Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
5c688a00
Commit
5c688a00
authored
Nov 02, 1999
by
Brian Wellington
Browse files
A bit of SIG(0) cleanup
parent
f2762b0d
Changes
4
Hide whitespace changes
Inline
Side-by-side
lib/dns/dnssec.c
View file @
5c688a00
...
...
@@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.1
2
1999/11/02
19:53:41
bwelling Exp $
* $Id: dnssec.c,v 1.1
3
1999/11/02
22:58:28
bwelling Exp $
* Principal Author: Brian Wellington
*/
...
...
@@ -733,9 +733,7 @@ failure:
}
isc_result_t
dns_dnssec_verifymessage
(
isc_buffer_t
*
source
,
dns_message_t
*
msg
,
dst_key_t
*
key
)
{
dns_dnssec_verifymessage
(
dns_message_t
*
msg
,
dst_key_t
*
key
)
{
dns_rdata_generic_sig_t
sig
;
unsigned
char
header
[
DNS_MESSAGE_HEADERLEN
];
dns_rdata_t
rdata
;
...
...
@@ -749,8 +747,8 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
isc_uint16_t
addcount
;
isc_boolean_t
signeedsfree
=
ISC_FALSE
;
REQUIRE
(
source
!=
NULL
);
REQUIRE
(
msg
!=
NULL
);
REQUIRE
(
msg
->
saved
!=
NULL
);
REQUIRE
(
key
!=
NULL
);
if
(
is_response
(
msg
))
...
...
@@ -798,9 +796,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
NULL
));
/* Extract the header */
isc_buffer_used
(
source
,
&
r
);
memcpy
(
header
,
r
.
base
,
DNS_MESSAGE_HEADERLEN
);
isc_region_consume
(
&
r
,
DNS_MESSAGE_HEADERLEN
);
memcpy
(
header
,
msg
->
saved
->
base
,
DNS_MESSAGE_HEADERLEN
);
/* Decrement the additional field counter */
memcpy
(
&
addcount
,
&
header
[
DNS_MESSAGE_HEADERLEN
-
2
],
2
);
...
...
@@ -813,6 +809,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
RETERR
(
dst_verify
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
header_r
,
NULL
));
/* Digest all non-SIG(0) records */
r
.
base
=
msg
->
saved
->
base
+
DNS_MESSAGE_HEADERLEN
;
r
.
length
=
msg
->
sigstart
-
DNS_MESSAGE_HEADERLEN
;
RETERR
(
dst_verify
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
));
...
...
@@ -821,8 +818,8 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
* the name and 10 bytes for class, type, ttl, length to get to
* the start of the rdata.
*/
isc_buffer_used
(
source
,
&
r
)
;
isc_region_consume
(
&
r
,
msg
->
sigstart
)
;
r
.
base
=
msg
->
saved
->
base
+
msg
->
sigstart
;
r
.
length
=
msg
->
saved
->
length
-
msg
->
sigstart
;
dns_name_init
(
&
tname
,
NULL
);
dns_name_fromregion
(
&
tname
,
&
r
);
dns_name_toregion
(
&
tname
,
&
r2
);
...
...
lib/dns/include/dns/dnssec.h
View file @
5c688a00
...
...
@@ -110,7 +110,6 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
* Returns:
* DNS_R_SUCCESS
* ISC_R_NOMEMORY
* DNS_R_RANGE - the SIG record has an invalid signature length
* DNS_R_SIGINVALID - the signature fails to verify
* DNS_R_SIGEXPIRED - the signature has expired
* DNS_R_SIGFUTURE - the signature's validity period has not begun
...
...
@@ -147,10 +146,40 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node,
isc_result_t
dns_dnssec_signmessage
(
dns_message_t
*
msg
,
dst_key_t
*
key
);
/*
* Signs a message with a SIG(0) record. This is implicitly called by
* dns_message_renderend() if msg->sig0key is not NULL.
*
* Requires:
* 'msg' is a valid message
* 'key' is a valid key that can be used for signing
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
* DST_R_*
*/
isc_result_t
dns_dnssec_verifymessage
(
isc_buffer_t
*
source
,
dns_message_t
*
msg
,
dst_key_t
*
key
);
dns_dnssec_verifymessage
(
dns_message_t
*
msg
,
dst_key_t
*
key
);
/*
* Verifies a message signed by a SIG(0) record. This is not
* called implicitly by dns_message_parse(). If dns_message_signer()
* is called before dns_dnssec_verifymessage(), it will return
* DNS_R_SIGNOTVERIFIEDYET. dns_dnssec_verifymessage() will set
* the verified_sig0 flag in msg if the verify succeeds, and
* the sig0status field otherwise.
*
* Requires:
* 'msg' is a valid message
* 'key' is a valid key
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
* ISC_R_NOTFOUND - no SIG(0) was found
* DST_R_*
*/
ISC_LANG_ENDDECLS
...
...
lib/dns/include/dns/message.h
View file @
5c688a00
...
...
@@ -164,7 +164,6 @@ struct dns_message {
unsigned
int
header_ok
:
1
;
unsigned
int
question_ok
:
1
;
unsigned
int
tcp_continuation
:
1
;
unsigned
int
response_needs_sig0
:
1
;
unsigned
int
verified_sig0
:
1
;
unsigned
int
reserved
;
/* reserved space (render) */
...
...
@@ -196,6 +195,7 @@ struct dns_message {
dst_key_t
*
sig0key
;
dns_rcode_t
sig0status
;
isc_region_t
*
query
;
isc_region_t
*
saved
;
};
dns_result_t
...
...
lib/dns/message.c
View file @
5c688a00
...
...
@@ -294,6 +294,7 @@ msginittsig(dns_message_t *m)
m
->
sig0key
=
NULL
;
m
->
sig0status
=
dns_rcode_noerror
;
m
->
query
=
NULL
;
m
->
saved
=
NULL
;
}
/*
...
...
@@ -309,7 +310,6 @@ msginit(dns_message_t *m)
m
->
header_ok
=
0
;
m
->
question_ok
=
0
;
m
->
tcp_continuation
=
0
;
m
->
response_needs_sig0
=
0
;
m
->
verified_sig0
=
0
;
}
...
...
@@ -455,6 +455,12 @@ msgreset(dns_message_t *msg, isc_boolean_t everything)
msg
->
query
=
NULL
;
}
if
(
msg
->
saved
!=
NULL
)
{
isc_mem_put
(
msg
->
mctx
,
msg
->
saved
->
base
,
msg
->
saved
->
length
);
isc_mem_put
(
msg
->
mctx
,
msg
->
saved
,
sizeof
(
isc_region_t
));
msg
->
saved
=
NULL
;
}
/*
* cleanup the buffer cleanup list
*/
...
...
@@ -1065,8 +1071,6 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
else
if
(
covers
==
0
)
{
msg
->
sigstart
=
recstart
;
section
=
&
msg
->
sections
[
DNS_SECTION_SIG0
];
if
((
msg
->
flags
&
DNS_MESSAGEFLAG_QR
)
==
0
)
msg
->
response_needs_sig0
=
1
;
}
}
else
covers
=
0
;
...
...
@@ -1256,20 +1260,20 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
if
(
ret
!=
DNS_R_SUCCESS
)
return
ret
;
}
else
if
(
msg
->
response_needs_sig0
==
1
)
{
msg
->
query
=
isc_mem_get
(
msg
->
mctx
,
sizeof
(
isc_region_t
));
if
(
msg
->
query
==
NULL
)
else
if
(
!
ISC_LIST_EMPTY
(
msg
->
sections
[
DNS_SECTION_SIG0
])
)
{
msg
->
saved
=
isc_mem_get
(
msg
->
mctx
,
sizeof
(
isc_region_t
));
if
(
msg
->
saved
==
NULL
)
return
(
ISC_R_NOMEMORY
);
isc_buffer_used
(
&
origsource
,
&
r
);
msg
->
query
->
length
=
msg
->
sigstart
;
msg
->
query
->
base
=
isc_mem_get
(
msg
->
mctx
,
msg
->
query
->
length
);
if
(
msg
->
query
->
base
==
NULL
)
{
isc_mem_put
(
msg
->
mctx
,
msg
->
query
,
msg
->
saved
->
length
=
r
.
length
;
msg
->
saved
->
base
=
isc_mem_get
(
msg
->
mctx
,
msg
->
saved
->
length
);
if
(
msg
->
saved
->
base
==
NULL
)
{
isc_mem_put
(
msg
->
mctx
,
msg
->
saved
,
sizeof
(
isc_region_t
));
msg
->
query
=
NULL
;
msg
->
saved
=
NULL
;
return
(
ISC_R_NOMEMORY
);
}
memcpy
(
msg
->
query
->
base
,
r
.
base
,
msg
->
query
->
length
);
memcpy
(
msg
->
saved
->
base
,
r
.
base
,
msg
->
saved
->
length
);
}
return
(
DNS_R_SUCCESS
);
...
...
@@ -1878,6 +1882,10 @@ dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) {
msg
->
querytsigstatus
=
msg
->
tsigstatus
;
msg
->
tsigstatus
=
dns_rcode_noerror
;
}
if
(
msg
->
saved
!=
NULL
)
{
msg
->
query
=
msg
->
saved
;
msg
->
saved
=
NULL
;
}
return
(
DNS_R_SUCCESS
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment