/** * This routine adds a new RR to a trust anchor. The trust anchor may not * exist yet, and is created if not. The RR can be DS or DNSKEY. * This routine will also remove duplicates; storing them only once. * @param anchors: anchor storage. * @param name: name of trust anchor (wireformat) * @param type: type or RR * @param dclass: class of RR * @param rdata: rdata wireformat, starting with rdlength. * If NULL, nothing is stored, but an entry is created. * @param rdata_len: length of rdata including rdlength. * @return: NULL on error, else the trust anchor. */ static struct trust_anchor* anchor_store_new_key(struct val_anchors* anchors, uint8_t* name, uint16_t type, uint16_t dclass, uint8_t* rdata, size_t rdata_len) { struct ta_key* k; struct trust_anchor* ta; int namelabs; size_t namelen; namelabs = dname_count_size_labels(name, &namelen); if(type != LDNS_RR_TYPE_DS && type != LDNS_RR_TYPE_DNSKEY) { log_err("Bad type for trust anchor"); return 0; } /* lookup or create trustanchor */ ta = anchor_find(anchors, name, namelabs, namelen, dclass); if(!ta) { ta = anchor_new_ta(anchors, name, namelabs, namelen, dclass); if(!ta) return NULL; lock_basic_lock(&ta->lock); } if(!rdata) { lock_basic_unlock(&ta->lock); return ta; } /* look for duplicates */ if(anchor_find_key(ta, rdata, rdata_len, type)) { lock_basic_unlock(&ta->lock); return ta; } k = anchor_new_ta_key(anchors, rdata, rdata_len, type); if(!k) { lock_basic_unlock(&ta->lock); return NULL; } /* add new key */ if(type == LDNS_RR_TYPE_DS) ta->numDS++; else ta->numDNSKEY++; k->next = ta->keylist; ta->keylist = k; lock_basic_unlock(&ta->lock); return ta; }
int anchors_add_insecure(struct val_anchors* anchors, uint16_t c, uint8_t* nm) { struct trust_anchor key; key.node.key = &key; key.name = nm; key.namelabs = dname_count_size_labels(nm, &key.namelen); key.dclass = c; lock_basic_lock(&anchors->lock); if(rbtree_search(anchors->tree, &key)) { lock_basic_unlock(&anchors->lock); /* nothing to do, already an anchor or insecure point */ return 1; } if(!anchor_new_ta(anchors, nm, key.namelabs, key.namelen, c, 0)) { log_err("out of memory"); lock_basic_unlock(&anchors->lock); return 0; } /* no other contents in new ta, because it is insecure point */ anchors_init_parents_locked(anchors); lock_basic_unlock(&anchors->lock); return 1; }