Commit | Line | Data |
---|---|---|
825eb42b JL |
1 | /* |
2 | * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC) | |
3 | * | |
4 | * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. | |
5 | * | |
6 | * See LICENSE for the license. | |
7 | * | |
8 | * A bunch of defines that are used in the DNS | |
9 | */ | |
10 | ||
11 | /** | |
12 | * \file dnssec.h | |
13 | * | |
14 | * This module contains base functions for DNSSEC operations | |
15 | * (RFC4033 t/m RFC4035). | |
16 | * | |
17 | * Since those functions heavily rely op cryptographic operations, | |
18 | * this module is dependent on openssl. | |
19 | * | |
20 | */ | |
21 | ||
22 | ||
23 | #ifndef LDNS_DNSSEC_H | |
24 | #define LDNS_DNSSEC_H | |
25 | ||
b5dedcca JL |
26 | #include <ldns/common.h> |
27 | #if LDNS_BUILD_CONFIG_HAVE_SSL | |
825eb42b JL |
28 | #include <openssl/ssl.h> |
29 | #include <openssl/evp.h> | |
b5dedcca | 30 | #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ |
825eb42b JL |
31 | #include <ldns/packet.h> |
32 | #include <ldns/keys.h> | |
33 | #include <ldns/zone.h> | |
34 | #include <ldns/resolver.h> | |
35 | #include <ldns/dnssec_zone.h> | |
36 | ||
ac996e71 JL |
37 | #ifdef __cplusplus |
38 | extern "C" { | |
39 | #endif | |
40 | ||
825eb42b JL |
41 | #define LDNS_MAX_KEYLEN 2048 |
42 | #define LDNS_DNSSEC_KEYPROTO 3 | |
43 | /* default time before sigs expire */ | |
44 | #define LDNS_DEFAULT_EXP_TIME 2419200 /* 4 weeks */ | |
45 | ||
46 | /** return values for the old-signature callback */ | |
47 | #define LDNS_SIGNATURE_LEAVE_ADD_NEW 0 | |
48 | #define LDNS_SIGNATURE_LEAVE_NO_ADD 1 | |
49 | #define LDNS_SIGNATURE_REMOVE_ADD_NEW 2 | |
50 | #define LDNS_SIGNATURE_REMOVE_NO_ADD 3 | |
51 | ||
52 | /** | |
53 | * Returns the first RRSIG rr that corresponds to the rrset | |
54 | * with the given name and type | |
55 | * | |
56 | * \param[in] name The dname of the RRset covered by the RRSIG to find | |
57 | * \param[in] type The type of the RRset covered by the RRSIG to find | |
58 | * \param[in] rrs List of rrs to search in | |
59 | * \returns Pointer to the first RRsig ldns_rr found, or NULL if it is | |
60 | * not present | |
61 | */ | |
62 | ldns_rr *ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name, | |
63 | const ldns_rr_type type, | |
64 | const ldns_rr_list *rrs); | |
65 | ||
66 | /** | |
67 | * Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if | |
68 | * any | |
69 | * | |
70 | * \param[in] rrsig The rrsig to find the DNSKEY for | |
71 | * \param[in] rrs The rr list to find the key in | |
72 | * \return The DNSKEY that corresponds to the given RRSIG, or NULL if it was | |
73 | * not found. | |
74 | */ | |
75 | ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs); | |
76 | ||
77 | /** | |
78 | * Returns the rdata field that contains the bitmap of the covered types of | |
79 | * the given NSEC record | |
80 | * | |
81 | * \param[in] nsec The nsec to get the covered type bitmap of | |
82 | * \return An ldns_rdf containing the bitmap, or NULL on error | |
83 | */ | |
84 | ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec); | |
85 | ||
86 | ||
87 | #define LDNS_NSEC3_MAX_ITERATIONS 65535 | |
88 | ||
89 | /** | |
90 | * Returns the dname of the closest (provable) encloser | |
91 | */ | |
92 | ldns_rdf * | |
93 | ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname, | |
94 | ldns_rr_type qtype, | |
95 | ldns_rr_list *nsec3s); | |
96 | ||
97 | /** | |
98 | * Checks whether the packet contains rrsigs | |
99 | */ | |
100 | bool | |
101 | ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt); | |
102 | ||
103 | /** | |
104 | * Returns a ldns_rr_list containing the signatures covering the given name | |
105 | * and type | |
106 | */ | |
107 | ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type); | |
108 | ||
109 | /** | |
110 | * Returns a ldns_rr_list containing the signatures covering the given type | |
111 | */ | |
112 | ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type); | |
113 | ||
114 | /** | |
115 | * calculates a keytag of a key for use in DNSSEC. | |
116 | * | |
117 | * \param[in] key the key as an RR to use for the calc. | |
118 | * \return the keytag | |
119 | */ | |
120 | uint16_t ldns_calc_keytag(const ldns_rr *key); | |
121 | ||
122 | /** | |
123 | * Calculates keytag of DNSSEC key, operates on wireformat rdata. | |
124 | * \param[in] key the key as uncompressed wireformat rdata. | |
125 | * \param[in] keysize length of key data. | |
126 | * \return the keytag | |
127 | */ | |
128 | uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize); | |
129 | ||
b5dedcca | 130 | #if LDNS_BUILD_CONFIG_HAVE_SSL |
825eb42b JL |
131 | /** |
132 | * converts a buffer holding key material to a DSA key in openssl. | |
133 | * | |
134 | * \param[in] key the key to convert | |
135 | * \return a DSA * structure with the key material | |
136 | */ | |
137 | DSA *ldns_key_buf2dsa(ldns_buffer *key); | |
138 | /** | |
139 | * Like ldns_key_buf2dsa, but uses raw buffer. | |
140 | * \param[in] key the uncompressed wireformat of the key. | |
141 | * \param[in] len length of key data | |
142 | * \return a DSA * structure with the key material | |
143 | */ | |
144 | DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len); | |
145 | ||
146 | /** | |
147 | * Utility function to calculate hash using generic EVP_MD pointer. | |
148 | * \param[in] data the data to hash. | |
149 | * \param[in] len length of data. | |
150 | * \param[out] dest the destination of the hash, must be large enough. | |
151 | * \param[in] md the message digest to use. | |
152 | * \return true if worked, false on failure. | |
153 | */ | |
154 | int ldns_digest_evp(unsigned char* data, unsigned int len, | |
155 | unsigned char* dest, const EVP_MD* md); | |
156 | ||
157 | /** | |
158 | * Converts a holding buffer with key material to EVP PKEY in openssl. | |
159 | * Only available if ldns was compiled with GOST. | |
160 | * \param[in] key data to convert | |
161 | * \param[in] keylen length of the key data | |
162 | * \return the key or NULL on error. | |
163 | */ | |
164 | EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen); | |
165 | ||
ac996e71 JL |
166 | /** |
167 | * Converts a holding buffer with key material to EVP PKEY in openssl. | |
168 | * Only available if ldns was compiled with ECDSA. | |
169 | * \param[in] key data to convert | |
170 | * \param[in] keylen length of the key data | |
171 | * \param[in] algo precise algorithm to initialize ECC group values. | |
172 | * \return the key or NULL on error. | |
173 | */ | |
174 | EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo); | |
175 | ||
b5dedcca | 176 | #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ |
825eb42b | 177 | |
b5dedcca | 178 | #if LDNS_BUILD_CONFIG_HAVE_SSL |
825eb42b JL |
179 | /** |
180 | * converts a buffer holding key material to a RSA key in openssl. | |
181 | * | |
182 | * \param[in] key the key to convert | |
183 | * \return a RSA * structure with the key material | |
184 | */ | |
185 | RSA *ldns_key_buf2rsa(ldns_buffer *key); | |
186 | ||
187 | /** | |
188 | * Like ldns_key_buf2rsa, but uses raw buffer. | |
189 | * \param[in] key the uncompressed wireformat of the key. | |
190 | * \param[in] len length of key data | |
191 | * \return a RSA * structure with the key material | |
192 | */ | |
193 | RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len); | |
b5dedcca | 194 | #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ |
825eb42b JL |
195 | |
196 | /** | |
197 | * returns a new DS rr that represents the given key rr. | |
198 | * | |
199 | * \param[in] *key the key to convert | |
200 | * \param[in] h the hash to use LDNS_SHA1/LDNS_SHA256 | |
d1b2b5ca | 201 | * |
825eb42b JL |
202 | * \return ldns_rr* a new rr pointer to a DS |
203 | */ | |
204 | ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h); | |
205 | ||
206 | /** | |
207 | * Create the type bitmap for an NSEC(3) record | |
208 | */ | |
209 | ldns_rdf * | |
210 | ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[], | |
211 | size_t size, | |
212 | ldns_rr_type nsec_type); | |
213 | ||
b5dedcca JL |
214 | /** |
215 | * returns whether a rrset of the given type is found in the rrsets. | |
216 | * | |
217 | * \param[in] rrsets the rrsets to be tested | |
218 | * \param[in] type the type to test for | |
219 | * \return int 1 if the type was found, 0 otherwise. | |
220 | */ | |
221 | int | |
222 | ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type); | |
223 | ||
825eb42b JL |
224 | /** |
225 | * Creates NSEC | |
226 | */ | |
227 | ldns_rr * | |
228 | ldns_dnssec_create_nsec(ldns_dnssec_name *from, | |
229 | ldns_dnssec_name *to, | |
230 | ldns_rr_type nsec_type); | |
231 | ||
232 | ||
233 | /** | |
234 | * Creates NSEC3 | |
235 | */ | |
236 | ldns_rr * | |
237 | ldns_dnssec_create_nsec3(ldns_dnssec_name *from, | |
238 | ldns_dnssec_name *to, | |
239 | ldns_rdf *zone_name, | |
240 | uint8_t algorithm, | |
241 | uint8_t flags, | |
242 | uint16_t iterations, | |
243 | uint8_t salt_length, | |
244 | uint8_t *salt); | |
245 | ||
246 | /** | |
247 | * Create a NSEC record | |
248 | * \param[in] cur_owner the current owner which should be taken as the starting point | |
249 | * \param[in] next_owner the rrlist which the nsec rr should point to | |
250 | * \param[in] rrs all rrs from the zone, to find all RR types of cur_owner in | |
251 | * \return a ldns_rr with the nsec record in it | |
252 | */ | |
253 | ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs); | |
254 | ||
255 | /** | |
256 | * Calculates the hashed name using the given parameters | |
257 | * \param[in] *name The owner name to calculate the hash for | |
258 | * \param[in] algorithm The hash algorithm to use | |
259 | * \param[in] iterations The number of hash iterations to use | |
260 | * \param[in] salt_length The length of the salt in bytes | |
261 | * \param[in] salt The salt to use | |
262 | * \return The hashed owner name rdf, without the domain name | |
263 | */ | |
264 | ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt); | |
265 | ||
266 | /** | |
267 | * Sets all the NSEC3 options. The rr to set them in must be initialized with _new() and | |
268 | * type LDNS_RR_TYPE_NSEC3 | |
269 | * \param[in] *rr The RR to set the values in | |
270 | * \param[in] algorithm The NSEC3 hash algorithm | |
271 | * \param[in] flags The flags field | |
272 | * \param[in] iterations The number of hash iterations | |
273 | * \param[in] salt_length The length of the salt in bytes | |
274 | * \param[in] salt The salt bytes | |
275 | */ | |
276 | void ldns_nsec3_add_param_rdfs(ldns_rr *rr, | |
277 | uint8_t algorithm, | |
278 | uint8_t flags, | |
279 | uint16_t iterations, | |
280 | uint8_t salt_length, | |
281 | uint8_t *salt); | |
282 | ||
283 | /* this will NOT return the NSEC3 completed, you will have to run the | |
284 | finalize function on the rrlist later! */ | |
285 | ldns_rr * | |
286 | ldns_create_nsec3(ldns_rdf *cur_owner, | |
287 | ldns_rdf *cur_zone, | |
288 | ldns_rr_list *rrs, | |
289 | uint8_t algorithm, | |
290 | uint8_t flags, | |
291 | uint16_t iterations, | |
292 | uint8_t salt_length, | |
293 | uint8_t *salt, | |
294 | bool emptynonterminal); | |
295 | ||
296 | /** | |
297 | * Returns the hash algorithm used in the given NSEC3 RR | |
298 | * \param[in] *nsec3_rr The RR to read from | |
299 | * \return The algorithm identifier, or 0 on error | |
300 | */ | |
301 | uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr); | |
302 | ||
303 | /** | |
304 | * Returns flags field | |
305 | */ | |
306 | uint8_t | |
307 | ldns_nsec3_flags(const ldns_rr *nsec3_rr); | |
308 | ||
309 | /** | |
310 | * Returns true if the opt-out flag has been set in the given NSEC3 RR | |
311 | * \param[in] *nsec3_rr The RR to read from | |
312 | * \return true if the RR has type NSEC3 and the opt-out bit has been set, false otherwise | |
313 | */ | |
314 | bool ldns_nsec3_optout(const ldns_rr *nsec3_rr); | |
315 | ||
316 | /** | |
317 | * Returns the number of hash iterations used in the given NSEC3 RR | |
318 | * \param[in] *nsec3_rr The RR to read from | |
319 | * \return The number of iterations | |
320 | */ | |
321 | uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr); | |
322 | ||
323 | /** | |
324 | * Returns the salt used in the given NSEC3 RR | |
325 | * \param[in] *nsec3_rr The RR to read from | |
326 | * \return The salt rdf, or NULL on error | |
327 | */ | |
328 | ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr); | |
329 | ||
330 | /** | |
331 | * Returns the length of the salt used in the given NSEC3 RR | |
332 | * \param[in] *nsec3_rr The RR to read from | |
333 | * \return The length of the salt in bytes | |
334 | */ | |
335 | uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr); | |
336 | ||
337 | /** | |
338 | * Returns the salt bytes used in the given NSEC3 RR | |
339 | * \param[in] *nsec3_rr The RR to read from | |
340 | * \return The salt in bytes, this is alloced, so you need to free it | |
341 | */ | |
342 | uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr); | |
343 | ||
344 | /** | |
345 | * Returns the first label of the next ownername in the NSEC3 chain (ie. without the domain) | |
346 | * \param[in] nsec3_rr The RR to read from | |
347 | * \return The first label of the next owner name in the NSEC3 chain, or NULL on error | |
348 | */ | |
349 | ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr); | |
350 | ||
351 | /** | |
352 | * Returns the bitmap specifying the covered types of the given NSEC3 RR | |
353 | * \param[in] *nsec3_rr The RR to read from | |
354 | * \return The covered type bitmap rdf | |
355 | */ | |
356 | ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr); | |
357 | ||
358 | /** | |
359 | * Calculates the hashed name using the parameters of the given NSEC3 RR | |
360 | * \param[in] *nsec The RR to use the parameters from | |
361 | * \param[in] *name The owner name to calculate the hash for | |
362 | * \return The hashed owner name rdf, without the domain name | |
363 | */ | |
364 | ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name); | |
365 | ||
366 | /** | |
367 | * Checks coverage of NSEC RR type bitmap | |
368 | * \param[in] nsec_bitmap The NSEC bitmap rdata field to check | |
369 | * \param[in] type The type to check | |
370 | * \return true if the NSEC RR covers the type | |
371 | */ | |
372 | bool ldns_nsec_bitmap_covers_type(const ldns_rdf *nsec_bitmap, ldns_rr_type type); | |
373 | ||
374 | /** | |
375 | * Checks coverage of NSEC(3) RR name span | |
376 | * Remember that nsec and name must both be in canonical form (ie use | |
377 | * \ref ldns_rr2canonical and \ref ldns_dname2canonical prior to calling this | |
378 | * function) | |
379 | * | |
380 | * \param[in] nsec The NSEC RR to check | |
381 | * \param[in] name The owner dname to check, if the nsec record is a NSEC3 record, this should be the hashed name | |
382 | * \return true if the NSEC RR covers the owner name | |
383 | */ | |
384 | bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name); | |
385 | ||
b5dedcca | 386 | #if LDNS_BUILD_CONFIG_HAVE_SSL |
825eb42b JL |
387 | /** |
388 | * verify a packet | |
389 | * \param[in] p the packet | |
390 | * \param[in] t the rr set type to check | |
ac996e71 | 391 | * \param[in] o the rr set name to check |
825eb42b JL |
392 | * \param[in] k list of keys |
393 | * \param[in] s list of sigs (may be null) | |
394 | * \param[out] good_keys keys which validated the packet | |
395 | * \return status | |
396 | * | |
397 | */ | |
398 | ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys); | |
d1b2b5ca JM |
399 | |
400 | /** | |
401 | * verify a packet | |
402 | * \param[in] p the packet | |
403 | * \param[in] t the rr set type to check | |
404 | * \param[in] o the rr set name to check | |
405 | * \param[in] k list of keys | |
406 | * \param[in] s list of sigs (may be null) | |
407 | * \param[in] check_time the time for which the validation is performed | |
408 | * \param[out] good_keys keys which validated the packet | |
409 | * \return status | |
410 | * | |
411 | */ | |
412 | ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys); | |
413 | ||
825eb42b JL |
414 | #endif |
415 | ||
416 | /** | |
417 | * chains nsec3 list | |
418 | */ | |
419 | ldns_status | |
420 | ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs); | |
421 | ||
422 | /** | |
423 | * compare for nsec3 sort | |
424 | */ | |
425 | int | |
426 | qsort_rr_compare_nsec3(const void *a, const void *b); | |
427 | ||
428 | /** | |
429 | * sort nsec3 list | |
430 | */ | |
431 | void | |
432 | ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted); | |
433 | ||
434 | /** | |
435 | * Default callback function to always leave present signatures, and | |
436 | * add new ones | |
437 | * \param[in] sig The signature to check for removal (unused) | |
438 | * \param[in] n Optional argument (unused) | |
439 | * \return LDNS_SIGNATURE_LEAVE_ADD_NEW | |
440 | */ | |
441 | int ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n); | |
442 | /** | |
443 | * Default callback function to always leave present signatures, and | |
444 | * add no new ones for the keys of these signatures | |
445 | * \param[in] sig The signature to check for removal (unused) | |
446 | * \param[in] n Optional argument (unused) | |
447 | * \return LDNS_SIGNATURE_LEAVE_NO_ADD | |
448 | */ | |
449 | int ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n); | |
450 | /** | |
451 | * Default callback function to always remove present signatures, but | |
452 | * add no new ones | |
453 | * \param[in] sig The signature to check for removal (unused) | |
454 | * \param[in] n Optional argument (unused) | |
455 | * \return LDNS_SIGNATURE_REMOVE_NO_ADD | |
456 | */ | |
457 | int ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n); | |
458 | /** | |
459 | * Default callback function to always leave present signatures, and | |
460 | * add new ones | |
461 | * \param[in] sig The signature to check for removal (unused) | |
462 | * \param[in] n Optional argument (unused) | |
463 | * \return LDNS_SIGNATURE_REMOVE_ADD_NEW | |
464 | */ | |
465 | int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n); | |
466 | ||
b5dedcca | 467 | #if LDNS_BUILD_CONFIG_HAVE_SSL |
825eb42b JL |
468 | /** |
469 | * Converts the DSA signature from ASN1 representation (RFC2459, as | |
470 | * used by OpenSSL) to raw signature data as used in DNS (rfc2536) | |
471 | * | |
472 | * \param[in] sig The signature in RFC2459 format | |
473 | * \param[in] sig_len The length of the signature | |
474 | * \return a new rdf with the signature | |
475 | */ | |
476 | ldns_rdf * | |
477 | ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, | |
478 | const long sig_len); | |
479 | ||
480 | /** | |
481 | * Converts the RRSIG signature RDF (in rfc2536 format) to a buffer | |
482 | * with the signature in rfc2459 format | |
483 | * | |
484 | * \param[out] target_buffer buffer to place the signature data | |
485 | * \param[in] sig_rdf The signature rdf to convert | |
486 | * \return LDNS_STATUS_OK on success, error code otherwise | |
487 | */ | |
488 | ldns_status | |
489 | ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, | |
490 | const ldns_rdf *sig_rdf); | |
491 | ||
ac996e71 JL |
492 | /** |
493 | * Converts the ECDSA signature from ASN1 representation (as | |
494 | * used by OpenSSL) to raw signature data as used in DNS | |
495 | * This routine is only present if ldns is compiled with ecdsa support. | |
496 | * | |
497 | * \param[in] sig The signature in ASN1 format | |
498 | * \param[in] sig_len The length of the signature | |
499 | * \return a new rdf with the signature | |
500 | */ | |
501 | ldns_rdf * | |
502 | ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len); | |
503 | ||
504 | /** | |
505 | * Converts the RRSIG signature RDF (from DNS) to a buffer with the | |
506 | * signature in ASN1 format as openssl uses it. | |
507 | * This routine is only present if ldns is compiled with ecdsa support. | |
508 | * | |
509 | * \param[out] target_buffer buffer to place the signature data in ASN1. | |
510 | * \param[in] sig_rdf The signature rdf to convert | |
511 | * \return LDNS_STATUS_OK on success, error code otherwise | |
512 | */ | |
513 | ldns_status | |
514 | ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, | |
515 | const ldns_rdf *sig_rdf); | |
516 | ||
b5dedcca | 517 | #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ |
825eb42b | 518 | |
ac996e71 JL |
519 | #ifdef __cplusplus |
520 | } | |
521 | #endif | |
522 | ||
825eb42b | 523 | #endif /* LDNS_DNSSEC_H */ |