Here's a slightly overdue update to ldns-utils 1.7.0.
I've tested the bits I use, is there anyone using dnssec who wants
to test those parts?
Index: Makefile.inc
===================================================================
RCS file: /cvs/ports/net/ldns/Makefile.inc,v
retrieving revision 1.30
diff -u -p -r1.30 Makefile.inc
--- Makefile.inc 15 Jun 2014 20:20:34 -0000 1.30
+++ Makefile.inc 5 Jun 2017 08:59:31 -0000
@@ -1,6 +1,6 @@
# $OpenBSD: Makefile.inc,v 1.30 2014/06/15 20:20:34 sthen Exp $
-VERSION= 1.6.17
+VERSION= 1.7.0
DISTNAME= ldns-${VERSION}
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/ldns/distinfo,v
retrieving revision 1.7
diff -u -p -r1.7 distinfo
--- distinfo 22 Jan 2014 00:15:36 -0000 1.7
+++ distinfo 5 Jun 2017 08:59:31 -0000
@@ -1,2 +1,2 @@
-SHA256 (ldns-1.6.17.tar.gz) = i4jgWUUhGOiUmidSpVzlm8cfpbxBQQPhf1trBvm8yM0=
-SIZE (ldns-1.6.17.tar.gz) = 1315403
+SHA256 (ldns-1.7.0.tar.gz) = wZ9bG0+zdM/jT0hF6hGx4FUd3GeAO9bd1dKiDwmXpsw=
+SIZE (ldns-1.7.0.tar.gz) = 1304424
Index: libldns/Makefile
===================================================================
RCS file: /cvs/ports/net/ldns/libldns/Makefile,v
retrieving revision 1.30
diff -u -p -r1.30 Makefile
--- libldns/Makefile 11 May 2015 16:24:38 -0000 1.30
+++ libldns/Makefile 5 Jun 2017 08:59:31 -0000
@@ -3,11 +3,15 @@
COMMENT= DNS library modelled after Net::DNS
PKGNAME= libldns-${VERSION}
-REVISION= 1
-SHARED_LIBS += ldns 6.1
+SHARED_LIBS += ldns 7.0 # 2.0
# ssl included as ssl.h has been used.
WANTLIB= crypto ssl
+
+# "OpenSSL does not support offline DANE verification (Needed for the
+# DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun
+# with --disable-dane-verify or --disable-dane-ta-usage"
+CONFIGURE_ARGS= --disable-dane-ta-usage
.include <bsd.port.mk>
Index: libldns/patches/patch-Makefile_in
===================================================================
RCS file: /cvs/ports/net/ldns/libldns/patches/patch-Makefile_in,v
retrieving revision 1.15
diff -u -p -r1.15 patch-Makefile_in
--- libldns/patches/patch-Makefile_in 22 Jan 2014 00:15:36 -0000 1.15
+++ libldns/patches/patch-Makefile_in 5 Jun 2017 08:59:31 -0000
@@ -1,16 +1,17 @@
$OpenBSD: patch-Makefile_in,v 1.15 2014/01/22 00:15:36 brad Exp $
---- Makefile.in.orig Fri Jan 10 16:04:41 2014
-+++ Makefile.in Fri Jan 10 17:42:38 2014
-@@ -12,7 +12,7 @@ datarootdir = @datarootdir@
- datadir = @datadir@
+Index: Makefile.in
+--- Makefile.in.orig
++++ Makefile.in
+@@ -13,7 +13,7 @@ datadir = @datadir@
libdir = @libdir@
includedir = @includedir@
+ sysconfdir = @sysconfdir@
-doxygen = @doxygen@
+#doxygen = @doxygen@
pywrapdir = $(srcdir)/contrib/python
pyldnsxwrapdir = $(srcdir)/contrib/ldnsx
p5_dns_ldns_dir = $(srcdir)/contrib/DNS-LDNS
-@@ -320,7 +320,6 @@ uninstall-h:
+@@ -358,7 +358,6 @@ uninstall-h:
install-lib: lib
$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)
$(LIBTOOL) --mode=install cp libldns.la $(DESTDIR)$(libdir)
Index: libldns/patches/patch-doc_doxyparse_pl
===================================================================
RCS file: libldns/patches/patch-doc_doxyparse_pl
diff -N libldns/patches/patch-doc_doxyparse_pl
--- libldns/patches/patch-doc_doxyparse_pl 14 Apr 2016 23:02:27 -0000
1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
-$OpenBSD: patch-doc_doxyparse_pl,v 1.1 2016/04/14 23:02:27 sthen Exp $
---- doc/doxyparse.pl.orig Thu Apr 14 17:00:36 2016
-+++ doc/doxyparse.pl Thu Apr 14 17:00:51 2016
-@@ -273,7 +273,7 @@ foreach (keys %manpages) {
-
- print MAN $MAN_MIDDLE;
-
-- if (defined(@$also)) {
-+ if (@$also) {
- print MAN "\n.SH SEE ALSO\n\\fI";
- print MAN join "\\fR, \\fI", @$also;
- print MAN "\\fR.\nAnd ";
Index: libldns/pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/ldns/libldns/pkg/PLIST,v
retrieving revision 1.9
diff -u -p -r1.9 PLIST
--- libldns/pkg/PLIST 22 Jan 2014 00:15:36 -0000 1.9
+++ libldns/pkg/PLIST 5 Jun 2017 08:59:31 -0000
@@ -38,20 +38,34 @@ lib/libldns.a
lib/libldns.la
@lib lib/libldns.so.${LIBldns_VERSION}
@man man/man1/ldns-config.1
+@man man/man3/ldns_algorithm.3
+@man man/man3/ldns_axfr_abort.3
+@man man/man3/ldns_axfr_complete.3
+@man man/man3/ldns_axfr_last_pkt.3
+@man man/man3/ldns_axfr_next.3
+@man man/man3/ldns_axfr_start.3
+@man man/man3/ldns_b32_ntop_calculate_size.3
+@man man/man3/ldns_b32_pton_calculate_size.3
+@man man/man3/ldns_b64_ntop_calculate_size.3
+@man man/man3/ldns_b64_pton_calculate_size.3
@man man/man3/ldns_bget_token.3
@man man/man3/ldns_bgetc.3
@man man/man3/ldns_bskipcs.3
+@man man/man3/ldns_bubblebabble.3
@man man/man3/ldns_buffer.3
@man man/man3/ldns_buffer2pkt_wire.3
+@man man/man3/ldns_buffer2str.3
@man man/man3/ldns_buffer_at.3
@man man/man3/ldns_buffer_available.3
@man man/man3/ldns_buffer_available_at.3
@man man/man3/ldns_buffer_begin.3
@man man/man3/ldns_buffer_capacity.3
@man man/man3/ldns_buffer_clear.3
+@man man/man3/ldns_buffer_copy.3
@man man/man3/ldns_buffer_current.3
@man man/man3/ldns_buffer_end.3
@man man/man3/ldns_buffer_export.3
+@man man/man3/ldns_buffer_export2str.3
@man man/man3/ldns_buffer_flip.3
@man man/man3/ldns_buffer_free.3
@man man/man3/ldns_buffer_limit.3
@@ -83,9 +97,12 @@ lib/libldns.la
@man man/man3/ldns_buffer_write_string_at.3
@man man/man3/ldns_buffer_write_u16.3
@man man/man3/ldns_buffer_write_u16_at.3
+@man man/man3/ldns_buffer_write_u32.3
+@man man/man3/ldns_buffer_write_u32_at.3
@man man/man3/ldns_buffer_write_u8.3
@man man/man3/ldns_buffer_write_u8_at.3
@man man/man3/ldns_calc_keytag.3
+@man man/man3/ldns_calc_keytag_raw.3
@man man/man3/ldns_create_nsec.3
@man man/man3/ldns_dane_cert2rdf.3
@man man/man3/ldns_dane_create_tlsa_owner.3
@@ -93,7 +110,6 @@ lib/libldns.la
@man man/man3/ldns_dane_select_certificate.3
@man man/man3/ldns_dane_verify.3
@man man/man3/ldns_dane_verify_rr.3
-@man man/man3/ldns_dname.3
@man man/man3/ldns_dname2canonical.3
@man man/man3/ldns_dname_cat.3
@man man/man3/ldns_dname_cat_clone.3
@@ -167,6 +183,13 @@ lib/libldns.la
@man man/man3/ldns_dnssec_zone_print.3
@man man/man3/ldns_dnssec_zone_sign.3
@man man/man3/ldns_dnssec_zone_sign_nsec3.3
+@man man/man3/ldns_duration2string.3
+@man man/man3/ldns_duration2time.3
+@man man/man3/ldns_duration_cleanup.3
+@man man/man3/ldns_duration_compare.3
+@man man/man3/ldns_duration_create.3
+@man man/man3/ldns_duration_create_from_string.3
+@man man/man3/ldns_duration_type.3
@man man/man3/ldns_fget_token.3
@man man/man3/ldns_fskipcs.3
@man man/man3/ldns_get_errorstr_by_id.3
@@ -184,6 +207,7 @@ lib/libldns.la
@man man/man3/ldns_key2buffer_str.3
@man man/man3/ldns_key2rr.3
@man man/man3/ldns_key2str.3
+@man man/man3/ldns_key_algo_supported.3
@man man/man3/ldns_key_algorithm.3
@man man/man3/ldns_key_buf2dsa.3
@man man/man3/ldns_key_buf2rsa.3
@@ -350,7 +374,6 @@ lib/libldns.la
@man man/man3/ldns_rdf_set_type.3
@man man/man3/ldns_rdf_size.3
@man man/man3/ldns_rdf_type.3
-@man man/man3/ldns_resolver_print.3
@man man/man3/ldns_rr.3
@man man/man3/ldns_rr2buffer_str.3
@man man/man3/ldns_rr2buffer_wire.3
@@ -385,7 +408,6 @@ lib/libldns.la
@man man/man3/ldns_rr_list_free.3
@man man/man3/ldns_rr_list_new.3
@man man/man3/ldns_rr_list_pop_rr.3
-@man man/man3/ldns_rr_list_print.3
@man man/man3/ldns_rr_list_push_rr.3
@man man/man3/ldns_rr_list_rr_count.3
@man man/man3/ldns_rr_list_set_rr_count.3
@@ -441,7 +463,6 @@ lib/libldns.la
@man man/man3/ldns_sign_public_rsasha1.3
@man man/man3/ldns_status.3
@man man/man3/ldns_str2period.3
-@man man/man3/ldns_str_remove_comment.3
@man man/man3/ldns_tcp_connect.3
@man man/man3/ldns_tcp_read_wire.3
@man man/man3/ldns_tcp_send_query.3
@@ -463,22 +484,27 @@ lib/libldns.la
@man man/man3/ldns_verify_rrsig_keylist_notime.3
@man man/man3/ldns_verify_rrsig_rsamd5.3
@man man/man3/ldns_verify_rrsig_rsasha1.3
+@man man/man3/ldns_version.3
@man man/man3/ldns_wire2dname.3
@man man/man3/ldns_wire2pkt.3
@man man/man3/ldns_wire2rdf.3
@man man/man3/ldns_wire2rr.3
@man man/man3/ldns_zone.3
@man man/man3/ldns_zone_deep_free.3
+@man man/man3/ldns_zone_free.3
@man man/man3/ldns_zone_glue_rr_list.3
@man man/man3/ldns_zone_new.3
@man man/man3/ldns_zone_new_frm_fp.3
@man man/man3/ldns_zone_new_frm_fp_l.3
@man man/man3/ldns_zone_print.3
+@man man/man3/ldns_zone_print_fmt.3
@man man/man3/ldns_zone_push_rr.3
@man man/man3/ldns_zone_push_rr_list.3
@man man/man3/ldns_zone_rr_count.3
@man man/man3/ldns_zone_rrs.3
@man man/man3/ldns_zone_set_rrs.3
@man man/man3/ldns_zone_set_soa.3
+@man man/man3/ldns_zone_sign.3
+@man man/man3/ldns_zone_sign_nsec3.3
@man man/man3/ldns_zone_soa.3
@man man/man3/ldns_zone_sort.3
Index: utils/Makefile
===================================================================
RCS file: /cvs/ports/net/ldns/utils/Makefile,v
retrieving revision 1.31
diff -u -p -r1.31 Makefile
--- utils/Makefile 16 Jan 2016 13:15:26 -0000 1.31
+++ utils/Makefile 5 Jun 2017 08:59:31 -0000
@@ -3,7 +3,6 @@
COMMENT= LDNS utilities
PKGNAME= ldns-utils-${VERSION}
-REVISION= 0
WANTLIB= c crypto ldns>=6.1 pcap ssl
LIB_DEPENDS+= net/ldns/libldns>=1.6.17
@@ -14,7 +13,10 @@ USE_GMAKE= Yes
CONFIGURE_ARGS+= --with-ldns=${LOCALBASE}
CONFIGURE_ENV+= libtool=${LIBTOOL}
+# uses ldns_key_EVP_load_gost_id which we don't have
+CONFIGURE_ARGS+= --disable-gost
+
CONFIGURE_STYLE= autoconf
-AUTOCONF_VERSION= 2.68
+AUTOCONF_VERSION= 2.69
.include <bsd.port.mk>
Index: utils/patches/patch-dnssec_c
===================================================================
RCS file: utils/patches/patch-dnssec_c
diff -N utils/patches/patch-dnssec_c
--- utils/patches/patch-dnssec_c 16 Jan 2016 13:15:26 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,46 +0,0 @@
-$OpenBSD: patch-dnssec_c,v 1.1 2016/01/16 13:15:26 sthen Exp $
-
-Fix ECDSA signature generation, do not omit leading zeroes.
-http://git.nlnetlabs.nl/ldns/commit/?h=develop&id=1139fdc7f6d78cc9a93e46d3defcd05d15c45af0
-
---- dnssec.c.orig Fri Jan 10 16:04:41 2014
-+++ dnssec.c Fri Jan 15 23:06:29 2016
-@@ -1806,7 +1806,8 @@ ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_bu
- #ifdef USE_ECDSA
- #ifndef S_SPLINT_S
- ldns_rdf *
--ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
-+ldns_convert_ecdsa_rrsig_asn1len2rdf(const ldns_buffer *sig,
-+ const long sig_len, int num_bytes)
- {
- ECDSA_SIG* ecdsa_sig;
- unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
-@@ -1815,16 +1816,22 @@ ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *s
- if(!ecdsa_sig) return NULL;
-
- /* "r | s". */
-- data = LDNS_XMALLOC(unsigned char,
-- BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s));
-+ if(BN_num_bytes(ecdsa_sig->r) > num_bytes ||
-+ BN_num_bytes(ecdsa_sig->s) > num_bytes) {
-+ ECDSA_SIG_free(ecdsa_sig);
-+ return NULL; /* numbers too big for passed curve size */
-+ }
-+ data = LDNS_XMALLOC(unsigned char, num_bytes*2);
- if(!data) {
- ECDSA_SIG_free(ecdsa_sig);
- return NULL;
- }
-- BN_bn2bin(ecdsa_sig->r, data);
-- BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r));
-- rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)(
-- BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)), data);
-+ /* write the bignums (in big-endian) a little offset if the BN code
-+ * wants to write a shorter number of bytes, with zeroes prefixed */
-+ memset(data, 0, num_bytes*2);
-+ BN_bn2bin(ecdsa_sig->r, data+num_bytes-BN_num_bytes(ecdsa_sig->r));
-+ BN_bn2bin(ecdsa_sig->s, data+num_bytes*2-BN_num_bytes(ecdsa_sig->s));
-+ rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)(num_bytes*2), data);
- ECDSA_SIG_free(ecdsa_sig);
- return rdf;
- }
Index: utils/patches/patch-dnssec_sign_c
===================================================================
RCS file: utils/patches/patch-dnssec_sign_c
diff -N utils/patches/patch-dnssec_sign_c
--- utils/patches/patch-dnssec_sign_c 16 Jan 2016 13:15:26 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,43 +0,0 @@
-$OpenBSD: patch-dnssec_sign_c,v 1.1 2016/01/16 13:15:26 sthen Exp $
-
-Fix ECDSA signature generation, do not omit leading zeroes.
-http://git.nlnetlabs.nl/ldns/commit/?h=develop&id=1139fdc7f6d78cc9a93e46d3defcd05d15c45af0
-
---- dnssec_sign.c.orig Fri Jan 10 16:04:41 2014
-+++ dnssec_sign.c Fri Jan 15 23:06:29 2016
-@@ -367,6 +367,7 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
-
- #ifdef USE_ECDSA
- #ifndef S_SPLINT_S
-+/** returns the number of bytes per signature-component (i.e. bits/8), or 0.
*/
- static int
- ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
- {
-@@ -380,11 +381,13 @@ ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
- EC_KEY_free(ec);
- return 0;
- }
-- if(EC_GROUP_get_curve_name(g) == NID_secp224r1 ||
-- EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 ||
-- EC_GROUP_get_curve_name(g) == NID_secp384r1) {
-+ if(EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1) {
- EC_KEY_free(ec);
-- return 1;
-+ return 32; /* 256/8 */
-+ }
-+ if(EC_GROUP_get_curve_name(g) == NID_secp384r1) {
-+ EC_KEY_free(ec);
-+ return 48; /* 384/8 */
- }
- /* downref the eckey, the original is still inside the pkey */
- EC_KEY_free(ec);
-@@ -448,7 +451,8 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
- #ifdef USE_ECDSA
- } else if(EVP_PKEY_type(key->type) == EVP_PKEY_EC &&
- ldns_pkey_is_ecdsa(key)) {
-- sigdata_rdf = ldns_convert_ecdsa_rrsig_asn12rdf(b64sig,
siglen);
-+ sigdata_rdf = ldns_convert_ecdsa_rrsig_asn1len2rdf(
-+ b64sig, siglen, ldns_pkey_is_ecdsa(key));
- #endif
- } else {
- /* ok output for other types is the same */
Index: utils/patches/patch-examples_configure_ac
===================================================================
RCS file: /cvs/ports/net/ldns/utils/patches/patch-examples_configure_ac,v
retrieving revision 1.1
diff -u -p -r1.1 patch-examples_configure_ac
--- utils/patches/patch-examples_configure_ac 15 Jun 2014 20:20:34 -0000
1.1
+++ utils/patches/patch-examples_configure_ac 5 Jun 2017 08:59:31 -0000
@@ -1,12 +1,28 @@
$OpenBSD: patch-examples_configure_ac,v 1.1 2014/06/15 20:20:34 sthen Exp $
---- examples/configure.ac.orig Fri Jan 10 21:04:41 2014
-+++ examples/configure.ac Thu Jun 12 19:44:27 2014
-@@ -207,6 +207,8 @@ case "$enable_dane" in
+Index: examples/configure.ac
+--- examples/configure.ac.orig
++++ examples/configure.ac
+@@ -133,6 +133,14 @@ tmp_LIBS="$LIBS"
+
+ ACX_WITH_SSL_OPTIONAL
+
++AC_MSG_CHECKING([for LibreSSL])
++if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL"
>/dev/null; then
++ AC_MSG_RESULT([yes])
++ AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL])
++else
++ AC_MSG_RESULT([no])
++fi
++
+ AC_SUBST(LIBSSL_CPPFLAGS)
+ AC_SUBST(LIBSSL_LDFLAGS)
+ AC_SUBST(LIBSSL_LIBS)
+@@ -206,6 +214,8 @@ case "$enable_dane" in
+ AC_DEFINE_UNQUOTED([USE_DANE], [1], [Define this to enable DANE
support.])
;;
esac
-
-+AC_CHECK_FUNCS(ENGINE_load_cryptodev)
+
++AC_CHECK_FUNCS(ENGINE_load_cryptodev)
+
LDFLAGS="$tmp_LDFLAGS"
LIBS="$tmp_LIBS"
-
Index: utils/patches/patch-examples_ldns-signzone_c
===================================================================
RCS file: /cvs/ports/net/ldns/utils/patches/patch-examples_ldns-signzone_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-examples_ldns-signzone_c
--- utils/patches/patch-examples_ldns-signzone_c 15 Jun 2014 20:20:34
-0000 1.1
+++ utils/patches/patch-examples_ldns-signzone_c 5 Jun 2017 08:59:31
-0000
@@ -1,10 +1,11 @@
$OpenBSD: patch-examples_ldns-signzone_c,v 1.1 2014/06/15 20:20:34 sthen Exp $
---- examples/ldns-signzone.c.orig Thu Jun 12 19:37:28 2014
-+++ examples/ldns-signzone.c Thu Jun 12 19:39:31 2014
-@@ -39,8 +39,10 @@ usage(FILE *fp, const char *prog) {
- fprintf(fp, " -o <domain>\torigin for the zone\n");
+Index: examples/ldns-signzone.c
+--- examples/ldns-signzone.c.orig
++++ examples/ldns-signzone.c
+@@ -40,8 +40,10 @@ usage(FILE *fp, const char *prog) {
fprintf(fp, " -v\t\tprint version and exit\n");
fprintf(fp, " -A\t\tsign DNSKEY with all keys instead of minimal\n");
+ fprintf(fp, " -U\t\tSign with every unique algorithm in the provided
keys\n");
+#ifdef HAVE_ENGINE_LOAD_CRYPTODEV
fprintf(fp, " -E <name>\tuse <name> as the crypto engine for
signing\n");
fprintf(fp, " \tThis can have a lot of extra options, see the
manual page for more info\n");
@@ -12,7 +13,7 @@ $OpenBSD: patch-examples_ldns-signzone_c
fprintf(fp, " -k <id>,<int>\tuse key id with algorithm int from
engine\n");
fprintf(fp, " -K <id>,<int>\tuse key id with algorithm int from engine
as KSK\n");
fprintf(fp, "\t\tif no key is given (but an external one is used
through the engine support, it might be necessary to provide the right
algorithm number.\n");
-@@ -470,6 +472,7 @@ main(int argc, char *argv[])
+@@ -446,6 +448,7 @@ main(int argc, char *argv[])
case 'A':
signflags |= LDNS_SIGN_DNSKEY_WITH_ZSK;
break;
@@ -20,7 +21,7 @@ $OpenBSD: patch-examples_ldns-signzone_c
case 'E':
ENGINE_load_builtin_engines();
ENGINE_load_dynamic();
-@@ -494,6 +497,7 @@ main(int argc, char *argv[])
+@@ -472,6 +475,7 @@ main(int argc, char *argv[])
ENGINE_set_default(engine, 0);
}
break;
Index: utils/patches/patch-ldns_dnssec_h
===================================================================
RCS file: utils/patches/patch-ldns_dnssec_h
diff -N utils/patches/patch-ldns_dnssec_h
--- utils/patches/patch-ldns_dnssec_h 16 Jan 2016 13:15:26 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,28 +0,0 @@
-$OpenBSD: patch-ldns_dnssec_h,v 1.1 2016/01/16 13:15:26 sthen Exp $
-
-Fix ECDSA signature generation, do not omit leading zeroes.
-http://git.nlnetlabs.nl/ldns/commit/?h=develop&id=1139fdc7f6d78cc9a93e46d3defcd05d15c45af0
-
---- ldns/dnssec.h.orig Fri Jan 10 16:04:41 2014
-+++ ldns/dnssec.h Fri Jan 15 23:06:29 2016
-@@ -511,13 +511,19 @@ ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_bu
- * Converts the ECDSA signature from ASN1 representation (as
- * used by OpenSSL) to raw signature data as used in DNS
- * This routine is only present if ldns is compiled with ecdsa support.
-+ * The older ldns_convert_ecdsa_rrsig_asn12rdf routine could not (always)
-+ * construct a valid rdf because it did not have the num_bytes parameter.
-+ * The num_bytes parameter is 32 for p256 and 48 for p384 (bits/8).
- *
- * \param[in] sig The signature in ASN1 format
- * \param[in] sig_len The length of the signature
-+ * \param[in] num_bytes number of bytes for values in the curve, the curve
-+ * size divided by 8.
- * \return a new rdf with the signature
- */
- ldns_rdf *
--ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len);
-+ldns_convert_ecdsa_rrsig_asn1len2rdf(const ldns_buffer *sig,
-+ const long sig_len, int num_bytes);
-
- /**
- * Converts the RRSIG signature RDF (from DNS) to a buffer with the
