Move generate_salt function to lib/dns/nsec3

We will be using this function also on reconfig, so it should have
a wider availability than just bin/named/server.

bin/named/server.c

@@ -14408,34 +14408,6 @@ newzone_cfgctx_destroy(void **cfgp) {
 	*cfgp = NULL;
 }
 
-static isc_result_t
-generate_salt(unsigned char *salt, size_t saltlen) {
-	unsigned char text[512 + 1];
-	isc_region_t r;
-	isc_buffer_t buf;
-	isc_result_t result;
-
-	if (saltlen > 256U) {
-		return (ISC_R_RANGE);
-	}
-
-	isc_nonce_buf(salt, saltlen);
-
-	r.base = salt;
-	r.length = (unsigned int)saltlen;
-
-	isc_buffer_init(&buf, text, sizeof(text));
-	result = isc_hex_totext(&r, 2, "", &buf);
-	RUNTIME_CHECK(result == ISC_R_SUCCESS);
-	text[saltlen * 2] = 0;
-
-	isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
-		      NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
-		      "generated salt: %s", text);
-
-	return (ISC_R_SUCCESS);
-}
-
 isc_result_t
 named_server_signing(named_server_t *server, isc_lex_t *lex,
 		     isc_buffer_t **text) {
@@ -14508,7 +14480,6 @@ named_server_signing(named_server_t *server, isc_lex_t *lex,
 				return (ISC_R_UNEXPECTEDEND);
 			}
 			strlcpy(iterbuf, ptr, sizeof(iterbuf));
-
 			n = snprintf(nbuf, sizeof(nbuf), "%s %s %s", hashbuf,
 				     flagbuf, iterbuf);
 			if (n == sizeof(nbuf)) {
@@ -14534,7 +14505,7 @@ named_server_signing(named_server_t *server, isc_lex_t *lex,
 				 * configurable.
 				 */
 				saltlen = 8;
-				CHECK(generate_salt(salt, saltlen));
+				CHECK(dns_nsec3_generate_salt(salt, saltlen));
 			} else if (strcmp(ptr, "-") != 0) {
 				isc_buffer_t buf;
 

lib/dns/include/dns/nsec3.h

@@ -72,6 +72,12 @@ dns_nsec3_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type);
  *	'nsec' points to a valid rdataset of type NSEC3
  */
 
+isc_result_t
+dns_nsec3_generate_salt(unsigned char *salt, size_t saltlen);
+/*%
+ * Generate a salt with the given salt length.
+ */
+
 isc_result_t
 dns_nsec3_hashname(dns_fixedname_t *result,
 		   unsigned char    rethash[NSEC3_MAX_HASH_LENGTH],

lib/dns/nsec3.c

@@ -16,8 +16,8 @@
 #include <isc/buffer.h>
 #include <isc/hex.h>
 #include <isc/iterated_hash.h>
-#include <isc/log.h>
 #include <isc/md.h>
+#include <isc/nonce.h>
 #include <isc/safe.h>
 #include <isc/string.h>
 #include <isc/util.h>
@@ -27,6 +27,7 @@
 #include <dns/dbiterator.h>
 #include <dns/diff.h>
 #include <dns/fixedname.h>
+#include <dns/log.h>
 #include <dns/nsec.h>
 #include <dns/nsec3.h>
 #include <dns/rdata.h>
@@ -226,6 +227,33 @@ dns_nsec3_typepresent(dns_rdata_t *rdata, dns_rdatatype_t type) {
 	return (present);
 }
 
+isc_result_t
+dns_nsec3_generate_salt(unsigned char *salt, size_t saltlen) {
+	unsigned char text[255 * 2 + 1];
+	isc_region_t r;
+	isc_buffer_t buf;
+	isc_result_t result;
+
+	if (saltlen > 255U) {
+		return (ISC_R_RANGE);
+	}
+
+	isc_nonce_buf(salt, saltlen);
+
+	r.base = salt;
+	r.length = (unsigned int)saltlen;
+
+	isc_buffer_init(&buf, text, sizeof(text));
+	result = isc_hex_totext(&r, 2, "", &buf);
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);
+	text[saltlen * 2] = 0;
+
+	isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_DNSSEC,
+		      ISC_LOG_INFO, "generated salt: %s", text);
+
+	return (ISC_R_SUCCESS);
+}
+
 isc_result_t
 dns_nsec3_hashname(dns_fixedname_t *result,
 		   unsigned char rethash[NSEC3_MAX_HASH_LENGTH],

lib/dns/win32/libdns.def.in

@@ -645,6 +645,7 @@ dns_nsec3_buildrdata
 dns_nsec3_delnsec3
 dns_nsec3_delnsec3s
 dns_nsec3_delnsec3sx
+dns_nsec3_generate_salt
 dns_nsec3_hashlength
 dns_nsec3_hashname
 dns_nsec3_maxiterations