added msg.verify_attempted, renamed msg.verify_sig0 to verify_sig

f7fbd68b · Brian Wellington · 915723e4 · f7fbd68b · f7fbd68b · f7fbd68b
Commit f7fbd68b authored Mar 13, 2000 by Brian Wellington
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -16,7 +16,7 @@
 */

 /*
- * $Id: dnssec.c,v 1.23 2000/03/06 21:31:08 bwelling Exp $
+ * $Id: dnssec.c,v 1.24 2000/03/13 19:27:33 bwelling Exp $
 * Principal Author: Brian Wellington
 */

@@ -774,7 +774,7 @@ dns_dnssec_verifymessage(dns_message_t *msg, dst_key_t *key) {
 		goto failure;
 	}

-	msg->verified_sig0 = 1;
+	msg->verified_sig = 1;

 	dns_rdata_freestruct(&sig);

@@ -784,5 +784,7 @@ failure:
 	if (signeedsfree)
 		dns_rdata_freestruct(&sig);

+	msg->verify_attempted = 1;
+
 	return (result);
 }
--- a/lib/dns/include/dns/message.h
+++ b/lib/dns/include/dns/message.h
@@ -169,7 +169,8 @@ struct dns_message {
 	unsigned int			header_ok : 1;
 	unsigned int			question_ok : 1;
 	unsigned int			tcp_continuation : 1;
-	unsigned int			verified_sig0 : 1;
+	unsigned int			verified_sig : 1;
+	unsigned int			verify_attempted : 1;

 	unsigned int			opt_reserved;
 	unsigned int			reserved; /* reserved space (render) */

--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -312,7 +312,8 @@ msginit(dns_message_t *m)
 	m->header_ok = 0;
 	m->question_ok = 0;
 	m->tcp_continuation = 0;
-	m->verified_sig0 = 0;
+	m->verified_sig = 0;
+	m->verify_attempted = 0;
 }

 static inline void
@@ -2124,6 +2125,8 @@ dns_message_signer(dns_message_t *msg, dns_name_t *signer) {
 		dns_name_t *sig0name;
 		dns_rdata_generic_sig_t sig;

+		if (msg->verify_attempted == 0)
+			result = DNS_R_NOTVERIFIEDYET;
 		result = dns_message_firstname(msg, DNS_SECTION_SIG0);
 		if (result != ISC_R_SUCCESS)
 			return (ISC_R_NOTFOUND);
@@ -2141,19 +2144,19 @@ dns_message_signer(dns_message_t *msg, dns_name_t *signer) {
 		if (result != ISC_R_SUCCESS)
 			return (result);
 		
-		if (msg->sig0status != dns_rcode_noerror)
-			result = DNS_R_SIGINVALID;
-		else if (msg->verified_sig0 == 0)
-			result = DNS_R_NOTVERIFIEDYET;
-		else
+		if (msg->verified_sig && msg->sig0status != dns_rcode_noerror)
 			result = ISC_R_SUCCESS;
+		else
+			result = DNS_R_SIGINVALID;
 		dns_name_toregion(&sig.signer, &r);
 		dns_name_fromregion(signer, &r);
 		dns_rdata_freestruct(&sig);
 	}
 	else {
 		dns_name_t *identity;
-		if (msg->tsigstatus != dns_rcode_noerror)
+		if (msg->verify_attempted == 0)
+			result = DNS_R_NOTVERIFIEDYET;
+		else if (msg->tsigstatus != dns_rcode_noerror)
 			result = DNS_R_TSIGVERIFYFAILURE;
 		else if (msg->tsig->error != dns_rcode_noerror)
 			result = DNS_R_TSIGERRORSET;

--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -16,7 +16,7 @@
 */

 /*
- * $Id: tsig.c,v 1.46 2000/02/03 23:44:01 halley Exp $
+ * $Id: tsig.c,v 1.47 2000/03/13 19:27:34 bwelling Exp $
 * Principal Author: Brian Wellington
 */

@@ -562,6 +562,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
 	if (msg->tsigkey != NULL)
 		REQUIRE(VALID_TSIG_KEY(msg->tsigkey));

+	msg->verify_attempted = 1;
+
 	if (msg->tcp_continuation)
 		return(dns_tsig_verify_tcp(source, msg));

@@ -776,6 +778,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
 			return (DNS_R_TSIGERRORSET);
 	}

+	msg->verified_sig = 1;
+
 	return (ISC_R_SUCCESS);

 cleanup_key: