97 nsec_has_type(struct ub_packed_rrset_key* nsec, uint16_t type)  in nsec_has_type()  argument
99 	struct packed_rrset_data* d = (struct packed_rrset_data*)nsec->  in nsec_has_type()
120 nsec_get_next(struct ub_packed_rrset_key* nsec, uint8_t** nm, size_t* ln)  in nsec_get_next()  argument
122 	struct packed_rrset_data* d = (struct packed_rrset_data*)nsec->  in nsec_get_next()
149 val_nsec_proves_no_ds(struct ub_packed_rrset_key* nsec,   in val_nsec_proves_no_ds()  argument
153 	log_assert(ntohs(nsec->rk.type) == LDNS_RR_TYPE_NSEC);  in val_nsec_proves_no_ds()
155 	if(nsec_has_type(nsec, LDNS_RR_TYPE_SOA) && qinfo->qname_len != 1) {  in val_nsec_proves_no_ds()
160 	if(nsec_has_type(nsec, LDNS_RR_TYPE_DS)) {  in val_nsec_proves_no_ds()
166 	if(!nsec_has_type(nsec, LDNS_RR_TYPE_NS)) {  in val_nsec_proves_no_ds()
178 	struct ub_packed_rrset_key* nsec, struct key_entry_key* kkey,  in nsec_verify_rrset()  argument
183 		nsec->entry.data;  in nsec_verify_rrset()
188 	rrset_check_sec_status(env->rrset_cache, nsec, *env->now);  in nsec_verify_rrset()
191 	d->security = val_verify_rrset_entry(env, ve, nsec, kkey, reason,  in nsec_verify_rrset()
195 		rrset_update_sec_status(env->rrset_cache, nsec, *env->now);  in nsec_verify_rrset()
208 	struct ub_packed_rrset_key* nsec = reply_find_rrset_section_ns(  in val_nsec_prove_nodata_dsreply()  local
222 	if(nsec) {  in val_nsec_prove_nodata_dsreply()
223 		if(!nsec_verify_rrset(env, ve, nsec, kkey, reason,  in val_nsec_prove_nodata_dsreply()
229 		sec = val_nsec_proves_no_ds(nsec, qinfo);  in val_nsec_prove_nodata_dsreply()
240 			*proof_ttl = ub_packed_rrset_ttl(nsec);  in val_nsec_prove_nodata_dsreply()
298 int nsec_proves_nodata(struct ub_packed_rrset_key* nsec,   in nsec_proves_nodata()  argument
302 	if(query_dname_compare(nsec->rk.dname, qinfo->qname) != 0) {  in nsec_proves_nodata()
313 		if(!nsec_get_next(nsec, &nm, &ln))  in nsec_proves_nodata()
316 			dname_canonical_compare(nsec->rk.dname,   in nsec_proves_nodata()
328 		if(dname_is_wild(nsec->rk.dname)) {  in nsec_proves_nodata()
330 			uint8_t* ce = nsec->rk.dname;  in nsec_proves_nodata()
331 			size_t ce_len = nsec->rk.dname_len;  in nsec_proves_nodata()
340 				if(nsec_has_type(nsec, LDNS_RR_TYPE_CNAME)) {  in nsec_proves_nodata()
344 				if(nsec_has_type(nsec, LDNS_RR_TYPE_NS) &&   in nsec_proves_nodata()
345 				   !nsec_has_type(nsec, LDNS_RR_TYPE_SOA)) {  in nsec_proves_nodata()
349 				if(nsec_has_type(nsec, qinfo->qtype)) {  in nsec_proves_nodata()
358 			while (dname_canonical_compare(nsec->rk.dname, nm) < 0) {  in nsec_proves_nodata()
385 	if(nsec_has_type(nsec, qinfo->qtype)) {  in nsec_proves_nodata()
390 	if(nsec_has_type(nsec, LDNS_RR_TYPE_CNAME)) {  in nsec_proves_nodata()
400 		nsec_has_type(nsec, LDNS_RR_TYPE_NS) &&   in nsec_proves_nodata()
401 		!nsec_has_type(nsec, LDNS_RR_TYPE_SOA)) {  in nsec_proves_nodata()
404 		nsec_has_type(nsec, LDNS_RR_TYPE_SOA) &&  in nsec_proves_nodata()
413 val_nsec_proves_name_error(struct ub_packed_rrset_key* nsec, uint8_t* qname)  in val_nsec_proves_name_error()  argument
415 	uint8_t* owner = nsec->rk.dname;  in val_nsec_proves_name_error()
418 	if(!nsec_get_next(nsec, &next, &nlen))  in val_nsec_proves_name_error()
430 		(nsec_has_type(nsec, LDNS_RR_TYPE_DNAME) ||  in val_nsec_proves_name_error()
431 		(nsec_has_type(nsec, LDNS_RR_TYPE_NS)   in val_nsec_proves_name_error()
432 			&& !nsec_has_type(nsec, LDNS_RR_TYPE_SOA))  in val_nsec_proves_name_error()
462 int val_nsec_proves_insecuredelegation(struct ub_packed_rrset_key* nsec,   in val_nsec_proves_insecuredelegation()  argument
465 	if(nsec_has_type(nsec, LDNS_RR_TYPE_NS) &&  in val_nsec_proves_insecuredelegation()
466 		!nsec_has_type(nsec, LDNS_RR_TYPE_DS) &&  in val_nsec_proves_insecuredelegation()
467 		!nsec_has_type(nsec, LDNS_RR_TYPE_SOA)) {  in val_nsec_proves_insecuredelegation()
473 				nsec->rk.dname))  in val_nsec_proves_insecuredelegation()
476 			if(dname_subdomain_c(qinfo->qname, nsec->rk.dname))  in val_nsec_proves_insecuredelegation()
484 nsec_closest_encloser(uint8_t* qname, struct ub_packed_rrset_key* nsec)  in nsec_closest_encloser()  argument
489 	if(!nsec_get_next(nsec, &next, &nlen))  in nsec_closest_encloser()
492 	common1 = dname_get_shared_topdomain(nsec->rk.dname, qname);  in nsec_closest_encloser()
499 int val_nsec_proves_positive_wildcard(struct ub_packed_rrset_key* nsec,   in val_nsec_proves_positive_wildcard()  argument
506 	if(!val_nsec_proves_name_error(nsec, qinf->qname))  in val_nsec_proves_positive_wildcard()
509 	ce = nsec_closest_encloser(qinf->qname, nsec);  in val_nsec_proves_positive_wildcard()
519 val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname,   in val_nsec_proves_no_wc()  argument
525 	uint8_t* ce = nsec_closest_encloser(qname, nsec);  in val_nsec_proves_no_wc()
547 		if(val_nsec_proves_name_error(nsec, buf)) {  in val_nsec_proves_no_wc()