Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
ISC Open Source Projects
BIND
Commits
5c688a00
Commit
5c688a00
authored
Nov 02, 1999
by
Brian Wellington
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
A bit of SIG(0) cleanup
parent
f2762b0d
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
60 additions
and
26 deletions
+60
-26
lib/dns/dnssec.c
lib/dns/dnssec.c
+7
-10
lib/dns/include/dns/dnssec.h
lib/dns/include/dns/dnssec.h
+32
-3
lib/dns/include/dns/message.h
lib/dns/include/dns/message.h
+1
-1
lib/dns/message.c
lib/dns/message.c
+20
-12
No files found.
lib/dns/dnssec.c
View file @
5c688a00
...
...
@@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.1
2
1999/11/02
19:53:41
bwelling Exp $
* $Id: dnssec.c,v 1.1
3
1999/11/02
22:58:28
bwelling Exp $
* Principal Author: Brian Wellington
*/
...
...
@@ -733,9 +733,7 @@ failure:
}
isc_result_t
dns_dnssec_verifymessage
(
isc_buffer_t
*
source
,
dns_message_t
*
msg
,
dst_key_t
*
key
)
{
dns_dnssec_verifymessage
(
dns_message_t
*
msg
,
dst_key_t
*
key
)
{
dns_rdata_generic_sig_t
sig
;
unsigned
char
header
[
DNS_MESSAGE_HEADERLEN
];
dns_rdata_t
rdata
;
...
...
@@ -749,8 +747,8 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
isc_uint16_t
addcount
;
isc_boolean_t
signeedsfree
=
ISC_FALSE
;
REQUIRE
(
source
!=
NULL
);
REQUIRE
(
msg
!=
NULL
);
REQUIRE
(
msg
->
saved
!=
NULL
);
REQUIRE
(
key
!=
NULL
);
if
(
is_response
(
msg
))
...
...
@@ -798,9 +796,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
NULL
));
/* Extract the header */
isc_buffer_used
(
source
,
&
r
);
memcpy
(
header
,
r
.
base
,
DNS_MESSAGE_HEADERLEN
);
isc_region_consume
(
&
r
,
DNS_MESSAGE_HEADERLEN
);
memcpy
(
header
,
msg
->
saved
->
base
,
DNS_MESSAGE_HEADERLEN
);
/* Decrement the additional field counter */
memcpy
(
&
addcount
,
&
header
[
DNS_MESSAGE_HEADERLEN
-
2
],
2
);
...
...
@@ -813,6 +809,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
RETERR
(
dst_verify
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
header_r
,
NULL
));
/* Digest all non-SIG(0) records */
r
.
base
=
msg
->
saved
->
base
+
DNS_MESSAGE_HEADERLEN
;
r
.
length
=
msg
->
sigstart
-
DNS_MESSAGE_HEADERLEN
;
RETERR
(
dst_verify
(
DST_SIGMODE_UPDATE
,
key
,
&
ctx
,
&
r
,
NULL
));
...
...
@@ -821,8 +818,8 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
* the name and 10 bytes for class, type, ttl, length to get to
* the start of the rdata.
*/
isc_buffer_used
(
source
,
&
r
)
;
isc_region_consume
(
&
r
,
msg
->
sigstart
)
;
r
.
base
=
msg
->
saved
->
base
+
msg
->
sigstart
;
r
.
length
=
msg
->
saved
->
length
-
msg
->
sigstart
;
dns_name_init
(
&
tname
,
NULL
);
dns_name_fromregion
(
&
tname
,
&
r
);
dns_name_toregion
(
&
tname
,
&
r2
);
...
...
lib/dns/include/dns/dnssec.h
View file @
5c688a00
...
...
@@ -110,7 +110,6 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
* Returns:
* DNS_R_SUCCESS
* ISC_R_NOMEMORY
* DNS_R_RANGE - the SIG record has an invalid signature length
* DNS_R_SIGINVALID - the signature fails to verify
* DNS_R_SIGEXPIRED - the signature has expired
* DNS_R_SIGFUTURE - the signature's validity period has not begun
...
...
@@ -147,10 +146,40 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node,
isc_result_t
dns_dnssec_signmessage
(
dns_message_t
*
msg
,
dst_key_t
*
key
);
/*
* Signs a message with a SIG(0) record. This is implicitly called by
* dns_message_renderend() if msg->sig0key is not NULL.
*
* Requires:
* 'msg' is a valid message
* 'key' is a valid key that can be used for signing
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
* DST_R_*
*/
isc_result_t
dns_dnssec_verifymessage
(
isc_buffer_t
*
source
,
dns_message_t
*
msg
,
dst_key_t
*
key
);
dns_dnssec_verifymessage
(
dns_message_t
*
msg
,
dst_key_t
*
key
);
/*
* Verifies a message signed by a SIG(0) record. This is not
* called implicitly by dns_message_parse(). If dns_message_signer()
* is called before dns_dnssec_verifymessage(), it will return
* DNS_R_SIGNOTVERIFIEDYET. dns_dnssec_verifymessage() will set
* the verified_sig0 flag in msg if the verify succeeds, and
* the sig0status field otherwise.
*
* Requires:
* 'msg' is a valid message
* 'key' is a valid key
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
* ISC_R_NOTFOUND - no SIG(0) was found
* DST_R_*
*/
ISC_LANG_ENDDECLS
...
...
lib/dns/include/dns/message.h
View file @
5c688a00
...
...
@@ -164,7 +164,6 @@ struct dns_message {
unsigned
int
header_ok
:
1
;
unsigned
int
question_ok
:
1
;
unsigned
int
tcp_continuation
:
1
;
unsigned
int
response_needs_sig0
:
1
;
unsigned
int
verified_sig0
:
1
;
unsigned
int
reserved
;
/* reserved space (render) */
...
...
@@ -196,6 +195,7 @@ struct dns_message {
dst_key_t
*
sig0key
;
dns_rcode_t
sig0status
;
isc_region_t
*
query
;
isc_region_t
*
saved
;
};
dns_result_t
...
...
lib/dns/message.c
View file @
5c688a00
...
...
@@ -294,6 +294,7 @@ msginittsig(dns_message_t *m)
m
->
sig0key
=
NULL
;
m
->
sig0status
=
dns_rcode_noerror
;
m
->
query
=
NULL
;
m
->
saved
=
NULL
;
}
/*
...
...
@@ -309,7 +310,6 @@ msginit(dns_message_t *m)
m
->
header_ok
=
0
;
m
->
question_ok
=
0
;
m
->
tcp_continuation
=
0
;
m
->
response_needs_sig0
=
0
;
m
->
verified_sig0
=
0
;
}
...
...
@@ -455,6 +455,12 @@ msgreset(dns_message_t *msg, isc_boolean_t everything)
msg
->
query
=
NULL
;
}
if
(
msg
->
saved
!=
NULL
)
{
isc_mem_put
(
msg
->
mctx
,
msg
->
saved
->
base
,
msg
->
saved
->
length
);
isc_mem_put
(
msg
->
mctx
,
msg
->
saved
,
sizeof
(
isc_region_t
));
msg
->
saved
=
NULL
;
}
/*
* cleanup the buffer cleanup list
*/
...
...
@@ -1065,8 +1071,6 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
else
if
(
covers
==
0
)
{
msg
->
sigstart
=
recstart
;
section
=
&
msg
->
sections
[
DNS_SECTION_SIG0
];
if
((
msg
->
flags
&
DNS_MESSAGEFLAG_QR
)
==
0
)
msg
->
response_needs_sig0
=
1
;
}
}
else
covers
=
0
;
...
...
@@ -1256,20 +1260,20 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source,
if
(
ret
!=
DNS_R_SUCCESS
)
return
ret
;
}
else
if
(
msg
->
response_needs_sig0
==
1
)
{
msg
->
query
=
isc_mem_get
(
msg
->
mctx
,
sizeof
(
isc_region_t
));
if
(
msg
->
query
==
NULL
)
else
if
(
!
ISC_LIST_EMPTY
(
msg
->
sections
[
DNS_SECTION_SIG0
])
)
{
msg
->
saved
=
isc_mem_get
(
msg
->
mctx
,
sizeof
(
isc_region_t
));
if
(
msg
->
saved
==
NULL
)
return
(
ISC_R_NOMEMORY
);
isc_buffer_used
(
&
origsource
,
&
r
);
msg
->
query
->
length
=
msg
->
sigstart
;
msg
->
query
->
base
=
isc_mem_get
(
msg
->
mctx
,
msg
->
query
->
length
);
if
(
msg
->
query
->
base
==
NULL
)
{
isc_mem_put
(
msg
->
mctx
,
msg
->
query
,
msg
->
saved
->
length
=
r
.
length
;
msg
->
saved
->
base
=
isc_mem_get
(
msg
->
mctx
,
msg
->
saved
->
length
);
if
(
msg
->
saved
->
base
==
NULL
)
{
isc_mem_put
(
msg
->
mctx
,
msg
->
saved
,
sizeof
(
isc_region_t
));
msg
->
query
=
NULL
;
msg
->
saved
=
NULL
;
return
(
ISC_R_NOMEMORY
);
}
memcpy
(
msg
->
query
->
base
,
r
.
base
,
msg
->
query
->
length
);
memcpy
(
msg
->
saved
->
base
,
r
.
base
,
msg
->
saved
->
length
);
}
return
(
DNS_R_SUCCESS
);
...
...
@@ -1878,6 +1882,10 @@ dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) {
msg
->
querytsigstatus
=
msg
->
tsigstatus
;
msg
->
tsigstatus
=
dns_rcode_noerror
;
}
if
(
msg
->
saved
!=
NULL
)
{
msg
->
query
=
msg
->
saved
;
msg
->
saved
=
NULL
;
}
return
(
DNS_R_SUCCESS
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
