mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

added msg.verify_attempted, renamed msg.verify_sig0 to verify_sig

Browse Source
This commit is contained in:
Brian Wellington 2000-03-13 19:27:35 +00:00
parent 915723e400
commit f7fbd68b1c
4 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/dns/dnssec.c
View File

@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.23 2000/03/06 21:31:08 bwelling Exp $
* $Id: dnssec.c,v 1.24 2000/03/13 19:27:33 bwelling Exp $
* Principal Author: Brian Wellington
*/
@ -774,7 +774,7 @@ dns_dnssec_verifymessage(dns_message_t *msg, dst_key_t *key) {
goto failure;
}
msg->verified_sig0 = 1;
msg->verified_sig = 1;
dns_rdata_freestruct(&sig);
@ -784,5 +784,7 @@ failure:
if (signeedsfree)
dns_rdata_freestruct(&sig);
msg->verify_attempted = 1;
return (result);
}

3
lib/dns/include/dns/message.h
View File

@ -169,7 +169,8 @@ struct dns_message {
unsigned int header_ok : 1;
unsigned int question_ok : 1;
unsigned int tcp_continuation : 1;
unsigned int verified_sig0 : 1;
unsigned int verified_sig : 1;
unsigned int verify_attempted : 1;
unsigned int opt_reserved;
unsigned int reserved; /* reserved space (render) */

17
lib/dns/message.c
View File

@ -312,7 +312,8 @@ msginit(dns_message_t *m)
m->header_ok = 0;
m->question_ok = 0;
m->tcp_continuation = 0;
m->verified_sig0 = 0;
m->verified_sig = 0;
m->verify_attempted = 0;
}
static inline void
@ -2124,6 +2125,8 @@ dns_message_signer(dns_message_t *msg, dns_name_t *signer) {
dns_name_t *sig0name;
dns_rdata_generic_sig_t sig;
if (msg->verify_attempted == 0)
result = DNS_R_NOTVERIFIEDYET;
result = dns_message_firstname(msg, DNS_SECTION_SIG0);
if (result != ISC_R_SUCCESS)
return (ISC_R_NOTFOUND);
@ -2141,19 +2144,19 @@ dns_message_signer(dns_message_t *msg, dns_name_t *signer) {
if (result != ISC_R_SUCCESS)
return (result);
if (msg->sig0status != dns_rcode_noerror)
result = DNS_R_SIGINVALID;
else if (msg->verified_sig0 == 0)
result = DNS_R_NOTVERIFIEDYET;
else
if (msg->verified_sig && msg->sig0status != dns_rcode_noerror)
result = ISC_R_SUCCESS;
else
result = DNS_R_SIGINVALID;
dns_name_toregion(&sig.signer, &r);
dns_name_fromregion(signer, &r);
dns_rdata_freestruct(&sig);
}
else {
dns_name_t *identity;
if (msg->tsigstatus != dns_rcode_noerror)
if (msg->verify_attempted == 0)
result = DNS_R_NOTVERIFIEDYET;
else if (msg->tsigstatus != dns_rcode_noerror)
result = DNS_R_TSIGVERIFYFAILURE;
else if (msg->tsig->error != dns_rcode_noerror)
result = DNS_R_TSIGERRORSET;

6
lib/dns/tsig.c
View File

@ -16,7 +16,7 @@
*/
/*
* $Id: tsig.c,v 1.46 2000/02/03 23:44:01 halley Exp $
* $Id: tsig.c,v 1.47 2000/03/13 19:27:34 bwelling Exp $
* Principal Author: Brian Wellington
*/
@ -562,6 +562,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
if (msg->tsigkey != NULL)
REQUIRE(VALID_TSIG_KEY(msg->tsigkey));
msg->verify_attempted = 1;
if (msg->tcp_continuation)
return(dns_tsig_verify_tcp(source, msg));
@ -776,6 +778,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
return (DNS_R_TSIGERRORSET);
}
msg->verified_sig = 1;
return (ISC_R_SUCCESS);
cleanup_key: