From b3d2ab442cfb7c3feea5d8157769b7a998c2711a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Fri, 15 Jun 2018 09:59:20 +0200 Subject: [PATCH] Extract check_bad_algorithms() from dns_zoneverify_dnssec() Extract the part of dns_zoneverify_dnssec() responsible for checking whether the zone is fully signed using all active algorithms to a separate function. --- lib/dns/zoneverify.c | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c index e3668c5a39..7568d1ab3f 100644 --- a/lib/dns/zoneverify.c +++ b/lib/dns/zoneverify.c @@ -1473,6 +1473,28 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) { dns_dbiterator_destroy(&dbiter); } +static void +check_bad_algorithms(const vctx_t *vctx) { + char algbuf[DNS_SECALG_FORMATSIZE]; + isc_boolean_t first = ISC_TRUE; + int i; + + for (i = 0; i < 256; i++) { + if (vctx->bad_algorithms[i] != 0) { + if (first) + fprintf(stderr, "The zone is not fully signed " + "for the following algorithms:"); + dns_secalg_format(i, algbuf, sizeof(algbuf)); + fprintf(stderr, " %s", algbuf); + first = ISC_FALSE; + } + } + if (!first) { + fprintf(stderr, ".\n"); + fatal("DNSSEC completeness test failed."); + } +} + void dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *origin, isc_mem_t *mctx, @@ -1481,7 +1503,6 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, { char algbuf[80]; int i; - isc_boolean_t first = ISC_TRUE; isc_result_t result, vresult = ISC_R_UNSET; vctx_t vctx; @@ -1511,24 +1532,7 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, if (result != ISC_R_SUCCESS && vresult == ISC_R_SUCCESS) vresult = result; - /* - * If we made it this far, we have what we consider a properly signed - * zone. Set the good flag. - */ - for (i = 0; i < 256; i++) { - if (vctx.bad_algorithms[i] != 0) { - if (first) - fprintf(stderr, "The zone is not fully signed " - "for the following algorithms:"); - dns_secalg_format(i, algbuf, sizeof(algbuf)); - fprintf(stderr, " %s", algbuf); - first = ISC_FALSE; - } - } - if (!first) { - fprintf(stderr, ".\n"); - fatal("DNSSEC completeness test failed."); - } + check_bad_algorithms(&vctx); if (vresult != ISC_R_SUCCESS) fatal("DNSSEC completeness test failed (%s).", -- GitLab