;
+- size_t i;
+- uint8_t ip6;
+-
+- a = NULL;
+- aaaa = NULL;
+- result = NULL;
+-
+- if (!res) {
+- return NULL;
+- }
+- if (ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) {
+- return NULL;
+- }
+-
+- ip6 = ldns_resolver_ip6(res); /* we use INET_ANY here, save
+- what was there */
+-
+- ldns_resolver_set_ip6(res, LDNS_RESOLV_INETANY);
+-
+- hostsfilenames = ldns_get_rr_list_hosts_frm_file(NULL);
+- for (i = 0; i < ldns_rr_list_rr_count(hostsfilenames); i++) {
+- if (ldns_rdf_compare(name,
+- ldns_rr_owner(ldns_rr_list_rr(hostsfilenames,
+- i))) == 0) {
+- if (!result) {
+- result = ldns_rr_list_new();
+- }
+- ldns_rr_list_push_rr(result,
+- ldns_rr_clone(ldns_rr_list_rr(hostsfilenames, i)));
+- }
+- }
+- ldns_rr_list_deep_free(hostsfilenames);
+-
+- if (result) {
+- return result;
+- }
+-
+- /* add the RD flags, because we want an answer */
+- pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_AAAA, c, flags | LDNS_RD);
+- if (pkt) {
+- /* extract the data we need */
+- aaaa = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_AAAA,
+- LDNS_SECTION_ANSWER);
+- ldns_pkt_free(pkt);
+- }
+-
+- pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_A, c, flags | LDNS_RD);
+- if (pkt) {
+- /* extract the data we need */
+- a = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_A, LDNS_SECTION_ANSWER);
+- ldns_pkt_free(pkt);
+- }
+- ldns_resolver_set_ip6(res, ip6);
+-
+- if (aaaa && a) {
+- result = ldns_rr_list_cat_clone(aaaa, a);
+- ldns_rr_list_deep_free(aaaa);
+- ldns_rr_list_deep_free(a);
+- return result;
+- }
+-
+- if (aaaa) {
+- result = ldns_rr_list_clone(aaaa);
+- }
+-
+- if (a) {
+- result = ldns_rr_list_clone(a);
+- }
+-
+- ldns_rr_list_deep_free(aaaa);
+- ldns_rr_list_deep_free(a);
+- return result;
+-}
+-
+-ldns_rr_list *
+-ldns_get_rr_list_name_by_addr(ldns_resolver *res, ldns_rdf *addr, ldns_rr_class c,
+- uint16_t flags)
+-{
+- ldns_pkt *pkt;
+- ldns_rr_list *names;
+- ldns_rdf *name;
+-
+- names = NULL;
+-
+- if (!res || !addr) {
+- return NULL;
+- }
+-
+- if (ldns_rdf_get_type(addr) != LDNS_RDF_TYPE_A &&
+- ldns_rdf_get_type(addr) != LDNS_RDF_TYPE_AAAA) {
+- return NULL;
+- }
+-
+- name = ldns_rdf_address_reverse(addr);
+-
+- /* add the RD flags, because we want an answer */
+- pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_PTR, c, flags | LDNS_RD);
+- ldns_rdf_deep_free(name);
+- if (pkt) {
+- /* extract the data we need */
+- names = ldns_pkt_rr_list_by_type(pkt,
+- LDNS_RR_TYPE_PTR, LDNS_SECTION_ANSWER);
+- ldns_pkt_free(pkt);
+- }
+- return names;
+-}
+-
+-/* read a line, put it in a buffer, parse the buffer */
+-ldns_rr_list *
+-ldns_get_rr_list_hosts_frm_fp(FILE *fp)
+-{
+- return ldns_get_rr_list_hosts_frm_fp_l(fp, NULL);
+-}
+-
+-ldns_rr_list *
+-ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr)
+-{
+- ssize_t i, j;
+- size_t cnt;
+- char *line;
+- char *word;
+- char *addr;
+- char *rr_str;
+- ldns_buffer *linebuf;
+- ldns_rr *rr;
+- ldns_rr_list *list;
+- ldns_rdf *tmp;
+- bool ip6;
+- ldns_status parse_result;
+-
+- line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
+- word = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
+- addr = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
+- rr_str = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
+- ip6 = false;
+- list = ldns_rr_list_new();
+- rr = NULL;
+- if(!line || !word || !addr || !rr_str || !list) {
+- LDNS_FREE(line);
+- LDNS_FREE(word);
+- LDNS_FREE(addr);
+- LDNS_FREE(rr_str);
+- ldns_rr_list_free(list);
+- return NULL;
+- }
+-
+- for(i = ldns_fget_token_l(fp, line, "\n", LDNS_MAX_LINELEN, line_nr);
+- i > 0; i = ldns_fget_token_l(fp, line, "\n", LDNS_MAX_LINELEN, line_nr)) {
+- /* # is comment */
+- if (line[0] == '#') {
+- continue;
+- }
+- /* put it in a buffer for further processing */
+- linebuf = LDNS_MALLOC(ldns_buffer);
+- if(!linebuf) {
+- LDNS_FREE(line);
+- LDNS_FREE(word);
+- LDNS_FREE(addr);
+- LDNS_FREE(rr_str);
+- ldns_rr_list_deep_free(list);
+- return NULL;
+- }
+-
+- ldns_buffer_new_frm_data(linebuf, line, (size_t) i);
+- for(cnt = 0, j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, LDNS_MAX_LINELEN);
+- j > 0;
+- j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, LDNS_MAX_LINELEN), cnt++) {
+- if (cnt == 0) {
+- /* the address */
+- if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA,
+- word))) {
+- /* ip6 */
+- ldns_rdf_deep_free(tmp);
+- ip6 = true;
+- } else {
+- if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A,
+- word))) {
+- /* ip4 */
+- ldns_rdf_deep_free(tmp);
+- ip6 = false;
+- } else {
+- /* kaput */
+- break;
+- }
+- }
+- (void)strlcpy(addr, word, LDNS_MAX_LINELEN+1);
+- } else {
+- /* la al la la */
+- if (ip6) {
+- snprintf(rr_str, LDNS_MAX_LINELEN,
+- "%s IN AAAA %s", word, addr);
+- } else {
+- snprintf(rr_str, LDNS_MAX_LINELEN,
+- "%s IN A %s", word, addr);
+- }
+- parse_result = ldns_rr_new_frm_str(&rr, rr_str, 0, NULL, NULL);
+- if (parse_result == LDNS_STATUS_OK && ldns_rr_owner(rr) && ldns_rr_rd_count(rr) > 0) {
+- ldns_rr_list_push_rr(list, ldns_rr_clone(rr));
+- }
+- ldns_rr_free(rr);
+- }
+- }
+- ldns_buffer_free(linebuf);
+- }
+- LDNS_FREE(line);
+- LDNS_FREE(word);
+- LDNS_FREE(addr);
+- LDNS_FREE(rr_str);
+- return list;
+-}
+-
+-ldns_rr_list *
+-ldns_get_rr_list_hosts_frm_file(char *filename)
+-{
+- ldns_rr_list *names;
+- FILE *fp;
+-
+- if (!filename) {
+- fp = fopen(LDNS_RESOLV_HOSTS, "r");
+-
+- } else {
+- fp = fopen(filename, "r");
+- }
+- if (!fp) {
+- return NULL;
+- }
+-
+- names = ldns_get_rr_list_hosts_frm_fp(fp);
+- fclose(fp);
+- return names;
+-}
+-
+-uint16_t
+-ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c,
+- ldns_rr_list **ret)
+-{
+- ldns_rdf_type t;
+- uint16_t names_found;
+- ldns_resolver *r;
+- ldns_status s;
+-
+- t = ldns_rdf_get_type(node);
+- names_found = 0;
+- r = res;
+-
+- if (res == NULL) {
+- /* prepare a new resolver, using /etc/resolv.conf as a guide */
+- s = ldns_resolver_new_frm_file(&r, NULL);
+- if (s != LDNS_STATUS_OK) {
+- return 0;
+- }
+- }
+-
+- if (t == LDNS_RDF_TYPE_DNAME) {
+- /* we're asked to query for a name */
+- *ret = ldns_get_rr_list_addr_by_name(r, node, c, 0);
+- names_found = ldns_rr_list_rr_count(*ret);
+- }
+-
+- if (t == LDNS_RDF_TYPE_A || t == LDNS_RDF_TYPE_AAAA) {
+- /* an address */
+- *ret = ldns_get_rr_list_name_by_addr(r, node, c, 0);
+- names_found = ldns_rr_list_rr_count(*ret);
+- }
+-
+- if (res == NULL) {
+- ldns_resolver_deep_free(r);
+- }
+-
+- return names_found;
+-}
+-
+-bool
+-ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t)
+-{
+- switch (ldns_rr_get_type(nsec)) {
+- case LDNS_RR_TYPE_NSEC : if (ldns_rr_rd_count(nsec) < 2) {
+- return false;
+- }
+- return ldns_nsec_bitmap_covers_type(
+- ldns_rr_rdf(nsec, 1), t);
+-
+- case LDNS_RR_TYPE_NSEC3 : if (ldns_rr_rd_count(nsec) < 6) {
+- return false;
+- }
+- return ldns_nsec_bitmap_covers_type(
+- ldns_rr_rdf(nsec, 5), t);
+-
+- default : return false;
+- }
+-}
+-
+-void
+-ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...)
+-{
+- int16_t rdf;
+- ldns_rdf *rd;
+- va_list va_rdf;
+- va_start(va_rdf, rdfnum);
+-
+- for (rdf = (int16_t)rdfnum; rdf != -1; rdf = (int16_t)va_arg(va_rdf, int))
+- {
+- rd = ldns_rr_rdf(r, rdf);
+- if (!rd) {
+- continue;
+- } else {
+- ldns_rdf_print(fp, rd);
+- fprintf(fp, " "); /* not sure if we want to do this */
+- }
+- }
+- va_end(va_rdf);
+-}
+-
+diff --git a/src/ldns/host2str.c b/src/ldns/host2str.c
+deleted file mode 100644
+index 3445254..0000000
+--- a/src/ldns/host2str.c
++++ /dev/null
+@@ -1,2635 +0,0 @@
+-/*
+- * host2str.c
+- *
+- * conversion routines from the host format
+- * to the presentation format (strings)
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#include <limits.h>
+-
+-#ifdef HAVE_SYS_SOCKET_H
+-#include <sys/socket.h>
+-#endif
+-#ifdef HAVE_ARPA_INET_H
+-#include <arpa/inet.h>
+-#endif
+-#ifdef HAVE_NETDB_H
+-#include <netdb.h>
+-#endif
+-#include <time.h>
+-#include <sys/time.h>
+-
+-#ifndef INET_ADDRSTRLEN
+-#define INET_ADDRSTRLEN 16
+-#endif
+-#ifndef INET6_ADDRSTRLEN
+-#define INET6_ADDRSTRLEN 46
+-#endif
+-
+-/* lookup tables for standard DNS stuff */
+-
+-/* Taken from RFC 2535, section 7. */
+-ldns_lookup_table ldns_algorithms[] = {
+- { LDNS_RSAMD5, "RSAMD5" },
+- { LDNS_DH, "DH" },
+- { LDNS_DSA, "DSA" },
+- { LDNS_ECC, "ECC" },
+- { LDNS_RSASHA1, "RSASHA1" },
+- { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" },
+- { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
+-#ifdef USE_SHA2
+- { LDNS_RSASHA256, "RSASHA256"},
+- { LDNS_RSASHA512, "RSASHA512"},
+-#endif
+-#ifdef USE_GOST
+- { LDNS_ECC_GOST, "ECC-GOST"},
+-#endif
+-#ifdef USE_ECDSA
+- { LDNS_ECDSAP256SHA256, "ECDSAP256SHA256"},
+- { LDNS_ECDSAP384SHA384, "ECDSAP384SHA384"},
+-#endif
+- { LDNS_INDIRECT, "INDIRECT" },
+- { LDNS_PRIVATEDNS, "PRIVATEDNS" },
+- { LDNS_PRIVATEOID, "PRIVATEOID" },
+- { 0, NULL }
+-};
+-
+-/* Taken from RFC 4398 */
+-ldns_lookup_table ldns_cert_algorithms[] = {
+- { LDNS_CERT_PKIX, "PKIX" },
+- { LDNS_CERT_SPKI, "SPKI" },
+- { LDNS_CERT_PGP, "PGP" },
+- { LDNS_CERT_IPKIX, "IPKIX" },
+- { LDNS_CERT_ISPKI, "ISPKI" },
+- { LDNS_CERT_IPGP, "IPGP" },
+- { LDNS_CERT_ACPKIX, "ACPKIX" },
+- { LDNS_CERT_IACPKIX, "IACPKIX" },
+- { LDNS_CERT_URI, "URI" },
+- { LDNS_CERT_OID, "OID" },
+- { 0, NULL }
+-};
+-
+-/* classes */
+-ldns_lookup_table ldns_rr_classes[] = {
+- { LDNS_RR_CLASS_IN, "IN" },
+- { LDNS_RR_CLASS_CH, "CH" },
+- { LDNS_RR_CLASS_HS, "HS" },
+- { LDNS_RR_CLASS_NONE, "NONE" },
+- { LDNS_RR_CLASS_ANY, "ANY" },
+- { 0, NULL }
+-};
+-
+-/* if these are used elsewhere */
+-ldns_lookup_table ldns_rcodes[] = {
+- { LDNS_RCODE_NOERROR, "NOERROR" },
+- { LDNS_RCODE_FORMERR, "FORMERR" },
+- { LDNS_RCODE_SERVFAIL, "SERVFAIL" },
+- { LDNS_RCODE_NXDOMAIN, "NXDOMAIN" },
+- { LDNS_RCODE_NOTIMPL, "NOTIMPL" },
+- { LDNS_RCODE_REFUSED, "REFUSED" },
+- { LDNS_RCODE_YXDOMAIN, "YXDOMAIN" },
+- { LDNS_RCODE_YXRRSET, "YXRRSET" },
+- { LDNS_RCODE_NXRRSET, "NXRRSET" },
+- { LDNS_RCODE_NOTAUTH, "NOTAUTH" },
+- { LDNS_RCODE_NOTZONE, "NOTZONE" },
+- { 0, NULL }
+-};
+-
+-ldns_lookup_table ldns_opcodes[] = {
+- { LDNS_PACKET_QUERY, "QUERY" },
+- { LDNS_PACKET_IQUERY, "IQUERY" },
+- { LDNS_PACKET_STATUS, "STATUS" },
+- { LDNS_PACKET_NOTIFY, "NOTIFY" },
+- { LDNS_PACKET_UPDATE, "UPDATE" },
+- { 0, NULL }
+-};
+-
+-const ldns_output_format ldns_output_format_nocomments_record = { 0, NULL };
+-const ldns_output_format *ldns_output_format_nocomments
+- = &ldns_output_format_nocomments_record;
+-const ldns_output_format ldns_output_format_onlykeyids_record = {
+- LDNS_COMMENT_KEY, NULL
+-};
+-const ldns_output_format *ldns_output_format_onlykeyids
+- = &ldns_output_format_onlykeyids_record;
+-const ldns_output_format *ldns_output_format_default
+- = &ldns_output_format_onlykeyids_record;
+-
+-const ldns_output_format ldns_output_format_bubblebabble_record = {
+- LDNS_COMMENT_KEY | LDNS_COMMENT_BUBBLEBABBLE | LDNS_COMMENT_FLAGS, NULL
+-};
+-const ldns_output_format *ldns_output_format_bubblebabble
+- = &ldns_output_format_bubblebabble_record;
+-
+-static bool
+-ldns_output_format_covers_type(const ldns_output_format* fmt, ldns_rr_type t)
+-{
+- return fmt && (fmt->flags & LDNS_FMT_RFC3597) &&
+- ((ldns_output_format_storage*)fmt)->bitmap &&
+- ldns_nsec_bitmap_covers_type(
+- ((ldns_output_format_storage*)fmt)->bitmap, t);
+-}
+-
+-ldns_status
+-ldns_output_format_set_type(ldns_output_format* fmt, ldns_rr_type t)
+-{
+- ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt;
+- ldns_status s;
+-
+- assert(fmt != NULL);
+-
+- if (!(fmt_st->flags & LDNS_FMT_RFC3597)) {
+- ldns_output_format_set(fmt, LDNS_FMT_RFC3597);
+- }
+- if (! fmt_st->bitmap) {
+- s = ldns_rdf_bitmap_known_rr_types_space(&fmt_st->bitmap);
+- if (s != LDNS_STATUS_OK) {
+- return s;
+- }
+- }
+- return ldns_nsec_bitmap_set_type(fmt_st->bitmap, t);
+-}
+-
+-ldns_status
+-ldns_output_format_clear_type(ldns_output_format* fmt, ldns_rr_type t)
+-{
+- ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt;
+- ldns_status s;
+-
+- assert(fmt != NULL);
+-
+- if (!(fmt_st->flags & LDNS_FMT_RFC3597)) {
+- ldns_output_format_set(fmt, LDNS_FMT_RFC3597);
+- }
+- if (! fmt_st->bitmap) {
+- s = ldns_rdf_bitmap_known_rr_types(&fmt_st->bitmap);
+- if (s != LDNS_STATUS_OK) {
+- return s;
+- }
+- }
+- return ldns_nsec_bitmap_clear_type(fmt_st->bitmap, t);
+-}
+-
+-ldns_status
+-ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode)
+-{
+- ldns_lookup_table *lt = ldns_lookup_by_id(ldns_opcodes, opcode);
+- if (lt && lt->name) {
+- ldns_buffer_printf(output, "%s", lt->name);
+- } else {
+- ldns_buffer_printf(output, "OPCODE%u", opcode);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode)
+-{
+- ldns_lookup_table *lt = ldns_lookup_by_id(ldns_rcodes, rcode);
+- if (lt && lt->name) {
+- ldns_buffer_printf(output, "%s", lt->name);
+- } else {
+- ldns_buffer_printf(output, "RCODE%u", rcode);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_algorithm2buffer_str(ldns_buffer *output,
+- ldns_algorithm algorithm)
+-{
+- ldns_lookup_table *lt = ldns_lookup_by_id(ldns_algorithms,
+- algorithm);
+- if (lt && lt->name) {
+- ldns_buffer_printf(output, "%s", lt->name);
+- } else {
+- ldns_buffer_printf(output, "ALG%u", algorithm);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_cert_algorithm2buffer_str(ldns_buffer *output,
+- ldns_cert_algorithm cert_algorithm)
+-{
+- ldns_lookup_table *lt = ldns_lookup_by_id(ldns_cert_algorithms,
+- cert_algorithm);
+- if (lt && lt->name) {
+- ldns_buffer_printf(output, "%s", lt->name);
+- } else {
+- ldns_buffer_printf(output, "CERT_ALG%u",
+- cert_algorithm);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-char *
+-ldns_pkt_opcode2str(ldns_pkt_opcode opcode)
+-{
+- char *str;
+- ldns_buffer *buf;
+-
+- buf = ldns_buffer_new(12);
+- if (!buf) {
+- return NULL;
+- }
+-
+- str = NULL;
+- if (ldns_pkt_opcode2buffer_str(buf, opcode) == LDNS_STATUS_OK) {
+- str = ldns_buffer_export2str(buf);
+- }
+-
+- ldns_buffer_free(buf);
+- return str;
+-}
+-
+-char *
+-ldns_pkt_rcode2str(ldns_pkt_rcode rcode)
+-{
+- char *str;
+- ldns_buffer *buf;
+-
+- buf = ldns_buffer_new(10);
+- if (!buf) {
+- return NULL;
+- }
+-
+- str = NULL;
+- if (ldns_pkt_rcode2buffer_str(buf, rcode) == LDNS_STATUS_OK) {
+- str = ldns_buffer_export2str(buf);
+- }
+-
+- ldns_buffer_free(buf);
+- return str;
+-}
+-
+-char *
+-ldns_pkt_algorithm2str(ldns_algorithm algorithm)
+-{
+- char *str;
+- ldns_buffer *buf;
+-
+- buf = ldns_buffer_new(10);
+- if (!buf) {
+- return NULL;
+- }
+-
+- str = NULL;
+- if (ldns_algorithm2buffer_str(buf, algorithm)
+- == LDNS_STATUS_OK) {
+- str = ldns_buffer_export2str(buf);
+- }
+-
+- ldns_buffer_free(buf);
+- return str;
+-}
+-
+-char *
+-ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm)
+-{
+- char *str;
+- ldns_buffer *buf;
+-
+- buf = ldns_buffer_new(10);
+- if (!buf) {
+- return NULL;
+- }
+-
+- str = NULL;
+- if (ldns_cert_algorithm2buffer_str(buf, cert_algorithm)
+- == LDNS_STATUS_OK) {
+- str = ldns_buffer_export2str(buf);
+- }
+-
+- ldns_buffer_free(buf);
+- return str;
+-}
+-
+-
+-/* do NOT pass compressed data here :p */
+-ldns_status
+-ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname)
+-{
+- /* can we do with 1 pos var? or without at all? */
+- uint8_t src_pos = 0;
+- uint8_t len;
+- uint8_t *data;
+- uint8_t i;
+- unsigned char c;
+-
+- data = (uint8_t*)ldns_rdf_data(dname);
+- len = data[src_pos];
+-
+- if (ldns_rdf_size(dname) > LDNS_MAX_DOMAINLEN) {
+- /* too large, return */
+- return LDNS_STATUS_DOMAINNAME_OVERFLOW;
+- }
+-
+- /* special case: root label */
+- if (1 == ldns_rdf_size(dname)) {
+- ldns_buffer_printf(output, ".");
+- } else {
+- while ((len > 0) && src_pos < ldns_rdf_size(dname)) {
+- src_pos++;
+- for(i = 0; i < len; i++) {
+- /* paranoia check for various 'strange'
+- characters in dnames
+- */
+- c = (unsigned char) data[src_pos];
+- if(c == '.' || c == ';' ||
+- c == '(' || c == ')' ||
+- c == '\\') {
+- ldns_buffer_printf(output, "\\%c",
+- data[src_pos]);
+- } else if (!(isascii(c) && isgraph(c))) {
+- ldns_buffer_printf(output, "\\%03u",
+- data[src_pos]);
+- } else {
+- ldns_buffer_printf(output, "%c", data[src_pos]);
+- }
+- src_pos++;
+- }
+-
+- if (src_pos < ldns_rdf_size(dname)) {
+- ldns_buffer_printf(output, ".");
+- }
+- len = data[src_pos];
+- }
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_int8(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- uint8_t data = ldns_rdf_data(rdf)[0];
+- ldns_buffer_printf(output, "%lu", (unsigned long) data);
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf));
+- ldns_buffer_printf(output, "%lu", (unsigned long) data);
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- uint32_t data = ldns_read_uint32(ldns_rdf_data(rdf));
+- ldns_buffer_printf(output, "%lu", (unsigned long) data);
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- /* create a YYYYMMDDHHMMSS string if possible */
+- struct tm tm;
+- char date_buf[16];
+-
+- memset(&tm, 0, sizeof(tm));
+- if (ldns_serial_arithmitics_gmtime_r(ldns_rdf2native_int32(rdf), time(NULL), &tm)
+- && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) {
+- ldns_buffer_printf(output, "%s", date_buf);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- char str[INET_ADDRSTRLEN];
+-
+- if (inet_ntop(AF_INET, ldns_rdf_data(rdf), str, INET_ADDRSTRLEN)) {
+- ldns_buffer_printf(output, "%s", str);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- char str[INET6_ADDRSTRLEN];
+-
+- if (inet_ntop(AF_INET6, ldns_rdf_data(rdf), str, INET6_ADDRSTRLEN)) {
+- ldns_buffer_printf(output, "%s", str);
+- }
+-
+- return ldns_buffer_status(output);
+-}
+-
+-static void
+-ldns_characters2buffer_str(ldns_buffer* output,
+- size_t amount, const uint8_t* characters)
+-{
+- uint8_t ch;
+- while (amount > 0) {
+- ch = *characters++;
+- if (isprint((int)ch) || ch == '\t') {
+- if (ch == '\"' || ch == '\\')
+- ldns_buffer_printf(output, "\\%c", ch);
+- else
+- ldns_buffer_printf(output, "%c", ch);
+- } else {
+- ldns_buffer_printf(output, "\\%03u",
+- (unsigned)(uint8_t) ch);
+- }
+- amount--;
+- }
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- if(ldns_rdf_size(rdf) < 1) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- if((int)ldns_rdf_size(rdf) < (int)ldns_rdf_data(rdf)[0] + 1) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- ldns_buffer_printf(output, "\"");
+- ldns_characters2buffer_str(output,
+- ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf) + 1);
+- ldns_buffer_printf(output, "\"");
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- size_t size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf));
+- char *b64 = LDNS_XMALLOC(char, size);
+- if(!b64) return LDNS_STATUS_MEM_ERR;
+- if (ldns_b64_ntop(ldns_rdf_data(rdf), ldns_rdf_size(rdf), b64, size)) {
+- ldns_buffer_printf(output, "%s", b64);
+- }
+- LDNS_FREE(b64);
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_b32_ext(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- size_t size;
+- char *b32;
+- if(ldns_rdf_size(rdf) == 0)
+- return LDNS_STATUS_OK;
+- /* remove -1 for the b32-hash-len octet */
+- size = ldns_b32_ntop_calculate_size(ldns_rdf_size(rdf) - 1);
+- /* add one for the end nul for the string */
+- b32 = LDNS_XMALLOC(char, size + 1);
+- if(!b32) return LDNS_STATUS_MEM_ERR;
+- size = (size_t) ldns_b32_ntop_extended_hex(ldns_rdf_data(rdf) + 1,
+- ldns_rdf_size(rdf) - 1, b32, size+1);
+- if (size > 0) {
+- ldns_buffer_printf(output, "%s", b32);
+- }
+- LDNS_FREE(b32);
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- size_t i;
+- for (i = 0; i < ldns_rdf_size(rdf); i++) {
+- ldns_buffer_printf(output, "%02x", ldns_rdf_data(rdf)[i]);
+- }
+-
+- return ldns_buffer_status(output);
+-}
+-
+-static ldns_status
+-ldns_rdf2buffer_str_type_fmt(ldns_buffer *output,
+- const ldns_output_format* fmt, const ldns_rdf *rdf)
+-{
+- uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf));
+-
+- if (! ldns_output_format_covers_type(fmt, data) &&
+- ldns_rr_descript(data) &&
+- ldns_rr_descript(data)->_name) {
+-
+- ldns_buffer_printf(output, "%s",ldns_rr_descript(data)->_name);
+- } else {
+- ldns_buffer_printf(output, "TYPE%u", data);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- return ldns_rdf2buffer_str_type_fmt(output,
+- ldns_output_format_default, rdf);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf));
+- ldns_lookup_table *lt;
+-
+- lt = ldns_lookup_by_id(ldns_rr_classes, (int) data);
+- if (lt) {
+- ldns_buffer_printf(output, "\t%s", lt->name);
+- } else {
+- ldns_buffer_printf(output, "\tCLASS%d", data);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf));
+- ldns_lookup_table *lt;
+- lt = ldns_lookup_by_id(ldns_cert_algorithms, (int) data);
+- if (lt) {
+- ldns_buffer_printf(output, "%s", lt->name);
+- } else {
+- ldns_buffer_printf(output, "%d", data);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- return ldns_rdf2buffer_str_int8(output, rdf);
+-}
+-
+-static void
+-loc_cm_print(ldns_buffer *output, uint8_t mantissa, uint8_t exponent)
+-{
+- uint8_t i;
+- /* is it 0.<two digits> ? */
+- if(exponent < 2) {
+- if(exponent == 1)
+- mantissa *= 10;
+- ldns_buffer_printf(output, "0.%02ld", (long)mantissa);
+- return;
+- }
+- /* always <digit><string of zeros> */
+- ldns_buffer_printf(output, "%d", (int)mantissa);
+- for(i=0; i<exponent-2; i++)
+- ldns_buffer_printf(output, "0");
+-}
+-
+-ldns_status
+-ldns_rr_type2buffer_str(ldns_buffer *output, const ldns_rr_type type)
+-{
+- const ldns_rr_descriptor *descriptor;
+-
+- descriptor = ldns_rr_descript(type);
+-
+- switch (type) {
+- case LDNS_RR_TYPE_IXFR:
+- ldns_buffer_printf(output, "IXFR");
+- break;
+- case LDNS_RR_TYPE_AXFR:
+- ldns_buffer_printf(output, "AXFR");
+- break;
+- case LDNS_RR_TYPE_MAILA:
+- ldns_buffer_printf(output, "MAILA");
+- break;
+- case LDNS_RR_TYPE_MAILB:
+- ldns_buffer_printf(output, "MAILB");
+- break;
+- case LDNS_RR_TYPE_ANY:
+- ldns_buffer_printf(output, "ANY");
+- break;
+- default:
+- if (descriptor && descriptor->_name) {
+- ldns_buffer_printf(output, "%s", descriptor->_name);
+- } else {
+- ldns_buffer_printf(output, "TYPE%u", type);
+- }
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-char *
+-ldns_rr_type2str(const ldns_rr_type type)
+-{
+- char *str;
+- ldns_buffer *buf;
+-
+- buf = ldns_buffer_new(10);
+- if (!buf) {
+- return NULL;
+- }
+-
+- str = NULL;
+- if (ldns_rr_type2buffer_str(buf, type) == LDNS_STATUS_OK) {
+- str = ldns_buffer_export2str(buf);
+- }
+-
+- ldns_buffer_free(buf);
+- return str;
+-}
+-
+-
+-ldns_status
+-ldns_rr_class2buffer_str(ldns_buffer *output,
+- const ldns_rr_class klass)
+-{
+- ldns_lookup_table *lt;
+-
+- lt = ldns_lookup_by_id(ldns_rr_classes, klass);
+- if (lt) {
+- ldns_buffer_printf(output, "%s", lt->name);
+- } else {
+- ldns_buffer_printf(output, "CLASS%d", klass);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-char *
+-ldns_rr_class2str(const ldns_rr_class klass)
+-{
+- ldns_buffer *buf;
+- char *str;
+-
+- buf = ldns_buffer_new(10);
+- if (!buf) {
+- return NULL;
+- }
+-
+- str = NULL;
+- if (ldns_rr_class2buffer_str(buf, klass) == LDNS_STATUS_OK) {
+- str = ldns_buffer_export2str(buf);
+- }
+- ldns_buffer_free(buf);
+- return str;
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- /* we could do checking (ie degrees < 90 etc)? */
+- uint8_t version;
+- uint8_t size;
+- uint8_t horizontal_precision;
+- uint8_t vertical_precision;
+- uint32_t longitude;
+- uint32_t latitude;
+- uint32_t altitude;
+- char northerness;
+- char easterness;
+- uint32_t h;
+- uint32_t m;
+- double s;
+-
+- uint32_t equator = (uint32_t) ldns_power(2, 31);
+-
+- if(ldns_rdf_size(rdf) < 1) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- version = ldns_rdf_data(rdf)[0];
+- if (version == 0) {
+- if(ldns_rdf_size(rdf) < 16) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- size = ldns_rdf_data(rdf)[1];
+- horizontal_precision = ldns_rdf_data(rdf)[2];
+- vertical_precision = ldns_rdf_data(rdf)[3];
+-
+- latitude = ldns_read_uint32(&ldns_rdf_data(rdf)[4]);
+- longitude = ldns_read_uint32(&ldns_rdf_data(rdf)[8]);
+- altitude = ldns_read_uint32(&ldns_rdf_data(rdf)[12]);
+-
+- if (latitude > equator) {
+- northerness = 'N';
+- latitude = latitude - equator;
+- } else {
+- northerness = 'S';
+- latitude = equator - latitude;
+- }
+- h = latitude / (1000 * 60 * 60);
+- latitude = latitude % (1000 * 60 * 60);
+- m = latitude / (1000 * 60);
+- latitude = latitude % (1000 * 60);
+- s = (double) latitude / 1000.0;
+- ldns_buffer_printf(output, "%02u %02u %0.3f %c ",
+- h, m, s, northerness);
+-
+- if (longitude > equator) {
+- easterness = 'E';
+- longitude = longitude - equator;
+- } else {
+- easterness = 'W';
+- longitude = equator - longitude;
+- }
+- h = longitude / (1000 * 60 * 60);
+- longitude = longitude % (1000 * 60 * 60);
+- m = longitude / (1000 * 60);
+- longitude = longitude % (1000 * 60);
+- s = (double) longitude / (1000.0);
+- ldns_buffer_printf(output, "%02u %02u %0.3f %c ",
+- h, m, s, easterness);
+-
+-
+- s = ((double) altitude) / 100;
+- s -= 100000;
+-
+- if(altitude%100 != 0)
+- ldns_buffer_printf(output, "%.2f", s);
+- else
+- ldns_buffer_printf(output, "%.0f", s);
+-
+- ldns_buffer_printf(output, "m ");
+-
+- loc_cm_print(output, (size & 0xf0) >> 4, size & 0x0f);
+- ldns_buffer_printf(output, "m ");
+-
+- loc_cm_print(output, (horizontal_precision & 0xf0) >> 4,
+- horizontal_precision & 0x0f);
+- ldns_buffer_printf(output, "m ");
+-
+- loc_cm_print(output, (vertical_precision & 0xf0) >> 4,
+- vertical_precision & 0x0f);
+- ldns_buffer_printf(output, "m");
+-
+- return ldns_buffer_status(output);
+- } else {
+- return ldns_rdf2buffer_str_hex(output, rdf);
+- }
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- ldns_buffer_printf(output, "\\# %u ", ldns_rdf_size(rdf));
+- return ldns_rdf2buffer_str_hex(output, rdf);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- ldns_buffer_printf(output, "0x");
+- return ldns_rdf2buffer_str_hex(output, rdf);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_atma(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- return ldns_rdf2buffer_str_hex(output, rdf);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- /* protocol, followed by bitmap of services */
+- struct protoent *protocol;
+- char *proto_name = NULL;
+- uint8_t protocol_nr;
+- struct servent *service;
+- uint16_t current_service;
+-
+- if(ldns_rdf_size(rdf) < 1) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- protocol_nr = ldns_rdf_data(rdf)[0];
+- protocol = getprotobynumber((int) protocol_nr);
+- if (protocol && (protocol->p_name != NULL)) {
+- proto_name = protocol->p_name;
+- ldns_buffer_printf(output, "%s ", protocol->p_name);
+- } else {
+- ldns_buffer_printf(output, "%u ", protocol_nr);
+- }
+-
+-#ifdef HAVE_ENDPROTOENT
+- endprotoent();
+-#endif
+-
+- for (current_service = 0;
+- current_service < (ldns_rdf_size(rdf)-1)*8; current_service++) {
+- if (ldns_get_bit(&(ldns_rdf_data(rdf)[1]), current_service)) {
+- service = getservbyport((int) htons(current_service),
+- proto_name);
+- if (service && service->s_name) {
+- ldns_buffer_printf(output, "%s ", service->s_name);
+- } else {
+- ldns_buffer_printf(output, "%u ", current_service);
+- }
+-#ifdef HAVE_ENDSERVENT
+- endservent();
+-#endif
+- }
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-static ldns_status
+-ldns_rdf2buffer_str_nsec_fmt(ldns_buffer *output,
+- const ldns_output_format* fmt, const ldns_rdf *rdf)
+-{
+- /* Note: this code is duplicated in higher.c in
+- * ldns_nsec_type_check() function
+- */
+- uint8_t window_block_nr;
+- uint8_t bitmap_length;
+- uint16_t type;
+- uint16_t pos = 0;
+- uint16_t bit_pos;
+- uint8_t *data = ldns_rdf_data(rdf);
+-
+- while((size_t)(pos + 2) < ldns_rdf_size(rdf)) {
+- window_block_nr = data[pos];
+- bitmap_length = data[pos + 1];
+- pos += 2;
+- if (ldns_rdf_size(rdf) < pos + bitmap_length) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- for (bit_pos = 0; bit_pos < (bitmap_length) * 8; bit_pos++) {
+- if (! ldns_get_bit(&data[pos], bit_pos)) {
+- continue;
+- }
+- type = 256 * (uint16_t) window_block_nr + bit_pos;
+-
+- if (! ldns_output_format_covers_type(fmt, type) &&
+- ldns_rr_descript(type) &&
+- ldns_rr_descript(type)->_name){
+-
+- ldns_buffer_printf(output, "%s ",
+- ldns_rr_descript(type)->_name);
+- } else {
+- ldns_buffer_printf(output, "TYPE%u ", type);
+- }
+- }
+- pos += (uint16_t) bitmap_length;
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- return ldns_rdf2buffer_str_nsec_fmt(output,
+- ldns_output_format_default, rdf);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- uint8_t salt_length;
+- uint8_t salt_pos;
+-
+- uint8_t *data = ldns_rdf_data(rdf);
+-
+- if(ldns_rdf_size(rdf) < 1) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- salt_length = data[0];
+- /* from now there are variable length entries so remember pos */
+- if (salt_length == 0 || ((size_t)salt_length)+1 > ldns_rdf_size(rdf)) {
+- ldns_buffer_printf(output, "- ");
+- } else {
+- for (salt_pos = 0; salt_pos < salt_length; salt_pos++) {
+- ldns_buffer_printf(output, "%02x", data[1 + salt_pos]);
+- }
+- ldns_buffer_printf(output, " ");
+- }
+-
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- /* period is the number of seconds */
+- if (ldns_rdf_size(rdf) != 4) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- ldns_buffer_printf(output, "%u", ldns_read_uint32(ldns_rdf_data(rdf)));
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_tsigtime(ldns_buffer *output,const ldns_rdf *rdf)
+-{
+- /* tsigtime is 48 bits network order unsigned integer */
+- uint64_t tsigtime = 0;
+- uint8_t *data = ldns_rdf_data(rdf);
+- uint64_t d0, d1, d2, d3, d4, d5;
+-
+- if (ldns_rdf_size(rdf) < 6) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- d0 = data[0]; /* cast to uint64 for shift operations */
+- d1 = data[1];
+- d2 = data[2];
+- d3 = data[3];
+- d4 = data[4];
+- d5 = data[5];
+- tsigtime = (d0<<40) | (d1<<32) | (d2<<24) | (d3<<16) | (d4<<8) | d5;
+-
+- ldns_buffer_printf(output, "%llu ", (long long)tsigtime);
+-
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- uint8_t *data = ldns_rdf_data(rdf);
+- uint16_t address_family;
+- uint8_t prefix;
+- bool negation;
+- uint8_t adf_length;
+- size_t i;
+- size_t pos = 0;
+-
+- while (pos < (unsigned int) ldns_rdf_size(rdf)) {
+- if(pos + 3 >= (unsigned)ldns_rdf_size(rdf))
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- address_family = ldns_read_uint16(&data[pos]);
+- prefix = data[pos + 2];
+- negation = data[pos + 3] & LDNS_APL_NEGATION;
+- adf_length = data[pos + 3] & LDNS_APL_MASK;
+- if (address_family == LDNS_APL_IP4) {
+- /* check if prefix < 32? */
+- if (negation) {
+- ldns_buffer_printf(output, "!");
+- }
+- ldns_buffer_printf(output, "%u:", address_family);
+- /* address is variable length 0 - 4 */
+- for (i = 0; i < 4; i++) {
+- if (i > 0) {
+- ldns_buffer_printf(output, ".");
+- }
+- if (i < (unsigned short) adf_length) {
+- if(pos+i+4 >= ldns_rdf_size(rdf))
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- ldns_buffer_printf(output, "%d",
+- data[pos + i + 4]);
+- } else {
+- ldns_buffer_printf(output, "0");
+- }
+- }
+- ldns_buffer_printf(output, "/%u ", prefix);
+- } else if (address_family == LDNS_APL_IP6) {
+- /* check if prefix < 128? */
+- if (negation) {
+- ldns_buffer_printf(output, "!");
+- }
+- ldns_buffer_printf(output, "%u:", address_family);
+- /* address is variable length 0 - 16 */
+- for (i = 0; i < 16; i++) {
+- if (i % 2 == 0 && i > 0) {
+- ldns_buffer_printf(output, ":");
+- }
+- if (i < (unsigned short) adf_length) {
+- if(pos+i+4 >= ldns_rdf_size(rdf))
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- ldns_buffer_printf(output, "%02x",
+- data[pos + i + 4]);
+- } else {
+- ldns_buffer_printf(output, "00");
+- }
+- }
+- ldns_buffer_printf(output, "/%u ", prefix);
+-
+- } else {
+- /* unknown address family */
+- ldns_buffer_printf(output,
+- "Unknown address family: %u data: ",
+- address_family);
+- for (i = 1; i < (unsigned short) (4 + adf_length); i++) {
+- if(pos+i >= ldns_rdf_size(rdf))
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- ldns_buffer_printf(output, "%02x", data[i]);
+- }
+- }
+- pos += 4 + adf_length;
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- size_t size;
+- char *b64;
+- if (ldns_rdf_size(rdf) < 2) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- /* Subtract the size (2) of the number that specifies the length */
+- size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf) - 2);
+- ldns_buffer_printf(output, "%u ", ldns_rdf_size(rdf) - 2);
+- if (ldns_rdf_size(rdf) > 2) {
+- b64 = LDNS_XMALLOC(char, size);
+- if(!b64)
+- return LDNS_STATUS_MEM_ERR;
+-
+- if (ldns_rdf_size(rdf) > 2 &&
+- ldns_b64_ntop(ldns_rdf_data(rdf) + 2,
+- ldns_rdf_size(rdf) - 2,
+- b64, size)) {
+- ldns_buffer_printf(output, "%s", b64);
+- }
+- LDNS_FREE(b64);
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- /* wire format from
+- http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt
+- */
+- uint8_t *data = ldns_rdf_data(rdf);
+- uint8_t precedence;
+- uint8_t gateway_type;
+- uint8_t algorithm;
+-
+- ldns_rdf *gateway = NULL;
+- uint8_t *gateway_data;
+-
+- size_t public_key_size;
+- uint8_t *public_key_data;
+- ldns_rdf *public_key;
+-
+- size_t offset = 0;
+- ldns_status status;
+-
+- if (ldns_rdf_size(rdf) < 3) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- precedence = data[0];
+- gateway_type = data[1];
+- algorithm = data[2];
+- offset = 3;
+-
+- switch (gateway_type) {
+- case 0:
+- /* no gateway */
+- break;
+- case 1:
+- gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN);
+- if(!gateway_data)
+- return LDNS_STATUS_MEM_ERR;
+- if (ldns_rdf_size(rdf) < offset + LDNS_IP4ADDRLEN) {
+- return LDNS_STATUS_ERR;
+- }
+- memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN);
+- gateway = ldns_rdf_new(LDNS_RDF_TYPE_A,
+- LDNS_IP4ADDRLEN , gateway_data);
+- offset += LDNS_IP4ADDRLEN;
+- if(!gateway) {
+- LDNS_FREE(gateway_data);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- break;
+- case 2:
+- gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN);
+- if(!gateway_data)
+- return LDNS_STATUS_MEM_ERR;
+- if (ldns_rdf_size(rdf) < offset + LDNS_IP6ADDRLEN) {
+- return LDNS_STATUS_ERR;
+- }
+- memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN);
+- offset += LDNS_IP6ADDRLEN;
+- gateway =
+- ldns_rdf_new(LDNS_RDF_TYPE_AAAA,
+- LDNS_IP6ADDRLEN, gateway_data);
+- if(!gateway) {
+- LDNS_FREE(gateway_data);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- break;
+- case 3:
+- status = ldns_wire2dname(&gateway, data,
+- ldns_rdf_size(rdf), &offset);
+- if(status != LDNS_STATUS_OK)
+- return status;
+- break;
+- default:
+- /* error? */
+- break;
+- }
+-
+- if (ldns_rdf_size(rdf) <= offset) {
+- return LDNS_STATUS_ERR;
+- }
+- public_key_size = ldns_rdf_size(rdf) - offset;
+- public_key_data = LDNS_XMALLOC(uint8_t, public_key_size);
+- if(!public_key_data) {
+- ldns_rdf_free(gateway);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- memcpy(public_key_data, &data[offset], public_key_size);
+- public_key = ldns_rdf_new(LDNS_RDF_TYPE_B64,
+- public_key_size, public_key_data);
+- if(!public_key) {
+- LDNS_FREE(public_key_data);
+- ldns_rdf_free(gateway);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- ldns_buffer_printf(output, "%u %u %u ", precedence, gateway_type, algorithm);
+- if (gateway)
+- (void) ldns_rdf2buffer_str(output, gateway);
+- else
+- ldns_buffer_printf(output, ".");
+- ldns_buffer_printf(output, " ");
+- (void) ldns_rdf2buffer_str(output, public_key);
+-
+- ldns_rdf_free(gateway);
+- ldns_rdf_free(public_key);
+-
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_ilnp64(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- if (ldns_rdf_size(rdf) != 8) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- ldns_buffer_printf(output,"%.4x:%.4x:%.4x:%.4x",
+- ldns_read_uint16(ldns_rdf_data(rdf)),
+- ldns_read_uint16(ldns_rdf_data(rdf)+2),
+- ldns_read_uint16(ldns_rdf_data(rdf)+4),
+- ldns_read_uint16(ldns_rdf_data(rdf)+6));
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_eui48(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- if (ldns_rdf_size(rdf) != 6) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- ldns_buffer_printf(output,"%.2x-%.2x-%.2x-%.2x-%.2x-%.2x",
+- ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf)[1],
+- ldns_rdf_data(rdf)[2], ldns_rdf_data(rdf)[3],
+- ldns_rdf_data(rdf)[4], ldns_rdf_data(rdf)[5]);
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_eui64(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- if (ldns_rdf_size(rdf) != 8) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- ldns_buffer_printf(output,"%.2x-%.2x-%.2x-%.2x-%.2x-%.2x-%.2x-%.2x",
+- ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf)[1],
+- ldns_rdf_data(rdf)[2], ldns_rdf_data(rdf)[3],
+- ldns_rdf_data(rdf)[4], ldns_rdf_data(rdf)[5],
+- ldns_rdf_data(rdf)[6], ldns_rdf_data(rdf)[7]);
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_tag(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- size_t nchars;
+- const uint8_t* chars;
+- char ch;
+- if (ldns_rdf_size(rdf) < 2) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- nchars = ldns_rdf_data(rdf)[0];
+- if (nchars >= ldns_rdf_size(rdf) || /* should be rdf_size - 1 */
+- nchars < 1) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- chars = ldns_rdf_data(rdf) + 1;
+- while (nchars > 0) {
+- ch = (char)*chars++;
+- if (! isalnum(ch)) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- ldns_buffer_printf(output, "%c", ch);
+- nchars--;
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_long_str(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+-
+- ldns_buffer_printf(output, "\"");
+- ldns_characters2buffer_str(output,
+- ldns_rdf_size(rdf), ldns_rdf_data(rdf));
+- ldns_buffer_printf(output, "\"");
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str_hip(ldns_buffer *output, const ldns_rdf *rdf)
+-{
+- uint8_t *data = ldns_rdf_data(rdf);
+- size_t rdf_size = ldns_rdf_size(rdf);
+- uint8_t hit_size;
+- uint16_t pk_size;
+- int written;
+-
+- if (rdf_size < 6) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- if ((hit_size = data[0]) == 0 ||
+- (pk_size = ldns_read_uint16(data + 2)) == 0 ||
+- rdf_size < (size_t) hit_size + pk_size + 4) {
+-
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+-
+- ldns_buffer_printf(output, "%d ", (int) data[1]);
+-
+- for (data += 4; hit_size > 0; hit_size--, data++) {
+-
+- ldns_buffer_printf(output, "%02x", (int) *data);
+- }
+- ldns_buffer_write_u8(output, (uint8_t) ' ');
+-
+- if (ldns_buffer_reserve(output,
+- ldns_b64_ntop_calculate_size(pk_size))) {
+-
+- written = ldns_b64_ntop(data, pk_size,
+- (char *) ldns_buffer_current(output),
+- ldns_buffer_remaining(output));
+-
+- if (written > 0 &&
+- written < (int) ldns_buffer_remaining(output)) {
+-
+- output->_position += written;
+- }
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-static ldns_status
+-ldns_rdf2buffer_str_fmt(ldns_buffer *buffer,
+- const ldns_output_format* fmt, const ldns_rdf *rdf)
+-{
+- ldns_status res = LDNS_STATUS_OK;
+-
+- /*ldns_buffer_printf(buffer, "%u:", ldns_rdf_get_type(rdf));*/
+- if (rdf) {
+- switch(ldns_rdf_get_type(rdf)) {
+- case LDNS_RDF_TYPE_NONE:
+- break;
+- case LDNS_RDF_TYPE_DNAME:
+- res = ldns_rdf2buffer_str_dname(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_INT8: /* Don't output mnemonics for these */
+- case LDNS_RDF_TYPE_ALG:
+- case LDNS_RDF_TYPE_CERTIFICATE_USAGE:
+- case LDNS_RDF_TYPE_SELECTOR:
+- case LDNS_RDF_TYPE_MATCHING_TYPE:
+- res = ldns_rdf2buffer_str_int8(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_INT16:
+- res = ldns_rdf2buffer_str_int16(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_INT32:
+- res = ldns_rdf2buffer_str_int32(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_PERIOD:
+- res = ldns_rdf2buffer_str_period(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_TSIGTIME:
+- res = ldns_rdf2buffer_str_tsigtime(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_A:
+- res = ldns_rdf2buffer_str_a(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_AAAA:
+- res = ldns_rdf2buffer_str_aaaa(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_STR:
+- res = ldns_rdf2buffer_str_str(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_APL:
+- res = ldns_rdf2buffer_str_apl(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_B32_EXT:
+- res = ldns_rdf2buffer_str_b32_ext(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_B64:
+- res = ldns_rdf2buffer_str_b64(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_HEX:
+- res = ldns_rdf2buffer_str_hex(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_NSEC:
+- res = ldns_rdf2buffer_str_nsec_fmt(buffer, fmt, rdf);
+- break;
+- case LDNS_RDF_TYPE_NSEC3_SALT:
+- res = ldns_rdf2buffer_str_nsec3_salt(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_TYPE:
+- res = ldns_rdf2buffer_str_type_fmt(buffer, fmt, rdf);
+- break;
+- case LDNS_RDF_TYPE_CLASS:
+- res = ldns_rdf2buffer_str_class(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_CERT_ALG:
+- res = ldns_rdf2buffer_str_cert_alg(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_UNKNOWN:
+- res = ldns_rdf2buffer_str_unknown(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_TIME:
+- res = ldns_rdf2buffer_str_time(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_HIP:
+- res = ldns_rdf2buffer_str_hip(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_LOC:
+- res = ldns_rdf2buffer_str_loc(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_WKS:
+- case LDNS_RDF_TYPE_SERVICE:
+- res = ldns_rdf2buffer_str_wks(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_NSAP:
+- res = ldns_rdf2buffer_str_nsap(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_ATMA:
+- res = ldns_rdf2buffer_str_atma(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_IPSECKEY:
+- res = ldns_rdf2buffer_str_ipseckey(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_INT16_DATA:
+- res = ldns_rdf2buffer_str_int16_data(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER:
+- res = ldns_rdf2buffer_str_b32_ext(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_ILNP64:
+- res = ldns_rdf2buffer_str_ilnp64(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_EUI48:
+- res = ldns_rdf2buffer_str_eui48(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_EUI64:
+- res = ldns_rdf2buffer_str_eui64(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_TAG:
+- res = ldns_rdf2buffer_str_tag(buffer, rdf);
+- break;
+- case LDNS_RDF_TYPE_LONG_STR:
+- res = ldns_rdf2buffer_str_long_str(buffer, rdf);
+- break;
+- }
+- } else {
+- /** This will write mangled RRs */
+- ldns_buffer_printf(buffer, "(null) ");
+- res = LDNS_STATUS_ERR;
+- }
+- return res;
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_str(ldns_buffer *buffer, const ldns_rdf *rdf)
+-{
+- return ldns_rdf2buffer_str_fmt(buffer,ldns_output_format_default,rdf);
+-}
+-
+-static ldns_rdf *
+-ldns_b32_ext2dname(const ldns_rdf *rdf)
+-{
+- size_t size;
+- char *b32;
+- ldns_rdf *out;
+- if(ldns_rdf_size(rdf) == 0)
+- return NULL;
+- /* remove -1 for the b32-hash-len octet */
+- size = ldns_b32_ntop_calculate_size(ldns_rdf_size(rdf) - 1);
+- /* add one for the end nul for the string */
+- b32 = LDNS_XMALLOC(char, size + 2);
+- if (b32) {
+- if (ldns_b32_ntop_extended_hex(ldns_rdf_data(rdf) + 1,
+- ldns_rdf_size(rdf) - 1, b32, size+1) > 0) {
+- b32[size] = '.';
+- b32[size+1] = '\0';
+- if (ldns_str2rdf_dname(&out, b32) == LDNS_STATUS_OK) {
+- LDNS_FREE(b32);
+- return out;
+- }
+- }
+- LDNS_FREE(b32);
+- }
+- return NULL;
+-}
+-
+-static ldns_status
+-ldns_rr2buffer_str_rfc3597(ldns_buffer *output, const ldns_rr *rr)
+-{
+- size_t total_rdfsize = 0;
+- size_t i, j;
+-
+- ldns_buffer_printf(output, "TYPE%u\t", ldns_rr_get_type(rr));
+- for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+- total_rdfsize += ldns_rdf_size(ldns_rr_rdf(rr, i));
+- }
+- if (total_rdfsize == 0) {
+- ldns_buffer_printf(output, "\\# 0\n");
+- return ldns_buffer_status(output);
+- }
+- ldns_buffer_printf(output, "\\# %d ", total_rdfsize);
+- for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+- for (j = 0; j < ldns_rdf_size(ldns_rr_rdf(rr, i)); j++) {
+- ldns_buffer_printf(output, "%.2x",
+- ldns_rdf_data(ldns_rr_rdf(rr, i))[j]);
+- }
+- }
+- ldns_buffer_printf(output, "\n");
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rr2buffer_str_fmt(ldns_buffer *output,
+- const ldns_output_format *fmt, const ldns_rr *rr)
+-{
+- uint16_t i, flags;
+- ldns_status status = LDNS_STATUS_OK;
+- ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt;
+-
+- if (fmt_st == NULL) {
+- fmt_st = (ldns_output_format_storage*)
+- ldns_output_format_default;
+- }
+- if (!rr) {
+- if (LDNS_COMMENT_NULLS & fmt_st->flags) {
+- ldns_buffer_printf(output, "; (null)\n");
+- }
+- return ldns_buffer_status(output);
+- }
+- if (ldns_rr_owner(rr)) {
+- status = ldns_rdf2buffer_str_dname(output, ldns_rr_owner(rr));
+- }
+- if (status != LDNS_STATUS_OK) {
+- return status;
+- }
+-
+- /* TTL should NOT be printed if it is a question */
+- if (!ldns_rr_is_question(rr)) {
+- ldns_buffer_printf(output, "\t%d", ldns_rr_ttl(rr));
+- }
+-
+- ldns_buffer_printf(output, "\t");
+- status = ldns_rr_class2buffer_str(output, ldns_rr_get_class(rr));
+- if (status != LDNS_STATUS_OK) {
+- return status;
+- }
+- ldns_buffer_printf(output, "\t");
+-
+- if (ldns_output_format_covers_type(fmt, ldns_rr_get_type(rr))) {
+- return ldns_rr2buffer_str_rfc3597(output, rr);
+- }
+- status = ldns_rr_type2buffer_str(output, ldns_rr_get_type(rr));
+- if (status != LDNS_STATUS_OK) {
+- return status;
+- }
+-
+- if (ldns_rr_rd_count(rr) > 0) {
+- ldns_buffer_printf(output, "\t");
+- } else if (!ldns_rr_is_question(rr)) {
+- ldns_buffer_printf(output, "\t\\# 0");
+- }
+-
+- for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+- /* ldns_rdf2buffer_str handles NULL input fine! */
+- if ((fmt_st->flags & LDNS_FMT_ZEROIZE_RRSIGS) &&
+- (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) &&
+- ((/* inception */ i == 4 &&
+- ldns_rdf_get_type(ldns_rr_rdf(rr, 4)) ==
+- LDNS_RDF_TYPE_TIME) ||
+- (/* expiration */ i == 5 &&
+- ldns_rdf_get_type(ldns_rr_rdf(rr, 5)) ==
+- LDNS_RDF_TYPE_TIME) ||
+- (/* signature */ i == 8 &&
+- ldns_rdf_get_type(ldns_rr_rdf(rr, 8)) ==
+- LDNS_RDF_TYPE_B64))) {
+-
+- ldns_buffer_printf(output, "(null)");
+- status = ldns_buffer_status(output);
+- } else if ((fmt_st->flags & LDNS_FMT_PAD_SOA_SERIAL) &&
+- (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) &&
+- /* serial */ i == 2 &&
+- ldns_rdf_get_type(ldns_rr_rdf(rr, 2)) ==
+- LDNS_RDF_TYPE_INT32) {
+- ldns_buffer_printf(output, "%10lu",
+- (unsigned long) ldns_read_uint32(
+- ldns_rdf_data(ldns_rr_rdf(rr, 2))));
+- status = ldns_buffer_status(output);
+- } else {
+- status = ldns_rdf2buffer_str_fmt(output,
+- fmt, ldns_rr_rdf(rr, i));
+- }
+- if(status != LDNS_STATUS_OK)
+- return status;
+- if (i < ldns_rr_rd_count(rr) - 1) {
+- ldns_buffer_printf(output, " ");
+- }
+- }
+- /* per RR special comments - handy for DNSSEC types */
+- /* check to prevent question sec. rr from
+- * getting here */
+- if (ldns_rr_rd_count(rr) > 0) {
+- switch (ldns_rr_get_type(rr)) {
+- case LDNS_RR_TYPE_DNSKEY:
+- /* if ldns_rr_rd_count(rr) > 0
+- then ldns_rr_rdf(rr, 0) exists! */
+- if (! (fmt_st->flags & LDNS_COMMENT_KEY)) {
+- break;
+- }
+- flags = ldns_rdf2native_int16(ldns_rr_rdf(rr, 0));
+- ldns_buffer_printf(output, " ;{");
+- if (fmt_st->flags & LDNS_COMMENT_KEY_ID) {
+- ldns_buffer_printf(output, "id = %u",
+- (unsigned int) ldns_calc_keytag(rr));
+- }
+- if ((fmt_st->flags & LDNS_COMMENT_KEY_TYPE) &&
+- (flags & LDNS_KEY_ZONE_KEY)){
+-
+- if (flags & LDNS_KEY_SEP_KEY) {
+- ldns_buffer_printf(output, " (ksk)");
+- } else {
+- ldns_buffer_printf(output, " (zsk)");
+- }
+- if (fmt_st->flags & LDNS_COMMENT_KEY_SIZE){
+- ldns_buffer_printf(output, ", ");
+- }
+- } else if (fmt_st->flags
+- & (LDNS_COMMENT_KEY_ID
+- |LDNS_COMMENT_KEY_SIZE)) {
+- ldns_buffer_printf( output, ", ");
+- }
+- if (fmt_st->flags & LDNS_COMMENT_KEY_SIZE) {
+- ldns_buffer_printf(output, "size = %db",
+- ldns_rr_dnskey_key_size(rr));
+- }
+- ldns_buffer_printf(output, "}");
+- break;
+- case LDNS_RR_TYPE_RRSIG:
+- if ((fmt_st->flags & LDNS_COMMENT_KEY)
+- && (fmt_st->flags& LDNS_COMMENT_RRSIGS)
+- && ldns_rr_rdf(rr, 6) != NULL) {
+- ldns_buffer_printf(output, " ;{id = %d}",
+- ldns_rdf2native_int16(
+- ldns_rr_rdf(rr, 6)));
+- }
+- break;
+- case LDNS_RR_TYPE_DS:
+- if ((fmt_st->flags & LDNS_COMMENT_BUBBLEBABBLE) &&
+- ldns_rr_rdf(rr, 3) != NULL) {
+-
+- uint8_t *data = ldns_rdf_data(
+- ldns_rr_rdf(rr, 3));
+- size_t len = ldns_rdf_size(ldns_rr_rdf(rr, 3));
+- char *babble = ldns_bubblebabble(data, len);
+- if(babble) {
+- ldns_buffer_printf(output,
+- " ;{%s}", babble);
+- }
+- LDNS_FREE(babble);
+- }
+- break;
+- case LDNS_RR_TYPE_NSEC3:
+- if (! (fmt_st->flags & LDNS_COMMENT_FLAGS) &&
+- ! (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN)) {
+- break;
+- }
+- ldns_buffer_printf(output, " ;{");
+- if ((fmt_st->flags & LDNS_COMMENT_FLAGS)) {
+- if (ldns_nsec3_optout(rr)) {
+- ldns_buffer_printf(output,
+- " flags: optout");
+- } else {
+- ldns_buffer_printf(output," flags: -");
+- }
+- if (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN &&
+- fmt_st->hashmap != NULL) {
+- ldns_buffer_printf(output, ", ");
+- }
+- }
+- if (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN &&
+- fmt_st->hashmap != NULL) {
+- ldns_rbnode_t *node;
+- ldns_rdf *key = ldns_dname_label(
+- ldns_rr_owner(rr), 0);
+- if (key) {
+- node = ldns_rbtree_search(
+- fmt_st->hashmap,
+- (void *) key);
+- if (node->data) {
+- ldns_buffer_printf(output,
+- "from: ");
+- (void) ldns_rdf2buffer_str(
+- output,
+- ldns_dnssec_name_name(
+- (ldns_dnssec_name*)
+- node->data
+- ));
+- }
+- ldns_rdf_free(key);
+- }
+- key = ldns_b32_ext2dname(
+- ldns_nsec3_next_owner(rr));
+- if (key) {
+- node = ldns_rbtree_search(
+- fmt_st->hashmap,
+- (void *) key);
+- if (node->data) {
+- ldns_buffer_printf(output,
+- " to: ");
+- (void) ldns_rdf2buffer_str(
+- output,
+- ldns_dnssec_name_name(
+- (ldns_dnssec_name*)
+- node->data
+- ));
+- }
+- ldns_rdf_free(key);
+- }
+- }
+- ldns_buffer_printf(output, "}");
+- break;
+- default:
+- break;
+-
+- }
+- }
+- /* last */
+- ldns_buffer_printf(output, "\n");
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr)
+-{
+- return ldns_rr2buffer_str_fmt(output, ldns_output_format_default, rr);
+-}
+-
+-ldns_status
+-ldns_rr_list2buffer_str_fmt(ldns_buffer *output,
+- const ldns_output_format *fmt, const ldns_rr_list *list)
+-{
+- uint16_t i;
+-
+- for(i = 0; i < ldns_rr_list_rr_count(list); i++) {
+- (void) ldns_rr2buffer_str_fmt(output, fmt,
+- ldns_rr_list_rr(list, i));
+- }
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list)
+-{
+- return ldns_rr_list2buffer_str_fmt(
+- output, ldns_output_format_default, list);
+-}
+-
+-ldns_status
+-ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt)
+-{
+- ldns_lookup_table *opcode = ldns_lookup_by_id(ldns_opcodes,
+- (int) ldns_pkt_get_opcode(pkt));
+- ldns_lookup_table *rcode = ldns_lookup_by_id(ldns_rcodes,
+- (int) ldns_pkt_get_rcode(pkt));
+-
+- ldns_buffer_printf(output, ";; ->>HEADER<<- ");
+- if (opcode) {
+- ldns_buffer_printf(output, "opcode: %s, ", opcode->name);
+- } else {
+- ldns_buffer_printf(output, "opcode: ?? (%u), ",
+- ldns_pkt_get_opcode(pkt));
+- }
+- if (rcode) {
+- ldns_buffer_printf(output, "rcode: %s, ", rcode->name);
+- } else {
+- ldns_buffer_printf(output, "rcode: ?? (%u), ", ldns_pkt_get_rcode(pkt));
+- }
+- ldns_buffer_printf(output, "id: %d\n", ldns_pkt_id(pkt));
+- ldns_buffer_printf(output, ";; flags: ");
+-
+- if (ldns_pkt_qr(pkt)) {
+- ldns_buffer_printf(output, "qr ");
+- }
+- if (ldns_pkt_aa(pkt)) {
+- ldns_buffer_printf(output, "aa ");
+- }
+- if (ldns_pkt_tc(pkt)) {
+- ldns_buffer_printf(output, "tc ");
+- }
+- if (ldns_pkt_rd(pkt)) {
+- ldns_buffer_printf(output, "rd ");
+- }
+- if (ldns_pkt_cd(pkt)) {
+- ldns_buffer_printf(output, "cd ");
+- }
+- if (ldns_pkt_ra(pkt)) {
+- ldns_buffer_printf(output, "ra ");
+- }
+- if (ldns_pkt_ad(pkt)) {
+- ldns_buffer_printf(output, "ad ");
+- }
+- ldns_buffer_printf(output, "; ");
+- ldns_buffer_printf(output, "QUERY: %u, ", ldns_pkt_qdcount(pkt));
+- ldns_buffer_printf(output, "ANSWER: %u, ", ldns_pkt_ancount(pkt));
+- ldns_buffer_printf(output, "AUTHORITY: %u, ", ldns_pkt_nscount(pkt));
+- ldns_buffer_printf(output, "ADDITIONAL: %u ", ldns_pkt_arcount(pkt));
+- return ldns_buffer_status(output);
+-}
+-
+-ldns_status
+-ldns_pkt2buffer_str_fmt(ldns_buffer *output,
+- const ldns_output_format *fmt, const ldns_pkt *pkt)
+-{
+- uint16_t i;
+- ldns_status status = LDNS_STATUS_OK;
+- char *tmp;
+- struct timeval time;
+- time_t time_tt;
+-
+- if (!pkt) {
+- ldns_buffer_printf(output, "null");
+- return LDNS_STATUS_OK;
+- }
+-
+- if (ldns_buffer_status_ok(output)) {
+- status = ldns_pktheader2buffer_str(output, pkt);
+- if (status != LDNS_STATUS_OK) {
+- return status;
+- }
+-
+- ldns_buffer_printf(output, "\n");
+-
+- ldns_buffer_printf(output, ";; QUESTION SECTION:\n;; ");
+-
+-
+- for (i = 0; i < ldns_pkt_qdcount(pkt); i++) {
+- status = ldns_rr2buffer_str_fmt(output, fmt,
+- ldns_rr_list_rr(
+- ldns_pkt_question(pkt), i));
+- if (status != LDNS_STATUS_OK) {
+- return status;
+- }
+- }
+- ldns_buffer_printf(output, "\n");
+-
+- ldns_buffer_printf(output, ";; ANSWER SECTION:\n");
+- for (i = 0; i < ldns_pkt_ancount(pkt); i++) {
+- status = ldns_rr2buffer_str_fmt(output, fmt,
+- ldns_rr_list_rr(
+- ldns_pkt_answer(pkt), i));
+- if (status != LDNS_STATUS_OK) {
+- return status;
+- }
+-
+- }
+- ldns_buffer_printf(output, "\n");
+-
+- ldns_buffer_printf(output, ";; AUTHORITY SECTION:\n");
+-
+- for (i = 0; i < ldns_pkt_nscount(pkt); i++) {
+- status = ldns_rr2buffer_str_fmt(output, fmt,
+- ldns_rr_list_rr(
+- ldns_pkt_authority(pkt), i));
+- if (status != LDNS_STATUS_OK) {
+- return status;
+- }
+- }
+- ldns_buffer_printf(output, "\n");
+-
+- ldns_buffer_printf(output, ";; ADDITIONAL SECTION:\n");
+- for (i = 0; i < ldns_pkt_arcount(pkt); i++) {
+- status = ldns_rr2buffer_str_fmt(output, fmt,
+- ldns_rr_list_rr(
+- ldns_pkt_additional(pkt), i));
+- if (status != LDNS_STATUS_OK) {
+- return status;
+- }
+-
+- }
+- ldns_buffer_printf(output, "\n");
+- /* add some futher fields */
+- ldns_buffer_printf(output, ";; Query time: %d msec\n",
+- ldns_pkt_querytime(pkt));
+- if (ldns_pkt_edns(pkt)) {
+- ldns_buffer_printf(output,
+- ";; EDNS: version %u; flags:",
+- ldns_pkt_edns_version(pkt));
+- if (ldns_pkt_edns_do(pkt)) {
+- ldns_buffer_printf(output, " do");
+- }
+- /* the extended rcode is the value set, shifted four bits,
+- * and or'd with the original rcode */
+- if (ldns_pkt_edns_extended_rcode(pkt)) {
+- ldns_buffer_printf(output, " ; ext-rcode: %d",
+- (ldns_pkt_edns_extended_rcode(pkt) << 4 | ldns_pkt_get_rcode(pkt)));
+- }
+- ldns_buffer_printf(output, " ; udp: %u\n",
+- ldns_pkt_edns_udp_size(pkt));
+-
+- if (ldns_pkt_edns_data(pkt)) {
+- ldns_buffer_printf(output, ";; Data: ");
+- (void)ldns_rdf2buffer_str(output,
+- ldns_pkt_edns_data(pkt));
+- ldns_buffer_printf(output, "\n");
+- }
+- }
+- if (ldns_pkt_tsig(pkt)) {
+- ldns_buffer_printf(output, ";; TSIG:\n;; ");
+- (void) ldns_rr2buffer_str_fmt(
+- output, fmt, ldns_pkt_tsig(pkt));
+- ldns_buffer_printf(output, "\n");
+- }
+- if (ldns_pkt_answerfrom(pkt)) {
+- tmp = ldns_rdf2str(ldns_pkt_answerfrom(pkt));
+- ldns_buffer_printf(output, ";; SERVER: %s\n", tmp);
+- LDNS_FREE(tmp);
+- }
+- time = ldns_pkt_timestamp(pkt);
+- time_tt = (time_t)time.tv_sec;
+- ldns_buffer_printf(output, ";; WHEN: %s",
+- (char*)ctime(&time_tt));
+-
+- ldns_buffer_printf(output, ";; MSG SIZE rcvd: %d\n",
+- (int)ldns_pkt_size(pkt));
+- } else {
+- return ldns_buffer_status(output);
+- }
+- return status;
+-}
+-
+-ldns_status
+-ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt)
+-{
+- return ldns_pkt2buffer_str_fmt(output, ldns_output_format_default, pkt);
+-}
+-
+-
+-#ifdef HAVE_SSL
+-static ldns_status
+-ldns_hmac_key2buffer_str(ldns_buffer *output, const ldns_key *k)
+-{
+- ldns_status status;
+- size_t i;
+- ldns_rdf *b64_bignum;
+-
+- ldns_buffer_printf(output, "Key: ");
+-
+- i = ldns_key_hmac_size(k);
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, ldns_key_hmac_key(k));
+- status = ldns_rdf2buffer_str(output, b64_bignum);
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- return status;
+-}
+-#endif
+-
+-#if defined(HAVE_SSL) && defined(USE_GOST)
+-static ldns_status
+-ldns_gost_key2buffer_str(ldns_buffer *output, EVP_PKEY *p)
+-{
+- unsigned char* pp = NULL;
+- int ret;
+- ldns_rdf *b64_bignum;
+- ldns_status status;
+-
+- ldns_buffer_printf(output, "GostAsn1: ");
+-
+- ret = i2d_PrivateKey(p, &pp);
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, (size_t)ret, pp);
+- status = ldns_rdf2buffer_str(output, b64_bignum);
+-
+- ldns_rdf_deep_free(b64_bignum);
+- OPENSSL_free(pp);
+- ldns_buffer_printf(output, "\n");
+- return status;
+-}
+-#endif
+-
+-ldns_status
+-ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
+-{
+- ldns_status status = LDNS_STATUS_OK;
+- unsigned char *bignum;
+-#ifdef HAVE_SSL
+-# ifndef S_SPLINT_S
+- uint16_t i;
+-# endif
+- /* not used when ssl is not defined */
+- /*@unused@*/
+- ldns_rdf *b64_bignum = NULL;
+-
+- RSA *rsa;
+- DSA *dsa;
+-#endif /* HAVE_SSL */
+-
+- if (!k) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- bignum = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
+- if (!bignum) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (ldns_buffer_status_ok(output)) {
+-#ifdef HAVE_SSL
+- switch(ldns_key_algorithm(k)) {
+- case LDNS_SIGN_RSASHA1:
+- case LDNS_SIGN_RSASHA1_NSEC3:
+- case LDNS_SIGN_RSASHA256:
+- case LDNS_SIGN_RSASHA512:
+- case LDNS_SIGN_RSAMD5:
+- /* copied by looking at dnssec-keygen output */
+- /* header */
+- rsa = ldns_key_rsa_key(k);
+-
+- ldns_buffer_printf(output,"Private-key-format: v1.2\n");
+- switch(ldns_key_algorithm(k)) {
+- case LDNS_SIGN_RSAMD5:
+- ldns_buffer_printf(output,
+- "Algorithm: %u (RSA)\n",
+- LDNS_RSAMD5);
+- break;
+- case LDNS_SIGN_RSASHA1:
+- ldns_buffer_printf(output,
+- "Algorithm: %u (RSASHA1)\n",
+- LDNS_RSASHA1);
+- break;
+- case LDNS_SIGN_RSASHA1_NSEC3:
+- ldns_buffer_printf(output,
+- "Algorithm: %u (RSASHA1_NSEC3)\n",
+- LDNS_RSASHA1_NSEC3);
+- break;
+-#ifdef USE_SHA2
+- case LDNS_SIGN_RSASHA256:
+- ldns_buffer_printf(output,
+- "Algorithm: %u (RSASHA256)\n",
+- LDNS_RSASHA256);
+- break;
+- case LDNS_SIGN_RSASHA512:
+- ldns_buffer_printf(output,
+- "Algorithm: %u (RSASHA512)\n",
+- LDNS_RSASHA512);
+- break;
+-#endif
+- default:
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "Warning: unknown signature ");
+- fprintf(stderr,
+- "algorithm type %u\n",
+- ldns_key_algorithm(k));
+-#endif
+- ldns_buffer_printf(output,
+- "Algorithm: %u (Unknown)\n",
+- ldns_key_algorithm(k));
+- break;
+- }
+-
+- /* print to buf, convert to bin, convert to b64,
+- * print to buf */
+- ldns_buffer_printf(output, "Modulus: ");
+-#ifndef S_SPLINT_S
+- i = (uint16_t)BN_bn2bin(rsa->n, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- ldns_buffer_printf(output, "PublicExponent: ");
+- i = (uint16_t)BN_bn2bin(rsa->e, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+-
+- ldns_buffer_printf(output, "PrivateExponent: ");
+- if (rsa->d) {
+- i = (uint16_t)BN_bn2bin(rsa->d, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- ldns_buffer_printf(output, "(Not available)\n");
+- }
+-
+- ldns_buffer_printf(output, "Prime1: ");
+- if (rsa->p) {
+- i = (uint16_t)BN_bn2bin(rsa->p, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- ldns_buffer_printf(output, "(Not available)\n");
+- }
+-
+- ldns_buffer_printf(output, "Prime2: ");
+- if (rsa->q) {
+- i = (uint16_t)BN_bn2bin(rsa->q, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- ldns_buffer_printf(output, "(Not available)\n");
+- }
+-
+- ldns_buffer_printf(output, "Exponent1: ");
+- if (rsa->dmp1) {
+- i = (uint16_t)BN_bn2bin(rsa->dmp1, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- ldns_buffer_printf(output, "(Not available)\n");
+- }
+-
+- ldns_buffer_printf(output, "Exponent2: ");
+- if (rsa->dmq1) {
+- i = (uint16_t)BN_bn2bin(rsa->dmq1, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- ldns_buffer_printf(output, "(Not available)\n");
+- }
+-
+- ldns_buffer_printf(output, "Coefficient: ");
+- if (rsa->iqmp) {
+- i = (uint16_t)BN_bn2bin(rsa->iqmp, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- ldns_buffer_printf(output, "(Not available)\n");
+- }
+-#endif /* splint */
+-
+- RSA_free(rsa);
+- break;
+- case LDNS_SIGN_DSA:
+- case LDNS_SIGN_DSA_NSEC3:
+- dsa = ldns_key_dsa_key(k);
+-
+- ldns_buffer_printf(output,"Private-key-format: v1.2\n");
+- if (ldns_key_algorithm(k) == LDNS_SIGN_DSA) {
+- ldns_buffer_printf(output,"Algorithm: 3 (DSA)\n");
+- } else if (ldns_key_algorithm(k) == LDNS_SIGN_DSA_NSEC3) {
+- ldns_buffer_printf(output,"Algorithm: 6 (DSA_NSEC3)\n");
+- }
+-
+- /* print to buf, convert to bin, convert to b64,
+- * print to buf */
+- ldns_buffer_printf(output, "Prime(p): ");
+-#ifndef S_SPLINT_S
+- if (dsa->p) {
+- i = (uint16_t)BN_bn2bin(dsa->p, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- printf("(Not available)\n");
+- }
+-
+- ldns_buffer_printf(output, "Subprime(q): ");
+- if (dsa->q) {
+- i = (uint16_t)BN_bn2bin(dsa->q, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- printf("(Not available)\n");
+- }
+-
+- ldns_buffer_printf(output, "Base(g): ");
+- if (dsa->g) {
+- i = (uint16_t)BN_bn2bin(dsa->g, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- printf("(Not available)\n");
+- }
+-
+- ldns_buffer_printf(output, "Private_value(x): ");
+- if (dsa->priv_key) {
+- i = (uint16_t)BN_bn2bin(dsa->priv_key, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- printf("(Not available)\n");
+- }
+-
+- ldns_buffer_printf(output, "Public_value(y): ");
+- if (dsa->pub_key) {
+- i = (uint16_t)BN_bn2bin(dsa->pub_key, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- } else {
+- printf("(Not available)\n");
+- }
+-#endif /* splint */
+- break;
+- case LDNS_SIGN_ECC_GOST:
+- /* no format defined, use blob */
+-#if defined(HAVE_SSL) && defined(USE_GOST)
+- ldns_buffer_printf(output, "Private-key-format: v1.2\n");
+- ldns_buffer_printf(output, "Algorithm: %d (ECC-GOST)\n", LDNS_SIGN_ECC_GOST);
+- status = ldns_gost_key2buffer_str(output,
+-#ifndef S_SPLINT_S
+- k->_key.key
+-#else
+- NULL
+-#endif
+- );
+-#else
+- goto error;
+-#endif /* GOST */
+- break;
+- case LDNS_SIGN_ECDSAP256SHA256:
+- case LDNS_SIGN_ECDSAP384SHA384:
+-#ifdef USE_ECDSA
+- ldns_buffer_printf(output, "Private-key-format: v1.2\n");
+- ldns_buffer_printf(output, "Algorithm: %d (", ldns_key_algorithm(k));
+- status=ldns_algorithm2buffer_str(output, (ldns_algorithm)ldns_key_algorithm(k));
+-#ifndef S_SPLINT_S
+- ldns_buffer_printf(output, ")\n");
+- if(k->_key.key) {
+- EC_KEY* ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
+- const BIGNUM* b = EC_KEY_get0_private_key(ec);
+- ldns_buffer_printf(output, "PrivateKey: ");
+- i = (uint16_t)BN_bn2bin(b, bignum);
+- if (i > LDNS_MAX_KEYLEN) {
+- goto error;
+- }
+- b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+- if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(b64_bignum);
+- goto error;
+- }
+- ldns_rdf_deep_free(b64_bignum);
+- ldns_buffer_printf(output, "\n");
+- /* down reference count in EC_KEY
+- * its still assigned to the PKEY */
+- EC_KEY_free(ec);
+- }
+-#endif /* splint */
+-#else
+- goto error;
+-#endif /* ECDSA */
+- break;
+- case LDNS_SIGN_HMACMD5:
+- /* there's not much of a format defined for TSIG */
+- /* It's just a binary blob, Same for all algorithms */
+- ldns_buffer_printf(output, "Private-key-format: v1.2\n");
+- ldns_buffer_printf(output, "Algorithm: 157 (HMAC_MD5)\n");
+- status = ldns_hmac_key2buffer_str(output, k);
+- break;
+- case LDNS_SIGN_HMACSHA1:
+- ldns_buffer_printf(output, "Private-key-format: v1.2\n");
+- ldns_buffer_printf(output, "Algorithm: 158 (HMAC_SHA1)\n");
+- status = ldns_hmac_key2buffer_str(output, k);
+- break;
+- case LDNS_SIGN_HMACSHA256:
+- ldns_buffer_printf(output, "Private-key-format: v1.2\n");
+- ldns_buffer_printf(output, "Algorithm: 159 (HMAC_SHA256)\n");
+- status = ldns_hmac_key2buffer_str(output, k);
+- break;
+- }
+-#endif /* HAVE_SSL */
+- } else {
+- LDNS_FREE(bignum);
+- return ldns_buffer_status(output);
+- }
+- LDNS_FREE(bignum);
+- return status;
+-
+-#ifdef HAVE_SSL
+- /* compiles warn the label isn't used */
+-error:
+- LDNS_FREE(bignum);
+- return LDNS_STATUS_ERR;
+-#endif /* HAVE_SSL */
+-
+-}
+-
+-/*
+- * Zero terminate the buffer and copy data.
+- */
+-char *
+-ldns_buffer2str(ldns_buffer *buffer)
+-{
+- char *str;
+-
+- /* check if buffer ends with \0, if not, and
+- if there is space, add it */
+- if (*(ldns_buffer_at(buffer, ldns_buffer_position(buffer))) != 0) {
+- if (!ldns_buffer_reserve(buffer, 1)) {
+- return NULL;
+- }
+- ldns_buffer_write_u8(buffer, (uint8_t) '\0');
+- if (!ldns_buffer_set_capacity(buffer, ldns_buffer_position(buffer))) {
+- return NULL;
+- }
+- }
+-
+- str = strdup((const char *)ldns_buffer_begin(buffer));
+- if(!str) {
+- return NULL;
+- }
+- return str;
+-}
+-
+-/*
+- * Zero terminate the buffer and export data.
+- */
+-char *
+-ldns_buffer_export2str(ldns_buffer *buffer)
+-{
+- /* Append '\0' as string terminator */
+- if (! ldns_buffer_reserve(buffer, 1)) {
+- return NULL;
+- }
+- ldns_buffer_write_u8(buffer, 0);
+-
+- /* reallocate memory to the size of the string and export */
+- ldns_buffer_set_capacity(buffer, ldns_buffer_position(buffer));
+- return ldns_buffer_export(buffer);
+-}
+-
+-char *
+-ldns_rdf2str(const ldns_rdf *rdf)
+-{
+- char *result = NULL;
+- ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+-
+- if (!tmp_buffer) {
+- return NULL;
+- }
+- if (ldns_rdf2buffer_str(tmp_buffer, rdf) == LDNS_STATUS_OK) {
+- /* export and return string, destroy rest */
+- result = ldns_buffer_export2str(tmp_buffer);
+- }
+- ldns_buffer_free(tmp_buffer);
+- return result;
+-}
+-
+-char *
+-ldns_rr2str_fmt(const ldns_output_format *fmt, const ldns_rr *rr)
+-{
+- char *result = NULL;
+- ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+-
+- if (!tmp_buffer) {
+- return NULL;
+- }
+- if (ldns_rr2buffer_str_fmt(tmp_buffer, fmt, rr)
+- == LDNS_STATUS_OK) {
+- /* export and return string, destroy rest */
+- result = ldns_buffer_export2str(tmp_buffer);
+- }
+- ldns_buffer_free(tmp_buffer);
+- return result;
+-}
+-
+-char *
+-ldns_rr2str(const ldns_rr *rr)
+-{
+- return ldns_rr2str_fmt(ldns_output_format_default, rr);
+-}
+-
+-char *
+-ldns_pkt2str_fmt(const ldns_output_format *fmt, const ldns_pkt *pkt)
+-{
+- char *result = NULL;
+- ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+-
+- if (!tmp_buffer) {
+- return NULL;
+- }
+- if (ldns_pkt2buffer_str_fmt(tmp_buffer, fmt, pkt)
+- == LDNS_STATUS_OK) {
+- /* export and return string, destroy rest */
+- result = ldns_buffer_export2str(tmp_buffer);
+- }
+-
+- ldns_buffer_free(tmp_buffer);
+- return result;
+-}
+-
+-char *
+-ldns_pkt2str(const ldns_pkt *pkt)
+-{
+- return ldns_pkt2str_fmt(ldns_output_format_default, pkt);
+-}
+-
+-char *
+-ldns_key2str(const ldns_key *k)
+-{
+- char *result = NULL;
+- ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+-
+- if (!tmp_buffer) {
+- return NULL;
+- }
+- if (ldns_key2buffer_str(tmp_buffer, k) == LDNS_STATUS_OK) {
+- /* export and return string, destroy rest */
+- result = ldns_buffer_export2str(tmp_buffer);
+- }
+- ldns_buffer_free(tmp_buffer);
+- return result;
+-}
+-
+-char *
+-ldns_rr_list2str_fmt(const ldns_output_format *fmt, const ldns_rr_list *list)
+-{
+- char *result = NULL;
+- ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+-
+- if (!tmp_buffer) {
+- return NULL;
+- }
+- if (list) {
+- if (ldns_rr_list2buffer_str_fmt(
+- tmp_buffer, fmt, list)
+- == LDNS_STATUS_OK) {
+- }
+- } else {
+- if (fmt == NULL) {
+- fmt = ldns_output_format_default;
+- }
+- if (fmt->flags & LDNS_COMMENT_NULLS) {
+- ldns_buffer_printf(tmp_buffer, "; (null)\n");
+- }
+- }
+-
+- /* export and return string, destroy rest */
+- result = ldns_buffer_export2str(tmp_buffer);
+- ldns_buffer_free(tmp_buffer);
+- return result;
+-}
+-
+-char *
+-ldns_rr_list2str(const ldns_rr_list *list)
+-{
+- return ldns_rr_list2str_fmt(ldns_output_format_default, list);
+-}
+-
+-void
+-ldns_rdf_print(FILE *output, const ldns_rdf *rdf)
+-{
+- char *str = ldns_rdf2str(rdf);
+- if (str) {
+- fprintf(output, "%s", str);
+- } else {
+- fprintf(output, ";Unable to convert rdf to string\n");
+- }
+- LDNS_FREE(str);
+-}
+-
+-void
+-ldns_rr_print_fmt(FILE *output,
+- const ldns_output_format *fmt, const ldns_rr *rr)
+-{
+- char *str = ldns_rr2str_fmt(fmt, rr);
+- if (str) {
+- fprintf(output, "%s", str);
+- } else {
+- fprintf(output, ";Unable to convert rr to string\n");
+- }
+- LDNS_FREE(str);
+-}
+-
+-void
+-ldns_rr_print(FILE *output, const ldns_rr *rr)
+-{
+- ldns_rr_print_fmt(output, ldns_output_format_default, rr);
+-}
+-
+-void
+-ldns_pkt_print_fmt(FILE *output,
+- const ldns_output_format *fmt, const ldns_pkt *pkt)
+-{
+- char *str = ldns_pkt2str_fmt(fmt, pkt);
+- if (str) {
+- fprintf(output, "%s", str);
+- } else {
+- fprintf(output, ";Unable to convert packet to string\n");
+- }
+- LDNS_FREE(str);
+-}
+-
+-void
+-ldns_pkt_print(FILE *output, const ldns_pkt *pkt)
+-{
+- ldns_pkt_print_fmt(output, ldns_output_format_default, pkt);
+-}
+-
+-void
+-ldns_rr_list_print_fmt(FILE *output,
+- const ldns_output_format *fmt, const ldns_rr_list *lst)
+-{
+- size_t i;
+- for (i = 0; i < ldns_rr_list_rr_count(lst); i++) {
+- ldns_rr_print_fmt(output, fmt, ldns_rr_list_rr(lst, i));
+- }
+-}
+-
+-void
+-ldns_rr_list_print(FILE *output, const ldns_rr_list *lst)
+-{
+- ldns_rr_list_print_fmt(output, ldns_output_format_default, lst);
+-}
+-
+-void
+-ldns_resolver_print_fmt(FILE *output,
+- const ldns_output_format *fmt, const ldns_resolver *r)
+-{
+- uint16_t i;
+- ldns_rdf **n;
+- ldns_rdf **s;
+- size_t *rtt;
+- if (!r) {
+- return;
+- }
+- n = ldns_resolver_nameservers(r);
+- s = ldns_resolver_searchlist(r);
+- rtt = ldns_resolver_rtt(r);
+-
+- fprintf(output, "port: %d\n", (int)ldns_resolver_port(r));
+- fprintf(output, "edns0 size: %d\n", (int)ldns_resolver_edns_udp_size(r));
+- fprintf(output, "use ip6: %d\n", (int)ldns_resolver_ip6(r));
+-
+- fprintf(output, "recursive: %d\n", ldns_resolver_recursive(r));
+- fprintf(output, "usevc: %d\n", ldns_resolver_usevc(r));
+- fprintf(output, "igntc: %d\n", ldns_resolver_igntc(r));
+- fprintf(output, "fail: %d\n", ldns_resolver_fail(r));
+- fprintf(output, "retry: %d\n", (int)ldns_resolver_retry(r));
+- fprintf(output, "retrans: %d\n", (int)ldns_resolver_retrans(r));
+- fprintf(output, "fallback: %d\n", ldns_resolver_fallback(r));
+- fprintf(output, "random: %d\n", ldns_resolver_random(r));
+- fprintf(output, "timeout: %d\n", (int)ldns_resolver_timeout(r).tv_sec);
+- fprintf(output, "dnssec: %d\n", ldns_resolver_dnssec(r));
+- fprintf(output, "dnssec cd: %d\n", ldns_resolver_dnssec_cd(r));
+- fprintf(output, "trust anchors (%d listed):\n",
+- (int)ldns_rr_list_rr_count(ldns_resolver_dnssec_anchors(r)));
+- ldns_rr_list_print_fmt(output, fmt, ldns_resolver_dnssec_anchors(r));
+- fprintf(output, "tsig: %s %s\n",
+- ldns_resolver_tsig_keyname(r)?ldns_resolver_tsig_keyname(r):"-",
+- ldns_resolver_tsig_algorithm(r)?ldns_resolver_tsig_algorithm(r):"-");
+- fprintf(output, "debug: %d\n", ldns_resolver_debug(r));
+-
+- fprintf(output, "default domain: ");
+- ldns_rdf_print(output, ldns_resolver_domain(r));
+- fprintf(output, "\n");
+- fprintf(output, "apply default domain: %d\n", ldns_resolver_defnames(r));
+-
+- fprintf(output, "searchlist (%d listed):\n", (int)ldns_resolver_searchlist_count(r));
+- for (i = 0; i < ldns_resolver_searchlist_count(r); i++) {
+- fprintf(output, "\t");
+- ldns_rdf_print(output, s[i]);
+- fprintf(output, "\n");
+- }
+- fprintf(output, "apply search list: %d\n", ldns_resolver_dnsrch(r));
+-
+- fprintf(output, "nameservers (%d listed):\n", (int)ldns_resolver_nameserver_count(r));
+- for (i = 0; i < ldns_resolver_nameserver_count(r); i++) {
+- fprintf(output, "\t");
+- ldns_rdf_print(output, n[i]);
+-
+- switch ((int)rtt[i]) {
+- case LDNS_RESOLV_RTT_MIN:
+- fprintf(output, " - reachable\n");
+- break;
+- case LDNS_RESOLV_RTT_INF:
+- fprintf(output, " - unreachable\n");
+- break;
+- }
+- }
+-}
+-
+-void
+-ldns_resolver_print(FILE *output, const ldns_resolver *r)
+-{
+- ldns_resolver_print_fmt(output, ldns_output_format_default, r);
+-}
+-
+-void
+-ldns_zone_print_fmt(FILE *output,
+- const ldns_output_format *fmt, const ldns_zone *z)
+-{
+- if(ldns_zone_soa(z))
+- ldns_rr_print_fmt(output, fmt, ldns_zone_soa(z));
+- ldns_rr_list_print_fmt(output, fmt, ldns_zone_rrs(z));
+-}
+-void
+-ldns_zone_print(FILE *output, const ldns_zone *z)
+-{
+- ldns_zone_print_fmt(output, ldns_output_format_default, z);
+-}
+diff --git a/src/ldns/host2wire.c b/src/ldns/host2wire.c
+deleted file mode 100644
+index 06f45ba..0000000
+--- a/src/ldns/host2wire.c
++++ /dev/null
+@@ -1,494 +0,0 @@
+-/*
+- * host2wire.c
+- *
+- * conversion routines from the host to the wire format.
+- * This will usually just a re-ordering of the
+- * data (as we store it in network format)
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-ldns_status
+-ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name)
+-{
+- return ldns_dname2buffer_wire_compress(buffer, name, NULL);
+-}
+-
+-ldns_status
+-ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_rbtree_t *compression_data)
+-{
+- ldns_rbnode_t *node;
+- uint8_t *data;
+- size_t size;
+- ldns_rdf *label;
+- ldns_rdf *rest;
+- ldns_status s;
+-
+- /* If no tree, just add the data */
+- if(!compression_data)
+- {
+- if (ldns_buffer_reserve(buffer, ldns_rdf_size(name)))
+- {
+- ldns_buffer_write(buffer, ldns_rdf_data(name), ldns_rdf_size(name));
+- }
+- return ldns_buffer_status(buffer);
+- }
+-
+- /* No labels left, write final zero */
+- if(ldns_dname_label_count(name)==0)
+- {
+- if(ldns_buffer_reserve(buffer,1))
+- {
+- ldns_buffer_write_u8(buffer, 0);
+- }
+- return ldns_buffer_status(buffer);
+- }
+-
+- /* Can we find the name in the tree? */
+- if((node = ldns_rbtree_search(compression_data, ldns_rdf_data(name))) != NULL)
+- {
+- /* Found */
+- uint16_t position = (uint16_t) (intptr_t) node->data | 0xC000;
+- if (ldns_buffer_reserve(buffer, 2))
+- {
+- ldns_buffer_write_u16(buffer, position);
+- }
+- return ldns_buffer_status(buffer);
+- }
+- else
+- {
+- /* Not found. Write cache entry, take off first label, write it, */
+- /* try again with the rest of the name. */
+- ldns_rbnode_t *node = LDNS_MALLOC(ldns_rbnode_t);
+- if(!node)
+- {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- if (ldns_buffer_position(buffer) < 16384) {
+- node->key = strdup((const char *)ldns_rdf_data(name));
+- node->data = (void *) (intptr_t) ldns_buffer_position(buffer);
+- if(!ldns_rbtree_insert(compression_data,node))
+- {
+- /* fprintf(stderr,"Name not found but now it's there?\n"); */
+- }
+- }
+- label = ldns_dname_label(name, 0);
+- rest = ldns_dname_left_chop(name);
+- size = ldns_rdf_size(label) - 1; /* Don't want the final zero */
+- data = ldns_rdf_data(label);
+- if(ldns_buffer_reserve(buffer, size))
+- {
+- ldns_buffer_write(buffer, data, size);
+- }
+- ldns_rdf_deep_free(label);
+- s = ldns_dname2buffer_wire_compress(buffer, rest, compression_data);
+- ldns_rdf_deep_free(rest);
+- return s;
+- }
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf)
+-{
+- return ldns_rdf2buffer_wire_compress(buffer, rdf, NULL);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *rdf, ldns_rbtree_t *compression_data)
+-{
+- /* If it's a DNAME, call that function to get compression */
+- if(compression_data && ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME)
+- {
+- return ldns_dname2buffer_wire_compress(buffer,rdf,compression_data);
+- }
+-
+- if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) {
+- ldns_buffer_write(buffer, ldns_rdf_data(rdf), ldns_rdf_size(rdf));
+- }
+- return ldns_buffer_status(buffer);
+-}
+-
+-ldns_status
+-ldns_rdf2buffer_wire_canonical(ldns_buffer *buffer, const ldns_rdf *rdf)
+-{
+- size_t i;
+- uint8_t *rdf_data;
+-
+- if (ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME) {
+- if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) {
+- rdf_data = ldns_rdf_data(rdf);
+- for (i = 0; i < ldns_rdf_size(rdf); i++) {
+- ldns_buffer_write_u8(buffer,
+- (uint8_t) LDNS_DNAME_NORMALIZE((int)rdf_data[i]));
+- }
+- }
+- } else {
+- /* direct copy for all other types */
+- if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) {
+- ldns_buffer_write(buffer,
+- ldns_rdf_data(rdf),
+- ldns_rdf_size(rdf));
+- }
+- }
+- return ldns_buffer_status(buffer);
+-}
+-
+-/* convert a rr list to wireformat */
+-ldns_status
+-ldns_rr_list2buffer_wire(ldns_buffer *buffer,const ldns_rr_list *rr_list)
+-{
+- uint16_t rr_count;
+- uint16_t i;
+-
+- rr_count = ldns_rr_list_rr_count(rr_list);
+- for(i = 0; i < rr_count; i++) {
+- (void)ldns_rr2buffer_wire(buffer, ldns_rr_list_rr(rr_list, i),
+- LDNS_SECTION_ANY);
+- }
+- return ldns_buffer_status(buffer);
+-}
+-
+-
+-ldns_status
+-ldns_rr2buffer_wire_canonical(ldns_buffer *buffer,
+- const ldns_rr *rr,
+- int section)
+-{
+- uint16_t i;
+- uint16_t rdl_pos = 0;
+- bool pre_rfc3597 = false;
+- switch (ldns_rr_get_type(rr)) {
+- case LDNS_RR_TYPE_NS:
+- case LDNS_RR_TYPE_MD:
+- case LDNS_RR_TYPE_MF:
+- case LDNS_RR_TYPE_CNAME:
+- case LDNS_RR_TYPE_SOA:
+- case LDNS_RR_TYPE_MB:
+- case LDNS_RR_TYPE_MG:
+- case LDNS_RR_TYPE_MR:
+- case LDNS_RR_TYPE_PTR:
+- case LDNS_RR_TYPE_HINFO:
+- case LDNS_RR_TYPE_MINFO:
+- case LDNS_RR_TYPE_MX:
+- case LDNS_RR_TYPE_RP:
+- case LDNS_RR_TYPE_AFSDB:
+- case LDNS_RR_TYPE_RT:
+- case LDNS_RR_TYPE_SIG:
+- case LDNS_RR_TYPE_PX:
+- case LDNS_RR_TYPE_NXT:
+- case LDNS_RR_TYPE_NAPTR:
+- case LDNS_RR_TYPE_KX:
+- case LDNS_RR_TYPE_SRV:
+- case LDNS_RR_TYPE_DNAME:
+- case LDNS_RR_TYPE_A6:
+- case LDNS_RR_TYPE_RRSIG:
+- pre_rfc3597 = true;
+- break;
+- default:
+- break;
+- }
+-
+- if (ldns_rr_owner(rr)) {
+- (void) ldns_rdf2buffer_wire_canonical(buffer, ldns_rr_owner(rr));
+- }
+-
+- if (ldns_buffer_reserve(buffer, 4)) {
+- (void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr));
+- (void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr));
+- }
+-
+- if (section != LDNS_SECTION_QUESTION) {
+- if (ldns_buffer_reserve(buffer, 6)) {
+- ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr));
+- /* remember pos for later */
+- rdl_pos = ldns_buffer_position(buffer);
+- ldns_buffer_write_u16(buffer, 0);
+- }
+- for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+- if (pre_rfc3597) {
+- (void) ldns_rdf2buffer_wire_canonical(
+- buffer, ldns_rr_rdf(rr, i));
+- } else {
+- (void) ldns_rdf2buffer_wire(
+- buffer, ldns_rr_rdf(rr, i));
+- }
+- }
+- if (rdl_pos != 0) {
+- ldns_buffer_write_u16_at(buffer, rdl_pos,
+- ldns_buffer_position(buffer)
+- - rdl_pos - 2);
+- }
+- }
+- return ldns_buffer_status(buffer);
+-}
+-
+-ldns_status
+-ldns_rr2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr, int section)
+-{
+- return ldns_rr2buffer_wire_compress(buffer,rr,section,NULL);
+-}
+-
+-ldns_status
+-ldns_rr2buffer_wire_compress(ldns_buffer *buffer, const ldns_rr *rr, int section, ldns_rbtree_t *compression_data)
+-{
+- uint16_t i;
+- uint16_t rdl_pos = 0;
+-
+- if (ldns_rr_owner(rr)) {
+- (void) ldns_dname2buffer_wire_compress(buffer, ldns_rr_owner(rr), compression_data);
+- }
+-
+- if (ldns_buffer_reserve(buffer, 4)) {
+- (void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr));
+- (void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr));
+- }
+-
+- if (section != LDNS_SECTION_QUESTION) {
+- if (ldns_buffer_reserve(buffer, 6)) {
+- ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr));
+- /* remember pos for later */
+- rdl_pos = ldns_buffer_position(buffer);
+- ldns_buffer_write_u16(buffer, 0);
+- }
+- if (LDNS_RR_COMPRESS ==
+- ldns_rr_descript(ldns_rr_get_type(rr))->_compress) {
+-
+- for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+- (void) ldns_rdf2buffer_wire_compress(buffer,
+- ldns_rr_rdf(rr, i), compression_data);
+- }
+- } else {
+- for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+- (void) ldns_rdf2buffer_wire(
+- buffer, ldns_rr_rdf(rr, i));
+- }
+- }
+- if (rdl_pos != 0) {
+- ldns_buffer_write_u16_at(buffer, rdl_pos,
+- ldns_buffer_position(buffer)
+- - rdl_pos - 2);
+- }
+- }
+- return ldns_buffer_status(buffer);
+-}
+-
+-ldns_status
+-ldns_rrsig2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr)
+-{
+- uint16_t i;
+-
+- /* it must be a sig RR */
+- if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* Convert all the rdfs, except the actual signature data
+- * rdf number 8 - the last, hence: -1 */
+- for (i = 0; i < ldns_rr_rd_count(rr) - 1; i++) {
+- (void) ldns_rdf2buffer_wire_canonical(buffer,
+- ldns_rr_rdf(rr, i));
+- }
+-
+- return ldns_buffer_status(buffer);
+-}
+-
+-ldns_status
+-ldns_rr_rdata2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr)
+-{
+- uint16_t i;
+-
+- /* convert all the rdf's */
+- for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+- (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr,i));
+- }
+- return ldns_buffer_status(buffer);
+-}
+-
+-/*
+- * Copies the packet header data to the buffer in wire format
+- */
+-static ldns_status
+-ldns_hdr2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
+-{
+- uint8_t flags;
+- uint16_t arcount;
+-
+- if (ldns_buffer_reserve(buffer, 12)) {
+- ldns_buffer_write_u16(buffer, ldns_pkt_id(packet));
+-
+- flags = ldns_pkt_qr(packet) << 7
+- | ldns_pkt_get_opcode(packet) << 3
+- | ldns_pkt_aa(packet) << 2
+- | ldns_pkt_tc(packet) << 1 | ldns_pkt_rd(packet);
+- ldns_buffer_write_u8(buffer, flags);
+-
+- flags = ldns_pkt_ra(packet) << 7
+- /*| ldns_pkt_z(packet) << 6*/
+- | ldns_pkt_ad(packet) << 5
+- | ldns_pkt_cd(packet) << 4
+- | ldns_pkt_get_rcode(packet);
+- ldns_buffer_write_u8(buffer, flags);
+-
+- ldns_buffer_write_u16(buffer, ldns_pkt_qdcount(packet));
+- ldns_buffer_write_u16(buffer, ldns_pkt_ancount(packet));
+- ldns_buffer_write_u16(buffer, ldns_pkt_nscount(packet));
+- /* add EDNS0 and TSIG to additional if they are there */
+- arcount = ldns_pkt_arcount(packet);
+- if (ldns_pkt_tsig(packet)) {
+- arcount++;
+- }
+- if (ldns_pkt_edns(packet)) {
+- arcount++;
+- }
+- ldns_buffer_write_u16(buffer, arcount);
+- }
+-
+- return ldns_buffer_status(buffer);
+-}
+-
+-void
+-compression_node_free(ldns_rbnode_t *node, void *arg)
+-{
+- (void)arg; /* Yes, dear compiler, it is used */
+- free((void *)node->key);
+- LDNS_FREE(node);
+-}
+-
+-ldns_status
+-ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet)
+-{
+- ldns_rr_list *rr_list;
+- uint16_t i;
+-
+- /* edns tmp vars */
+- ldns_rr *edns_rr;
+- uint8_t edata[4];
+-
+- ldns_rbtree_t *compression_data = ldns_rbtree_create((int (*)(const void *, const void *))strcasecmp);
+-
+- (void) ldns_hdr2buffer_wire(buffer, packet);
+-
+- rr_list = ldns_pkt_question(packet);
+- if (rr_list) {
+- for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
+- (void) ldns_rr2buffer_wire_compress(buffer,
+- ldns_rr_list_rr(rr_list, i), LDNS_SECTION_QUESTION, compression_data);
+- }
+- }
+- rr_list = ldns_pkt_answer(packet);
+- if (rr_list) {
+- for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
+- (void) ldns_rr2buffer_wire_compress(buffer,
+- ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ANSWER, compression_data);
+- }
+- }
+- rr_list = ldns_pkt_authority(packet);
+- if (rr_list) {
+- for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
+- (void) ldns_rr2buffer_wire_compress(buffer,
+- ldns_rr_list_rr(rr_list, i), LDNS_SECTION_AUTHORITY, compression_data);
+- }
+- }
+- rr_list = ldns_pkt_additional(packet);
+- if (rr_list) {
+- for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
+- (void) ldns_rr2buffer_wire_compress(buffer,
+- ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ADDITIONAL, compression_data);
+- }
+- }
+-
+- /* add EDNS to additional if it is needed */
+- if (ldns_pkt_edns(packet)) {
+- edns_rr = ldns_rr_new();
+- if(!edns_rr) return LDNS_STATUS_MEM_ERR;
+- ldns_rr_set_owner(edns_rr,
+- ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "."));
+- ldns_rr_set_type(edns_rr, LDNS_RR_TYPE_OPT);
+- ldns_rr_set_class(edns_rr, ldns_pkt_edns_udp_size(packet));
+- edata[0] = ldns_pkt_edns_extended_rcode(packet);
+- edata[1] = ldns_pkt_edns_version(packet);
+- ldns_write_uint16(&edata[2], ldns_pkt_edns_z(packet));
+- ldns_rr_set_ttl(edns_rr, ldns_read_uint32(edata));
+- /* don't forget to add the edns rdata (if any) */
+- if (packet->_edns_data)
+- ldns_rr_push_rdf (edns_rr, packet->_edns_data);
+- (void)ldns_rr2buffer_wire_compress(buffer, edns_rr, LDNS_SECTION_ADDITIONAL, compression_data);
+- /* take the edns rdata back out of the rr before we free rr */
+- if (packet->_edns_data)
+- (void)ldns_rr_pop_rdf (edns_rr);
+- ldns_rr_free(edns_rr);
+- }
+-
+- /* add TSIG to additional if it is there */
+- if (ldns_pkt_tsig(packet)) {
+- (void) ldns_rr2buffer_wire_compress(buffer,
+- ldns_pkt_tsig(packet), LDNS_SECTION_ADDITIONAL, compression_data);
+- }
+-
+- ldns_traverse_postorder(compression_data,compression_node_free,NULL);
+- ldns_rbtree_free(compression_data);
+-
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *result_size)
+-{
+- ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- ldns_status status;
+- *result_size = 0;
+- *dest = NULL;
+- if(!buffer) return LDNS_STATUS_MEM_ERR;
+-
+- status = ldns_rdf2buffer_wire(buffer, rdf);
+- if (status == LDNS_STATUS_OK) {
+- *result_size = ldns_buffer_position(buffer);
+- *dest = (uint8_t *) ldns_buffer_export(buffer);
+- }
+- ldns_buffer_free(buffer);
+- return status;
+-}
+-
+-ldns_status
+-ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *result_size)
+-{
+- ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- ldns_status status;
+- *result_size = 0;
+- *dest = NULL;
+- if(!buffer) return LDNS_STATUS_MEM_ERR;
+-
+- status = ldns_rr2buffer_wire(buffer, rr, section);
+- if (status == LDNS_STATUS_OK) {
+- *result_size = ldns_buffer_position(buffer);
+- *dest = (uint8_t *) ldns_buffer_export(buffer);
+- }
+- ldns_buffer_free(buffer);
+- return status;
+-}
+-
+-ldns_status
+-ldns_pkt2wire(uint8_t **dest, const ldns_pkt *packet, size_t *result_size)
+-{
+- ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- ldns_status status;
+- *result_size = 0;
+- *dest = NULL;
+- if(!buffer) return LDNS_STATUS_MEM_ERR;
+-
+- status = ldns_pkt2buffer_wire(buffer, packet);
+- if (status == LDNS_STATUS_OK) {
+- *result_size = ldns_buffer_position(buffer);
+- *dest = (uint8_t *) ldns_buffer_export(buffer);
+- }
+- ldns_buffer_free(buffer);
+- return status;
+-}
+diff --git a/src/ldns/keys.c b/src/ldns/keys.c
+deleted file mode 100644
+index 8b43821..0000000
+--- a/src/ldns/keys.c
++++ /dev/null
+@@ -1,1726 +0,0 @@
+-/*
+- * keys.c handle private keys for use in DNSSEC
+- *
+- * This module should hide some of the openSSL complexities
+- * and give a general interface for private keys and hmac
+- * handling
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#ifdef HAVE_SSL
+-#include <openssl/ssl.h>
+-#include <openssl/engine.h>
+-#include <openssl/rand.h>
+-#endif /* HAVE_SSL */
+-
+-ldns_lookup_table ldns_signing_algorithms[] = {
+- { LDNS_SIGN_RSAMD5, "RSAMD5" },
+- { LDNS_SIGN_RSASHA1, "RSASHA1" },
+- { LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
+-#ifdef USE_SHA2
+- { LDNS_SIGN_RSASHA256, "RSASHA256" },
+- { LDNS_SIGN_RSASHA512, "RSASHA512" },
+-#endif
+-#ifdef USE_GOST
+- { LDNS_SIGN_ECC_GOST, "ECC-GOST" },
+-#endif
+-#ifdef USE_ECDSA
+- { LDNS_SIGN_ECDSAP256SHA256, "ECDSAP256SHA256" },
+- { LDNS_SIGN_ECDSAP384SHA384, "ECDSAP384SHA384" },
+-#endif
+- { LDNS_SIGN_DSA, "DSA" },
+- { LDNS_SIGN_DSA_NSEC3, "DSA-NSEC3-SHA1" },
+- { LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" },
+- { LDNS_SIGN_HMACSHA1, "hmac-sha1" },
+- { LDNS_SIGN_HMACSHA256, "hmac-sha256" },
+- { 0, NULL }
+-};
+-
+-ldns_key_list *
+-ldns_key_list_new(void)
+-{
+- ldns_key_list *key_list = LDNS_MALLOC(ldns_key_list);
+- if (!key_list) {
+- return NULL;
+- } else {
+- key_list->_key_count = 0;
+- key_list->_keys = NULL;
+- return key_list;
+- }
+-}
+-
+-ldns_key *
+-ldns_key_new(void)
+-{
+- ldns_key *newkey;
+-
+- newkey = LDNS_MALLOC(ldns_key);
+- if (!newkey) {
+- return NULL;
+- } else {
+- /* some defaults - not sure wether to do this */
+- ldns_key_set_use(newkey, true);
+- ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY);
+- ldns_key_set_origttl(newkey, 0);
+- ldns_key_set_keytag(newkey, 0);
+- ldns_key_set_inception(newkey, 0);
+- ldns_key_set_expiration(newkey, 0);
+- ldns_key_set_pubkey_owner(newkey, NULL);
+-#ifdef HAVE_SSL
+- ldns_key_set_evp_key(newkey, NULL);
+-#endif /* HAVE_SSL */
+- ldns_key_set_hmac_key(newkey, NULL);
+- ldns_key_set_external_key(newkey, NULL);
+- return newkey;
+- }
+-}
+-
+-ldns_status
+-ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
+-{
+- return ldns_key_new_frm_fp_l(k, fp, NULL);
+-}
+-
+-#ifdef HAVE_SSL
+-ldns_status
+-ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
+-{
+- ldns_key *k;
+-
+- k = ldns_key_new();
+- if(!k) return LDNS_STATUS_MEM_ERR;
+-#ifndef S_SPLINT_S
+- k->_key.key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL);
+- if(!k->_key.key) {
+- ldns_key_free(k);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_key_set_algorithm(k, (ldns_signing_algorithm) alg);
+- if (!k->_key.key) {
+- ldns_key_free(k);
+- return LDNS_STATUS_ENGINE_KEY_NOT_LOADED;
+- }
+-#endif /* splint */
+- *key = k;
+- return LDNS_STATUS_OK;
+-}
+-#endif
+-
+-#ifdef USE_GOST
+-/** store GOST engine reference loaded into OpenSSL library */
+-ENGINE* ldns_gost_engine = NULL;
+-
+-int
+-ldns_key_EVP_load_gost_id(void)
+-{
+- static int gost_id = 0;
+- const EVP_PKEY_ASN1_METHOD* meth;
+- ENGINE* e;
+-
+- if(gost_id) return gost_id;
+-
+- /* see if configuration loaded gost implementation from other engine*/
+- meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1);
+- if(meth) {
+- EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
+- return gost_id;
+- }
+-
+- /* see if engine can be loaded already */
+- e = ENGINE_by_id("gost");
+- if(!e) {
+- /* load it ourself, in case statically linked */
+- ENGINE_load_builtin_engines();
+- ENGINE_load_dynamic();
+- e = ENGINE_by_id("gost");
+- }
+- if(!e) {
+- /* no gost engine in openssl */
+- return 0;
+- }
+- if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+- ENGINE_finish(e);
+- ENGINE_free(e);
+- return 0;
+- }
+-
+- meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1);
+- if(!meth) {
+- /* algo not found */
+- ENGINE_finish(e);
+- ENGINE_free(e);
+- return 0;
+- }
+- /* Note: do not ENGINE_finish and ENGINE_free the acquired engine
+- * on some platforms this frees up the meth and unloads gost stuff */
+- ldns_gost_engine = e;
+-
+- EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
+- return gost_id;
+-}
+-
+-void ldns_key_EVP_unload_gost(void)
+-{
+- if(ldns_gost_engine) {
+- ENGINE_finish(ldns_gost_engine);
+- ENGINE_free(ldns_gost_engine);
+- ldns_gost_engine = NULL;
+- }
+-}
+-
+-/** read GOST private key */
+-static EVP_PKEY*
+-ldns_key_new_frm_fp_gost_l(FILE* fp, int* line_nr)
+-{
+- char token[16384];
+- const unsigned char* pp;
+- int gost_id;
+- EVP_PKEY* pkey;
+- ldns_rdf* b64rdf = NULL;
+-
+- gost_id = ldns_key_EVP_load_gost_id();
+- if(!gost_id)
+- return NULL;
+-
+- if (ldns_fget_keyword_data_l(fp, "GostAsn1", ": ", token, "\n",
+- sizeof(token), line_nr) == -1)
+- return NULL;
+- while(strlen(token) < 96) {
+- /* read more b64 from the file, b64 split on multiple lines */
+- if(ldns_fget_token_l(fp, token+strlen(token), "\n",
+- sizeof(token)-strlen(token), line_nr) == -1)
+- return NULL;
+- }
+- if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
+- return NULL;
+- pp = (unsigned char*)ldns_rdf_data(b64rdf);
+- pkey = d2i_PrivateKey(gost_id, NULL, &pp, (int)ldns_rdf_size(b64rdf));
+- ldns_rdf_deep_free(b64rdf);
+- return pkey;
+-}
+-#endif
+-
+-#ifdef USE_ECDSA
+-/** calculate public key from private key */
+-static int
+-ldns_EC_KEY_calc_public(EC_KEY* ec)
+-{
+- EC_POINT* pub_key;
+- const EC_GROUP* group;
+- group = EC_KEY_get0_group(ec);
+- pub_key = EC_POINT_new(group);
+- if(!pub_key) return 0;
+- if(!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
+- EC_POINT_free(pub_key);
+- return 0;
+- }
+- if(!EC_POINT_mul(group, pub_key, EC_KEY_get0_private_key(ec),
+- NULL, NULL, NULL)) {
+- EC_POINT_free(pub_key);
+- return 0;
+- }
+- if(EC_KEY_set_public_key(ec, pub_key) == 0) {
+- EC_POINT_free(pub_key);
+- return 0;
+- }
+- EC_POINT_free(pub_key);
+- return 1;
+-}
+-
+-/** read ECDSA private key */
+-static EVP_PKEY*
+-ldns_key_new_frm_fp_ecdsa_l(FILE* fp, ldns_algorithm alg, int* line_nr)
+-{
+- char token[16384];
+- ldns_rdf* b64rdf = NULL;
+- unsigned char* pp;
+- BIGNUM* bn;
+- EVP_PKEY* evp_key;
+- EC_KEY* ec;
+- if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n",
+- sizeof(token), line_nr) == -1)
+- return NULL;
+- if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
+- return NULL;
+- pp = (unsigned char*)ldns_rdf_data(b64rdf);
+-
+- if(alg == LDNS_ECDSAP256SHA256)
+- ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+- else if(alg == LDNS_ECDSAP384SHA384)
+- ec = EC_KEY_new_by_curve_name(NID_secp384r1);
+- else ec = NULL;
+- if(!ec) {
+- ldns_rdf_deep_free(b64rdf);
+- return NULL;
+- }
+- bn = BN_bin2bn(pp, (int)ldns_rdf_size(b64rdf), NULL);
+- ldns_rdf_deep_free(b64rdf);
+- if(!bn) {
+- EC_KEY_free(ec);
+- return NULL;
+- }
+- EC_KEY_set_private_key(ec, bn);
+- BN_free(bn);
+- if(!ldns_EC_KEY_calc_public(ec)) {
+- EC_KEY_free(ec);
+- return NULL;
+- }
+-
+- evp_key = EVP_PKEY_new();
+- if(!evp_key) {
+- EC_KEY_free(ec);
+- return NULL;
+- }
+- if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
+- EVP_PKEY_free(evp_key);
+- EC_KEY_free(ec);
+- return NULL;
+- }
+- return evp_key;
+-}
+-#endif
+-
+-ldns_status
+-ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
+-{
+- ldns_key *k;
+- char *d;
+- ldns_signing_algorithm alg;
+- ldns_rr *key_rr;
+-#ifdef HAVE_SSL
+- RSA *rsa;
+- DSA *dsa;
+- unsigned char *hmac;
+- size_t hmac_size;
+-#endif /* HAVE_SSL */
+-
+- k = ldns_key_new();
+-
+- d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
+- if (!k || !d) {
+- ldns_key_free(k);
+- LDNS_FREE(d);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- alg = 0;
+-
+- /* the file is highly structured. Do this in sequence */
+- /* RSA:
+- * Private-key-format: v1.x.
+- * Algorithm: 1 (RSA)
+-
+- */
+- /* get the key format version number */
+- if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n",
+- LDNS_MAX_LINELEN, line_nr) == -1) {
+- /* no version information */
+- ldns_key_free(k);
+- LDNS_FREE(d);
+- return LDNS_STATUS_SYNTAX_ERR;
+- }
+- if (strncmp(d, "v1.", 3) != 0) {
+- ldns_key_free(k);
+- LDNS_FREE(d);
+- return LDNS_STATUS_SYNTAX_VERSION_ERR;
+- }
+-
+- /* get the algorithm type, our file function strip ( ) so there are
+- * not in the return string! */
+- if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n",
+- LDNS_MAX_LINELEN, line_nr) == -1) {
+- /* no alg information */
+- ldns_key_free(k);
+- LDNS_FREE(d);
+- return LDNS_STATUS_SYNTAX_ALG_ERR;
+- }
+-
+- if (strncmp(d, "1 RSA", 2) == 0) {
+- alg = LDNS_SIGN_RSAMD5;
+- }
+- if (strncmp(d, "2 DH", 2) == 0) {
+- alg = (ldns_signing_algorithm)LDNS_DH;
+- }
+- if (strncmp(d, "3 DSA", 2) == 0) {
+- alg = LDNS_SIGN_DSA;
+- }
+- if (strncmp(d, "4 ECC", 2) == 0) {
+- alg = (ldns_signing_algorithm)LDNS_ECC;
+- }
+- if (strncmp(d, "5 RSASHA1", 2) == 0) {
+- alg = LDNS_SIGN_RSASHA1;
+- }
+- if (strncmp(d, "6 DSA", 2) == 0) {
+- alg = LDNS_SIGN_DSA_NSEC3;
+- }
+- if (strncmp(d, "7 RSASHA1", 2) == 0) {
+- alg = LDNS_SIGN_RSASHA1_NSEC3;
+- }
+-
+- if (strncmp(d, "8 RSASHA256", 2) == 0) {
+-#ifdef USE_SHA2
+- alg = LDNS_SIGN_RSASHA256;
+-#else
+-# ifdef STDERR_MSGS
+- fprintf(stderr, "Warning: SHA256 not compiled into this ");
+- fprintf(stderr, "version of ldns\n");
+-# endif
+-#endif
+- }
+- if (strncmp(d, "10 RSASHA512", 3) == 0) {
+-#ifdef USE_SHA2
+- alg = LDNS_SIGN_RSASHA512;
+-#else
+-# ifdef STDERR_MSGS
+- fprintf(stderr, "Warning: SHA512 not compiled into this ");
+- fprintf(stderr, "version of ldns\n");
+-# endif
+-#endif
+- }
+- if (strncmp(d, "12 ECC-GOST", 3) == 0) {
+-#ifdef USE_GOST
+- alg = LDNS_SIGN_ECC_GOST;
+-#else
+-# ifdef STDERR_MSGS
+- fprintf(stderr, "Warning: ECC-GOST not compiled into this ");
+- fprintf(stderr, "version of ldns, use --enable-gost\n");
+-# endif
+-#endif
+- }
+- if (strncmp(d, "13 ECDSAP256SHA256", 3) == 0) {
+-#ifdef USE_ECDSA
+- alg = LDNS_SIGN_ECDSAP256SHA256;
+-#else
+-# ifdef STDERR_MSGS
+- fprintf(stderr, "Warning: ECDSA not compiled into this ");
+- fprintf(stderr, "version of ldns, use --enable-ecdsa\n");
+-# endif
+-#endif
+- }
+- if (strncmp(d, "14 ECDSAP384SHA384", 3) == 0) {
+-#ifdef USE_ECDSA
+- alg = LDNS_SIGN_ECDSAP384SHA384;
+-#else
+-# ifdef STDERR_MSGS
+- fprintf(stderr, "Warning: ECDSA not compiled into this ");
+- fprintf(stderr, "version of ldns, use --enable-ecdsa\n");
+-# endif
+-#endif
+- }
+- if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
+- alg = LDNS_SIGN_HMACMD5;
+- }
+- if (strncmp(d, "158 HMAC-SHA1", 4) == 0) {
+- alg = LDNS_SIGN_HMACSHA1;
+- }
+- if (strncmp(d, "159 HMAC-SHA256", 4) == 0) {
+- alg = LDNS_SIGN_HMACSHA256;
+- }
+-
+- LDNS_FREE(d);
+-
+- switch(alg) {
+- case LDNS_SIGN_RSAMD5:
+- case LDNS_SIGN_RSASHA1:
+- case LDNS_SIGN_RSASHA1_NSEC3:
+-#ifdef USE_SHA2
+- case LDNS_SIGN_RSASHA256:
+- case LDNS_SIGN_RSASHA512:
+-#endif
+- ldns_key_set_algorithm(k, alg);
+-#ifdef HAVE_SSL
+- rsa = ldns_key_new_frm_fp_rsa_l(fp, line_nr);
+- if (!rsa) {
+- ldns_key_free(k);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_key_assign_rsa_key(k, rsa);
+-#endif /* HAVE_SSL */
+- break;
+- case LDNS_SIGN_DSA:
+- case LDNS_SIGN_DSA_NSEC3:
+- ldns_key_set_algorithm(k, alg);
+-#ifdef HAVE_SSL
+- dsa = ldns_key_new_frm_fp_dsa_l(fp, line_nr);
+- if (!dsa) {
+- ldns_key_free(k);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_key_assign_dsa_key(k, dsa);
+-#endif /* HAVE_SSL */
+- break;
+- case LDNS_SIGN_HMACMD5:
+- case LDNS_SIGN_HMACSHA1:
+- case LDNS_SIGN_HMACSHA256:
+- ldns_key_set_algorithm(k, alg);
+-#ifdef HAVE_SSL
+- hmac = ldns_key_new_frm_fp_hmac_l(fp, line_nr, &hmac_size);
+- if (!hmac) {
+- ldns_key_free(k);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_key_set_hmac_size(k, hmac_size);
+- ldns_key_set_hmac_key(k, hmac);
+-#endif /* HAVE_SSL */
+- break;
+- case LDNS_SIGN_ECC_GOST:
+- ldns_key_set_algorithm(k, alg);
+-#if defined(HAVE_SSL) && defined(USE_GOST)
+- if(!ldns_key_EVP_load_gost_id()) {
+- ldns_key_free(k);
+- return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL;
+- }
+- ldns_key_set_evp_key(k,
+- ldns_key_new_frm_fp_gost_l(fp, line_nr));
+-#ifndef S_SPLINT_S
+- if(!k->_key.key) {
+- ldns_key_free(k);
+- return LDNS_STATUS_ERR;
+- }
+-#endif /* splint */
+-#endif
+- break;
+-#ifdef USE_ECDSA
+- case LDNS_SIGN_ECDSAP256SHA256:
+- case LDNS_SIGN_ECDSAP384SHA384:
+- ldns_key_set_algorithm(k, alg);
+- ldns_key_set_evp_key(k,
+- ldns_key_new_frm_fp_ecdsa_l(fp, (ldns_algorithm)alg, line_nr));
+-#ifndef S_SPLINT_S
+- if(!k->_key.key) {
+- ldns_key_free(k);
+- return LDNS_STATUS_ERR;
+- }
+-#endif /* splint */
+- break;
+-#endif
+- default:
+- ldns_key_free(k);
+- return LDNS_STATUS_SYNTAX_ALG_ERR;
+- }
+- key_rr = ldns_key2rr(k);
+- ldns_key_set_keytag(k, ldns_calc_keytag(key_rr));
+- ldns_rr_free(key_rr);
+-
+- if (key) {
+- *key = k;
+- return LDNS_STATUS_OK;
+- }
+- ldns_key_free(k);
+- return LDNS_STATUS_ERR;
+-}
+-
+-#ifdef HAVE_SSL
+-RSA *
+-ldns_key_new_frm_fp_rsa(FILE *f)
+-{
+- return ldns_key_new_frm_fp_rsa_l(f, NULL);
+-}
+-
+-RSA *
+-ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
+-{
+- /* we parse
+- * Modulus:
+- * PublicExponent:
+- * PrivateExponent:
+- * Prime1:
+- * Prime2:
+- * Exponent1:
+- * Exponent2:
+- * Coefficient:
+- *
+- * man 3 RSA:
+- *
+- * struct
+- * {
+- * BIGNUM *n; // public modulus
+- * BIGNUM *e; // public exponent
+- * BIGNUM *d; // private exponent
+- * BIGNUM *p; // secret prime factor
+- * BIGNUM *q; // secret prime factor
+- * BIGNUM *dmp1; // d mod (p-1)
+- * BIGNUM *dmq1; // d mod (q-1)
+- * BIGNUM *iqmp; // q^-1 mod p
+- * // ...
+- *
+- */
+- char *d;
+- RSA *rsa;
+- uint8_t *buf;
+- int i;
+-
+- d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
+- buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
+- rsa = RSA_new();
+- if (!d || !rsa || !buf) {
+- goto error;
+- }
+-
+- /* I could use functions again, but that seems an overkill,
+- * allthough this also looks tedious
+- */
+-
+- /* Modules, rsa->n */
+- if (ldns_fget_keyword_data_l(f, "Modulus", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+-#ifndef S_SPLINT_S
+- rsa->n = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!rsa->n) {
+- goto error;
+- }
+-
+- /* PublicExponent, rsa->e */
+- if (ldns_fget_keyword_data_l(f, "PublicExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- rsa->e = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!rsa->e) {
+- goto error;
+- }
+-
+- /* PrivateExponent, rsa->d */
+- if (ldns_fget_keyword_data_l(f, "PrivateExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- rsa->d = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!rsa->d) {
+- goto error;
+- }
+-
+- /* Prime1, rsa->p */
+- if (ldns_fget_keyword_data_l(f, "Prime1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- rsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!rsa->p) {
+- goto error;
+- }
+-
+- /* Prime2, rsa->q */
+- if (ldns_fget_keyword_data_l(f, "Prime2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- rsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!rsa->q) {
+- goto error;
+- }
+-
+- /* Exponent1, rsa->dmp1 */
+- if (ldns_fget_keyword_data_l(f, "Exponent1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- rsa->dmp1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!rsa->dmp1) {
+- goto error;
+- }
+-
+- /* Exponent2, rsa->dmq1 */
+- if (ldns_fget_keyword_data_l(f, "Exponent2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- rsa->dmq1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!rsa->dmq1) {
+- goto error;
+- }
+-
+- /* Coefficient, rsa->iqmp */
+- if (ldns_fget_keyword_data_l(f, "Coefficient", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- rsa->iqmp = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!rsa->iqmp) {
+- goto error;
+- }
+-#endif /* splint */
+-
+- LDNS_FREE(buf);
+- LDNS_FREE(d);
+- return rsa;
+-
+-error:
+- RSA_free(rsa);
+- LDNS_FREE(d);
+- LDNS_FREE(buf);
+- return NULL;
+-}
+-
+-DSA *
+-ldns_key_new_frm_fp_dsa(FILE *f)
+-{
+- return ldns_key_new_frm_fp_dsa_l(f, NULL);
+-}
+-
+-DSA *
+-ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr))
+-{
+- int i;
+- char *d;
+- DSA *dsa;
+- uint8_t *buf;
+-
+- d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
+- buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
+- dsa = DSA_new();
+- if (!d || !dsa || !buf) {
+- goto error;
+- }
+-
+- /* the line parser removes the () from the input... */
+-
+- /* Prime, dsa->p */
+- if (ldns_fget_keyword_data_l(f, "Primep", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+-#ifndef S_SPLINT_S
+- dsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!dsa->p) {
+- goto error;
+- }
+-
+- /* Subprime, dsa->q */
+- if (ldns_fget_keyword_data_l(f, "Subprimeq", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- dsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!dsa->q) {
+- goto error;
+- }
+-
+- /* Base, dsa->g */
+- if (ldns_fget_keyword_data_l(f, "Baseg", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- dsa->g = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!dsa->g) {
+- goto error;
+- }
+-
+- /* Private key, dsa->priv_key */
+- if (ldns_fget_keyword_data_l(f, "Private_valuex", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- dsa->priv_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!dsa->priv_key) {
+- goto error;
+- }
+-
+- /* Public key, dsa->priv_key */
+- if (ldns_fget_keyword_data_l(f, "Public_valuey", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
+- dsa->pub_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
+- if (!dsa->pub_key) {
+- goto error;
+- }
+-#endif /* splint */
+-
+- LDNS_FREE(buf);
+- LDNS_FREE(d);
+-
+- return dsa;
+-
+-error:
+- LDNS_FREE(d);
+- LDNS_FREE(buf);
+- DSA_free(dsa);
+- return NULL;
+-}
+-
+-unsigned char *
+-ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
+-{
+- return ldns_key_new_frm_fp_hmac_l(f, NULL, hmac_size);
+-}
+-
+-unsigned char *
+-ldns_key_new_frm_fp_hmac_l( FILE *f
+- , ATTR_UNUSED(int *line_nr)
+- , size_t *hmac_size
+- )
+-{
+- size_t i, bufsz;
+- char d[LDNS_MAX_LINELEN];
+- unsigned char *buf = NULL;
+-
+- if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
+- goto error;
+- }
+- bufsz = ldns_b64_ntop_calculate_size(strlen(d));
+- buf = LDNS_XMALLOC(unsigned char, bufsz);
+- i = (size_t) ldns_b64_pton((const char*)d, buf, bufsz);
+-
+- *hmac_size = i;
+- return buf;
+-
+- error:
+- LDNS_FREE(buf);
+- *hmac_size = 0;
+- return NULL;
+-}
+-#endif /* HAVE_SSL */
+-
+-#ifdef USE_GOST
+-static EVP_PKEY*
+-ldns_gen_gost_key(void)
+-{
+- EVP_PKEY_CTX* ctx;
+- EVP_PKEY* p = NULL;
+- int gost_id = ldns_key_EVP_load_gost_id();
+- if(!gost_id)
+- return NULL;
+- ctx = EVP_PKEY_CTX_new_id(gost_id, NULL);
+- if(!ctx) {
+- /* the id should be available now */
+- return NULL;
+- }
+- if(EVP_PKEY_CTX_ctrl_str(ctx, "paramset", "A") <= 0) {
+- /* cannot set paramset */
+- EVP_PKEY_CTX_free(ctx);
+- return NULL;
+- }
+-
+- if(EVP_PKEY_keygen_init(ctx) <= 0) {
+- EVP_PKEY_CTX_free(ctx);
+- return NULL;
+- }
+- if(EVP_PKEY_keygen(ctx, &p) <= 0) {
+- EVP_PKEY_free(p);
+- EVP_PKEY_CTX_free(ctx);
+- return NULL;
+- }
+- EVP_PKEY_CTX_free(ctx);
+- return p;
+-}
+-#endif
+-
+-ldns_key *
+-ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
+-{
+- ldns_key *k;
+-#ifdef HAVE_SSL
+- DSA *d;
+- RSA *r;
+-# ifdef USE_ECDSA
+- EC_KEY *ec = NULL;
+-# endif
+-#else
+- int i;
+- uint16_t offset = 0;
+-#endif
+- unsigned char *hmac;
+-
+- k = ldns_key_new();
+- if (!k) {
+- return NULL;
+- }
+- switch(alg) {
+- case LDNS_SIGN_RSAMD5:
+- case LDNS_SIGN_RSASHA1:
+- case LDNS_SIGN_RSASHA1_NSEC3:
+- case LDNS_SIGN_RSASHA256:
+- case LDNS_SIGN_RSASHA512:
+-#ifdef HAVE_SSL
+- r = RSA_generate_key((int)size, RSA_F4, NULL, NULL);
+- if(!r) {
+- ldns_key_free(k);
+- return NULL;
+- }
+- if (RSA_check_key(r) != 1) {
+- ldns_key_free(k);
+- return NULL;
+- }
+- ldns_key_set_rsa_key(k, r);
+- RSA_free(r);
+-#endif /* HAVE_SSL */
+- break;
+- case LDNS_SIGN_DSA:
+- case LDNS_SIGN_DSA_NSEC3:
+-#ifdef HAVE_SSL
+- d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
+- if (!d) {
+- ldns_key_free(k);
+- return NULL;
+- }
+- if (DSA_generate_key(d) != 1) {
+- ldns_key_free(k);
+- return NULL;
+- }
+- ldns_key_set_dsa_key(k, d);
+- DSA_free(d);
+-#endif /* HAVE_SSL */
+- break;
+- case LDNS_SIGN_HMACMD5:
+- case LDNS_SIGN_HMACSHA1:
+- case LDNS_SIGN_HMACSHA256:
+-#ifdef HAVE_SSL
+-#ifndef S_SPLINT_S
+- k->_key.key = NULL;
+-#endif /* splint */
+-#endif /* HAVE_SSL */
+- size = size / 8;
+- ldns_key_set_hmac_size(k, size);
+-
+- hmac = LDNS_XMALLOC(unsigned char, size);
+- if(!hmac) {
+- ldns_key_free(k);
+- return NULL;
+- }
+-#ifdef HAVE_SSL
+- if (RAND_bytes(hmac, (int) size) != 1) {
+- LDNS_FREE(hmac);
+- ldns_key_free(k);
+- return NULL;
+- }
+-#else
+- while (offset + sizeof(i) < size) {
+- i = random();
+- memcpy(&hmac[offset], &i, sizeof(i));
+- offset += sizeof(i);
+- }
+- if (offset < size) {
+- i = random();
+- memcpy(&hmac[offset], &i, size - offset);
+- }
+-#endif /* HAVE_SSL */
+- ldns_key_set_hmac_key(k, hmac);
+-
+- ldns_key_set_flags(k, 0);
+- break;
+- case LDNS_SIGN_ECC_GOST:
+-#if defined(HAVE_SSL) && defined(USE_GOST)
+- ldns_key_set_evp_key(k, ldns_gen_gost_key());
+-#ifndef S_SPLINT_S
+- if(!k->_key.key) {
+- ldns_key_free(k);
+- return NULL;
+- }
+-#endif /* splint */
+-#else
+- ldns_key_free(k);
+- return NULL;
+-#endif /* HAVE_SSL and USE_GOST */
+- break;
+- case LDNS_SIGN_ECDSAP256SHA256:
+- case LDNS_SIGN_ECDSAP384SHA384:
+-#ifdef USE_ECDSA
+- if(alg == LDNS_SIGN_ECDSAP256SHA256)
+- ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+- else if(alg == LDNS_SIGN_ECDSAP384SHA384)
+- ec = EC_KEY_new_by_curve_name(NID_secp384r1);
+- if(!ec) {
+- ldns_key_free(k);
+- return NULL;
+- }
+- if(!EC_KEY_generate_key(ec)) {
+- ldns_key_free(k);
+- EC_KEY_free(ec);
+- return NULL;
+- }
+-#ifndef S_SPLINT_S
+- k->_key.key = EVP_PKEY_new();
+- if(!k->_key.key) {
+- ldns_key_free(k);
+- EC_KEY_free(ec);
+- return NULL;
+- }
+- if (!EVP_PKEY_assign_EC_KEY(k->_key.key, ec)) {
+- ldns_key_free(k);
+- EC_KEY_free(ec);
+- return NULL;
+- }
+-#endif /* splint */
+-#else
+- ldns_key_free(k);
+- return NULL;
+-#endif /* ECDSA */
+- break;
+- }
+- ldns_key_set_algorithm(k, alg);
+- return k;
+-}
+-
+-void
+-ldns_key_print(FILE *output, const ldns_key *k)
+-{
+- char *str = ldns_key2str(k);
+- if (str) {
+- fprintf(output, "%s", str);
+- } else {
+- fprintf(output, "Unable to convert private key to string\n");
+- }
+- LDNS_FREE(str);
+-}
+-
+-
+-void
+-ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
+-{
+- k->_alg = l;
+-}
+-
+-void
+-ldns_key_set_flags(ldns_key *k, uint16_t f)
+-{
+- k->_extra.dnssec.flags = f;
+-}
+-
+-#ifdef HAVE_SSL
+-#ifndef S_SPLINT_S
+-void
+-ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
+-{
+- k->_key.key = e;
+-}
+-
+-void
+-ldns_key_set_rsa_key(ldns_key *k, RSA *r)
+-{
+- EVP_PKEY *key = EVP_PKEY_new();
+- EVP_PKEY_set1_RSA(key, r);
+- k->_key.key = key;
+-}
+-
+-void
+-ldns_key_set_dsa_key(ldns_key *k, DSA *d)
+-{
+- EVP_PKEY *key = EVP_PKEY_new();
+- EVP_PKEY_set1_DSA(key, d);
+- k->_key.key = key;
+-}
+-
+-void
+-ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
+-{
+- EVP_PKEY *key = EVP_PKEY_new();
+- EVP_PKEY_assign_RSA(key, r);
+- k->_key.key = key;
+-}
+-
+-void
+-ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
+-{
+- EVP_PKEY *key = EVP_PKEY_new();
+- EVP_PKEY_assign_DSA(key, d);
+- k->_key.key = key;
+-}
+-#endif /* splint */
+-#endif /* HAVE_SSL */
+-
+-void
+-ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
+-{
+- k->_key.hmac.key = hmac;
+-}
+-
+-void
+-ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
+-{
+- k->_key.hmac.size = hmac_size;
+-}
+-
+-void
+-ldns_key_set_external_key(ldns_key *k, void *external_key)
+-{
+- k->_key.external_key = external_key;
+-}
+-
+-void
+-ldns_key_set_origttl(ldns_key *k, uint32_t t)
+-{
+- k->_extra.dnssec.orig_ttl = t;
+-}
+-
+-void
+-ldns_key_set_inception(ldns_key *k, uint32_t i)
+-{
+- k->_extra.dnssec.inception = i;
+-}
+-
+-void
+-ldns_key_set_expiration(ldns_key *k, uint32_t e)
+-{
+- k->_extra.dnssec.expiration = e;
+-}
+-
+-void
+-ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
+-{
+- k->_pubkey_owner = r;
+-}
+-
+-void
+-ldns_key_set_keytag(ldns_key *k, uint16_t tag)
+-{
+- k->_extra.dnssec.keytag = tag;
+-}
+-
+-/* read */
+-size_t
+-ldns_key_list_key_count(const ldns_key_list *key_list)
+-{
+- return key_list->_key_count;
+-}
+-
+-ldns_key *
+-ldns_key_list_key(const ldns_key_list *key, size_t nr)
+-{
+- if (nr < ldns_key_list_key_count(key)) {
+- return key->_keys[nr];
+- } else {
+- return NULL;
+- }
+-}
+-
+-ldns_signing_algorithm
+-ldns_key_algorithm(const ldns_key *k)
+-{
+- return k->_alg;
+-}
+-
+-void
+-ldns_key_set_use(ldns_key *k, bool v)
+-{
+- if (k) {
+- k->_use = v;
+- }
+-}
+-
+-bool
+-ldns_key_use(const ldns_key *k)
+-{
+- if (k) {
+- return k->_use;
+- }
+- return false;
+-}
+-
+-#ifdef HAVE_SSL
+-#ifndef S_SPLINT_S
+-EVP_PKEY *
+-ldns_key_evp_key(const ldns_key *k)
+-{
+- return k->_key.key;
+-}
+-
+-RSA *
+-ldns_key_rsa_key(const ldns_key *k)
+-{
+- if (k->_key.key) {
+- return EVP_PKEY_get1_RSA(k->_key.key);
+- } else {
+- return NULL;
+- }
+-}
+-
+-DSA *
+-ldns_key_dsa_key(const ldns_key *k)
+-{
+- if (k->_key.key) {
+- return EVP_PKEY_get1_DSA(k->_key.key);
+- } else {
+- return NULL;
+- }
+-}
+-#endif /* splint */
+-#endif /* HAVE_SSL */
+-
+-unsigned char *
+-ldns_key_hmac_key(const ldns_key *k)
+-{
+- if (k->_key.hmac.key) {
+- return k->_key.hmac.key;
+- } else {
+- return NULL;
+- }
+-}
+-
+-size_t
+-ldns_key_hmac_size(const ldns_key *k)
+-{
+- if (k->_key.hmac.size) {
+- return k->_key.hmac.size;
+- } else {
+- return 0;
+- }
+-}
+-
+-void *
+-ldns_key_external_key(const ldns_key *k)
+-{
+- return k->_key.external_key;
+-}
+-
+-uint32_t
+-ldns_key_origttl(const ldns_key *k)
+-{
+- return k->_extra.dnssec.orig_ttl;
+-}
+-
+-uint16_t
+-ldns_key_flags(const ldns_key *k)
+-{
+- return k->_extra.dnssec.flags;
+-}
+-
+-uint32_t
+-ldns_key_inception(const ldns_key *k)
+-{
+- return k->_extra.dnssec.inception;
+-}
+-
+-uint32_t
+-ldns_key_expiration(const ldns_key *k)
+-{
+- return k->_extra.dnssec.expiration;
+-}
+-
+-uint16_t
+-ldns_key_keytag(const ldns_key *k)
+-{
+- return k->_extra.dnssec.keytag;
+-}
+-
+-ldns_rdf *
+-ldns_key_pubkey_owner(const ldns_key *k)
+-{
+- return k->_pubkey_owner;
+-}
+-
+-/* write */
+-void
+-ldns_key_list_set_use(ldns_key_list *keys, bool v)
+-{
+- size_t i;
+-
+- for (i = 0; i < ldns_key_list_key_count(keys); i++) {
+- ldns_key_set_use(ldns_key_list_key(keys, i), v);
+- }
+-}
+-
+-void
+-ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
+-{
+- key->_key_count = count;
+-}
+-
+-bool
+-ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
+-{
+- size_t key_count;
+- ldns_key **keys;
+-
+- key_count = ldns_key_list_key_count(key_list);
+-
+- /* grow the array */
+- keys = LDNS_XREALLOC(
+- key_list->_keys, ldns_key *, key_count + 1);
+- if (!keys) {
+- return false;
+- }
+-
+- /* add the new member */
+- key_list->_keys = keys;
+- key_list->_keys[key_count] = key;
+-
+- ldns_key_list_set_key_count(key_list, key_count + 1);
+- return true;
+-}
+-
+-ldns_key *
+-ldns_key_list_pop_key(ldns_key_list *key_list)
+-{
+- size_t key_count;
+- ldns_key** a;
+- ldns_key *pop;
+-
+- if (!key_list) {
+- return NULL;
+- }
+-
+- key_count = ldns_key_list_key_count(key_list);
+- if (key_count == 0) {
+- return NULL;
+- }
+-
+- pop = ldns_key_list_key(key_list, key_count);
+-
+- /* shrink the array */
+- a = LDNS_XREALLOC(key_list->_keys, ldns_key *, key_count - 1);
+- if(a) {
+- key_list->_keys = a;
+- }
+-
+- ldns_key_list_set_key_count(key_list, key_count - 1);
+-
+- return pop;
+-}
+-
+-#ifdef HAVE_SSL
+-#ifndef S_SPLINT_S
+-/* data pointer must be large enough (LDNS_MAX_KEYLEN) */
+-static bool
+-ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
+-{
+- int i,j;
+-
+- if (!k) {
+- return false;
+- }
+-
+- if (BN_num_bytes(k->e) <= 256) {
+- /* normally only this path is executed (small factors are
+- * more common
+- */
+- data[0] = (unsigned char) BN_num_bytes(k->e);
+- i = BN_bn2bin(k->e, data + 1);
+- j = BN_bn2bin(k->n, data + i + 1);
+- *size = (uint16_t) i + j;
+- } else if (BN_num_bytes(k->e) <= 65536) {
+- data[0] = 0;
+- /* BN_bn2bin does bigendian, _uint16 also */
+- ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(k->e));
+-
+- BN_bn2bin(k->e, data + 3);
+- BN_bn2bin(k->n, data + 4 + BN_num_bytes(k->e));
+- *size = (uint16_t) BN_num_bytes(k->n) + 6;
+- } else {
+- return false;
+- }
+- return true;
+-}
+-
+-/* data pointer must be large enough (LDNS_MAX_KEYLEN) */
+-static bool
+-ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
+-{
+- uint8_t T;
+-
+- if (!k) {
+- return false;
+- }
+-
+- /* See RFC2536 */
+- *size = (uint16_t)BN_num_bytes(k->p);
+- T = (*size - 64) / 8;
+-
+- if (T > 8) {
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)");
+- fprintf(stderr, " not implemented\n");
+-#endif
+- return false;
+- }
+-
+- /* size = 64 + (T * 8); */
+- memset(data, 0, 21 + *size * 3);
+- data[0] = (unsigned char)T;
+- BN_bn2bin(k->q, data + 1 ); /* 20 octects */
+- BN_bn2bin(k->p, data + 21 ); /* offset octects */
+- BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g));
+- BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key));
+- *size = 21 + *size * 3;
+- return true;
+-}
+-
+-#ifdef USE_GOST
+-static bool
+-ldns_key_gost2bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
+-{
+- int i;
+- unsigned char* pp = NULL;
+- if(i2d_PUBKEY(k, &pp) != 37 + 64) {
+- /* expect 37 byte(ASN header) and 64 byte(X and Y) */
+- CRYPTO_free(pp);
+- return false;
+- }
+- /* omit ASN header */
+- for(i=0; i<64; i++)
+- data[i] = pp[i+37];
+- CRYPTO_free(pp);
+- *size = 64;
+- return true;
+-}
+-#endif /* USE_GOST */
+-#endif /* splint */
+-#endif /* HAVE_SSL */
+-
+-ldns_rr *
+-ldns_key2rr(const ldns_key *k)
+-{
+- /* this function will convert a the keydata contained in
+- * rsa/dsa pointers to a DNSKEY rr. It will fill in as
+- * much as it can, but it does not know about key-flags
+- * for instance
+- */
+- ldns_rr *pubkey;
+- ldns_rdf *keybin;
+- unsigned char *bin = NULL;
+- uint16_t size = 0;
+-#ifdef HAVE_SSL
+- RSA *rsa = NULL;
+- DSA *dsa = NULL;
+-#endif /* HAVE_SSL */
+-#ifdef USE_ECDSA
+- EC_KEY* ec;
+-#endif
+- int internal_data = 0;
+-
+- if (!k) {
+- return NULL;
+- }
+- pubkey = ldns_rr_new();
+-
+- switch (ldns_key_algorithm(k)) {
+- case LDNS_SIGN_HMACMD5:
+- case LDNS_SIGN_HMACSHA1:
+- case LDNS_SIGN_HMACSHA256:
+- ldns_rr_set_type(pubkey, LDNS_RR_TYPE_KEY);
+- break;
+- default:
+- ldns_rr_set_type(pubkey, LDNS_RR_TYPE_DNSKEY);
+- break;
+- }
+- /* zero-th rdf - flags */
+- ldns_rr_push_rdf(pubkey,
+- ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
+- ldns_key_flags(k)));
+- /* first - proto */
+- ldns_rr_push_rdf(pubkey,
+- ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, LDNS_DNSSEC_KEYPROTO));
+-
+- if (ldns_key_pubkey_owner(k)) {
+- ldns_rr_set_owner(pubkey, ldns_rdf_clone(ldns_key_pubkey_owner(k)));
+- }
+-
+- /* third - da algorithm */
+- switch(ldns_key_algorithm(k)) {
+- case LDNS_SIGN_RSAMD5:
+- case LDNS_SIGN_RSASHA1:
+- case LDNS_SIGN_RSASHA1_NSEC3:
+- case LDNS_SIGN_RSASHA256:
+- case LDNS_SIGN_RSASHA512:
+- ldns_rr_push_rdf(pubkey,
+- ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
+-#ifdef HAVE_SSL
+- rsa = ldns_key_rsa_key(k);
+- if (rsa) {
+- bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
+- if (!bin) {
+- ldns_rr_free(pubkey);
+- return NULL;
+- }
+- if (!ldns_key_rsa2bin(bin, rsa, &size)) {
+- LDNS_FREE(bin);
+- ldns_rr_free(pubkey);
+- return NULL;
+- }
+- RSA_free(rsa);
+- internal_data = 1;
+- }
+-#endif
+- size++;
+- break;
+- case LDNS_SIGN_DSA:
+- ldns_rr_push_rdf(pubkey,
+- ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
+-#ifdef HAVE_SSL
+- dsa = ldns_key_dsa_key(k);
+- if (dsa) {
+- bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
+- if (!bin) {
+- ldns_rr_free(pubkey);
+- return NULL;
+- }
+- if (!ldns_key_dsa2bin(bin, dsa, &size)) {
+- LDNS_FREE(bin);
+- ldns_rr_free(pubkey);
+- return NULL;
+- }
+- DSA_free(dsa);
+- internal_data = 1;
+- }
+-#endif /* HAVE_SSL */
+- break;
+- case LDNS_SIGN_DSA_NSEC3:
+- ldns_rr_push_rdf(pubkey,
+- ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
+-#ifdef HAVE_SSL
+- dsa = ldns_key_dsa_key(k);
+- if (dsa) {
+- bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
+- if (!bin) {
+- ldns_rr_free(pubkey);
+- return NULL;
+- }
+- if (!ldns_key_dsa2bin(bin, dsa, &size)) {
+- LDNS_FREE(bin);
+- ldns_rr_free(pubkey);
+- return NULL;
+- }
+- DSA_free(dsa);
+- internal_data = 1;
+- }
+-#endif /* HAVE_SSL */
+- break;
+- case LDNS_SIGN_ECC_GOST:
+- ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
+- LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
+-#if defined(HAVE_SSL) && defined(USE_GOST)
+- bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
+- if (!bin) {
+- ldns_rr_free(pubkey);
+- return NULL;
+- }
+-#ifndef S_SPLINT_S
+- if (!ldns_key_gost2bin(bin, k->_key.key, &size)) {
+- LDNS_FREE(bin);
+- ldns_rr_free(pubkey);
+- return NULL;
+- }
+-#endif /* splint */
+- internal_data = 1;
+-#else
+- ldns_rr_free(pubkey);
+- return NULL;
+-#endif /* HAVE_SSL and USE_GOST */
+- break;
+- case LDNS_SIGN_ECDSAP256SHA256:
+- case LDNS_SIGN_ECDSAP384SHA384:
+-#ifdef USE_ECDSA
+- ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
+- LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
+- bin = NULL;
+-#ifndef S_SPLINT_S
+- ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
+-#endif
+- EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
+- size = (uint16_t)i2o_ECPublicKey(ec, NULL);
+- if(!i2o_ECPublicKey(ec, &bin)) {
+- EC_KEY_free(ec);
+- ldns_rr_free(pubkey);
+- return NULL;
+- }
+- if(size > 1) {
+- /* move back one byte to shave off the 0x02
+- * 'uncompressed' indicator that openssl made
+- * Actually its 0x04 (from implementation).
+- */
+- assert(bin[0] == POINT_CONVERSION_UNCOMPRESSED);
+- size -= 1;
+- memmove(bin, bin+1, size);
+- }
+- /* down the reference count for ec, its still assigned
+- * to the pkey */
+- EC_KEY_free(ec);
+- internal_data = 1;
+-#else
+- ldns_rr_free(pubkey);
+- return NULL;
+-#endif /* ECDSA */
+- break;
+- case LDNS_SIGN_HMACMD5:
+- case LDNS_SIGN_HMACSHA1:
+- case LDNS_SIGN_HMACSHA256:
+- bin = LDNS_XMALLOC(unsigned char, ldns_key_hmac_size(k));
+- if (!bin) {
+- ldns_rr_free(pubkey);
+- return NULL;
+- }
+- ldns_rr_push_rdf(pubkey,
+- ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG,
+- ldns_key_algorithm(k)));
+- size = ldns_key_hmac_size(k);
+- memcpy(bin, ldns_key_hmac_key(k), size);
+- internal_data = 1;
+- break;
+- }
+- /* fourth the key bin material */
+- if (internal_data) {
+- keybin = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, size, bin);
+- LDNS_FREE(bin);
+- ldns_rr_push_rdf(pubkey, keybin);
+- }
+- return pubkey;
+-}
+-
+-void
+-ldns_key_free(ldns_key *key)
+-{
+- LDNS_FREE(key);
+-}
+-
+-void
+-ldns_key_deep_free(ldns_key *key)
+-{
+- unsigned char* hmac;
+- if (ldns_key_pubkey_owner(key)) {
+- ldns_rdf_deep_free(ldns_key_pubkey_owner(key));
+- }
+-#ifdef HAVE_SSL
+- if (ldns_key_evp_key(key)) {
+- EVP_PKEY_free(ldns_key_evp_key(key));
+- }
+-#endif /* HAVE_SSL */
+- if (ldns_key_hmac_key(key)) {
+- hmac = ldns_key_hmac_key(key);
+- LDNS_FREE(hmac);
+- }
+- LDNS_FREE(key);
+-}
+-
+-void
+-ldns_key_list_free(ldns_key_list *key_list)
+-{
+- size_t i;
+- for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
+- ldns_key_deep_free(ldns_key_list_key(key_list, i));
+- }
+- LDNS_FREE(key_list->_keys);
+- LDNS_FREE(key_list);
+-}
+-
+-ldns_rr *
+-ldns_read_anchor_file(const char *filename)
+-{
+- FILE *fp;
+- /*char line[LDNS_MAX_PACKETLEN];*/
+- char *line = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN);
+- int c;
+- size_t i = 0;
+- ldns_rr *r;
+- ldns_status status;
+- if(!line) {
+- return NULL;
+- }
+-
+- fp = fopen(filename, "r");
+- if (!fp) {
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
+-#endif
+- LDNS_FREE(line);
+- return NULL;
+- }
+-
+- while ((c = fgetc(fp)) && i+1 < LDNS_MAX_PACKETLEN && c != EOF) {
+- line[i] = c;
+- i++;
+- }
+- line[i] = '\0';
+-
+- fclose(fp);
+-
+- if (i <= 0) {
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "nothing read from %s", filename);
+-#endif
+- LDNS_FREE(line);
+- return NULL;
+- } else {
+- status = ldns_rr_new_frm_str(&r, line, 0, NULL, NULL);
+- if (status == LDNS_STATUS_OK && (ldns_rr_get_type(r) == LDNS_RR_TYPE_DNSKEY || ldns_rr_get_type(r) == LDNS_RR_TYPE_DS)) {
+- LDNS_FREE(line);
+- return r;
+- } else {
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "Error creating DNSKEY or DS rr from %s: %s\n", filename, ldns_get_errorstr_by_id(status));
+-#endif
+- LDNS_FREE(line);
+- return NULL;
+- }
+- }
+-}
+-
+-char *
+-ldns_key_get_file_base_name(ldns_key *key)
+-{
+- ldns_buffer *buffer;
+- char *file_base_name;
+-
+- buffer = ldns_buffer_new(255);
+- ldns_buffer_printf(buffer, "K");
+- (void)ldns_rdf2buffer_str_dname(buffer, ldns_key_pubkey_owner(key));
+- ldns_buffer_printf(buffer,
+- "+%03u+%05u",
+- ldns_key_algorithm(key),
+- ldns_key_keytag(key));
+- file_base_name = ldns_buffer_export(buffer);
+- ldns_buffer_free(buffer);
+- return file_base_name;
+-}
+-
+-int ldns_key_algo_supported(int algo)
+-{
+- ldns_lookup_table *lt = ldns_signing_algorithms;
+- while(lt->name) {
+- if(lt->id == algo)
+- return 1;
+- lt++;
+- }
+- return 0;
+-}
+-
+-ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name)
+-{
+- /* list of (signing algorithm id, alias_name) */
+- ldns_lookup_table aliases[] = {
+- /* from bind dnssec-keygen */
+- {LDNS_SIGN_HMACMD5, "HMAC-MD5"},
+- {LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"},
+- {LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"},
+- /* old ldns usage, now RFC names */
+- {LDNS_SIGN_DSA_NSEC3, "DSA_NSEC3" },
+- {LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1_NSEC3" },
+-#ifdef USE_GOST
+- {LDNS_SIGN_ECC_GOST, "GOST"},
+-#endif
+- /* compat with possible output */
+- {LDNS_DH, "DH"},
+- {LDNS_ECC, "ECC"},
+- {LDNS_INDIRECT, "INDIRECT"},
+- {LDNS_PRIVATEDNS, "PRIVATEDNS"},
+- {LDNS_PRIVATEOID, "PRIVATEOID"},
+- {0, NULL}};
+- ldns_lookup_table* lt = ldns_signing_algorithms;
+- ldns_signing_algorithm a;
+- char *endptr;
+-
+- while(lt->name) {
+- if(strcasecmp(lt->name, name) == 0)
+- return lt->id;
+- lt++;
+- }
+- lt = aliases;
+- while(lt->name) {
+- if(strcasecmp(lt->name, name) == 0)
+- return lt->id;
+- lt++;
+- }
+- a = strtol(name, &endptr, 10);
+- if (*name && !*endptr)
+- return a;
+-
+- return 0;
+-}
+diff --git a/src/ldns/net.c b/src/ldns/net.c
+deleted file mode 100644
+index b8a5385..0000000
+--- a/src/ldns/net.c
++++ /dev/null
+@@ -1,1002 +0,0 @@
+-/*
+- * net.c
+- *
+- * Network implementation
+- * All network related functions are grouped here
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#ifdef HAVE_NETINET_IN_H
+-#include <netinet/in.h>
+-#endif
+-#ifdef HAVE_SYS_SOCKET_H
+-#include <sys/socket.h>
+-#endif
+-#ifdef HAVE_NETDB_H
+-#include <netdb.h>
+-#endif
+-#ifdef HAVE_ARPA_INET_H
+-#include <arpa/inet.h>
+-#endif
+-#include <sys/time.h>
+-#include <errno.h>
+-#include <fcntl.h>
+-
+-ldns_status
+-ldns_send(ldns_pkt **result_packet, ldns_resolver *r, const ldns_pkt *query_pkt)
+-{
+- ldns_buffer *qb;
+- ldns_status result;
+- ldns_rdf *tsig_mac = NULL;
+-
+- qb = ldns_buffer_new(LDNS_MIN_BUFLEN);
+-
+- if (query_pkt && ldns_pkt_tsig(query_pkt)) {
+- tsig_mac = ldns_rr_rdf(ldns_pkt_tsig(query_pkt), 3);
+- }
+-
+- if (!query_pkt ||
+- ldns_pkt2buffer_wire(qb, query_pkt) != LDNS_STATUS_OK) {
+- result = LDNS_STATUS_ERR;
+- } else {
+- result = ldns_send_buffer(result_packet, r, qb, tsig_mac);
+- }
+-
+- ldns_buffer_free(qb);
+-
+- return result;
+-}
+-
+-/* code from rdata.c */
+-static struct sockaddr_storage *
+-ldns_rdf2native_sockaddr_storage_port(
+- const ldns_rdf *rd, uint16_t port, size_t *size)
+-{
+- struct sockaddr_storage *data;
+- struct sockaddr_in *data_in;
+- struct sockaddr_in6 *data_in6;
+-
+- data = LDNS_MALLOC(struct sockaddr_storage);
+- if (!data) {
+- return NULL;
+- }
+- /* zero the structure for portability */
+- memset(data, 0, sizeof(struct sockaddr_storage));
+-
+- switch(ldns_rdf_get_type(rd)) {
+- case LDNS_RDF_TYPE_A:
+-#ifndef S_SPLINT_S
+- data->ss_family = AF_INET;
+-#endif
+- data_in = (struct sockaddr_in*) data;
+- data_in->sin_port = (in_port_t)htons(port);
+- memcpy(&(data_in->sin_addr), ldns_rdf_data(rd), ldns_rdf_size(rd));
+- *size = sizeof(struct sockaddr_in);
+- return data;
+- case LDNS_RDF_TYPE_AAAA:
+-#ifndef S_SPLINT_S
+- data->ss_family = AF_INET6;
+-#endif
+- data_in6 = (struct sockaddr_in6*) data;
+- data_in6->sin6_port = (in_port_t)htons(port);
+- memcpy(&data_in6->sin6_addr, ldns_rdf_data(rd), ldns_rdf_size(rd));
+- *size = sizeof(struct sockaddr_in6);
+- return data;
+- default:
+- LDNS_FREE(data);
+- return NULL;
+- }
+-}
+-
+-struct sockaddr_storage *
+-ldns_rdf2native_sockaddr_storage(
+- const ldns_rdf *rd, uint16_t port, size_t *size)
+-{
+- return ldns_rdf2native_sockaddr_storage_port(
+- rd, (port == 0 ? (uint16_t)LDNS_PORT : port), size);
+-}
+-
+-/** best effort to set nonblocking */
+-static void
+-ldns_sock_nonblock(int sockfd)
+-{
+-#ifdef HAVE_FCNTL
+- int flag;
+- if((flag = fcntl(sockfd, F_GETFL)) != -1) {
+- flag |= O_NONBLOCK;
+- if(fcntl(sockfd, F_SETFL, flag) == -1) {
+- /* ignore error, continue blockingly */
+- }
+- }
+-#elif defined(HAVE_IOCTLSOCKET)
+- unsigned long on = 1;
+- if(ioctlsocket(sockfd, FIONBIO, &on) != 0) {
+- /* ignore error, continue blockingly */
+- }
+-#endif
+-}
+-
+-/** best effort to set blocking */
+-static void
+-ldns_sock_block(int sockfd)
+-{
+-#ifdef HAVE_FCNTL
+- int flag;
+- if((flag = fcntl(sockfd, F_GETFL)) != -1) {
+- flag &= ~O_NONBLOCK;
+- if(fcntl(sockfd, F_SETFL, flag) == -1) {
+- /* ignore error, continue */
+- }
+- }
+-#elif defined(HAVE_IOCTLSOCKET)
+- unsigned long off = 0;
+- if(ioctlsocket(sockfd, FIONBIO, &off) != 0) {
+- /* ignore error, continue */
+- }
+-#endif
+-}
+-
+-/** wait for a socket to become ready */
+-static int
+-ldns_sock_wait(int sockfd, struct timeval timeout, int write)
+-{
+- int ret;
+-#ifndef S_SPLINT_S
+- fd_set fds;
+- FD_ZERO(&fds);
+- FD_SET(FD_SET_T sockfd, &fds);
+- if(write)
+- ret = select(sockfd+1, NULL, &fds, NULL, &timeout);
+- else
+- ret = select(sockfd+1, &fds, NULL, NULL, &timeout);
+-#endif
+- if(ret == 0)
+- /* timeout expired */
+- return 0;
+- else if(ret == -1)
+- /* error */
+- return 0;
+- return 1;
+-}
+-
+-
+-static int
+-ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
+- const struct sockaddr_storage *from, socklen_t fromlen,
+- struct timeval timeout)
+-{
+- int sockfd;
+-
+-#ifndef S_SPLINT_S
+- if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_STREAM,
+- IPPROTO_TCP)) == -1) {
+- return 0;
+- }
+-#endif
+- if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){
+- return 0;
+- }
+-
+- /* perform nonblocking connect, to be able to wait with select() */
+- ldns_sock_nonblock(sockfd);
+- if (connect(sockfd, (struct sockaddr*)to, tolen) == -1) {
+-#ifndef USE_WINSOCK
+-#ifdef EINPROGRESS
+- if(errno != EINPROGRESS) {
+-#else
+- if(1) {
+-#endif
+- close(sockfd);
+- return 0;
+- }
+-#else /* USE_WINSOCK */
+- if(WSAGetLastError() != WSAEINPROGRESS &&
+- WSAGetLastError() != WSAEWOULDBLOCK) {
+- closesocket(sockfd);
+- return 0;
+- }
+-#endif
+- /* error was only telling us that it would block */
+- }
+-
+- /* wait(write) until connected or error */
+- while(1) {
+- int error = 0;
+- socklen_t len = (socklen_t)sizeof(error);
+-
+- if(!ldns_sock_wait(sockfd, timeout, 1)) {
+-#ifndef USE_WINSOCK
+- close(sockfd);
+-#else
+- closesocket(sockfd);
+-#endif
+- return 0;
+- }
+-
+- /* check if there is a pending error for nonblocking connect */
+- if(getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void*)&error,
+- &len) < 0) {
+-#ifndef USE_WINSOCK
+- error = errno; /* on solaris errno is error */
+-#else
+- error = WSAGetLastError();
+-#endif
+- }
+-#ifndef USE_WINSOCK
+-#if defined(EINPROGRESS) && defined(EWOULDBLOCK)
+- if(error == EINPROGRESS || error == EWOULDBLOCK)
+- continue; /* try again */
+-#endif
+- else if(error != 0) {
+- close(sockfd);
+- /* error in errno for our user */
+- errno = error;
+- return 0;
+- }
+-#else /* USE_WINSOCK */
+- if(error == WSAEINPROGRESS)
+- continue;
+- else if(error == WSAEWOULDBLOCK)
+- continue;
+- else if(error != 0) {
+- closesocket(sockfd);
+- errno = error;
+- return 0;
+- }
+-#endif /* USE_WINSOCK */
+- /* connected */
+- break;
+- }
+-
+- /* set the socket blocking again */
+- ldns_sock_block(sockfd);
+-
+- return sockfd;
+-}
+-
+-int
+-ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen,
+- struct timeval timeout)
+-{
+- return ldns_tcp_connect_from(to, tolen, NULL, 0, timeout);
+-}
+-
+-static int
+-ldns_tcp_bgsend_from(ldns_buffer *qbin,
+- const struct sockaddr_storage *to, socklen_t tolen,
+- const struct sockaddr_storage *from, socklen_t fromlen,
+- struct timeval timeout)
+-{
+- int sockfd;
+-
+- sockfd = ldns_tcp_connect_from(to, tolen, from, fromlen, timeout);
+-
+- if (sockfd == 0) {
+- return 0;
+- }
+-
+- if (ldns_tcp_send_query(qbin, sockfd, to, tolen) == 0) {
+-#ifndef USE_WINSOCK
+- close(sockfd);
+-#else
+- closesocket(sockfd);
+-#endif
+- return 0;
+- }
+-
+- return sockfd;
+-}
+-
+-int
+-ldns_tcp_bgsend(ldns_buffer *qbin,
+- const struct sockaddr_storage *to, socklen_t tolen,
+- struct timeval timeout)
+-{
+- return ldns_tcp_bgsend_from(qbin, to, tolen, NULL, 0, timeout);
+-}
+-
+-
+-/* keep in mind that in DNS tcp messages the first 2 bytes signal the
+- * amount data to expect
+- */
+-static ldns_status
+-ldns_tcp_send_from(uint8_t **result, ldns_buffer *qbin,
+- const struct sockaddr_storage *to, socklen_t tolen,
+- const struct sockaddr_storage *from, socklen_t fromlen,
+- struct timeval timeout, size_t *answer_size)
+-{
+- int sockfd;
+- uint8_t *answer;
+-
+- sockfd = ldns_tcp_bgsend_from(qbin, to, tolen, from, fromlen, timeout);
+-
+- if (sockfd == 0) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout);
+-#ifndef USE_WINSOCK
+- close(sockfd);
+-#else
+- closesocket(sockfd);
+-#endif
+-
+- if (*answer_size == 0) {
+- /* oops */
+- return LDNS_STATUS_NETWORK_ERR;
+- }
+-
+- /* resize accordingly */
+- *result = LDNS_XREALLOC(answer, uint8_t, (size_t)*answer_size);
+- if(!*result) {
+- LDNS_FREE(answer);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_tcp_send(uint8_t **result, ldns_buffer *qbin,
+- const struct sockaddr_storage *to, socklen_t tolen,
+- struct timeval timeout, size_t *answer_size)
+-{
+- return ldns_tcp_send_from(result, qbin,
+- to, tolen, NULL, 0, timeout, answer_size);
+-}
+-
+-int
+-ldns_udp_connect(const struct sockaddr_storage *to, struct timeval ATTR_UNUSED(timeout))
+-{
+- int sockfd;
+-
+-#ifndef S_SPLINT_S
+- if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_DGRAM,
+- IPPROTO_UDP))
+- == -1) {
+- return 0;
+- }
+-#endif
+- return sockfd;
+-}
+-
+-static int
+-ldns_udp_bgsend_from(ldns_buffer *qbin,
+- const struct sockaddr_storage *to , socklen_t tolen,
+- const struct sockaddr_storage *from, socklen_t fromlen,
+- struct timeval timeout)
+-{
+- int sockfd;
+-
+- sockfd = ldns_udp_connect(to, timeout);
+-
+- if (sockfd == 0) {
+- return 0;
+- }
+-
+- if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){
+- return 0;
+- }
+-
+- if (ldns_udp_send_query(qbin, sockfd, to, tolen) == 0) {
+-#ifndef USE_WINSOCK
+- close(sockfd);
+-#else
+- closesocket(sockfd);
+-#endif
+- return 0;
+- }
+- return sockfd;
+-}
+-
+-int
+-ldns_udp_bgsend(ldns_buffer *qbin,
+- const struct sockaddr_storage *to , socklen_t tolen,
+- struct timeval timeout)
+-{
+- return ldns_udp_bgsend_from(qbin, to, tolen, NULL, 0, timeout);
+-}
+-
+-static ldns_status
+-ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin,
+- const struct sockaddr_storage *to , socklen_t tolen,
+- const struct sockaddr_storage *from, socklen_t fromlen,
+- struct timeval timeout, size_t *answer_size)
+-{
+- int sockfd;
+- uint8_t *answer;
+-
+- sockfd = ldns_udp_bgsend_from(qbin, to, tolen, from, fromlen, timeout);
+-
+- if (sockfd == 0) {
+- return LDNS_STATUS_SOCKET_ERROR;
+- }
+-
+- /* wait for an response*/
+- if(!ldns_sock_wait(sockfd, timeout, 0)) {
+-#ifndef USE_WINSOCK
+- close(sockfd);
+-#else
+- closesocket(sockfd);
+-#endif
+- return LDNS_STATUS_NETWORK_ERR;
+- }
+-
+- /* set to nonblocking, so if the checksum is bad, it becomes
+- * an EGAIN error and the ldns_udp_send function does not block,
+- * but returns a 'NETWORK_ERROR' much like a timeout. */
+- ldns_sock_nonblock(sockfd);
+-
+- answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL);
+-#ifndef USE_WINSOCK
+- close(sockfd);
+-#else
+- closesocket(sockfd);
+-#endif
+-
+- if (*answer_size == 0) {
+- /* oops */
+- return LDNS_STATUS_NETWORK_ERR;
+- }
+-
+- *result = answer;
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_udp_send(uint8_t **result, ldns_buffer *qbin,
+- const struct sockaddr_storage *to , socklen_t tolen,
+- struct timeval timeout, size_t *answer_size)
+-{
+- return ldns_udp_send_from(result, qbin, to, tolen, NULL, 0,
+- timeout, answer_size);
+-}
+-
+-ldns_status
+-ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac)
+-{
+- uint8_t i;
+-
+- struct sockaddr_storage *src = NULL;
+- size_t src_len;
+- struct sockaddr_storage *ns;
+- size_t ns_len;
+- struct timeval tv_s;
+- struct timeval tv_e;
+-
+- ldns_rdf **ns_array;
+- size_t *rtt;
+- ldns_pkt *reply;
+- bool all_servers_rtt_inf;
+- uint8_t retries;
+-
+- uint8_t *reply_bytes = NULL;
+- size_t reply_size = 0;
+- ldns_status status, send_status;
+-
+- assert(r != NULL);
+-
+- status = LDNS_STATUS_OK;
+- rtt = ldns_resolver_rtt(r);
+- ns_array = ldns_resolver_nameservers(r);
+- reply = NULL;
+- ns_len = 0;
+-
+- all_servers_rtt_inf = true;
+-
+- if (ldns_resolver_random(r)) {
+- ldns_resolver_nameservers_randomize(r);
+- }
+-
+- if(ldns_resolver_source(r)) {
+- src = ldns_rdf2native_sockaddr_storage_port(
+- ldns_resolver_source(r), 0, &src_len);
+- }
+-
+- /* loop through all defined nameservers */
+- for (i = 0; i < ldns_resolver_nameserver_count(r); i++) {
+- if (rtt[i] == LDNS_RESOLV_RTT_INF) {
+- /* not reachable nameserver! */
+- continue;
+- }
+-
+- /* maybe verbosity setting?
+- printf("Sending to ");
+- ldns_rdf_print(stdout, ns_array[i]);
+- printf("\n");
+- */
+- ns = ldns_rdf2native_sockaddr_storage(ns_array[i],
+- ldns_resolver_port(r), &ns_len);
+-
+-
+-#ifndef S_SPLINT_S
+- if ((ns->ss_family == AF_INET) &&
+- (ldns_resolver_ip6(r) == LDNS_RESOLV_INET6)) {
+- /* not reachable */
+- LDNS_FREE(ns);
+- continue;
+- }
+-
+- if ((ns->ss_family == AF_INET6) &&
+- (ldns_resolver_ip6(r) == LDNS_RESOLV_INET)) {
+- /* not reachable */
+- LDNS_FREE(ns);
+- continue;
+- }
+-#endif
+-
+- all_servers_rtt_inf = false;
+-
+- gettimeofday(&tv_s, NULL);
+-
+- send_status = LDNS_STATUS_ERR;
+-
+- /* reply_bytes implicitly handles our error */
+- if (ldns_resolver_usevc(r)) {
+- for (retries = ldns_resolver_retry(r); retries > 0; retries--) {
+- send_status =
+- ldns_tcp_send_from(&reply_bytes, qb,
+- ns, (socklen_t)ns_len,
+- src, (socklen_t)src_len,
+- ldns_resolver_timeout(r),
+- &reply_size);
+- if (send_status == LDNS_STATUS_OK) {
+- break;
+- }
+- }
+- } else {
+- for (retries = ldns_resolver_retry(r); retries > 0; retries--) {
+- /* ldns_rdf_print(stdout, ns_array[i]); */
+- send_status =
+- ldns_udp_send_from(&reply_bytes, qb,
+- ns, (socklen_t)ns_len,
+- src, (socklen_t)src_len,
+- ldns_resolver_timeout(r),
+- &reply_size);
+- if (send_status == LDNS_STATUS_OK) {
+- break;
+- }
+- }
+- }
+-
+- if (send_status != LDNS_STATUS_OK) {
+- ldns_resolver_set_nameserver_rtt(r, i, LDNS_RESOLV_RTT_INF);
+- status = send_status;
+- }
+-
+- /* obey the fail directive */
+- if (!reply_bytes) {
+- /* the current nameserver seems to have a problem, blacklist it */
+- if (ldns_resolver_fail(r)) {
+- LDNS_FREE(ns);
+- return LDNS_STATUS_ERR;
+- } else {
+- LDNS_FREE(ns);
+- continue;
+- }
+- }
+-
+- status = ldns_wire2pkt(&reply, reply_bytes, reply_size);
+- if (status != LDNS_STATUS_OK) {
+- LDNS_FREE(reply_bytes);
+- LDNS_FREE(ns);
+- return status;
+- }
+-
+- LDNS_FREE(ns);
+- gettimeofday(&tv_e, NULL);
+-
+- if (reply) {
+- ldns_pkt_set_querytime(reply, (uint32_t)
+- ((tv_e.tv_sec - tv_s.tv_sec) * 1000) +
+- (tv_e.tv_usec - tv_s.tv_usec) / 1000);
+- ldns_pkt_set_answerfrom(reply,
+- ldns_rdf_clone(ns_array[i]));
+- ldns_pkt_set_timestamp(reply, tv_s);
+- ldns_pkt_set_size(reply, reply_size);
+- break;
+- } else {
+- if (ldns_resolver_fail(r)) {
+- /* if fail is set bail out, after the first
+- * one */
+- break;
+- }
+- }
+-
+- /* wait retrans seconds... */
+- sleep((unsigned int) ldns_resolver_retrans(r));
+- }
+-
+- if(src) {
+- LDNS_FREE(src);
+- }
+- if (all_servers_rtt_inf) {
+- LDNS_FREE(reply_bytes);
+- return LDNS_STATUS_RES_NO_NS;
+- }
+-#ifdef HAVE_SSL
+- if (tsig_mac && reply && reply_bytes) {
+- if (!ldns_pkt_tsig_verify(reply,
+- reply_bytes,
+- reply_size,
+- ldns_resolver_tsig_keyname(r),
+- ldns_resolver_tsig_keydata(r), tsig_mac)) {
+- status = LDNS_STATUS_CRYPTO_TSIG_BOGUS;
+- }
+- }
+-#else
+- (void)tsig_mac;
+-#endif /* HAVE_SSL */
+-
+- LDNS_FREE(reply_bytes);
+- if (result) {
+- *result = reply;
+- }
+-
+- return status;
+-}
+-
+-ssize_t
+-ldns_tcp_send_query(ldns_buffer *qbin, int sockfd,
+- const struct sockaddr_storage *to, socklen_t tolen)
+-{
+- uint8_t *sendbuf;
+- ssize_t bytes;
+-
+- /* add length of packet */
+- sendbuf = LDNS_XMALLOC(uint8_t, ldns_buffer_position(qbin) + 2);
+- if(!sendbuf) return 0;
+- ldns_write_uint16(sendbuf, ldns_buffer_position(qbin));
+- memcpy(sendbuf + 2, ldns_buffer_begin(qbin), ldns_buffer_position(qbin));
+-
+- bytes = sendto(sockfd, (void*)sendbuf,
+- ldns_buffer_position(qbin) + 2, 0, (struct sockaddr *)to, tolen);
+-
+- LDNS_FREE(sendbuf);
+-
+- if (bytes == -1 || (size_t) bytes != ldns_buffer_position(qbin) + 2 ) {
+- return 0;
+- }
+- return bytes;
+-}
+-
+-/* don't wait for an answer */
+-ssize_t
+-ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to,
+- socklen_t tolen)
+-{
+- ssize_t bytes;
+-
+- bytes = sendto(sockfd, (void*)ldns_buffer_begin(qbin),
+- ldns_buffer_position(qbin), 0, (struct sockaddr *)to, tolen);
+-
+- if (bytes == -1 || (size_t)bytes != ldns_buffer_position(qbin)) {
+- return 0;
+- }
+- if ((size_t) bytes != ldns_buffer_position(qbin)) {
+- return 0;
+- }
+- return bytes;
+-}
+-
+-uint8_t *
+-ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *from,
+- socklen_t *fromlen)
+-{
+- uint8_t *wire, *wireout;
+- ssize_t wire_size;
+-
+- wire = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN);
+- if (!wire) {
+- *size = 0;
+- return NULL;
+- }
+-
+- wire_size = recvfrom(sockfd, (void*)wire, LDNS_MAX_PACKETLEN, 0,
+- (struct sockaddr *)from, fromlen);
+-
+- /* recvfrom can also return 0 */
+- if (wire_size == -1 || wire_size == 0) {
+- *size = 0;
+- LDNS_FREE(wire);
+- return NULL;
+- }
+-
+- *size = (size_t)wire_size;
+- wireout = LDNS_XREALLOC(wire, uint8_t, (size_t)wire_size);
+- if(!wireout) LDNS_FREE(wire);
+-
+- return wireout;
+-}
+-
+-uint8_t *
+-ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout)
+-{
+- uint8_t *wire;
+- uint16_t wire_size;
+- ssize_t bytes = 0, rc = 0;
+-
+- wire = LDNS_XMALLOC(uint8_t, 2);
+- if (!wire) {
+- *size = 0;
+- return NULL;
+- }
+-
+- while (bytes < 2) {
+- if(!ldns_sock_wait(sockfd, timeout, 0)) {
+- *size = 0;
+- LDNS_FREE(wire);
+- return NULL;
+- }
+- rc = recv(sockfd, (void*) (wire + bytes),
+- (size_t) (2 - bytes), 0);
+- if (rc == -1 || rc == 0) {
+- *size = 0;
+- LDNS_FREE(wire);
+- return NULL;
+- }
+- bytes += rc;
+- }
+-
+- wire_size = ldns_read_uint16(wire);
+-
+- LDNS_FREE(wire);
+- wire = LDNS_XMALLOC(uint8_t, wire_size);
+- if (!wire) {
+- *size = 0;
+- return NULL;
+- }
+- bytes = 0;
+-
+- while (bytes < (ssize_t) wire_size) {
+- if(!ldns_sock_wait(sockfd, timeout, 0)) {
+- *size = 0;
+- LDNS_FREE(wire);
+- return NULL;
+- }
+- rc = recv(sockfd, (void*) (wire + bytes),
+- (size_t) (wire_size - bytes), 0);
+- if (rc == -1 || rc == 0) {
+- LDNS_FREE(wire);
+- *size = 0;
+- return NULL;
+- }
+- bytes += rc;
+- }
+-
+- *size = (size_t) bytes;
+- return wire;
+-}
+-
+-uint8_t *
+-ldns_tcp_read_wire(int sockfd, size_t *size)
+-{
+- uint8_t *wire;
+- uint16_t wire_size;
+- ssize_t bytes = 0, rc = 0;
+-
+- wire = LDNS_XMALLOC(uint8_t, 2);
+- if (!wire) {
+- *size = 0;
+- return NULL;
+- }
+-
+- while (bytes < 2) {
+- rc = recv(sockfd, (void*) (wire + bytes),
+- (size_t) (2 - bytes), 0);
+- if (rc == -1 || rc == 0) {
+- *size = 0;
+- LDNS_FREE(wire);
+- return NULL;
+- }
+- bytes += rc;
+- }
+-
+- wire_size = ldns_read_uint16(wire);
+-
+- LDNS_FREE(wire);
+- wire = LDNS_XMALLOC(uint8_t, wire_size);
+- if (!wire) {
+- *size = 0;
+- return NULL;
+- }
+- bytes = 0;
+-
+- while (bytes < (ssize_t) wire_size) {
+- rc = recv(sockfd, (void*) (wire + bytes),
+- (size_t) (wire_size - bytes), 0);
+- if (rc == -1 || rc == 0) {
+- LDNS_FREE(wire);
+- *size = 0;
+- return NULL;
+- }
+- bytes += rc;
+- }
+-
+- *size = (size_t) bytes;
+- return wire;
+-}
+-
+-#ifndef S_SPLINT_S
+-ldns_rdf *
+-ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port)
+-{
+- ldns_rdf *addr;
+- struct sockaddr_in *data_in;
+- struct sockaddr_in6 *data_in6;
+-
+- switch(sock->ss_family) {
+- case AF_INET:
+- data_in = (struct sockaddr_in*)sock;
+- if (port) {
+- *port = ntohs((uint16_t)data_in->sin_port);
+- }
+- addr = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_A,
+- LDNS_IP4ADDRLEN, &data_in->sin_addr);
+- break;
+- case AF_INET6:
+- data_in6 = (struct sockaddr_in6*)sock;
+- if (port) {
+- *port = ntohs((uint16_t)data_in6->sin6_port);
+- }
+- addr = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_AAAA,
+- LDNS_IP6ADDRLEN, &data_in6->sin6_addr);
+- break;
+- default:
+- if (port) {
+- *port = 0;
+- }
+- return NULL;
+- }
+- return addr;
+-}
+-#endif
+-
+-/* code from resolver.c */
+-ldns_status
+-ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
+-{
+- ldns_pkt *query;
+- ldns_buffer *query_wire;
+-
+- struct sockaddr_storage *src = NULL;
+- size_t src_len = 0;
+- struct sockaddr_storage *ns = NULL;
+- size_t ns_len = 0;
+- size_t ns_i;
+- ldns_status status;
+-
+- if (!resolver || ldns_resolver_nameserver_count(resolver) < 1) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- query = ldns_pkt_query_new(ldns_rdf_clone(domain), LDNS_RR_TYPE_AXFR, class, 0);
+-
+- if (!query) {
+- return LDNS_STATUS_ADDRESS_ERR;
+- }
+- if(ldns_resolver_source(resolver)) {
+- src = ldns_rdf2native_sockaddr_storage_port(
+- ldns_resolver_source(resolver), 0, &src_len);
+- }
+- /* For AXFR, we have to make the connection ourselves */
+- /* try all nameservers (which usually would mean v4 fallback if
+- * @hostname is used */
+- for (ns_i = 0;
+- ns_i < ldns_resolver_nameserver_count(resolver) &&
+- resolver->_socket == 0;
+- ns_i++) {
+- if (ns != NULL) {
+- LDNS_FREE(ns);
+- }
+- ns = ldns_rdf2native_sockaddr_storage(
+- resolver->_nameservers[ns_i],
+- ldns_resolver_port(resolver), &ns_len);
+-
+- resolver->_socket = ldns_tcp_connect_from(
+- ns, (socklen_t)ns_len,
+- src, (socklen_t)src_len,
+- ldns_resolver_timeout(resolver));
+- }
+-
+- if (resolver->_socket == 0) {
+- ldns_pkt_free(query);
+- LDNS_FREE(ns);
+- return LDNS_STATUS_NETWORK_ERR;
+- }
+-
+-#ifdef HAVE_SSL
+- if (ldns_resolver_tsig_keyname(resolver) && ldns_resolver_tsig_keydata(resolver)) {
+- status = ldns_pkt_tsig_sign(query,
+- ldns_resolver_tsig_keyname(resolver),
+- ldns_resolver_tsig_keydata(resolver),
+- 300, ldns_resolver_tsig_algorithm(resolver), NULL);
+- if (status != LDNS_STATUS_OK) {
+- /* to prevent problems on subsequent calls to
+- * ldns_axfr_start we have to close the socket here! */
+-#ifndef USE_WINSOCK
+- close(resolver->_socket);
+-#else
+- closesocket(resolver->_socket);
+-#endif
+- resolver->_socket = 0;
+-
+- ldns_pkt_free(query);
+- LDNS_FREE(ns);
+-
+- return LDNS_STATUS_CRYPTO_TSIG_ERR;
+- }
+- }
+-#endif /* HAVE_SSL */
+-
+- /* Convert the query to a buffer
+- * Is this necessary?
+- */
+- query_wire = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- if(!query_wire) {
+- ldns_pkt_free(query);
+- LDNS_FREE(ns);
+-#ifndef USE_WINSOCK
+- close(resolver->_socket);
+-#else
+- closesocket(resolver->_socket);
+-#endif
+- resolver->_socket = 0;
+-
+- return LDNS_STATUS_MEM_ERR;
+- }
+- status = ldns_pkt2buffer_wire(query_wire, query);
+- if (status != LDNS_STATUS_OK) {
+- ldns_pkt_free(query);
+- ldns_buffer_free(query_wire);
+- LDNS_FREE(ns);
+-
+- /* to prevent problems on subsequent calls to ldns_axfr_start
+- * we have to close the socket here! */
+-#ifndef USE_WINSOCK
+- close(resolver->_socket);
+-#else
+- closesocket(resolver->_socket);
+-#endif
+- resolver->_socket = 0;
+-
+- return status;
+- }
+- /* Send the query */
+- if (ldns_tcp_send_query(query_wire, resolver->_socket, ns,
+- (socklen_t)ns_len) == 0) {
+- ldns_pkt_free(query);
+- ldns_buffer_free(query_wire);
+- LDNS_FREE(ns);
+-
+- /* to prevent problems on subsequent calls to ldns_axfr_start
+- * we have to close the socket here! */
+-
+-#ifndef USE_WINSOCK
+- close(resolver->_socket);
+-#else
+- closesocket(resolver->_socket);
+-#endif
+- resolver->_socket = 0;
+-
+- return LDNS_STATUS_NETWORK_ERR;
+- }
+-
+- ldns_pkt_free(query);
+- ldns_buffer_free(query_wire);
+- LDNS_FREE(ns);
+-
+- /*
+- * The AXFR is done once the second SOA record is sent
+- */
+- resolver->_axfr_soa_count = 0;
+- return LDNS_STATUS_OK;
+-}
+diff --git a/src/ldns/packet.c b/src/ldns/packet.c
+deleted file mode 100644
+index 62bfd07..0000000
+--- a/src/ldns/packet.c
++++ /dev/null
+@@ -1,1159 +0,0 @@
+-/*
+- * packet.c
+- *
+- * dns packet implementation
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#include <strings.h>
+-#include <limits.h>
+-
+-#ifdef HAVE_SSL
+-#include <openssl/rand.h>
+-#endif
+-
+-/* Access functions
+- * do this as functions to get type checking
+- */
+-
+-#define LDNS_EDNS_MASK_DO_BIT 0x8000
+-
+-/* TODO defines for 3600 */
+-/* convert to and from numerical flag values */
+-ldns_lookup_table ldns_edns_flags[] = {
+- { 3600, "do"},
+- { 0, NULL}
+-};
+-
+-/* read */
+-uint16_t
+-ldns_pkt_id(const ldns_pkt *packet)
+-{
+- return packet->_header->_id;
+-}
+-
+-bool
+-ldns_pkt_qr(const ldns_pkt *packet)
+-{
+- return packet->_header->_qr;
+-}
+-
+-bool
+-ldns_pkt_aa(const ldns_pkt *packet)
+-{
+- return packet->_header->_aa;
+-}
+-
+-bool
+-ldns_pkt_tc(const ldns_pkt *packet)
+-{
+- return packet->_header->_tc;
+-}
+-
+-bool
+-ldns_pkt_rd(const ldns_pkt *packet)
+-{
+- return packet->_header->_rd;
+-}
+-
+-bool
+-ldns_pkt_cd(const ldns_pkt *packet)
+-{
+- return packet->_header->_cd;
+-}
+-
+-bool
+-ldns_pkt_ra(const ldns_pkt *packet)
+-{
+- return packet->_header->_ra;
+-}
+-
+-bool
+-ldns_pkt_ad(const ldns_pkt *packet)
+-{
+- return packet->_header->_ad;
+-}
+-
+-ldns_pkt_opcode
+-ldns_pkt_get_opcode(const ldns_pkt *packet)
+-{
+- return packet->_header->_opcode;
+-}
+-
+-ldns_pkt_rcode
+-ldns_pkt_get_rcode(const ldns_pkt *packet)
+-{
+- return packet->_header->_rcode;
+-}
+-
+-uint16_t
+-ldns_pkt_qdcount(const ldns_pkt *packet)
+-{
+- return packet->_header->_qdcount;
+-}
+-
+-uint16_t
+-ldns_pkt_ancount(const ldns_pkt *packet)
+-{
+- return packet->_header->_ancount;
+-}
+-
+-uint16_t
+-ldns_pkt_nscount(const ldns_pkt *packet)
+-{
+- return packet->_header->_nscount;
+-}
+-
+-uint16_t
+-ldns_pkt_arcount(const ldns_pkt *packet)
+-{
+- return packet->_header->_arcount;
+-}
+-
+-ldns_rr_list *
+-ldns_pkt_question(const ldns_pkt *packet)
+-{
+- return packet->_question;
+-}
+-
+-ldns_rr_list *
+-ldns_pkt_answer(const ldns_pkt *packet)
+-{
+- return packet->_answer;
+-}
+-
+-ldns_rr_list *
+-ldns_pkt_authority(const ldns_pkt *packet)
+-{
+- return packet->_authority;
+-}
+-
+-ldns_rr_list *
+-ldns_pkt_additional(const ldns_pkt *packet)
+-{
+- return packet->_additional;
+-}
+-
+-/* return ALL section concatenated */
+-ldns_rr_list *
+-ldns_pkt_all(const ldns_pkt *packet)
+-{
+- ldns_rr_list *all, *prev_all;
+-
+- all = ldns_rr_list_cat_clone(
+- ldns_pkt_question(packet),
+- ldns_pkt_answer(packet));
+- prev_all = all;
+- all = ldns_rr_list_cat_clone(all,
+- ldns_pkt_authority(packet));
+- ldns_rr_list_deep_free(prev_all);
+- prev_all = all;
+- all = ldns_rr_list_cat_clone(all,
+- ldns_pkt_additional(packet));
+- ldns_rr_list_deep_free(prev_all);
+- return all;
+-}
+-
+-ldns_rr_list *
+-ldns_pkt_all_noquestion(const ldns_pkt *packet)
+-{
+- ldns_rr_list *all, *all2;
+-
+- all = ldns_rr_list_cat_clone(
+- ldns_pkt_answer(packet),
+- ldns_pkt_authority(packet));
+- all2 = ldns_rr_list_cat_clone(all,
+- ldns_pkt_additional(packet));
+-
+- ldns_rr_list_deep_free(all);
+- return all2;
+-}
+-
+-size_t
+-ldns_pkt_size(const ldns_pkt *packet)
+-{
+- return packet->_size;
+-}
+-
+-uint32_t
+-ldns_pkt_querytime(const ldns_pkt *packet)
+-{
+- return packet->_querytime;
+-}
+-
+-ldns_rdf *
+-ldns_pkt_answerfrom(const ldns_pkt *packet)
+-{
+- return packet->_answerfrom;
+-}
+-
+-struct timeval
+-ldns_pkt_timestamp(const ldns_pkt *packet)
+-{
+- return packet->timestamp;
+-}
+-
+-uint16_t
+-ldns_pkt_edns_udp_size(const ldns_pkt *packet)
+-{
+- return packet->_edns_udp_size;
+-}
+-
+-uint8_t
+-ldns_pkt_edns_extended_rcode(const ldns_pkt *packet)
+-{
+- return packet->_edns_extended_rcode;
+-}
+-
+-uint8_t
+-ldns_pkt_edns_version(const ldns_pkt *packet)
+-{
+- return packet->_edns_version;
+-}
+-
+-uint16_t
+-ldns_pkt_edns_z(const ldns_pkt *packet)
+-{
+- return packet->_edns_z;
+-}
+-
+-bool
+-ldns_pkt_edns_do(const ldns_pkt *packet)
+-{
+- return (packet->_edns_z & LDNS_EDNS_MASK_DO_BIT);
+-}
+-
+-void
+-ldns_pkt_set_edns_do(ldns_pkt *packet, bool value)
+-{
+- if (value) {
+- packet->_edns_z = packet->_edns_z | LDNS_EDNS_MASK_DO_BIT;
+- } else {
+- packet->_edns_z = packet->_edns_z & ~LDNS_EDNS_MASK_DO_BIT;
+- }
+-}
+-
+-ldns_rdf *
+-ldns_pkt_edns_data(const ldns_pkt *packet)
+-{
+- return packet->_edns_data;
+-}
+-
+-/* return only those rr that share the ownername */
+-ldns_rr_list *
+-ldns_pkt_rr_list_by_name(ldns_pkt *packet,
+- ldns_rdf *ownername,
+- ldns_pkt_section sec)
+-{
+- ldns_rr_list *rrs;
+- ldns_rr_list *ret;
+- uint16_t i;
+-
+- if (!packet) {
+- return NULL;
+- }
+-
+- rrs = ldns_pkt_get_section_clone(packet, sec);
+- ret = NULL;
+-
+- for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
+- if (ldns_dname_compare(ldns_rr_owner(
+- ldns_rr_list_rr(rrs, i)),
+- ownername) == 0) {
+- /* owner names match */
+- if (ret == NULL) {
+- ret = ldns_rr_list_new();
+- }
+- ldns_rr_list_push_rr(ret,
+- ldns_rr_clone(
+- ldns_rr_list_rr(rrs, i))
+- );
+- }
+- }
+-
+- ldns_rr_list_deep_free(rrs);
+-
+- return ret;
+-}
+-
+-/* return only those rr that share a type */
+-ldns_rr_list *
+-ldns_pkt_rr_list_by_type(const ldns_pkt *packet,
+- ldns_rr_type type,
+- ldns_pkt_section sec)
+-{
+- ldns_rr_list *rrs;
+- ldns_rr_list *new;
+- uint16_t i;
+-
+- if(!packet) {
+- return NULL;
+- }
+-
+- rrs = ldns_pkt_get_section_clone(packet, sec);
+- new = ldns_rr_list_new();
+-
+- for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
+- if (type == ldns_rr_get_type(ldns_rr_list_rr(rrs, i))) {
+- /* types match */
+- ldns_rr_list_push_rr(new,
+- ldns_rr_clone(
+- ldns_rr_list_rr(rrs, i))
+- );
+- }
+- }
+- ldns_rr_list_deep_free(rrs);
+-
+- if (ldns_rr_list_rr_count(new) == 0) {
+- ldns_rr_list_free(new);
+- return NULL;
+- } else {
+- return new;
+- }
+-}
+-
+-/* return only those rrs that share name and type */
+-ldns_rr_list *
+-ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet,
+- const ldns_rdf *ownername,
+- ldns_rr_type type,
+- ldns_pkt_section sec)
+-{
+- ldns_rr_list *rrs;
+- ldns_rr_list *new;
+- ldns_rr_list *ret;
+- uint16_t i;
+-
+- if(!packet) {
+- return NULL;
+- }
+-
+- rrs = ldns_pkt_get_section_clone(packet, sec);
+- new = ldns_rr_list_new();
+- ret = NULL;
+-
+- for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
+- if (type == ldns_rr_get_type(ldns_rr_list_rr(rrs, i)) &&
+- ldns_dname_compare(ldns_rr_owner(ldns_rr_list_rr(rrs, i)),
+- ownername
+- ) == 0
+- ) {
+- /* types match */
+- ldns_rr_list_push_rr(new, ldns_rr_clone(ldns_rr_list_rr(rrs, i)));
+- ret = new;
+- }
+- }
+- ldns_rr_list_deep_free(rrs);
+- if (!ret) {
+- ldns_rr_list_free(new);
+- }
+- return ret;
+-}
+-
+-bool
+-ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr)
+-{
+- bool result = false;
+-
+- switch (sec) {
+- case LDNS_SECTION_QUESTION:
+- return ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr);
+- case LDNS_SECTION_ANSWER:
+- return ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr);
+- case LDNS_SECTION_AUTHORITY:
+- return ldns_rr_list_contains_rr(ldns_pkt_authority(pkt), rr);
+- case LDNS_SECTION_ADDITIONAL:
+- return ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr);
+- case LDNS_SECTION_ANY:
+- result = ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr);
+- case LDNS_SECTION_ANY_NOQUESTION:
+- result = result
+- || ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr)
+- || ldns_rr_list_contains_rr(ldns_pkt_authority(pkt), rr)
+- || ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr);
+- }
+-
+- return result;
+-}
+-
+-uint16_t
+-ldns_pkt_section_count(const ldns_pkt *packet, ldns_pkt_section s)
+-{
+- switch(s) {
+- case LDNS_SECTION_QUESTION:
+- return ldns_pkt_qdcount(packet);
+- case LDNS_SECTION_ANSWER:
+- return ldns_pkt_ancount(packet);
+- case LDNS_SECTION_AUTHORITY:
+- return ldns_pkt_nscount(packet);
+- case LDNS_SECTION_ADDITIONAL:
+- return ldns_pkt_arcount(packet);
+- case LDNS_SECTION_ANY:
+- return ldns_pkt_qdcount(packet) +
+- ldns_pkt_ancount(packet) +
+- ldns_pkt_nscount(packet) +
+- ldns_pkt_arcount(packet);
+- case LDNS_SECTION_ANY_NOQUESTION:
+- return ldns_pkt_ancount(packet) +
+- ldns_pkt_nscount(packet) +
+- ldns_pkt_arcount(packet);
+- default:
+- return 0;
+- }
+-}
+-
+-bool
+-ldns_pkt_empty(ldns_pkt *p)
+-{
+- if (!p) {
+- return true; /* NULL is empty? */
+- }
+- if (ldns_pkt_section_count(p, LDNS_SECTION_ANY) > 0) {
+- return false;
+- } else {
+- return true;
+- }
+-}
+-
+-
+-ldns_rr_list *
+-ldns_pkt_get_section_clone(const ldns_pkt *packet, ldns_pkt_section s)
+-{
+- switch(s) {
+- case LDNS_SECTION_QUESTION:
+- return ldns_rr_list_clone(ldns_pkt_question(packet));
+- case LDNS_SECTION_ANSWER:
+- return ldns_rr_list_clone(ldns_pkt_answer(packet));
+- case LDNS_SECTION_AUTHORITY:
+- return ldns_rr_list_clone(ldns_pkt_authority(packet));
+- case LDNS_SECTION_ADDITIONAL:
+- return ldns_rr_list_clone(ldns_pkt_additional(packet));
+- case LDNS_SECTION_ANY:
+- /* these are already clones */
+- return ldns_pkt_all(packet);
+- case LDNS_SECTION_ANY_NOQUESTION:
+- return ldns_pkt_all_noquestion(packet);
+- default:
+- return NULL;
+- }
+-}
+-
+-ldns_rr *ldns_pkt_tsig(const ldns_pkt *pkt) {
+- return pkt->_tsig_rr;
+-}
+-
+-/* write */
+-void
+-ldns_pkt_set_id(ldns_pkt *packet, uint16_t id)
+-{
+- packet->_header->_id = id;
+-}
+-
+-void
+-ldns_pkt_set_random_id(ldns_pkt *packet)
+-{
+- uint16_t rid = ldns_get_random();
+- ldns_pkt_set_id(packet, rid);
+-}
+-
+-
+-void
+-ldns_pkt_set_qr(ldns_pkt *packet, bool qr)
+-{
+- packet->_header->_qr = qr;
+-}
+-
+-void
+-ldns_pkt_set_aa(ldns_pkt *packet, bool aa)
+-{
+- packet->_header->_aa = aa;
+-}
+-
+-void
+-ldns_pkt_set_tc(ldns_pkt *packet, bool tc)
+-{
+- packet->_header->_tc = tc;
+-}
+-
+-void
+-ldns_pkt_set_rd(ldns_pkt *packet, bool rd)
+-{
+- packet->_header->_rd = rd;
+-}
+-
+-void
+-ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr)
+-{
+- p->_additional = rr;
+-}
+-
+-void
+-ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr)
+-{
+- p->_question = rr;
+-}
+-
+-void
+-ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr)
+-{
+- p->_answer = rr;
+-}
+-
+-void
+-ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr)
+-{
+- p->_authority = rr;
+-}
+-
+-void
+-ldns_pkt_set_cd(ldns_pkt *packet, bool cd)
+-{
+- packet->_header->_cd = cd;
+-}
+-
+-void
+-ldns_pkt_set_ra(ldns_pkt *packet, bool ra)
+-{
+- packet->_header->_ra = ra;
+-}
+-
+-void
+-ldns_pkt_set_ad(ldns_pkt *packet, bool ad)
+-{
+- packet->_header->_ad = ad;
+-}
+-
+-void
+-ldns_pkt_set_opcode(ldns_pkt *packet, ldns_pkt_opcode opcode)
+-{
+- packet->_header->_opcode = opcode;
+-}
+-
+-void
+-ldns_pkt_set_rcode(ldns_pkt *packet, uint8_t rcode)
+-{
+- packet->_header->_rcode = rcode;
+-}
+-
+-void
+-ldns_pkt_set_qdcount(ldns_pkt *packet, uint16_t qdcount)
+-{
+- packet->_header->_qdcount = qdcount;
+-}
+-
+-void
+-ldns_pkt_set_ancount(ldns_pkt *packet, uint16_t ancount)
+-{
+- packet->_header->_ancount = ancount;
+-}
+-
+-void
+-ldns_pkt_set_nscount(ldns_pkt *packet, uint16_t nscount)
+-{
+- packet->_header->_nscount = nscount;
+-}
+-
+-void
+-ldns_pkt_set_arcount(ldns_pkt *packet, uint16_t arcount)
+-{
+- packet->_header->_arcount = arcount;
+-}
+-
+-void
+-ldns_pkt_set_querytime(ldns_pkt *packet, uint32_t time)
+-{
+- packet->_querytime = time;
+-}
+-
+-void
+-ldns_pkt_set_answerfrom(ldns_pkt *packet, ldns_rdf *answerfrom)
+-{
+- packet->_answerfrom = answerfrom;
+-}
+-
+-void
+-ldns_pkt_set_timestamp(ldns_pkt *packet, struct timeval timeval)
+-{
+- packet->timestamp.tv_sec = timeval.tv_sec;
+- packet->timestamp.tv_usec = timeval.tv_usec;
+-}
+-
+-void
+-ldns_pkt_set_size(ldns_pkt *packet, size_t s)
+-{
+- packet->_size = s;
+-}
+-
+-void
+-ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s)
+-{
+- packet->_edns_udp_size = s;
+-}
+-
+-void
+-ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c)
+-{
+- packet->_edns_extended_rcode = c;
+-}
+-
+-void
+-ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v)
+-{
+- packet->_edns_version = v;
+-}
+-
+-void
+-ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z)
+-{
+- packet->_edns_z = z;
+-}
+-
+-void
+-ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data)
+-{
+- packet->_edns_data = data;
+-}
+-
+-void
+-ldns_pkt_set_section_count(ldns_pkt *packet, ldns_pkt_section s, uint16_t count)
+-{
+- switch(s) {
+- case LDNS_SECTION_QUESTION:
+- ldns_pkt_set_qdcount(packet, count);
+- break;
+- case LDNS_SECTION_ANSWER:
+- ldns_pkt_set_ancount(packet, count);
+- break;
+- case LDNS_SECTION_AUTHORITY:
+- ldns_pkt_set_nscount(packet, count);
+- break;
+- case LDNS_SECTION_ADDITIONAL:
+- ldns_pkt_set_arcount(packet, count);
+- break;
+- case LDNS_SECTION_ANY:
+- case LDNS_SECTION_ANY_NOQUESTION:
+- break;
+- }
+-}
+-
+-void ldns_pkt_set_tsig(ldns_pkt *pkt, ldns_rr *rr)
+-{
+- pkt->_tsig_rr = rr;
+-}
+-
+-bool
+-ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr)
+-{
+- switch(section) {
+- case LDNS_SECTION_QUESTION:
+- if (!ldns_rr_list_push_rr(ldns_pkt_question(packet), rr)) {
+- return false;
+- }
+- ldns_pkt_set_qdcount(packet, ldns_pkt_qdcount(packet) + 1);
+- break;
+- case LDNS_SECTION_ANSWER:
+- if (!ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr)) {
+- return false;
+- }
+- ldns_pkt_set_ancount(packet, ldns_pkt_ancount(packet) + 1);
+- break;
+- case LDNS_SECTION_AUTHORITY:
+- if (!ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr)) {
+- return false;
+- }
+- ldns_pkt_set_nscount(packet, ldns_pkt_nscount(packet) + 1);
+- break;
+- case LDNS_SECTION_ADDITIONAL:
+- if (!ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr)) {
+- return false;
+- }
+- ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) + 1);
+- break;
+- case LDNS_SECTION_ANY:
+- case LDNS_SECTION_ANY_NOQUESTION:
+- /* shouldn't this error? */
+- break;
+- }
+- return true;
+-}
+-
+-bool
+-ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr)
+-{
+-
+- /* check to see if its there */
+- if (ldns_pkt_rr(pkt, sec, rr)) {
+- /* already there */
+- return false;
+- }
+- return ldns_pkt_push_rr(pkt, sec, rr);
+-}
+-
+-bool
+-ldns_pkt_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list)
+-{
+- size_t i;
+- for(i = 0; i < ldns_rr_list_rr_count(list); i++) {
+- if (!ldns_pkt_push_rr(p, s, ldns_rr_list_rr(list, i))) {
+- return false;
+- }
+- }
+- return true;
+-}
+-
+-bool
+-ldns_pkt_safe_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list)
+-{
+- size_t i;
+- for(i = 0; i < ldns_rr_list_rr_count(list); i++) {
+- if (!ldns_pkt_safe_push_rr(p, s, ldns_rr_list_rr(list, i))) {
+- return false;
+- }
+- }
+- return true;
+-}
+-
+-bool
+-ldns_pkt_edns(const ldns_pkt *pkt) {
+- return (ldns_pkt_edns_udp_size(pkt) > 0 ||
+- ldns_pkt_edns_extended_rcode(pkt) > 0 ||
+- ldns_pkt_edns_data(pkt) ||
+- ldns_pkt_edns_do(pkt) ||
+- pkt->_edns_present
+- );
+-}
+-
+-
+-/* Create/destroy/convert functions
+- */
+-ldns_pkt *
+-ldns_pkt_new(void)
+-{
+- ldns_pkt *packet;
+- packet = LDNS_MALLOC(ldns_pkt);
+- if (!packet) {
+- return NULL;
+- }
+-
+- packet->_header = LDNS_MALLOC(ldns_hdr);
+- if (!packet->_header) {
+- LDNS_FREE(packet);
+- return NULL;
+- }
+-
+- packet->_question = ldns_rr_list_new();
+- packet->_answer = ldns_rr_list_new();
+- packet->_authority = ldns_rr_list_new();
+- packet->_additional = ldns_rr_list_new();
+-
+- /* default everything to false */
+- ldns_pkt_set_qr(packet, false);
+- ldns_pkt_set_aa(packet, false);
+- ldns_pkt_set_tc(packet, false);
+- ldns_pkt_set_rd(packet, false);
+- ldns_pkt_set_ra(packet, false);
+- ldns_pkt_set_ad(packet, false);
+- ldns_pkt_set_cd(packet, false);
+-
+- ldns_pkt_set_opcode(packet, LDNS_PACKET_QUERY);
+- ldns_pkt_set_rcode(packet, 0);
+- ldns_pkt_set_id(packet, 0);
+- ldns_pkt_set_size(packet, 0);
+- ldns_pkt_set_querytime(packet, 0);
+- memset(&packet->timestamp, 0, sizeof(packet->timestamp));
+- ldns_pkt_set_answerfrom(packet, NULL);
+- ldns_pkt_set_section_count(packet, LDNS_SECTION_QUESTION, 0);
+- ldns_pkt_set_section_count(packet, LDNS_SECTION_ANSWER, 0);
+- ldns_pkt_set_section_count(packet, LDNS_SECTION_AUTHORITY, 0);
+- ldns_pkt_set_section_count(packet, LDNS_SECTION_ADDITIONAL, 0);
+-
+- ldns_pkt_set_edns_udp_size(packet, 0);
+- ldns_pkt_set_edns_extended_rcode(packet, 0);
+- ldns_pkt_set_edns_version(packet, 0);
+- ldns_pkt_set_edns_z(packet, 0);
+- ldns_pkt_set_edns_data(packet, NULL);
+- packet->_edns_present = false;
+-
+- ldns_pkt_set_tsig(packet, NULL);
+-
+- return packet;
+-}
+-
+-void
+-ldns_pkt_free(ldns_pkt *packet)
+-{
+- if (packet) {
+- LDNS_FREE(packet->_header);
+- ldns_rr_list_deep_free(packet->_question);
+- ldns_rr_list_deep_free(packet->_answer);
+- ldns_rr_list_deep_free(packet->_authority);
+- ldns_rr_list_deep_free(packet->_additional);
+- ldns_rr_free(packet->_tsig_rr);
+- ldns_rdf_deep_free(packet->_edns_data);
+- ldns_rdf_deep_free(packet->_answerfrom);
+- LDNS_FREE(packet);
+- }
+-}
+-
+-bool
+-ldns_pkt_set_flags(ldns_pkt *packet, uint16_t flags)
+-{
+- if (!packet) {
+- return false;
+- }
+- if ((flags & LDNS_QR) == LDNS_QR) {
+- ldns_pkt_set_qr(packet, true);
+- }
+- if ((flags & LDNS_AA) == LDNS_AA) {
+- ldns_pkt_set_aa(packet, true);
+- }
+- if ((flags & LDNS_RD) == LDNS_RD) {
+- ldns_pkt_set_rd(packet, true);
+- }
+- if ((flags & LDNS_TC) == LDNS_TC) {
+- ldns_pkt_set_tc(packet, true);
+- }
+- if ((flags & LDNS_CD) == LDNS_CD) {
+- ldns_pkt_set_cd(packet, true);
+- }
+- if ((flags & LDNS_RA) == LDNS_RA) {
+- ldns_pkt_set_ra(packet, true);
+- }
+- if ((flags & LDNS_AD) == LDNS_AD) {
+- ldns_pkt_set_ad(packet, true);
+- }
+- return true;
+-}
+-
+-
+-static ldns_rr*
+-ldns_pkt_authsoa(ldns_rdf* rr_name, ldns_rr_class rr_class)
+-{
+- ldns_rr* soa_rr = ldns_rr_new();
+- ldns_rdf *owner_rdf;
+- ldns_rdf *mname_rdf;
+- ldns_rdf *rname_rdf;
+- ldns_rdf *serial_rdf;
+- ldns_rdf *refresh_rdf;
+- ldns_rdf *retry_rdf;
+- ldns_rdf *expire_rdf;
+- ldns_rdf *minimum_rdf;
+-
+- if (!soa_rr) {
+- return NULL;
+- }
+- owner_rdf = ldns_rdf_clone(rr_name);
+- if (!owner_rdf) {
+- ldns_rr_free(soa_rr);
+- return NULL;
+- }
+-
+- ldns_rr_set_owner(soa_rr, owner_rdf);
+- ldns_rr_set_type(soa_rr, LDNS_RR_TYPE_SOA);
+- ldns_rr_set_class(soa_rr, rr_class);
+- ldns_rr_set_question(soa_rr, false);
+-
+- if (ldns_str2rdf_dname(&mname_rdf, ".") != LDNS_STATUS_OK) {
+- ldns_rr_free(soa_rr);
+- return NULL;
+- } else {
+- ldns_rr_push_rdf(soa_rr, mname_rdf);
+- }
+- if (ldns_str2rdf_dname(&rname_rdf, ".") != LDNS_STATUS_OK) {
+- ldns_rr_free(soa_rr);
+- return NULL;
+- } else {
+- ldns_rr_push_rdf(soa_rr, rname_rdf);
+- }
+- serial_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
+- if (!serial_rdf) {
+- ldns_rr_free(soa_rr);
+- return NULL;
+- } else {
+- ldns_rr_push_rdf(soa_rr, serial_rdf);
+- }
+- refresh_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
+- if (!refresh_rdf) {
+- ldns_rr_free(soa_rr);
+- return NULL;
+- } else {
+- ldns_rr_push_rdf(soa_rr, refresh_rdf);
+- }
+- retry_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
+- if (!retry_rdf) {
+- ldns_rr_free(soa_rr);
+- return NULL;
+- } else {
+- ldns_rr_push_rdf(soa_rr, retry_rdf);
+- }
+- expire_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
+- if (!expire_rdf) {
+- ldns_rr_free(soa_rr);
+- return NULL;
+- } else {
+- ldns_rr_push_rdf(soa_rr, expire_rdf);
+- }
+- minimum_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
+- if (!minimum_rdf) {
+- ldns_rr_free(soa_rr);
+- return NULL;
+- } else {
+- ldns_rr_push_rdf(soa_rr, minimum_rdf);
+- }
+- return soa_rr;
+-}
+-
+-
+-static ldns_status
+-ldns_pkt_query_new_frm_str_internal(ldns_pkt **p, const char *name,
+- ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags,
+- ldns_rr* authsoa_rr)
+-{
+- ldns_pkt *packet;
+- ldns_rr *question_rr;
+- ldns_rdf *name_rdf;
+-
+- packet = ldns_pkt_new();
+- if (!packet) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- if (!ldns_pkt_set_flags(packet, flags)) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- question_rr = ldns_rr_new();
+- if (!question_rr) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- if (rr_type == 0) {
+- rr_type = LDNS_RR_TYPE_A;
+- }
+- if (rr_class == 0) {
+- rr_class = LDNS_RR_CLASS_IN;
+- }
+-
+- if (ldns_str2rdf_dname(&name_rdf, name) == LDNS_STATUS_OK) {
+- ldns_rr_set_owner(question_rr, name_rdf);
+- ldns_rr_set_type(question_rr, rr_type);
+- ldns_rr_set_class(question_rr, rr_class);
+- ldns_rr_set_question(question_rr, true);
+-
+- ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr);
+- } else {
+- ldns_rr_free(question_rr);
+- ldns_pkt_free(packet);
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (authsoa_rr) {
+- ldns_pkt_push_rr(packet, LDNS_SECTION_AUTHORITY, authsoa_rr);
+- }
+-
+- packet->_tsig_rr = NULL;
+- ldns_pkt_set_answerfrom(packet, NULL);
+- if (p) {
+- *p = packet;
+- return LDNS_STATUS_OK;
+- } else {
+- ldns_pkt_free(packet);
+- return LDNS_STATUS_NULL;
+- }
+-}
+-
+-ldns_status
+-ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *name,
+- ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags)
+-{
+- return ldns_pkt_query_new_frm_str_internal(p, name, rr_type,
+- rr_class, flags, NULL);
+-}
+-
+-ldns_status
+-ldns_pkt_ixfr_request_new_frm_str(ldns_pkt **p, const char *name,
+- ldns_rr_class rr_class, uint16_t flags, ldns_rr *soa)
+-{
+- ldns_rr* authsoa_rr = soa;
+- if (!authsoa_rr) {
+- ldns_rdf *name_rdf;
+- if (ldns_str2rdf_dname(&name_rdf, name) == LDNS_STATUS_OK) {
+- authsoa_rr = ldns_pkt_authsoa(name_rdf, rr_class);
+- }
+- ldns_rdf_free(name_rdf);
+- }
+- return ldns_pkt_query_new_frm_str_internal(p, name, LDNS_RR_TYPE_IXFR,
+- rr_class, flags, authsoa_rr);
+-}
+-
+-static ldns_pkt *
+-ldns_pkt_query_new_internal(ldns_rdf *rr_name, ldns_rr_type rr_type,
+- ldns_rr_class rr_class, uint16_t flags, ldns_rr* authsoa_rr)
+-{
+- ldns_pkt *packet;
+- ldns_rr *question_rr;
+-
+- packet = ldns_pkt_new();
+- if (!packet) {
+- return NULL;
+- }
+-
+- if (!ldns_pkt_set_flags(packet, flags)) {
+- return NULL;
+- }
+-
+- question_rr = ldns_rr_new();
+- if (!question_rr) {
+- ldns_pkt_free(packet);
+- return NULL;
+- }
+-
+- if (rr_type == 0) {
+- rr_type = LDNS_RR_TYPE_A;
+- }
+- if (rr_class == 0) {
+- rr_class = LDNS_RR_CLASS_IN;
+- }
+-
+- ldns_rr_set_owner(question_rr, rr_name);
+- ldns_rr_set_type(question_rr, rr_type);
+- ldns_rr_set_class(question_rr, rr_class);
+- ldns_rr_set_question(question_rr, true);
+- ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr);
+-
+- if (authsoa_rr) {
+- ldns_pkt_push_rr(packet, LDNS_SECTION_AUTHORITY, authsoa_rr);
+- }
+-
+- packet->_tsig_rr = NULL;
+- return packet;
+-}
+-
+-ldns_pkt *
+-ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type,
+- ldns_rr_class rr_class, uint16_t flags)
+-{
+- return ldns_pkt_query_new_internal(rr_name, rr_type,
+- rr_class, flags, NULL);
+-}
+-
+-ldns_pkt *
+-ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class,
+- uint16_t flags, ldns_rr* soa)
+-{
+- ldns_rr* authsoa_rr = soa;
+- if (!authsoa_rr) {
+- authsoa_rr = ldns_pkt_authsoa(rr_name, rr_class);
+- }
+- return ldns_pkt_query_new_internal(rr_name, LDNS_RR_TYPE_IXFR,
+- rr_class, flags, authsoa_rr);
+-}
+-
+-ldns_pkt_type
+-ldns_pkt_reply_type(ldns_pkt *p)
+-{
+- ldns_rr_list *tmp;
+-
+- if (!p) {
+- return LDNS_PACKET_UNKNOWN;
+- }
+-
+- if (ldns_pkt_get_rcode(p) == LDNS_RCODE_NXDOMAIN) {
+- return LDNS_PACKET_NXDOMAIN;
+- }
+-
+- if (ldns_pkt_ancount(p) == 0 && ldns_pkt_arcount(p) == 0
+- && ldns_pkt_nscount(p) == 1) {
+-
+- /* check for SOA */
+- tmp = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_SOA,
+- LDNS_SECTION_AUTHORITY);
+- if (tmp) {
+- ldns_rr_list_deep_free(tmp);
+- return LDNS_PACKET_NODATA;
+- } else {
+- /* I have no idea ... */
+- }
+- }
+-
+- if (ldns_pkt_ancount(p) == 0 && ldns_pkt_nscount(p) > 0) {
+- tmp = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NS,
+- LDNS_SECTION_AUTHORITY);
+- if (tmp) {
+- /* there are nameservers here */
+- ldns_rr_list_deep_free(tmp);
+- return LDNS_PACKET_REFERRAL;
+- } else {
+- /* I have no idea */
+- }
+- ldns_rr_list_deep_free(tmp);
+- }
+-
+- /* if we cannot determine the packet type, we say it's an
+- * answer...
+- */
+- return LDNS_PACKET_ANSWER;
+-}
+-
+-ldns_pkt *
+-ldns_pkt_clone(const ldns_pkt *pkt)
+-{
+- ldns_pkt *new_pkt;
+-
+- if (!pkt) {
+- return NULL;
+- }
+- new_pkt = ldns_pkt_new();
+-
+- ldns_pkt_set_id(new_pkt, ldns_pkt_id(pkt));
+- ldns_pkt_set_qr(new_pkt, ldns_pkt_qr(pkt));
+- ldns_pkt_set_aa(new_pkt, ldns_pkt_aa(pkt));
+- ldns_pkt_set_tc(new_pkt, ldns_pkt_tc(pkt));
+- ldns_pkt_set_rd(new_pkt, ldns_pkt_rd(pkt));
+- ldns_pkt_set_cd(new_pkt, ldns_pkt_cd(pkt));
+- ldns_pkt_set_ra(new_pkt, ldns_pkt_ra(pkt));
+- ldns_pkt_set_ad(new_pkt, ldns_pkt_ad(pkt));
+- ldns_pkt_set_opcode(new_pkt, ldns_pkt_get_opcode(pkt));
+- ldns_pkt_set_rcode(new_pkt, ldns_pkt_get_rcode(pkt));
+- ldns_pkt_set_qdcount(new_pkt, ldns_pkt_qdcount(pkt));
+- ldns_pkt_set_ancount(new_pkt, ldns_pkt_ancount(pkt));
+- ldns_pkt_set_nscount(new_pkt, ldns_pkt_nscount(pkt));
+- ldns_pkt_set_arcount(new_pkt, ldns_pkt_arcount(pkt));
+- if (ldns_pkt_answerfrom(pkt))
+- ldns_pkt_set_answerfrom(new_pkt,
+- ldns_rdf_clone(ldns_pkt_answerfrom(pkt)));
+- ldns_pkt_set_timestamp(new_pkt, ldns_pkt_timestamp(pkt));
+- ldns_pkt_set_querytime(new_pkt, ldns_pkt_querytime(pkt));
+- ldns_pkt_set_size(new_pkt, ldns_pkt_size(pkt));
+- ldns_pkt_set_tsig(new_pkt, ldns_rr_clone(ldns_pkt_tsig(pkt)));
+-
+- ldns_pkt_set_edns_udp_size(new_pkt, ldns_pkt_edns_udp_size(pkt));
+- ldns_pkt_set_edns_extended_rcode(new_pkt,
+- ldns_pkt_edns_extended_rcode(pkt));
+- ldns_pkt_set_edns_version(new_pkt, ldns_pkt_edns_version(pkt));
+- new_pkt->_edns_present = pkt->_edns_present;
+- ldns_pkt_set_edns_z(new_pkt, ldns_pkt_edns_z(pkt));
+- if(ldns_pkt_edns_data(pkt))
+- ldns_pkt_set_edns_data(new_pkt,
+- ldns_rdf_clone(ldns_pkt_edns_data(pkt)));
+- ldns_pkt_set_edns_do(new_pkt, ldns_pkt_edns_do(pkt));
+-
+- ldns_rr_list_deep_free(new_pkt->_question);
+- ldns_rr_list_deep_free(new_pkt->_answer);
+- ldns_rr_list_deep_free(new_pkt->_authority);
+- ldns_rr_list_deep_free(new_pkt->_additional);
+- new_pkt->_question = ldns_rr_list_clone(ldns_pkt_question(pkt));
+- new_pkt->_answer = ldns_rr_list_clone(ldns_pkt_answer(pkt));
+- new_pkt->_authority = ldns_rr_list_clone(ldns_pkt_authority(pkt));
+- new_pkt->_additional = ldns_rr_list_clone(ldns_pkt_additional(pkt));
+- return new_pkt;
+-}
+diff --git a/src/ldns/parse.c b/src/ldns/parse.c
+deleted file mode 100644
+index e68627c..0000000
+--- a/src/ldns/parse.c
++++ /dev/null
+@@ -1,434 +0,0 @@
+-/*
+- * a generic (simple) parser. Use to parse rr's, private key
+- * information and /etc/resolv.conf files
+- *
+- * a Net::DNS like library for C
+- * LibDNS Team @ NLnet Labs
+- * (c) NLnet Labs, 2005-2006
+- * See the file LICENSE for the license
+- */
+-#include <ldns/config.h>
+-#include <ldns/ldns.h>
+-
+-#include <limits.h>
+-#include <strings.h>
+-
+-ldns_lookup_table ldns_directive_types[] = {
+- { LDNS_DIR_TTL, "$TTL" },
+- { LDNS_DIR_ORIGIN, "$ORIGIN" },
+- { LDNS_DIR_INCLUDE, "$INCLUDE" },
+- { 0, NULL }
+-};
+-
+-/* add max_limit here? */
+-ssize_t
+-ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit)
+-{
+- return ldns_fget_token_l(f, token, delim, limit, NULL);
+-}
+-
+-ssize_t
+-ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
+-{
+- int c, prev_c;
+- int p; /* 0 -> no parenthese seen, >0 nr of ( seen */
+- int com, quoted;
+- char *t;
+- size_t i;
+- const char *d;
+- const char *del;
+-
+- /* standard delimeters */
+- if (!delim) {
+- /* from isspace(3) */
+- del = LDNS_PARSE_NORMAL;
+- } else {
+- del = delim;
+- }
+-
+- p = 0;
+- i = 0;
+- com = 0;
+- quoted = 0;
+- prev_c = 0;
+- t = token;
+- if (del[0] == '"') {
+- quoted = 1;
+- }
+- while ((c = getc(f)) != EOF) {
+- if (c == '\r') /* carriage return */
+- c = ' ';
+- if (c == '(' && prev_c != '\\' && !quoted) {
+- /* this only counts for non-comments */
+- if (com == 0) {
+- p++;
+- }
+- prev_c = c;
+- continue;
+- }
+-
+- if (c == ')' && prev_c != '\\' && !quoted) {
+- /* this only counts for non-comments */
+- if (com == 0) {
+- p--;
+- }
+- prev_c = c;
+- continue;
+- }
+-
+- if (p < 0) {
+- /* more ) then ( - close off the string */
+- *t = '\0';
+- return 0;
+- }
+-
+- /* do something with comments ; */
+- if (c == ';' && quoted == 0) {
+- if (prev_c != '\\') {
+- com = 1;
+- }
+- }
+- if (c == '\"' && com == 0 && prev_c != '\\') {
+- quoted = 1 - quoted;
+- }
+-
+- if (c == '\n' && com != 0) {
+- /* comments */
+- com = 0;
+- *t = ' ';
+- if (line_nr) {
+- *line_nr = *line_nr + 1;
+- }
+- if (p == 0 && i > 0) {
+- goto tokenread;
+- } else {
+- prev_c = c;
+- continue;
+- }
+- }
+-
+- if (com == 1) {
+- *t = ' ';
+- prev_c = c;
+- continue;
+- }
+-
+- if (c == '\n' && p != 0 && t > token) {
+- /* in parentheses */
+- if (line_nr) {
+- *line_nr = *line_nr + 1;
+- }
+- *t++ = ' ';
+- prev_c = c;
+- continue;
+- }
+-
+- /* check if we hit the delim */
+- for (d = del; *d; d++) {
+- if (c == *d && i > 0 && prev_c != '\\' && p == 0) {
+- if (c == '\n' && line_nr) {
+- *line_nr = *line_nr + 1;
+- }
+- goto tokenread;
+- }
+- }
+- if (c != '\0' && c != '\n') {
+- i++;
+- }
+- if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+- *t = '\0';
+- return -1;
+- }
+- if (c != '\0' && c != '\n') {
+- *t++ = c;
+- }
+- if (c == '\\' && prev_c == '\\')
+- prev_c = 0;
+- else prev_c = c;
+- }
+- *t = '\0';
+- if (c == EOF) {
+- return (ssize_t)i;
+- }
+-
+- if (i == 0) {
+- /* nothing read */
+- return -1;
+- }
+- if (p != 0) {
+- return -1;
+- }
+- return (ssize_t)i;
+-
+-tokenread:
+- if(*del == '"') /* do not skip over quotes, they are significant */
+- ldns_fskipcs_l(f, del+1, line_nr);
+- else ldns_fskipcs_l(f, del, line_nr);
+- *t = '\0';
+- if (p != 0) {
+- return -1;
+- }
+-
+- return (ssize_t)i;
+-}
+-
+-ssize_t
+-ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data,
+- const char *d_del, size_t data_limit)
+-{
+- return ldns_fget_keyword_data_l(f, keyword, k_del, data, d_del,
+- data_limit, NULL);
+-}
+-
+-ssize_t
+-ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data,
+- const char *d_del, size_t data_limit, int *line_nr)
+-{
+- /* we assume: keyword|sep|data */
+- char *fkeyword;
+- ssize_t i;
+-
+- if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN)
+- return -1;
+- fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN);
+- if(!fkeyword)
+- return -1;
+-
+- i = ldns_fget_token(f, fkeyword, k_del, LDNS_MAX_KEYWORDLEN);
+- if(i==0 || i==-1) {
+- LDNS_FREE(fkeyword);
+- return -1;
+- }
+-
+- /* case??? i instead of strlen? */
+- if (strncmp(fkeyword, keyword, LDNS_MAX_KEYWORDLEN - 1) == 0) {
+- /* whee! */
+- /* printf("%s\n%s\n", "Matching keyword", fkeyword); */
+- i = ldns_fget_token_l(f, data, d_del, data_limit, line_nr);
+- LDNS_FREE(fkeyword);
+- return i;
+- } else {
+- /*printf("no match for %s (read: %s)\n", keyword, fkeyword);*/
+- LDNS_FREE(fkeyword);
+- return -1;
+- }
+-}
+-
+-
+-ssize_t
+-ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit)
+-{
+- int c, lc;
+- int p; /* 0 -> no parenthese seen, >0 nr of ( seen */
+- int com, quoted;
+- char *t;
+- size_t i;
+- const char *d;
+- const char *del;
+-
+- /* standard delimiters */
+- if (!delim) {
+- /* from isspace(3) */
+- del = LDNS_PARSE_NORMAL;
+- } else {
+- del = delim;
+- }
+-
+- p = 0;
+- i = 0;
+- com = 0;
+- quoted = 0;
+- t = token;
+- lc = 0;
+- if (del[0] == '"') {
+- quoted = 1;
+- }
+-
+- while ((c = ldns_bgetc(b)) != EOF) {
+- if (c == '\r') /* carriage return */
+- c = ' ';
+- if (c == '(' && lc != '\\' && !quoted) {
+- /* this only counts for non-comments */
+- if (com == 0) {
+- p++;
+- }
+- lc = c;
+- continue;
+- }
+-
+- if (c == ')' && lc != '\\' && !quoted) {
+- /* this only counts for non-comments */
+- if (com == 0) {
+- p--;
+- }
+- lc = c;
+- continue;
+- }
+-
+- if (p < 0) {
+- /* more ) then ( */
+- *t = '\0';
+- return 0;
+- }
+-
+- /* do something with comments ; */
+- if (c == ';' && quoted == 0) {
+- if (lc != '\\') {
+- com = 1;
+- }
+- }
+- if (c == '"' && com == 0 && lc != '\\') {
+- quoted = 1 - quoted;
+- }
+-
+- if (c == '\n' && com != 0) {
+- /* comments */
+- com = 0;
+- *t = ' ';
+- lc = c;
+- continue;
+- }
+-
+- if (com == 1) {
+- *t = ' ';
+- lc = c;
+- continue;
+- }
+-
+- if (c == '\n' && p != 0) {
+- /* in parentheses */
+- *t++ = ' ';
+- lc = c;
+- continue;
+- }
+-
+- /* check if we hit the delim */
+- for (d = del; *d; d++) {
+- if (c == *d && lc != '\\' && p == 0) {
+- goto tokenread;
+- }
+- }
+-
+- i++;
+- if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+- *t = '\0';
+- return -1;
+- }
+- *t++ = c;
+-
+- if (c == '\\' && lc == '\\') {
+- lc = 0;
+- } else {
+- lc = c;
+- }
+- }
+- *t = '\0';
+- if (i == 0) {
+- /* nothing read */
+- return -1;
+- }
+- if (p != 0) {
+- return -1;
+- }
+- return (ssize_t)i;
+-
+-tokenread:
+- if(*del == '"') /* do not skip over quotes, they are significant */
+- ldns_bskipcs(b, del+1);
+- else ldns_bskipcs(b, del);
+- *t = '\0';
+-
+- if (p != 0) {
+- return -1;
+- }
+- return (ssize_t)i;
+-}
+-
+-
+-void
+-ldns_bskipcs(ldns_buffer *buffer, const char *s)
+-{
+- bool found;
+- char c;
+- const char *d;
+-
+- while(ldns_buffer_available_at(buffer, buffer->_position, sizeof(char))) {
+- c = (char) ldns_buffer_read_u8_at(buffer, buffer->_position);
+- found = false;
+- for (d = s; *d; d++) {
+- if (*d == c) {
+- found = true;
+- }
+- }
+- if (found && buffer->_limit > buffer->_position) {
+- buffer->_position += sizeof(char);
+- } else {
+- return;
+- }
+- }
+-}
+-
+-void
+-ldns_fskipcs(FILE *fp, const char *s)
+-{
+- ldns_fskipcs_l(fp, s, NULL);
+-}
+-
+-void
+-ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr)
+-{
+- bool found;
+- int c;
+- const char *d;
+-
+- while ((c = fgetc(fp)) != EOF) {
+- if (line_nr && c == '\n') {
+- *line_nr = *line_nr + 1;
+- }
+- found = false;
+- for (d = s; *d; d++) {
+- if (*d == c) {
+- found = true;
+- }
+- }
+- if (!found) {
+- /* with getc, we've read too far */
+- ungetc(c, fp);
+- return;
+- }
+- }
+-}
+-
+-ssize_t
+-ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char
+-*data, const char *d_del, size_t data_limit)
+-{
+- /* we assume: keyword|sep|data */
+- char *fkeyword;
+- ssize_t i;
+-
+- if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN)
+- return -1;
+- fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN);
+- if(!fkeyword)
+- return -1; /* out of memory */
+-
+- i = ldns_bget_token(b, fkeyword, k_del, data_limit);
+- if(i==0 || i==-1) {
+- LDNS_FREE(fkeyword);
+- return -1; /* nothing read */
+- }
+-
+- /* case??? */
+- if (strncmp(fkeyword, keyword, strlen(keyword)) == 0) {
+- LDNS_FREE(fkeyword);
+- /* whee, the match! */
+- /* retrieve it's data */
+- i = ldns_bget_token(b, data, d_del, 0);
+- return i;
+- } else {
+- LDNS_FREE(fkeyword);
+- return -1;
+- }
+-}
+-
+diff --git a/src/ldns/radix.c b/src/ldns/radix.c
+deleted file mode 100644
+index 7aac258..0000000
+--- a/src/ldns/radix.c
++++ /dev/null
+@@ -1,1590 +0,0 @@
+-/*
+- * radix.c -- generic radix tree
+- *
+- * Taken from NSD4, modified for ldns
+- *
+- * Copyright (c) 2012, NLnet Labs. All rights reserved.
+- *
+- * This software is open source.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- *
+- * Redistributions of source code must retain the above copyright notice,
+- * this list of conditions and the following disclaimer.
+- *
+- * Redistributions in binary form must reproduce the above copyright notice,
+- * this list of conditions and the following disclaimer in the documentation
+- * and/or other materials provided with the distribution.
+- *
+- * Neither the name of the NLNET LABS nor the names of its contributors may
+- * be used to endorse or promote products derived from this software without
+- * specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+- *
+- */
+-
+-/**
+- * \file
+- * Implementation of a radix tree.
+- */
+-
+-#include <ldns/config.h>
+-#include <ldns/radix.h>
+-#include <ldns/util.h>
+-#include <stdlib.h>
+-
+-/** Helper functions */
+-static ldns_radix_node_t* ldns_radix_new_node(void* data, uint8_t* key,
+- radix_strlen_t len);
+-static int ldns_radix_find_prefix(ldns_radix_t* tree, uint8_t* key,
+- radix_strlen_t len, ldns_radix_node_t** result, radix_strlen_t* pos);
+-static int ldns_radix_array_space(ldns_radix_node_t* node, uint8_t byte);
+-static int ldns_radix_array_grow(ldns_radix_node_t* node, unsigned need);
+-static int ldns_radix_str_create(ldns_radix_array_t* array, uint8_t* key,
+- radix_strlen_t pos, radix_strlen_t len);
+-static int ldns_radix_prefix_remainder(radix_strlen_t prefix_len,
+- uint8_t* longer_str, radix_strlen_t longer_len, uint8_t** split_str,
+- radix_strlen_t* split_len);
+-static int ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key,
+- radix_strlen_t pos, radix_strlen_t len, ldns_radix_node_t* add);
+-static int ldns_radix_str_is_prefix(uint8_t* str1, radix_strlen_t len1,
+- uint8_t* str2, radix_strlen_t len2);
+-static radix_strlen_t ldns_radix_str_common(uint8_t* str1, radix_strlen_t len1,
+- uint8_t* str2, radix_strlen_t len2);
+-static ldns_radix_node_t* ldns_radix_next_in_subtree(ldns_radix_node_t* node);
+-static ldns_radix_node_t* ldns_radix_prev_from_index(ldns_radix_node_t* node,
+- uint8_t index);
+-static ldns_radix_node_t* ldns_radix_last_in_subtree_incl_self(
+- ldns_radix_node_t* node);
+-static ldns_radix_node_t* ldns_radix_last_in_subtree(ldns_radix_node_t* node);
+-static void ldns_radix_del_fix(ldns_radix_t* tree, ldns_radix_node_t* node);
+-static void ldns_radix_cleanup_onechild(ldns_radix_node_t* node);
+-static void ldns_radix_cleanup_leaf(ldns_radix_node_t* node);
+-static void ldns_radix_node_free(ldns_radix_node_t* node, void* arg);
+-static void ldns_radix_node_array_free(ldns_radix_node_t* node);
+-static void ldns_radix_node_array_free_front(ldns_radix_node_t* node);
+-static void ldns_radix_node_array_free_end(ldns_radix_node_t* node);
+-static void ldns_radix_array_reduce(ldns_radix_node_t* node);
+-static void ldns_radix_self_or_prev(ldns_radix_node_t* node,
+- ldns_radix_node_t** result);
+-
+-
+-/**
+- * Create a new radix node.
+- *
+- */
+-static ldns_radix_node_t*
+-ldns_radix_new_node(void* data, uint8_t* key, radix_strlen_t len)
+-{
+- ldns_radix_node_t* node = LDNS_MALLOC(ldns_radix_node_t);
+- if (!node) {
+- return NULL;
+- }
+- node->data = data;
+- node->key = key;
+- node->klen = len;
+- node->parent = NULL;
+- node->parent_index = 0;
+- node->len = 0;
+- node->offset = 0;
+- node->capacity = 0;
+- node->array = NULL;
+- return node;
+-}
+-
+-
+-/**
+- * Create a new radix tree.
+- *
+- */
+-ldns_radix_t *
+-ldns_radix_create(void)
+-{
+- ldns_radix_t* tree;
+-
+- /** Allocate memory for it */
+- tree = (ldns_radix_t *) LDNS_MALLOC(ldns_radix_t);
+- if (!tree) {
+- return NULL;
+- }
+- /** Initialize it */
+- ldns_radix_init(tree);
+- return tree;
+-}
+-
+-
+-/**
+- * Initialize radix tree.
+- *
+- */
+-void
+-ldns_radix_init(ldns_radix_t* tree)
+-{
+- /** Initialize it */
+- if (tree) {
+- tree->root = NULL;
+- tree->count = 0;
+- }
+- return;
+-}
+-
+-
+-/**
+- * Free radix tree.
+- *
+- */
+-void
+-ldns_radix_free(ldns_radix_t* tree)
+-{
+- if (tree) {
+- if (tree->root) {
+- ldns_radix_traverse_postorder(tree->root,
+- ldns_radix_node_free, NULL);
+- }
+- LDNS_FREE(tree);
+- }
+- return;
+-}
+-
+-
+-/**
+- * Insert data into the tree.
+- *
+- */
+-ldns_status
+-ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len,
+- void* data)
+-{
+- radix_strlen_t pos = 0;
+- ldns_radix_node_t* add = NULL;
+- ldns_radix_node_t* prefix = NULL;
+-
+- if (!tree || !key || !data) {
+- return LDNS_STATUS_NULL;
+- }
+- add = ldns_radix_new_node(data, key, len);
+- if (!add) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- /** Search the trie until we can make no further process. */
+- if (!ldns_radix_find_prefix(tree, key, len, &prefix, &pos)) {
+- /** No prefix found */
+- assert(tree->root == NULL);
+- if (len == 0) {
+- /**
+- * Example 1: The root:
+- * | [0]
+- **/
+- tree->root = add;
+- } else {
+- /** Example 2: 'dns':
+- * | [0]
+- * --| [d+ns] dns
+- **/
+- prefix = ldns_radix_new_node(NULL, (uint8_t*)"", 0);
+- if (!prefix) {
+- LDNS_FREE(add);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- /** Find some space in the array for the first byte */
+- if (!ldns_radix_array_space(prefix, key[0])) {
+- LDNS_FREE(add);
+- LDNS_FREE(prefix->array);
+- LDNS_FREE(prefix);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- /** Set relational pointers */
+- add->parent = prefix;
+- add->parent_index = 0;
+- prefix->array[0].edge = add;
+- if (len > 1) {
+- /** Store the remainder of the prefix */
+- if (!ldns_radix_prefix_remainder(1, key,
+- len, &prefix->array[0].str,
+- &prefix->array[0].len)) {
+- LDNS_FREE(add);
+- LDNS_FREE(prefix->array);
+- LDNS_FREE(prefix);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- }
+- tree->root = prefix;
+- }
+- } else if (pos == len) {
+- /** Exact match found */
+- if (prefix->data) {
+- /* Element already exists */
+- LDNS_FREE(add);
+- return LDNS_STATUS_EXISTS_ERR;
+- }
+- prefix->data = data;
+- prefix->key = key;
+- prefix->klen = len; /* redundant */
+- } else {
+- /** Prefix found */
+- uint8_t byte = key[pos];
+- assert(pos < len);
+- if (byte < prefix->offset ||
+- (byte - prefix->offset) >= prefix->len) {
+- /** Find some space in the array for the byte. */
+- /**
+- * Example 3: 'ldns'
+- * | [0]
+- * --| [d+ns] dns
+- * --| [l+dns] ldns
+- **/
+- if (!ldns_radix_array_space(prefix, byte)) {
+- LDNS_FREE(add);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- assert(byte >= prefix->offset);
+- assert((byte - prefix->offset) <= prefix->len);
+- byte -= prefix->offset;
+- if (pos+1 < len) {
+- /** Create remainder of the string. */
+- if (!ldns_radix_str_create(
+- &prefix->array[byte], key, pos+1,
+- len)) {
+- LDNS_FREE(add);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- }
+- /** Add new node. */
+- add->parent = prefix;
+- add->parent_index = byte;
+- prefix->array[byte].edge = add;
+- } else if (prefix->array[byte-prefix->offset].edge == NULL) {
+- /** Use existing element. */
+- /**
+- * Example 4: 'edns'
+- * | [0]
+- * --| [d+ns] dns
+- * --| [e+dns] edns
+- * --| [l+dns] ldns
+- **/
+- byte -= prefix->offset;
+- if (pos+1 < len) {
+- /** Create remainder of the string. */
+- if (!ldns_radix_str_create(
+- &prefix->array[byte], key, pos+1,
+- len)) {
+- LDNS_FREE(add);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- }
+- /** Add new node. */
+- add->parent = prefix;
+- add->parent_index = byte;
+- prefix->array[byte].edge = add;
+- } else {
+- /**
+- * Use existing element, but it has a shared prefix,
+- * we need a split.
+- */
+- if (!ldns_radix_array_split(&prefix->array[byte-(prefix->offset)],
+- key, pos+1, len, add)) {
+- LDNS_FREE(add);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- }
+- }
+-
+- tree->count ++;
+- return LDNS_STATUS_OK;
+-}
+-
+-
+-/**
+- * Delete data from the tree.
+- *
+- */
+-void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len)
+-{
+- ldns_radix_node_t* del = ldns_radix_search(tree, key, len);
+- void* data = NULL;
+- if (del) {
+- tree->count--;
+- data = del->data;
+- del->data = NULL;
+- ldns_radix_del_fix(tree, del);
+- return data;
+- }
+- return NULL;
+-}
+-
+-
+-/**
+- * Search data in the tree.
+- *
+- */
+-ldns_radix_node_t*
+-ldns_radix_search(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len)
+-{
+- ldns_radix_node_t* node = NULL;
+- radix_strlen_t pos = 0;
+- uint8_t byte = 0;
+-
+- if (!tree || !key) {
+- return NULL;
+- }
+- node = tree->root;
+- while (node) {
+- if (pos == len) {
+- return node->data?node:NULL;
+- }
+- byte = key[pos];
+- if (byte < node->offset) {
+- return NULL;
+- }
+- byte -= node->offset;
+- if (byte >= node->len) {
+- return NULL;
+- }
+- pos++;
+- if (node->array[byte].len > 0) {
+- /** Must match additional string. */
+- if (pos + node->array[byte].len > len) {
+- return NULL;
+- }
+- if (memcmp(&key[pos], node->array[byte].str,
+- node->array[byte].len) != 0) {
+- return NULL;
+- }
+- pos += node->array[byte].len;
+- }
+- node = node->array[byte].edge;
+- }
+- return NULL;
+-}
+-
+-
+-/**
+- * Search data in the tree, and if not found, find the closest smaller
+- * element in the tree.
+- *
+- */
+-int
+-ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key,
+- radix_strlen_t len, ldns_radix_node_t** result)
+-{
+- ldns_radix_node_t* node = NULL;
+- radix_strlen_t pos = 0;
+- uint8_t byte;
+- int memcmp_res = 0;
+-
+- if (!tree || !tree->root || !key) {
+- *result = NULL;
+- return 0;
+- }
+-
+- node = tree->root;
+- while (pos < len) {
+- byte = key[pos];
+- if (byte < node->offset) {
+- /**
+- * No exact match. The lesser is in this or the
+- * previous node.
+- */
+- ldns_radix_self_or_prev(node, result);
+- return 0;
+- }
+- byte -= node->offset;
+- if (byte >= node->len) {
+- /**
+- * No exact match. The lesser is in this node or the
+- * last of this array, or something before this node.
+- */
+- *result = ldns_radix_last_in_subtree_incl_self(node);
+- if (*result == NULL) {
+- *result = ldns_radix_prev(node);
+- }
+- return 0;
+- }
+- pos++;
+- if (!node->array[byte].edge) {
+- /**
+- * No exact match. Find the previous in the array
+- * from this index.
+- */
+- *result = ldns_radix_prev_from_index(node, byte);
+- if (*result == NULL) {
+- ldns_radix_self_or_prev(node, result);
+- }
+- return 0;
+- }
+- if (node->array[byte].len != 0) {
+- /** Must match additional string. */
+- if (pos + node->array[byte].len > len) {
+- /** Additional string is longer than key. */
+- if (memcmp(&key[pos], node->array[byte].str,
+- len-pos) <= 0) {
+- /** Key is before this node. */
+- *result = ldns_radix_prev(
+- node->array[byte].edge);
+- } else {
+- /** Key is after additional string. */
+- *result = ldns_radix_last_in_subtree_incl_self(node->array[byte].edge);
+- if (*result == NULL) {
+- *result = ldns_radix_prev(node->array[byte].edge);
+- }
+- }
+- return 0;
+- }
+- memcmp_res = memcmp(&key[pos], node->array[byte].str,
+- node->array[byte].len);
+- if (memcmp_res < 0) {
+- *result = ldns_radix_prev(
+- node->array[byte].edge);
+- return 0;
+- } else if (memcmp_res > 0) {
+- *result = ldns_radix_last_in_subtree_incl_self(node->array[byte].edge);
+- if (*result == NULL) {
+- *result = ldns_radix_prev(node->array[byte].edge);
+- }
+- return 0;
+- }
+-
+- pos += node->array[byte].len;
+- }
+- node = node->array[byte].edge;
+- }
+- if (node->data) {
+- /** Exact match. */
+- *result = node;
+- return 1;
+- }
+- /** There is a node which is an exact match, but has no element. */
+- *result = ldns_radix_prev(node);
+- return 0;
+-}
+-
+-
+-/**
+- * Get the first element in the tree.
+- *
+- */
+-ldns_radix_node_t*
+-ldns_radix_first(ldns_radix_t* tree)
+-{
+- ldns_radix_node_t* first = NULL;
+- if (!tree || !tree->root) {
+- return NULL;
+- }
+- first = tree->root;
+- if (first->data) {
+- return first;
+- }
+- return ldns_radix_next(first);
+-}
+-
+-
+-/**
+- * Get the last element in the tree.
+- *
+- */
+-ldns_radix_node_t*
+-ldns_radix_last(ldns_radix_t* tree)
+-{
+- if (!tree || !tree->root) {
+- return NULL;
+- }
+- return ldns_radix_last_in_subtree_incl_self(tree->root);
+-}
+-
+-
+-/**
+- * Next element.
+- *
+- */
+-ldns_radix_node_t*
+-ldns_radix_next(ldns_radix_node_t* node)
+-{
+- if (!node) {
+- return NULL;
+- }
+- if (node->len) {
+- /** Go down: most-left child is the next. */
+- ldns_radix_node_t* next = ldns_radix_next_in_subtree(node);
+- if (next) {
+- return next;
+- }
+- }
+- /** No elements in subtree, get to parent and go down next branch. */
+- while (node->parent) {
+- uint8_t index = node->parent_index;
+- node = node->parent;
+- index++;
+- for (; index < node->len; index++) {
+- if (node->array[index].edge) {
+- ldns_radix_node_t* next;
+- /** Node itself. */
+- if (node->array[index].edge->data) {
+- return node->array[index].edge;
+- }
+- /** Dive into subtree. */
+- next = ldns_radix_next_in_subtree(node);
+- if (next) {
+- return next;
+- }
+- }
+- }
+- }
+- return NULL;
+-}
+-
+-
+-/**
+- * Previous element.
+- *
+- */
+-ldns_radix_node_t*
+-ldns_radix_prev(ldns_radix_node_t* node)
+-{
+- if (!node) {
+- return NULL;
+- }
+-
+- /** Get to parent and go down previous branch. */
+- while (node->parent) {
+- uint8_t index = node->parent_index;
+- ldns_radix_node_t* prev;
+- node = node->parent;
+- assert(node->len > 0);
+- prev = ldns_radix_prev_from_index(node, index);
+- if (prev) {
+- return prev;
+- }
+- if (node->data) {
+- return node;
+- }
+- }
+- return NULL;
+-}
+-
+-
+-/**
+- * Print node.
+- *
+- */
+-static void
+-ldns_radix_node_print(FILE* fd, ldns_radix_node_t* node,
+- uint8_t i, uint8_t* str, radix_strlen_t len, unsigned d)
+-{
+- uint8_t j;
+- if (!node) {
+- return;
+- }
+- for (j = 0; j < d; j++) {
+- fprintf(fd, "--");
+- }
+- if (str) {
+- radix_strlen_t l;
+- fprintf(fd, "| [%u+", (unsigned) i);
+- for (l=0; l < len; l++) {
+- fprintf(fd, "%c", (char) str[l]);
+- }
+- fprintf(fd, "]%u", (unsigned) len);
+- } else {
+- fprintf(fd, "| [%u]", (unsigned) i);
+- }
+-
+- if (node->data) {
+- fprintf(fd, " %s", (char*) node->data);
+- }
+- fprintf(fd, "\n");
+-
+- for (j = 0; j < node->len; j++) {
+- if (node->array[j].edge) {
+- ldns_radix_node_print(fd, node->array[j].edge, j,
+- node->array[j].str, node->array[j].len, d+1);
+- }
+- }
+- return;
+-}
+-
+-
+-/**
+- * Print radix tree.
+- *
+- */
+-void
+-ldns_radix_printf(FILE* fd, ldns_radix_t* tree)
+-{
+- if (!fd || !tree) {
+- return;
+- }
+- if (!tree->root) {
+- fprintf(fd, "; empty radix tree\n");
+- return;
+- }
+- ldns_radix_node_print(fd, tree->root, 0, NULL, 0, 0);
+- return;
+-}
+-
+-
+-/**
+- * Join two radix trees.
+- *
+- */
+-ldns_status
+-ldns_radix_join(ldns_radix_t* tree1, ldns_radix_t* tree2)
+-{
+- ldns_radix_node_t* cur_node, *next_node;
+- ldns_status status;
+- if (!tree2 || !tree2->root) {
+- return LDNS_STATUS_OK;
+- }
+- /** Add all elements from tree2 into tree1. */
+-
+- cur_node = ldns_radix_first(tree2);
+- while (cur_node) {
+- status = LDNS_STATUS_NO_DATA;
+- /** Insert current node into tree1 */
+- if (cur_node->data) {
+- status = ldns_radix_insert(tree1, cur_node->key,
+- cur_node->klen, cur_node->data);
+- /** Exist errors may occur */
+- if (status != LDNS_STATUS_OK &&
+- status != LDNS_STATUS_EXISTS_ERR) {
+- return status;
+- }
+- }
+- next_node = ldns_radix_next(cur_node);
+- if (status == LDNS_STATUS_OK) {
+- (void) ldns_radix_delete(tree2, cur_node->key,
+- cur_node->klen);
+- }
+- cur_node = next_node;
+- }
+-
+- return LDNS_STATUS_OK;
+-}
+-
+-
+-/**
+- * Split a radix tree intwo.
+- *
+- */
+-ldns_status
+-ldns_radix_split(ldns_radix_t* tree1, size_t num, ldns_radix_t** tree2)
+-{
+- size_t count = 0;
+- ldns_radix_node_t* cur_node;
+- ldns_status status = LDNS_STATUS_OK;
+- if (!tree1 || !tree1->root || num == 0) {
+- return LDNS_STATUS_OK;
+- }
+- if (!tree2) {
+- return LDNS_STATUS_NULL;
+- }
+- if (!*tree2) {
+- *tree2 = ldns_radix_create();
+- if (!*tree2) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- }
+- cur_node = ldns_radix_first(tree1);
+- while (count < num && cur_node) {
+- if (cur_node->data) {
+- /** Delete current node from tree1. */
+- uint8_t* cur_key = cur_node->key;
+- radix_strlen_t cur_len = cur_node->klen;
+- void* cur_data = ldns_radix_delete(tree1, cur_key,
+- cur_len);
+- /** Insert current node into tree2/ */
+- if (!cur_data) {
+- return LDNS_STATUS_NO_DATA;
+- }
+- status = ldns_radix_insert(*tree2, cur_key, cur_len,
+- cur_data);
+- if (status != LDNS_STATUS_OK &&
+- status != LDNS_STATUS_EXISTS_ERR) {
+- return status;
+- }
+-/*
+- if (status == LDNS_STATUS_OK) {
+- cur_node->key = NULL;
+- cur_node->klen = 0;
+- }
+-*/
+- /** Update count; get first element from tree1 again. */
+- count++;
+- cur_node = ldns_radix_first(tree1);
+- } else {
+- cur_node = ldns_radix_next(cur_node);
+- }
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-
+-/**
+- * Call function for all nodes in the tree, such that leaf nodes are
+- * called before parent nodes.
+- *
+- */
+-void
+-ldns_radix_traverse_postorder(ldns_radix_node_t* node,
+- void (*func)(ldns_radix_node_t*, void*), void* arg)
+-{
+- uint8_t i;
+- if (!node) {
+- return;
+- }
+- for (i=0; i < node->len; i++) {
+- ldns_radix_traverse_postorder(node->array[i].edge,
+- func, arg);
+- }
+- /** Call user function */
+- (*func)(node, arg);
+- return;
+-}
+-
+-
+-/** Static helper functions */
+-
+-/**
+- * Find a prefix of the key.
+- * @param tree: tree.
+- * @param key: key.
+- * @param len: length of key.
+- * @param result: the longest prefix, the entry itself if *pos==len,
+- * otherwise an array entry.
+- * @param pos: position in string where next unmatched byte is.
+- * If *pos==len, an exact match is found.
+- * If *pos== 0, a "" match was found.
+- * @return 0 (false) if no prefix found.
+- *
+- */
+-static int
+-ldns_radix_find_prefix(ldns_radix_t* tree, uint8_t* key,
+- radix_strlen_t len, ldns_radix_node_t** result, radix_strlen_t* respos)
+-{
+- /** Start searching at the root node */
+- ldns_radix_node_t* n = tree->root;
+- radix_strlen_t pos = 0;
+- uint8_t byte;
+- *respos = 0;
+- *result = n;
+- if (!n) {
+- /** No root, no prefix found */
+- return 0;
+- }
+- /** For each node, look if we can make further progress */
+- while (n) {
+- if (pos == len) {
+- /** Exact match */
+- return 1;
+- }
+- byte = key[pos];
+- if (byte < n->offset) {
+- /** key < node */
+- return 1;
+- }
+- byte -= n->offset;
+- if (byte >= n->len) {
+- /** key > node */
+- return 1;
+- }
+- /** So far, the trie matches */
+- pos++;
+- if (n->array[byte].len != 0) {
+- /** Must match additional string */
+- if (pos + n->array[byte].len > len) {
+- return 1; /* no match at child node */
+- }
+- if (memcmp(&key[pos], n->array[byte].str,
+- n->array[byte].len) != 0) {
+- return 1; /* no match at child node */
+- }
+- pos += n->array[byte].len;
+- }
+- /** Continue searching prefix at this child node */
+- n = n->array[byte].edge;
+- if (!n) {
+- return 1;
+- }
+- /** Update the prefix node */
+- *respos = pos;
+- *result = n;
+- }
+- /** Done */
+- return 1;
+-}
+-
+-
+-/**
+- * Make space in the node's array for another byte.
+- * @param node: node.
+- * @param byte: byte.
+- * @return 1 if successful, 0 otherwise.
+- *
+- */
+-static int
+-ldns_radix_array_space(ldns_radix_node_t* node, uint8_t byte)
+-{
+- /** Is there an array? */
+- if (!node->array) {
+- assert(node->capacity == 0);
+- /** No array, create new array */
+- node->array = LDNS_MALLOC(ldns_radix_array_t);
+- if (!node->array) {
+- return 0;
+- }
+- memset(&node->array[0], 0, sizeof(ldns_radix_array_t));
+- node->len = 1;
+- node->capacity = 1;
+- node->offset = byte;
+- return 1;
+- }
+- /** Array exist */
+- assert(node->array != NULL);
+- assert(node->capacity > 0);
+-
+- if (node->len == 0) {
+- /** Unused array */
+- node->len = 1;
+- node->offset = byte;
+- } else if (byte < node->offset) {
+- /** Byte is below the offset */
+- uint8_t index;
+- uint16_t need = node->offset - byte;
+- /** Is there enough capacity? */
+- if (node->len + need > node->capacity) {
+- /** Not enough capacity, grow array */
+- if (!ldns_radix_array_grow(node,
+- (unsigned) (node->len + need))) {
+- return 0; /* failed to grow array */
+- }
+- }
+- /** Move items to the end */
+- memmove(&node->array[need], &node->array[0],
+- node->len*sizeof(ldns_radix_array_t));
+- /** Fix parent index */
+- for (index = 0; index < node->len; index++) {
+- if (node->array[index+need].edge) {
+- node->array[index+need].edge->parent_index =
+- index + need;
+- }
+- }
+- /** Zero the first */
+- memset(&node->array[0], 0, need*sizeof(ldns_radix_array_t));
+- node->len += need;
+- node->offset = byte;
+- } else if (byte - node->offset >= node->len) {
+- /** Byte does not fit in array */
+- uint16_t need = (byte - node->offset) - node->len + 1;
+- /** Is there enough capacity? */
+- if (node->len + need > node->capacity) {
+- /** Not enough capacity, grow array */
+- if (!ldns_radix_array_grow(node,
+- (unsigned) (node->len + need))) {
+- return 0; /* failed to grow array */
+- }
+- }
+- /** Zero the added items */
+- memset(&node->array[node->len], 0,
+- need*sizeof(ldns_radix_array_t));
+- node->len += need;
+- }
+- return 1;
+-}
+-
+-
+-/**
+- * Grow the array.
+- * @param node: node.
+- * @param need: number of elements the array at least need to grow.
+- * Can't be bigger than 256.
+- * @return: 0 if failed, 1 if was successful.
+- *
+- */
+-static int
+-ldns_radix_array_grow(ldns_radix_node_t* node, unsigned need)
+-{
+- unsigned size = ((unsigned)node->capacity)*2;
+- ldns_radix_array_t* a = NULL;
+- if (need > size) {
+- size = need;
+- }
+- if (size > 256) {
+- size = 256;
+- }
+- a = LDNS_XMALLOC(ldns_radix_array_t, size);
+- if (!a) {
+- return 0;
+- }
+- assert(node->len <= node->capacity);
+- assert(node->capacity < size);
+- memcpy(&a[0], &node->array[0], node->len*sizeof(ldns_radix_array_t));
+- LDNS_FREE(node->array);
+- node->array = a;
+- node->capacity = size;
+- return 1;
+-}
+-
+-
+-/**
+- * Create a prefix in the array string.
+- * @param array: array.
+- * @param key: key.
+- * @param pos: start position in key.
+- * @param len: length of key.
+- * @return 0 if failed, 1 if was successful.
+- *
+- */
+-static int
+-ldns_radix_str_create(ldns_radix_array_t* array, uint8_t* key,
+- radix_strlen_t pos, radix_strlen_t len)
+-{
+- array->str = LDNS_XMALLOC(uint8_t, (len-pos));
+- if (!array->str) {
+- return 0;
+- }
+- memmove(array->str, key+pos, len-pos);
+- array->len = (len-pos);
+- return 1;
+-}
+-
+-
+-/**
+- * Allocate remainder from prefixes for a split.
+- * @param prefixlen: length of prefix.
+- * @param longer_str: the longer string.
+- * @param longer_len: the longer string length.
+- * @param split_str: the split string.
+- * @param split_len: the split string length.
+- * @return 0 if failed, 1 if successful.
+- *
+- */
+-static int
+-ldns_radix_prefix_remainder(radix_strlen_t prefix_len,
+- uint8_t* longer_str, radix_strlen_t longer_len,
+- uint8_t** split_str, radix_strlen_t* split_len)
+-{
+- *split_len = longer_len - prefix_len;
+- *split_str = LDNS_XMALLOC(uint8_t, (*split_len));
+- if (!*split_str) {
+- return 0;
+- }
+- memmove(*split_str, longer_str+prefix_len, longer_len-prefix_len);
+- return 1;
+-}
+-
+-
+-/**
+- * Create a split when two nodes have a shared prefix.
+- * @param array: array.
+- * @param key: key.
+- * @param pos: start position in key.
+- * @param len: length of the key.
+- * @param add: node to be added.
+- * @return 0 if failed, 1 if was successful.
+- *
+- */
+-static int
+-ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key,
+- radix_strlen_t pos, radix_strlen_t len, ldns_radix_node_t* add)
+-{
+- uint8_t* str_to_add = key + pos;
+- radix_strlen_t strlen_to_add = len - pos;
+-
+- if (ldns_radix_str_is_prefix(str_to_add, strlen_to_add,
+- array->str, array->len)) {
+- /** The string to add is a prefix of the existing string */
+- uint8_t* split_str = NULL, *dup_str = NULL;
+- radix_strlen_t split_len = 0;
+- /**
+- * Example 5: 'ld'
+- * | [0]
+- * --| [d+ns] dns
+- * --| [e+dns] edns
+- * --| [l+d] ld
+- * ----| [n+s] ldns
+- **/
+- assert(strlen_to_add < array->len);
+- /** Store the remainder in the split string */
+- if (array->len - strlen_to_add > 1) {
+- if (!ldns_radix_prefix_remainder(strlen_to_add+1,
+- array->str, array->len, &split_str,
+- &split_len)) {
+- return 0;
+- }
+- }
+- /** Duplicate the string to add */
+- if (strlen_to_add != 0) {
+- dup_str = LDNS_XMALLOC(uint8_t, strlen_to_add);
+- if (!dup_str) {
+- LDNS_FREE(split_str);
+- return 0;
+- }
+- memcpy(dup_str, str_to_add, strlen_to_add);
+- }
+- /** Make space in array for the new node */
+- if (!ldns_radix_array_space(add,
+- array->str[strlen_to_add])) {
+- LDNS_FREE(split_str);
+- LDNS_FREE(dup_str);
+- return 0;
+- }
+- /**
+- * The added node should go direct under the existing parent.
+- * The existing node should go under the added node.
+- */
+- add->parent = array->edge->parent;
+- add->parent_index = array->edge->parent_index;
+- add->array[0].edge = array->edge;
+- add->array[0].str = split_str;
+- add->array[0].len = split_len;
+- array->edge->parent = add;
+- array->edge->parent_index = 0;
+- LDNS_FREE(array->str);
+- array->edge = add;
+- array->str = dup_str;
+- array->len = strlen_to_add;
+- } else if (ldns_radix_str_is_prefix(array->str, array->len,
+- str_to_add, strlen_to_add)) {
+- /** The existing string is a prefix of the string to add */
+- /**
+- * Example 6: 'dns-ng'
+- * | [0]
+- * --| [d+ns] dns
+- * ----| [-+ng] dns-ng
+- * --| [e+dns] edns
+- * --| [l+d] ld
+- * ----| [n+s] ldns
+- **/
+- uint8_t* split_str = NULL;
+- radix_strlen_t split_len = 0;
+- assert(array->len < strlen_to_add);
+- if (strlen_to_add - array->len > 1) {
+- if (!ldns_radix_prefix_remainder(array->len+1,
+- str_to_add, strlen_to_add, &split_str,
+- &split_len)) {
+- return 0;
+- }
+- }
+- /** Make space in array for the new node */
+- if (!ldns_radix_array_space(array->edge,
+- str_to_add[array->len])) {
+- LDNS_FREE(split_str);
+- return 0;
+- }
+- /**
+- * The added node should go direct under the existing node.
+- */
+- add->parent = array->edge;
+- add->parent_index = str_to_add[array->len] -
+- array->edge->offset;
+- array->edge->array[add->parent_index].edge = add;
+- array->edge->array[add->parent_index].str = split_str;
+- array->edge->array[add->parent_index].len = split_len;
+- } else {
+- /** Create a new split node. */
+- /**
+- * Example 7: 'dndns'
+- * | [0]
+- * --| [d+n]
+- * ----| [d+ns] dndns
+- * ----| [s] dns
+- * ------| [-+ng] dns-ng
+- * --| [e+dns] edns
+- * --| [l+d] ld
+- * ----| [n+s] ldns
+- **/
+- ldns_radix_node_t* common = NULL;
+- uint8_t* common_str = NULL, *s1 = NULL, *s2 = NULL;
+- radix_strlen_t common_len = 0, l1 = 0, l2 = 0;
+- common_len = ldns_radix_str_common(array->str, array->len,
+- str_to_add, strlen_to_add);
+- assert(common_len < array->len);
+- assert(common_len < strlen_to_add);
+- /** Create the new common node. */
+- common = ldns_radix_new_node(NULL, (uint8_t*)"", 0);
+- if (!common) {
+- return 0;
+- }
+- if (array->len - common_len > 1) {
+- if (!ldns_radix_prefix_remainder(common_len+1,
+- array->str, array->len, &s1, &l1)) {
+- return 0;
+- }
+- }
+- if (strlen_to_add - common_len > 1) {
+- if (!ldns_radix_prefix_remainder(common_len+1,
+- str_to_add, strlen_to_add, &s2, &l2)) {
+- return 0;
+- }
+- }
+- /** Create the shared prefix. */
+- if (common_len > 0) {
+- common_str = LDNS_XMALLOC(uint8_t, common_len);
+- if (!common_str) {
+- LDNS_FREE(common);
+- LDNS_FREE(s1);
+- LDNS_FREE(s2);
+- return 0;
+- }
+- memcpy(common_str, str_to_add, common_len);
+- }
+- /** Make space in the common node array. */
+- if (!ldns_radix_array_space(common, array->str[common_len]) ||
+- !ldns_radix_array_space(common, str_to_add[common_len])) {
+- LDNS_FREE(common->array);
+- LDNS_FREE(common);
+- LDNS_FREE(common_str);
+- LDNS_FREE(s1);
+- LDNS_FREE(s2);
+- return 0;
+- }
+- /**
+- * The common node should go direct under the parent node.
+- * The added and existing nodes go under the common node.
+- */
+- common->parent = array->edge->parent;
+- common->parent_index = array->edge->parent_index;
+- array->edge->parent = common;
+- array->edge->parent_index = array->str[common_len] -
+- common->offset;
+- add->parent = common;
+- add->parent_index = str_to_add[common_len] - common->offset;
+- common->array[array->edge->parent_index].edge = array->edge;
+- common->array[array->edge->parent_index].str = s1;
+- common->array[array->edge->parent_index].len = l1;
+- common->array[add->parent_index].edge = add;
+- common->array[add->parent_index].str = s2;
+- common->array[add->parent_index].len = l2;
+- LDNS_FREE(array->str);
+- array->edge = common;
+- array->str = common_str;
+- array->len = common_len;
+- }
+- return 1;
+-}
+-
+-
+-/**
+- * Check if one string prefix of other string.
+- * @param str1: one string.
+- * @param len1: one string length.
+- * @param str2: other string.
+- * @param len2: other string length.
+- * @return 1 if prefix, 0 otherwise.
+- *
+- */
+-static int
+-ldns_radix_str_is_prefix(uint8_t* str1, radix_strlen_t len1,
+- uint8_t* str2, radix_strlen_t len2)
+-{
+- if (len1 == 0) {
+- return 1; /* empty prefix is also a prefix */
+- }
+- if (len1 > len2) {
+- return 0; /* len1 is longer so str1 cannot be a prefix */
+- }
+- return (memcmp(str1, str2, len1) == 0);
+-}
+-
+-
+-/**
+- * Return the number of bytes in common for the two strings.
+- * @param str1: one string.
+- * @param len1: one string length.
+- * @param str2: other string.
+- * @param len2: other string length.
+- * @return length of substring that the two strings have in common.
+- *
+- */
+-static radix_strlen_t
+-ldns_radix_str_common(uint8_t* str1, radix_strlen_t len1,
+- uint8_t* str2, radix_strlen_t len2)
+-{
+- radix_strlen_t i, max = (len1<len2)?len1:len2;
+- for (i=0; i<max; i++) {
+- if (str1[i] != str2[i]) {
+- return i;
+- }
+- }
+- return max;
+-}
+-
+-
+-/**
+- * Find the next element in the subtree of this node.
+- * @param node: node.
+- * @return: node with next element.
+- *
+- */
+-static ldns_radix_node_t*
+-ldns_radix_next_in_subtree(ldns_radix_node_t* node)
+-{
+- uint16_t i;
+- ldns_radix_node_t* next;
+- /** Try every subnode. */
+- for (i = 0; i < node->len; i++) {
+- if (node->array[i].edge) {
+- /** Node itself. */
+- if (node->array[i].edge->data) {
+- return node->array[i].edge;
+- }
+- /** Dive into subtree. */
+- next = ldns_radix_next_in_subtree(node->array[i].edge);
+- if (next) {
+- return next;
+- }
+- }
+- }
+- return NULL;
+-}
+-
+-
+-/**
+- * Find the previous element in the array of this node, from index.
+- * @param node: node.
+- * @param index: index.
+- * @return previous node from index.
+- *
+- */
+-static ldns_radix_node_t*
+-ldns_radix_prev_from_index(ldns_radix_node_t* node, uint8_t index)
+-{
+- uint8_t i = index;
+- while (i > 0) {
+- i--;
+- if (node->array[i].edge) {
+- ldns_radix_node_t* prev =
+- ldns_radix_last_in_subtree_incl_self(node);
+- if (prev) {
+- return prev;
+- }
+- }
+- }
+- return NULL;
+-}
+-
+-
+-/**
+- * Find last node in subtree, or this node (if have data).
+- * @param node: node.
+- * @return last node in subtree, or this node, or NULL.
+- *
+- */
+-static ldns_radix_node_t*
+-ldns_radix_last_in_subtree_incl_self(ldns_radix_node_t* node)
+-{
+- ldns_radix_node_t* last = ldns_radix_last_in_subtree(node);
+- if (last) {
+- return last;
+- } else if (node->data) {
+- return node;
+- }
+- return NULL;
+-}
+-
+-
+-/**
+- * Find last node in subtree.
+- * @param node: node.
+- * @return last node in subtree.
+- *
+- */
+-static ldns_radix_node_t*
+-ldns_radix_last_in_subtree(ldns_radix_node_t* node)
+-{
+- int i;
+- /** Look for the most right leaf node. */
+- for (i=(int)(node->len)-1; i >= 0; i--) {
+- if (node->array[i].edge) {
+- /** Keep looking for the most right leaf node. */
+- if (node->array[i].edge->len > 0) {
+- ldns_radix_node_t* last =
+- ldns_radix_last_in_subtree(
+- node->array[i].edge);
+- if (last) {
+- return last;
+- }
+- }
+- /** Could this be the most right leaf node? */
+- if (node->array[i].edge->data) {
+- return node->array[i].edge;
+- }
+- }
+- }
+- return NULL;
+-}
+-
+-
+-/**
+- * Fix tree after deleting element.
+- * @param tree: tree.
+- * @param node: node with deleted element.
+- *
+- */
+-static void
+-ldns_radix_del_fix(ldns_radix_t* tree, ldns_radix_node_t* node)
+-{
+- while (node) {
+- if (node->data) {
+- /** Thou should not delete nodes with data attached. */
+- return;
+- } else if (node->len == 1 && node->parent) {
+- /** Node with one child is fold back into. */
+- ldns_radix_cleanup_onechild(node);
+- return;
+- } else if (node->len == 0) {
+- /** Leaf node. */
+- ldns_radix_node_t* parent = node->parent;
+- if (!parent) {
+- /** The root is a leaf node. */
+- ldns_radix_node_free(node, NULL);
+- tree->root = NULL;
+- return;
+- }
+- /** Cleanup leaf node and continue with parent. */
+- ldns_radix_cleanup_leaf(node);
+- node = parent;
+- } else {
+- /**
+- * Node cannot be deleted, because it has edge nodes
+- * and no parent to fix up to.
+- */
+- return;
+- }
+- }
+- /** Not reached. */
+- return;
+-}
+-
+-
+-/**
+- * Clean up a node with one child.
+- * @param node: node with one child.
+- *
+- */
+-static void
+-ldns_radix_cleanup_onechild(ldns_radix_node_t* node)
+-{
+- uint8_t* join_str;
+- radix_strlen_t join_len;
+- uint8_t parent_index = node->parent_index;
+- ldns_radix_node_t* child = node->array[0].edge;
+- ldns_radix_node_t* parent = node->parent;
+-
+- /** Node has one child, merge the child node into the parent node. */
+- assert(parent_index < parent->len);
+- join_len = parent->array[parent_index].len + node->array[0].len + 1;
+-
+- join_str = LDNS_XMALLOC(uint8_t, join_len);
+- if (!join_str) {
+- /**
+- * Cleanup failed due to out of memory.
+- * This tree is now inefficient, with the empty node still
+- * existing, but it is still valid.
+- */
+- return;
+- }
+-
+- memcpy(join_str, parent->array[parent_index].str,
+- parent->array[parent_index].len);
+- join_str[parent->array[parent_index].len] = child->parent_index +
+- node->offset;
+- memmove(join_str + parent->array[parent_index].len+1,
+- node->array[0].str, node->array[0].len);
+-
+- LDNS_FREE(parent->array[parent_index].str);
+- parent->array[parent_index].str = join_str;
+- parent->array[parent_index].len = join_len;
+- parent->array[parent_index].edge = child;
+- child->parent = parent;
+- child->parent_index = parent_index;
+- ldns_radix_node_free(node, NULL);
+- return;
+-}
+-
+-
+-/**
+- * Clean up a leaf node.
+- * @param node: leaf node.
+- *
+- */
+-static void
+-ldns_radix_cleanup_leaf(ldns_radix_node_t* node)
+-{
+- uint8_t parent_index = node->parent_index;
+- ldns_radix_node_t* parent = node->parent;
+- /** Delete lead node and fix parent array. */
+- assert(parent_index < parent->len);
+- ldns_radix_node_free(node, NULL);
+- LDNS_FREE(parent->array[parent_index].str);
+- parent->array[parent_index].str = NULL;
+- parent->array[parent_index].len = 0;
+- parent->array[parent_index].edge = NULL;
+- /** Fix array in parent. */
+- if (parent->len == 1) {
+- ldns_radix_node_array_free(parent);
+- } else if (parent_index == 0) {
+- ldns_radix_node_array_free_front(parent);
+- } else {
+- ldns_radix_node_array_free_end(parent);
+- }
+- return;
+-}
+-
+-
+-/**
+- * Free a radix node.
+- * @param node: node.
+- * @param arg: user argument.
+- *
+- */
+-static void
+-ldns_radix_node_free(ldns_radix_node_t* node, void* arg)
+-{
+- uint16_t i;
+- (void) arg;
+- if (!node) {
+- return;
+- }
+- for (i=0; i < node->len; i++) {
+- LDNS_FREE(node->array[i].str);
+- }
+- node->key = NULL;
+- node->klen = 0;
+- LDNS_FREE(node->array);
+- LDNS_FREE(node);
+- return;
+-}
+-
+-
+-/**
+- * Free select edge array.
+- * @param node: node.
+- *
+- */
+-static void
+-ldns_radix_node_array_free(ldns_radix_node_t* node)
+-{
+- node->offset = 0;
+- node->len = 0;
+- LDNS_FREE(node->array);
+- node->array = NULL;
+- node->capacity = 0;
+- return;
+-}
+-
+-
+-/**
+- * Free front of select edge array.
+- * @param node: node.
+- *
+- */
+-static void
+-ldns_radix_node_array_free_front(ldns_radix_node_t* node)
+-{
+- uint16_t i, n = 0;
+- /** Remove until a non NULL entry. */
+- while (n < node->len && node->array[n].edge == NULL) {
+- n++;
+- }
+- if (n == 0) {
+- return;
+- }
+- if (n == node->len) {
+- ldns_radix_node_array_free(node);
+- return;
+- }
+- assert(n < node->len);
+- assert((int) n <= (255 - (int) node->offset));
+- memmove(&node->array[0], &node->array[n],
+- (node->len - n)*sizeof(ldns_radix_array_t));
+- node->offset += n;
+- node->len -= n;
+- for (i=0; i < node->len; i++) {
+- if (node->array[i].edge) {
+- node->array[i].edge->parent_index = i;
+- }
+- }
+- ldns_radix_array_reduce(node);
+- return;
+-}
+-
+-
+-/**
+- * Free front of select edge array.
+- * @param node: node.
+- *
+- */
+-static void
+-ldns_radix_node_array_free_end(ldns_radix_node_t* node)
+-{
+- uint16_t n = 0;
+- /** Shorten array. */
+- while (n < node->len && node->array[node->len-1-n].edge == NULL) {
+- n++;
+- }
+- if (n == 0) {
+- return;
+- }
+- if (n == node->len) {
+- ldns_radix_node_array_free(node);
+- return;
+- }
+- assert(n < node->len);
+- node->len -= n;
+- ldns_radix_array_reduce(node);
+- return;
+-}
+-
+-
+-/**
+- * Reduce the capacity of the array if needed.
+- * @param node: node.
+- *
+- */
+-static void
+-ldns_radix_array_reduce(ldns_radix_node_t* node)
+-{
+- if (node->len <= node->capacity/2 && node->len != node->capacity) {
+- ldns_radix_array_t* a = LDNS_XMALLOC(ldns_radix_array_t,
+- node->len);
+- if (!a) {
+- return;
+- }
+- memcpy(a, node->array, sizeof(ldns_radix_array_t)*node->len);
+- LDNS_FREE(node->array);
+- node->array = a;
+- node->capacity = node->len;
+- }
+- return;
+-}
+-
+-
+-/**
+- * Return this element if it exists, the previous otherwise.
+- * @param node: from this node.
+- * @param result: result node.
+- *
+- */
+-static void
+-ldns_radix_self_or_prev(ldns_radix_node_t* node, ldns_radix_node_t** result)
+-{
+- if (node->data) {
+- *result = node;
+- } else {
+- *result = ldns_radix_prev(node);
+- }
+- return;
+-}
+diff --git a/src/ldns/rbtree.c b/src/ldns/rbtree.c
+deleted file mode 100644
+index b89dff7..0000000
+--- a/src/ldns/rbtree.c
++++ /dev/null
+@@ -1,670 +0,0 @@
+-/*
+- * rbtree.c -- generic red black tree
+- *
+- * Taken from Unbound, modified for ldns
+- *
+- * Copyright (c) 2001-2008, NLnet Labs. All rights reserved.
+- *
+- * This software is open source.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- *
+- * Redistributions of source code must retain the above copyright notice,
+- * this list of conditions and the following disclaimer.
+- *
+- * Redistributions in binary form must reproduce the above copyright notice,
+- * this list of conditions and the following disclaimer in the documentation
+- * and/or other materials provided with the distribution.
+- *
+- * Neither the name of the NLNET LABS nor the names of its contributors may
+- * be used to endorse or promote products derived from this software without
+- * specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+- *
+- */
+-
+-/**
+- * \file
+- * Implementation of a redblack tree.
+- */
+-
+-#include <ldns/config.h>
+-#include <ldns/rbtree.h>
+-#include <ldns/util.h>
+-#include <stdlib.h>
+-
+-/** Node colour black */
+-#define BLACK 0
+-/** Node colour red */
+-#define RED 1
+-
+-/** the NULL node, global alloc */
+-ldns_rbnode_t ldns_rbtree_null_node = {
+- LDNS_RBTREE_NULL, /* Parent. */
+- LDNS_RBTREE_NULL, /* Left. */
+- LDNS_RBTREE_NULL, /* Right. */
+- NULL, /* Key. */
+- NULL, /* Data. */
+- BLACK /* Color. */
+-};
+-
+-/** rotate subtree left (to preserve redblack property) */
+-static void ldns_rbtree_rotate_left(ldns_rbtree_t *rbtree, ldns_rbnode_t *node);
+-/** rotate subtree right (to preserve redblack property) */
+-static void ldns_rbtree_rotate_right(ldns_rbtree_t *rbtree, ldns_rbnode_t *node);
+-/** Fixup node colours when insert happened */
+-static void ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node);
+-/** Fixup node colours when delete happened */
+-static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent);
+-
+-/*
+- * Creates a new red black tree, intializes and returns a pointer to it.
+- *
+- * Return NULL on failure.
+- *
+- */
+-ldns_rbtree_t *
+-ldns_rbtree_create (int (*cmpf)(const void *, const void *))
+-{
+- ldns_rbtree_t *rbtree;
+-
+- /* Allocate memory for it */
+- rbtree = (ldns_rbtree_t *) LDNS_MALLOC(ldns_rbtree_t);
+- if (!rbtree) {
+- return NULL;
+- }
+-
+- /* Initialize it */
+- ldns_rbtree_init(rbtree, cmpf);
+-
+- return rbtree;
+-}
+-
+-void
+-ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *))
+-{
+- /* Initialize it */
+- rbtree->root = LDNS_RBTREE_NULL;
+- rbtree->count = 0;
+- rbtree->cmp = cmpf;
+-}
+-
+-void
+-ldns_rbtree_free(ldns_rbtree_t *rbtree)
+-{
+- LDNS_FREE(rbtree);
+-}
+-
+-/*
+- * Rotates the node to the left.
+- *
+- */
+-static void
+-ldns_rbtree_rotate_left(ldns_rbtree_t *rbtree, ldns_rbnode_t *node)
+-{
+- ldns_rbnode_t *right = node->right;
+- node->right = right->left;
+- if (right->left != LDNS_RBTREE_NULL)
+- right->left->parent = node;
+-
+- right->parent = node->parent;
+-
+- if (node->parent != LDNS_RBTREE_NULL) {
+- if (node == node->parent->left) {
+- node->parent->left = right;
+- } else {
+- node->parent->right = right;
+- }
+- } else {
+- rbtree->root = right;
+- }
+- right->left = node;
+- node->parent = right;
+-}
+-
+-/*
+- * Rotates the node to the right.
+- *
+- */
+-static void
+-ldns_rbtree_rotate_right(ldns_rbtree_t *rbtree, ldns_rbnode_t *node)
+-{
+- ldns_rbnode_t *left = node->left;
+- node->left = left->right;
+- if (left->right != LDNS_RBTREE_NULL)
+- left->right->parent = node;
+-
+- left->parent = node->parent;
+-
+- if (node->parent != LDNS_RBTREE_NULL) {
+- if (node == node->parent->right) {
+- node->parent->right = left;
+- } else {
+- node->parent->left = left;
+- }
+- } else {
+- rbtree->root = left;
+- }
+- left->right = node;
+- node->parent = left;
+-}
+-
+-static void
+-ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node)
+-{
+- ldns_rbnode_t *uncle;
+-
+- /* While not at the root and need fixing... */
+- while (node != rbtree->root && node->parent->color == RED) {
+- /* If our parent is left child of our grandparent... */
+- if (node->parent == node->parent->parent->left) {
+- uncle = node->parent->parent->right;
+-
+- /* If our uncle is red... */
+- if (uncle->color == RED) {
+- /* Paint the parent and the uncle black... */
+- node->parent->color = BLACK;
+- uncle->color = BLACK;
+-
+- /* And the grandparent red... */
+- node->parent->parent->color = RED;
+-
+- /* And continue fixing the grandparent */
+- node = node->parent->parent;
+- } else { /* Our uncle is black... */
+- /* Are we the right child? */
+- if (node == node->parent->right) {
+- node = node->parent;
+- ldns_rbtree_rotate_left(rbtree, node);
+- }
+- /* Now we're the left child, repaint and rotate... */
+- node->parent->color = BLACK;
+- node->parent->parent->color = RED;
+- ldns_rbtree_rotate_right(rbtree, node->parent->parent);
+- }
+- } else {
+- uncle = node->parent->parent->left;
+-
+- /* If our uncle is red... */
+- if (uncle->color == RED) {
+- /* Paint the parent and the uncle black... */
+- node->parent->color = BLACK;
+- uncle->color = BLACK;
+-
+- /* And the grandparent red... */
+- node->parent->parent->color = RED;
+-
+- /* And continue fixing the grandparent */
+- node = node->parent->parent;
+- } else { /* Our uncle is black... */
+- /* Are we the right child? */
+- if (node == node->parent->left) {
+- node = node->parent;
+- ldns_rbtree_rotate_right(rbtree, node);
+- }
+- /* Now we're the right child, repaint and rotate... */
+- node->parent->color = BLACK;
+- node->parent->parent->color = RED;
+- ldns_rbtree_rotate_left(rbtree, node->parent->parent);
+- }
+- }
+- }
+- rbtree->root->color = BLACK;
+-}
+-
+-void
+-ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree)
+-{
+- (void) ldns_rbtree_insert((ldns_rbtree_t *) rbtree,
+- data);
+-}
+-
+-/*
+- * Inserts a node into a red black tree.
+- *
+- * Returns NULL on failure or the pointer to the newly added node
+- * otherwise.
+- */
+-ldns_rbnode_t *
+-ldns_rbtree_insert (ldns_rbtree_t *rbtree, ldns_rbnode_t *data)
+-{
+- /* XXX Not necessary, but keeps compiler quiet... */
+- int r = 0;
+-
+- /* We start at the root of the tree */
+- ldns_rbnode_t *node = rbtree->root;
+- ldns_rbnode_t *parent = LDNS_RBTREE_NULL;
+-
+- /* Lets find the new parent... */
+- while (node != LDNS_RBTREE_NULL) {
+- /* Compare two keys, do we have a duplicate? */
+- if ((r = rbtree->cmp(data->key, node->key)) == 0) {
+- return NULL;
+- }
+- parent = node;
+-
+- if (r < 0) {
+- node = node->left;
+- } else {
+- node = node->right;
+- }
+- }
+-
+- /* Initialize the new node */
+- data->parent = parent;
+- data->left = data->right = LDNS_RBTREE_NULL;
+- data->color = RED;
+- rbtree->count++;
+-
+- /* Insert it into the tree... */
+- if (parent != LDNS_RBTREE_NULL) {
+- if (r < 0) {
+- parent->left = data;
+- } else {
+- parent->right = data;
+- }
+- } else {
+- rbtree->root = data;
+- }
+-
+- /* Fix up the red-black properties... */
+- ldns_rbtree_insert_fixup(rbtree, data);
+-
+- return data;
+-}
+-
+-/*
+- * Searches the red black tree, returns the data if key is found or NULL otherwise.
+- *
+- */
+-ldns_rbnode_t *
+-ldns_rbtree_search (ldns_rbtree_t *rbtree, const void *key)
+-{
+- ldns_rbnode_t *node;
+-
+- if (ldns_rbtree_find_less_equal(rbtree, key, &node)) {
+- return node;
+- } else {
+- return NULL;
+- }
+-}
+-
+-/** helpers for delete: swap node colours */
+-static void swap_int8(uint8_t* x, uint8_t* y)
+-{
+- uint8_t t = *x; *x = *y; *y = t;
+-}
+-
+-/** helpers for delete: swap node pointers */
+-static void swap_np(ldns_rbnode_t** x, ldns_rbnode_t** y)
+-{
+- ldns_rbnode_t* t = *x; *x = *y; *y = t;
+-}
+-
+-/** Update parent pointers of child trees of 'parent' */
+-static void change_parent_ptr(ldns_rbtree_t* rbtree, ldns_rbnode_t* parent, ldns_rbnode_t* old, ldns_rbnode_t* new)
+-{
+- if(parent == LDNS_RBTREE_NULL)
+- {
+- if(rbtree->root == old) rbtree->root = new;
+- return;
+- }
+- if(parent->left == old) parent->left = new;
+- if(parent->right == old) parent->right = new;
+-}
+-/** Update parent pointer of a node 'child' */
+-static void change_child_ptr(ldns_rbnode_t* child, ldns_rbnode_t* old, ldns_rbnode_t* new)
+-{
+- if(child == LDNS_RBTREE_NULL) return;
+- if(child->parent == old) child->parent = new;
+-}
+-
+-ldns_rbnode_t*
+-ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key)
+-{
+- ldns_rbnode_t *to_delete;
+- ldns_rbnode_t *child;
+- if((to_delete = ldns_rbtree_search(rbtree, key)) == 0) return 0;
+- rbtree->count--;
+-
+- /* make sure we have at most one non-leaf child */
+- if(to_delete->left != LDNS_RBTREE_NULL &&
+- to_delete->right != LDNS_RBTREE_NULL)
+- {
+- /* swap with smallest from right subtree (or largest from left) */
+- ldns_rbnode_t *smright = to_delete->right;
+- while(smright->left != LDNS_RBTREE_NULL)
+- smright = smright->left;
+- /* swap the smright and to_delete elements in the tree,
+- * but the ldns_rbnode_t is first part of user data struct
+- * so cannot just swap the keys and data pointers. Instead
+- * readjust the pointers left,right,parent */
+-
+- /* swap colors - colors are tied to the position in the tree */
+- swap_int8(&to_delete->color, &smright->color);
+-
+- /* swap child pointers in parents of smright/to_delete */
+- change_parent_ptr(rbtree, to_delete->parent, to_delete, smright);
+- if(to_delete->right != smright)
+- change_parent_ptr(rbtree, smright->parent, smright, to_delete);
+-
+- /* swap parent pointers in children of smright/to_delete */
+- change_child_ptr(smright->left, smright, to_delete);
+- change_child_ptr(smright->left, smright, to_delete);
+- change_child_ptr(smright->right, smright, to_delete);
+- change_child_ptr(smright->right, smright, to_delete);
+- change_child_ptr(to_delete->left, to_delete, smright);
+- if(to_delete->right != smright)
+- change_child_ptr(to_delete->right, to_delete, smright);
+- if(to_delete->right == smright)
+- {
+- /* set up so after swap they work */
+- to_delete->right = to_delete;
+- smright->parent = smright;
+- }
+-
+- /* swap pointers in to_delete/smright nodes */
+- swap_np(&to_delete->parent, &smright->parent);
+- swap_np(&to_delete->left, &smright->left);
+- swap_np(&to_delete->right, &smright->right);
+-
+- /* now delete to_delete (which is at the location where the smright previously was) */
+- }
+-
+- if(to_delete->left != LDNS_RBTREE_NULL) child = to_delete->left;
+- else child = to_delete->right;
+-
+- /* unlink to_delete from the tree, replace to_delete with child */
+- change_parent_ptr(rbtree, to_delete->parent, to_delete, child);
+- change_child_ptr(child, to_delete, to_delete->parent);
+-
+- if(to_delete->color == RED)
+- {
+- /* if node is red then the child (black) can be swapped in */
+- }
+- else if(child->color == RED)
+- {
+- /* change child to BLACK, removing a RED node is no problem */
+- if(child!=LDNS_RBTREE_NULL) child->color = BLACK;
+- }
+- else ldns_rbtree_delete_fixup(rbtree, child, to_delete->parent);
+-
+- /* unlink completely */
+- to_delete->parent = LDNS_RBTREE_NULL;
+- to_delete->left = LDNS_RBTREE_NULL;
+- to_delete->right = LDNS_RBTREE_NULL;
+- to_delete->color = BLACK;
+- return to_delete;
+-}
+-
+-static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent)
+-{
+- ldns_rbnode_t* sibling;
+- int go_up = 1;
+-
+- /* determine sibling to the node that is one-black short */
+- if(child_parent->right == child) sibling = child_parent->left;
+- else sibling = child_parent->right;
+-
+- while(go_up)
+- {
+- if(child_parent == LDNS_RBTREE_NULL)
+- {
+- /* removed parent==black from root, every path, so ok */
+- return;
+- }
+-
+- if(sibling->color == RED)
+- { /* rotate to get a black sibling */
+- child_parent->color = RED;
+- sibling->color = BLACK;
+- if(child_parent->right == child)
+- ldns_rbtree_rotate_right(rbtree, child_parent);
+- else ldns_rbtree_rotate_left(rbtree, child_parent);
+- /* new sibling after rotation */
+- if(child_parent->right == child) sibling = child_parent->left;
+- else sibling = child_parent->right;
+- }
+-
+- if(child_parent->color == BLACK
+- && sibling->color == BLACK
+- && sibling->left->color == BLACK
+- && sibling->right->color == BLACK)
+- { /* fixup local with recolor of sibling */
+- if(sibling != LDNS_RBTREE_NULL)
+- sibling->color = RED;
+-
+- child = child_parent;
+- child_parent = child_parent->parent;
+- /* prepare to go up, new sibling */
+- if(child_parent->right == child) sibling = child_parent->left;
+- else sibling = child_parent->right;
+- }
+- else go_up = 0;
+- }
+-
+- if(child_parent->color == RED
+- && sibling->color == BLACK
+- && sibling->left->color == BLACK
+- && sibling->right->color == BLACK)
+- {
+- /* move red to sibling to rebalance */
+- if(sibling != LDNS_RBTREE_NULL)
+- sibling->color = RED;
+- child_parent->color = BLACK;
+- return;
+- }
+-
+- /* get a new sibling, by rotating at sibling. See which child
+- of sibling is red */
+- if(child_parent->right == child
+- && sibling->color == BLACK
+- && sibling->right->color == RED
+- && sibling->left->color == BLACK)
+- {
+- sibling->color = RED;
+- sibling->right->color = BLACK;
+- ldns_rbtree_rotate_left(rbtree, sibling);
+- /* new sibling after rotation */
+- if(child_parent->right == child) sibling = child_parent->left;
+- else sibling = child_parent->right;
+- }
+- else if(child_parent->left == child
+- && sibling->color == BLACK
+- && sibling->left->color == RED
+- && sibling->right->color == BLACK)
+- {
+- sibling->color = RED;
+- sibling->left->color = BLACK;
+- ldns_rbtree_rotate_right(rbtree, sibling);
+- /* new sibling after rotation */
+- if(child_parent->right == child) sibling = child_parent->left;
+- else sibling = child_parent->right;
+- }
+-
+- /* now we have a black sibling with a red child. rotate and exchange colors. */
+- sibling->color = child_parent->color;
+- child_parent->color = BLACK;
+- if(child_parent->right == child)
+- {
+- sibling->left->color = BLACK;
+- ldns_rbtree_rotate_right(rbtree, child_parent);
+- }
+- else
+- {
+- sibling->right->color = BLACK;
+- ldns_rbtree_rotate_left(rbtree, child_parent);
+- }
+-}
+-
+-int
+-ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key, ldns_rbnode_t **result)
+-{
+- int r;
+- ldns_rbnode_t *node;
+-
+- /* We start at root... */
+- node = rbtree->root;
+-
+- *result = NULL;
+-
+- /* While there are children... */
+- while (node != LDNS_RBTREE_NULL) {
+- r = rbtree->cmp(key, node->key);
+- if (r == 0) {
+- /* Exact match */
+- *result = node;
+- return 1;
+- }
+- if (r < 0) {
+- node = node->left;
+- } else {
+- /* Temporary match */
+- *result = node;
+- node = node->right;
+- }
+- }
+- return 0;
+-}
+-
+-/*
+- * Finds the first element in the red black tree
+- *
+- */
+-ldns_rbnode_t *
+-ldns_rbtree_first (ldns_rbtree_t *rbtree)
+-{
+- ldns_rbnode_t *node = rbtree->root;
+-
+- if (rbtree->root != LDNS_RBTREE_NULL) {
+- for (node = rbtree->root; node->left != LDNS_RBTREE_NULL; node = node->left);
+- }
+- return node;
+-}
+-
+-ldns_rbnode_t *
+-ldns_rbtree_last (ldns_rbtree_t *rbtree)
+-{
+- ldns_rbnode_t *node = rbtree->root;
+-
+- if (rbtree->root != LDNS_RBTREE_NULL) {
+- for (node = rbtree->root; node->right != LDNS_RBTREE_NULL; node = node->right);
+- }
+- return node;
+-}
+-
+-/*
+- * Returns the next node...
+- *
+- */
+-ldns_rbnode_t *
+-ldns_rbtree_next (ldns_rbnode_t *node)
+-{
+- ldns_rbnode_t *parent;
+-
+- if (node->right != LDNS_RBTREE_NULL) {
+- /* One right, then keep on going left... */
+- for (node = node->right;
+- node->left != LDNS_RBTREE_NULL;
+- node = node->left);
+- } else {
+- parent = node->parent;
+- while (parent != LDNS_RBTREE_NULL && node == parent->right) {
+- node = parent;
+- parent = parent->parent;
+- }
+- node = parent;
+- }
+- return node;
+-}
+-
+-ldns_rbnode_t *
+-ldns_rbtree_previous(ldns_rbnode_t *node)
+-{
+- ldns_rbnode_t *parent;
+-
+- if (node->left != LDNS_RBTREE_NULL) {
+- /* One left, then keep on going right... */
+- for (node = node->left;
+- node->right != LDNS_RBTREE_NULL;
+- node = node->right);
+- } else {
+- parent = node->parent;
+- while (parent != LDNS_RBTREE_NULL && node == parent->left) {
+- node = parent;
+- parent = parent->parent;
+- }
+- node = parent;
+- }
+- return node;
+-}
+-
+-/**
+- * split off elements number of elements from the start
+- * of the name tree and return a new tree
+- */
+-ldns_rbtree_t *
+-ldns_rbtree_split(ldns_rbtree_t *tree,
+- size_t elements)
+-{
+- ldns_rbtree_t *new_tree;
+- ldns_rbnode_t *cur_node;
+- ldns_rbnode_t *move_node;
+- size_t count = 0;
+-
+- new_tree = ldns_rbtree_create(tree->cmp);
+-
+- cur_node = ldns_rbtree_first(tree);
+- while (count < elements && cur_node != LDNS_RBTREE_NULL) {
+- move_node = ldns_rbtree_delete(tree, cur_node->key);
+- (void)ldns_rbtree_insert(new_tree, move_node);
+- cur_node = ldns_rbtree_first(tree);
+- count++;
+- }
+-
+- return new_tree;
+-}
+-
+-/*
+- * add all node from the second tree to the first (removing them from the
+- * second), and fix up nsec(3)s if present
+- */
+-void
+-ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2)
+-{
+- ldns_traverse_postorder(tree2, ldns_rbtree_insert_vref, tree1);
+-}
+-
+-/** recursive descent traverse */
+-static void
+-traverse_post(void (*func)(ldns_rbnode_t*, void*), void* arg,
+- ldns_rbnode_t* node)
+-{
+- if(!node || node == LDNS_RBTREE_NULL)
+- return;
+- /* recurse */
+- traverse_post(func, arg, node->left);
+- traverse_post(func, arg, node->right);
+- /* call user func */
+- (*func)(node, arg);
+-}
+-
+-void
+-ldns_traverse_postorder(ldns_rbtree_t* tree,
+- void (*func)(ldns_rbnode_t*, void*), void* arg)
+-{
+- traverse_post(func, arg, tree->root);
+-}
+diff --git a/src/ldns/rdata.c b/src/ldns/rdata.c
+deleted file mode 100644
+index 6eb0096..0000000
+--- a/src/ldns/rdata.c
++++ /dev/null
+@@ -1,757 +0,0 @@
+-/*
+- * rdata.c
+- *
+- * rdata implementation
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-/*
+- * Access functions
+- * do this as functions to get type checking
+- */
+-
+-/* read */
+-size_t
+-ldns_rdf_size(const ldns_rdf *rd)
+-{
+- assert(rd != NULL);
+- return rd->_size;
+-}
+-
+-ldns_rdf_type
+-ldns_rdf_get_type(const ldns_rdf *rd)
+-{
+- assert(rd != NULL);
+- return rd->_type;
+-}
+-
+-uint8_t *
+-ldns_rdf_data(const ldns_rdf *rd)
+-{
+- assert(rd != NULL);
+- return rd->_data;
+-}
+-
+-/* write */
+-void
+-ldns_rdf_set_size(ldns_rdf *rd, size_t size)
+-{
+- assert(rd != NULL);
+- rd->_size = size;
+-}
+-
+-void
+-ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type)
+-{
+- assert(rd != NULL);
+- rd->_type = type;
+-}
+-
+-void
+-ldns_rdf_set_data(ldns_rdf *rd, void *data)
+-{
+- /* only copy the pointer */
+- assert(rd != NULL);
+- rd->_data = data;
+-}
+-
+-/* for types that allow it, return
+- * the native/host order type */
+-uint8_t
+-ldns_rdf2native_int8(const ldns_rdf *rd)
+-{
+- uint8_t data;
+-
+- /* only allow 8 bit rdfs */
+- if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_BYTE) {
+- return 0;
+- }
+-
+- memcpy(&data, ldns_rdf_data(rd), sizeof(data));
+- return data;
+-}
+-
+-uint16_t
+-ldns_rdf2native_int16(const ldns_rdf *rd)
+-{
+- uint16_t data;
+-
+- /* only allow 16 bit rdfs */
+- if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_WORD) {
+- return 0;
+- }
+-
+- memcpy(&data, ldns_rdf_data(rd), sizeof(data));
+- return ntohs(data);
+-}
+-
+-uint32_t
+-ldns_rdf2native_int32(const ldns_rdf *rd)
+-{
+- uint32_t data;
+-
+- /* only allow 32 bit rdfs */
+- if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_DOUBLEWORD) {
+- return 0;
+- }
+-
+- memcpy(&data, ldns_rdf_data(rd), sizeof(data));
+- return ntohl(data);
+-}
+-
+-time_t
+-ldns_rdf2native_time_t(const ldns_rdf *rd)
+-{
+- uint32_t data;
+-
+- /* only allow 32 bit rdfs */
+- if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_DOUBLEWORD ||
+- ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_TIME) {
+- return 0;
+- }
+- memcpy(&data, ldns_rdf_data(rd), sizeof(data));
+- return (time_t)ntohl(data);
+-}
+-
+-ldns_rdf *
+-ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value)
+-{
+- return ldns_rdf_new_frm_data(type, LDNS_RDF_SIZE_BYTE, &value);
+-}
+-
+-ldns_rdf *
+-ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
+-{
+- uint16_t *rdf_data = LDNS_XMALLOC(uint16_t, 1);
+- ldns_rdf* rdf;
+- if (!rdf_data) {
+- return NULL;
+- }
+- ldns_write_uint16(rdf_data, value);
+- rdf = ldns_rdf_new(type, LDNS_RDF_SIZE_WORD, rdf_data);
+- if(!rdf)
+- LDNS_FREE(rdf_data);
+- return rdf;
+-}
+-
+-ldns_rdf *
+-ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value)
+-{
+- uint32_t *rdf_data = LDNS_XMALLOC(uint32_t, 1);
+- ldns_rdf* rdf;
+- if (!rdf_data) {
+- return NULL;
+- }
+- ldns_write_uint32(rdf_data, value);
+- rdf = ldns_rdf_new(type, LDNS_RDF_SIZE_DOUBLEWORD, rdf_data);
+- if(!rdf)
+- LDNS_FREE(rdf_data);
+- return rdf;
+-}
+-
+-ldns_rdf *
+-ldns_native2rdf_int16_data(size_t size, uint8_t *data)
+-{
+- uint8_t *rdf_data = LDNS_XMALLOC(uint8_t, size + 2);
+- ldns_rdf* rdf;
+- if (!rdf_data) {
+- return NULL;
+- }
+- ldns_write_uint16(rdf_data, size);
+- memcpy(rdf_data + 2, data, size);
+- rdf = ldns_rdf_new(LDNS_RDF_TYPE_INT16_DATA, size + 2, rdf_data);
+- if(!rdf)
+- LDNS_FREE(rdf_data);
+- return rdf;
+-}
+-
+-/* note: data must be allocated memory */
+-ldns_rdf *
+-ldns_rdf_new(ldns_rdf_type type, size_t size, void *data)
+-{
+- ldns_rdf *rd;
+- rd = LDNS_MALLOC(ldns_rdf);
+- if (!rd) {
+- return NULL;
+- }
+- ldns_rdf_set_size(rd, size);
+- ldns_rdf_set_type(rd, type);
+- ldns_rdf_set_data(rd, data);
+- return rd;
+-}
+-
+-ldns_rdf *
+-ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
+-{
+- ldns_rdf *rdf;
+-
+- /* if the size is too big, fail */
+- if (size > LDNS_MAX_RDFLEN) {
+- return NULL;
+- }
+-
+- /* allocate space */
+- rdf = LDNS_MALLOC(ldns_rdf);
+- if (!rdf) {
+- return NULL;
+- }
+- rdf->_data = LDNS_XMALLOC(uint8_t, size);
+- if (!rdf->_data) {
+- LDNS_FREE(rdf);
+- return NULL;
+- }
+-
+- /* set the values */
+- ldns_rdf_set_type(rdf, type);
+- ldns_rdf_set_size(rdf, size);
+- memcpy(rdf->_data, data, size);
+-
+- return rdf;
+-}
+-
+-ldns_rdf *
+-ldns_rdf_clone(const ldns_rdf *rd)
+-{
+- assert(rd != NULL);
+- return (ldns_rdf_new_frm_data( ldns_rdf_get_type(rd),
+- ldns_rdf_size(rd), ldns_rdf_data(rd)));
+-}
+-
+-void
+-ldns_rdf_deep_free(ldns_rdf *rd)
+-{
+- if (rd) {
+- if (rd->_data) {
+- LDNS_FREE(rd->_data);
+- }
+- LDNS_FREE(rd);
+- }
+-}
+-
+-void
+-ldns_rdf_free(ldns_rdf *rd)
+-{
+- if (rd) {
+- LDNS_FREE(rd);
+- }
+-}
+-
+-ldns_rdf *
+-ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str)
+-{
+- ldns_rdf *rdf = NULL;
+- ldns_status status;
+-
+- switch (type) {
+- case LDNS_RDF_TYPE_DNAME:
+- status = ldns_str2rdf_dname(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_INT8:
+- status = ldns_str2rdf_int8(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_INT16:
+- status = ldns_str2rdf_int16(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_INT32:
+- status = ldns_str2rdf_int32(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_A:
+- status = ldns_str2rdf_a(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_AAAA:
+- status = ldns_str2rdf_aaaa(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_STR:
+- status = ldns_str2rdf_str(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_APL:
+- status = ldns_str2rdf_apl(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_B64:
+- status = ldns_str2rdf_b64(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_B32_EXT:
+- status = ldns_str2rdf_b32_ext(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_HEX:
+- status = ldns_str2rdf_hex(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_NSEC:
+- status = ldns_str2rdf_nsec(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_TYPE:
+- status = ldns_str2rdf_type(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_CLASS:
+- status = ldns_str2rdf_class(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_CERT_ALG:
+- status = ldns_str2rdf_cert_alg(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_ALG:
+- status = ldns_str2rdf_alg(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_UNKNOWN:
+- status = ldns_str2rdf_unknown(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_TIME:
+- status = ldns_str2rdf_time(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_PERIOD:
+- status = ldns_str2rdf_period(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_HIP:
+- status = ldns_str2rdf_hip(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_SERVICE:
+- status = ldns_str2rdf_service(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_LOC:
+- status = ldns_str2rdf_loc(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_WKS:
+- status = ldns_str2rdf_wks(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_NSAP:
+- status = ldns_str2rdf_nsap(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_ATMA:
+- status = ldns_str2rdf_atma(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_IPSECKEY:
+- status = ldns_str2rdf_ipseckey(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_NSEC3_SALT:
+- status = ldns_str2rdf_nsec3_salt(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER:
+- status = ldns_str2rdf_b32_ext(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_ILNP64:
+- status = ldns_str2rdf_ilnp64(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_EUI48:
+- status = ldns_str2rdf_eui48(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_EUI64:
+- status = ldns_str2rdf_eui64(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_TAG:
+- status = ldns_str2rdf_tag(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_LONG_STR:
+- status = ldns_str2rdf_long_str(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_CERTIFICATE_USAGE:
+- status = ldns_str2rdf_certificate_usage(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_SELECTOR:
+- status = ldns_str2rdf_selector(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_MATCHING_TYPE:
+- status = ldns_str2rdf_matching_type(&rdf, str);
+- break;
+- case LDNS_RDF_TYPE_NONE:
+- default:
+- /* default default ??? */
+- status = LDNS_STATUS_ERR;
+- break;
+- }
+- if (LDNS_STATUS_OK == status) {
+- ldns_rdf_set_type(rdf, type);
+- return rdf;
+- }
+- if (rdf) {
+- LDNS_FREE(rdf);
+- }
+- return NULL;
+-}
+-
+-ldns_status
+-ldns_rdf_new_frm_fp(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp)
+-{
+- return ldns_rdf_new_frm_fp_l(rdf, type, fp, NULL);
+-}
+-
+-ldns_status
+-ldns_rdf_new_frm_fp_l(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp, int *line_nr)
+-{
+- char *line;
+- ldns_rdf *r;
+- ssize_t t;
+-
+- line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
+- if (!line) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- /* read an entire line in from the file */
+- if ((t = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, 0, line_nr)) == -1 || t == 0) {
+- LDNS_FREE(line);
+- return LDNS_STATUS_SYNTAX_RDATA_ERR;
+- }
+- r = ldns_rdf_new_frm_str(type, (const char*) line);
+- LDNS_FREE(line);
+- if (rdf) {
+- *rdf = r;
+- return LDNS_STATUS_OK;
+- } else {
+- return LDNS_STATUS_NULL;
+- }
+-}
+-
+-ldns_rdf *
+-ldns_rdf_address_reverse(ldns_rdf *rd)
+-{
+- uint8_t buf_4[LDNS_IP4ADDRLEN];
+- uint8_t buf_6[LDNS_IP6ADDRLEN * 2];
+- ldns_rdf *rev;
+- ldns_rdf *in_addr;
+- ldns_rdf *ret_dname;
+- uint8_t octet;
+- uint8_t nnibble;
+- uint8_t nibble;
+- uint8_t i, j;
+-
+- char *char_dname;
+- int nbit;
+-
+- if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_A &&
+- ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_AAAA) {
+- return NULL;
+- }
+-
+- in_addr = NULL;
+- ret_dname = NULL;
+-
+- switch(ldns_rdf_get_type(rd)) {
+- case LDNS_RDF_TYPE_A:
+- /* the length of the buffer is 4 */
+- buf_4[3] = ldns_rdf_data(rd)[0];
+- buf_4[2] = ldns_rdf_data(rd)[1];
+- buf_4[1] = ldns_rdf_data(rd)[2];
+- buf_4[0] = ldns_rdf_data(rd)[3];
+- in_addr = ldns_dname_new_frm_str("in-addr.arpa.");
+- if (!in_addr) {
+- return NULL;
+- }
+- /* make a new rdf and convert that back */
+- rev = ldns_rdf_new_frm_data( LDNS_RDF_TYPE_A,
+- LDNS_IP4ADDRLEN, (void*)&buf_4);
+- if (!rev) {
+- LDNS_FREE(in_addr);
+- return NULL;
+- }
+-
+- /* convert rev to a string */
+- char_dname = ldns_rdf2str(rev);
+- if (!char_dname) {
+- LDNS_FREE(in_addr);
+- ldns_rdf_deep_free(rev);
+- return NULL;
+- }
+- /* transform back to rdf with type dname */
+- ret_dname = ldns_dname_new_frm_str(char_dname);
+- if (!ret_dname) {
+- LDNS_FREE(in_addr);
+- ldns_rdf_deep_free(rev);
+- LDNS_FREE(char_dname);
+- return NULL;
+- }
+- /* not needed anymore */
+- ldns_rdf_deep_free(rev);
+- LDNS_FREE(char_dname);
+- break;
+- case LDNS_RDF_TYPE_AAAA:
+- /* some foo magic to reverse the nibbles ... */
+-
+- for (nbit = 127; nbit >= 0; nbit = nbit - 4) {
+- /* calculate octett (8 bit) */
+- octet = ( ((unsigned int) nbit) & 0x78) >> 3;
+- /* calculate nibble */
+- nnibble = ( ((unsigned int) nbit) & 0x04) >> 2;
+- /* extract nibble */
+- nibble = (ldns_rdf_data(rd)[octet] & ( 0xf << (4 * (1 -
+- nnibble)) ) ) >> ( 4 * (1 -
+- nnibble));
+-
+- buf_6[(LDNS_IP6ADDRLEN * 2 - 1) -
+- (octet * 2 + nnibble)] =
+- (uint8_t)ldns_int_to_hexdigit((int)nibble);
+- }
+-
+- char_dname = LDNS_XMALLOC(char, (LDNS_IP6ADDRLEN * 4));
+- if (!char_dname) {
+- return NULL;
+- }
+- char_dname[LDNS_IP6ADDRLEN * 4 - 1] = '\0'; /* closure */
+-
+- /* walk the string and add . 's */
+- for (i = 0, j = 0; i < LDNS_IP6ADDRLEN * 2; i++, j = j + 2) {
+- char_dname[j] = (char)buf_6[i];
+- if (i != LDNS_IP6ADDRLEN * 2 - 1) {
+- char_dname[j + 1] = '.';
+- }
+- }
+- in_addr = ldns_dname_new_frm_str("ip6.arpa.");
+- if (!in_addr) {
+- LDNS_FREE(char_dname);
+- return NULL;
+- }
+-
+- /* convert rev to a string */
+- ret_dname = ldns_dname_new_frm_str(char_dname);
+- LDNS_FREE(char_dname);
+- if (!ret_dname) {
+- ldns_rdf_deep_free(in_addr);
+- return NULL;
+- }
+- break;
+- default:
+- break;
+- }
+- /* add the suffix */
+- rev = ldns_dname_cat_clone(ret_dname, in_addr);
+-
+- ldns_rdf_deep_free(ret_dname);
+- ldns_rdf_deep_free(in_addr);
+- return rev;
+-}
+-
+-ldns_status
+-ldns_rdf_hip_get_alg_hit_pk(ldns_rdf *rdf, uint8_t* alg,
+- uint8_t *hit_size, uint8_t** hit,
+- uint16_t *pk_size, uint8_t** pk)
+-{
+- uint8_t *data;
+- size_t rdf_size;
+-
+- if (! rdf || ! alg || ! hit || ! hit_size || ! pk || ! pk_size) {
+- return LDNS_STATUS_INVALID_POINTER;
+- } else if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_HIP) {
+- return LDNS_STATUS_INVALID_RDF_TYPE;
+- } else if ((rdf_size = ldns_rdf_size(rdf)) < 6) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- data = ldns_rdf_data(rdf);
+- *hit_size = data[0];
+- *alg = data[1];
+- *pk_size = ldns_read_uint16(data + 2);
+- *hit = data + 4;
+- *pk = data + 4 + *hit_size;
+- if (*hit_size == 0 || *pk_size == 0 ||
+- rdf_size < (size_t) *hit_size + *pk_size + 4) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_rdf_hip_new_frm_alg_hit_pk(ldns_rdf** rdf, uint8_t alg,
+- uint8_t hit_size, uint8_t *hit,
+- uint16_t pk_size, uint8_t *pk)
+-{
+- uint8_t *data;
+-
+- if (! rdf) {
+- return LDNS_STATUS_INVALID_POINTER;
+- }
+- if (4 + hit_size + pk_size > LDNS_MAX_RDFLEN) {
+- return LDNS_STATUS_RDATA_OVERFLOW;
+- }
+- data = LDNS_XMALLOC(uint8_t, 4 + hit_size + pk_size);
+- if (data == NULL) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- data[0] = hit_size;
+- data[1] = alg;
+- ldns_write_uint16(data + 2, pk_size);
+- memcpy(data + 4, hit, hit_size);
+- memcpy(data + 4 + hit_size, pk, pk_size);
+- *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HIP, 4 + hit_size + pk_size, data);
+- if (! *rdf) {
+- LDNS_FREE(data);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_octet(char *word, size_t *length)
+-{
+- char *s;
+- char *p;
+- *length = 0;
+-
+- for (s = p = word; *s != '\0'; s++,p++) {
+- switch (*s) {
+- case '.':
+- if (s[1] == '.') {
+- return LDNS_STATUS_EMPTY_LABEL;
+- }
+- *p = *s;
+- (*length)++;
+- break;
+- case '\\':
+- if ('0' <= s[1] && s[1] <= '9' &&
+- '0' <= s[2] && s[2] <= '9' &&
+- '0' <= s[3] && s[3] <= '9') {
+- /* \DDD seen */
+- int val = ((s[1] - '0') * 100 +
+- (s[2] - '0') * 10 + (s[3] - '0'));
+-
+- if (0 <= val && val <= 255) {
+- /* this also handles \0 */
+- s += 3;
+- *p = val;
+- (*length)++;
+- } else {
+- return LDNS_STATUS_DDD_OVERFLOW;
+- }
+- } else {
+- /* an espaced character, like \<space> ?
+- * remove the '\' keep the rest */
+- *p = *++s;
+- (*length)++;
+- }
+- break;
+- case '\"':
+- /* non quoted " Is either first or the last character in
+- * the string */
+-
+- *p = *++s; /* skip it */
+- (*length)++;
+- /* I'm not sure if this is needed in libdns... MG */
+- if ( *s == '\0' ) {
+- /* ok, it was the last one */
+- *p = '\0';
+- return LDNS_STATUS_OK;
+- }
+- break;
+- default:
+- *p = *s;
+- (*length)++;
+- break;
+- }
+- }
+- *p = '\0';
+- return LDNS_STATUS_OK;
+-}
+-
+-int
+-ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2)
+-{
+- uint16_t i1, i2, i;
+- uint8_t *d1, *d2;
+-
+- /* only when both are not NULL we can say anything about them */
+- if (!rd1 && !rd2) {
+- return 0;
+- }
+- if (!rd1 || !rd2) {
+- return -1;
+- }
+- i1 = ldns_rdf_size(rd1);
+- i2 = ldns_rdf_size(rd2);
+-
+- if (i1 < i2) {
+- return -1;
+- } else if (i1 > i2) {
+- return +1;
+- } else {
+- d1 = (uint8_t*)ldns_rdf_data(rd1);
+- d2 = (uint8_t*)ldns_rdf_data(rd2);
+- for(i = 0; i < i1; i++) {
+- if (d1[i] < d2[i]) {
+- return -1;
+- } else if (d1[i] > d2[i]) {
+- return +1;
+- }
+- }
+- }
+- return 0;
+-}
+-
+-uint32_t
+-ldns_str2period(const char *nptr, const char **endptr)
+-{
+- int sign = 0;
+- uint32_t i = 0;
+- uint32_t seconds = 0;
+-
+- for(*endptr = nptr; **endptr; (*endptr)++) {
+- switch (**endptr) {
+- case ' ':
+- case '\t':
+- break;
+- case '-':
+- if(sign == 0) {
+- sign = -1;
+- } else {
+- return seconds;
+- }
+- break;
+- case '+':
+- if(sign == 0) {
+- sign = 1;
+- } else {
+- return seconds;
+- }
+- break;
+- case 's':
+- case 'S':
+- seconds += i;
+- i = 0;
+- break;
+- case 'm':
+- case 'M':
+- seconds += i * 60;
+- i = 0;
+- break;
+- case 'h':
+- case 'H':
+- seconds += i * 60 * 60;
+- i = 0;
+- break;
+- case 'd':
+- case 'D':
+- seconds += i * 60 * 60 * 24;
+- i = 0;
+- break;
+- case 'w':
+- case 'W':
+- seconds += i * 60 * 60 * 24 * 7;
+- i = 0;
+- break;
+- case '0':
+- case '1':
+- case '2':
+- case '3':
+- case '4':
+- case '5':
+- case '6':
+- case '7':
+- case '8':
+- case '9':
+- i *= 10;
+- i += (**endptr - '0');
+- break;
+- default:
+- seconds += i;
+- /* disregard signedness */
+- return seconds;
+- }
+- }
+- seconds += i;
+- /* disregard signedness */
+- return seconds;
+-}
+diff --git a/src/ldns/resolver.c b/src/ldns/resolver.c
+deleted file mode 100644
+index b092404..0000000
+--- a/src/ldns/resolver.c
++++ /dev/null
+@@ -1,1603 +0,0 @@
+-/*
+- * resolver.c
+- *
+- * resolver implementation
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-#include <strings.h>
+-
+-/* Access function for reading
+- * and setting the different Resolver
+- * options */
+-
+-/* read */
+-uint16_t
+-ldns_resolver_port(const ldns_resolver *r)
+-{
+- return r->_port;
+-}
+-
+-ldns_rdf *
+-ldns_resolver_source(const ldns_resolver *r)
+-{
+- return r->_source;
+-}
+-
+-uint16_t
+-ldns_resolver_edns_udp_size(const ldns_resolver *r)
+-{
+- return r->_edns_udp_size;
+-}
+-
+-uint8_t
+-ldns_resolver_retry(const ldns_resolver *r)
+-{
+- return r->_retry;
+-}
+-
+-uint8_t
+-ldns_resolver_retrans(const ldns_resolver *r)
+-{
+- return r->_retrans;
+-}
+-
+-bool
+-ldns_resolver_fallback(const ldns_resolver *r)
+-{
+- return r->_fallback;
+-}
+-
+-uint8_t
+-ldns_resolver_ip6(const ldns_resolver *r)
+-{
+- return r->_ip6;
+-}
+-
+-bool
+-ldns_resolver_recursive(const ldns_resolver *r)
+-{
+- return r->_recursive;
+-}
+-
+-bool
+-ldns_resolver_debug(const ldns_resolver *r)
+-{
+- return r->_debug;
+-}
+-
+-bool
+-ldns_resolver_dnsrch(const ldns_resolver *r)
+-{
+- return r->_dnsrch;
+-}
+-
+-bool
+-ldns_resolver_fail(const ldns_resolver *r)
+-{
+- return r->_fail;
+-}
+-
+-bool
+-ldns_resolver_defnames(const ldns_resolver *r)
+-{
+- return r->_defnames;
+-}
+-
+-ldns_rdf *
+-ldns_resolver_domain(const ldns_resolver *r)
+-{
+- return r->_domain;
+-}
+-
+-ldns_rdf **
+-ldns_resolver_searchlist(const ldns_resolver *r)
+-{
+- return r->_searchlist;
+-}
+-
+-ldns_rdf **
+-ldns_resolver_nameservers(const ldns_resolver *r)
+-{
+- return r->_nameservers;
+-}
+-
+-size_t
+-ldns_resolver_nameserver_count(const ldns_resolver *r)
+-{
+- return r->_nameserver_count;
+-}
+-
+-bool
+-ldns_resolver_dnssec(const ldns_resolver *r)
+-{
+- return r->_dnssec;
+-}
+-
+-bool
+-ldns_resolver_dnssec_cd(const ldns_resolver *r)
+-{
+- return r->_dnssec_cd;
+-}
+-
+-ldns_rr_list *
+-ldns_resolver_dnssec_anchors(const ldns_resolver *r)
+-{
+- return r->_dnssec_anchors;
+-}
+-
+-bool
+-ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys)
+-{
+- size_t i;
+- bool result = false;
+-
+- ldns_rr_list * trust_anchors;
+- ldns_rr * cur_rr;
+-
+- if (!r || !keys) { return false; }
+-
+- trust_anchors = ldns_resolver_dnssec_anchors(r);
+-
+- if (!trust_anchors) { return false; }
+-
+- for (i = 0; i < ldns_rr_list_rr_count(keys); i++) {
+-
+- cur_rr = ldns_rr_list_rr(keys, i);
+- if (ldns_rr_list_contains_rr(trust_anchors, cur_rr)) {
+- if (trusted_keys) { ldns_rr_list_push_rr(trusted_keys, cur_rr); }
+- result = true;
+- }
+- }
+-
+- return result;
+-}
+-
+-bool
+-ldns_resolver_igntc(const ldns_resolver *r)
+-{
+- return r->_igntc;
+-}
+-
+-bool
+-ldns_resolver_usevc(const ldns_resolver *r)
+-{
+- return r->_usevc;
+-}
+-
+-size_t *
+-ldns_resolver_rtt(const ldns_resolver *r)
+-{
+- return r->_rtt;
+-}
+-
+-size_t
+-ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos)
+-{
+- size_t *rtt;
+-
+- assert(r != NULL);
+-
+- rtt = ldns_resolver_rtt(r);
+-
+- if (pos >= ldns_resolver_nameserver_count(r)) {
+- /* error ?*/
+- return 0;
+- } else {
+- return rtt[pos];
+- }
+-
+-}
+-
+-struct timeval
+-ldns_resolver_timeout(const ldns_resolver *r)
+-{
+- return r->_timeout;
+-}
+-
+-char *
+-ldns_resolver_tsig_keyname(const ldns_resolver *r)
+-{
+- return r->_tsig_keyname;
+-}
+-
+-char *
+-ldns_resolver_tsig_algorithm(const ldns_resolver *r)
+-{
+- return r->_tsig_algorithm;
+-}
+-
+-char *
+-ldns_resolver_tsig_keydata(const ldns_resolver *r)
+-{
+- return r->_tsig_keydata;
+-}
+-
+-bool
+-ldns_resolver_random(const ldns_resolver *r)
+-{
+- return r->_random;
+-}
+-
+-size_t
+-ldns_resolver_searchlist_count(const ldns_resolver *r)
+-{
+- return r->_searchlist_count;
+-}
+-
+-/* write */
+-void
+-ldns_resolver_set_port(ldns_resolver *r, uint16_t p)
+-{
+- r->_port = p;
+-}
+-
+-void
+-ldns_resolver_set_source(ldns_resolver *r, ldns_rdf *s)
+-{
+- r->_source = s;
+-}
+-
+-ldns_rdf *
+-ldns_resolver_pop_nameserver(ldns_resolver *r)
+-{
+- ldns_rdf **nameservers;
+- ldns_rdf *pop;
+- size_t ns_count;
+- size_t *rtt;
+-
+- assert(r != NULL);
+-
+- ns_count = ldns_resolver_nameserver_count(r);
+- nameservers = ldns_resolver_nameservers(r);
+- rtt = ldns_resolver_rtt(r);
+- if (ns_count == 0 || !nameservers) {
+- return NULL;
+- }
+-
+- pop = nameservers[ns_count - 1];
+-
+- if (ns_count == 1) {
+- LDNS_FREE(nameservers);
+- LDNS_FREE(rtt);
+-
+- ldns_resolver_set_nameservers(r, NULL);
+- ldns_resolver_set_rtt(r, NULL);
+- } else {
+- nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *,
+- (ns_count - 1));
+- rtt = LDNS_XREALLOC(rtt, size_t, (ns_count - 1));
+-
+- ldns_resolver_set_nameservers(r, nameservers);
+- ldns_resolver_set_rtt(r, rtt);
+- }
+- /* decr the count */
+- ldns_resolver_dec_nameserver_count(r);
+- return pop;
+-}
+-
+-ldns_status
+-ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n)
+-{
+- ldns_rdf **nameservers;
+- size_t ns_count;
+- size_t *rtt;
+-
+- if (ldns_rdf_get_type(n) != LDNS_RDF_TYPE_A &&
+- ldns_rdf_get_type(n) != LDNS_RDF_TYPE_AAAA) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- ns_count = ldns_resolver_nameserver_count(r);
+- nameservers = ldns_resolver_nameservers(r);
+- rtt = ldns_resolver_rtt(r);
+-
+- /* make room for the next one */
+- if (ns_count == 0) {
+- nameservers = LDNS_XMALLOC(ldns_rdf *, 1);
+- } else {
+- nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count + 1));
+- }
+- if(!nameservers)
+- return LDNS_STATUS_MEM_ERR;
+-
+- /* set the new value in the resolver */
+- ldns_resolver_set_nameservers(r, nameservers);
+-
+- /* don't forget the rtt */
+- if (ns_count == 0) {
+- rtt = LDNS_XMALLOC(size_t, 1);
+- } else {
+- rtt = LDNS_XREALLOC(rtt, size_t, (ns_count + 1));
+- }
+- if(!rtt)
+- return LDNS_STATUS_MEM_ERR;
+-
+- /* slide n in its slot. */
+- /* we clone it here, because then we can free the original
+- * rr's where it stood */
+- nameservers[ns_count] = ldns_rdf_clone(n);
+- rtt[ns_count] = LDNS_RESOLV_RTT_MIN;
+- ldns_resolver_incr_nameserver_count(r);
+- ldns_resolver_set_rtt(r, rtt);
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr)
+-{
+- ldns_rdf *address;
+- if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_A &&
+- ldns_rr_get_type(rr) != LDNS_RR_TYPE_AAAA)) {
+- return LDNS_STATUS_ERR;
+- }
+- address = ldns_rr_rdf(rr, 0); /* extract the ip number */
+- if (address) {
+- return ldns_resolver_push_nameserver(r, address);
+- } else {
+- return LDNS_STATUS_ERR;
+- }
+-}
+-
+-ldns_status
+-ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist)
+-{
+- ldns_rr *rr;
+- ldns_status stat;
+- size_t i;
+-
+- stat = LDNS_STATUS_OK;
+- if (rrlist) {
+- for(i = 0; i < ldns_rr_list_rr_count(rrlist); i++) {
+- rr = ldns_rr_list_rr(rrlist, i);
+- if (ldns_resolver_push_nameserver_rr(r, rr) != LDNS_STATUS_OK) {
+- stat = LDNS_STATUS_ERR;
+- break;
+- }
+- }
+- return stat;
+- } else {
+- return LDNS_STATUS_ERR;
+- }
+-}
+-
+-void
+-ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s)
+-{
+- r->_edns_udp_size = s;
+-}
+-
+-void
+-ldns_resolver_set_recursive(ldns_resolver *r, bool re)
+-{
+- r->_recursive = re;
+-}
+-
+-void
+-ldns_resolver_set_dnssec(ldns_resolver *r, bool d)
+-{
+- r->_dnssec = d;
+-}
+-
+-void
+-ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool d)
+-{
+- r->_dnssec_cd = d;
+-}
+-
+-void
+-ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l)
+-{
+- r->_dnssec_anchors = l;
+-}
+-
+-ldns_status
+-ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr)
+-{
+- ldns_rr_list * trust_anchors;
+-
+- if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY &&
+- ldns_rr_get_type(rr) != LDNS_RR_TYPE_DS)) {
+-
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (!(trust_anchors = ldns_resolver_dnssec_anchors(r))) { /* Initialize */
+- trust_anchors = ldns_rr_list_new();
+- ldns_resolver_set_dnssec_anchors(r, trust_anchors);
+- }
+-
+- return (ldns_rr_list_push_rr(trust_anchors, ldns_rr_clone(rr))) ? LDNS_STATUS_OK : LDNS_STATUS_ERR;
+-}
+-
+-void
+-ldns_resolver_set_igntc(ldns_resolver *r, bool i)
+-{
+- r->_igntc = i;
+-}
+-
+-void
+-ldns_resolver_set_usevc(ldns_resolver *r, bool vc)
+-{
+- r->_usevc = vc;
+-}
+-
+-void
+-ldns_resolver_set_debug(ldns_resolver *r, bool d)
+-{
+- r->_debug = d;
+-}
+-
+-void
+-ldns_resolver_set_ip6(ldns_resolver *r, uint8_t ip6)
+-{
+- r->_ip6 = ip6;
+-}
+-
+-void
+-ldns_resolver_set_fail(ldns_resolver *r, bool f)
+-{
+- r->_fail =f;
+-}
+-
+-static void
+-ldns_resolver_set_searchlist_count(ldns_resolver *r, size_t c)
+-{
+- r->_searchlist_count = c;
+-}
+-
+-void
+-ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c)
+-{
+- r->_nameserver_count = c;
+-}
+-
+-void
+-ldns_resolver_set_dnsrch(ldns_resolver *r, bool d)
+-{
+- r->_dnsrch = d;
+-}
+-
+-void
+-ldns_resolver_set_retry(ldns_resolver *r, uint8_t retry)
+-{
+- r->_retry = retry;
+-}
+-
+-void
+-ldns_resolver_set_retrans(ldns_resolver *r, uint8_t retrans)
+-{
+- r->_retrans = retrans;
+-}
+-
+-void
+-ldns_resolver_set_fallback(ldns_resolver *r, bool fallback)
+-{
+- r->_fallback = fallback;
+-}
+-
+-void
+-ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **n)
+-{
+- r->_nameservers = n;
+-}
+-
+-void
+-ldns_resolver_set_defnames(ldns_resolver *r, bool d)
+-{
+- r->_defnames = d;
+-}
+-
+-void
+-ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt)
+-{
+- r->_rtt = rtt;
+-}
+-
+-void
+-ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value)
+-{
+- size_t *rtt;
+-
+- assert(r != NULL);
+-
+- rtt = ldns_resolver_rtt(r);
+-
+- if (pos >= ldns_resolver_nameserver_count(r)) {
+- /* error ?*/
+- } else {
+- rtt[pos] = value;
+- }
+-
+-}
+-
+-void
+-ldns_resolver_incr_nameserver_count(ldns_resolver *r)
+-{
+- size_t c;
+-
+- c = ldns_resolver_nameserver_count(r);
+- ldns_resolver_set_nameserver_count(r, ++c);
+-}
+-
+-void
+-ldns_resolver_dec_nameserver_count(ldns_resolver *r)
+-{
+- size_t c;
+-
+- c = ldns_resolver_nameserver_count(r);
+- if (c == 0) {
+- return;
+- } else {
+- ldns_resolver_set_nameserver_count(r, --c);
+- }
+-}
+-
+-void
+-ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *d)
+-{
+- r->_domain = d;
+-}
+-
+-void
+-ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout)
+-{
+- r->_timeout.tv_sec = timeout.tv_sec;
+- r->_timeout.tv_usec = timeout.tv_usec;
+-}
+-
+-void
+-ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *d)
+-{
+- ldns_rdf **searchlist;
+- size_t list_count;
+-
+- if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) {
+- return;
+- }
+-
+- list_count = ldns_resolver_searchlist_count(r);
+- searchlist = ldns_resolver_searchlist(r);
+-
+- searchlist = LDNS_XREALLOC(searchlist, ldns_rdf *, (list_count + 1));
+- if (searchlist) {
+- r->_searchlist = searchlist;
+-
+- searchlist[list_count] = ldns_rdf_clone(d);
+- ldns_resolver_set_searchlist_count(r, list_count + 1);
+- } /* no way to report mem err */
+-}
+-
+-void
+-ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname)
+-{
+- LDNS_FREE(r->_tsig_keyname);
+- r->_tsig_keyname = strdup(tsig_keyname);
+-}
+-
+-void
+-ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm)
+-{
+- LDNS_FREE(r->_tsig_algorithm);
+- r->_tsig_algorithm = strdup(tsig_algorithm);
+-}
+-
+-void
+-ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata)
+-{
+- LDNS_FREE(r->_tsig_keydata);
+- r->_tsig_keydata = strdup(tsig_keydata);
+-}
+-
+-void
+-ldns_resolver_set_random(ldns_resolver *r, bool b)
+-{
+- r->_random = b;
+-}
+-
+-/* more sophisticated functions */
+-ldns_resolver *
+-ldns_resolver_new(void)
+-{
+- ldns_resolver *r;
+-
+- r = LDNS_MALLOC(ldns_resolver);
+- if (!r) {
+- return NULL;
+- }
+-
+- r->_searchlist = NULL;
+- r->_nameservers = NULL;
+- r->_rtt = NULL;
+-
+- /* defaults are filled out */
+- ldns_resolver_set_searchlist_count(r, 0);
+- ldns_resolver_set_nameserver_count(r, 0);
+- ldns_resolver_set_usevc(r, 0);
+- ldns_resolver_set_port(r, LDNS_PORT);
+- ldns_resolver_set_domain(r, NULL);
+- ldns_resolver_set_defnames(r, false);
+- ldns_resolver_set_retry(r, 3);
+- ldns_resolver_set_retrans(r, 2);
+- ldns_resolver_set_fallback(r, true);
+- ldns_resolver_set_fail(r, false);
+- ldns_resolver_set_edns_udp_size(r, 0);
+- ldns_resolver_set_dnssec(r, false);
+- ldns_resolver_set_dnssec_cd(r, false);
+- ldns_resolver_set_dnssec_anchors(r, NULL);
+- ldns_resolver_set_ip6(r, LDNS_RESOLV_INETANY);
+- ldns_resolver_set_igntc(r, false);
+- ldns_resolver_set_recursive(r, false);
+- ldns_resolver_set_dnsrch(r, true);
+- ldns_resolver_set_source(r, NULL);
+- ldns_resolver_set_ixfr_serial(r, 0);
+-
+- /* randomize the nameserver to be queried
+- * when there are multiple
+- */
+- ldns_resolver_set_random(r, true);
+-
+- ldns_resolver_set_debug(r, 0);
+-
+- r->_timeout.tv_sec = LDNS_DEFAULT_TIMEOUT_SEC;
+- r->_timeout.tv_usec = LDNS_DEFAULT_TIMEOUT_USEC;
+-
+- /* TODO: fd=0 is actually a valid socket (stdin),
+- replace with -1 */
+- r->_socket = 0;
+- r->_axfr_soa_count = 0;
+- r->_axfr_i = 0;
+- r->_cur_axfr_pkt = NULL;
+-
+- r->_tsig_keyname = NULL;
+- r->_tsig_keydata = NULL;
+- r->_tsig_algorithm = NULL;
+- return r;
+-}
+-
+-ldns_resolver *
+-ldns_resolver_clone(ldns_resolver *src)
+-{
+- ldns_resolver *dst;
+- size_t i;
+-
+- assert(src != NULL);
+-
+- if (!(dst = LDNS_MALLOC(ldns_resolver))) return NULL;
+- (void) memcpy(dst, src, sizeof(ldns_resolver));
+-
+- if (dst->_searchlist_count == 0)
+- dst->_searchlist = NULL;
+- else {
+- if (!(dst->_searchlist =
+- LDNS_XMALLOC(ldns_rdf *, dst->_searchlist_count)))
+- goto error;
+- for (i = 0; i < dst->_searchlist_count; i++)
+- if (!(dst->_searchlist[i] =
+- ldns_rdf_clone(src->_searchlist[i]))) {
+- dst->_searchlist_count = i;
+- goto error_searchlist;
+- }
+- }
+- if (dst->_nameserver_count == 0) {
+- dst->_nameservers = NULL;
+- dst->_rtt = NULL;
+- } else {
+- if (!(dst->_nameservers =
+- LDNS_XMALLOC(ldns_rdf *, dst->_nameserver_count)))
+- goto error_searchlist;
+- for (i = 0; i < dst->_nameserver_count; i++)
+- if (!(dst->_nameservers[i] =
+- ldns_rdf_clone(src->_nameservers[i]))) {
+- dst->_nameserver_count = i;
+- goto error_nameservers;
+- }
+- if (!(dst->_rtt =
+- LDNS_XMALLOC(size_t, dst->_nameserver_count)))
+- goto error_nameservers;
+- (void) memcpy(dst->_rtt, src->_rtt,
+- sizeof(size_t) * dst->_nameserver_count);
+- }
+- if (dst->_domain && (!(dst->_domain = ldns_rdf_clone(src->_domain))))
+- goto error_rtt;
+-
+- if (dst->_tsig_keyname &&
+- (!(dst->_tsig_keyname = strdup(src->_tsig_keyname))))
+- goto error_domain;
+-
+- if (dst->_tsig_keydata &&
+- (!(dst->_tsig_keydata = strdup(src->_tsig_keydata))))
+- goto error_tsig_keyname;
+-
+- if (dst->_tsig_algorithm &&
+- (!(dst->_tsig_algorithm = strdup(src->_tsig_algorithm))))
+- goto error_tsig_keydata;
+-
+- if (dst->_cur_axfr_pkt &&
+- (!(dst->_cur_axfr_pkt = ldns_pkt_clone(src->_cur_axfr_pkt))))
+- goto error_tsig_algorithm;
+-
+- if (dst->_dnssec_anchors &&
+- (!(dst->_dnssec_anchors=ldns_rr_list_clone(src->_dnssec_anchors))))
+- goto error_cur_axfr_pkt;
+-
+- return dst;
+-
+-error_cur_axfr_pkt:
+- ldns_pkt_free(dst->_cur_axfr_pkt);
+-error_tsig_algorithm:
+- LDNS_FREE(dst->_tsig_algorithm);
+-error_tsig_keydata:
+- LDNS_FREE(dst->_tsig_keydata);
+-error_tsig_keyname:
+- LDNS_FREE(dst->_tsig_keyname);
+-error_domain:
+- ldns_rdf_deep_free(dst->_domain);
+-error_rtt:
+- LDNS_FREE(dst->_rtt);
+-error_nameservers:
+- for (i = 0; i < dst->_nameserver_count; i++)
+- ldns_rdf_deep_free(dst->_nameservers[i]);
+- LDNS_FREE(dst->_nameservers);
+-error_searchlist:
+- for (i = 0; i < dst->_searchlist_count; i++)
+- ldns_rdf_deep_free(dst->_searchlist[i]);
+- LDNS_FREE(dst->_searchlist);
+-error:
+- LDNS_FREE(dst);
+- return NULL;
+-}
+-
+-
+-ldns_status
+-ldns_resolver_new_frm_fp(ldns_resolver **res, FILE *fp)
+-{
+- return ldns_resolver_new_frm_fp_l(res, fp, NULL);
+-}
+-
+-ldns_status
+-ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
+-{
+- ldns_resolver *r;
+- const char *keyword[LDNS_RESOLV_KEYWORDS];
+- char word[LDNS_MAX_LINELEN + 1];
+- int8_t expect;
+- uint8_t i;
+- ldns_rdf *tmp;
+-#ifdef HAVE_SSL
+- ldns_rr *tmp_rr;
+-#endif
+- ssize_t gtr, bgtr;
+- ldns_buffer *b;
+- int lnr = 0, oldline;
+- FILE* myfp = fp;
+- if(!line_nr) line_nr = &lnr;
+-
+- if(!fp) {
+- myfp = fopen("/etc/resolv.conf", "r");
+- if(!myfp)
+- return LDNS_STATUS_FILE_ERR;
+- }
+-
+- /* do this better
+- * expect =
+- * 0: keyword
+- * 1: default domain dname
+- * 2: NS aaaa or a record
+- */
+-
+- /* recognized keywords */
+- keyword[LDNS_RESOLV_NAMESERVER] = "nameserver";
+- keyword[LDNS_RESOLV_DEFDOMAIN] = "domain";
+- keyword[LDNS_RESOLV_SEARCH] = "search";
+- /* these two are read but not used atm TODO */
+- keyword[LDNS_RESOLV_SORTLIST] = "sortlist";
+- keyword[LDNS_RESOLV_OPTIONS] = "options";
+- keyword[LDNS_RESOLV_ANCHOR] = "anchor";
+- expect = LDNS_RESOLV_KEYWORD;
+-
+- r = ldns_resolver_new();
+- if (!r) {
+- if(!fp) fclose(myfp);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- gtr = 1;
+- word[0] = 0;
+- oldline = *line_nr;
+- expect = LDNS_RESOLV_KEYWORD;
+- while (gtr > 0) {
+- /* check comments */
+- if (word[0] == '#') {
+- word[0]='x';
+- if(oldline == *line_nr) {
+- /* skip until end of line */
+- int c;
+- do {
+- c = fgetc(myfp);
+- } while(c != EOF && c != '\n');
+- if(c=='\n') (*line_nr)++;
+- }
+- /* and read next to prepare for further parsing */
+- oldline = *line_nr;
+- continue;
+- }
+- oldline = *line_nr;
+- switch(expect) {
+- case LDNS_RESOLV_KEYWORD:
+- /* keyword */
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
+- if (gtr != 0) {
+- if(word[0] == '#') continue;
+- for(i = 0; i < LDNS_RESOLV_KEYWORDS; i++) {
+- if (strcasecmp(keyword[i], word) == 0) {
+- /* chosen the keyword and
+- * expect values carefully
+- */
+- expect = i;
+- break;
+- }
+- }
+- /* no keyword recognized */
+- if (expect == LDNS_RESOLV_KEYWORD) {
+- /* skip line */
+- /*
+- ldns_resolver_deep_free(r);
+- if(!fp) fclose(myfp);
+- return LDNS_STATUS_SYNTAX_KEYWORD_ERR;
+- */
+- }
+- }
+- break;
+- case LDNS_RESOLV_DEFDOMAIN:
+- /* default domain dname */
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
+- if (gtr == 0) {
+- if(!fp) fclose(myfp);
+- return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
+- }
+- if(word[0] == '#') {
+- expect = LDNS_RESOLV_KEYWORD;
+- continue;
+- }
+- tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word);
+- if (!tmp) {
+- ldns_resolver_deep_free(r);
+- if(!fp) fclose(myfp);
+- return LDNS_STATUS_SYNTAX_DNAME_ERR;
+- }
+-
+- /* DOn't free, because we copy the pointer */
+- ldns_resolver_set_domain(r, tmp);
+- expect = LDNS_RESOLV_KEYWORD;
+- break;
+- case LDNS_RESOLV_NAMESERVER:
+- /* NS aaaa or a record */
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
+- if (gtr == 0) {
+- if(!fp) fclose(myfp);
+- return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
+- }
+- if(word[0] == '#') {
+- expect = LDNS_RESOLV_KEYWORD;
+- continue;
+- }
+- if(strchr(word, '%')) {
+- /* snip off interface labels,
+- * fe80::222:19ff:fe31:4222%eth0 */
+- strchr(word, '%')[0]=0;
+- }
+- tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, word);
+- if (!tmp) {
+- /* try ip4 */
+- tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, word);
+- }
+- /* could not parse it, exit */
+- if (!tmp) {
+- ldns_resolver_deep_free(r);
+- if(!fp) fclose(myfp);
+- return LDNS_STATUS_SYNTAX_ERR;
+- }
+- (void)ldns_resolver_push_nameserver(r, tmp);
+- ldns_rdf_deep_free(tmp);
+- expect = LDNS_RESOLV_KEYWORD;
+- break;
+- case LDNS_RESOLV_SEARCH:
+- /* search list domain dname */
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
+- b = LDNS_MALLOC(ldns_buffer);
+- if(!b) {
+- ldns_resolver_deep_free(r);
+- if(!fp) fclose(myfp);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- ldns_buffer_new_frm_data(b, word, (size_t) gtr);
+- if(ldns_buffer_status(b) != LDNS_STATUS_OK) {
+- LDNS_FREE(b);
+- ldns_resolver_deep_free(r);
+- if(!fp) fclose(myfp);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, (size_t) gtr + 1);
+- while (bgtr > 0) {
+- gtr -= bgtr;
+- if(word[0] == '#') {
+- expect = LDNS_RESOLV_KEYWORD;
+- break;
+- }
+- tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word);
+- if (!tmp) {
+- ldns_resolver_deep_free(r);
+- ldns_buffer_free(b);
+- if(!fp) fclose(myfp);
+- return LDNS_STATUS_SYNTAX_DNAME_ERR;
+- }
+-
+- ldns_resolver_push_searchlist(r, tmp);
+-
+- ldns_rdf_deep_free(tmp);
+- bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL,
+- (size_t) gtr + 1);
+- }
+- ldns_buffer_free(b);
+- if (expect != LDNS_RESOLV_KEYWORD) {
+- gtr = 1;
+- expect = LDNS_RESOLV_KEYWORD;
+- }
+- break;
+- case LDNS_RESOLV_SORTLIST:
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
+- /* sortlist not implemented atm */
+- expect = LDNS_RESOLV_KEYWORD;
+- break;
+- case LDNS_RESOLV_OPTIONS:
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
+- /* options not implemented atm */
+- expect = LDNS_RESOLV_KEYWORD;
+- break;
+- case LDNS_RESOLV_ANCHOR:
+- /* a file containing a DNSSEC trust anchor */
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
+- if (gtr == 0) {
+- ldns_resolver_deep_free(r);
+- if(!fp) fclose(myfp);
+- return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
+- }
+- if(word[0] == '#') {
+- expect = LDNS_RESOLV_KEYWORD;
+- continue;
+- }
+-
+-#ifdef HAVE_SSL
+- tmp_rr = ldns_read_anchor_file(word);
+- (void) ldns_resolver_push_dnssec_anchor(r, tmp_rr);
+- ldns_rr_free(tmp_rr);
+-#endif
+- expect = LDNS_RESOLV_KEYWORD;
+- break;
+- }
+- }
+-
+- if(!fp)
+- fclose(myfp);
+-
+- if (res) {
+- *res = r;
+- return LDNS_STATUS_OK;
+- } else {
+- ldns_resolver_deep_free(r);
+- return LDNS_STATUS_NULL;
+- }
+-}
+-
+-ldns_status
+-ldns_resolver_new_frm_file(ldns_resolver **res, const char *filename)
+-{
+- ldns_resolver *r;
+- FILE *fp;
+- ldns_status s;
+-
+- if (!filename) {
+- fp = fopen(LDNS_RESOLV_CONF, "r");
+-
+- } else {
+- fp = fopen(filename, "r");
+- }
+- if (!fp) {
+- return LDNS_STATUS_FILE_ERR;
+- }
+-
+- s = ldns_resolver_new_frm_fp(&r, fp);
+- fclose(fp);
+- if (s == LDNS_STATUS_OK) {
+- if (res) {
+- *res = r;
+- return LDNS_STATUS_OK;
+- } else {
+- ldns_resolver_free(r);
+- return LDNS_STATUS_NULL;
+- }
+- }
+- return s;
+-}
+-
+-void
+-ldns_resolver_free(ldns_resolver *res)
+-{
+- LDNS_FREE(res);
+-}
+-
+-void
+-ldns_resolver_deep_free(ldns_resolver *res)
+-{
+- size_t i;
+-
+- if (res) {
+- if (res->_searchlist) {
+- for (i = 0; i < ldns_resolver_searchlist_count(res); i++) {
+- ldns_rdf_deep_free(res->_searchlist[i]);
+- }
+- LDNS_FREE(res->_searchlist);
+- }
+- if (res->_nameservers) {
+- for (i = 0; i < res->_nameserver_count; i++) {
+- ldns_rdf_deep_free(res->_nameservers[i]);
+- }
+- LDNS_FREE(res->_nameservers);
+- }
+- if (ldns_resolver_domain(res)) {
+- ldns_rdf_deep_free(ldns_resolver_domain(res));
+- }
+- if (res->_tsig_keyname) {
+- LDNS_FREE(res->_tsig_keyname);
+- }
+- if (res->_tsig_keydata) {
+- LDNS_FREE(res->_tsig_keydata);
+- }
+- if (res->_tsig_algorithm) {
+- LDNS_FREE(res->_tsig_algorithm);
+- }
+-
+- if (res->_cur_axfr_pkt) {
+- ldns_pkt_free(res->_cur_axfr_pkt);
+- }
+-
+- if (res->_rtt) {
+- LDNS_FREE(res->_rtt);
+- }
+- if (res->_dnssec_anchors) {
+- ldns_rr_list_deep_free(res->_dnssec_anchors);
+- }
+- LDNS_FREE(res);
+- }
+-}
+-
+-ldns_status
+-ldns_resolver_search_status(ldns_pkt** pkt,
+- ldns_resolver *r, const ldns_rdf *name,
+- ldns_rr_type t, ldns_rr_class c, uint16_t flags)
+-{
+- ldns_rdf *new_name;
+- ldns_rdf **search_list;
+- size_t i;
+- ldns_status s = LDNS_STATUS_OK;
+- ldns_rdf root_dname = { 1, LDNS_RDF_TYPE_DNAME, (void *)"" };
+-
+- if (ldns_dname_absolute(name)) {
+- /* query as-is */
+- return ldns_resolver_query_status(pkt, r, name, t, c, flags);
+- } else if (ldns_resolver_dnsrch(r)) {
+- search_list = ldns_resolver_searchlist(r);
+- for (i = 0; i <= ldns_resolver_searchlist_count(r); i++) {
+- if (i == ldns_resolver_searchlist_count(r)) {
+- new_name = ldns_dname_cat_clone(name,
+- &root_dname);
+- } else {
+- new_name = ldns_dname_cat_clone(name,
+- search_list[i]);
+- }
+-
+- s = ldns_resolver_query_status(pkt, r,
+- new_name, t, c, flags);
+- ldns_rdf_free(new_name);
+- if (pkt && *pkt) {
+- if (s == LDNS_STATUS_OK &&
+- ldns_pkt_get_rcode(*pkt) ==
+- LDNS_RCODE_NOERROR) {
+-
+- return LDNS_STATUS_OK;
+- }
+- ldns_pkt_free(*pkt);
+- *pkt = NULL;
+- }
+- }
+- }
+- return s;
+-}
+-
+-ldns_pkt *
+-ldns_resolver_search(const ldns_resolver *r,const ldns_rdf *name,
+- ldns_rr_type t, ldns_rr_class c, uint16_t flags)
+-{
+- ldns_pkt* pkt = NULL;
+- if (ldns_resolver_search_status(&pkt, (ldns_resolver *)r,
+- name, t, c, flags) != LDNS_STATUS_OK) {
+- ldns_pkt_free(pkt);
+- }
+- return pkt;
+-}
+-
+-ldns_status
+-ldns_resolver_query_status(ldns_pkt** pkt,
+- ldns_resolver *r, const ldns_rdf *name,
+- ldns_rr_type t, ldns_rr_class c, uint16_t flags)
+-{
+- ldns_rdf *newname;
+- ldns_status status;
+-
+- if (!ldns_resolver_defnames(r) || !ldns_resolver_domain(r)) {
+- return ldns_resolver_send(pkt, r, name, t, c, flags);
+- }
+-
+- newname = ldns_dname_cat_clone(name, ldns_resolver_domain(r));
+- if (!newname) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- status = ldns_resolver_send(pkt, r, newname, t, c, flags);
+- ldns_rdf_free(newname);
+- return status;
+-}
+-
+-ldns_pkt *
+-ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name,
+- ldns_rr_type t, ldns_rr_class c, uint16_t flags)
+-{
+- ldns_pkt* pkt = NULL;
+- if (ldns_resolver_query_status(&pkt, (ldns_resolver *)r,
+- name, t, c, flags) != LDNS_STATUS_OK) {
+- ldns_pkt_free(pkt);
+- }
+- return pkt;
+-}
+-
+-static size_t *
+-ldns_resolver_backup_rtt(ldns_resolver *r)
+-{
+- size_t *new_rtt;
+- size_t *old_rtt = ldns_resolver_rtt(r);
+-
+- if (old_rtt && ldns_resolver_nameserver_count(r)) {
+- new_rtt = LDNS_XMALLOC(size_t
+- , ldns_resolver_nameserver_count(r));
+- memcpy(new_rtt, old_rtt, sizeof(size_t)
+- * ldns_resolver_nameserver_count(r));
+- ldns_resolver_set_rtt(r, new_rtt);
+- return old_rtt;
+- }
+- return NULL;
+-}
+-
+-static void
+-ldns_resolver_restore_rtt(ldns_resolver *r, size_t *old_rtt)
+-{
+- size_t *cur_rtt = ldns_resolver_rtt(r);
+-
+- if (cur_rtt) {
+- LDNS_FREE(cur_rtt);
+- }
+- ldns_resolver_set_rtt(r, old_rtt);
+-}
+-
+-ldns_status
+-ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r,
+- ldns_pkt *query_pkt)
+-{
+- ldns_pkt *answer_pkt = NULL;
+- ldns_status stat = LDNS_STATUS_OK;
+- size_t *rtt;
+-
+- stat = ldns_send(&answer_pkt, (ldns_resolver *)r, query_pkt);
+- if (stat != LDNS_STATUS_OK) {
+- if(answer_pkt) {
+- ldns_pkt_free(answer_pkt);
+- answer_pkt = NULL;
+- }
+- } else {
+- /* if tc=1 fall back to EDNS and/or TCP */
+- /* check for tcp first (otherwise we don't care about tc=1) */
+- if (!ldns_resolver_usevc(r) && ldns_resolver_fallback(r)) {
+- if (ldns_pkt_tc(answer_pkt)) {
+- /* was EDNS0 set? */
+- if (ldns_pkt_edns_udp_size(query_pkt) == 0) {
+- ldns_pkt_set_edns_udp_size(query_pkt
+- , 4096);
+- ldns_pkt_free(answer_pkt);
+- answer_pkt = NULL;
+- /* Nameservers should not become
+- * unreachable because fragments are
+- * dropped (network error). We might
+- * still have success with TCP.
+- * Therefore maintain reachability
+- * statuses of the nameservers by
+- * backup and restore the rtt list.
+- */
+- rtt = ldns_resolver_backup_rtt(r);
+- stat = ldns_send(&answer_pkt, r
+- , query_pkt);
+- ldns_resolver_restore_rtt(r, rtt);
+- }
+- /* either way, if it is still truncated, use TCP */
+- if (stat != LDNS_STATUS_OK ||
+- ldns_pkt_tc(answer_pkt)) {
+- ldns_resolver_set_usevc(r, true);
+- ldns_pkt_free(answer_pkt);
+- stat = ldns_send(&answer_pkt, r, query_pkt);
+- ldns_resolver_set_usevc(r, false);
+- }
+- }
+- }
+- }
+-
+- if (answer) {
+- *answer = answer_pkt;
+- }
+-
+- return stat;
+-}
+-
+-ldns_status
+-ldns_resolver_prepare_query_pkt(ldns_pkt **query_pkt, ldns_resolver *r,
+- const ldns_rdf *name, ldns_rr_type t,
+- ldns_rr_class c, uint16_t flags)
+-{
+- struct timeval now;
+- ldns_rr* soa = NULL;
+-
+- /* prepare a question pkt from the parameters
+- * and then send this */
+- if (t == LDNS_RR_TYPE_IXFR) {
+- ldns_rdf *owner_rdf;
+- ldns_rdf *mname_rdf;
+- ldns_rdf *rname_rdf;
+- ldns_rdf *serial_rdf;
+- ldns_rdf *refresh_rdf;
+- ldns_rdf *retry_rdf;
+- ldns_rdf *expire_rdf;
+- ldns_rdf *minimum_rdf;
+- soa = ldns_rr_new();
+-
+- if (!soa) {
+- return LDNS_STATUS_ERR;
+- }
+- owner_rdf = ldns_rdf_clone(name);
+- if (!owner_rdf) {
+- ldns_rr_free(soa);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_rr_set_owner(soa, owner_rdf);
+- ldns_rr_set_type(soa, LDNS_RR_TYPE_SOA);
+- ldns_rr_set_class(soa, c);
+- ldns_rr_set_question(soa, false);
+- if (ldns_str2rdf_dname(&mname_rdf, ".") != LDNS_STATUS_OK) {
+- ldns_rr_free(soa);
+- return LDNS_STATUS_ERR;
+- } else ldns_rr_push_rdf(soa, mname_rdf);
+- if (ldns_str2rdf_dname(&rname_rdf, ".") != LDNS_STATUS_OK) {
+- ldns_rr_free(soa);
+- return LDNS_STATUS_ERR;
+- } else ldns_rr_push_rdf(soa, rname_rdf);
+- serial_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, ldns_resolver_get_ixfr_serial(r));
+- if (!serial_rdf) {
+- ldns_rr_free(soa);
+- return LDNS_STATUS_ERR;
+- } else ldns_rr_push_rdf(soa, serial_rdf);
+- refresh_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
+- if (!refresh_rdf) {
+- ldns_rr_free(soa);
+- return LDNS_STATUS_ERR;
+- } else ldns_rr_push_rdf(soa, refresh_rdf);
+- retry_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
+- if (!retry_rdf) {
+- ldns_rr_free(soa);
+- return LDNS_STATUS_ERR;
+- } else ldns_rr_push_rdf(soa, retry_rdf);
+- expire_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
+- if (!expire_rdf) {
+- ldns_rr_free(soa);
+- return LDNS_STATUS_ERR;
+- } else ldns_rr_push_rdf(soa, expire_rdf);
+- minimum_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
+- if (!minimum_rdf) {
+- ldns_rr_free(soa);
+- return LDNS_STATUS_ERR;
+- } else ldns_rr_push_rdf(soa, minimum_rdf);
+-
+- *query_pkt = ldns_pkt_ixfr_request_new(ldns_rdf_clone(name),
+- c, flags, soa);
+- } else {
+- *query_pkt = ldns_pkt_query_new(ldns_rdf_clone(name), t, c, flags);
+- }
+- if (!*query_pkt) {
+- ldns_rr_free(soa);
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* set DO bit if necessary */
+- if (ldns_resolver_dnssec(r)) {
+- if (ldns_resolver_edns_udp_size(r) == 0) {
+- ldns_resolver_set_edns_udp_size(r, 4096);
+- }
+- ldns_pkt_set_edns_do(*query_pkt, true);
+- if (ldns_resolver_dnssec_cd(r) || (flags & LDNS_CD)) {
+- ldns_pkt_set_cd(*query_pkt, true);
+- }
+- }
+-
+- /* transfer the udp_edns_size from the resolver to the packet */
+- if (ldns_resolver_edns_udp_size(r) != 0) {
+- ldns_pkt_set_edns_udp_size(*query_pkt, ldns_resolver_edns_udp_size(r));
+- }
+-
+- /* set the timestamp */
+- now.tv_sec = time(NULL);
+- now.tv_usec = 0;
+- ldns_pkt_set_timestamp(*query_pkt, now);
+-
+-
+- if (ldns_resolver_debug(r)) {
+- ldns_pkt_print(stdout, *query_pkt);
+- }
+-
+- /* only set the id if it is not set yet */
+- if (ldns_pkt_id(*query_pkt) == 0) {
+- ldns_pkt_set_random_id(*query_pkt);
+- }
+-
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name,
+- ldns_rr_type t, ldns_rr_class c, uint16_t flags)
+-{
+- ldns_pkt *query_pkt;
+- ldns_pkt *answer_pkt;
+- ldns_status status;
+-
+- assert(r != NULL);
+- assert(name != NULL);
+-
+- answer_pkt = NULL;
+-
+- /* do all the preprocessing here, then fire of an query to
+- * the network */
+-
+- if (0 == t) {
+- t= LDNS_RR_TYPE_A;
+- }
+- if (0 == c) {
+- c= LDNS_RR_CLASS_IN;
+- }
+- if (0 == ldns_resolver_nameserver_count(r)) {
+- return LDNS_STATUS_RES_NO_NS;
+- }
+- if (ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) {
+- return LDNS_STATUS_RES_QUERY;
+- }
+-
+- status = ldns_resolver_prepare_query_pkt(&query_pkt, r, name,
+- t, c, flags);
+- if (status != LDNS_STATUS_OK) {
+- return status;
+- }
+-
+- /* if tsig values are set, tsign it */
+- /* TODO: make last 3 arguments optional too? maybe make complete
+- rr instead of separate values in resolver (and packet)
+- Jelte
+- should this go in pkt_prepare?
+- */
+- if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) {
+-#ifdef HAVE_SSL
+- status = ldns_pkt_tsig_sign(query_pkt,
+- ldns_resolver_tsig_keyname(r),
+- ldns_resolver_tsig_keydata(r),
+- 300, ldns_resolver_tsig_algorithm(r), NULL);
+- if (status != LDNS_STATUS_OK) {
+- ldns_pkt_free(query_pkt);
+- return LDNS_STATUS_CRYPTO_TSIG_ERR;
+- }
+-#else
+- ldns_pkt_free(query_pkt);
+- return LDNS_STATUS_CRYPTO_TSIG_ERR;
+-#endif /* HAVE_SSL */
+- }
+-
+- status = ldns_resolver_send_pkt(&answer_pkt, r, query_pkt);
+- ldns_pkt_free(query_pkt);
+-
+- /* allows answer to be NULL when not interested in return value */
+- if (answer) {
+- *answer = answer_pkt;
+- }
+- return status;
+-}
+-
+-ldns_rr *
+-ldns_axfr_next(ldns_resolver *resolver)
+-{
+- ldns_rr *cur_rr;
+- uint8_t *packet_wire;
+- size_t packet_wire_size;
+- ldns_status status;
+-
+- /* check if start() has been called */
+- if (!resolver || resolver->_socket == 0) {
+- return NULL;
+- }
+-
+- if (resolver->_cur_axfr_pkt) {
+- if (resolver->_axfr_i == ldns_pkt_ancount(resolver->_cur_axfr_pkt)) {
+- ldns_pkt_free(resolver->_cur_axfr_pkt);
+- resolver->_cur_axfr_pkt = NULL;
+- return ldns_axfr_next(resolver);
+- }
+- cur_rr = ldns_rr_clone(ldns_rr_list_rr(
+- ldns_pkt_answer(resolver->_cur_axfr_pkt),
+- resolver->_axfr_i));
+- resolver->_axfr_i++;
+- if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SOA) {
+- resolver->_axfr_soa_count++;
+- if (resolver->_axfr_soa_count >= 2) {
+-#ifndef USE_WINSOCK
+- close(resolver->_socket);
+-#else
+- closesocket(resolver->_socket);
+-#endif
+- resolver->_socket = 0;
+- ldns_pkt_free(resolver->_cur_axfr_pkt);
+- resolver->_cur_axfr_pkt = NULL;
+- }
+- }
+- return cur_rr;
+- } else {
+- packet_wire = ldns_tcp_read_wire_timeout(resolver->_socket, &packet_wire_size, resolver->_timeout);
+- if(!packet_wire)
+- return NULL;
+-
+- status = ldns_wire2pkt(&resolver->_cur_axfr_pkt, packet_wire,
+- packet_wire_size);
+- LDNS_FREE(packet_wire);
+-
+- resolver->_axfr_i = 0;
+- if (status != LDNS_STATUS_OK) {
+- /* TODO: make status return type of this function (...api change) */
+-#ifdef STDERR_MSGS
+- fprintf(stderr, "Error parsing rr during AXFR: %s\n", ldns_get_errorstr_by_id(status));
+-#endif
+-
+- /* we must now also close the socket, otherwise subsequent uses of the
+- same resolver structure will fail because the link is still open or
+- in an undefined state */
+-#ifndef USE_WINSOCK
+- close(resolver->_socket);
+-#else
+- closesocket(resolver->_socket);
+-#endif
+- resolver->_socket = 0;
+-
+- return NULL;
+- } else if (ldns_pkt_get_rcode(resolver->_cur_axfr_pkt) != 0) {
+-#ifdef STDERR_MSGS
+- ldns_lookup_table *rcode = ldns_lookup_by_id(
+- ldns_rcodes,(int) ldns_pkt_get_rcode(
+- resolver->_cur_axfr_pkt));
+- if (rcode) {
+- fprintf(stderr, "Error in AXFR: %s\n",
+- rcode->name);
+- } else {
+- fprintf(stderr, "Error in AXFR: %d\n",
+- (int) ldns_pkt_get_rcode(
+- resolver->_cur_axfr_pkt));
+- }
+-#endif
+-
+- /* we must now also close the socket, otherwise subsequent uses of the
+- same resolver structure will fail because the link is still open or
+- in an undefined state */
+-#ifndef USE_WINSOCK
+- close(resolver->_socket);
+-#else
+- closesocket(resolver->_socket);
+-#endif
+- resolver->_socket = 0;
+-
+- return NULL;
+- } else {
+- return ldns_axfr_next(resolver);
+- }
+-
+- }
+-
+-}
+-
+-/* this function is needed to abort a transfer that is in progress;
+- * without it an aborted transfer will lead to the AXFR code in the
+- * library staying in an indetermined state because the socket for the
+- * AXFR is never closed
+- */
+-void
+-ldns_axfr_abort(ldns_resolver *resolver)
+-{
+- /* Only abort if an actual AXFR is in progress */
+- if (resolver->_socket != 0)
+- {
+-#ifndef USE_WINSOCK
+- close(resolver->_socket);
+-#else
+- closesocket(resolver->_socket);
+-#endif
+- resolver->_socket = 0;
+- }
+-}
+-
+-bool
+-ldns_axfr_complete(const ldns_resolver *res)
+-{
+- /* complete when soa count is 2? */
+- return res->_axfr_soa_count == 2;
+-}
+-
+-ldns_pkt *
+-ldns_axfr_last_pkt(const ldns_resolver *res)
+-{
+- return res->_cur_axfr_pkt;
+-}
+-
+-void
+-ldns_resolver_set_ixfr_serial(ldns_resolver *r, uint32_t serial)
+-{
+- r->_serial = serial;
+-}
+-
+-uint32_t
+-ldns_resolver_get_ixfr_serial(const ldns_resolver *res)
+-{
+- return res->_serial;
+-}
+-
+-
+-/* random isn't really that good */
+-void
+-ldns_resolver_nameservers_randomize(ldns_resolver *r)
+-{
+- uint16_t i, j;
+- ldns_rdf **ns, *tmpns;
+- size_t *rtt, tmprtt;
+-
+- /* should I check for ldns_resolver_random?? */
+- assert(r != NULL);
+-
+- ns = ldns_resolver_nameservers(r);
+- rtt = ldns_resolver_rtt(r);
+- for (i = 0; i < ldns_resolver_nameserver_count(r); i++) {
+- j = ldns_get_random() % ldns_resolver_nameserver_count(r);
+- tmpns = ns[i];
+- ns[i] = ns[j];
+- ns[j] = tmpns;
+- tmprtt = rtt[i];
+- rtt[i] = rtt[j];
+- rtt[j] = tmprtt;
+- }
+- ldns_resolver_set_nameservers(r, ns);
+-}
+-
+diff --git a/src/ldns/rr.c b/src/ldns/rr.c
+deleted file mode 100644
+index e52ea80..0000000
+--- a/src/ldns/rr.c
++++ /dev/null
+@@ -1,2705 +0,0 @@
+-/* rr.c
+- *
+- * access functions for ldns_rr -
+- * a Net::DNS like library for C
+- * LibDNS Team @ NLnet Labs
+- *
+- * (c) NLnet Labs, 2004-2006
+- * See the file LICENSE for the license
+- */
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#include <strings.h>
+-#include <limits.h>
+-
+-#include <errno.h>
+-
+-#define LDNS_SYNTAX_DATALEN 16
+-#define LDNS_TTL_DATALEN 21
+-#define LDNS_RRLIST_INIT 8
+-
+-ldns_rr *
+-ldns_rr_new(void)
+-{
+- ldns_rr *rr;
+- rr = LDNS_MALLOC(ldns_rr);
+- if (!rr) {
+- return NULL;
+- }
+-
+- ldns_rr_set_owner(rr, NULL);
+- ldns_rr_set_question(rr, false);
+- ldns_rr_set_rd_count(rr, 0);
+- rr->_rdata_fields = NULL;
+- ldns_rr_set_class(rr, LDNS_RR_CLASS_IN);
+- ldns_rr_set_ttl(rr, LDNS_DEFAULT_TTL);
+- return rr;
+-}
+-
+-ldns_rr *
+-ldns_rr_new_frm_type(ldns_rr_type t)
+-{
+- ldns_rr *rr;
+- const ldns_rr_descriptor *desc;
+- size_t i;
+-
+- rr = LDNS_MALLOC(ldns_rr);
+- if (!rr) {
+- return NULL;
+- }
+-
+- desc = ldns_rr_descript(t);
+-
+- rr->_rdata_fields = LDNS_XMALLOC(ldns_rdf *, ldns_rr_descriptor_minimum(desc));
+- if(!rr->_rdata_fields) {
+- LDNS_FREE(rr);
+- return NULL;
+- }
+- for (i = 0; i < ldns_rr_descriptor_minimum(desc); i++) {
+- rr->_rdata_fields[i] = NULL;
+- }
+-
+- ldns_rr_set_owner(rr, NULL);
+- ldns_rr_set_question(rr, false);
+- /* set the count to minimum */
+- ldns_rr_set_rd_count(rr, ldns_rr_descriptor_minimum(desc));
+- ldns_rr_set_class(rr, LDNS_RR_CLASS_IN);
+- ldns_rr_set_ttl(rr, LDNS_DEFAULT_TTL);
+- ldns_rr_set_type(rr, t);
+- return rr;
+-}
+-
+-void
+-ldns_rr_free(ldns_rr *rr)
+-{
+- size_t i;
+- if (rr) {
+- if (ldns_rr_owner(rr)) {
+- ldns_rdf_deep_free(ldns_rr_owner(rr));
+- }
+- for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+- ldns_rdf_deep_free(ldns_rr_rdf(rr, i));
+- }
+- LDNS_FREE(rr->_rdata_fields);
+- LDNS_FREE(rr);
+- }
+-}
+-
+-/* Syntactic sugar for ldns_rr_new_frm_str_internal */
+-INLINE bool
+-ldns_rdf_type_maybe_quoted(ldns_rdf_type rdf_type)
+-{
+- return rdf_type == LDNS_RDF_TYPE_STR ||
+- rdf_type == LDNS_RDF_TYPE_LONG_STR;
+-}
+-
+-/*
+- * trailing spaces are allowed
+- * leading spaces are not allowed
+- * allow ttl to be optional
+- * class is optional too
+- * if ttl is missing, and default_ttl is 0, use DEF_TTL
+- * allow ttl to be written as 1d3h
+- * So the RR should look like. e.g.
+- * miek.nl. 3600 IN MX 10 elektron.atoom.net
+- * or
+- * miek.nl. 1h IN MX 10 elektron.atoom.net
+- * or
+- * miek.nl. IN MX 10 elektron.atoom.net
+- */
+-static ldns_status
+-ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
+- uint32_t default_ttl, ldns_rdf *origin,
+- ldns_rdf **prev, bool question)
+-{
+- ldns_rr *new;
+- const ldns_rr_descriptor *desc;
+- ldns_rr_type rr_type;
+- ldns_buffer *rr_buf = NULL;
+- ldns_buffer *rd_buf = NULL;
+- uint32_t ttl_val;
+- char *owner = NULL;
+- char *ttl = NULL;
+- ldns_rr_class clas_val;
+- char *clas = NULL;
+- char *type = NULL;
+- char *rdata = NULL;
+- char *rd = NULL;
+- char *xtok = NULL; /* For RDF types with spaces (i.e. extra tokens) */
+- size_t rd_strlen;
+- const char *delimiters;
+- ssize_t c;
+- ldns_rdf *owner_dname;
+- const char* endptr;
+- int was_unknown_rr_format = 0;
+- ldns_status status = LDNS_STATUS_OK;
+-
+- /* used for types with unknown number of rdatas */
+- bool done;
+- bool quoted;
+-
+- ldns_rdf *r = NULL;
+- uint16_t r_cnt;
+- uint16_t r_min;
+- uint16_t r_max;
+- size_t pre_data_pos;
+-
+- uint16_t hex_data_size;
+- char *hex_data_str = NULL;
+- uint16_t cur_hex_data_size;
+- size_t hex_pos = 0;
+- uint8_t *hex_data = NULL;
+-
+- new = ldns_rr_new();
+-
+- owner = LDNS_XMALLOC(char, LDNS_MAX_DOMAINLEN + 1);
+- ttl = LDNS_XMALLOC(char, LDNS_TTL_DATALEN);
+- clas = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN);
+- rdata = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN + 1);
+- rr_buf = LDNS_MALLOC(ldns_buffer);
+- rd_buf = LDNS_MALLOC(ldns_buffer);
+- rd = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN);
+- xtok = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN);
+- if (rr_buf) {
+- rr_buf->_data = NULL;
+- }
+- if (rd_buf) {
+- rd_buf->_data = NULL;
+- }
+- if (!new || !owner || !ttl || !clas || !rdata ||
+- !rr_buf || !rd_buf || !rd || !xtok) {
+-
+- goto memerror;
+- }
+-
+- ldns_buffer_new_frm_data(rr_buf, (char*)str, strlen(str));
+-
+- /* split the rr in its parts -1 signals trouble */
+- if (ldns_bget_token(rr_buf, owner, "\t\n ", LDNS_MAX_DOMAINLEN) == -1){
+-
+- status = LDNS_STATUS_SYNTAX_ERR;
+- goto error;
+- }
+-
+- if (ldns_bget_token(rr_buf, ttl, "\t\n ", LDNS_TTL_DATALEN) == -1) {
+-
+- status = LDNS_STATUS_SYNTAX_TTL_ERR;
+- goto error;
+- }
+- ttl_val = (uint32_t) ldns_str2period(ttl, &endptr);
+-
+- if (strlen(ttl) > 0 && !isdigit((int) ttl[0])) {
+- /* ah, it's not there or something */
+- if (default_ttl == 0) {
+- ttl_val = LDNS_DEFAULT_TTL;
+- } else {
+- ttl_val = default_ttl;
+- }
+- /* we not ASSUMING the TTL is missing and that
+- * the rest of the RR is still there. That is
+- * CLASS TYPE RDATA
+- * so ttl value we read is actually the class
+- */
+- clas_val = ldns_get_rr_class_by_name(ttl);
+- /* class can be left out too, assume IN, current
+- * token must be type
+- */
+- if (clas_val == 0) {
+- clas_val = LDNS_RR_CLASS_IN;
+- type = LDNS_XMALLOC(char, strlen(ttl) + 1);
+- if (!type) {
+- goto memerror;
+- }
+- strncpy(type, ttl, strlen(ttl) + 1);
+- }
+- } else {
+- if (-1 == ldns_bget_token(
+- rr_buf, clas, "\t\n ", LDNS_SYNTAX_DATALEN)) {
+-
+- status = LDNS_STATUS_SYNTAX_CLASS_ERR;
+- goto error;
+- }
+- clas_val = ldns_get_rr_class_by_name(clas);
+- /* class can be left out too, assume IN, current
+- * token must be type
+- */
+- if (clas_val == 0) {
+- clas_val = LDNS_RR_CLASS_IN;
+- type = LDNS_XMALLOC(char, strlen(clas) + 1);
+- if (!type) {
+- goto memerror;
+- }
+- strncpy(type, clas, strlen(clas) + 1);
+- }
+- }
+- /* the rest should still be waiting for us */
+-
+- if (!type) {
+- type = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN);
+- if (!type) {
+- goto memerror;
+- }
+- if (-1 == ldns_bget_token(
+- rr_buf, type, "\t\n ", LDNS_SYNTAX_DATALEN)) {
+-
+- status = LDNS_STATUS_SYNTAX_TYPE_ERR;
+- goto error;
+- }
+- }
+-
+- if (ldns_bget_token(rr_buf, rdata, "\0", LDNS_MAX_PACKETLEN) == -1) {
+- /* apparently we are done, and it's only a question RR
+- * so do not set status and go to ldnserror here
+- */
+- }
+- ldns_buffer_new_frm_data(rd_buf, rdata, strlen(rdata));
+-
+- if (strlen(owner) <= 1 && strncmp(owner, "@", 1) == 0) {
+- if (origin) {
+- ldns_rr_set_owner(new, ldns_rdf_clone(origin));
+- } else if (prev && *prev) {
+- ldns_rr_set_owner(new, ldns_rdf_clone(*prev));
+- } else {
+- /* default to root */
+- ldns_rr_set_owner(new, ldns_dname_new_frm_str("."));
+- }
+-
+- /* @ also overrides prev */
+- if (prev) {
+- ldns_rdf_deep_free(*prev);
+- *prev = ldns_rdf_clone(ldns_rr_owner(new));
+- if (!*prev) {
+- goto memerror;
+- }
+- }
+- } else {
+- if (strlen(owner) == 0) {
+- /* no ownername was given, try prev, if that fails
+- * origin, else default to root */
+- if (prev && *prev) {
+- ldns_rr_set_owner(new, ldns_rdf_clone(*prev));
+- } else if (origin) {
+- ldns_rr_set_owner(new, ldns_rdf_clone(origin));
+- } else {
+- ldns_rr_set_owner(new,
+- ldns_dname_new_frm_str("."));
+- }
+- if(!ldns_rr_owner(new)) {
+- goto memerror;
+- }
+- } else {
+- owner_dname = ldns_dname_new_frm_str(owner);
+- if (!owner_dname) {
+- status = LDNS_STATUS_SYNTAX_ERR;
+- goto error;
+- }
+-
+- ldns_rr_set_owner(new, owner_dname);
+- if (!ldns_dname_str_absolute(owner) && origin) {
+- if(ldns_dname_cat(ldns_rr_owner(new), origin)
+- != LDNS_STATUS_OK) {
+-
+- status = LDNS_STATUS_SYNTAX_ERR;
+- goto error;
+- }
+- }
+- if (prev) {
+- ldns_rdf_deep_free(*prev);
+- *prev = ldns_rdf_clone(ldns_rr_owner(new));
+- if (!*prev) {
+- goto error;
+- }
+- }
+- }
+- }
+- LDNS_FREE(owner);
+-
+- ldns_rr_set_question(new, question);
+-
+- ldns_rr_set_ttl(new, ttl_val);
+- LDNS_FREE(ttl);
+-
+- ldns_rr_set_class(new, clas_val);
+- LDNS_FREE(clas);
+-
+- rr_type = ldns_get_rr_type_by_name(type);
+- LDNS_FREE(type);
+-
+- desc = ldns_rr_descript((uint16_t)rr_type);
+- ldns_rr_set_type(new, rr_type);
+- if (desc) {
+- /* only the rdata remains */
+- r_max = ldns_rr_descriptor_maximum(desc);
+- r_min = ldns_rr_descriptor_minimum(desc);
+- } else {
+- r_min = 0;
+- r_max = 1;
+- }
+-
+- for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) {
+- quoted = false;
+-
+- switch (ldns_rr_descriptor_field_type(desc, r_cnt)) {
+- case LDNS_RDF_TYPE_B64 :
+- case LDNS_RDF_TYPE_HEX : /* These rdf types may con- */
+- case LDNS_RDF_TYPE_LOC : /* tain whitespace, only if */
+- case LDNS_RDF_TYPE_WKS : /* it is the last rd field. */
+- case LDNS_RDF_TYPE_IPSECKEY :
+- case LDNS_RDF_TYPE_NSEC : if (r_cnt == r_max - 1) {
+- delimiters = "\n";
+- break;
+- }
+- default : delimiters = "\n\t ";
+- }
+-
+- if (ldns_rdf_type_maybe_quoted(
+- ldns_rr_descriptor_field_type(
+- desc, r_cnt)) &&
+- ldns_buffer_remaining(rd_buf) > 0){
+-
+- /* skip spaces */
+- while (*(ldns_buffer_current(rd_buf)) == ' ') {
+- ldns_buffer_skip(rd_buf, 1);
+- }
+-
+- if (*(ldns_buffer_current(rd_buf)) == '\"') {
+- delimiters = "\"\0";
+- ldns_buffer_skip(rd_buf, 1);
+- quoted = true;
+- }
+- }
+-
+- /* because number of fields can be variable, we can't rely on
+- * _maximum() only
+- */
+-
+- /* skip spaces */
+- while (ldns_buffer_position(rd_buf) < ldns_buffer_limit(rd_buf)
+- && *(ldns_buffer_current(rd_buf)) == ' '
+- && !quoted) {
+-
+- ldns_buffer_skip(rd_buf, 1);
+- }
+-
+- pre_data_pos = ldns_buffer_position(rd_buf);
+- if (-1 == (c = ldns_bget_token(
+- rd_buf, rd, delimiters, LDNS_MAX_RDFLEN))) {
+-
+- done = true;
+- break;
+- }
+- /* hmmz, rfc3597 specifies that any type can be represented
+- * with \# method, which can contain spaces...
+- * it does specify size though...
+- */
+- rd_strlen = strlen(rd);
+-
+- /* unknown RR data */
+- if (strncmp(rd, "\\#", 2) == 0 && !quoted &&
+- (rd_strlen == 2 || rd[2]==' ')) {
+-
+- was_unknown_rr_format = 1;
+- /* go back to before \#
+- * and skip it while setting delimiters better
+- */
+- ldns_buffer_set_position(rd_buf, pre_data_pos);
+- delimiters = "\n\t ";
+- (void)ldns_bget_token(rd_buf, rd,
+- delimiters, LDNS_MAX_RDFLEN);
+- /* read rdata octet length */
+- c = ldns_bget_token(rd_buf, rd,
+- delimiters, LDNS_MAX_RDFLEN);
+- if (c == -1) {
+- /* something goes very wrong here */
+- status = LDNS_STATUS_SYNTAX_RDATA_ERR;
+- goto error;
+- }
+- hex_data_size = (uint16_t) atoi(rd);
+- /* copy hex chars into hex str (2 chars per byte) */
+- hex_data_str = LDNS_XMALLOC(char, 2*hex_data_size + 1);
+- if (!hex_data_str) {
+- /* malloc error */
+- goto memerror;
+- }
+- cur_hex_data_size = 0;
+- while(cur_hex_data_size < 2 * hex_data_size) {
+- c = ldns_bget_token(rd_buf, rd,
+- delimiters, LDNS_MAX_RDFLEN);
+- if (c != -1) {
+- rd_strlen = strlen(rd);
+- }
+- if (c == -1 ||
+- (size_t)cur_hex_data_size + rd_strlen >
+- 2 * (size_t)hex_data_size) {
+-
+- status = LDNS_STATUS_SYNTAX_RDATA_ERR;
+- goto error;
+- }
+- strncpy(hex_data_str + cur_hex_data_size, rd,
+- rd_strlen);
+-
+- cur_hex_data_size += rd_strlen;
+- }
+- hex_data_str[cur_hex_data_size] = '\0';
+-
+- /* correct the rdf type */
+- /* if *we* know the type, interpret it as wireformat */
+- if (desc) {
+- hex_pos = 0;
+- hex_data =
+- LDNS_XMALLOC(uint8_t, hex_data_size+2);
+-
+- if (!hex_data) {
+- goto memerror;
+- }
+- ldns_write_uint16(hex_data, hex_data_size);
+- ldns_hexstring_to_data(
+- hex_data + 2, hex_data_str);
+- status = ldns_wire2rdf(new, hex_data,
+- hex_data_size + 2, &hex_pos);
+- if (status != LDNS_STATUS_OK) {
+- goto error;
+- }
+- LDNS_FREE(hex_data);
+- } else {
+- r = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_HEX,
+- hex_data_str);
+- if (!r) {
+- goto memerror;
+- }
+- ldns_rdf_set_type(r, LDNS_RDF_TYPE_UNKNOWN);
+- if (!ldns_rr_push_rdf(new, r)) {
+- goto memerror;
+- }
+- }
+- LDNS_FREE(hex_data_str);
+-
+- } else if(rd_strlen > 0 || quoted) {
+- /* Normal RR */
+- switch(ldns_rr_descriptor_field_type(desc, r_cnt)) {
+-
+- case LDNS_RDF_TYPE_HEX:
+- case LDNS_RDF_TYPE_B64:
+- /* When this is the last rdata field, then the
+- * rest should be read in (cause then these
+- * rdf types may contain spaces).
+- */
+- if (r_cnt == r_max - 1) {
+- c = ldns_bget_token(rd_buf, xtok,
+- "\n", LDNS_MAX_RDFLEN);
+- if (c != -1) {
+- (void) strncat(rd, xtok,
+- LDNS_MAX_RDFLEN -
+- strlen(rd) - 1);
+- }
+- }
+- r = ldns_rdf_new_frm_str(
+- ldns_rr_descriptor_field_type(
+- desc, r_cnt), rd);
+- break;
+-
+- case LDNS_RDF_TYPE_HIP:
+- /*
+- * In presentation format this RDATA type has
+- * three tokens: An algorithm byte, then a
+- * variable length HIT (in hexbytes) and then
+- * a variable length Public Key (in base64).
+- *
+- * We have just read the algorithm, so we need
+- * two more tokens: HIT and Public Key.
+- */
+- do {
+- /* Read and append HIT */
+- if (ldns_bget_token(rd_buf,
+- xtok, delimiters,
+- LDNS_MAX_RDFLEN) == -1)
+- break;
+-
+- (void) strncat(rd, " ",
+- LDNS_MAX_RDFLEN -
+- strlen(rd) - 1);
+- (void) strncat(rd, xtok,
+- LDNS_MAX_RDFLEN -
+- strlen(rd) - 1);
+-
+- /* Read and append Public Key*/
+- if (ldns_bget_token(rd_buf,
+- xtok, delimiters,
+- LDNS_MAX_RDFLEN) == -1)
+- break;
+-
+- (void) strncat(rd, " ",
+- LDNS_MAX_RDFLEN -
+- strlen(rd) - 1);
+- (void) strncat(rd, xtok,
+- LDNS_MAX_RDFLEN -
+- strlen(rd) - 1);
+- } while (false);
+-
+- r = ldns_rdf_new_frm_str(
+- ldns_rr_descriptor_field_type(
+- desc, r_cnt), rd);
+- break;
+-
+- case LDNS_RDF_TYPE_DNAME:
+- r = ldns_rdf_new_frm_str(
+- ldns_rr_descriptor_field_type(
+- desc, r_cnt), rd);
+-
+- /* check if the origin should be used
+- * or concatenated
+- */
+- if (r && ldns_rdf_size(r) > 1 &&
+- ldns_rdf_data(r)[0] == 1 &&
+- ldns_rdf_data(r)[1] == '@') {
+-
+- ldns_rdf_deep_free(r);
+-
+- r = origin ? ldns_rdf_clone(origin)
+-
+- : ( rr_type == LDNS_RR_TYPE_SOA ?
+-
+- ldns_rdf_clone(
+- ldns_rr_owner(new))
+-
+- : ldns_rdf_new_frm_str(
+- LDNS_RDF_TYPE_DNAME, ".")
+- );
+-
+- } else if (r && rd_strlen >= 1 && origin &&
+- !ldns_dname_str_absolute(rd)) {
+-
+- status = ldns_dname_cat(r, origin);
+- if (status != LDNS_STATUS_OK) {
+- goto error;
+- }
+- }
+- break;
+- default:
+- r = ldns_rdf_new_frm_str(
+- ldns_rr_descriptor_field_type(
+- desc, r_cnt), rd);
+- break;
+- }
+- if (!r) {
+- status = LDNS_STATUS_SYNTAX_RDATA_ERR;
+- goto error;
+- }
+- ldns_rr_push_rdf(new, r);
+- }
+- if (quoted) {
+- if (ldns_buffer_available(rd_buf, 1)) {
+- ldns_buffer_skip(rd_buf, 1);
+- } else {
+- done = true;
+- }
+- }
+-
+- } /* for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) */
+- LDNS_FREE(rd);
+- LDNS_FREE(xtok);
+- ldns_buffer_free(rd_buf);
+- ldns_buffer_free(rr_buf);
+- LDNS_FREE(rdata);
+-
+- if (!question && desc && !was_unknown_rr_format &&
+- ldns_rr_rd_count(new) < r_min) {
+-
+- ldns_rr_free(new);
+- return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
+- }
+-
+- if (newrr) {
+- *newrr = new;
+- } else {
+- /* Maybe the caller just wanted to see if it would parse? */
+- ldns_rr_free(new);
+- }
+- return LDNS_STATUS_OK;
+-
+-memerror:
+- status = LDNS_STATUS_MEM_ERR;
+-error:
+- if (rd_buf && rd_buf->_data) {
+- ldns_buffer_free(rd_buf);
+- } else {
+- LDNS_FREE(rd_buf);
+- }
+- if (rr_buf && rr_buf->_data) {
+- ldns_buffer_free(rr_buf);
+- } else {
+- LDNS_FREE(rr_buf);
+- }
+- LDNS_FREE(type);
+- LDNS_FREE(owner);
+- LDNS_FREE(ttl);
+- LDNS_FREE(clas);
+- LDNS_FREE(hex_data);
+- LDNS_FREE(hex_data_str);
+- LDNS_FREE(xtok);
+- LDNS_FREE(rd);
+- LDNS_FREE(rdata);
+- ldns_rr_free(new);
+- return status;
+-}
+-
+-ldns_status
+-ldns_rr_new_frm_str(ldns_rr **newrr, const char *str,
+- uint32_t default_ttl, ldns_rdf *origin,
+- ldns_rdf **prev)
+-{
+- return ldns_rr_new_frm_str_internal(newrr,
+- str,
+- default_ttl,
+- origin,
+- prev,
+- false);
+-}
+-
+-ldns_status
+-ldns_rr_new_question_frm_str(ldns_rr **newrr, const char *str,
+- ldns_rdf *origin, ldns_rdf **prev)
+-{
+- return ldns_rr_new_frm_str_internal(newrr,
+- str,
+- 0,
+- origin,
+- prev,
+- true);
+-}
+-
+-/* Strip whitespace from the start and the end of <line>. */
+-static char *
+-ldns_strip_ws(char *line)
+-{
+- char *s = line, *e;
+-
+- for (s = line; *s && isspace(*s); s++)
+- ;
+-
+- for (e = strchr(s, 0); e > s+2 && isspace(e[-1]) && e[-2] != '\\'; e--)
+- ;
+- *e = 0;
+-
+- return s;
+-}
+-
+-ldns_status
+-ldns_rr_new_frm_fp(ldns_rr **newrr, FILE *fp, uint32_t *ttl, ldns_rdf **origin, ldns_rdf **prev)
+-{
+- return ldns_rr_new_frm_fp_l(newrr, fp, ttl, origin, prev, NULL);
+-}
+-
+-ldns_status
+-ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr)
+-{
+- char *line;
+- const char *endptr; /* unused */
+- ldns_rr *rr;
+- uint32_t ttl;
+- ldns_rdf *tmp;
+- ldns_status s;
+- ssize_t size;
+-
+- if (default_ttl) {
+- ttl = *default_ttl;
+- } else {
+- ttl = 0;
+- }
+-
+- line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1);
+- if (!line) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- /* read an entire line in from the file */
+- if ((size = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, LDNS_MAX_LINELEN, line_nr)) == -1) {
+- LDNS_FREE(line);
+- /* if last line was empty, we are now at feof, which is not
+- * always a parse error (happens when for instance last line
+- * was a comment)
+- */
+- return LDNS_STATUS_SYNTAX_ERR;
+- }
+-
+- /* we can have the situation, where we've read ok, but still got
+- * no bytes to play with, in this case size is 0
+- */
+- if (size == 0) {
+- LDNS_FREE(line);
+- return LDNS_STATUS_SYNTAX_EMPTY;
+- }
+-
+- if (strncmp(line, "$ORIGIN", 7) == 0 && isspace(line[7])) {
+- if (*origin) {
+- ldns_rdf_deep_free(*origin);
+- *origin = NULL;
+- }
+- tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
+- ldns_strip_ws(line + 8));
+- if (!tmp) {
+- /* could not parse what next to $ORIGIN */
+- LDNS_FREE(line);
+- return LDNS_STATUS_SYNTAX_DNAME_ERR;
+- }
+- *origin = tmp;
+- s = LDNS_STATUS_SYNTAX_ORIGIN;
+- } else if (strncmp(line, "$TTL", 4) == 0 && isspace(line[4])) {
+- if (default_ttl) {
+- *default_ttl = ldns_str2period(
+- ldns_strip_ws(line + 5), &endptr);
+- }
+- s = LDNS_STATUS_SYNTAX_TTL;
+- } else if (strncmp(line, "$INCLUDE", 8) == 0) {
+- s = LDNS_STATUS_SYNTAX_INCLUDE;
+- } else if (!*ldns_strip_ws(line)) {
+- LDNS_FREE(line);
+- return LDNS_STATUS_SYNTAX_EMPTY;
+- } else {
+- if (origin && *origin) {
+- s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, *origin, prev);
+- } else {
+- s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, NULL, prev);
+- }
+- }
+- LDNS_FREE(line);
+- if (s == LDNS_STATUS_OK) {
+- if (newrr) {
+- *newrr = rr;
+- } else {
+- /* Just testing if it would parse? */
+- ldns_rr_free(rr);
+- }
+- }
+- return s;
+-}
+-
+-void
+-ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
+-{
+- rr->_owner = owner;
+-}
+-
+-void
+-ldns_rr_set_question(ldns_rr *rr, bool question)
+-{
+- rr->_rr_question = question;
+-}
+-
+-void
+-ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl)
+-{
+- rr->_ttl = ttl;
+-}
+-
+-void
+-ldns_rr_set_rd_count(ldns_rr *rr, size_t count)
+-{
+- rr->_rd_count = count;
+-}
+-
+-void
+-ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type)
+-{
+- rr->_rr_type = rr_type;
+-}
+-
+-void
+-ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class)
+-{
+- rr->_rr_class = rr_class;
+-}
+-
+-ldns_rdf *
+-ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position)
+-{
+- size_t rd_count;
+- ldns_rdf *pop;
+-
+- rd_count = ldns_rr_rd_count(rr);
+- if (position < rd_count) {
+- /* dicard the old one */
+- pop = rr->_rdata_fields[position];
+- rr->_rdata_fields[position] = (ldns_rdf*)f;
+- return pop;
+- } else {
+- return NULL;
+- }
+-}
+-
+-bool
+-ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f)
+-{
+- size_t rd_count;
+- ldns_rdf **rdata_fields;
+-
+- rd_count = ldns_rr_rd_count(rr);
+-
+- /* grow the array */
+- rdata_fields = LDNS_XREALLOC(
+- rr->_rdata_fields, ldns_rdf *, rd_count + 1);
+- if (!rdata_fields) {
+- return false;
+- }
+-
+- /* add the new member */
+- rr->_rdata_fields = rdata_fields;
+- rr->_rdata_fields[rd_count] = (ldns_rdf*)f;
+-
+- ldns_rr_set_rd_count(rr, rd_count + 1);
+- return true;
+-}
+-
+-ldns_rdf *
+-ldns_rr_pop_rdf(ldns_rr *rr)
+-{
+- size_t rd_count;
+- ldns_rdf *pop;
+- ldns_rdf** newrd;
+-
+- rd_count = ldns_rr_rd_count(rr);
+-
+- if (rd_count == 0) {
+- return NULL;
+- }
+-
+- pop = rr->_rdata_fields[rd_count - 1];
+-
+- /* try to shrink the array */
+- if(rd_count > 1) {
+- newrd = LDNS_XREALLOC(
+- rr->_rdata_fields, ldns_rdf *, rd_count - 1);
+- if(newrd)
+- rr->_rdata_fields = newrd;
+- } else {
+- LDNS_FREE(rr->_rdata_fields);
+- }
+-
+- ldns_rr_set_rd_count(rr, rd_count - 1);
+- return pop;
+-}
+-
+-ldns_rdf *
+-ldns_rr_rdf(const ldns_rr *rr, size_t nr)
+-{
+- if (rr && nr < ldns_rr_rd_count(rr)) {
+- return rr->_rdata_fields[nr];
+- } else {
+- return NULL;
+- }
+-}
+-
+-ldns_rdf *
+-ldns_rr_owner(const ldns_rr *rr)
+-{
+- return rr->_owner;
+-}
+-
+-bool
+-ldns_rr_is_question(const ldns_rr *rr)
+-{
+- return rr->_rr_question;
+-}
+-
+-uint32_t
+-ldns_rr_ttl(const ldns_rr *rr)
+-{
+- return rr->_ttl;
+-}
+-
+-size_t
+-ldns_rr_rd_count(const ldns_rr *rr)
+-{
+- return rr->_rd_count;
+-}
+-
+-ldns_rr_type
+-ldns_rr_get_type(const ldns_rr *rr)
+-{
+- return rr->_rr_type;
+-}
+-
+-ldns_rr_class
+-ldns_rr_get_class(const ldns_rr *rr)
+-{
+- return rr->_rr_class;
+-}
+-
+-/* rr_lists */
+-
+-size_t
+-ldns_rr_list_rr_count(const ldns_rr_list *rr_list)
+-{
+- if (rr_list) {
+- return rr_list->_rr_count;
+- } else {
+- return 0;
+- }
+-}
+-
+-ldns_rr *
+-ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count)
+-{
+- ldns_rr *old;
+-
+- if (count > ldns_rr_list_rr_count(rr_list)) {
+- return NULL;
+- }
+-
+- old = ldns_rr_list_rr(rr_list, count);
+-
+- /* overwrite old's pointer */
+- rr_list->_rrs[count] = (ldns_rr*)r;
+- return old;
+-}
+-
+-void
+-ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count)
+-{
+- assert(count <= rr_list->_rr_capacity);
+- rr_list->_rr_count = count;
+-}
+-
+-ldns_rr *
+-ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr)
+-{
+- if (nr < ldns_rr_list_rr_count(rr_list)) {
+- return rr_list->_rrs[nr];
+- } else {
+- return NULL;
+- }
+-}
+-
+-ldns_rr_list *
+-ldns_rr_list_new(void)
+-{
+- ldns_rr_list *rr_list = LDNS_MALLOC(ldns_rr_list);
+- if(!rr_list) return NULL;
+- rr_list->_rr_count = 0;
+- rr_list->_rr_capacity = 0;
+- rr_list->_rrs = NULL;
+- return rr_list;
+-}
+-
+-void
+-ldns_rr_list_free(ldns_rr_list *rr_list)
+-{
+- if (rr_list) {
+- LDNS_FREE(rr_list->_rrs);
+- LDNS_FREE(rr_list);
+- }
+-}
+-
+-void
+-ldns_rr_list_deep_free(ldns_rr_list *rr_list)
+-{
+- size_t i;
+-
+- if (rr_list) {
+- for (i=0; i < ldns_rr_list_rr_count(rr_list); i++) {
+- ldns_rr_free(ldns_rr_list_rr(rr_list, i));
+- }
+- LDNS_FREE(rr_list->_rrs);
+- LDNS_FREE(rr_list);
+- }
+-}
+-
+-
+-/* add right to left. So we modify *left! */
+-bool
+-ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right)
+-{
+- size_t r_rr_count;
+- size_t i;
+-
+- if (!left) {
+- return false;
+- }
+-
+- if (right) {
+- r_rr_count = ldns_rr_list_rr_count(right);
+- } else {
+- r_rr_count = 0;
+- }
+-
+- /* push right to left */
+- for(i = 0; i < r_rr_count; i++) {
+- ldns_rr_list_push_rr(left, ldns_rr_list_rr(right, i));
+- }
+- return true;
+-}
+-
+-ldns_rr_list *
+-ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right)
+-{
+- size_t l_rr_count;
+- size_t r_rr_count;
+- size_t i;
+- ldns_rr_list *cat;
+-
+- if (left) {
+- l_rr_count = ldns_rr_list_rr_count(left);
+- } else {
+- return ldns_rr_list_clone(right);
+- }
+-
+- if (right) {
+- r_rr_count = ldns_rr_list_rr_count(right);
+- } else {
+- r_rr_count = 0;
+- }
+-
+- cat = ldns_rr_list_new();
+-
+- if (!cat) {
+- return NULL;
+- }
+-
+- /* left */
+- for(i = 0; i < l_rr_count; i++) {
+- ldns_rr_list_push_rr(cat,
+- ldns_rr_clone(ldns_rr_list_rr(left, i)));
+- }
+- /* right */
+- for(i = 0; i < r_rr_count; i++) {
+- ldns_rr_list_push_rr(cat,
+- ldns_rr_clone(ldns_rr_list_rr(right, i)));
+- }
+- return cat;
+-}
+-
+-ldns_rr_list *
+-ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos)
+-{
+- size_t i;
+- ldns_rr_list *subtyped;
+- ldns_rdf *list_rdf;
+-
+- subtyped = ldns_rr_list_new();
+-
+- for(i = 0; i < ldns_rr_list_rr_count(l); i++) {
+- list_rdf = ldns_rr_rdf(
+- ldns_rr_list_rr(l, i),
+- pos);
+- if (!list_rdf) {
+- /* pos is too large or any other error */
+- ldns_rr_list_deep_free(subtyped);
+- return NULL;
+- }
+-
+- if (ldns_rdf_compare(list_rdf, r) == 0) {
+- /* a match */
+- ldns_rr_list_push_rr(subtyped,
+- ldns_rr_clone(ldns_rr_list_rr(l, i)));
+- }
+- }
+-
+- if (ldns_rr_list_rr_count(subtyped) > 0) {
+- return subtyped;
+- } else {
+- ldns_rr_list_free(subtyped);
+- return NULL;
+- }
+-}
+-
+-bool
+-ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr)
+-{
+- size_t rr_count;
+- size_t cap;
+-
+- rr_count = ldns_rr_list_rr_count(rr_list);
+- cap = rr_list->_rr_capacity;
+-
+- /* grow the array */
+- if(rr_count+1 > cap) {
+- ldns_rr **rrs;
+-
+- if(cap == 0)
+- cap = LDNS_RRLIST_INIT; /* initial list size */
+- else cap *= 2;
+- rrs = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap);
+- if (!rrs) {
+- return false;
+- }
+- rr_list->_rrs = rrs;
+- rr_list->_rr_capacity = cap;
+- }
+-
+- /* add the new member */
+- rr_list->_rrs[rr_count] = (ldns_rr*)rr;
+-
+- ldns_rr_list_set_rr_count(rr_list, rr_count + 1);
+- return true;
+-}
+-
+-bool
+-ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list)
+-{
+- size_t i;
+-
+- for(i = 0; i < ldns_rr_list_rr_count(push_list); i++) {
+- if (!ldns_rr_list_push_rr(rr_list,
+- ldns_rr_list_rr(push_list, i))) {
+- return false;
+- }
+- }
+- return true;
+-}
+-
+-ldns_rr *
+-ldns_rr_list_pop_rr(ldns_rr_list *rr_list)
+-{
+- size_t rr_count;
+- size_t cap;
+- ldns_rr *pop;
+-
+- rr_count = ldns_rr_list_rr_count(rr_list);
+-
+- if (rr_count == 0) {
+- return NULL;
+- }
+-
+- cap = rr_list->_rr_capacity;
+- pop = ldns_rr_list_rr(rr_list, rr_count - 1);
+-
+- /* shrink the array */
+- if(cap > LDNS_RRLIST_INIT && rr_count-1 <= cap/2) {
+- ldns_rr** a;
+- cap /= 2;
+- a = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap);
+- if(a) {
+- rr_list->_rrs = a;
+- rr_list->_rr_capacity = cap;
+- }
+- }
+-
+- ldns_rr_list_set_rr_count(rr_list, rr_count - 1);
+-
+- return pop;
+-}
+-
+-ldns_rr_list *
+-ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t howmany)
+-{
+- /* pop a number of rr's and put them in a rr_list */
+- ldns_rr_list *popped;
+- ldns_rr *p;
+- size_t i = howmany;
+-
+- popped = ldns_rr_list_new();
+-
+- if (!popped) {
+- return NULL;
+- }
+-
+-
+- while(i > 0 &&
+- (p = ldns_rr_list_pop_rr(rr_list)) != NULL) {
+- ldns_rr_list_push_rr(popped, p);
+- i--;
+- }
+-
+- if (i == howmany) { /* so i <= 0 */
+- ldns_rr_list_free(popped);
+- return NULL;
+- } else {
+- return popped;
+- }
+-}
+-
+-
+-bool
+-ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr)
+-{
+- size_t i;
+-
+- if (!rr_list || !rr || ldns_rr_list_rr_count(rr_list) == 0) {
+- return false;
+- }
+-
+- for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
+- if (rr == ldns_rr_list_rr(rr_list, i)) {
+- return true;
+- } else if (ldns_rr_compare(rr, ldns_rr_list_rr(rr_list, i)) == 0) {
+- return true;
+- }
+- }
+- return false;
+-}
+-
+-bool
+-ldns_is_rrset(ldns_rr_list *rr_list)
+-{
+- ldns_rr_type t;
+- ldns_rr_class c;
+- ldns_rdf *o;
+- ldns_rr *tmp;
+- size_t i;
+-
+- if (!rr_list || ldns_rr_list_rr_count(rr_list) == 0) {
+- return false;
+- }
+-
+- tmp = ldns_rr_list_rr(rr_list, 0);
+-
+- t = ldns_rr_get_type(tmp);
+- c = ldns_rr_get_class(tmp);
+- o = ldns_rr_owner(tmp);
+-
+- /* compare these with the rest of the rr_list, start with 1 */
+- for (i = 1; i < ldns_rr_list_rr_count(rr_list); i++) {
+- tmp = ldns_rr_list_rr(rr_list, i);
+- if (t != ldns_rr_get_type(tmp)) {
+- return false;
+- }
+- if (c != ldns_rr_get_class(tmp)) {
+- return false;
+- }
+- if (ldns_rdf_compare(o, ldns_rr_owner(tmp)) != 0) {
+- return false;
+- }
+- }
+- return true;
+-}
+-
+-bool
+-ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr)
+-{
+- size_t rr_count;
+- size_t i;
+- ldns_rr *last;
+-
+- assert(rr != NULL);
+-
+- rr_count = ldns_rr_list_rr_count(rr_list);
+-
+- if (rr_count == 0) {
+- /* nothing there, so checking it is
+- * not needed */
+- return ldns_rr_list_push_rr(rr_list, rr);
+- } else {
+- /* check with the final rr in the rr_list */
+- last = ldns_rr_list_rr(rr_list, rr_count - 1);
+-
+- if (ldns_rr_get_class(last) != ldns_rr_get_class(rr)) {
+- return false;
+- }
+- if (ldns_rr_get_type(last) != ldns_rr_get_type(rr)) {
+- return false;
+- }
+- /* only check if not equal to RRSIG */
+- if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) {
+- if (ldns_rr_ttl(last) != ldns_rr_ttl(rr)) {
+- return false;
+- }
+- }
+- if (ldns_rdf_compare(ldns_rr_owner(last),
+- ldns_rr_owner(rr)) != 0) {
+- return false;
+- }
+- /* ok, still alive - check if the rr already
+- * exists - if so, dont' add it */
+- for(i = 0; i < rr_count; i++) {
+- if(ldns_rr_compare(
+- ldns_rr_list_rr(rr_list, i), rr) == 0) {
+- return false;
+- }
+- }
+- /* it's safe, push it */
+- return ldns_rr_list_push_rr(rr_list, rr);
+- }
+-}
+-
+-ldns_rr *
+-ldns_rr_set_pop_rr(ldns_rr_list *rr_list)
+-{
+- return ldns_rr_list_pop_rr(rr_list);
+-}
+-
+-ldns_rr_list *
+-ldns_rr_list_pop_rrset(ldns_rr_list *rr_list)
+-{
+- ldns_rr_list *rrset;
+- ldns_rr *last_rr = NULL;
+- ldns_rr *next_rr;
+-
+- if (!rr_list) {
+- return NULL;
+- }
+-
+- rrset = ldns_rr_list_new();
+- if (!last_rr) {
+- last_rr = ldns_rr_list_pop_rr(rr_list);
+- if (!last_rr) {
+- ldns_rr_list_free(rrset);
+- return NULL;
+- } else {
+- ldns_rr_list_push_rr(rrset, last_rr);
+- }
+- }
+-
+- if (ldns_rr_list_rr_count(rr_list) > 0) {
+- next_rr = ldns_rr_list_rr(rr_list, ldns_rr_list_rr_count(rr_list) - 1);
+- } else {
+- next_rr = NULL;
+- }
+-
+- while (next_rr) {
+- if (
+- ldns_rdf_compare(ldns_rr_owner(next_rr),
+- ldns_rr_owner(last_rr)) == 0
+- &&
+- ldns_rr_get_type(next_rr) == ldns_rr_get_type(last_rr)
+- &&
+- ldns_rr_get_class(next_rr) == ldns_rr_get_class(last_rr)
+- ) {
+- ldns_rr_list_push_rr(rrset, ldns_rr_list_pop_rr(rr_list));
+- if (ldns_rr_list_rr_count(rr_list) > 0) {
+- last_rr = next_rr;
+- next_rr = ldns_rr_list_rr(rr_list, ldns_rr_list_rr_count(rr_list) - 1);
+- } else {
+- next_rr = NULL;
+- }
+- } else {
+- next_rr = NULL;
+- }
+- }
+-
+- return rrset;
+-}
+-
+-ldns_rr *
+-ldns_rr_clone(const ldns_rr *rr)
+-{
+- size_t i;
+- ldns_rr *new_rr;
+-
+- if (!rr) {
+- return NULL;
+- }
+-
+- new_rr = ldns_rr_new();
+- if (!new_rr) {
+- return NULL;
+- }
+- if (ldns_rr_owner(rr)) {
+- ldns_rr_set_owner(new_rr, ldns_rdf_clone(ldns_rr_owner(rr)));
+- }
+- ldns_rr_set_ttl(new_rr, ldns_rr_ttl(rr));
+- ldns_rr_set_type(new_rr, ldns_rr_get_type(rr));
+- ldns_rr_set_class(new_rr, ldns_rr_get_class(rr));
+- ldns_rr_set_question(new_rr, ldns_rr_is_question(rr));
+-
+- for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+- if (ldns_rr_rdf(rr,i)) {
+- ldns_rr_push_rdf(new_rr, ldns_rdf_clone(ldns_rr_rdf(rr, i)));
+- }
+- }
+-
+- return new_rr;
+-}
+-
+-ldns_rr_list *
+-ldns_rr_list_clone(const ldns_rr_list *rrlist)
+-{
+- size_t i;
+- ldns_rr_list *new_list;
+- ldns_rr *r;
+-
+- if (!rrlist) {
+- return NULL;
+- }
+-
+- new_list = ldns_rr_list_new();
+- if (!new_list) {
+- return NULL;
+- }
+- for (i = 0; i < ldns_rr_list_rr_count(rrlist); i++) {
+- r = ldns_rr_clone(
+- ldns_rr_list_rr(rrlist, i)
+- );
+- if (!r) {
+- /* huh, failure in cloning */
+- ldns_rr_list_deep_free(new_list);
+- return NULL;
+- }
+- ldns_rr_list_push_rr(new_list, r);
+- }
+- return new_list;
+-}
+-
+-
+-static int
+-qsort_schwartz_rr_compare(const void *a, const void *b)
+-{
+- int result = 0;
+- ldns_rr *rr1, *rr2;
+- ldns_buffer *rr1_buf, *rr2_buf;
+- struct ldns_schwartzian_compare_struct *sa = *(struct ldns_schwartzian_compare_struct **) a;
+- struct ldns_schwartzian_compare_struct *sb = *(struct ldns_schwartzian_compare_struct **) b;
+- /* if we are doing 2wire, we need to do lowercasing on the dname (and maybe on the rdata)
+- * this must be done for comparison only, so we need to have a temp var for both buffers,
+- * which is only used when the transformed object value isn't there yet
+- */
+- ldns_rr *canonical_a, *canonical_b;
+-
+- rr1 = (ldns_rr *) sa->original_object;
+- rr2 = (ldns_rr *) sb->original_object;
+-
+- result = ldns_rr_compare_no_rdata(rr1, rr2);
+-
+- if (result == 0) {
+- if (!sa->transformed_object) {
+- canonical_a = ldns_rr_clone(sa->original_object);
+- ldns_rr2canonical(canonical_a);
+- sa->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_a));
+- if (ldns_rr2buffer_wire(sa->transformed_object, canonical_a, LDNS_SECTION_ANY) != LDNS_STATUS_OK) {
+- ldns_buffer_free((ldns_buffer *)sa->transformed_object);
+- sa->transformed_object = NULL;
+- ldns_rr_free(canonical_a);
+- return 0;
+- }
+- ldns_rr_free(canonical_a);
+- }
+- if (!sb->transformed_object) {
+- canonical_b = ldns_rr_clone(sb->original_object);
+- ldns_rr2canonical(canonical_b);
+- sb->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_b));
+- if (ldns_rr2buffer_wire(sb->transformed_object, canonical_b, LDNS_SECTION_ANY) != LDNS_STATUS_OK) {
+- ldns_buffer_free((ldns_buffer *)sa->transformed_object);
+- ldns_buffer_free((ldns_buffer *)sb->transformed_object);
+- sa->transformed_object = NULL;
+- sb->transformed_object = NULL;
+- ldns_rr_free(canonical_b);
+- return 0;
+- }
+- ldns_rr_free(canonical_b);
+- }
+- rr1_buf = (ldns_buffer *) sa->transformed_object;
+- rr2_buf = (ldns_buffer *) sb->transformed_object;
+-
+- result = ldns_rr_compare_wire(rr1_buf, rr2_buf);
+- }
+-
+- return result;
+-}
+-
+-void
+-ldns_rr_list_sort(ldns_rr_list *unsorted)
+-{
+- struct ldns_schwartzian_compare_struct **sortables;
+- size_t item_count;
+- size_t i;
+-
+- if (unsorted) {
+- item_count = ldns_rr_list_rr_count(unsorted);
+-
+- sortables = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct *,
+- item_count);
+- if(!sortables) return; /* no way to return error */
+- for (i = 0; i < item_count; i++) {
+- sortables[i] = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct, 1);
+- if(!sortables[i]) {
+- /* free the allocated parts */
+- while(i>0) {
+- i--;
+- LDNS_FREE(sortables[i]);
+- }
+- /* no way to return error */
+- LDNS_FREE(sortables);
+- return;
+- }
+- sortables[i]->original_object = ldns_rr_list_rr(unsorted, i);
+- sortables[i]->transformed_object = NULL;
+- }
+- qsort(sortables,
+- item_count,
+- sizeof(struct ldns_schwartzian_compare_struct *),
+- qsort_schwartz_rr_compare);
+- for (i = 0; i < item_count; i++) {
+- unsorted->_rrs[i] = sortables[i]->original_object;
+- if (sortables[i]->transformed_object) {
+- ldns_buffer_free(sortables[i]->transformed_object);
+- }
+- LDNS_FREE(sortables[i]);
+- }
+- LDNS_FREE(sortables);
+- }
+-}
+-
+-int
+-ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2)
+-{
+- size_t rr1_len;
+- size_t rr2_len;
+- size_t offset;
+-
+- assert(rr1 != NULL);
+- assert(rr2 != NULL);
+-
+- rr1_len = ldns_rr_uncompressed_size(rr1);
+- rr2_len = ldns_rr_uncompressed_size(rr2);
+-
+- if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) < 0) {
+- return -1;
+- } else if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) > 0) {
+- return 1;
+- }
+-
+- /* should return -1 if rr1 comes before rr2, so need to do rr1 - rr2, not rr2 - rr1 */
+- if (ldns_rr_get_class(rr1) != ldns_rr_get_class(rr2)) {
+- return ldns_rr_get_class(rr1) - ldns_rr_get_class(rr2);
+- }
+-
+- /* should return -1 if rr1 comes before rr2, so need to do rr1 - rr2, not rr2 - rr1 */
+- if (ldns_rr_get_type(rr1) != ldns_rr_get_type(rr2)) {
+- return ldns_rr_get_type(rr1) - ldns_rr_get_type(rr2);
+- }
+-
+- /* offset is the owername length + ttl + type + class + rdlen == start of wire format rdata */
+- offset = ldns_rdf_size(ldns_rr_owner(rr1)) + 4 + 2 + 2 + 2;
+- /* if either record doesn't have any RDATA... */
+- if (offset > rr1_len || offset > rr2_len) {
+- if (rr1_len == rr2_len) {
+- return 0;
+- }
+- return ((int) rr2_len - (int) rr1_len);
+- }
+-
+- return 0;
+-}
+-
+-int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf)
+-{
+- size_t rr1_len, rr2_len, min_len, i, offset;
+-
+- rr1_len = ldns_buffer_capacity(rr1_buf);
+- rr2_len = ldns_buffer_capacity(rr2_buf);
+-
+- /* jump past dname (checked in earlier part)
+- * and especially past TTL */
+- offset = 0;
+- while (offset < rr1_len && *ldns_buffer_at(rr1_buf, offset) != 0) {
+- offset += *ldns_buffer_at(rr1_buf, offset) + 1;
+- }
+- /* jump to rdata section (PAST the rdata length field, otherwise
+- rrs with different lengths might be sorted erroneously */
+- offset += 11;
+- min_len = (rr1_len < rr2_len) ? rr1_len : rr2_len;
+- /* Compare RRs RDATA byte for byte. */
+- for(i = offset; i < min_len; i++) {
+- if (*ldns_buffer_at(rr1_buf,i) < *ldns_buffer_at(rr2_buf,i)) {
+- return -1;
+- } else if (*ldns_buffer_at(rr1_buf,i) > *ldns_buffer_at(rr2_buf,i)) {
+- return +1;
+- }
+- }
+-
+- /* If both RDATAs are the same up to min_len, then the shorter one sorts first. */
+- if (rr1_len < rr2_len) {
+- return -1;
+- } else if (rr1_len > rr2_len) {
+- return +1;
+- }
+- /* The RDATAs are equal. */
+- return 0;
+-
+-}
+-
+-int
+-ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2)
+-{
+- int result;
+- size_t rr1_len, rr2_len;
+-
+- ldns_buffer *rr1_buf;
+- ldns_buffer *rr2_buf;
+-
+- result = ldns_rr_compare_no_rdata(rr1, rr2);
+- if (result == 0) {
+- rr1_len = ldns_rr_uncompressed_size(rr1);
+- rr2_len = ldns_rr_uncompressed_size(rr2);
+-
+- rr1_buf = ldns_buffer_new(rr1_len);
+- rr2_buf = ldns_buffer_new(rr2_len);
+-
+- if (ldns_rr2buffer_wire_canonical(rr1_buf,
+- rr1,
+- LDNS_SECTION_ANY)
+- != LDNS_STATUS_OK) {
+- ldns_buffer_free(rr1_buf);
+- ldns_buffer_free(rr2_buf);
+- return 0;
+- }
+- if (ldns_rr2buffer_wire_canonical(rr2_buf,
+- rr2,
+- LDNS_SECTION_ANY)
+- != LDNS_STATUS_OK) {
+- ldns_buffer_free(rr1_buf);
+- ldns_buffer_free(rr2_buf);
+- return 0;
+- }
+-
+- result = ldns_rr_compare_wire(rr1_buf, rr2_buf);
+-
+- ldns_buffer_free(rr1_buf);
+- ldns_buffer_free(rr2_buf);
+- }
+-
+- return result;
+-}
+-
+-/* convert dnskey to a ds with the given algorithm,
+- * then compare the result with the given ds */
+-static int
+-ldns_rr_compare_ds_dnskey(ldns_rr *ds,
+- ldns_rr *dnskey)
+-{
+- ldns_rr *ds_gen;
+- bool result = false;
+- ldns_hash algo;
+-
+- if (!dnskey || !ds ||
+- ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS ||
+- ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_DNSKEY) {
+- return false;
+- }
+-
+- if (ldns_rr_rdf(ds, 2) == NULL) {
+- return false;
+- }
+- algo = ldns_rdf2native_int8(ldns_rr_rdf(ds, 2));
+-
+- ds_gen = ldns_key_rr2ds(dnskey, algo);
+- if (ds_gen) {
+- result = ldns_rr_compare(ds, ds_gen) == 0;
+- ldns_rr_free(ds_gen);
+- }
+- return result;
+-}
+-
+-bool
+-ldns_rr_compare_ds(const ldns_rr *orr1, const ldns_rr *orr2)
+-{
+- bool result;
+- ldns_rr *rr1 = ldns_rr_clone(orr1);
+- ldns_rr *rr2 = ldns_rr_clone(orr2);
+-
+- /* set ttls to zero */
+- ldns_rr_set_ttl(rr1, 0);
+- ldns_rr_set_ttl(rr2, 0);
+-
+- if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DS &&
+- ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DNSKEY) {
+- result = ldns_rr_compare_ds_dnskey(rr1, rr2);
+- } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DNSKEY &&
+- ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DS) {
+- result = ldns_rr_compare_ds_dnskey(rr2, rr1);
+- } else {
+- result = (ldns_rr_compare(rr1, rr2) == 0);
+- }
+-
+- ldns_rr_free(rr1);
+- ldns_rr_free(rr2);
+-
+- return result;
+-}
+-
+-int
+-ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2)
+-{
+- size_t i = 0;
+- int rr_cmp;
+-
+- assert(rrl1 != NULL);
+- assert(rrl2 != NULL);
+-
+- for (i = 0; i < ldns_rr_list_rr_count(rrl1) && i < ldns_rr_list_rr_count(rrl2); i++) {
+- rr_cmp = ldns_rr_compare(ldns_rr_list_rr(rrl1, i), ldns_rr_list_rr(rrl2, i));
+- if (rr_cmp != 0) {
+- return rr_cmp;
+- }
+- }
+-
+- if (i == ldns_rr_list_rr_count(rrl1) &&
+- i != ldns_rr_list_rr_count(rrl2)) {
+- return 1;
+- } else if (i == ldns_rr_list_rr_count(rrl2) &&
+- i != ldns_rr_list_rr_count(rrl1)) {
+- return -1;
+- } else {
+- return 0;
+- }
+-}
+-
+-size_t
+-ldns_rr_uncompressed_size(const ldns_rr *r)
+-{
+- size_t rrsize;
+- size_t i;
+-
+- rrsize = 0;
+- /* add all the rdf sizes */
+- for(i = 0; i < ldns_rr_rd_count(r); i++) {
+- rrsize += ldns_rdf_size(ldns_rr_rdf(r, i));
+- }
+- /* ownername */
+- rrsize += ldns_rdf_size(ldns_rr_owner(r));
+- rrsize += LDNS_RR_OVERHEAD;
+- return rrsize;
+-}
+-
+-void
+-ldns_rr2canonical(ldns_rr *rr)
+-{
+- uint16_t i;
+-
+- if (!rr) {
+- return;
+- }
+-
+- ldns_dname2canonical(ldns_rr_owner(rr));
+-
+- /*
+- * lowercase the rdata dnames if the rr type is one
+- * of the list in chapter 7 of RFC3597
+- * Also added RRSIG, because a "Signer's Name" should be canonicalized
+- * too. See dnssec-bis-updates-16. We can add it to this list because
+- * the "Signer's Name" is the only dname type rdata field in a RRSIG.
+- */
+- switch(ldns_rr_get_type(rr)) {
+- case LDNS_RR_TYPE_NS:
+- case LDNS_RR_TYPE_MD:
+- case LDNS_RR_TYPE_MF:
+- case LDNS_RR_TYPE_CNAME:
+- case LDNS_RR_TYPE_SOA:
+- case LDNS_RR_TYPE_MB:
+- case LDNS_RR_TYPE_MG:
+- case LDNS_RR_TYPE_MR:
+- case LDNS_RR_TYPE_PTR:
+- case LDNS_RR_TYPE_MINFO:
+- case LDNS_RR_TYPE_MX:
+- case LDNS_RR_TYPE_RP:
+- case LDNS_RR_TYPE_AFSDB:
+- case LDNS_RR_TYPE_RT:
+- case LDNS_RR_TYPE_SIG:
+- case LDNS_RR_TYPE_PX:
+- case LDNS_RR_TYPE_NXT:
+- case LDNS_RR_TYPE_NAPTR:
+- case LDNS_RR_TYPE_KX:
+- case LDNS_RR_TYPE_SRV:
+- case LDNS_RR_TYPE_DNAME:
+- case LDNS_RR_TYPE_A6:
+- case LDNS_RR_TYPE_RRSIG:
+- for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+- ldns_dname2canonical(ldns_rr_rdf(rr, i));
+- }
+- return;
+- default:
+- /* do nothing */
+- return;
+- }
+-}
+-
+-void
+-ldns_rr_list2canonical(ldns_rr_list *rr_list)
+-{
+- size_t i;
+- for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
+- ldns_rr2canonical(ldns_rr_list_rr(rr_list, i));
+- }
+-}
+-
+-uint8_t
+-ldns_rr_label_count(ldns_rr *rr)
+-{
+- if (!rr) {
+- return 0;
+- }
+- return ldns_dname_label_count(
+- ldns_rr_owner(rr));
+-}
+-
+-/** \cond */
+-static const ldns_rdf_type type_0_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN };
+-static const ldns_rdf_type type_a_wireformat[] = { LDNS_RDF_TYPE_A };
+-static const ldns_rdf_type type_ns_wireformat[] = { LDNS_RDF_TYPE_DNAME };
+-static const ldns_rdf_type type_md_wireformat[] = { LDNS_RDF_TYPE_DNAME };
+-static const ldns_rdf_type type_mf_wireformat[] = { LDNS_RDF_TYPE_DNAME };
+-static const ldns_rdf_type type_cname_wireformat[] = { LDNS_RDF_TYPE_DNAME };
+-static const ldns_rdf_type type_soa_wireformat[] = {
+- LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_INT32,
+- LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD,
+- LDNS_RDF_TYPE_PERIOD
+-};
+-static const ldns_rdf_type type_mb_wireformat[] = { LDNS_RDF_TYPE_DNAME };
+-static const ldns_rdf_type type_mg_wireformat[] = { LDNS_RDF_TYPE_DNAME };
+-static const ldns_rdf_type type_mr_wireformat[] = { LDNS_RDF_TYPE_DNAME };
+-static const ldns_rdf_type type_wks_wireformat[] = {
+- LDNS_RDF_TYPE_A, LDNS_RDF_TYPE_WKS
+-};
+-static const ldns_rdf_type type_ptr_wireformat[] = { LDNS_RDF_TYPE_DNAME };
+-static const ldns_rdf_type type_hinfo_wireformat[] = {
+- LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR
+-};
+-static const ldns_rdf_type type_minfo_wireformat[] = {
+- LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME
+-};
+-static const ldns_rdf_type type_mx_wireformat[] = {
+- LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
+-};
+-static const ldns_rdf_type type_rp_wireformat[] = {
+- LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME
+-};
+-static const ldns_rdf_type type_afsdb_wireformat[] = {
+- LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
+-};
+-static const ldns_rdf_type type_x25_wireformat[] = { LDNS_RDF_TYPE_STR };
+-static const ldns_rdf_type type_isdn_wireformat[] = {
+- LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR
+-};
+-static const ldns_rdf_type type_rt_wireformat[] = {
+- LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
+-};
+-static const ldns_rdf_type type_nsap_wireformat[] = {
+- LDNS_RDF_TYPE_NSAP
+-};
+-static const ldns_rdf_type type_nsap_ptr_wireformat[] = {
+- LDNS_RDF_TYPE_STR
+-};
+-static const ldns_rdf_type type_sig_wireformat[] = {
+- LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32,
+- LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64
+-};
+-static const ldns_rdf_type type_key_wireformat[] = {
+- LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64
+-};
+-static const ldns_rdf_type type_px_wireformat[] = {
+- LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME
+-};
+-static const ldns_rdf_type type_gpos_wireformat[] = {
+- LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR
+-};
+-static const ldns_rdf_type type_aaaa_wireformat[] = { LDNS_RDF_TYPE_AAAA };
+-static const ldns_rdf_type type_loc_wireformat[] = { LDNS_RDF_TYPE_LOC };
+-static const ldns_rdf_type type_nxt_wireformat[] = {
+- LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_UNKNOWN
+-};
+-static const ldns_rdf_type type_eid_wireformat[] = {
+- LDNS_RDF_TYPE_HEX
+-};
+-static const ldns_rdf_type type_nimloc_wireformat[] = {
+- LDNS_RDF_TYPE_HEX
+-};
+-static const ldns_rdf_type type_srv_wireformat[] = {
+- LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
+-};
+-static const ldns_rdf_type type_atma_wireformat[] = {
+- LDNS_RDF_TYPE_ATMA
+-};
+-static const ldns_rdf_type type_naptr_wireformat[] = {
+- LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_DNAME
+-};
+-static const ldns_rdf_type type_kx_wireformat[] = {
+- LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
+-};
+-static const ldns_rdf_type type_cert_wireformat[] = {
+- LDNS_RDF_TYPE_CERT_ALG, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_B64
+-};
+-static const ldns_rdf_type type_a6_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN };
+-static const ldns_rdf_type type_dname_wireformat[] = { LDNS_RDF_TYPE_DNAME };
+-static const ldns_rdf_type type_sink_wireformat[] = { LDNS_RDF_TYPE_INT8,
+- LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64
+-};
+-static const ldns_rdf_type type_apl_wireformat[] = {
+- LDNS_RDF_TYPE_APL
+-};
+-static const ldns_rdf_type type_ds_wireformat[] = {
+- LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX
+-};
+-static const ldns_rdf_type type_sshfp_wireformat[] = {
+- LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX
+-};
+-static const ldns_rdf_type type_ipseckey_wireformat[] = {
+- LDNS_RDF_TYPE_IPSECKEY
+-};
+-static const ldns_rdf_type type_rrsig_wireformat[] = {
+- LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32,
+- LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64
+-};
+-static const ldns_rdf_type type_nsec_wireformat[] = {
+- LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_NSEC
+-};
+-static const ldns_rdf_type type_dhcid_wireformat[] = {
+- LDNS_RDF_TYPE_B64
+-};
+-static const ldns_rdf_type type_talink_wireformat[] = {
+- LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME
+-};
+-/*@unused@*/ static const ldns_rdf_type type_openpgpkey_wireformat[] = {
+- LDNS_RDF_TYPE_B64
+-};
+-/* nsec3 is some vars, followed by same type of data of nsec */
+-static const ldns_rdf_type type_nsec3_wireformat[] = {
+-/* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/
+- LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC3_SALT, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC
+-};
+-
+-static const ldns_rdf_type type_nsec3param_wireformat[] = {
+-/* LDNS_RDF_TYPE_NSEC3_PARAMS_VARS*/
+- LDNS_RDF_TYPE_INT8,
+- LDNS_RDF_TYPE_INT8,
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_NSEC3_SALT
+-};
+-
+-static const ldns_rdf_type type_dnskey_wireformat[] = {
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_INT8,
+- LDNS_RDF_TYPE_ALG,
+- LDNS_RDF_TYPE_B64
+-};
+-static const ldns_rdf_type type_tkey_wireformat[] = {
+- LDNS_RDF_TYPE_DNAME,
+- LDNS_RDF_TYPE_TIME,
+- LDNS_RDF_TYPE_TIME,
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_INT16_DATA,
+- LDNS_RDF_TYPE_INT16_DATA,
+-};
+-static const ldns_rdf_type type_tsig_wireformat[] = {
+- LDNS_RDF_TYPE_DNAME,
+- LDNS_RDF_TYPE_TSIGTIME,
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_INT16_DATA,
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_INT16_DATA
+-};
+-static const ldns_rdf_type type_tlsa_wireformat[] = {
+- LDNS_RDF_TYPE_CERTIFICATE_USAGE,
+- LDNS_RDF_TYPE_SELECTOR,
+- LDNS_RDF_TYPE_MATCHING_TYPE,
+- LDNS_RDF_TYPE_HEX
+-};
+-static const ldns_rdf_type type_hip_wireformat[] = {
+- LDNS_RDF_TYPE_HIP
+-};
+-static const ldns_rdf_type type_nid_wireformat[] = {
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_ILNP64
+-};
+-static const ldns_rdf_type type_l32_wireformat[] = {
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_A
+-};
+-static const ldns_rdf_type type_l64_wireformat[] = {
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_ILNP64
+-};
+-static const ldns_rdf_type type_lp_wireformat[] = {
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_DNAME
+-};
+-static const ldns_rdf_type type_eui48_wireformat[] = {
+- LDNS_RDF_TYPE_EUI48
+-};
+-static const ldns_rdf_type type_eui64_wireformat[] = {
+- LDNS_RDF_TYPE_EUI64
+-};
+-#ifdef RRTYPE_URI
+-static const ldns_rdf_type type_uri_wireformat[] = {
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_INT16,
+- LDNS_RDF_TYPE_LONG_STR
+-};
+-#endif
+-static const ldns_rdf_type type_caa_wireformat[] = {
+- LDNS_RDF_TYPE_INT8,
+- LDNS_RDF_TYPE_TAG,
+- LDNS_RDF_TYPE_LONG_STR
+-};
+-/** \endcond */
+-
+-/** \cond */
+-/* All RR's defined in 1035 are well known and can thus
+- * be compressed. See RFC3597. These RR's are:
+- * CNAME HINFO MB MD MF MG MINFO MR MX NULL NS PTR SOA TXT
+- */
+-static ldns_rr_descriptor rdata_field_descriptors[] = {
+- /* 0 */
+- { 0, NULL, 0, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 1 */
+- {LDNS_RR_TYPE_A, "A", 1, 1, type_a_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 2 */
+- {LDNS_RR_TYPE_NS, "NS", 1, 1, type_ns_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
+- /* 3 */
+- {LDNS_RR_TYPE_MD, "MD", 1, 1, type_md_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
+- /* 4 */
+- {LDNS_RR_TYPE_MF, "MF", 1, 1, type_mf_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
+- /* 5 */
+- {LDNS_RR_TYPE_CNAME, "CNAME", 1, 1, type_cname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
+- /* 6 */
+- {LDNS_RR_TYPE_SOA, "SOA", 7, 7, type_soa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 },
+- /* 7 */
+- {LDNS_RR_TYPE_MB, "MB", 1, 1, type_mb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
+- /* 8 */
+- {LDNS_RR_TYPE_MG, "MG", 1, 1, type_mg_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
+- /* 9 */
+- {LDNS_RR_TYPE_MR, "MR", 1, 1, type_mr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
+- /* 10 */
+- {LDNS_RR_TYPE_NULL, "NULL", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 11 */
+- {LDNS_RR_TYPE_WKS, "WKS", 2, 2, type_wks_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 12 */
+- {LDNS_RR_TYPE_PTR, "PTR", 1, 1, type_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
+- /* 13 */
+- {LDNS_RR_TYPE_HINFO, "HINFO", 2, 2, type_hinfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 14 */
+- {LDNS_RR_TYPE_MINFO, "MINFO", 2, 2, type_minfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 },
+- /* 15 */
+- {LDNS_RR_TYPE_MX, "MX", 2, 2, type_mx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 },
+- /* 16 */
+- {LDNS_RR_TYPE_TXT, "TXT", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 },
+- /* 17 */
+- {LDNS_RR_TYPE_RP, "RP", 2, 2, type_rp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 },
+- /* 18 */
+- {LDNS_RR_TYPE_AFSDB, "AFSDB", 2, 2, type_afsdb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 19 */
+- {LDNS_RR_TYPE_X25, "X25", 1, 1, type_x25_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 20 */
+- {LDNS_RR_TYPE_ISDN, "ISDN", 1, 2, type_isdn_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 21 */
+- {LDNS_RR_TYPE_RT, "RT", 2, 2, type_rt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 22 */
+- {LDNS_RR_TYPE_NSAP, "NSAP", 1, 1, type_nsap_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 23 */
+- {LDNS_RR_TYPE_NSAP_PTR, "NSAP-PTR", 1, 1, type_nsap_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 24 */
+- {LDNS_RR_TYPE_SIG, "SIG", 9, 9, type_sig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 25 */
+- {LDNS_RR_TYPE_KEY, "KEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 26 */
+- {LDNS_RR_TYPE_PX, "PX", 3, 3, type_px_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 },
+- /* 27 */
+- {LDNS_RR_TYPE_GPOS, "GPOS", 3, 3, type_gpos_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 28 */
+- {LDNS_RR_TYPE_AAAA, "AAAA", 1, 1, type_aaaa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 29 */
+- {LDNS_RR_TYPE_LOC, "LOC", 1, 1, type_loc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 30 */
+- {LDNS_RR_TYPE_NXT, "NXT", 2, 2, type_nxt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 31 */
+- {LDNS_RR_TYPE_EID, "EID", 1, 1, type_eid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 32 */
+- {LDNS_RR_TYPE_NIMLOC, "NIMLOC", 1, 1, type_nimloc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 33 */
+- {LDNS_RR_TYPE_SRV, "SRV", 4, 4, type_srv_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 34 */
+- {LDNS_RR_TYPE_ATMA, "ATMA", 1, 1, type_atma_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 35 */
+- {LDNS_RR_TYPE_NAPTR, "NAPTR", 6, 6, type_naptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 36 */
+- {LDNS_RR_TYPE_KX, "KX", 2, 2, type_kx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 37 */
+- {LDNS_RR_TYPE_CERT, "CERT", 4, 4, type_cert_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 38 */
+- {LDNS_RR_TYPE_A6, "A6", 1, 1, type_a6_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 39 */
+- {LDNS_RR_TYPE_DNAME, "DNAME", 1, 1, type_dname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 40 */
+- {LDNS_RR_TYPE_SINK, "SINK", 1, 1, type_sink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 41 */
+- {LDNS_RR_TYPE_OPT, "OPT", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 42 */
+- {LDNS_RR_TYPE_APL, "APL", 0, 0, type_apl_wireformat, LDNS_RDF_TYPE_APL, LDNS_RR_NO_COMPRESS, 0 },
+- /* 43 */
+- {LDNS_RR_TYPE_DS, "DS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 44 */
+- {LDNS_RR_TYPE_SSHFP, "SSHFP", 3, 3, type_sshfp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 45 */
+- {LDNS_RR_TYPE_IPSECKEY, "IPSECKEY", 1, 1, type_ipseckey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 46 */
+- {LDNS_RR_TYPE_RRSIG, "RRSIG", 9, 9, type_rrsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 47 */
+- {LDNS_RR_TYPE_NSEC, "NSEC", 1, 2, type_nsec_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 48 */
+- {LDNS_RR_TYPE_DNSKEY, "DNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 49 */
+- {LDNS_RR_TYPE_DHCID, "DHCID", 1, 1, type_dhcid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 50 */
+- {LDNS_RR_TYPE_NSEC3, "NSEC3", 5, 6, type_nsec3_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 51 */
+- {LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 52 */
+- {LDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-
+-{LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-
+- /* 55
+- * Hip ends with 0 or more Rendezvous Servers represented as dname's.
+- * Hence the LDNS_RDF_TYPE_DNAME _variable field and the _maximum field
+- * set to 0.
+- */
+- {LDNS_RR_TYPE_HIP, "HIP", 1, 1, type_hip_wireformat, LDNS_RDF_TYPE_DNAME, LDNS_RR_NO_COMPRESS, 0 },
+-
+-#ifdef RRTYPE_NINFO
+- /* 56 */
+- {LDNS_RR_TYPE_NINFO, "NINFO", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 },
+-#else
+-{LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-#endif
+-#ifdef RRTYPE_RKEY
+- /* 57 */
+- {LDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-#else
+-{LDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-#endif
+- /* 58 */
+- {LDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 },
+-
+- /* 59 */
+- {LDNS_RR_TYPE_CDS, "CDS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 60 */
+- {LDNS_RR_TYPE_CDNSKEY, "CDNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-
+-#ifdef RRTYPE_OPENPGPKEY
+- /* 61 */
+- {LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-#else
+-{LDNS_RR_TYPE_NULL, "TYPE61", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-#endif
+-
+-{LDNS_RR_TYPE_NULL, "TYPE62", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE72", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE73", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE74", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE75", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE76", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE77", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE78", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE79", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE80", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE81", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE82", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE83", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE84", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE85", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE86", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE87", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE88", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE89", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE90", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE91", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE92", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE93", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE94", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE95", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE96", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE97", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE98", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-
+- /* 99 */
+- {LDNS_RR_TYPE_SPF, "SPF", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 },
+-
+- /* UINFO [IANA-Reserved] */
+-{LDNS_RR_TYPE_NULL, "TYPE100", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* UID [IANA-Reserved] */
+-{LDNS_RR_TYPE_NULL, "TYPE101", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* GID [IANA-Reserved] */
+-{LDNS_RR_TYPE_NULL, "TYPE102", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* UNSPEC [IANA-Reserved] */
+-{LDNS_RR_TYPE_NULL, "TYPE103", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-
+- /* 104 */
+- {LDNS_RR_TYPE_NID, "NID", 2, 2, type_nid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 105 */
+- {LDNS_RR_TYPE_L32, "L32", 2, 2, type_l32_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 106 */
+- {LDNS_RR_TYPE_L64, "L64", 2, 2, type_l64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 107 */
+- {LDNS_RR_TYPE_LP, "LP", 2, 2, type_lp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* 108 */
+- {LDNS_RR_TYPE_EUI48, "EUI48", 1, 1, type_eui48_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* 109 */
+- {LDNS_RR_TYPE_EUI64, "EUI64", 1, 1, type_eui64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-
+-{LDNS_RR_TYPE_NULL, "TYPE110", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE111", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE112", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE113", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE114", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE115", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE116", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE117", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE118", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE119", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE120", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE121", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE122", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE123", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE124", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE125", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE126", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE127", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE128", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE129", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE130", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE131", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE132", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE133", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE134", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE135", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE136", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE137", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE138", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE139", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE140", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE141", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE142", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE143", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE144", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE145", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE146", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE147", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE148", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE149", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE150", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE151", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE152", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE153", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE154", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE155", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE156", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE157", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE158", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE159", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE160", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE161", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE162", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE163", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE164", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE165", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE166", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE167", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE168", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE169", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE170", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE171", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE172", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE173", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE174", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE175", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE176", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE177", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE178", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE179", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE180", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE181", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE182", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE183", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE184", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE185", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE186", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE187", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE188", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE189", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE190", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE191", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE192", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE193", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE194", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE195", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE196", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE197", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE198", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE199", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE200", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE201", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE202", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE203", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE204", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE205", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE206", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE207", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE208", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE209", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE210", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE211", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE212", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE213", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE214", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE215", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE216", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE217", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE218", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE219", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE220", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE221", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE222", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE223", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE224", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE225", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE226", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE227", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE228", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE229", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE230", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE231", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE232", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE233", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE234", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE235", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE236", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE237", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE238", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE239", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE240", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE241", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE242", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE243", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE244", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE245", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE246", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE247", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-{LDNS_RR_TYPE_NULL, "TYPE248", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-
+- /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one.
+- * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9.
+- */
+- /* 249 */
+- {LDNS_RR_TYPE_TKEY, "TKEY", 7, 7, type_tkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+- /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one.
+- * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9.
+- */
+- /* 250 */
+- {LDNS_RR_TYPE_TSIG, "TSIG", 7, 7, type_tsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 },
+-
+- /* IXFR: A request for a transfer of an incremental zone transfer */
+-{LDNS_RR_TYPE_NULL, "TYPE251", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* AXFR: A request for a transfer of an entire zone */
+-{LDNS_RR_TYPE_NULL, "TYPE252", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* MAILB: A request for mailbox-related records (MB, MG or MR) */
+-{LDNS_RR_TYPE_NULL, "TYPE253", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* MAILA: A request for mail agent RRs (Obsolete - see MX) */
+-{LDNS_RR_TYPE_NULL, "TYPE254", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+- /* ANY: A request for all (available) records */
+-{LDNS_RR_TYPE_NULL, "TYPE255", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-
+-#ifdef RRTYPE_URI
+- /* 256 */
+- {LDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-#else
+-{LDNS_RR_TYPE_NULL, "TYPE256", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-#endif
+- /* 257 */
+- {LDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-
+-/* split in array, no longer contiguous */
+-
+-#ifdef RRTYPE_TA
+- /* 32768 */
+- {LDNS_RR_TYPE_TA, "TA", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-#else
+-{LDNS_RR_TYPE_NULL, "TYPE32768", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
+-#endif
+- /* 32769 */
+- {LDNS_RR_TYPE_DLV, "DLV", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }
+-};
+-/** \endcond */
+-
+-/**
+- * \def LDNS_RDATA_FIELD_DESCRIPTORS_COUNT
+- * computes the number of rdata fields
+- */
+-#define LDNS_RDATA_FIELD_DESCRIPTORS_COUNT \
+- (sizeof(rdata_field_descriptors)/sizeof(rdata_field_descriptors[0]))
+-
+-
+-/*---------------------------------------------------------------------------*
+- * The functions below return an bitmap RDF with the space required to set
+- * or unset all known RR types. Arguably these functions are better situated
+- * in rdata.c, however for the space calculation it is necesarry to walk
+- * through rdata_field_descriptors which is not easily possible from anywhere
+- * other than rr.c where it is declared static.
+- *
+- * Alternatively rr.c could have provided an iterator for rr_type or
+- * rdf_descriptors, but this seemed overkill for internal use only.
+- */
+-static ldns_rr_descriptor* rdata_field_descriptors_end =
+- &rdata_field_descriptors[LDNS_RDATA_FIELD_DESCRIPTORS_COUNT];
+-
+-/* From RFC3845:
+- *
+- * 2.1.2. The List of Type Bit Map(s) Field
+- *
+- * The RR type space is split into 256 window blocks, each representing
+- * the low-order 8 bits of the 16-bit RR type space. Each block that
+- * has at least one active RR type is encoded using a single octet
+- * window number (from 0 to 255), a single octet bitmap length (from 1
+- * to 32) indicating the number of octets used for the window block's
+- * bitmap, and up to 32 octets (256 bits) of bitmap.
+- *
+- * Window blocks are present in the NSEC RR RDATA in increasing
+- * numerical order.
+- *
+- * "|" denotes concatenation
+- *
+- * Type Bit Map(s) Field = ( Window Block # | Bitmap Length | Bitmap ) +
+- *
+- * <cut>
+- *
+- * Blocks with no types present MUST NOT be included. Trailing zero
+- * octets in the bitmap MUST be omitted. The length of each block's
+- * bitmap is determined by the type code with the largest numerical
+- * value within that block, among the set of RR types present at the
+- * NSEC RR's owner name. Trailing zero octets not specified MUST be
+- * interpreted as zero octets.
+- */
+-static ldns_status
+-ldns_rdf_bitmap_known_rr_types_set(ldns_rdf** rdf, int value)
+-{
+- uint8_t window; /* most significant octet of type */
+- uint8_t subtype; /* least significant octet of type */
+- uint16_t windows[256] /* Max subtype per window */
+-#ifndef S_SPLINT_S
+- = { 0 }
+-#endif
+- ;
+- ldns_rr_descriptor* d; /* used to traverse rdata_field_descriptors */
+- size_t i; /* used to traverse windows array */
+-
+- size_t sz; /* size needed for type bitmap rdf */
+- uint8_t* data = NULL; /* rdf data */
+- uint8_t* dptr; /* used to itraverse rdf data */
+-
+- assert(rdf != NULL);
+-
+- /* Which windows need to be in the bitmap rdf?
+- */
+- for (d=rdata_field_descriptors; d < rdata_field_descriptors_end; d++) {
+- window = d->_type >> 8;
+- subtype = d->_type & 0xff;
+- if (windows[window] < subtype) {
+- windows[window] = subtype;
+- }
+- }
+-
+- /* How much space do we need in the rdf for those windows?
+- */
+- sz = 0;
+- for (i = 0; i < 256; i++) {
+- if (windows[i]) {
+- sz += windows[i] / 8 + 3;
+- }
+- }
+- if (sz > 0) {
+- /* Format rdf data according RFC3845 Section 2.1.2 (see above)
+- */
+- dptr = data = LDNS_XMALLOC(uint8_t, sz);
+- memset(data, value, sz);
+- if (!data) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- for (i = 0; i < 256; i++) {
+- if (windows[i]) {
+- *dptr++ = (uint8_t)i;
+- *dptr++ = (uint8_t)(windows[i] / 8 + 1);
+- dptr += dptr[-1];
+- }
+- }
+- }
+- /* Allocate and return rdf structure for the data
+- */
+- *rdf = ldns_rdf_new(LDNS_RDF_TYPE_BITMAP, sz, data);
+- if (!*rdf) {
+- LDNS_FREE(data);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_rdf_bitmap_known_rr_types_space(ldns_rdf** rdf)
+-{
+- return ldns_rdf_bitmap_known_rr_types_set(rdf, 0);
+-}
+-
+-ldns_status
+-ldns_rdf_bitmap_known_rr_types(ldns_rdf** rdf)
+-{
+- return ldns_rdf_bitmap_known_rr_types_set(rdf, 255);
+-}
+-/* End of RDF bitmap functions
+- *---------------------------------------------------------------------------*/
+-
+-
+-const ldns_rr_descriptor *
+-ldns_rr_descript(uint16_t type)
+-{
+- size_t i;
+- if (type < LDNS_RDATA_FIELD_DESCRIPTORS_COMMON) {
+- return &rdata_field_descriptors[type];
+- } else {
+- /* because not all array index equals type code */
+- for (i = LDNS_RDATA_FIELD_DESCRIPTORS_COMMON;
+- i < LDNS_RDATA_FIELD_DESCRIPTORS_COUNT;
+- i++) {
+- if (rdata_field_descriptors[i]._type == type) {
+- return &rdata_field_descriptors[i];
+- }
+- }
+- return &rdata_field_descriptors[0];
+- }
+-}
+-
+-size_t
+-ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor)
+-{
+- if (descriptor) {
+- return descriptor->_minimum;
+- } else {
+- return 0;
+- }
+-}
+-
+-size_t
+-ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor)
+-{
+- if (descriptor) {
+- if (descriptor->_variable != LDNS_RDF_TYPE_NONE) {
+- /* Should really be SIZE_MAX... bad FreeBSD. */
+- return UINT_MAX;
+- } else {
+- return descriptor->_maximum;
+- }
+- } else {
+- return 0;
+- }
+-}
+-
+-ldns_rdf_type
+-ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor,
+- size_t index)
+-{
+- assert(descriptor != NULL);
+- assert(index < descriptor->_maximum
+- || descriptor->_variable != LDNS_RDF_TYPE_NONE);
+- if (index < descriptor->_maximum) {
+- return descriptor->_wireformat[index];
+- } else {
+- return descriptor->_variable;
+- }
+-}
+-
+-ldns_rr_type
+-ldns_get_rr_type_by_name(const char *name)
+-{
+- unsigned int i;
+- const char *desc_name;
+- const ldns_rr_descriptor *desc;
+-
+- /* TYPEXX representation */
+- if (strlen(name) > 4 && strncasecmp(name, "TYPE", 4) == 0) {
+- return atoi(name + 4);
+- }
+-
+- /* Normal types */
+- for (i = 0; i < (unsigned int) LDNS_RDATA_FIELD_DESCRIPTORS_COUNT; i++) {
+- desc = &rdata_field_descriptors[i];
+- desc_name = desc->_name;
+- if(desc_name &&
+- strlen(name) == strlen(desc_name) &&
+- strncasecmp(name, desc_name, strlen(desc_name)) == 0) {
+- /* because not all array index equals type code */
+- return desc->_type;
+- }
+- }
+-
+- /* special cases for query types */
+- if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) {
+- return 251;
+- } else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) {
+- return 252;
+- } else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) {
+- return 253;
+- } else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) {
+- return 254;
+- } else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) {
+- return 255;
+- }
+-
+- return 0;
+-}
+-
+-ldns_rr_class
+-ldns_get_rr_class_by_name(const char *name)
+-{
+- ldns_lookup_table *lt;
+-
+- /* CLASSXX representation */
+- if (strlen(name) > 5 && strncasecmp(name, "CLASS", 5) == 0) {
+- return atoi(name + 5);
+- }
+-
+- /* Normal types */
+- lt = ldns_lookup_by_name(ldns_rr_classes, name);
+-
+- if (lt) {
+- return lt->id;
+- }
+- return 0;
+-}
+-
+-
+-ldns_rr_type
+-ldns_rdf2rr_type(const ldns_rdf *rd)
+-{
+- ldns_rr_type r;
+-
+- if (!rd) {
+- return 0;
+- }
+-
+- if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_TYPE) {
+- return 0;
+- }
+-
+- r = (ldns_rr_type) ldns_rdf2native_int16(rd);
+- return r;
+-}
+-
+-ldns_rr_type
+-ldns_rr_list_type(const ldns_rr_list *rr_list)
+-{
+- if (rr_list && ldns_rr_list_rr_count(rr_list) > 0) {
+- return ldns_rr_get_type(ldns_rr_list_rr(rr_list, 0));
+- } else {
+- return 0;
+- }
+-}
+-
+-ldns_rdf *
+-ldns_rr_list_owner(const ldns_rr_list *rr_list)
+-{
+- if (rr_list && ldns_rr_list_rr_count(rr_list) > 0) {
+- return ldns_rr_owner(ldns_rr_list_rr(rr_list, 0));
+- } else {
+- return NULL;
+- }
+-}
+diff --git a/src/ldns/rr_functions.c b/src/ldns/rr_functions.c
+deleted file mode 100644
+index b03751b..0000000
+--- a/src/ldns/rr_functions.c
++++ /dev/null
+@@ -1,419 +0,0 @@
+-/*
+- * rr_function.c
+- *
+- * function that operate on specific rr types
+- *
+- * (c) NLnet Labs, 2004-2006
+- * See the file LICENSE for the license
+- */
+-
+-/*
+- * These come strait from perldoc Net::DNS::RR::xxx
+- * first the read variant, then the write. This is
+- * not complete.
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#include <limits.h>
+-#include <strings.h>
+-
+-/**
+- * return a specific rdf
+- * \param[in] type type of RR
+- * \param[in] rr the rr itself
+- * \param[in] pos at which postion to get it
+- * \return the rdf sought
+- */
+-static ldns_rdf *
+-ldns_rr_function(ldns_rr_type type, const ldns_rr *rr, size_t pos)
+-{
+- if (!rr || ldns_rr_get_type(rr) != type) {
+- return NULL;
+- }
+- return ldns_rr_rdf(rr, pos);
+-}
+-
+-/**
+- * set a specific rdf
+- * \param[in] type type of RR
+- * \param[in] rr the rr itself
+- * \param[in] rdf the rdf to set
+- * \param[in] pos at which postion to set it
+- * \return true or false
+- */
+-static bool
+-ldns_rr_set_function(ldns_rr_type type, ldns_rr *rr, ldns_rdf *rdf, size_t pos)
+-{
+- ldns_rdf *pop;
+- if (!rr || ldns_rr_get_type(rr) != type) {
+- return false;
+- }
+- pop = ldns_rr_set_rdf(rr, rdf, pos);
+- ldns_rdf_deep_free(pop);
+- return true;
+-}
+-
+-/* A/AAAA records */
+-ldns_rdf *
+-ldns_rr_a_address(const ldns_rr *r)
+-{
+- /* 2 types to check, cannot use the macro */
+- if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A &&
+- ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) {
+- return NULL;
+- }
+- return ldns_rr_rdf(r, 0);
+-}
+-
+-bool
+-ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f)
+-{
+- /* 2 types to check, cannot use the macro... */
+- ldns_rdf *pop;
+- if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A &&
+- ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) {
+- return false;
+- }
+- pop = ldns_rr_set_rdf(r, f, 0);
+- if (pop) {
+- LDNS_FREE(pop);
+- return true;
+- } else {
+- return false;
+- }
+-}
+-
+-/* NS record */
+-ldns_rdf *
+-ldns_rr_ns_nsdname(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_NS, r, 0);
+-}
+-
+-/* MX record */
+-ldns_rdf *
+-ldns_rr_mx_preference(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_MX, r, 0);
+-}
+-
+-ldns_rdf *
+-ldns_rr_mx_exchange(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_MX, r, 1);
+-}
+-
+-/* RRSIG record */
+-ldns_rdf *
+-ldns_rr_rrsig_typecovered(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 0);
+-}
+-
+-bool
+-ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 0);
+-}
+-
+-ldns_rdf *
+-ldns_rr_rrsig_algorithm(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 1);
+-}
+-
+-bool
+-ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 1);
+-}
+-
+-ldns_rdf *
+-ldns_rr_rrsig_labels(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 2);
+-}
+-
+-bool
+-ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 2);
+-}
+-
+-ldns_rdf *
+-ldns_rr_rrsig_origttl(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 3);
+-}
+-
+-bool
+-ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 3);
+-}
+-
+-ldns_rdf *
+-ldns_rr_rrsig_expiration(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 4);
+-}
+-
+-bool
+-ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 4);
+-}
+-
+-ldns_rdf *
+-ldns_rr_rrsig_inception(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 5);
+-}
+-
+-bool
+-ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 5);
+-}
+-
+-ldns_rdf *
+-ldns_rr_rrsig_keytag(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 6);
+-}
+-
+-bool
+-ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 6);
+-}
+-
+-ldns_rdf *
+-ldns_rr_rrsig_signame(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 7);
+-}
+-
+-bool
+-ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 7);
+-}
+-
+-ldns_rdf *
+-ldns_rr_rrsig_sig(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 8);
+-}
+-
+-bool
+-ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 8);
+-}
+-
+-/* DNSKEY record */
+-ldns_rdf *
+-ldns_rr_dnskey_flags(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 0);
+-}
+-
+-bool
+-ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 0);
+-}
+-
+-ldns_rdf *
+-ldns_rr_dnskey_protocol(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 1);
+-}
+-
+-bool
+-ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 1);
+-}
+-
+-ldns_rdf *
+-ldns_rr_dnskey_algorithm(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 2);
+-}
+-
+-bool
+-ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 2);
+-}
+-
+-ldns_rdf *
+-ldns_rr_dnskey_key(const ldns_rr *r)
+-{
+- return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 3);
+-}
+-
+-bool
+-ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f)
+-{
+- return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 3);
+-}
+-
+-size_t
+-ldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
+- const size_t len,
+- const ldns_algorithm alg)
+-{
+- /* for DSA keys */
+- uint8_t t;
+-
+- /* for RSA keys */
+- uint16_t exp;
+- uint16_t int16;
+-
+- switch ((ldns_signing_algorithm)alg) {
+- case LDNS_SIGN_DSA:
+- case LDNS_SIGN_DSA_NSEC3:
+- if (len > 0) {
+- t = keydata[0];
+- return (64 + t*8)*8;
+- } else {
+- return 0;
+- }
+- break;
+- case LDNS_SIGN_RSAMD5:
+- case LDNS_SIGN_RSASHA1:
+- case LDNS_SIGN_RSASHA1_NSEC3:
+-#ifdef USE_SHA2
+- case LDNS_SIGN_RSASHA256:
+- case LDNS_SIGN_RSASHA512:
+-#endif
+- if (len > 0) {
+- if (keydata[0] == 0) {
+- /* big exponent */
+- if (len > 3) {
+- memmove(&int16, keydata + 1, 2);
+- exp = ntohs(int16);
+- return (len - exp - 3)*8;
+- } else {
+- return 0;
+- }
+- } else {
+- exp = keydata[0];
+- return (len-exp-1)*8;
+- }
+- } else {
+- return 0;
+- }
+- break;
+-#ifdef USE_GOST
+- case LDNS_SIGN_ECC_GOST:
+- return 512;
+-#endif
+-#ifdef USE_ECDSA
+- case LDNS_SIGN_ECDSAP256SHA256:
+- return 256;
+- case LDNS_SIGN_ECDSAP384SHA384:
+- return 384;
+-#endif
+- case LDNS_SIGN_HMACMD5:
+- return len;
+- default:
+- return 0;
+- }
+-}
+-
+-size_t
+-ldns_rr_dnskey_key_size(const ldns_rr *key)
+-{
+- if (!key || !ldns_rr_dnskey_key(key)
+- || !ldns_rr_dnskey_algorithm(key)) {
+- return 0;
+- }
+- return ldns_rr_dnskey_key_size_raw((unsigned char*)ldns_rdf_data(ldns_rr_dnskey_key(key)),
+- ldns_rdf_size(ldns_rr_dnskey_key(key)),
+- ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(key))
+- );
+-}
+-
+-uint32_t ldns_soa_serial_identity(uint32_t ATTR_UNUSED(unused), void *data)
+-{
+- return (uint32_t) (intptr_t) data;
+-}
+-
+-uint32_t ldns_soa_serial_increment(uint32_t s, void *ATTR_UNUSED(unused))
+-{
+- return ldns_soa_serial_increment_by(s, (void *)1);
+-}
+-
+-uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data)
+-{
+- return s + (intptr_t) data;
+-}
+-
+-uint32_t ldns_soa_serial_datecounter(uint32_t s, void *data)
+-{
+- struct tm tm;
+- char s_str[11];
+- int32_t new_s;
+- time_t t = data ? (time_t) (intptr_t) data : ldns_time(NULL);
+-
+- (void) strftime(s_str, 11, "%Y%m%d00", localtime_r(&t, &tm));
+- new_s = (int32_t) atoi(s_str);
+- return new_s - ((int32_t) s) <= 0 ? s+1 : ((uint32_t) new_s);
+-}
+-
+-uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data)
+-{
+- int32_t new_s = data ? (int32_t) (intptr_t) data
+- : (int32_t) ldns_time(NULL);
+- return new_s - ((int32_t) s) <= 0 ? s+1 : ((uint32_t) new_s);
+-}
+-
+-void
+-ldns_rr_soa_increment(ldns_rr *soa)
+-{
+- ldns_rr_soa_increment_func_data(soa, ldns_soa_serial_increment, NULL);
+-}
+-
+-void
+-ldns_rr_soa_increment_func(ldns_rr *soa, ldns_soa_serial_increment_func_t f)
+-{
+- ldns_rr_soa_increment_func_data(soa, f, NULL);
+-}
+-
+-void
+-ldns_rr_soa_increment_func_data(ldns_rr *soa,
+- ldns_soa_serial_increment_func_t f, void *data)
+-{
+- ldns_rdf *prev_soa_serial_rdf;
+- if ( !soa || !f || ldns_rr_get_type(soa) != LDNS_RR_TYPE_SOA
+- || !ldns_rr_rdf(soa, 2)) {
+- return;
+- }
+- prev_soa_serial_rdf = ldns_rr_set_rdf(
+- soa
+- , ldns_native2rdf_int32(
+- LDNS_RDF_TYPE_INT32
+- , (*f)( ldns_rdf2native_int32(
+- ldns_rr_rdf(soa, 2))
+- , data
+- )
+- )
+- , 2
+- );
+- LDNS_FREE(prev_soa_serial_rdf);
+-}
+-
+-void
+-ldns_rr_soa_increment_func_int(ldns_rr *soa,
+- ldns_soa_serial_increment_func_t f, int data)
+-{
+- ldns_rr_soa_increment_func_data(soa, f, (void *) (intptr_t) data);
+-}
+-
+diff --git a/src/ldns/sha1.c b/src/ldns/sha1.c
+deleted file mode 100644
+index 18a4dd2..0000000
+--- a/src/ldns/sha1.c
++++ /dev/null
+@@ -1,177 +0,0 @@
+-/*
+- * modified for ldns by Jelte Jansen, original taken from OpenBSD:
+- *
+- * SHA-1 in C
+- * By Steve Reid <steve at edmweb.com>
+- * 100% Public Domain
+- *
+- * Test Vectors (from FIPS PUB 180-1)
+- * "abc"
+- * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+- * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+- * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+- * A million repetitions of "a"
+- * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+-*/
+-
+-/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
+-
+-#include <ldns/config.h>
+-#include <ldns/ldns.h>
+-#include <strings.h>
+-
+-#define SHA1HANDSOFF 1 /* Copies data before messing with it. */
+-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+-
+-/* blk0() and blk() perform the initial expand. */
+-/* I got the idea of expanding during the round function from SSLeay */
+-#if BYTE_ORDER == LITTLE_ENDIAN
+-#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
+- |(rol(block->l[i],8)&0x00FF00FF))
+-#else
+-#define blk0(i) block->l[i]
+-#endif
+-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
+- ^block->l[(i+2)&15]^block->l[i&15],1))
+-
+-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
+-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
+-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
+-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
+-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+-
+-/* Hash a single 512-bit block. This is the core of the algorithm. */
+-
+-void
+-ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH])
+-{
+- uint32_t a, b, c, d, e;
+- typedef union {
+- unsigned char c[64];
+- unsigned int l[16];
+- } CHAR64LONG16;
+- CHAR64LONG16* block;
+-#ifdef SHA1HANDSOFF
+- unsigned char workspace[LDNS_SHA1_BLOCK_LENGTH];
+-
+- block = (CHAR64LONG16 *)workspace;
+- memmove(block, buffer, LDNS_SHA1_BLOCK_LENGTH);
+-#else
+- block = (CHAR64LONG16 *)buffer;
+-#endif
+- /* Copy context->state[] to working vars */
+- a = state[0];
+- b = state[1];
+- c = state[2];
+- d = state[3];
+- e = state[4];
+-
+- /* 4 rounds of 20 operations each. Loop unrolled. */
+- R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
+- R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
+- R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
+- R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
+- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
+- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
+- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
+- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
+- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
+- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
+- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
+- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
+- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
+- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
+- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
+- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
+- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
+- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
+- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
+- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+-
+- /* Add the working vars back into context.state[] */
+- state[0] += a;
+- state[1] += b;
+- state[2] += c;
+- state[3] += d;
+- state[4] += e;
+- /* Wipe variables */
+- a = b = c = d = e = 0;
+-}
+-
+-
+-/* SHA1Init - Initialize new context */
+-
+-void
+-ldns_sha1_init(ldns_sha1_ctx *context)
+-{
+- /* SHA1 initialization constants */
+- context->count = 0;
+- context->state[0] = 0x67452301;
+- context->state[1] = 0xEFCDAB89;
+- context->state[2] = 0x98BADCFE;
+- context->state[3] = 0x10325476;
+- context->state[4] = 0xC3D2E1F0;
+-}
+-
+-
+-/* Run your data through this. */
+-
+-void
+-ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len)
+-{
+- unsigned int i;
+- unsigned int j;
+-
+- j = (unsigned)(uint32_t)((context->count >> 3) & 63);
+- context->count += (len << 3);
+- if ((j + len) > 63) {
+- memmove(&context->buffer[j], data, (i = 64 - j));
+- ldns_sha1_transform(context->state, context->buffer);
+- for ( ; i + 63 < len; i += 64) {
+- ldns_sha1_transform(context->state, &data[i]);
+- }
+- j = 0;
+- }
+- else i = 0;
+- memmove(&context->buffer[j], &data[i], len - i);
+-}
+-
+-
+-/* Add padding and return the message digest. */
+-
+-void
+-ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context)
+-{
+- unsigned int i;
+- unsigned char finalcount[8];
+-
+- for (i = 0; i < 8; i++) {
+- finalcount[i] = (unsigned char)((context->count >>
+- ((7 - (i & 7)) * 8)) & 255); /* Endian independent */
+- }
+- ldns_sha1_update(context, (unsigned char *)"\200", 1);
+- while ((context->count & 504) != 448) {
+- ldns_sha1_update(context, (unsigned char *)"\0", 1);
+- }
+- ldns_sha1_update(context, finalcount, 8); /* Should cause a SHA1Transform() */
+-
+- if (digest != NULL)
+- for (i = 0; i < LDNS_SHA1_DIGEST_LENGTH; i++) {
+- digest[i] = (unsigned char)((context->state[i >> 2] >>
+- ((3 - (i & 3)) * 8)) & 255);
+- }
+-#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */
+- ldns_sha1_transform(context->state, context->buffer);
+-#endif
+-}
+-
+-unsigned char *
+-ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest)
+-{
+- ldns_sha1_ctx ctx;
+- ldns_sha1_init(&ctx);
+- ldns_sha1_update(&ctx, data, data_len);
+- ldns_sha1_final(digest, &ctx);
+- return digest;
+-}
+diff --git a/src/ldns/sha2.c b/src/ldns/sha2.c
+deleted file mode 100644
+index 9a27122..0000000
+--- a/src/ldns/sha2.c
++++ /dev/null
+@@ -1,991 +0,0 @@
+-/*
+- * FILE: sha2.c
+- * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/
+- *
+- * Copyright (c) 2000-2001, Aaron D. Gifford
+- * All rights reserved.
+- *
+- * Modified by Jelte Jansen to fit in ldns, and not clash with any
+- * system-defined SHA code.
+- * Changes:
+- * - Renamed (external) functions and constants to fit ldns style
+- * - Removed _End and _Data functions
+- * - Added ldns_shaX(data, len, digest) convenience functions
+- * - Removed prototypes of _Transform functions and made those static
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- * 3. Neither the name of the copyright holder nor the names of contributors
+- * may be used to endorse or promote products derived from this software
+- * without specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- *
+- * $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
+- */
+-
+-#include <ldns/config.h>
+-#include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
+-#include <assert.h> /* assert() */
+-#include <ldns/sha2.h>
+-
+-/*
+- * ASSERT NOTE:
+- * Some sanity checking code is included using assert(). On my FreeBSD
+- * system, this additional code can be removed by compiling with NDEBUG
+- * defined. Check your own systems manpage on assert() to see how to
+- * compile WITHOUT the sanity checking code on your system.
+- *
+- * UNROLLED TRANSFORM LOOP NOTE:
+- * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
+- * loop version for the hash transform rounds (defined using macros
+- * later in this file). Either define on the command line, for example:
+- *
+- * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
+- *
+- * or define below:
+- *
+- * #define SHA2_UNROLL_TRANSFORM
+- *
+- */
+-
+-
+-/*** SHA-256/384/512 Machine Architecture Definitions *****************/
+-/*
+- * BYTE_ORDER NOTE:
+- *
+- * Please make sure that your system defines BYTE_ORDER. If your
+- * architecture is little-endian, make sure it also defines
+- * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
+- * equivilent.
+- *
+- * If your system does not define the above, then you can do so by
+- * hand like this:
+- *
+- * #define LITTLE_ENDIAN 1234
+- * #define BIG_ENDIAN 4321
+- *
+- * And for little-endian machines, add:
+- *
+- * #define BYTE_ORDER LITTLE_ENDIAN
+- *
+- * Or for big-endian machines:
+- *
+- * #define BYTE_ORDER BIG_ENDIAN
+- *
+- * The FreeBSD machine this was written on defines BYTE_ORDER
+- * appropriately by including <sys/types.h> (which in turn includes
+- * <machine/endian.h> where the appropriate definitions are actually
+- * made).
+- */
+-#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
+-#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
+-#endif
+-
+-typedef uint8_t sha2_byte; /* Exactly 1 byte */
+-typedef uint32_t sha2_word32; /* Exactly 4 bytes */
+-#ifdef S_SPLINT_S
+-typedef unsigned long long sha2_word64; /* lint 8 bytes */
+-#else
+-typedef uint64_t sha2_word64; /* Exactly 8 bytes */
+-#endif
+-
+-/*** SHA-256/384/512 Various Length Definitions ***********************/
+-/* NOTE: Most of these are in sha2.h */
+-#define ldns_sha256_SHORT_BLOCK_LENGTH (LDNS_SHA256_BLOCK_LENGTH - 8)
+-#define ldns_sha384_SHORT_BLOCK_LENGTH (LDNS_SHA384_BLOCK_LENGTH - 16)
+-#define ldns_sha512_SHORT_BLOCK_LENGTH (LDNS_SHA512_BLOCK_LENGTH - 16)
+-
+-
+-/*** ENDIAN REVERSAL MACROS *******************************************/
+-#if BYTE_ORDER == LITTLE_ENDIAN
+-#define REVERSE32(w,x) { \
+- sha2_word32 tmp = (w); \
+- tmp = (tmp >> 16) | (tmp << 16); \
+- (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
+-}
+-#ifndef S_SPLINT_S
+-#define REVERSE64(w,x) { \
+- sha2_word64 tmp = (w); \
+- tmp = (tmp >> 32) | (tmp << 32); \
+- tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
+- ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
+- (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
+- ((tmp & 0x0000ffff0000ffffULL) << 16); \
+-}
+-#else /* splint */
+-#define REVERSE64(w,x) /* splint */
+-#endif /* splint */
+-#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+-
+-/*
+- * Macro for incrementally adding the unsigned 64-bit integer n to the
+- * unsigned 128-bit integer (represented using a two-element array of
+- * 64-bit words):
+- */
+-#define ADDINC128(w,n) { \
+- (w)[0] += (sha2_word64)(n); \
+- if ((w)[0] < (n)) { \
+- (w)[1]++; \
+- } \
+-}
+-#ifdef S_SPLINT_S
+-#undef ADDINC128
+-#define ADDINC128(w,n) /* splint */
+-#endif
+-
+-/*
+- * Macros for copying blocks of memory and for zeroing out ranges
+- * of memory. Using these macros makes it easy to switch from
+- * using memset()/memcpy() and using bzero()/bcopy().
+- *
+- * Please define either SHA2_USE_MEMSET_MEMCPY or define
+- * SHA2_USE_BZERO_BCOPY depending on which function set you
+- * choose to use:
+- */
+-#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
+-/* Default to memset()/memcpy() if no option is specified */
+-#define SHA2_USE_MEMSET_MEMCPY 1
+-#endif
+-#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
+-/* Abort with an error if BOTH options are defined */
+-#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
+-#endif
+-
+-#ifdef SHA2_USE_MEMSET_MEMCPY
+-#define MEMSET_BZERO(p,l) memset((p), 0, (l))
+-#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
+-#endif
+-#ifdef SHA2_USE_BZERO_BCOPY
+-#define MEMSET_BZERO(p,l) bzero((p), (l))
+-#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
+-#endif
+-
+-
+-/*** THE SIX LOGICAL FUNCTIONS ****************************************/
+-/*
+- * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
+- *
+- * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
+- * S is a ROTATION) because the SHA-256/384/512 description document
+- * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
+- * same "backwards" definition.
+- */
+-/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
+-#define R(b,x) ((x) >> (b))
+-/* 32-bit Rotate-right (used in SHA-256): */
+-#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
+-/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
+-#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
+-
+-/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
+-#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+-#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+-
+-/* Four of six logical functions used in SHA-256: */
+-#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
+-#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
+-#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
+-#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
+-
+-/* Four of six logical functions used in SHA-384 and SHA-512: */
+-#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
+-#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
+-#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
+-#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
+-
+-/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
+-/* Hash constant words K for SHA-256: */
+-static const sha2_word32 K256[64] = {
+- 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+- 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+- 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+- 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+- 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+- 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+- 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+- 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+- 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+- 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+- 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+- 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+- 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+- 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+- 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+- 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+-};
+-
+-/* initial hash value H for SHA-256: */
+-static const sha2_word32 ldns_sha256_initial_hash_value[8] = {
+- 0x6a09e667UL,
+- 0xbb67ae85UL,
+- 0x3c6ef372UL,
+- 0xa54ff53aUL,
+- 0x510e527fUL,
+- 0x9b05688cUL,
+- 0x1f83d9abUL,
+- 0x5be0cd19UL
+-};
+-
+-/* Hash constant words K for SHA-384 and SHA-512: */
+-static const sha2_word64 K512[80] = {
+- 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
+- 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
+- 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
+- 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
+- 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
+- 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+- 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
+- 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
+- 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
+- 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+- 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
+- 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+- 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
+- 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
+- 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
+- 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
+- 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
+- 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+- 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
+- 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+- 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
+- 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
+- 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
+- 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+- 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
+- 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
+- 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
+- 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
+- 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
+- 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+- 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
+- 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
+- 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
+- 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
+- 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
+- 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+- 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
+- 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
+- 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
+- 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
+-};
+-
+-/* initial hash value H for SHA-384 */
+-static const sha2_word64 sha384_initial_hash_value[8] = {
+- 0xcbbb9d5dc1059ed8ULL,
+- 0x629a292a367cd507ULL,
+- 0x9159015a3070dd17ULL,
+- 0x152fecd8f70e5939ULL,
+- 0x67332667ffc00b31ULL,
+- 0x8eb44a8768581511ULL,
+- 0xdb0c2e0d64f98fa7ULL,
+- 0x47b5481dbefa4fa4ULL
+-};
+-
+-/* initial hash value H for SHA-512 */
+-static const sha2_word64 sha512_initial_hash_value[8] = {
+- 0x6a09e667f3bcc908ULL,
+- 0xbb67ae8584caa73bULL,
+- 0x3c6ef372fe94f82bULL,
+- 0xa54ff53a5f1d36f1ULL,
+- 0x510e527fade682d1ULL,
+- 0x9b05688c2b3e6c1fULL,
+- 0x1f83d9abfb41bd6bULL,
+- 0x5be0cd19137e2179ULL
+-};
+-
+-/*** SHA-256: *********************************************************/
+-void ldns_sha256_init(ldns_sha256_CTX* context) {
+- if (context == (ldns_sha256_CTX*)0) {
+- return;
+- }
+- MEMCPY_BCOPY(context->state, ldns_sha256_initial_hash_value, LDNS_SHA256_DIGEST_LENGTH);
+- MEMSET_BZERO(context->buffer, LDNS_SHA256_BLOCK_LENGTH);
+- context->bitcount = 0;
+-}
+-
+-#ifdef SHA2_UNROLL_TRANSFORM
+-
+-/* Unrolled SHA-256 round macros: */
+-
+-#if BYTE_ORDER == LITTLE_ENDIAN
+-
+-#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
+- REVERSE32(*data++, W256[j]); \
+- T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
+- K256[j] + W256[j]; \
+- (d) += T1; \
+- (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
+- j++
+-
+-
+-#else /* BYTE_ORDER == LITTLE_ENDIAN */
+-
+-#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
+- T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
+- K256[j] + (W256[j] = *data++); \
+- (d) += T1; \
+- (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
+- j++
+-
+-#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+-
+-#define ROUND256(a,b,c,d,e,f,g,h) \
+- s0 = W256[(j+1)&0x0f]; \
+- s0 = sigma0_256(s0); \
+- s1 = W256[(j+14)&0x0f]; \
+- s1 = sigma1_256(s1); \
+- T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
+- (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
+- (d) += T1; \
+- (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
+- j++
+-
+-static void ldns_sha256_Transform(ldns_sha256_CTX* context,
+- const sha2_word32* data) {
+- sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
+- sha2_word32 T1, *W256;
+- int j;
+-
+- W256 = (sha2_word32*)context->buffer;
+-
+- /* initialize registers with the prev. intermediate value */
+- a = context->state[0];
+- b = context->state[1];
+- c = context->state[2];
+- d = context->state[3];
+- e = context->state[4];
+- f = context->state[5];
+- g = context->state[6];
+- h = context->state[7];
+-
+- j = 0;
+- do {
+- /* Rounds 0 to 15 (unrolled): */
+- ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
+- ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
+- ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
+- ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
+- ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
+- ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
+- ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
+- ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
+- } while (j < 16);
+-
+- /* Now for the remaining rounds to 64: */
+- do {
+- ROUND256(a,b,c,d,e,f,g,h);
+- ROUND256(h,a,b,c,d,e,f,g);
+- ROUND256(g,h,a,b,c,d,e,f);
+- ROUND256(f,g,h,a,b,c,d,e);
+- ROUND256(e,f,g,h,a,b,c,d);
+- ROUND256(d,e,f,g,h,a,b,c);
+- ROUND256(c,d,e,f,g,h,a,b);
+- ROUND256(b,c,d,e,f,g,h,a);
+- } while (j < 64);
+-
+- /* Compute the current intermediate hash value */
+- context->state[0] += a;
+- context->state[1] += b;
+- context->state[2] += c;
+- context->state[3] += d;
+- context->state[4] += e;
+- context->state[5] += f;
+- context->state[6] += g;
+- context->state[7] += h;
+-
+- /* Clean up */
+- a = b = c = d = e = f = g = h = T1 = 0;
+-}
+-
+-#else /* SHA2_UNROLL_TRANSFORM */
+-
+-static void ldns_sha256_Transform(ldns_sha256_CTX* context,
+- const sha2_word32* data) {
+- sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
+- sha2_word32 T1, T2, *W256;
+- int j;
+-
+- W256 = (sha2_word32*)context->buffer;
+-
+- /* initialize registers with the prev. intermediate value */
+- a = context->state[0];
+- b = context->state[1];
+- c = context->state[2];
+- d = context->state[3];
+- e = context->state[4];
+- f = context->state[5];
+- g = context->state[6];
+- h = context->state[7];
+-
+- j = 0;
+- do {
+-#if BYTE_ORDER == LITTLE_ENDIAN
+- /* Copy data while converting to host byte order */
+- REVERSE32(*data++,W256[j]);
+- /* Apply the SHA-256 compression function to update a..h */
+- T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
+-#else /* BYTE_ORDER == LITTLE_ENDIAN */
+- /* Apply the SHA-256 compression function to update a..h with copy */
+- T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
+-#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+- T2 = Sigma0_256(a) + Maj(a, b, c);
+- h = g;
+- g = f;
+- f = e;
+- e = d + T1;
+- d = c;
+- c = b;
+- b = a;
+- a = T1 + T2;
+-
+- j++;
+- } while (j < 16);
+-
+- do {
+- /* Part of the message block expansion: */
+- s0 = W256[(j+1)&0x0f];
+- s0 = sigma0_256(s0);
+- s1 = W256[(j+14)&0x0f];
+- s1 = sigma1_256(s1);
+-
+- /* Apply the SHA-256 compression function to update a..h */
+- T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
+- (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
+- T2 = Sigma0_256(a) + Maj(a, b, c);
+- h = g;
+- g = f;
+- f = e;
+- e = d + T1;
+- d = c;
+- c = b;
+- b = a;
+- a = T1 + T2;
+-
+- j++;
+- } while (j < 64);
+-
+- /* Compute the current intermediate hash value */
+- context->state[0] += a;
+- context->state[1] += b;
+- context->state[2] += c;
+- context->state[3] += d;
+- context->state[4] += e;
+- context->state[5] += f;
+- context->state[6] += g;
+- context->state[7] += h;
+-
+- /* Clean up */
+- a = b = c = d = e = f = g = h = T1 = T2 = 0;
+-}
+-
+-#endif /* SHA2_UNROLL_TRANSFORM */
+-
+-void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t len) {
+- size_t freespace, usedspace;
+-
+- if (len == 0) {
+- /* Calling with no data is valid - we do nothing */
+- return;
+- }
+-
+- /* Sanity check: */
+- assert(context != (ldns_sha256_CTX*)0 && data != (sha2_byte*)0);
+-
+- usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH;
+- if (usedspace > 0) {
+- /* Calculate how much free space is available in the buffer */
+- freespace = LDNS_SHA256_BLOCK_LENGTH - usedspace;
+-
+- if (len >= freespace) {
+- /* Fill the buffer completely and process it */
+- MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
+- context->bitcount += freespace << 3;
+- len -= freespace;
+- data += freespace;
+- ldns_sha256_Transform(context, (sha2_word32*)context->buffer);
+- } else {
+- /* The buffer is not yet full */
+- MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
+- context->bitcount += len << 3;
+- /* Clean up: */
+- usedspace = freespace = 0;
+- return;
+- }
+- }
+- while (len >= LDNS_SHA256_BLOCK_LENGTH) {
+- /* Process as many complete blocks as we can */
+- ldns_sha256_Transform(context, (sha2_word32*)data);
+- context->bitcount += LDNS_SHA256_BLOCK_LENGTH << 3;
+- len -= LDNS_SHA256_BLOCK_LENGTH;
+- data += LDNS_SHA256_BLOCK_LENGTH;
+- }
+- if (len > 0) {
+- /* There's left-overs, so save 'em */
+- MEMCPY_BCOPY(context->buffer, data, len);
+- context->bitcount += len << 3;
+- }
+- /* Clean up: */
+- usedspace = freespace = 0;
+-}
+-
+-typedef union _ldns_sha2_buffer_union {
+- uint8_t* theChars;
+- uint64_t* theLongs;
+-} ldns_sha2_buffer_union;
+-
+-void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) {
+- sha2_word32 *d = (sha2_word32*)digest;
+- size_t usedspace;
+- ldns_sha2_buffer_union cast_var;
+-
+- /* Sanity check: */
+- assert(context != (ldns_sha256_CTX*)0);
+-
+- /* If no digest buffer is passed, we don't bother doing this: */
+- if (digest != (sha2_byte*)0) {
+- usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH;
+-#if BYTE_ORDER == LITTLE_ENDIAN
+- /* Convert FROM host byte order */
+- REVERSE64(context->bitcount,context->bitcount);
+-#endif
+- if (usedspace > 0) {
+- /* Begin padding with a 1 bit: */
+- context->buffer[usedspace++] = 0x80;
+-
+- if (usedspace <= ldns_sha256_SHORT_BLOCK_LENGTH) {
+- /* Set-up for the last transform: */
+- MEMSET_BZERO(&context->buffer[usedspace], ldns_sha256_SHORT_BLOCK_LENGTH - usedspace);
+- } else {
+- if (usedspace < LDNS_SHA256_BLOCK_LENGTH) {
+- MEMSET_BZERO(&context->buffer[usedspace], LDNS_SHA256_BLOCK_LENGTH - usedspace);
+- }
+- /* Do second-to-last transform: */
+- ldns_sha256_Transform(context, (sha2_word32*)context->buffer);
+-
+- /* And set-up for the last transform: */
+- MEMSET_BZERO(context->buffer, ldns_sha256_SHORT_BLOCK_LENGTH);
+- }
+- } else {
+- /* Set-up for the last transform: */
+- MEMSET_BZERO(context->buffer, ldns_sha256_SHORT_BLOCK_LENGTH);
+-
+- /* Begin padding with a 1 bit: */
+- *context->buffer = 0x80;
+- }
+- /* Set the bit count: */
+- cast_var.theChars = context->buffer;
+- cast_var.theLongs[ldns_sha256_SHORT_BLOCK_LENGTH / 8] = context->bitcount;
+-
+- /* final transform: */
+- ldns_sha256_Transform(context, (sha2_word32*)context->buffer);
+-
+-#if BYTE_ORDER == LITTLE_ENDIAN
+- {
+- /* Convert TO host byte order */
+- int j;
+- for (j = 0; j < 8; j++) {
+- REVERSE32(context->state[j],context->state[j]);
+- *d++ = context->state[j];
+- }
+- }
+-#else
+- MEMCPY_BCOPY(d, context->state, LDNS_SHA256_DIGEST_LENGTH);
+-#endif
+- }
+-
+- /* Clean up state data: */
+- MEMSET_BZERO(context, sizeof(ldns_sha256_CTX));
+- usedspace = 0;
+-}
+-
+-unsigned char *
+-ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest)
+-{
+- ldns_sha256_CTX ctx;
+- ldns_sha256_init(&ctx);
+- ldns_sha256_update(&ctx, data, data_len);
+- ldns_sha256_final(digest, &ctx);
+- return digest;
+-}
+-
+-/*** SHA-512: *********************************************************/
+-void ldns_sha512_init(ldns_sha512_CTX* context) {
+- if (context == (ldns_sha512_CTX*)0) {
+- return;
+- }
+- MEMCPY_BCOPY(context->state, sha512_initial_hash_value, LDNS_SHA512_DIGEST_LENGTH);
+- MEMSET_BZERO(context->buffer, LDNS_SHA512_BLOCK_LENGTH);
+- context->bitcount[0] = context->bitcount[1] = 0;
+-}
+-
+-#ifdef SHA2_UNROLL_TRANSFORM
+-
+-/* Unrolled SHA-512 round macros: */
+-#if BYTE_ORDER == LITTLE_ENDIAN
+-
+-#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
+- REVERSE64(*data++, W512[j]); \
+- T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
+- K512[j] + W512[j]; \
+- (d) += T1, \
+- (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
+- j++
+-
+-
+-#else /* BYTE_ORDER == LITTLE_ENDIAN */
+-
+-#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
+- T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
+- K512[j] + (W512[j] = *data++); \
+- (d) += T1; \
+- (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
+- j++
+-
+-#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+-
+-#define ROUND512(a,b,c,d,e,f,g,h) \
+- s0 = W512[(j+1)&0x0f]; \
+- s0 = sigma0_512(s0); \
+- s1 = W512[(j+14)&0x0f]; \
+- s1 = sigma1_512(s1); \
+- T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
+- (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
+- (d) += T1; \
+- (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
+- j++
+-
+-static void ldns_sha512_Transform(ldns_sha512_CTX* context,
+- const sha2_word64* data) {
+- sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
+- sha2_word64 T1, *W512 = (sha2_word64*)context->buffer;
+- int j;
+-
+- /* initialize registers with the prev. intermediate value */
+- a = context->state[0];
+- b = context->state[1];
+- c = context->state[2];
+- d = context->state[3];
+- e = context->state[4];
+- f = context->state[5];
+- g = context->state[6];
+- h = context->state[7];
+-
+- j = 0;
+- do {
+- ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
+- ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
+- ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
+- ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
+- ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
+- ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
+- ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
+- ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
+- } while (j < 16);
+-
+- /* Now for the remaining rounds up to 79: */
+- do {
+- ROUND512(a,b,c,d,e,f,g,h);
+- ROUND512(h,a,b,c,d,e,f,g);
+- ROUND512(g,h,a,b,c,d,e,f);
+- ROUND512(f,g,h,a,b,c,d,e);
+- ROUND512(e,f,g,h,a,b,c,d);
+- ROUND512(d,e,f,g,h,a,b,c);
+- ROUND512(c,d,e,f,g,h,a,b);
+- ROUND512(b,c,d,e,f,g,h,a);
+- } while (j < 80);
+-
+- /* Compute the current intermediate hash value */
+- context->state[0] += a;
+- context->state[1] += b;
+- context->state[2] += c;
+- context->state[3] += d;
+- context->state[4] += e;
+- context->state[5] += f;
+- context->state[6] += g;
+- context->state[7] += h;
+-
+- /* Clean up */
+- a = b = c = d = e = f = g = h = T1 = 0;
+-}
+-
+-#else /* SHA2_UNROLL_TRANSFORM */
+-
+-static void ldns_sha512_Transform(ldns_sha512_CTX* context,
+- const sha2_word64* data) {
+- sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
+- sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
+- int j;
+-
+- /* initialize registers with the prev. intermediate value */
+- a = context->state[0];
+- b = context->state[1];
+- c = context->state[2];
+- d = context->state[3];
+- e = context->state[4];
+- f = context->state[5];
+- g = context->state[6];
+- h = context->state[7];
+-
+- j = 0;
+- do {
+-#if BYTE_ORDER == LITTLE_ENDIAN
+- /* Convert TO host byte order */
+- REVERSE64(*data++, W512[j]);
+- /* Apply the SHA-512 compression function to update a..h */
+- T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
+-#else /* BYTE_ORDER == LITTLE_ENDIAN */
+- /* Apply the SHA-512 compression function to update a..h with copy */
+- T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
+-#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+- T2 = Sigma0_512(a) + Maj(a, b, c);
+- h = g;
+- g = f;
+- f = e;
+- e = d + T1;
+- d = c;
+- c = b;
+- b = a;
+- a = T1 + T2;
+-
+- j++;
+- } while (j < 16);
+-
+- do {
+- /* Part of the message block expansion: */
+- s0 = W512[(j+1)&0x0f];
+- s0 = sigma0_512(s0);
+- s1 = W512[(j+14)&0x0f];
+- s1 = sigma1_512(s1);
+-
+- /* Apply the SHA-512 compression function to update a..h */
+- T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
+- (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
+- T2 = Sigma0_512(a) + Maj(a, b, c);
+- h = g;
+- g = f;
+- f = e;
+- e = d + T1;
+- d = c;
+- c = b;
+- b = a;
+- a = T1 + T2;
+-
+- j++;
+- } while (j < 80);
+-
+- /* Compute the current intermediate hash value */
+- context->state[0] += a;
+- context->state[1] += b;
+- context->state[2] += c;
+- context->state[3] += d;
+- context->state[4] += e;
+- context->state[5] += f;
+- context->state[6] += g;
+- context->state[7] += h;
+-
+- /* Clean up */
+- a = b = c = d = e = f = g = h = T1 = T2 = 0;
+-}
+-
+-#endif /* SHA2_UNROLL_TRANSFORM */
+-
+-void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t len) {
+- size_t freespace, usedspace;
+-
+- if (len == 0) {
+- /* Calling with no data is valid - we do nothing */
+- return;
+- }
+-
+- /* Sanity check: */
+- assert(context != (ldns_sha512_CTX*)0 && data != (sha2_byte*)0);
+-
+- usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH;
+- if (usedspace > 0) {
+- /* Calculate how much free space is available in the buffer */
+- freespace = LDNS_SHA512_BLOCK_LENGTH - usedspace;
+-
+- if (len >= freespace) {
+- /* Fill the buffer completely and process it */
+- MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
+- ADDINC128(context->bitcount, freespace << 3);
+- len -= freespace;
+- data += freespace;
+- ldns_sha512_Transform(context, (sha2_word64*)context->buffer);
+- } else {
+- /* The buffer is not yet full */
+- MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
+- ADDINC128(context->bitcount, len << 3);
+- /* Clean up: */
+- usedspace = freespace = 0;
+- return;
+- }
+- }
+- while (len >= LDNS_SHA512_BLOCK_LENGTH) {
+- /* Process as many complete blocks as we can */
+- ldns_sha512_Transform(context, (sha2_word64*)data);
+- ADDINC128(context->bitcount, LDNS_SHA512_BLOCK_LENGTH << 3);
+- len -= LDNS_SHA512_BLOCK_LENGTH;
+- data += LDNS_SHA512_BLOCK_LENGTH;
+- }
+- if (len > 0) {
+- /* There's left-overs, so save 'em */
+- MEMCPY_BCOPY(context->buffer, data, len);
+- ADDINC128(context->bitcount, len << 3);
+- }
+- /* Clean up: */
+- usedspace = freespace = 0;
+-}
+-
+-static void ldns_sha512_Last(ldns_sha512_CTX* context) {
+- size_t usedspace;
+- ldns_sha2_buffer_union cast_var;
+-
+- usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH;
+-#if BYTE_ORDER == LITTLE_ENDIAN
+- /* Convert FROM host byte order */
+- REVERSE64(context->bitcount[0],context->bitcount[0]);
+- REVERSE64(context->bitcount[1],context->bitcount[1]);
+-#endif
+- if (usedspace > 0) {
+- /* Begin padding with a 1 bit: */
+- context->buffer[usedspace++] = 0x80;
+-
+- if (usedspace <= ldns_sha512_SHORT_BLOCK_LENGTH) {
+- /* Set-up for the last transform: */
+- MEMSET_BZERO(&context->buffer[usedspace], ldns_sha512_SHORT_BLOCK_LENGTH - usedspace);
+- } else {
+- if (usedspace < LDNS_SHA512_BLOCK_LENGTH) {
+- MEMSET_BZERO(&context->buffer[usedspace], LDNS_SHA512_BLOCK_LENGTH - usedspace);
+- }
+- /* Do second-to-last transform: */
+- ldns_sha512_Transform(context, (sha2_word64*)context->buffer);
+-
+- /* And set-up for the last transform: */
+- MEMSET_BZERO(context->buffer, LDNS_SHA512_BLOCK_LENGTH - 2);
+- }
+- } else {
+- /* Prepare for final transform: */
+- MEMSET_BZERO(context->buffer, ldns_sha512_SHORT_BLOCK_LENGTH);
+-
+- /* Begin padding with a 1 bit: */
+- *context->buffer = 0x80;
+- }
+- /* Store the length of input data (in bits): */
+- cast_var.theChars = context->buffer;
+- cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8] = context->bitcount[1];
+- cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8 + 1] = context->bitcount[0];
+-
+- /* final transform: */
+- ldns_sha512_Transform(context, (sha2_word64*)context->buffer);
+-}
+-
+-void ldns_sha512_final(sha2_byte digest[], ldns_sha512_CTX* context) {
+- sha2_word64 *d = (sha2_word64*)digest;
+-
+- /* Sanity check: */
+- assert(context != (ldns_sha512_CTX*)0);
+-
+- /* If no digest buffer is passed, we don't bother doing this: */
+- if (digest != (sha2_byte*)0) {
+- ldns_sha512_Last(context);
+-
+- /* Save the hash data for output: */
+-#if BYTE_ORDER == LITTLE_ENDIAN
+- {
+- /* Convert TO host byte order */
+- int j;
+- for (j = 0; j < 8; j++) {
+- REVERSE64(context->state[j],context->state[j]);
+- *d++ = context->state[j];
+- }
+- }
+-#else
+- MEMCPY_BCOPY(d, context->state, LDNS_SHA512_DIGEST_LENGTH);
+-#endif
+- }
+-
+- /* Zero out state data */
+- MEMSET_BZERO(context, sizeof(ldns_sha512_CTX));
+-}
+-
+-unsigned char *
+-ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest)
+-{
+- ldns_sha512_CTX ctx;
+- ldns_sha512_init(&ctx);
+- ldns_sha512_update(&ctx, data, data_len);
+- ldns_sha512_final(digest, &ctx);
+- return digest;
+-}
+-
+-/*** SHA-384: *********************************************************/
+-void ldns_sha384_init(ldns_sha384_CTX* context) {
+- if (context == (ldns_sha384_CTX*)0) {
+- return;
+- }
+- MEMCPY_BCOPY(context->state, sha384_initial_hash_value, LDNS_SHA512_DIGEST_LENGTH);
+- MEMSET_BZERO(context->buffer, LDNS_SHA384_BLOCK_LENGTH);
+- context->bitcount[0] = context->bitcount[1] = 0;
+-}
+-
+-void ldns_sha384_update(ldns_sha384_CTX* context, const sha2_byte* data, size_t len) {
+- ldns_sha512_update((ldns_sha512_CTX*)context, data, len);
+-}
+-
+-void ldns_sha384_final(sha2_byte digest[], ldns_sha384_CTX* context) {
+- sha2_word64 *d = (sha2_word64*)digest;
+-
+- /* Sanity check: */
+- assert(context != (ldns_sha384_CTX*)0);
+-
+- /* If no digest buffer is passed, we don't bother doing this: */
+- if (digest != (sha2_byte*)0) {
+- ldns_sha512_Last((ldns_sha512_CTX*)context);
+-
+- /* Save the hash data for output: */
+-#if BYTE_ORDER == LITTLE_ENDIAN
+- {
+- /* Convert TO host byte order */
+- int j;
+- for (j = 0; j < 6; j++) {
+- REVERSE64(context->state[j],context->state[j]);
+- *d++ = context->state[j];
+- }
+- }
+-#else
+- MEMCPY_BCOPY(d, context->state, LDNS_SHA384_DIGEST_LENGTH);
+-#endif
+- }
+-
+- /* Zero out state data */
+- MEMSET_BZERO(context, sizeof(ldns_sha384_CTX));
+-}
+-
+-unsigned char *
+-ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest)
+-{
+- ldns_sha384_CTX ctx;
+- ldns_sha384_init(&ctx);
+- ldns_sha384_update(&ctx, data, data_len);
+- ldns_sha384_final(digest, &ctx);
+- return digest;
+-}
+diff --git a/src/ldns/str2host.c b/src/ldns/str2host.c
+deleted file mode 100644
+index cd07c89..0000000
+--- a/src/ldns/str2host.c
++++ /dev/null
+@@ -1,1604 +0,0 @@
+-/*
+- * str2host.c
+- *
+- * conversion routines from the presentation format
+- * to the host format
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#ifdef HAVE_SYS_SOCKET_H
+-#include <sys/socket.h>
+-#endif
+-#ifdef HAVE_ARPA_INET_H
+-#include <arpa/inet.h>
+-#endif
+-#include <time.h>
+-
+-#include <errno.h>
+-#ifdef HAVE_NETDB_H
+-#include <netdb.h>
+-#endif
+-
+-#include <limits.h>
+-#ifdef HAVE_SYS_PARAM_H
+-#include <sys/param.h>
+-#endif
+-
+-ldns_status
+-ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr)
+-{
+- char *end = NULL;
+- uint16_t *r;
+- r = LDNS_MALLOC(uint16_t);
+- if(!r) return LDNS_STATUS_MEM_ERR;
+-
+- *r = htons((uint16_t)strtol((char *)shortstr, &end, 10));
+-
+- if(*end != 0) {
+- LDNS_FREE(r);
+- return LDNS_STATUS_INVALID_INT;
+- } else {
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_INT16, sizeof(uint16_t), r);
+- LDNS_FREE(r);
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+- }
+-}
+-
+-ldns_status
+-ldns_str2rdf_time(ldns_rdf **rd, const char *time)
+-{
+- /* convert a time YYYYDDMMHHMMSS to wireformat */
+- uint16_t *r = NULL;
+- struct tm tm;
+- uint32_t l;
+- char *end;
+-
+- /* Try to scan the time... */
+- r = (uint16_t*)LDNS_MALLOC(uint32_t);
+- if(!r) return LDNS_STATUS_MEM_ERR;
+-
+- memset(&tm, 0, sizeof(tm));
+-
+- if (strlen(time) == 14 &&
+- sscanf(time, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) == 6
+- ) {
+- tm.tm_year -= 1900;
+- tm.tm_mon--;
+- /* Check values */
+- if (tm.tm_year < 70) {
+- goto bad_format;
+- }
+- if (tm.tm_mon < 0 || tm.tm_mon > 11) {
+- goto bad_format;
+- }
+- if (tm.tm_mday < 1 || tm.tm_mday > 31) {
+- goto bad_format;
+- }
+-
+- if (tm.tm_hour < 0 || tm.tm_hour > 23) {
+- goto bad_format;
+- }
+-
+- if (tm.tm_min < 0 || tm.tm_min > 59) {
+- goto bad_format;
+- }
+-
+- if (tm.tm_sec < 0 || tm.tm_sec > 59) {
+- goto bad_format;
+- }
+-
+- l = htonl(ldns_mktime_from_utc(&tm));
+- memcpy(r, &l, sizeof(uint32_t));
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_TIME, sizeof(uint32_t), r);
+- LDNS_FREE(r);
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+- } else {
+- /* handle it as 32 bits timestamp */
+- l = htonl((uint32_t)strtol((char*)time, &end, 10));
+- if(*end != 0) {
+- LDNS_FREE(r);
+- return LDNS_STATUS_ERR;
+- } else {
+- memcpy(r, &l, sizeof(uint32_t));
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r);
+- LDNS_FREE(r);
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+- }
+- }
+-
+- bad_format:
+- LDNS_FREE(r);
+- return LDNS_STATUS_INVALID_TIME;
+-}
+-
+-ldns_status
+-ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *salt_str)
+-{
+- uint8_t salt_length;
+- int c;
+- int salt_length_str;
+-
+- uint8_t *salt;
+- uint8_t *data;
+- if(rd == NULL) {
+- return LDNS_STATUS_NULL;
+- }
+-
+- salt_length_str = (int)strlen(salt_str);
+- if (salt_length_str == 1 && salt_str[0] == '-') {
+- salt_length_str = 0;
+- } else if (salt_length_str % 2 != 0) {
+- return LDNS_STATUS_INVALID_HEX;
+- }
+- if (salt_length_str > 512) {
+- return LDNS_STATUS_INVALID_HEX;
+- }
+-
+- salt = LDNS_XMALLOC(uint8_t, salt_length_str / 2);
+- if(!salt) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- for (c = 0; c < salt_length_str; c += 2) {
+- if (isxdigit((int) salt_str[c]) && isxdigit((int) salt_str[c+1])) {
+- salt[c/2] = (uint8_t) ldns_hexdigit_to_int(salt_str[c]) * 16 +
+- ldns_hexdigit_to_int(salt_str[c+1]);
+- } else {
+- LDNS_FREE(salt);
+- return LDNS_STATUS_INVALID_HEX;
+- }
+- }
+- salt_length = (uint8_t) (salt_length_str / 2);
+-
+- data = LDNS_XMALLOC(uint8_t, 1 + salt_length);
+- if(!data) {
+- LDNS_FREE(salt);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- data[0] = salt_length;
+- memcpy(&data[1], salt, salt_length);
+- *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, 1 + salt_length, data);
+- LDNS_FREE(data);
+- LDNS_FREE(salt);
+-
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_period(ldns_rdf **rd,const char *period)
+-{
+- uint32_t p;
+- const char *end;
+-
+- /* Allocate required space... */
+- p = ldns_str2period(period, &end);
+-
+- if (*end != 0) {
+- return LDNS_STATUS_ERR;
+- } else {
+- p = (uint32_t) htonl(p);
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_PERIOD, sizeof(uint32_t), &p);
+- }
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr)
+-{
+- char *end;
+- uint16_t *r = NULL;
+- uint32_t l;
+-
+- r = (uint16_t*)LDNS_MALLOC(uint32_t);
+- if(!r) return LDNS_STATUS_MEM_ERR;
+- errno = 0; /* must set to zero before call,
+- note race condition on errno */
+- if(*longstr == '-')
+- l = htonl((uint32_t)strtol((char*)longstr, &end, 10));
+- else l = htonl((uint32_t)strtoul((char*)longstr, &end, 10));
+-
+- if(*end != 0) {
+- LDNS_FREE(r);
+- return LDNS_STATUS_ERR;
+- } else {
+- if (errno == ERANGE) {
+- LDNS_FREE(r);
+- return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW;
+- }
+- memcpy(r, &l, sizeof(uint32_t));
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r);
+- LDNS_FREE(r);
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+- }
+-}
+-
+-ldns_status
+-ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr)
+-{
+- char *end;
+- uint8_t *r = NULL;
+-
+- r = LDNS_MALLOC(uint8_t);
+- if(!r) return LDNS_STATUS_MEM_ERR;
+-
+- *r = (uint8_t)strtol((char*)bytestr, &end, 10);
+-
+- if(*end != 0) {
+- LDNS_FREE(r);
+- return LDNS_STATUS_ERR;
+- } else {
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_INT8, sizeof(uint8_t), r);
+- LDNS_FREE(r);
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+- }
+-}
+-
+-
+-/*
+- * Checks whether the escaped value at **s is an decimal value or
+- * a 'normally' escaped character (and not eos)
+- *
+- * The string pointer at *s is increased by either 0 (on error), 1 (on
+- * normal escapes), or 3 (on decimals)
+- *
+- * Returns the number of bytes read from the escaped string, or
+- * 0 on error
+- */
+-INLINE bool
+-parse_escape(uint8_t *ch_p, const char** str_p)
+-{
+- uint16_t val;
+-
+- if ((*str_p)[0] && isdigit((*str_p)[0]) &&
+- (*str_p)[1] && isdigit((*str_p)[1]) &&
+- (*str_p)[2] && isdigit((*str_p)[2])) {
+-
+- val = (uint16_t)(((*str_p)[0] - '0') * 100 +
+- ((*str_p)[1] - '0') * 10 +
+- ((*str_p)[2] - '0'));
+-
+- if (val > 255) {
+- goto error;
+- }
+- *ch_p = (uint8_t)val;
+- *str_p += 3;
+- return true;
+-
+- } else if ((*str_p)[0] && !isdigit((*str_p)[0])) {
+-
+- *ch_p = (uint8_t)*(*str_p)++;
+- return true;
+- }
+-error:
+- *str_p = NULL;
+- return false; /* LDNS_STATUS_SYNTAX_BAD_ESCAPE */
+-}
+-
+-INLINE bool
+-parse_char(uint8_t *ch_p, const char** str_p)
+-{
+- switch (**str_p) {
+-
+- case '\0': return false;
+-
+- case '\\': *str_p += 1;
+- return parse_escape(ch_p, str_p);
+-
+- default: *ch_p = (uint8_t)*(*str_p)++;
+- return true;
+- }
+-}
+-
+-/*
+- * No special care is taken, all dots are translated into
+- * label seperators.
+- * Could be made more efficient....we do 3 memcpy's in total...
+- */
+-ldns_status
+-ldns_str2rdf_dname(ldns_rdf **d, const char *str)
+-{
+- size_t len;
+-
+- const char *s;
+- uint8_t *q, *pq, label_len;
+- uint8_t buf[LDNS_MAX_DOMAINLEN + 1];
+- *d = NULL;
+-
+- len = strlen((char*)str);
+- /* octet representation can make strings a lot longer than actual length */
+- if (len > LDNS_MAX_DOMAINLEN * 4) {
+- return LDNS_STATUS_DOMAINNAME_OVERFLOW;
+- }
+- if (0 == len) {
+- return LDNS_STATUS_DOMAINNAME_UNDERFLOW;
+- }
+-
+- /* root label */
+- if (1 == len && *str == '.') {
+- *d = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, 1, "\0");
+- return LDNS_STATUS_OK;
+- }
+-
+- /* get on with the rest */
+-
+- /* s is on the current character in the string
+- * pq points to where the labellength is going to go
+- * label_len keeps track of the current label's length
+- * q builds the dname inside the buf array
+- */
+- len = 0;
+- q = buf+1;
+- pq = buf;
+- label_len = 0;
+- for (s = str; *s; s++, q++) {
+- if (q > buf + LDNS_MAX_DOMAINLEN) {
+- return LDNS_STATUS_DOMAINNAME_OVERFLOW;
+- }
+- *q = 0;
+- switch (*s) {
+- case '.':
+- if (label_len > LDNS_MAX_LABELLEN) {
+- return LDNS_STATUS_LABEL_OVERFLOW;
+- }
+- if (label_len == 0) {
+- return LDNS_STATUS_EMPTY_LABEL;
+- }
+- len += label_len + 1;
+- *pq = label_len;
+- label_len = 0;
+- pq = q;
+- break;
+- case '\\':
+- /* octet value or literal char */
+- s += 1;
+- if (! parse_escape(q, &s)) {
+- return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
+- }
+- s -= 1;
+- label_len++;
+- break;
+- default:
+- *q = (uint8_t)*s;
+- label_len++;
+- }
+- }
+-
+- /* add root label if last char was not '.' */
+- if (!ldns_dname_str_absolute(str)) {
+- if (q > buf + LDNS_MAX_DOMAINLEN) {
+- return LDNS_STATUS_DOMAINNAME_OVERFLOW;
+- }
+- if (label_len > LDNS_MAX_LABELLEN) {
+- return LDNS_STATUS_LABEL_OVERFLOW;
+- }
+- if (label_len == 0) { /* label_len 0 but not . at end? */
+- return LDNS_STATUS_EMPTY_LABEL;
+- }
+- len += label_len + 1;
+- *pq = label_len;
+- *q = 0;
+- }
+- len++;
+-
+- *d = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, len, buf);
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_str2rdf_a(ldns_rdf **rd, const char *str)
+-{
+- in_addr_t address;
+- if (inet_pton(AF_INET, (char*)str, &address) != 1) {
+- return LDNS_STATUS_INVALID_IP4;
+- } else {
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_A, sizeof(address), &address);
+- }
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str)
+-{
+- uint8_t address[LDNS_IP6ADDRLEN + 1];
+-
+- if (inet_pton(AF_INET6, (char*)str, address) != 1) {
+- return LDNS_STATUS_INVALID_IP6;
+- } else {
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_AAAA, sizeof(address) - 1, &address);
+- }
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_str(ldns_rdf **rd, const char *str)
+-{
+- uint8_t *data, *dp, ch = 0;
+- size_t length;
+-
+- /* Worst case space requirement. We'll realloc to actual size later. */
+- dp = data = LDNS_XMALLOC(uint8_t, strlen(str) > 255 ? 256 : (strlen(str) + 1));
+- if (! data) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- /* Fill data (up to 255 characters) */
+- while (parse_char(&ch, &str)) {
+- if (dp - data >= 255) {
+- LDNS_FREE(data);
+- return LDNS_STATUS_INVALID_STR;
+- }
+- *++dp = ch;
+- }
+- if (! str) {
+- return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
+- }
+- length = (size_t)(dp - data);
+- /* Fix last length byte */
+- data[0] = (uint8_t)length;
+-
+- /* Lose the overmeasure */
+- data = LDNS_XREALLOC(dp = data, uint8_t, length + 1);
+- if (! data) {
+- LDNS_FREE(dp);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- /* Create rdf */
+- *rd = ldns_rdf_new(LDNS_RDF_TYPE_STR, length + 1, data);
+- if (! *rd) {
+- LDNS_FREE(data);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_str2rdf_apl(ldns_rdf **rd, const char *str)
+-{
+- const char *my_str = str;
+-
+- char *my_ip_str;
+- size_t ip_str_len;
+-
+- uint16_t family;
+- bool negation;
+- uint8_t afdlength = 0;
+- uint8_t *afdpart;
+- uint8_t prefix;
+-
+- uint8_t *data;
+-
+- size_t i = 0;
+-
+- /* [!]afi:address/prefix */
+- if (strlen(my_str) < 2
+- || strchr(my_str, ':') == NULL
+- || strchr(my_str, '/') == NULL
+- || strchr(my_str, ':') > strchr(my_str, '/')) {
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- if (my_str[0] == '!') {
+- negation = true;
+- my_str += 1;
+- } else {
+- negation = false;
+- }
+-
+- family = (uint16_t) atoi(my_str);
+-
+- my_str = strchr(my_str, ':') + 1;
+-
+- /* need ip addr and only ip addr for inet_pton */
+- ip_str_len = (size_t) (strchr(my_str, '/') - my_str);
+- my_ip_str = LDNS_XMALLOC(char, ip_str_len + 1);
+- if(!my_ip_str) return LDNS_STATUS_MEM_ERR;
+- strncpy(my_ip_str, my_str, ip_str_len + 1);
+- my_ip_str[ip_str_len] = '\0';
+-
+- if (family == 1) {
+- /* ipv4 */
+- afdpart = LDNS_XMALLOC(uint8_t, 4);
+- if(!afdpart) {
+- LDNS_FREE(my_ip_str);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- if (inet_pton(AF_INET, my_ip_str, afdpart) == 0) {
+- LDNS_FREE(my_ip_str);
+- LDNS_FREE(afdpart);
+- return LDNS_STATUS_INVALID_STR;
+- }
+- for (i = 0; i < 4; i++) {
+- if (afdpart[i] != 0) {
+- afdlength = i + 1;
+- }
+- }
+- } else if (family == 2) {
+- /* ipv6 */
+- afdpart = LDNS_XMALLOC(uint8_t, 16);
+- if(!afdpart) {
+- LDNS_FREE(my_ip_str);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- if (inet_pton(AF_INET6, my_ip_str, afdpart) == 0) {
+- LDNS_FREE(my_ip_str);
+- LDNS_FREE(afdpart);
+- return LDNS_STATUS_INVALID_STR;
+- }
+- for (i = 0; i < 16; i++) {
+- if (afdpart[i] != 0) {
+- afdlength = i + 1;
+- }
+- }
+- } else {
+- /* unknown family */
+- LDNS_FREE(my_ip_str);
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- my_str = strchr(my_str, '/') + 1;
+- prefix = (uint8_t) atoi(my_str);
+-
+- data = LDNS_XMALLOC(uint8_t, 4 + afdlength);
+- if(!data) {
+- LDNS_FREE(afdpart);
+- LDNS_FREE(my_ip_str);
+- return LDNS_STATUS_INVALID_STR;
+- }
+- ldns_write_uint16(data, family);
+- data[2] = prefix;
+- data[3] = afdlength;
+- if (negation) {
+- /* set bit 1 of byte 3 */
+- data[3] = data[3] | 0x80;
+- }
+-
+- memcpy(data + 4, afdpart, afdlength);
+-
+- *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_APL, afdlength + 4, data);
+- LDNS_FREE(afdpart);
+- LDNS_FREE(data);
+- LDNS_FREE(my_ip_str);
+-
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_b64(ldns_rdf **rd, const char *str)
+-{
+- uint8_t *buffer;
+- int16_t i;
+-
+- buffer = LDNS_XMALLOC(uint8_t, ldns_b64_ntop_calculate_size(strlen(str)));
+- if(!buffer) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- i = (uint16_t)ldns_b64_pton((const char*)str, buffer,
+- ldns_b64_ntop_calculate_size(strlen(str)));
+- if (-1 == i) {
+- LDNS_FREE(buffer);
+- return LDNS_STATUS_INVALID_B64;
+- } else {
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_B64, (uint16_t) i, buffer);
+- }
+- LDNS_FREE(buffer);
+-
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str)
+-{
+- uint8_t *buffer;
+- int i;
+- /* first byte contains length of actual b32 data */
+- uint8_t len = ldns_b32_pton_calculate_size(strlen(str));
+- buffer = LDNS_XMALLOC(uint8_t, len + 1);
+- if(!buffer) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- buffer[0] = len;
+-
+- i = ldns_b32_pton_extended_hex((const char*)str, strlen(str), buffer + 1,
+- ldns_b32_ntop_calculate_size(strlen(str)));
+- if (i < 0) {
+- LDNS_FREE(buffer);
+- return LDNS_STATUS_INVALID_B32_EXT;
+- } else {
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_B32_EXT, (uint16_t) i + 1, buffer);
+- }
+- LDNS_FREE(buffer);
+-
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_hex(ldns_rdf **rd, const char *str)
+-{
+- uint8_t *t, *t_orig;
+- int i;
+- size_t len;
+-
+- len = strlen(str);
+-
+- if (len > LDNS_MAX_RDFLEN * 2) {
+- return LDNS_STATUS_LABEL_OVERFLOW;
+- } else {
+- t = LDNS_XMALLOC(uint8_t, (len / 2) + 1);
+- if(!t) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- t_orig = t;
+- /* Now process octet by octet... */
+- while (*str) {
+- *t = 0;
+- if (isspace((int) *str)) {
+- str++;
+- } else {
+- for (i = 16; i >= 1; i -= 15) {
+- while (*str && isspace((int) *str)) { str++; }
+- if (*str) {
+- if (isxdigit((int) *str)) {
+- *t += ldns_hexdigit_to_int(*str) * i;
+- } else {
+- LDNS_FREE(t_orig);
+- return LDNS_STATUS_ERR;
+- }
+- ++str;
+- }
+- }
+- ++t;
+- }
+- }
+- *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX,
+- (size_t) (t - t_orig),
+- t_orig);
+- LDNS_FREE(t_orig);
+- }
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_nsec(ldns_rdf **rd, const char *str)
+-{
+- const char *delimiters = "\n\t ";
+- char *token = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN);
+- ldns_buffer *str_buf;
+- ssize_t c;
+- uint16_t cur_type;
+- size_t type_count = 0;
+- ldns_rr_type type_list[65536];
+- if(!token) return LDNS_STATUS_MEM_ERR;
+- if(rd == NULL) {
+- LDNS_FREE(token);
+- return LDNS_STATUS_NULL;
+- }
+-
+- str_buf = LDNS_MALLOC(ldns_buffer);
+- if(!str_buf) {
+- LDNS_FREE(token);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str));
+- if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) {
+- LDNS_FREE(str_buf);
+- LDNS_FREE(token);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- while ((c = ldns_bget_token(str_buf, token, delimiters, LDNS_MAX_RDFLEN)) != -1 && c != 0) {
+- if(type_count >= sizeof(type_list)) {
+- LDNS_FREE(str_buf);
+- LDNS_FREE(token);
+- return LDNS_STATUS_ERR;
+- }
+- cur_type = ldns_get_rr_type_by_name(token);
+- type_list[type_count] = cur_type;
+- type_count++;
+- }
+-
+- *rd = ldns_dnssec_create_nsec_bitmap(type_list,
+- type_count,
+- LDNS_RR_TYPE_NSEC);
+-
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_type(ldns_rdf **rd, const char *str)
+-{
+- uint16_t type;
+- type = htons(ldns_get_rr_type_by_name(str));
+- /* ldns_rr_type is a 16 bit value */
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_TYPE, sizeof(uint16_t), &type);
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_class(ldns_rdf **rd, const char *str)
+-{
+- uint16_t klass;
+- klass = htons(ldns_get_rr_class_by_name(str));
+- /* class is 16 bit */
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_CLASS, sizeof(uint16_t), &klass);
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-/* An certificate alg field can either be specified as a 8 bits number
+- * or by its symbolic name. Handle both
+- */
+-ldns_status
+-ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str)
+-{
+- ldns_lookup_table *lt;
+- ldns_status st;
+- uint8_t idd[2];
+- lt = ldns_lookup_by_name(ldns_cert_algorithms, str);
+- st = LDNS_STATUS_OK;
+-
+- if (lt) {
+- ldns_write_uint16(idd, (uint16_t) lt->id);
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_INT16, sizeof(uint16_t), idd);
+- if (!*rd) {
+- st = LDNS_STATUS_ERR;
+- }
+- } else {
+- /* try as-is (a number) */
+- st = ldns_str2rdf_int16(rd, str);
+- if (st == LDNS_STATUS_OK &&
+- ldns_rdf2native_int16(*rd) == 0) {
+- st = LDNS_STATUS_CERT_BAD_ALGORITHM;
+- }
+- }
+-
+- return st;
+-}
+-
+-static ldns_lookup_table ldns_tlsa_certificate_usages[] = {
+- { LDNS_TLSA_USAGE_PKIX_TA , "PKIX-TA" },
+- { LDNS_TLSA_USAGE_PKIX_EE , "PKIX-EE" },
+- { LDNS_TLSA_USAGE_DANE_TA , "DANE-TA" },
+- { LDNS_TLSA_USAGE_DANE_EE , "DANE-EE" },
+- { LDNS_TLSA_USAGE_PRIVCERT , "PrivCert" }
+-};
+-
+-static ldns_lookup_table ldns_tlsa_selectors[] = {
+- { LDNS_TLSA_SELECTOR_CERT , "Cert" },
+- { LDNS_TLSA_SELECTOR_SPKI , "SPKI" },
+- { LDNS_TLSA_SELECTOR_PRIVSEL , "PrivSel" }
+-};
+-
+-static ldns_lookup_table ldns_tlsa_matching_types[] = {
+- { LDNS_TLSA_MATCHING_TYPE_FULL , "Full" },
+- { LDNS_TLSA_MATCHING_TYPE_SHA2_256 , "SHA2-256" },
+- { LDNS_TLSA_MATCHING_TYPE_SHA2_512 , "SHA2-512" },
+- { LDNS_TLSA_MATCHING_TYPE_PRIVMATCH , "PrivMatch" }
+-};
+-
+-static ldns_status
+-ldns_str2rdf_mnemonic4int8(ldns_lookup_table *lt,
+- ldns_rdf **rd, const char *str)
+-{
+- if ((lt = ldns_lookup_by_name(lt, str))) {
+- /* it was given as a integer */
+- *rd = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t) lt->id);
+- if (!*rd)
+- return LDNS_STATUS_ERR;
+- else
+- return LDNS_STATUS_OK;
+- }
+- return ldns_str2rdf_int8(rd, str);
+-}
+-
+-/* An alg field can either be specified as a 8 bits number
+- * or by its symbolic name. Handle both
+- */
+-ldns_status
+-ldns_str2rdf_alg(ldns_rdf **rd, const char *str)
+-{
+- return ldns_str2rdf_mnemonic4int8(ldns_algorithms, rd, str);
+-}
+-
+-ldns_status
+-ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str)
+-{
+- return ldns_str2rdf_mnemonic4int8(
+- ldns_tlsa_certificate_usages, rd, str);
+-}
+-
+-ldns_status
+-ldns_str2rdf_selector(ldns_rdf **rd, const char *str)
+-{
+- return ldns_str2rdf_mnemonic4int8(ldns_tlsa_selectors, rd, str);
+-}
+-
+-ldns_status
+-ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str)
+-{
+- return ldns_str2rdf_mnemonic4int8(ldns_tlsa_matching_types, rd, str);
+-}
+-
+-ldns_status
+-ldns_str2rdf_unknown( ATTR_UNUSED(ldns_rdf **rd)
+- , ATTR_UNUSED(const char *str)
+- )
+-{
+- /* this should be caught in an earlier time (general str2host for
+- rr's */
+- return LDNS_STATUS_NOT_IMPL;
+-}
+-
+-ldns_status
+-ldns_str2rdf_service( ATTR_UNUSED(ldns_rdf **rd)
+- , ATTR_UNUSED(const char *str)
+- )
+-{
+- /* is this used? is this actually WKS? or SRV? */
+- return LDNS_STATUS_NOT_IMPL;
+-}
+-
+-static int
+-loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e)
+-{
+- /* read <digits>[.<digits>][mM] */
+- /* into mantissa exponent format for LOC type */
+- uint32_t meters = 0, cm = 0, val;
+- while (isblank(*my_str)) {
+- my_str++;
+- }
+- meters = (uint32_t)strtol(my_str, &my_str, 10);
+- if (*my_str == '.') {
+- my_str++;
+- cm = (uint32_t)strtol(my_str, &my_str, 10);
+- }
+- if (meters >= 1) {
+- *e = 2;
+- val = meters;
+- } else {
+- *e = 0;
+- val = cm;
+- }
+- while(val >= 10) {
+- (*e)++;
+- val /= 10;
+- }
+- *m = (uint8_t)val;
+-
+- if (*e > 9)
+- return 0;
+- if (*my_str == 'm' || *my_str == 'M') {
+- my_str++;
+- }
+- *endstr = my_str;
+- return 1;
+-}
+-
+-ldns_status
+-ldns_str2rdf_loc(ldns_rdf **rd, const char *str)
+-{
+- uint32_t latitude = 0;
+- uint32_t longitude = 0;
+- uint32_t altitude = 0;
+-
+- uint8_t *data;
+- uint32_t equator = (uint32_t) ldns_power(2, 31);
+-
+- uint32_t h = 0;
+- uint32_t m = 0;
+- uint8_t size_b = 1, size_e = 2;
+- uint8_t horiz_pre_b = 1, horiz_pre_e = 6;
+- uint8_t vert_pre_b = 1, vert_pre_e = 3;
+-
+- double s = 0.0;
+- bool northerness;
+- bool easterness;
+-
+- char *my_str = (char *) str;
+-
+- /* only support version 0 */
+- if (isdigit((int) *my_str)) {
+- h = (uint32_t) strtol(my_str, &my_str, 10);
+- } else {
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- while (isblank((int) *my_str)) {
+- my_str++;
+- }
+-
+- if (isdigit((int) *my_str)) {
+- m = (uint32_t) strtol(my_str, &my_str, 10);
+- } else if (*my_str == 'N' || *my_str == 'S') {
+- goto north;
+- } else {
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- while (isblank((int) *my_str)) {
+- my_str++;
+- }
+-
+- if (isdigit((int) *my_str)) {
+- s = strtod(my_str, &my_str);
+- }
+-north:
+- while (isblank((int) *my_str)) {
+- my_str++;
+- }
+-
+- if (*my_str == 'N') {
+- northerness = true;
+- } else if (*my_str == 'S') {
+- northerness = false;
+- } else {
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- my_str++;
+-
+- /* store number */
+- s = 1000.0 * s;
+- /* add a little to make floor in conversion a round */
+- s += 0.0005;
+- latitude = (uint32_t) s;
+- latitude += 1000 * 60 * m;
+- latitude += 1000 * 60 * 60 * h;
+- if (northerness) {
+- latitude = equator + latitude;
+- } else {
+- latitude = equator - latitude;
+- }
+- while (isblank(*my_str)) {
+- my_str++;
+- }
+-
+- if (isdigit((int) *my_str)) {
+- h = (uint32_t) strtol(my_str, &my_str, 10);
+- } else {
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- while (isblank((int) *my_str)) {
+- my_str++;
+- }
+-
+- if (isdigit((int) *my_str)) {
+- m = (uint32_t) strtol(my_str, &my_str, 10);
+- } else if (*my_str == 'E' || *my_str == 'W') {
+- goto east;
+- } else {
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- while (isblank(*my_str)) {
+- my_str++;
+- }
+-
+- if (isdigit((int) *my_str)) {
+- s = strtod(my_str, &my_str);
+- }
+-
+-east:
+- while (isblank(*my_str)) {
+- my_str++;
+- }
+-
+- if (*my_str == 'E') {
+- easterness = true;
+- } else if (*my_str == 'W') {
+- easterness = false;
+- } else {
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- my_str++;
+-
+- /* store number */
+- s *= 1000.0;
+- /* add a little to make floor in conversion a round */
+- s += 0.0005;
+- longitude = (uint32_t) s;
+- longitude += 1000 * 60 * m;
+- longitude += 1000 * 60 * 60 * h;
+-
+- if (easterness) {
+- longitude += equator;
+- } else {
+- longitude = equator - longitude;
+- }
+-
+- altitude = (uint32_t)(strtod(my_str, &my_str)*100.0 +
+- 10000000.0 + 0.5);
+- if (*my_str == 'm' || *my_str == 'M') {
+- my_str++;
+- }
+-
+- if (strlen(my_str) > 0) {
+- if(!loc_parse_cm(my_str, &my_str, &size_b, &size_e))
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- if (strlen(my_str) > 0) {
+- if(!loc_parse_cm(my_str, &my_str, &horiz_pre_b, &horiz_pre_e))
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- if (strlen(my_str) > 0) {
+- if(!loc_parse_cm(my_str, &my_str, &vert_pre_b, &vert_pre_e))
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- data = LDNS_XMALLOC(uint8_t, 16);
+- if(!data) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- data[0] = 0;
+- data[1] = 0;
+- data[1] = ((size_b << 4) & 0xf0) | (size_e & 0x0f);
+- data[2] = ((horiz_pre_b << 4) & 0xf0) | (horiz_pre_e & 0x0f);
+- data[3] = ((vert_pre_b << 4) & 0xf0) | (vert_pre_e & 0x0f);
+- ldns_write_uint32(data + 4, latitude);
+- ldns_write_uint32(data + 8, longitude);
+- ldns_write_uint32(data + 12, altitude);
+-
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_LOC, 16, data);
+-
+- LDNS_FREE(data);
+- return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_wks(ldns_rdf **rd, const char *str)
+-{
+- uint8_t *bitmap = NULL;
+- uint8_t *data;
+- int bm_len = 0;
+-
+- struct protoent *proto = NULL;
+- struct servent *serv = NULL;
+- int serv_port;
+-
+- ldns_buffer *str_buf;
+-
+- char *proto_str = NULL;
+- char *token;
+- if(strlen(str) == 0)
+- token = LDNS_XMALLOC(char, 50);
+- else token = LDNS_XMALLOC(char, strlen(str)+2);
+- if(!token) return LDNS_STATUS_MEM_ERR;
+-
+- str_buf = LDNS_MALLOC(ldns_buffer);
+- if(!str_buf) {LDNS_FREE(token); return LDNS_STATUS_MEM_ERR;}
+- ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str));
+- if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) {
+- LDNS_FREE(str_buf);
+- LDNS_FREE(token);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) {
+- if (!proto_str) {
+- proto_str = strdup(token);
+- if (!proto_str) {
+- LDNS_FREE(bitmap);
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- return LDNS_STATUS_INVALID_STR;
+- }
+- } else {
+- serv = getservbyname(token, proto_str);
+- if (serv) {
+- serv_port = (int) ntohs((uint16_t) serv->s_port);
+- } else {
+- serv_port = atoi(token);
+- }
+- if (serv_port / 8 >= bm_len) {
+- uint8_t *b2 = LDNS_XREALLOC(bitmap, uint8_t, (serv_port / 8) + 1);
+- if(!b2) {
+- LDNS_FREE(bitmap);
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- free(proto_str);
+- return LDNS_STATUS_INVALID_STR;
+- }
+- bitmap = b2;
+- /* set to zero to be sure */
+- for (; bm_len <= serv_port / 8; bm_len++) {
+- bitmap[bm_len] = 0;
+- }
+- }
+- ldns_set_bit(bitmap + (serv_port / 8), 7 - (serv_port % 8), true);
+- }
+- }
+-
+- if (!proto_str || !bitmap) {
+- LDNS_FREE(bitmap);
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- free(proto_str);
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- data = LDNS_XMALLOC(uint8_t, bm_len + 1);
+- if(!data) {
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- LDNS_FREE(bitmap);
+- free(proto_str);
+- return LDNS_STATUS_INVALID_STR;
+- }
+- if (proto_str)
+- proto = getprotobyname(proto_str);
+- if (proto) {
+- data[0] = (uint8_t) proto->p_proto;
+- } else if (proto_str) {
+- data[0] = (uint8_t) atoi(proto_str);
+- }
+- memcpy(data + 1, bitmap, (size_t) bm_len);
+-
+- *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_WKS, (uint16_t) (bm_len + 1), data);
+-
+- LDNS_FREE(data);
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- LDNS_FREE(bitmap);
+- free(proto_str);
+-#ifdef HAVE_ENDSERVENT
+- endservent();
+-#endif
+-#ifdef HAVE_ENDPROTOENT
+- endprotoent();
+-#endif
+-
+- if(!*rd) return LDNS_STATUS_MEM_ERR;
+-
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_str2rdf_nsap(ldns_rdf **rd, const char *str)
+-{
+- size_t len, i;
+- char* nsap_str = (char*) str;
+-
+- /* just a hex string with optional dots? */
+- if (str[0] != '0' || str[1] != 'x') {
+- return LDNS_STATUS_INVALID_STR;
+- } else {
+- len = strlen(str);
+- for (i=0; i < len; i++) {
+- if (nsap_str[i] == '.')
+- nsap_str[i] = ' ';
+- }
+- return ldns_str2rdf_hex(rd, str+2);
+- }
+-}
+-
+-ldns_status
+-ldns_str2rdf_atma(ldns_rdf **rd, const char *str)
+-{
+- size_t len, i;
+- char* atma_str = (char*) str;
+- ldns_status status;
+-
+- /* just a hex string with optional dots? */
+- len = strlen(str);
+- for (i=0; i < len; i++) {
+- if (atma_str[i] == '.')
+- atma_str[i] = ' ';
+- }
+- status = ldns_str2rdf_hex(rd, str);
+- if (status != LDNS_STATUS_OK) {
+- ; /* probably in e.164 format than */
+- }
+- return status;
+-}
+-
+-ldns_status
+-ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str)
+-{
+- uint8_t precedence = 0;
+- uint8_t gateway_type = 0;
+- uint8_t algorithm = 0;
+- char* gateway = NULL;
+- char* publickey = NULL;
+- uint8_t *data;
+- ldns_buffer *str_buf;
+- char *token;
+- int token_count = 0;
+- int ipseckey_len = 0;
+- ldns_rdf* gateway_rdf = NULL;
+- ldns_rdf* publickey_rdf = NULL;
+- ldns_status status = LDNS_STATUS_OK;
+-
+- if(strlen(str) == 0)
+- token = LDNS_XMALLOC(char, 256);
+- else token = LDNS_XMALLOC(char, strlen(str)+2);
+- if(!token) return LDNS_STATUS_MEM_ERR;
+-
+- str_buf = LDNS_MALLOC(ldns_buffer);
+- if(!str_buf) {LDNS_FREE(token); return LDNS_STATUS_MEM_ERR;}
+- ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str));
+- if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) {
+- LDNS_FREE(str_buf);
+- LDNS_FREE(token);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) {
+- switch (token_count) {
+- case 0:
+- precedence = (uint8_t)atoi(token);
+- break;
+- case 1:
+- gateway_type = (uint8_t)atoi(token);
+- break;
+- case 2:
+- algorithm = (uint8_t)atoi(token);
+- break;
+- case 3:
+- gateway = strdup(token);
+- if (!gateway || (gateway_type == 0 &&
+- (token[0] != '.' || token[1] != '\0'))) {
+- LDNS_FREE(gateway);
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- return LDNS_STATUS_INVALID_STR;
+- }
+- break;
+- case 4:
+- publickey = strdup(token);
+- break;
+- default:
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- return LDNS_STATUS_INVALID_STR;
+- break;
+- }
+- token_count++;
+- }
+-
+- if (!gateway || !publickey) {
+- if (gateway)
+- LDNS_FREE(gateway);
+- if (publickey)
+- LDNS_FREE(publickey);
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- if (gateway_type == 1) {
+- status = ldns_str2rdf_a(&gateway_rdf, gateway);
+- } else if (gateway_type == 2) {
+- status = ldns_str2rdf_aaaa(&gateway_rdf, gateway);
+- } else if (gateway_type == 3) {
+- status = ldns_str2rdf_dname(&gateway_rdf, gateway);
+- }
+-
+- if (status != LDNS_STATUS_OK) {
+- if (gateway)
+- LDNS_FREE(gateway);
+- if (publickey)
+- LDNS_FREE(publickey);
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- status = ldns_str2rdf_b64(&publickey_rdf, publickey);
+-
+- if (status != LDNS_STATUS_OK) {
+- if (gateway)
+- LDNS_FREE(gateway);
+- if (publickey)
+- LDNS_FREE(publickey);
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- if (gateway_rdf) ldns_rdf_free(gateway_rdf);
+- return LDNS_STATUS_INVALID_STR;
+- }
+-
+- /* now copy all into one ipseckey rdf */
+- if (gateway_type)
+- ipseckey_len = 3 + (int)ldns_rdf_size(gateway_rdf) + (int)ldns_rdf_size(publickey_rdf);
+- else
+- ipseckey_len = 3 + (int)ldns_rdf_size(publickey_rdf);
+-
+- data = LDNS_XMALLOC(uint8_t, ipseckey_len);
+- if(!data) {
+- if (gateway)
+- LDNS_FREE(gateway);
+- if (publickey)
+- LDNS_FREE(publickey);
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- if (gateway_rdf) ldns_rdf_free(gateway_rdf);
+- if (publickey_rdf) ldns_rdf_free(publickey_rdf);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- data[0] = precedence;
+- data[1] = gateway_type;
+- data[2] = algorithm;
+-
+- if (gateway_type) {
+- memcpy(data + 3,
+- ldns_rdf_data(gateway_rdf), ldns_rdf_size(gateway_rdf));
+- memcpy(data + 3 + ldns_rdf_size(gateway_rdf),
+- ldns_rdf_data(publickey_rdf), ldns_rdf_size(publickey_rdf));
+- } else {
+- memcpy(data + 3,
+- ldns_rdf_data(publickey_rdf), ldns_rdf_size(publickey_rdf));
+- }
+-
+- *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_IPSECKEY, (uint16_t) ipseckey_len, data);
+-
+- if (gateway)
+- LDNS_FREE(gateway);
+- if (publickey)
+- LDNS_FREE(publickey);
+- LDNS_FREE(token);
+- ldns_buffer_free(str_buf);
+- ldns_rdf_free(gateway_rdf);
+- ldns_rdf_free(publickey_rdf);
+- LDNS_FREE(data);
+- if(!*rd) return LDNS_STATUS_MEM_ERR;
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_str2rdf_ilnp64(ldns_rdf **rd, const char *str)
+-{
+- unsigned int a, b, c, d;
+- uint16_t shorts[4];
+- int l;
+-
+- if (sscanf(str, "%4x:%4x:%4x:%4x%n", &a, &b, &c, &d, &l) != 4 ||
+- l != (int)strlen(str) || /* more data to read */
+- strpbrk(str, "+-") /* signed hexes */
+- ) {
+- return LDNS_STATUS_INVALID_ILNP64;
+- } else {
+- shorts[0] = htons(a);
+- shorts[1] = htons(b);
+- shorts[2] = htons(c);
+- shorts[3] = htons(d);
+- *rd = ldns_rdf_new_frm_data(
+- LDNS_RDF_TYPE_ILNP64, 4 * sizeof(uint16_t), &shorts);
+- }
+- return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_eui48(ldns_rdf **rd, const char *str)
+-{
+- unsigned int a, b, c, d, e, f;
+- uint8_t bytes[6];
+- int l;
+-
+- if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x%n",
+- &a, &b, &c, &d, &e, &f, &l) != 6 ||
+- l != (int)strlen(str)) {
+- return LDNS_STATUS_INVALID_EUI48;
+- } else {
+- bytes[0] = a;
+- bytes[1] = b;
+- bytes[2] = c;
+- bytes[3] = d;
+- bytes[4] = e;
+- bytes[5] = f;
+- *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_EUI48, 6, &bytes);
+- }
+- return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_eui64(ldns_rdf **rd, const char *str)
+-{
+- unsigned int a, b, c, d, e, f, g, h;
+- uint8_t bytes[8];
+- int l;
+-
+- if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x-%2x-%2x%n",
+- &a, &b, &c, &d, &e, &f, &g, &h, &l) != 8 ||
+- l != (int)strlen(str)) {
+- return LDNS_STATUS_INVALID_EUI64;
+- } else {
+- bytes[0] = a;
+- bytes[1] = b;
+- bytes[2] = c;
+- bytes[3] = d;
+- bytes[4] = e;
+- bytes[5] = f;
+- bytes[6] = g;
+- bytes[7] = h;
+- *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_EUI64, 8, &bytes);
+- }
+- return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
+-}
+-
+-ldns_status
+-ldns_str2rdf_tag(ldns_rdf **rd, const char *str)
+-{
+- uint8_t *data;
+- const char* ptr;
+-
+- if (strlen(str) > 255) {
+- return LDNS_STATUS_INVALID_TAG;
+- }
+- for (ptr = str; *ptr; ptr++) {
+- if (! isalnum(*ptr)) {
+- return LDNS_STATUS_INVALID_TAG;
+- }
+- }
+- data = LDNS_XMALLOC(uint8_t, strlen(str) + 1);
+- if (!data) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- data[0] = strlen(str);
+- memcpy(data + 1, str, strlen(str));
+-
+- *rd = ldns_rdf_new(LDNS_RDF_TYPE_TAG, strlen(str) + 1, data);
+- if (!*rd) {
+- LDNS_FREE(data);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)
+-{
+- uint8_t *data, *dp, ch = 0;
+- size_t length;
+-
+- /* Worst case space requirement. We'll realloc to actual size later. */
+- dp = data = LDNS_XMALLOC(uint8_t, strlen(str));
+- if (! data) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- /* Fill data with parsed bytes */
+- while (parse_char(&ch, &str)) {
+- *dp++ = ch;
+- if (dp - data > LDNS_MAX_RDFLEN) {
+- LDNS_FREE(data);
+- return LDNS_STATUS_INVALID_STR;
+- }
+- }
+- if (! str) {
+- return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
+- }
+- length = (size_t)(dp - data);
+-
+- /* Lose the overmeasure */
+- data = LDNS_XREALLOC(dp = data, uint8_t, length);
+- if (! data) {
+- LDNS_FREE(dp);
+- return LDNS_STATUS_MEM_ERR;
+- }
+-
+- /* Create rdf */
+- *rd = ldns_rdf_new(LDNS_RDF_TYPE_LONG_STR, length, data);
+- if (! *rd) {
+- LDNS_FREE(data);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-ldns_status
+-ldns_str2rdf_hip(ldns_rdf **rd, const char *str)
+-{
+- const char *hit = strchr(str, ' ') + 1;
+- const char *pk = hit == NULL ? NULL : strchr(hit, ' ') + 1;
+- size_t hit_size = hit == NULL ? 0
+- : pk == NULL ? strlen(hit) : (size_t) (pk - hit) - 1;
+- size_t pk_size = pk == NULL ? 0 : strlen(pk);
+- size_t hit_wire_size = (hit_size + 1) / 2;
+- size_t pk_wire_size = ldns_b64_pton_calculate_size(pk_size);
+- size_t rdf_size = 4 + hit_wire_size + pk_wire_size;
+-
+- char *endptr; /* utility var for strtol usage */
+- int algorithm = strtol(str, &endptr, 10);
+-
+- uint8_t *data, *dp;
+- int hi, lo, written;
+-
+- if (hit_size == 0 || pk_size == 0 || (hit_size + 1) / 2 > 255
+- || rdf_size > LDNS_MAX_RDFLEN
+- || algorithm < 0 || algorithm > 255
+- || (errno != 0 && algorithm == 0) /* out of range */
+- || endptr == str /* no digits */) {
+-
+- return LDNS_STATUS_SYNTAX_ERR;
+- }
+- if ((data = LDNS_XMALLOC(uint8_t, rdf_size)) == NULL) {
+-
+- return LDNS_STATUS_MEM_ERR;
+- }
+- /* From RFC 5205 section 5. HIP RR Storage Format:
+- *************************************************
+-
+- 0 1 2 3
+- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+- | HIT length | PK algorithm | PK length |
+- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+- | |
+- ~ HIT ~
+- | |
+- + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+- | | |
+- +-+-+-+-+-+-+-+-+-+-+-+ +
+- | Public Key |
+- ~ ~
+- | |
+- + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+- | | |
+- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+- | |
+- ~ Rendezvous Servers ~
+- | |
+- + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+- | |
+- +-+-+-+-+-+-+-+ */
+-
+- data[0] = (uint8_t) hit_wire_size;
+- data[1] = (uint8_t) algorithm;
+-
+- for (dp = data + 4; *hit && *hit != ' '; dp++) {
+-
+- if ((hi = ldns_hexdigit_to_int(*hit++)) == -1 ||
+- (lo = ldns_hexdigit_to_int(*hit++)) == -1) {
+-
+- LDNS_FREE(data);
+- return LDNS_STATUS_INVALID_HEX;
+- }
+- *dp = (uint8_t) hi << 4 | lo;
+- }
+- if ((written = ldns_b64_pton(pk, dp, pk_wire_size)) <= 0) {
+-
+- LDNS_FREE(data);
+- return LDNS_STATUS_INVALID_B64;
+- }
+-
+- /* Because ldns_b64_pton_calculate_size isn't always correct:
+- * (we have to fix it at some point)
+- */
+- pk_wire_size = (uint16_t) written;
+- ldns_write_uint16(data + 2, pk_wire_size);
+- rdf_size = 4 + hit_wire_size + pk_wire_size;
+-
+- /* Create rdf */
+- if (! (*rd = ldns_rdf_new(LDNS_RDF_TYPE_HIP, rdf_size, data))) {
+-
+- LDNS_FREE(data);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- return LDNS_STATUS_OK;
+-}
+diff --git a/src/ldns/tsig.c b/src/ldns/tsig.c
+deleted file mode 100644
+index 53aa85e..0000000
+--- a/src/ldns/tsig.c
++++ /dev/null
+@@ -1,470 +0,0 @@
+-/*
+- * tsig.c
+- *
+- * contains the functions needed for TSIG [RFC2845]
+- *
+- * (c) 2005-2006 NLnet Labs
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#include <strings.h>
+-
+-#ifdef HAVE_SSL
+-#include <openssl/hmac.h>
+-#include <openssl/md5.h>
+-#endif /* HAVE_SSL */
+-
+-char *
+-ldns_tsig_algorithm(ldns_tsig_credentials *tc)
+-{
+- return tc->algorithm;
+-}
+-
+-char *
+-ldns_tsig_keyname(ldns_tsig_credentials *tc)
+-{
+- return tc->keyname;
+-}
+-
+-char *
+-ldns_tsig_keydata(ldns_tsig_credentials *tc)
+-{
+- return tc->keydata;
+-}
+-
+-char *
+-ldns_tsig_keyname_clone(ldns_tsig_credentials *tc)
+-{
+- return strdup(tc->keyname);
+-}
+-
+-char *
+-ldns_tsig_keydata_clone(ldns_tsig_credentials *tc)
+-{
+- return strdup(tc->keydata);
+-}
+-
+-/*
+- * Makes an exact copy of the wire, but with the tsig rr removed
+- */
+-static uint8_t *
+-ldns_tsig_prepare_pkt_wire(uint8_t *wire, size_t wire_len, size_t *result_len)
+-{
+- uint8_t *wire2 = NULL;
+- uint16_t qd_count;
+- uint16_t an_count;
+- uint16_t ns_count;
+- uint16_t ar_count;
+- ldns_rr *rr;
+-
+- size_t pos;
+- uint16_t i;
+-
+- ldns_status status;
+-
+- if(wire_len < LDNS_HEADER_SIZE) {
+- return NULL;
+- }
+- /* fake parse the wire */
+- qd_count = LDNS_QDCOUNT(wire);
+- an_count = LDNS_ANCOUNT(wire);
+- ns_count = LDNS_NSCOUNT(wire);
+- ar_count = LDNS_ARCOUNT(wire);
+-
+- if (ar_count > 0) {
+- ar_count--;
+- } else {
+- return NULL;
+- }
+-
+- pos = LDNS_HEADER_SIZE;
+-
+- for (i = 0; i < qd_count; i++) {
+- status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_QUESTION);
+- if (status != LDNS_STATUS_OK) {
+- return NULL;
+- }
+- ldns_rr_free(rr);
+- }
+-
+- for (i = 0; i < an_count; i++) {
+- status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_ANSWER);
+- if (status != LDNS_STATUS_OK) {
+- return NULL;
+- }
+- ldns_rr_free(rr);
+- }
+-
+- for (i = 0; i < ns_count; i++) {
+- status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_AUTHORITY);
+- if (status != LDNS_STATUS_OK) {
+- return NULL;
+- }
+- ldns_rr_free(rr);
+- }
+-
+- for (i = 0; i < ar_count; i++) {
+- status = ldns_wire2rr(&rr, wire, wire_len, &pos,
+- LDNS_SECTION_ADDITIONAL);
+- if (status != LDNS_STATUS_OK) {
+- return NULL;
+- }
+- ldns_rr_free(rr);
+- }
+-
+- *result_len = pos;
+- wire2 = LDNS_XMALLOC(uint8_t, *result_len);
+- if(!wire2) {
+- return NULL;
+- }
+- memcpy(wire2, wire, *result_len);
+-
+- ldns_write_uint16(wire2 + LDNS_ARCOUNT_OFF, ar_count);
+-
+- return wire2;
+-}
+-
+-#ifdef HAVE_SSL
+-static const EVP_MD *
+-ldns_digest_function(char *name)
+-{
+- /* these are the mandatory algorithms from RFC4635 */
+- /* The optional algorithms are not yet implemented */
+- if (strcasecmp(name, "hmac-sha256.") == 0) {
+-#ifdef HAVE_EVP_SHA256
+- return EVP_sha256();
+-#else
+- return NULL;
+-#endif
+- } else if (strcasecmp(name, "hmac-sha1.") == 0) {
+- return EVP_sha1();
+- } else if (strcasecmp(name, "hmac-md5.sig-alg.reg.int.") == 0) {
+- return EVP_md5();
+- } else {
+- return NULL;
+- }
+-}
+-#endif
+-
+-#ifdef HAVE_SSL
+-static ldns_status
+-ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size,
+- const char *key_data, ldns_rdf *key_name_rdf, ldns_rdf *fudge_rdf,
+- ldns_rdf *algorithm_rdf, ldns_rdf *time_signed_rdf, ldns_rdf *error_rdf,
+- ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
+-{
+- ldns_status status;
+- char *wireformat;
+- int wiresize;
+- unsigned char *mac_bytes = NULL;
+- unsigned char *key_bytes = NULL;
+- int key_size;
+- const EVP_MD *digester;
+- char *algorithm_name = NULL;
+- unsigned int md_len = EVP_MAX_MD_SIZE;
+- ldns_rdf *result = NULL;
+- ldns_buffer *data_buffer = NULL;
+- ldns_rdf *canonical_key_name_rdf = NULL;
+- ldns_rdf *canonical_algorithm_rdf = NULL;
+-
+- if (key_name_rdf == NULL || algorithm_rdf == NULL) {
+- return LDNS_STATUS_NULL;
+- }
+- canonical_key_name_rdf = ldns_rdf_clone(key_name_rdf);
+- if (canonical_key_name_rdf == NULL) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- canonical_algorithm_rdf = ldns_rdf_clone(algorithm_rdf);
+- if (canonical_algorithm_rdf == NULL) {
+- ldns_rdf_deep_free(canonical_key_name_rdf);
+- return LDNS_STATUS_MEM_ERR;
+- }
+- /*
+- * prepare the digestable information
+- */
+- data_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
+- if (!data_buffer) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto clean;
+- }
+- /* if orig_mac is not NULL, add it too */
+- if (orig_mac_rdf) {
+- (void) ldns_rdf2buffer_wire(data_buffer, orig_mac_rdf);
+- }
+- ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size);
+- if (!tsig_timers_only) {
+- ldns_dname2canonical(canonical_key_name_rdf);
+- (void)ldns_rdf2buffer_wire(data_buffer,
+- canonical_key_name_rdf);
+- ldns_buffer_write_u16(data_buffer, LDNS_RR_CLASS_ANY);
+- ldns_buffer_write_u32(data_buffer, 0);
+- ldns_dname2canonical(canonical_algorithm_rdf);
+- (void)ldns_rdf2buffer_wire(data_buffer,
+- canonical_algorithm_rdf);
+- }
+- (void)ldns_rdf2buffer_wire(data_buffer, time_signed_rdf);
+- (void)ldns_rdf2buffer_wire(data_buffer, fudge_rdf);
+- if (!tsig_timers_only) {
+- (void)ldns_rdf2buffer_wire(data_buffer, error_rdf);
+- (void)ldns_rdf2buffer_wire(data_buffer, other_data_rdf);
+- }
+-
+- wireformat = (char *) data_buffer->_data;
+- wiresize = (int) ldns_buffer_position(data_buffer);
+-
+- algorithm_name = ldns_rdf2str(algorithm_rdf);
+- if(!algorithm_name) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto clean;
+- }
+-
+- /* prepare the key */
+- key_bytes = LDNS_XMALLOC(unsigned char,
+- ldns_b64_pton_calculate_size(strlen(key_data)));
+- if(!key_bytes) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto clean;
+- }
+- key_size = ldns_b64_pton(key_data, key_bytes,
+- ldns_b64_pton_calculate_size(strlen(key_data)));
+- if (key_size < 0) {
+- status = LDNS_STATUS_INVALID_B64;
+- goto clean;
+- }
+- /* hmac it */
+- /* 2 spare bytes for the length */
+- mac_bytes = LDNS_XMALLOC(unsigned char, md_len+2);
+- if(!mac_bytes) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto clean;
+- }
+- memset(mac_bytes, 0, md_len+2);
+-
+- digester = ldns_digest_function(algorithm_name);
+-
+- if (digester) {
+- (void) HMAC(digester, key_bytes, key_size, (void *)wireformat,
+- (size_t) wiresize, mac_bytes + 2, &md_len);
+-
+- ldns_write_uint16(mac_bytes, md_len);
+- result = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16_DATA, md_len + 2,
+- mac_bytes);
+- } else {
+- status = LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
+- goto clean;
+- }
+- *tsig_mac = result;
+- status = LDNS_STATUS_OK;
+- clean:
+- LDNS_FREE(mac_bytes);
+- LDNS_FREE(key_bytes);
+- LDNS_FREE(algorithm_name);
+- ldns_buffer_free(data_buffer);
+- ldns_rdf_deep_free(canonical_algorithm_rdf);
+- ldns_rdf_deep_free(canonical_key_name_rdf);
+- return status;
+-}
+-#endif /* HAVE_SSL */
+-
+-
+-#ifdef HAVE_SSL
+-bool
+-ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char *key_name,
+- const char *key_data, ldns_rdf *orig_mac_rdf)
+-{
+- return ldns_pkt_tsig_verify_next(pkt, wire, wirelen, key_name, key_data, orig_mac_rdf, 0);
+-}
+-
+-bool
+-ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char* key_name,
+- const char *key_data, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
+-{
+- ldns_rdf *fudge_rdf;
+- ldns_rdf *algorithm_rdf;
+- ldns_rdf *time_signed_rdf;
+- ldns_rdf *orig_id_rdf;
+- ldns_rdf *error_rdf;
+- ldns_rdf *other_data_rdf;
+- ldns_rdf *pkt_mac_rdf;
+- ldns_rdf *my_mac_rdf;
+- ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name);
+- uint16_t pkt_id, orig_pkt_id;
+- ldns_status status;
+-
+- uint8_t *prepared_wire = NULL;
+- size_t prepared_wire_size = 0;
+-
+- ldns_rr *orig_tsig = ldns_pkt_tsig(pkt);
+-
+- if (!orig_tsig || ldns_rr_rd_count(orig_tsig) <= 6) {
+- ldns_rdf_deep_free(key_name_rdf);
+- return false;
+- }
+- algorithm_rdf = ldns_rr_rdf(orig_tsig, 0);
+- time_signed_rdf = ldns_rr_rdf(orig_tsig, 1);
+- fudge_rdf = ldns_rr_rdf(orig_tsig, 2);
+- pkt_mac_rdf = ldns_rr_rdf(orig_tsig, 3);
+- orig_id_rdf = ldns_rr_rdf(orig_tsig, 4);
+- error_rdf = ldns_rr_rdf(orig_tsig, 5);
+- other_data_rdf = ldns_rr_rdf(orig_tsig, 6);
+-
+- /* remove temporarily */
+- ldns_pkt_set_tsig(pkt, NULL);
+- /* temporarily change the id to the original id */
+- pkt_id = ldns_pkt_id(pkt);
+- orig_pkt_id = ldns_rdf2native_int16(orig_id_rdf);
+- ldns_pkt_set_id(pkt, orig_pkt_id);
+-
+- prepared_wire = ldns_tsig_prepare_pkt_wire(wire, wirelen, &prepared_wire_size);
+-
+- status = ldns_tsig_mac_new(&my_mac_rdf, prepared_wire, prepared_wire_size,
+- key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
+- time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf, tsig_timers_only);
+-
+- LDNS_FREE(prepared_wire);
+-
+- if (status != LDNS_STATUS_OK) {
+- ldns_rdf_deep_free(key_name_rdf);
+- return false;
+- }
+- /* Put back the values */
+- ldns_pkt_set_tsig(pkt, orig_tsig);
+- ldns_pkt_set_id(pkt, pkt_id);
+-
+- ldns_rdf_deep_free(key_name_rdf);
+-
+- if (ldns_rdf_compare(pkt_mac_rdf, my_mac_rdf) == 0) {
+- ldns_rdf_deep_free(my_mac_rdf);
+- return true;
+- } else {
+- ldns_rdf_deep_free(my_mac_rdf);
+- return false;
+- }
+-}
+-#endif /* HAVE_SSL */
+-
+-#ifdef HAVE_SSL
+-ldns_status
+-ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data,
+- uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac)
+-{
+- return ldns_pkt_tsig_sign_next(pkt, key_name, key_data, fudge, algorithm_name, query_mac, 0);
+-}
+-
+-ldns_status
+-ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data,
+- uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only)
+-{
+- ldns_rr *tsig_rr;
+- ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name);
+- ldns_rdf *fudge_rdf = NULL;
+- ldns_rdf *orig_id_rdf = NULL;
+- ldns_rdf *algorithm_rdf;
+- ldns_rdf *error_rdf = NULL;
+- ldns_rdf *mac_rdf = NULL;
+- ldns_rdf *other_data_rdf = NULL;
+-
+- ldns_status status = LDNS_STATUS_OK;
+-
+- uint8_t *pkt_wire = NULL;
+- size_t pkt_wire_len;
+-
+- struct timeval tv_time_signed;
+- uint8_t *time_signed = NULL;
+- ldns_rdf *time_signed_rdf = NULL;
+-
+- algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name);
+- if(!key_name_rdf || !algorithm_rdf) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto clean;
+- }
+-
+- /* eww don't have create tsigtime rdf yet :( */
+- /* bleh :p */
+- if (gettimeofday(&tv_time_signed, NULL) == 0) {
+- time_signed = LDNS_XMALLOC(uint8_t, 6);
+- if(!time_signed) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto clean;
+- }
+- ldns_write_uint64_as_uint48(time_signed,
+- (uint64_t)tv_time_signed.tv_sec);
+- } else {
+- status = LDNS_STATUS_INTERNAL_ERR;
+- goto clean;
+- }
+-
+- time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed);
+- if(!time_signed_rdf) {
+- LDNS_FREE(time_signed);
+- status = LDNS_STATUS_MEM_ERR;
+- goto clean;
+- }
+-
+- fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge);
+-
+- orig_id_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, ldns_pkt_id(pkt));
+-
+- error_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, 0);
+-
+- other_data_rdf = ldns_native2rdf_int16_data(0, NULL);
+-
+- if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto clean;
+- }
+-
+- if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) {
+- status = LDNS_STATUS_ERR;
+- goto clean;
+- }
+-
+- status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len,
+- key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
+- time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only);
+-
+- if (!mac_rdf) {
+- goto clean;
+- }
+-
+- LDNS_FREE(pkt_wire);
+-
+- /* Create the TSIG RR */
+- tsig_rr = ldns_rr_new();
+- if(!tsig_rr) {
+- status = LDNS_STATUS_MEM_ERR;
+- goto clean;
+- }
+- ldns_rr_set_owner(tsig_rr, key_name_rdf);
+- ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY);
+- ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG);
+- ldns_rr_set_ttl(tsig_rr, 0);
+-
+- ldns_rr_push_rdf(tsig_rr, algorithm_rdf);
+- ldns_rr_push_rdf(tsig_rr, time_signed_rdf);
+- ldns_rr_push_rdf(tsig_rr, fudge_rdf);
+- ldns_rr_push_rdf(tsig_rr, mac_rdf);
+- ldns_rr_push_rdf(tsig_rr, orig_id_rdf);
+- ldns_rr_push_rdf(tsig_rr, error_rdf);
+- ldns_rr_push_rdf(tsig_rr, other_data_rdf);
+-
+- ldns_pkt_set_tsig(pkt, tsig_rr);
+-
+- return status;
+-
+- clean:
+- LDNS_FREE(pkt_wire);
+- ldns_rdf_free(key_name_rdf);
+- ldns_rdf_free(algorithm_rdf);
+- ldns_rdf_free(time_signed_rdf);
+- ldns_rdf_free(fudge_rdf);
+- ldns_rdf_free(orig_id_rdf);
+- ldns_rdf_free(error_rdf);
+- ldns_rdf_free(other_data_rdf);
+- return status;
+-}
+-#endif /* HAVE_SSL */
+diff --git a/src/ldns/update.c b/src/ldns/update.c
+deleted file mode 100644
+index 74e9d19..0000000
+--- a/src/ldns/update.c
++++ /dev/null
+@@ -1,325 +0,0 @@
+-/* update.c
+- *
+- * Functions for RFC 2136 Dynamic Update
+- *
+- * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+- *
+- * See LICENSE for the license.
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#include <strings.h>
+-#include <stdlib.h>
+-#include <limits.h>
+-
+-/*
+- * RFC 2136 sections mapped to RFC 1035:
+- * zone/ZO -- QD/question
+- * prerequisites/PR -- AN/answers
+- * updates/UP -- NS/authority records
+- * additional data/AD -- AR/additional records
+- */
+-
+-ldns_pkt *
+-ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class c,
+- ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist)
+-{
+- ldns_pkt *p;
+-
+- if (!zone_rdf || !up_rrlist) {
+- return NULL;
+- }
+-
+- if (c == 0) {
+- c = LDNS_RR_CLASS_IN;
+- }
+-
+- /* Create packet, fill in Zone Section. */
+- p = ldns_pkt_query_new(zone_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD);
+- if (!p) {
+- return NULL;
+- }
+- zone_rdf = NULL; /* No longer safe to use. */
+-
+- ldns_pkt_set_opcode(p, LDNS_PACKET_UPDATE);
+-
+- ldns_rr_list_deep_free(p->_authority);
+-
+- ldns_pkt_set_authority(p, ldns_rr_list_clone(up_rrlist));
+-
+- ldns_update_set_upcount(p, ldns_rr_list_rr_count(up_rrlist));
+-
+- if (pr_rrlist) {
+- ldns_rr_list_deep_free(p->_answer); /*XXX access function */
+- ldns_pkt_set_answer(p, ldns_rr_list_clone(pr_rrlist));
+- ldns_update_set_prcount(p, ldns_rr_list_rr_count(pr_rrlist));
+- }
+-
+- if (ad_rrlist) {
+- ldns_rr_list_deep_free(p->_additional);
+- ldns_pkt_set_additional(p, ldns_rr_list_clone(ad_rrlist));
+- ldns_update_set_adcount(p, ldns_rr_list_rr_count(ad_rrlist));
+- }
+- return p;
+-}
+-
+-ldns_status
+-ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r)
+-{
+-#ifdef HAVE_SSL
+- uint16_t fudge = 300; /* Recommended fudge. [RFC2845 6.4] */
+- if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r))
+- return ldns_pkt_tsig_sign(p, ldns_resolver_tsig_keyname(r),
+- ldns_resolver_tsig_keydata(r), fudge,
+- ldns_resolver_tsig_algorithm(r), NULL);
+-#else
+- /* do nothing */
+- (void)p;
+- (void)r;
+-#endif /* HAVE_SSL */
+- /* No TSIG to do. */
+- return LDNS_STATUS_OK;
+-}
+-
+-/* Move to higher.c or similar? */
+-/* XXX doc */
+-ldns_status
+-ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r,
+- ldns_rr_class c, ldns_rdf **mname)
+-{
+- ldns_rr *soa_rr;
+- ldns_pkt *query, *resp;
+-
+- /* Nondestructive, so clone 'zone' here */
+- query = ldns_pkt_query_new(ldns_rdf_clone(zone), LDNS_RR_TYPE_SOA,
+- c, LDNS_RD);
+- if (!query) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- ldns_pkt_set_random_id(query);
+- if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) {
+- ldns_pkt_free(query);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_pkt_free(query);
+- if (!resp) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* Expect a SOA answer. */
+- *mname = NULL;
+- while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)))) {
+- if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA
+- || ldns_rr_rdf(soa_rr, 0) == NULL)
+- continue;
+- /* [RFC1035 3.3.13] */
+- *mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0));
+- break;
+- }
+- ldns_pkt_free(resp);
+-
+- return *mname ? LDNS_STATUS_OK : LDNS_STATUS_ERR;
+-}
+-
+-/* Try to get zone and MNAME from SOA queries. */
+-ldns_status
+-ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r,
+- ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf)
+-{
+- ldns_rr *soa_rr, *rr;
+- ldns_rdf *soa_zone = NULL, *soa_mname = NULL;
+- ldns_rdf *ipaddr, *fqdn_rdf, *tmp;
+- ldns_rdf **nslist;
+- ldns_pkt *query, *resp;
+- ldns_resolver *tmp_r;
+- size_t i;
+-
+- /*
+- * XXX Ok, this cannot be the best way to find this...?
+- * XXX (I run into weird cache-related stuff here)
+- */
+-
+- /* Step 1 - first find a nameserver that should know *something* */
+- fqdn_rdf = ldns_dname_new_frm_str(fqdn);
+- query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD);
+- if (!query) {
+- return LDNS_STATUS_ERR;
+- }
+- fqdn_rdf = NULL;
+-
+- ldns_pkt_set_random_id(query);
+- if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) {
+- ldns_pkt_free(query);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_pkt_free(query);
+- if (!resp) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* XXX Is it safe to only look in authority section here? */
+- while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) {
+- if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA
+- || ldns_rr_rdf(soa_rr, 0) == NULL)
+- continue;
+- /* [RFC1035 3.3.13] */
+- soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0));
+- break;
+- }
+- ldns_pkt_free(resp);
+- if (!soa_rr) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* Step 2 - find SOA MNAME IP address, add to resolver */
+- query = ldns_pkt_query_new(soa_mname, LDNS_RR_TYPE_A, c, LDNS_RD);
+- if (!query) {
+- return LDNS_STATUS_ERR;
+- }
+- soa_mname = NULL;
+-
+- ldns_pkt_set_random_id(query);
+- if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) {
+- ldns_pkt_free(query);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_pkt_free(query);
+- if (!resp) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- if (ldns_pkt_ancount(resp) == 0) {
+- ldns_pkt_free(resp);
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* XXX There may be more than one answer RR here. */
+- rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp));
+- ipaddr = ldns_rr_rdf(rr, 0);
+-
+- /* Put the SOA mname IP first in the nameserver list. */
+- if (!(tmp_r = ldns_resolver_clone(r))) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- nslist = ldns_resolver_nameservers(tmp_r);
+- for (i = 0; i < ldns_resolver_nameserver_count(tmp_r); i++) {
+- if (ldns_rdf_compare(ipaddr, nslist[i]) == 0) {
+- if (i) {
+- tmp = nslist[0];
+- nslist[0] = nslist[i];
+- nslist[i] = tmp;
+- }
+- break;
+- }
+- }
+- if (i >= ldns_resolver_nameserver_count(tmp_r)) {
+- /* SOA mname was not part of the resolver so add it first. */
+- (void) ldns_resolver_push_nameserver(tmp_r, ipaddr);
+- nslist = ldns_resolver_nameservers(tmp_r);
+- i = ldns_resolver_nameserver_count(tmp_r) - 1;
+- tmp = nslist[0];
+- nslist[0] = nslist[i];
+- nslist[i] = tmp;
+- }
+- ldns_pkt_free(resp);
+-
+- /* Make sure to ask the first in the list, i.e SOA mname */
+- ldns_resolver_set_random(tmp_r, false);
+-
+- /* Step 3 - Redo SOA query, sending to SOA MNAME directly. */
+- fqdn_rdf = ldns_dname_new_frm_str(fqdn);
+- query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD);
+- if (!query) {
+- ldns_resolver_free(tmp_r);
+- return LDNS_STATUS_ERR;
+- }
+- fqdn_rdf = NULL;
+-
+- ldns_pkt_set_random_id(query);
+- if (ldns_resolver_send_pkt(&resp, tmp_r, query) != LDNS_STATUS_OK) {
+- ldns_pkt_free(query);
+- ldns_resolver_free(tmp_r);
+- return LDNS_STATUS_ERR;
+- }
+- ldns_resolver_free(tmp_r);
+- ldns_pkt_free(query);
+- if (!resp) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* XXX Is it safe to only look in authority section here, too? */
+- while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) {
+- if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA
+- || ldns_rr_rdf(soa_rr, 0) == NULL)
+- continue;
+- /* [RFC1035 3.3.13] */
+- soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0));
+- soa_zone = ldns_rdf_clone(ldns_rr_owner(soa_rr));
+- break;
+- }
+- ldns_pkt_free(resp);
+- if (!soa_rr) {
+- return LDNS_STATUS_ERR;
+- }
+-
+- /* That seems to have worked, pass results to caller. */
+- *zone_rdf = soa_zone;
+- *mname_rdf = soa_mname;
+- return LDNS_STATUS_OK;
+-}
+-
+-/*
+- * ldns_update_{get,set}_{zo,pr,up,ad}count
+- */
+-
+-uint16_t
+-ldns_update_zocount(const ldns_pkt *p)
+-{
+- return ldns_pkt_qdcount(p);
+-}
+-
+-uint16_t
+-ldns_update_prcount(const ldns_pkt *p)
+-{
+- return ldns_pkt_ancount(p);
+-}
+-
+-uint16_t
+-ldns_update_upcount(const ldns_pkt *p)
+-{
+- return ldns_pkt_nscount(p);
+-}
+-
+-uint16_t
+-ldns_update_ad(const ldns_pkt *p)
+-{
+- return ldns_pkt_arcount(p);
+-}
+-
+-void
+-ldns_update_set_zo(ldns_pkt *p, uint16_t v)
+-{
+- ldns_pkt_set_qdcount(p, v);
+-}
+-
+-void
+-ldns_update_set_prcount(ldns_pkt *p, uint16_t v)
+-{
+- ldns_pkt_set_ancount(p, v);
+-}
+-
+-void
+-ldns_update_set_upcount(ldns_pkt *p, uint16_t v)
+-{
+- ldns_pkt_set_nscount(p, v);
+-}
+-
+-void
+-ldns_update_set_adcount(ldns_pkt *p, uint16_t v)
+-{
+- ldns_pkt_set_arcount(p, v);
+-}
+diff --git a/src/ldns/util.c b/src/ldns/util.c
+deleted file mode 100644
+index 33060d9..0000000
+--- a/src/ldns/util.c
++++ /dev/null
+@@ -1,773 +0,0 @@
+-/*
+- * util.c
+- *
+- * some general memory functions
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/rdata.h>
+-#include <ldns/rr.h>
+-#include <ldns/util.h>
+-#include <strings.h>
+-#include <stdlib.h>
+-#include <stdio.h>
+-#include <sys/time.h>
+-#include <time.h>
+-#include <ctype.h>
+-
+-#ifdef HAVE_SSL
+-#include <openssl/rand.h>
+-#endif
+-
+-ldns_lookup_table *
+-ldns_lookup_by_name(ldns_lookup_table *table, const char *name)
+-{
+- while (table->name != NULL) {
+- if (strcasecmp(name, table->name) == 0)
+- return table;
+- table++;
+- }
+- return NULL;
+-}
+-
+-ldns_lookup_table *
+-ldns_lookup_by_id(ldns_lookup_table *table, int id)
+-{
+- while (table->name != NULL) {
+- if (table->id == id)
+- return table;
+- table++;
+- }
+- return NULL;
+-}
+-
+-int
+-ldns_get_bit(uint8_t bits[], size_t index)
+-{
+- /*
+- * The bits are counted from left to right, so bit #0 is the
+- * left most bit.
+- */
+- return (int) (bits[index / 8] & (1 << (7 - index % 8)));
+-}
+-
+-int
+-ldns_get_bit_r(uint8_t bits[], size_t index)
+-{
+- /*
+- * The bits are counted from right to left, so bit #0 is the
+- * right most bit.
+- */
+- return (int) bits[index / 8] & (1 << (index % 8));
+-}
+-
+-void
+-ldns_set_bit(uint8_t *byte, int bit_nr, bool value)
+-{
+- /*
+- * The bits are counted from right to left, so bit #0 is the
+- * right most bit.
+- */
+- if (bit_nr >= 0 && bit_nr < 8) {
+- if (value) {
+- *byte = *byte | (0x01 << bit_nr);
+- } else {
+- *byte = *byte & ~(0x01 << bit_nr);
+- }
+- }
+-}
+-
+-int
+-ldns_hexdigit_to_int(char ch)
+-{
+- switch (ch) {
+- case '0': return 0;
+- case '1': return 1;
+- case '2': return 2;
+- case '3': return 3;
+- case '4': return 4;
+- case '5': return 5;
+- case '6': return 6;
+- case '7': return 7;
+- case '8': return 8;
+- case '9': return 9;
+- case 'a': case 'A': return 10;
+- case 'b': case 'B': return 11;
+- case 'c': case 'C': return 12;
+- case 'd': case 'D': return 13;
+- case 'e': case 'E': return 14;
+- case 'f': case 'F': return 15;
+- default:
+- return -1;
+- }
+-}
+-
+-char
+-ldns_int_to_hexdigit(int i)
+-{
+- switch (i) {
+- case 0: return '0';
+- case 1: return '1';
+- case 2: return '2';
+- case 3: return '3';
+- case 4: return '4';
+- case 5: return '5';
+- case 6: return '6';
+- case 7: return '7';
+- case 8: return '8';
+- case 9: return '9';
+- case 10: return 'a';
+- case 11: return 'b';
+- case 12: return 'c';
+- case 13: return 'd';
+- case 14: return 'e';
+- case 15: return 'f';
+- default:
+- abort();
+- }
+-}
+-
+-int
+-ldns_hexstring_to_data(uint8_t *data, const char *str)
+-{
+- size_t i;
+-
+- if (!str || !data) {
+- return -1;
+- }
+-
+- if (strlen(str) % 2 != 0) {
+- return -2;
+- }
+-
+- for (i = 0; i < strlen(str) / 2; i++) {
+- data[i] =
+- 16 * (uint8_t) ldns_hexdigit_to_int(str[i*2]) +
+- (uint8_t) ldns_hexdigit_to_int(str[i*2 + 1]);
+- }
+-
+- return (int) i;
+-}
+-
+-const char *
+-ldns_version(void)
+-{
+- return (char*)LDNS_VERSION;
+-}
+-
+-/* Number of days per month (except for February in leap years). */
+-static const int mdays[] = {
+- 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+-};
+-
+-#define LDNS_MOD(x,y) (((x) % (y) < 0) ? ((x) % (y) + (y)) : ((x) % (y)))
+-#define LDNS_DIV(x,y) (((x) % (y) < 0) ? ((x) / (y) - 1 ) : ((x) / (y)))
+-
+-static int
+-is_leap_year(int year)
+-{
+- return LDNS_MOD(year, 4) == 0 && (LDNS_MOD(year, 100) != 0
+- || LDNS_MOD(year, 400) == 0);
+-}
+-
+-static int
+-leap_days(int y1, int y2)
+-{
+- --y1;
+- --y2;
+- return (LDNS_DIV(y2, 4) - LDNS_DIV(y1, 4)) -
+- (LDNS_DIV(y2, 100) - LDNS_DIV(y1, 100)) +
+- (LDNS_DIV(y2, 400) - LDNS_DIV(y1, 400));
+-}
+-
+-/*
+- * Code adapted from Python 2.4.1 sources (Lib/calendar.py).
+- */
+-time_t
+-ldns_mktime_from_utc(const struct tm *tm)
+-{
+- int year = 1900 + tm->tm_year;
+- time_t days = 365 * ((time_t) year - 1970) + leap_days(1970, year);
+- time_t hours;
+- time_t minutes;
+- time_t seconds;
+- int i;
+-
+- for (i = 0; i < tm->tm_mon; ++i) {
+- days += mdays[i];
+- }
+- if (tm->tm_mon > 1 && is_leap_year(year)) {
+- ++days;
+- }
+- days += tm->tm_mday - 1;
+-
+- hours = days * 24 + tm->tm_hour;
+- minutes = hours * 60 + tm->tm_min;
+- seconds = minutes * 60 + tm->tm_sec;
+-
+- return seconds;
+-}
+-
+-time_t
+-mktime_from_utc(const struct tm *tm)
+-{
+- return ldns_mktime_from_utc(tm);
+-}
+-
+-#if SIZEOF_TIME_T <= 4
+-
+-static void
+-ldns_year_and_yday_from_days_since_epoch(int64_t days, struct tm *result)
+-{
+- int year = 1970;
+- int new_year;
+-
+- while (days < 0 || days >= (int64_t) (is_leap_year(year) ? 366 : 365)) {
+- new_year = year + (int) LDNS_DIV(days, 365);
+- days -= (new_year - year) * 365;
+- days -= leap_days(year, new_year);
+- year = new_year;
+- }
+- result->tm_year = year;
+- result->tm_yday = (int) days;
+-}
+-
+-/* Number of days per month in a leap year. */
+-static const int leap_year_mdays[] = {
+- 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+-};
+-
+-static void
+-ldns_mon_and_mday_from_year_and_yday(struct tm *result)
+-{
+- int idays = result->tm_yday;
+- const int *mon_lengths = is_leap_year(result->tm_year) ?
+- leap_year_mdays : mdays;
+-
+- result->tm_mon = 0;
+- while (idays >= mon_lengths[result->tm_mon]) {
+- idays -= mon_lengths[result->tm_mon++];
+- }
+- result->tm_mday = idays + 1;
+-}
+-
+-static void
+-ldns_wday_from_year_and_yday(struct tm *result)
+-{
+- result->tm_wday = 4 /* 1-1-1970 was a thursday */
+- + LDNS_MOD((result->tm_year - 1970), 7) * LDNS_MOD(365, 7)
+- + leap_days(1970, result->tm_year)
+- + result->tm_yday;
+- result->tm_wday = LDNS_MOD(result->tm_wday, 7);
+- if (result->tm_wday < 0) {
+- result->tm_wday += 7;
+- }
+-}
+-
+-static struct tm *
+-ldns_gmtime64_r(int64_t clock, struct tm *result)
+-{
+- result->tm_isdst = 0;
+- result->tm_sec = (int) LDNS_MOD(clock, 60);
+- clock = LDNS_DIV(clock, 60);
+- result->tm_min = (int) LDNS_MOD(clock, 60);
+- clock = LDNS_DIV(clock, 60);
+- result->tm_hour = (int) LDNS_MOD(clock, 24);
+- clock = LDNS_DIV(clock, 24);
+-
+- ldns_year_and_yday_from_days_since_epoch(clock, result);
+- ldns_mon_and_mday_from_year_and_yday(result);
+- ldns_wday_from_year_and_yday(result);
+- result->tm_year -= 1900;
+-
+- return result;
+-}
+-
+-#endif /* SIZEOF_TIME_T <= 4 */
+-
+-static int64_t
+-ldns_serial_arithmitics_time(int32_t time, time_t now)
+-{
+- int32_t offset = time - (int32_t) now;
+- return (int64_t) now + offset;
+-}
+-
+-
+-struct tm *
+-ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result)
+-{
+-#if SIZEOF_TIME_T <= 4
+- int64_t secs_since_epoch = ldns_serial_arithmitics_time(time, now);
+- return ldns_gmtime64_r(secs_since_epoch, result);
+-#else
+- time_t secs_since_epoch = ldns_serial_arithmitics_time(time, now);
+- return gmtime_r(&secs_since_epoch, result);
+-#endif
+-}
+-
+-/**
+- * Init the random source
+- * applications should call this if they need entropy data within ldns
+- * If openSSL is available, it is automatically seeded from /dev/urandom
+- * or /dev/random
+- *
+- * If you need more entropy, or have no openssl available, this function
+- * MUST be called at the start of the program
+- *
+- * If openssl *is* available, this function just adds more entropy
+- **/
+-int
+-ldns_init_random(FILE *fd, unsigned int size)
+-{
+- /* if fp is given, seed srandom with data from file
+- otherwise use /dev/urandom */
+- FILE *rand_f;
+- uint8_t *seed;
+- size_t read = 0;
+- unsigned int seed_i;
+- struct timeval tv;
+-
+- /* we'll need at least sizeof(unsigned int) bytes for the
+- standard prng seed */
+- if (size < (unsigned int) sizeof(seed_i)){
+- size = (unsigned int) sizeof(seed_i);
+- }
+-
+- seed = LDNS_XMALLOC(uint8_t, size);
+- if(!seed) {
+- return 1;
+- }
+-
+- if (!fd) {
+- if ((rand_f = fopen("/dev/urandom", "r")) == NULL) {
+- /* no readable /dev/urandom, try /dev/random */
+- if ((rand_f = fopen("/dev/random", "r")) == NULL) {
+- /* no readable /dev/random either, and no entropy
+- source given. we'll have to improvise */
+- for (read = 0; read < size; read++) {
+- gettimeofday(&tv, NULL);
+- seed[read] = (uint8_t) (tv.tv_usec % 256);
+- }
+- } else {
+- read = fread(seed, 1, size, rand_f);
+- }
+- } else {
+- read = fread(seed, 1, size, rand_f);
+- }
+- } else {
+- rand_f = fd;
+- read = fread(seed, 1, size, rand_f);
+- }
+-
+- if (read < size) {
+- LDNS_FREE(seed);
+- if (!fd) fclose(rand_f);
+- return 1;
+- } else {
+-#ifdef HAVE_SSL
+- /* Seed the OpenSSL prng (most systems have it seeded
+- automatically, in that case this call just adds entropy */
+- RAND_seed(seed, (int) size);
+-#else
+- /* Seed the standard prng, only uses the first
+- * unsigned sizeof(unsiged int) bytes found in the entropy pool
+- */
+- memcpy(&seed_i, seed, sizeof(seed_i));
+- srandom(seed_i);
+-#endif
+- LDNS_FREE(seed);
+- }
+-
+- if (!fd) {
+- if (rand_f) fclose(rand_f);
+- }
+-
+- return 0;
+-}
+-
+-/**
+- * Get random number.
+- *
+- */
+-uint16_t
+-ldns_get_random(void)
+-{
+- uint16_t rid = 0;
+-#ifdef HAVE_SSL
+- if (RAND_bytes((unsigned char*)&rid, 2) != 1) {
+- rid = (uint16_t) random();
+- }
+-#else
+- rid = (uint16_t) random();
+-#endif
+- return rid;
+-}
+-
+-/*
+- * BubbleBabble code taken from OpenSSH
+- * Copyright (c) 2001 Carsten Raskgaard. All rights reserved.
+- */
+-char *
+-ldns_bubblebabble(uint8_t *data, size_t len)
+-{
+- char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
+- char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
+- 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
+- size_t i, j = 0, rounds, seed = 1;
+- char *retval;
+-
+- rounds = (len / 2) + 1;
+- retval = LDNS_XMALLOC(char, rounds * 6);
+- if(!retval) return NULL;
+- retval[j++] = 'x';
+- for (i = 0; i < rounds; i++) {
+- size_t idx0, idx1, idx2, idx3, idx4;
+- if ((i + 1 < rounds) || (len % 2 != 0)) {
+- idx0 = (((((size_t)(data[2 * i])) >> 6) & 3) +
+- seed) % 6;
+- idx1 = (((size_t)(data[2 * i])) >> 2) & 15;
+- idx2 = ((((size_t)(data[2 * i])) & 3) +
+- (seed / 6)) % 6;
+- retval[j++] = vowels[idx0];
+- retval[j++] = consonants[idx1];
+- retval[j++] = vowels[idx2];
+- if ((i + 1) < rounds) {
+- idx3 = (((size_t)(data[(2 * i) + 1])) >> 4) & 15;
+- idx4 = (((size_t)(data[(2 * i) + 1]))) & 15;
+- retval[j++] = consonants[idx3];
+- retval[j++] = '-';
+- retval[j++] = consonants[idx4];
+- seed = ((seed * 5) +
+- ((((size_t)(data[2 * i])) * 7) +
+- ((size_t)(data[(2 * i) + 1])))) % 36;
+- }
+- } else {
+- idx0 = seed % 6;
+- idx1 = 16;
+- idx2 = seed / 6;
+- retval[j++] = vowels[idx0];
+- retval[j++] = consonants[idx1];
+- retval[j++] = vowels[idx2];
+- }
+- }
+- retval[j++] = 'x';
+- retval[j++] = '\0';
+- return retval;
+-}
+-
+-/*
+- * For backwards compatibility, because we have always exported this symbol.
+- */
+-#ifdef HAVE_B64_NTOP
+-int ldns_b64_ntop(const uint8_t* src, size_t srclength,
+- char *target, size_t targsize);
+-{
+- return b64_ntop(src, srclength, target, targsize);
+-}
+-#endif
+-
+-/*
+- * For backwards compatibility, because we have always exported this symbol.
+- */
+-#ifdef HAVE_B64_PTON
+-int ldns_b64_pton(const char* src, uint8_t *target, size_t targsize)
+-{
+- return b64_pton(src, target, targsize);
+-}
+-#endif
+-
+-
+-static int
+-ldns_b32_ntop_base(const uint8_t* src, size_t src_sz,
+- char* dst, size_t dst_sz,
+- bool extended_hex, bool add_padding)
+-{
+- size_t ret_sz;
+- const char* b32 = extended_hex ? "0123456789abcdefghijklmnopqrstuv"
+- : "abcdefghijklmnopqrstuvwxyz234567";
+-
+- size_t c = 0; /* c is used to carry partial base32 character over
+- * byte boundaries for sizes with a remainder.
+- * (i.e. src_sz % 5 != 0)
+- */
+-
+- ret_sz = add_padding ? ldns_b32_ntop_calculate_size(src_sz)
+- : ldns_b32_ntop_calculate_size_no_padding(src_sz);
+-
+- /* Do we have enough space? */
+- if (dst_sz < ret_sz + 1)
+- return -1;
+-
+- /* We know the size; terminate the string */
+- dst[ret_sz] = '\0';
+-
+- /* First process all chunks of five */
+- while (src_sz >= 5) {
+- /* 00000... ........ ........ ........ ........ */
+- dst[0] = b32[(src[0] ) >> 3];
+-
+- /* .....111 11...... ........ ........ ........ */
+- dst[1] = b32[(src[0] & 0x07) << 2 | src[1] >> 6];
+-
+- /* ........ ..22222. ........ ........ ........ */
+- dst[2] = b32[(src[1] & 0x3e) >> 1];
+-
+- /* ........ .......3 3333.... ........ ........ */
+- dst[3] = b32[(src[1] & 0x01) << 4 | src[2] >> 4];
+-
+- /* ........ ........ ....4444 4....... ........ */
+- dst[4] = b32[(src[2] & 0x0f) << 1 | src[3] >> 7];
+-
+- /* ........ ........ ........ .55555.. ........ */
+- dst[5] = b32[(src[3] & 0x7c) >> 2];
+-
+- /* ........ ........ ........ ......66 666..... */
+- dst[6] = b32[(src[3] & 0x03) << 3 | src[4] >> 5];
+-
+- /* ........ ........ ........ ........ ...77777 */
+- dst[7] = b32[(src[4] & 0x1f) ];
+-
+- src_sz -= 5;
+- src += 5;
+- dst += 8;
+- }
+- /* Process what remains */
+- switch (src_sz) {
+- case 4: /* ........ ........ ........ ......66 666..... */
+- dst[6] = b32[(src[3] & 0x03) << 3];
+-
+- /* ........ ........ ........ .55555.. ........ */
+- dst[5] = b32[(src[3] & 0x7c) >> 2];
+-
+- /* ........ ........ ....4444 4....... ........ */
+- c = src[3] >> 7 ;
+- case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c];
+-
+- /* ........ .......3 3333.... ........ ........ */
+- c = src[2] >> 4 ;
+- case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c];
+-
+- /* ........ ..22222. ........ ........ ........ */
+- dst[2] = b32[(src[1] & 0x3e) >> 1];
+-
+- /* .....111 11...... ........ ........ ........ */
+- c = src[1] >> 6 ;
+- case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c];
+-
+- /* 00000... ........ ........ ........ ........ */
+- dst[0] = b32[ src[0] >> 3];
+- }
+- /* Add padding */
+- if (add_padding) {
+- switch (src_sz) {
+- case 1: dst[2] = '=';
+- dst[3] = '=';
+- case 2: dst[4] = '=';
+- case 3: dst[5] = '=';
+- dst[6] = '=';
+- case 4: dst[7] = '=';
+- }
+- }
+- return (int)ret_sz;
+-}
+-
+-int
+-ldns_b32_ntop(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz)
+-{
+- return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, false, true);
+-}
+-
+-int
+-ldns_b32_ntop_extended_hex(const uint8_t* src, size_t src_sz,
+- char* dst, size_t dst_sz)
+-{
+- return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, true, true);
+-}
+-
+-#ifndef HAVE_B32_NTOP
+-
+-int
+-b32_ntop(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz)
+-{
+- return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, false, true);
+-}
+-
+-int
+-b32_ntop_extended_hex(const uint8_t* src, size_t src_sz,
+- char* dst, size_t dst_sz)
+-{
+- return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, true, true);
+-}
+-
+-#endif /* ! HAVE_B32_NTOP */
+-
+-static int
+-ldns_b32_pton_base(const char* src, size_t src_sz,
+- uint8_t* dst, size_t dst_sz,
+- bool extended_hex, bool check_padding)
+-{
+- size_t i = 0;
+- char ch = '\0';
+- uint8_t buf[8];
+- uint8_t* start = dst;
+-
+- while (src_sz) {
+- /* Collect 8 characters in buf (if possible) */
+- for (i = 0; i < 8; i++) {
+-
+- do {
+- ch = *src++;
+- --src_sz;
+-
+- } while (isspace(ch) && src_sz > 0);
+-
+- if (ch == '=' || ch == '\0')
+- break;
+-
+- else if (extended_hex)
+-
+- if (ch >= '0' && ch <= '9')
+- buf[i] = (uint8_t)ch - '0';
+- else if (ch >= 'a' && ch <= 'v')
+- buf[i] = (uint8_t)ch - 'a' + 10;
+- else if (ch >= 'A' && ch <= 'V')
+- buf[i] = (uint8_t)ch - 'A' + 10;
+- else
+- return -1;
+-
+- else if (ch >= 'a' && ch <= 'z')
+- buf[i] = (uint8_t)ch - 'a';
+- else if (ch >= 'A' && ch <= 'Z')
+- buf[i] = (uint8_t)ch - 'A';
+- else if (ch >= '2' && ch <= '7')
+- buf[i] = (uint8_t)ch - '2' + 26;
+- else
+- return -1;
+- }
+- /* Less that 8 characters. We're done. */
+- if (i < 8)
+- break;
+-
+- /* Enough space available at the destination? */
+- if (dst_sz < 5)
+- return -1;
+-
+- /* 00000... ........ ........ ........ ........ */
+- /* .....111 11...... ........ ........ ........ */
+- dst[0] = buf[0] << 3 | buf[1] >> 2;
+-
+- /* .....111 11...... ........ ........ ........ */
+- /* ........ ..22222. ........ ........ ........ */
+- /* ........ .......3 3333.... ........ ........ */
+- dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4;
+-
+- /* ........ .......3 3333.... ........ ........ */
+- /* ........ ........ ....4444 4....... ........ */
+- dst[2] = buf[3] << 4 | buf[4] >> 1;
+-
+- /* ........ ........ ....4444 4....... ........ */
+- /* ........ ........ ........ .55555.. ........ */
+- /* ........ ........ ........ ......66 666..... */
+- dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3;
+-
+- /* ........ ........ ........ ......66 666..... */
+- /* ........ ........ ........ ........ ...77777 */
+- dst[4] = buf[6] << 5 | buf[7];
+-
+- dst += 5;
+- dst_sz -= 5;
+- }
+- /* Not ending on a eight byte boundary? */
+- if (i > 0 && i < 8) {
+-
+- /* Enough space available at the destination? */
+- if (dst_sz < (i + 1) / 2)
+- return -1;
+-
+- switch (i) {
+- case 7: /* ........ ........ ........ ......66 666..... */
+- /* ........ ........ ........ .55555.. ........ */
+- /* ........ ........ ....4444 4....... ........ */
+- dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3;
+-
+- case 5: /* ........ ........ ....4444 4....... ........ */
+- /* ........ .......3 3333.... ........ ........ */
+- dst[2] = buf[3] << 4 | buf[4] >> 1;
+-
+- case 4: /* ........ .......3 3333.... ........ ........ */
+- /* ........ ..22222. ........ ........ ........ */
+- /* .....111 11...... ........ ........ ........ */
+- dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4;
+-
+- case 2: /* .....111 11...... ........ ........ ........ */
+- /* 00000... ........ ........ ........ ........ */
+- dst[0] = buf[0] << 3 | buf[1] >> 2;
+-
+- break;
+-
+- default:
+- return -1;
+- }
+- dst += (i + 1) / 2;
+-
+- if (check_padding) {
+- /* Check remaining padding characters */
+- if (ch != '=')
+- return -1;
+-
+- /* One down, 8 - i - 1 more to come... */
+- for (i = 8 - i - 1; i > 0; i--) {
+-
+- do {
+- if (src_sz == 0)
+- return -1;
+- ch = *src++;
+- src_sz--;
+-
+- } while (isspace(ch));
+-
+- if (ch != '=')
+- return -1;
+- }
+- }
+- }
+- return dst - start;
+-}
+-
+-int
+-ldns_b32_pton(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz)
+-{
+- return ldns_b32_pton_base(src, src_sz, dst, dst_sz, false, true);
+-}
+-
+-int
+-ldns_b32_pton_extended_hex(const char* src, size_t src_sz,
+- uint8_t* dst, size_t dst_sz)
+-{
+- return ldns_b32_pton_base(src, src_sz, dst, dst_sz, true, true);
+-}
+-
+-#ifndef HAVE_B32_PTON
+-
+-int
+-b32_pton(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz)
+-{
+- return ldns_b32_pton_base(src, src_sz, dst, dst_sz, false, true);
+-}
+-
+-int
+-b32_pton_extended_hex(const char* src, size_t src_sz,
+- uint8_t* dst, size_t dst_sz)
+-{
+- return ldns_b32_pton_base(src, src_sz, dst, dst_sz, true, true);
+-}
+-
+-#endif /* ! HAVE_B32_PTON */
+-
+diff --git a/src/ldns/wire2host.c b/src/ldns/wire2host.c
+deleted file mode 100644
+index e492215..0000000
+--- a/src/ldns/wire2host.c
++++ /dev/null
+@@ -1,491 +0,0 @@
+-/*
+- * wire2host.c
+- *
+- * conversion routines from the wire to the host
+- * format.
+- * This will usually just a re-ordering of the
+- * data (as we store it in network format)
+- *
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2004-2006
+- *
+- * See the file LICENSE for the license
+- */
+-
+-
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-/*#include <ldns/wire2host.h>*/
+-
+-#include <strings.h>
+-#include <limits.h>
+-
+-
+-
+-/*
+- * Set of macro's to deal with the dns message header as specified
+- * in RFC1035 in portable way.
+- *
+- */
+-
+-/*
+- *
+- * 1 1 1 1 1 1
+- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+- * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- * | ID |
+- * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- * |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE |
+- * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- * | QDCOUNT |
+- * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- * | ANCOUNT |
+- * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- * | NSCOUNT |
+- * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- * | ARCOUNT |
+- * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+- *
+- */
+-
+-
+-/* allocates memory to *dname! */
+-ldns_status
+-ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos)
+-{
+- uint8_t label_size;
+- uint16_t pointer_target;
+- uint8_t pointer_target_buf[2];
+- size_t dname_pos = 0;
+- size_t uncompressed_length = 0;
+- size_t compression_pos = 0;
+- uint8_t tmp_dname[LDNS_MAX_DOMAINLEN];
+- unsigned int pointer_count = 0;
+-
+- if (pos == NULL) {
+- return LDNS_STATUS_WIRE_RDATA_ERR;
+- }
+- if (*pos >= max) {
+- return LDNS_STATUS_PACKET_OVERFLOW;
+- }
+- label_size = wire[*pos];
+- while (label_size > 0) {
+- /* compression */
+- while (label_size >= 192) {
+- if (compression_pos == 0) {
+- compression_pos = *pos + 2;
+- }
+-
+- pointer_count++;
+-
+- /* remove first two bits */
+- if (*pos + 2 > max) {
+- return LDNS_STATUS_PACKET_OVERFLOW;
+- }
+- pointer_target_buf[0] = wire[*pos] & 63;
+- pointer_target_buf[1] = wire[*pos + 1];
+- pointer_target = ldns_read_uint16(pointer_target_buf);
+-
+- if (pointer_target == 0) {
+- return LDNS_STATUS_INVALID_POINTER;
+- } else if (pointer_target >= max) {
+- return LDNS_STATUS_INVALID_POINTER;
+- } else if (pointer_count > LDNS_MAX_POINTERS) {
+- return LDNS_STATUS_INVALID_POINTER;
+- }
+- *pos = pointer_target;
+- label_size = wire[*pos];
+- }
+- if(label_size == 0)
+- break; /* break from pointer to 0 byte */
+- if (label_size > LDNS_MAX_LABELLEN) {
+- return LDNS_STATUS_LABEL_OVERFLOW;
+- }
+- if (*pos + 1 + label_size > max) {
+- return LDNS_STATUS_LABEL_OVERFLOW;
+- }
+-
+- /* check space for labelcount itself */
+- if (dname_pos + 1 > LDNS_MAX_DOMAINLEN) {
+- return LDNS_STATUS_DOMAINNAME_OVERFLOW;
+- }
+- tmp_dname[dname_pos] = label_size;
+- if (label_size > 0) {
+- dname_pos++;
+- }
+- *pos = *pos + 1;
+- if (dname_pos + label_size > LDNS_MAX_DOMAINLEN) {
+- return LDNS_STATUS_DOMAINNAME_OVERFLOW;
+- }
+- memcpy(&tmp_dname[dname_pos], &wire[*pos], label_size);
+- uncompressed_length += label_size + 1;
+- dname_pos += label_size;
+- *pos = *pos + label_size;
+-
+- if (*pos < max) {
+- label_size = wire[*pos];
+- }
+- }
+-
+- if (compression_pos > 0) {
+- *pos = compression_pos;
+- } else {
+- *pos = *pos + 1;
+- }
+-
+- if (dname_pos >= LDNS_MAX_DOMAINLEN) {
+- return LDNS_STATUS_DOMAINNAME_OVERFLOW;
+- }
+-
+- tmp_dname[dname_pos] = 0;
+- dname_pos++;
+-
+- *dname = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME,
+- (uint16_t) dname_pos, tmp_dname);
+- if (!*dname) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- return LDNS_STATUS_OK;
+-}
+-
+-/* maybe make this a goto error so data can be freed or something/ */
+-#define LDNS_STATUS_CHECK_RETURN(st) {if (st != LDNS_STATUS_OK) { return st; }}
+-#define LDNS_STATUS_CHECK_GOTO(st, label) {if (st != LDNS_STATUS_OK) { /*printf("STG %s:%d: status code %d\n", __FILE__, __LINE__, st);*/ goto label; }}
+-
+-ldns_status
+-ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos)
+-{
+- size_t end;
+- size_t cur_rdf_length;
+- uint8_t rdf_index;
+- uint8_t *data;
+- uint16_t rd_length;
+- ldns_rdf *cur_rdf = NULL;
+- ldns_rdf_type cur_rdf_type;
+- const ldns_rr_descriptor *descriptor;
+- ldns_status status;
+-
+- assert(rr != NULL);
+-
+- descriptor = ldns_rr_descript(ldns_rr_get_type(rr));
+-
+- if (*pos + 2 > max) {
+- return LDNS_STATUS_PACKET_OVERFLOW;
+- }
+-
+- rd_length = ldns_read_uint16(&wire[*pos]);
+- *pos = *pos + 2;
+-
+- if (*pos + rd_length > max) {
+- return LDNS_STATUS_PACKET_OVERFLOW;
+- }
+-
+- end = *pos + (size_t) rd_length;
+-
+- rdf_index = 0;
+- while (*pos < end &&
+- rdf_index < ldns_rr_descriptor_maximum(descriptor)) {
+-
+- cur_rdf_length = 0;
+-
+- cur_rdf_type = ldns_rr_descriptor_field_type(
+- descriptor, rdf_index);
+-
+- /* handle special cases immediately, set length
+- for fixed length rdata and do them below */
+- switch (cur_rdf_type) {
+- case LDNS_RDF_TYPE_DNAME:
+- status = ldns_wire2dname(&cur_rdf, wire, max, pos);
+- LDNS_STATUS_CHECK_RETURN(status);
+- break;
+- case LDNS_RDF_TYPE_CLASS:
+- case LDNS_RDF_TYPE_ALG:
+- case LDNS_RDF_TYPE_CERTIFICATE_USAGE:
+- case LDNS_RDF_TYPE_SELECTOR:
+- case LDNS_RDF_TYPE_MATCHING_TYPE:
+- case LDNS_RDF_TYPE_INT8:
+- cur_rdf_length = LDNS_RDF_SIZE_BYTE;
+- break;
+- case LDNS_RDF_TYPE_TYPE:
+- case LDNS_RDF_TYPE_INT16:
+- case LDNS_RDF_TYPE_CERT_ALG:
+- cur_rdf_length = LDNS_RDF_SIZE_WORD;
+- break;
+- case LDNS_RDF_TYPE_TIME:
+- case LDNS_RDF_TYPE_INT32:
+- case LDNS_RDF_TYPE_A:
+- case LDNS_RDF_TYPE_PERIOD:
+- cur_rdf_length = LDNS_RDF_SIZE_DOUBLEWORD;
+- break;
+- case LDNS_RDF_TYPE_TSIGTIME:
+- case LDNS_RDF_TYPE_EUI48:
+- cur_rdf_length = LDNS_RDF_SIZE_6BYTES;
+- break;
+- case LDNS_RDF_TYPE_ILNP64:
+- case LDNS_RDF_TYPE_EUI64:
+- cur_rdf_length = LDNS_RDF_SIZE_8BYTES;
+- break;
+- case LDNS_RDF_TYPE_AAAA:
+- cur_rdf_length = LDNS_RDF_SIZE_16BYTES;
+- break;
+- case LDNS_RDF_TYPE_STR:
+- case LDNS_RDF_TYPE_NSEC3_SALT:
+- case LDNS_RDF_TYPE_TAG:
+- /* len is stored in first byte
+- * it should be in the rdf too, so just
+- * copy len+1 from this position
+- */
+- cur_rdf_length = ((size_t) wire[*pos]) + 1;
+- break;
+-
+- case LDNS_RDF_TYPE_INT16_DATA:
+- if (*pos + 2 > end) {
+- return LDNS_STATUS_PACKET_OVERFLOW;
+- }
+- cur_rdf_length =
+- (size_t) ldns_read_uint16(&wire[*pos]) + 2;
+- break;
+- case LDNS_RDF_TYPE_HIP:
+- if (*pos + 4 > end) {
+- return LDNS_STATUS_PACKET_OVERFLOW;
+- }
+- cur_rdf_length =
+- (size_t) wire[*pos] +
+- (size_t) ldns_read_uint16(&wire[*pos + 2]) + 4;
+- break;
+- case LDNS_RDF_TYPE_B32_EXT:
+- case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER:
+- /* length is stored in first byte */
+- cur_rdf_length = ((size_t) wire[*pos]) + 1;
+- break;
+- case LDNS_RDF_TYPE_APL:
+- case LDNS_RDF_TYPE_B64:
+- case LDNS_RDF_TYPE_HEX:
+- case LDNS_RDF_TYPE_NSEC:
+- case LDNS_RDF_TYPE_UNKNOWN:
+- case LDNS_RDF_TYPE_SERVICE:
+- case LDNS_RDF_TYPE_LOC:
+- case LDNS_RDF_TYPE_WKS:
+- case LDNS_RDF_TYPE_NSAP:
+- case LDNS_RDF_TYPE_ATMA:
+- case LDNS_RDF_TYPE_IPSECKEY:
+- case LDNS_RDF_TYPE_LONG_STR:
+- case LDNS_RDF_TYPE_NONE:
+- /*
+- * Read to end of rr rdata
+- */
+- cur_rdf_length = end - *pos;
+- break;
+- }
+-
+- /* fixed length rdata */
+- if (cur_rdf_length > 0) {
+- if (cur_rdf_length + *pos > end) {
+- return LDNS_STATUS_PACKET_OVERFLOW;
+- }
+- data = LDNS_XMALLOC(uint8_t, rd_length);
+- if (!data) {
+- return LDNS_STATUS_MEM_ERR;
+- }
+- memcpy(data, &wire[*pos], cur_rdf_length);
+-
+- cur_rdf = ldns_rdf_new(cur_rdf_type,
+- cur_rdf_length, data);
+- *pos = *pos + cur_rdf_length;
+- }
+-
+- if (cur_rdf) {
+- ldns_rr_push_rdf(rr, cur_rdf);
+- cur_rdf = NULL;
+- }
+-
+- rdf_index++;
+-
+- } /* while (rdf_index < ldns_rr_descriptor_maximum(descriptor)) */
+-
+-
+- return LDNS_STATUS_OK;
+-}
+-
+-
+-/* TODO:
+- can *pos be incremented at READ_INT? or maybe use something like
+- RR_CLASS(wire)?
+- uhhm Jelte??
+-*/
+-ldns_status
+-ldns_wire2rr(ldns_rr **rr_p, const uint8_t *wire, size_t max,
+- size_t *pos, ldns_pkt_section section)
+-{
+- ldns_rdf *owner = NULL;
+- ldns_rr *rr = ldns_rr_new();
+- ldns_status status;
+-
+- status = ldns_wire2dname(&owner, wire, max, pos);
+- LDNS_STATUS_CHECK_GOTO(status, status_error);
+-
+- ldns_rr_set_owner(rr, owner);
+-
+- if (*pos + 4 > max) {
+- status = LDNS_STATUS_PACKET_OVERFLOW;
+- goto status_error;
+- }
+-
+- ldns_rr_set_type(rr, ldns_read_uint16(&wire[*pos]));
+- *pos = *pos + 2;
+-
+- ldns_rr_set_class(rr, ldns_read_uint16(&wire[*pos]));
+- *pos = *pos + 2;
+-
+- if (section != LDNS_SECTION_QUESTION) {
+- if (*pos + 4 > max) {
+- status = LDNS_STATUS_PACKET_OVERFLOW;
+- goto status_error;
+- }
+- ldns_rr_set_ttl(rr, ldns_read_uint32(&wire[*pos]));
+-
+- *pos = *pos + 4;
+- status = ldns_wire2rdf(rr, wire, max, pos);
+-
+- LDNS_STATUS_CHECK_GOTO(status, status_error);
+- ldns_rr_set_question(rr, false);
+- } else {
+- ldns_rr_set_question(rr, true);
+- }
+-
+- *rr_p = rr;
+- return LDNS_STATUS_OK;
+-
+-status_error:
+- ldns_rr_free(rr);
+- return status;
+-}
+-
+-static ldns_status
+-ldns_wire2pkt_hdr(ldns_pkt *packet, const uint8_t *wire, size_t max, size_t *pos)
+-{
+- if (*pos + LDNS_HEADER_SIZE > max) {
+- return LDNS_STATUS_WIRE_INCOMPLETE_HEADER;
+- } else {
+- ldns_pkt_set_id(packet, LDNS_ID_WIRE(wire));
+- ldns_pkt_set_qr(packet, LDNS_QR_WIRE(wire));
+- ldns_pkt_set_opcode(packet, LDNS_OPCODE_WIRE(wire));
+- ldns_pkt_set_aa(packet, LDNS_AA_WIRE(wire));
+- ldns_pkt_set_tc(packet, LDNS_TC_WIRE(wire));
+- ldns_pkt_set_rd(packet, LDNS_RD_WIRE(wire));
+- ldns_pkt_set_ra(packet, LDNS_RA_WIRE(wire));
+- ldns_pkt_set_ad(packet, LDNS_AD_WIRE(wire));
+- ldns_pkt_set_cd(packet, LDNS_CD_WIRE(wire));
+- ldns_pkt_set_rcode(packet, LDNS_RCODE_WIRE(wire));
+-
+- ldns_pkt_set_qdcount(packet, LDNS_QDCOUNT(wire));
+- ldns_pkt_set_ancount(packet, LDNS_ANCOUNT(wire));
+- ldns_pkt_set_nscount(packet, LDNS_NSCOUNT(wire));
+- ldns_pkt_set_arcount(packet, LDNS_ARCOUNT(wire));
+-
+- *pos += LDNS_HEADER_SIZE;
+-
+- return LDNS_STATUS_OK;
+- }
+-}
+-
+-ldns_status
+-ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer)
+-{
+- /* lazy */
+- return ldns_wire2pkt(packet, ldns_buffer_begin(buffer),
+- ldns_buffer_limit(buffer));
+-
+-}
+-
+-ldns_status
+-ldns_wire2pkt(ldns_pkt **packet_p, const uint8_t *wire, size_t max)
+-{
+- size_t pos = 0;
+- uint16_t i;
+- ldns_rr *rr;
+- ldns_pkt *packet = ldns_pkt_new();
+- ldns_status status = LDNS_STATUS_OK;
+- uint8_t have_edns = 0;
+-
+- uint8_t data[4];
+-
+- status = ldns_wire2pkt_hdr(packet, wire, max, &pos);
+- LDNS_STATUS_CHECK_GOTO(status, status_error);
+-
+- for (i = 0; i < ldns_pkt_qdcount(packet); i++) {
+-
+- status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_QUESTION);
+- if (status == LDNS_STATUS_PACKET_OVERFLOW) {
+- status = LDNS_STATUS_WIRE_INCOMPLETE_QUESTION;
+- }
+- LDNS_STATUS_CHECK_GOTO(status, status_error);
+- if (!ldns_rr_list_push_rr(ldns_pkt_question(packet), rr)) {
+- ldns_pkt_free(packet);
+- return LDNS_STATUS_INTERNAL_ERR;
+- }
+- }
+- for (i = 0; i < ldns_pkt_ancount(packet); i++) {
+- status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_ANSWER);
+- if (status == LDNS_STATUS_PACKET_OVERFLOW) {
+- status = LDNS_STATUS_WIRE_INCOMPLETE_ANSWER;
+- }
+- LDNS_STATUS_CHECK_GOTO(status, status_error);
+- if (!ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr)) {
+- ldns_pkt_free(packet);
+- return LDNS_STATUS_INTERNAL_ERR;
+- }
+- }
+- for (i = 0; i < ldns_pkt_nscount(packet); i++) {
+- status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_AUTHORITY);
+- if (status == LDNS_STATUS_PACKET_OVERFLOW) {
+- status = LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY;
+- }
+- LDNS_STATUS_CHECK_GOTO(status, status_error);
+- if (!ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr)) {
+- ldns_pkt_free(packet);
+- return LDNS_STATUS_INTERNAL_ERR;
+- }
+- }
+- for (i = 0; i < ldns_pkt_arcount(packet); i++) {
+- status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_ADDITIONAL);
+- if (status == LDNS_STATUS_PACKET_OVERFLOW) {
+- status = LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL;
+- }
+- LDNS_STATUS_CHECK_GOTO(status, status_error);
+-
+- if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_OPT) {
+- ldns_pkt_set_edns_udp_size(packet, ldns_rr_get_class(rr));
+- ldns_write_uint32(data, ldns_rr_ttl(rr));
+- ldns_pkt_set_edns_extended_rcode(packet, data[0]);
+- ldns_pkt_set_edns_version(packet, data[1]);
+- ldns_pkt_set_edns_z(packet, ldns_read_uint16(&data[2]));
+- /* edns might not have rdfs */
+- if (ldns_rr_rdf(rr, 0)) {
+- ldns_pkt_set_edns_data(packet, ldns_rdf_clone(ldns_rr_rdf(rr, 0)));
+- }
+- ldns_rr_free(rr);
+- have_edns += 1;
+- } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_TSIG) {
+- ldns_pkt_set_tsig(packet, rr);
+- ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) - 1);
+- } else if (!ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr)) {
+- ldns_pkt_free(packet);
+- return LDNS_STATUS_INTERNAL_ERR;
+- }
+- }
+- ldns_pkt_set_size(packet, max);
+- if(have_edns)
+- ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet)
+- - have_edns);
+- packet->_edns_present = have_edns;
+-
+- *packet_p = packet;
+- return status;
+-
+-status_error:
+- ldns_pkt_free(packet);
+- return status;
+-}
+diff --git a/src/ldns/zone.c b/src/ldns/zone.c
+deleted file mode 100644
+index d97a81e..0000000
+--- a/src/ldns/zone.c
++++ /dev/null
+@@ -1,318 +0,0 @@
+-/* zone.c
+- *
+- * Functions for ldns_zone structure
+- * a Net::DNS like library for C
+- *
+- * (c) NLnet Labs, 2005-2006
+- * See the file LICENSE for the license
+- */
+-#include <ldns/config.h>
+-
+-#include <ldns/ldns.h>
+-
+-#include <strings.h>
+-#include <limits.h>
+-
+-ldns_rr *
+-ldns_zone_soa(const ldns_zone *z)
+-{
+- return z->_soa;
+-}
+-
+-size_t
+-ldns_zone_rr_count(const ldns_zone *z)
+-{
+- return ldns_rr_list_rr_count(z->_rrs);
+-}
+-
+-void
+-ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa)
+-{
+- z->_soa = soa;
+-}
+-
+-ldns_rr_list *
+-ldns_zone_rrs(const ldns_zone *z)
+-{
+- return z->_rrs;
+-}
+-
+-void
+-ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist)
+-{
+- z->_rrs = rrlist;
+-}
+-
+-bool
+-ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list)
+-{
+- return ldns_rr_list_cat(ldns_zone_rrs(z), list);
+-
+-}
+-
+-bool
+-ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr)
+-{
+- return ldns_rr_list_push_rr( ldns_zone_rrs(z), rr);
+-}
+-
+-
+-/*
+- * Get the list of glue records in a zone
+- * XXX: there should be a way for this to return error, other than NULL,
+- * since NULL is a valid return
+- */
+-ldns_rr_list *
+-ldns_zone_glue_rr_list(const ldns_zone *z)
+-{
+- /* when do we find glue? It means we find an IP address
+- * (AAAA/A) for a nameserver listed in the zone
+- *
+- * Alg used here:
+- * first find all the zonecuts (NS records)
+- * find all the AAAA or A records (can be done it the
+- * above loop).
+- *
+- * Check if the aaaa/a list are subdomains under the
+- * NS domains.
+- * If yes -> glue, if no -> not glue
+- */
+-
+- ldns_rr_list *zone_cuts;
+- ldns_rr_list *addr;
+- ldns_rr_list *glue;
+- ldns_rr *r, *ns, *a;
+- ldns_rdf *dname_a, *ns_owner;
+- size_t i,j;
+-
+- zone_cuts = NULL;
+- addr = NULL;
+- glue = NULL;
+-
+- /* we cannot determine glue in a 'zone' without a SOA */
+- if (!ldns_zone_soa(z)) {
+- return NULL;
+- }
+-
+- zone_cuts = ldns_rr_list_new();
+- if (!zone_cuts) goto memory_error;
+- addr = ldns_rr_list_new();
+- if (!addr) goto memory_error;
+- glue = ldns_rr_list_new();
+- if (!glue) goto memory_error;
+-
+- for(i = 0; i < ldns_zone_rr_count(z); i++) {
+- r = ldns_rr_list_rr(ldns_zone_rrs(z), i);
+- if (ldns_rr_get_type(r) == LDNS_RR_TYPE_A ||
+- ldns_rr_get_type(r) == LDNS_RR_TYPE_AAAA) {
+- /* possibly glue */
+- if (!ldns_rr_list_push_rr(addr, r)) goto memory_error;
+- continue;
+- }
+- if (ldns_rr_get_type(r) == LDNS_RR_TYPE_NS) {
+- /* multiple zones will end up here -
+- * for now; not a problem
+- */
+- /* don't add NS records for the current zone itself */
+- if (ldns_rdf_compare(ldns_rr_owner(r),
+- ldns_rr_owner(ldns_zone_soa(z))) != 0) {
+- if (!ldns_rr_list_push_rr(zone_cuts, r)) goto memory_error;
+- }
+- continue;
+- }
+- }
+-
+- /* will sorting make it quicker ?? */
+- for(i = 0; i < ldns_rr_list_rr_count(zone_cuts); i++) {
+- ns = ldns_rr_list_rr(zone_cuts, i);
+- ns_owner = ldns_rr_owner(ns);
+-
+- for(j = 0; j < ldns_rr_list_rr_count(addr); j++) {
+- a = ldns_rr_list_rr(addr, j);
+- dname_a = ldns_rr_owner(a);
+-
+- if (ldns_dname_is_subdomain(dname_a, ns_owner) ||
+- ldns_dname_compare(dname_a, ns_owner) == 0) {
+- /* GLUE! */
+- if (!ldns_rr_list_push_rr(glue, a)) goto memory_error;
+- }
+- }
+- }
+-
+- ldns_rr_list_free(addr);
+- ldns_rr_list_free(zone_cuts);
+-
+- if (ldns_rr_list_rr_count(glue) == 0) {
+- ldns_rr_list_free(glue);
+- return NULL;
+- } else {
+- return glue;
+- }
+-
+-memory_error:
+- if (zone_cuts) {
+- LDNS_FREE(zone_cuts);
+- }
+- if (addr) {
+- ldns_rr_list_free(addr);
+- }
+- if (glue) {
+- ldns_rr_list_free(glue);
+- }
+- return NULL;
+-}
+-
+-ldns_zone *
+-ldns_zone_new(void)
+-{
+- ldns_zone *z;
+-
+- z = LDNS_MALLOC(ldns_zone);
+- if (!z) {
+- return NULL;
+- }
+-
+- z->_rrs = ldns_rr_list_new();
+- if (!z->_rrs) {
+- LDNS_FREE(z);
+- return NULL;
+- }
+- ldns_zone_set_soa(z, NULL);
+- return z;
+-}
+-
+-/* we regocnize:
+- * $TTL, $ORIGIN
+- */
+-ldns_status
+-ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c)
+-{
+- return ldns_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL);
+-}
+-
+-/* XXX: class is never used */
+-ldns_status
+-ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl,
+- ldns_rr_class ATTR_UNUSED(c), int *line_nr)
+-{
+- ldns_zone *newzone;
+- ldns_rr *rr;
+- uint32_t my_ttl;
+- ldns_rdf *my_origin;
+- ldns_rdf *my_prev;
+- bool soa_seen = false; /* 2 soa are an error */
+- ldns_status s;
+- ldns_status ret;
+-
+- /* most cases of error are memory problems */
+- ret = LDNS_STATUS_MEM_ERR;
+-
+- newzone = NULL;
+- my_origin = NULL;
+- my_prev = NULL;
+-
+- my_ttl = ttl;
+-
+- if (origin) {
+- my_origin = ldns_rdf_clone(origin);
+- if (!my_origin) goto error;
+- /* also set the prev */
+- my_prev = ldns_rdf_clone(origin);
+- if (!my_prev) goto error;
+- }
+-
+- newzone = ldns_zone_new();
+- if (!newzone) goto error;
+-
+- while(!feof(fp)) {
+- s = ldns_rr_new_frm_fp_l(&rr, fp, &my_ttl, &my_origin, &my_prev, line_nr);
+- switch (s) {
+- case LDNS_STATUS_OK:
+- if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
+- if (soa_seen) {
+- /* second SOA
+- * just skip, maybe we want to say
+- * something??? */
+- ldns_rr_free(rr);
+- continue;
+- }
+- soa_seen = true;
+- ldns_zone_set_soa(newzone, rr);
+- /* set origin to soa if not specified */
+- if (!my_origin) {
+- my_origin = ldns_rdf_clone(ldns_rr_owner(rr));
+- }
+- continue;
+- }
+-
+- /* a normal RR - as sofar the DNS is normal */
+- if (!ldns_zone_push_rr(newzone, rr)) goto error;
+-
+- case LDNS_STATUS_SYNTAX_EMPTY:
+- /* empty line was seen */
+- case LDNS_STATUS_SYNTAX_TTL:
+- /* the function set the ttl */
+- break;
+- case LDNS_STATUS_SYNTAX_ORIGIN:
+- /* the function set the origin */
+- break;
+- case LDNS_STATUS_SYNTAX_INCLUDE:
+- ret = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL;
+- break;
+- default:
+- ret = s;
+- goto error;
+- }
+- }
+-
+- if (my_origin) {
+- ldns_rdf_deep_free(my_origin);
+- }
+- if (my_prev) {
+- ldns_rdf_deep_free(my_prev);
+- }
+- if (z) {
+- *z = newzone;
+- } else {
+- ldns_zone_free(newzone);
+- }
+-
+- return LDNS_STATUS_OK;
+-
+-error:
+- if (my_origin) {
+- ldns_rdf_deep_free(my_origin);
+- }
+- if (my_prev) {
+- ldns_rdf_deep_free(my_prev);
+- }
+- if (newzone) {
+- ldns_zone_free(newzone);
+- }
+- return ret;
+-}
+-
+-void
+-ldns_zone_sort(ldns_zone *zone)
+-{
+- ldns_rr_list *zrr;
+- assert(zone != NULL);
+-
+- zrr = ldns_zone_rrs(zone);
+- ldns_rr_list_sort(zrr);
+-}
+-
+-void
+-ldns_zone_free(ldns_zone *zone)
+-{
+- ldns_rr_list_free(zone->_rrs);
+- LDNS_FREE(zone);
+-}
+-
+-void
+-ldns_zone_deep_free(ldns_zone *zone)
+-{
+- ldns_rr_free(zone->_soa);
+- ldns_rr_list_deep_free(zone->_rrs);
+- LDNS_FREE(zone);
+-}
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..cd64c59
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-Use-system-ldns-library-for-compilation.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libnet-ldns-perl.git
More information about the Pkg-perl-cvs-commits
mailing list