mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 23:25:38 +00:00
Code Issues Releases Wiki Activity

updated to match struct changes for tsig and sig

Browse Source
This commit is contained in:
Brian Wellington
1999-10-07 21:51:49 +00:00
parent cf3f14106d
commit 452123247d
2 changed files with 19 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/dns/dnssec.c
View File

@@ -16,7 +16,7 @@
*/ */
/* /*
* $Id: dnssec.c,v 1.7 1999/09/30 02:50:54 bwelling Exp $ * $Id: dnssec.c,v 1.8 1999/10/07 21:51:49 bwelling Exp $
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
*/ */
@@ -38,9 +38,11 @@
#include <dns/db.h> #include <dns/db.h>
#include <dns/keyvalues.h> #include <dns/keyvalues.h>
#include <dns/message.h>
#include <dns/name.h> #include <dns/name.h>
#include <dns/rdata.h> #include <dns/rdata.h>
#include <dns/rdataset.h> #include <dns/rdataset.h>
#include <dns/rdatalist.h>
#include <dns/rdatastruct.h> #include <dns/rdatastruct.h>
#include <dns/dnssec.h> #include <dns/dnssec.h>
@@ -262,13 +264,9 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
sig.common.rdtype = dns_rdatatype_sig; sig.common.rdtype = dns_rdatatype_sig;
ISC_LINK_INIT(&sig.common, link); ISC_LINK_INIT(&sig.common, link);
sig.signer = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t)); ret = keyname_to_name(dst_key_name(key), mctx, &sig.signer);
if (sig.signer == NULL) {
ret = ISC_R_NOMEMORY;
}
ret = keyname_to_name(dst_key_name(key), mctx, sig.signer);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
goto cleanup_signer; return (ret);
sig.covered = set->type; sig.covered = set->type;
sig.algorithm = dst_key_alg(key); sig.algorithm = dst_key_alg(key);
@@ -279,12 +277,11 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
sig.timesigned = *inception; sig.timesigned = *inception;
sig.timeexpire = *expire; sig.timeexpire = *expire;
sig.keyid = dst_key_id(key); sig.keyid = dst_key_id(key);
sig.siglen = dst_sig_size(key); if (dst_sig_size(key) < 0) {
if (sig.siglen < 0) {
/* close enough for now */ /* close enough for now */
return (DNS_R_KEYUNAUTHORIZED); return (DNS_R_KEYUNAUTHORIZED);
goto cleanup_signer;
} }
sig.siglen = dst_sig_size(key);
sig.signature = isc_mem_get(mctx, sig.siglen); sig.signature = isc_mem_get(mctx, sig.siglen);
if (sig.signature == NULL) if (sig.signature == NULL)
goto cleanup_name; goto cleanup_name;
@@ -370,9 +367,7 @@ cleanup_array:
cleanup_signature: cleanup_signature:
isc_mem_put(mctx, sig.signature, sig.siglen); isc_mem_put(mctx, sig.signature, sig.siglen);
cleanup_name: cleanup_name:
dns_name_free(sig.signer, mctx); dns_name_free(&sig.signer, mctx);
cleanup_signer:
isc_mem_put(mctx, sig.signer, sizeof(dns_name_t));
return (ret); return (ret);
} }

26
lib/dns/tsig.c
View File

@@ -16,7 +16,7 @@
*/ */
/* /*
* $Id: tsig.c,v 1.13 1999/10/05 19:50:10 halley Exp $ * $Id: tsig.c,v 1.14 1999/10/07 21:51:49 bwelling Exp $
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
*/ */
@@ -183,7 +183,7 @@ dns_tsig_sign(dns_message_t *msg) {
REQUIRE(msg->tsig == NULL); REQUIRE(msg->tsig == NULL);
/* If this is a response, there should be a query tsig */ /* If this is a response, there should be a query tsig */
if (is_response(msg) && msg->querytsig != NULL) if (is_response(msg) && msg->querytsig == NULL)
return (DNS_R_EXPECTEDTSIG); return (DNS_R_EXPECTEDTSIG);
dynbuf = NULL; dynbuf = NULL;
@@ -199,13 +199,8 @@ dns_tsig_sign(dns_message_t *msg) {
tsig->common.rdclass = dns_rdataclass_any; tsig->common.rdclass = dns_rdataclass_any;
tsig->common.rdtype = dns_rdatatype_tsig; tsig->common.rdtype = dns_rdatatype_tsig;
ISC_LINK_INIT(&tsig->common, link); ISC_LINK_INIT(&tsig->common, link);
tsig->algorithm = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t)); dns_name_init(&tsig->algorithm, NULL);
if (tsig->algorithm == NULL) { ret = dns_name_dup(&key->algorithm, mctx, &tsig->algorithm);
ret = ISC_R_NOMEMORY;
goto cleanup_struct;
}
dns_name_init(tsig->algorithm, NULL);
ret = dns_name_dup(&key->algorithm, mctx, tsig->algorithm);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
goto cleanup_struct; goto cleanup_struct;
@@ -300,7 +295,7 @@ dns_tsig_sign(dns_message_t *msg) {
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
goto cleanup_other; goto cleanup_other;
dns_name_toregion(tsig->algorithm, &r); dns_name_toregion(&tsig->algorithm, &r);
ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
NULL); NULL);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
@@ -421,7 +416,7 @@ cleanup_other:
if (tsig->other != NULL) if (tsig->other != NULL)
isc_mem_put(mctx, tsig->other, tsig->otherlen); isc_mem_put(mctx, tsig->other, tsig->otherlen);
cleanup_algorithm: cleanup_algorithm:
dns_name_free(tsig->algorithm, mctx); dns_name_free(&tsig->algorithm, mctx);
cleanup_struct: cleanup_struct:
msg->tsig = NULL; msg->tsig = NULL;
isc_mem_put(mctx, tsig, sizeof(dns_rdata_any_tsig_t)); isc_mem_put(mctx, tsig, sizeof(dns_rdata_any_tsig_t));
@@ -494,14 +489,14 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
/* Do the key name and algorithm match that of the query? */ /* Do the key name and algorithm match that of the query? */
if (is_response(msg) && if (is_response(msg) &&
(!dns_name_equal(keyname, &msg->tsigkey->name) || (!dns_name_equal(keyname, &msg->tsigkey->name) ||
!dns_name_equal(tsig->algorithm, msg->querytsig->algorithm))) !dns_name_equal(&tsig->algorithm, &msg->querytsig->algorithm)))
{ {
msg->tsigstatus = dns_tsigerror_badkey; msg->tsigstatus = dns_tsigerror_badkey;
return (DNS_R_TSIGVERIFYFAILURE); return (DNS_R_TSIGVERIFYFAILURE);
} }
/* Find dns_tsig_key_t based on keyname */ /* Find dns_tsig_key_t based on keyname */
ret = dns_tsig_findkey(&tsigkey, keyname, tsig->algorithm); ret = dns_tsig_findkey(&tsigkey, keyname, &tsig->algorithm);
if (ret != ISC_R_SUCCESS) { if (ret != ISC_R_SUCCESS) {
msg->tsigstatus = dns_tsigerror_badkey; msg->tsigstatus = dns_tsigerror_badkey;
msg->tsigkey = NULL; msg->tsigkey = NULL;
@@ -509,7 +504,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
* this key must be deleted later - an empty key can be found * this key must be deleted later - an empty key can be found
* by calling dns_tsig_emptykey() * by calling dns_tsig_emptykey()
*/ */
ret = dns_tsig_key_create(keyname, tsig->algorithm, NULL, 0, ret = dns_tsig_key_create(keyname, &tsig->algorithm, NULL, 0,
mctx, &msg->tsigkey); mctx, &msg->tsigkey);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
goto cleanup_struct; goto cleanup_struct;
@@ -714,7 +709,8 @@ dns_tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
/* Do the key name and algorithm match that of the query? */ /* Do the key name and algorithm match that of the query? */
if (!dns_name_equal(keyname, &msg->tsigkey->name) || if (!dns_name_equal(keyname, &msg->tsigkey->name) ||
!dns_name_equal(tsig->algorithm, msg->querytsig->algorithm)) !dns_name_equal(&tsig->algorithm,
&msg->querytsig->algorithm))
{ {
msg->tsigstatus = dns_tsigerror_badkey; msg->tsigstatus = dns_tsigerror_badkey;
return (DNS_R_TSIGVERIFYFAILURE); return (DNS_R_TSIGVERIFYFAILURE);