Commit f7fbd68b authored by Brian Wellington's avatar Brian Wellington

added msg.verify_attempted, renamed msg.verify_sig0 to verify_sig

parent 915723e4
......@@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.23 2000/03/06 21:31:08 bwelling Exp $
* $Id: dnssec.c,v 1.24 2000/03/13 19:27:33 bwelling Exp $
* Principal Author: Brian Wellington
*/
......@@ -774,7 +774,7 @@ dns_dnssec_verifymessage(dns_message_t *msg, dst_key_t *key) {
goto failure;
}
msg->verified_sig0 = 1;
msg->verified_sig = 1;
dns_rdata_freestruct(&sig);
......@@ -784,5 +784,7 @@ failure:
if (signeedsfree)
dns_rdata_freestruct(&sig);
msg->verify_attempted = 1;
return (result);
}
......@@ -169,7 +169,8 @@ struct dns_message {
unsigned int header_ok : 1;
unsigned int question_ok : 1;
unsigned int tcp_continuation : 1;
unsigned int verified_sig0 : 1;
unsigned int verified_sig : 1;
unsigned int verify_attempted : 1;
unsigned int opt_reserved;
unsigned int reserved; /* reserved space (render) */
......
......@@ -312,7 +312,8 @@ msginit(dns_message_t *m)
m->header_ok = 0;
m->question_ok = 0;
m->tcp_continuation = 0;
m->verified_sig0 = 0;
m->verified_sig = 0;
m->verify_attempted = 0;
}
static inline void
......@@ -2124,6 +2125,8 @@ dns_message_signer(dns_message_t *msg, dns_name_t *signer) {
dns_name_t *sig0name;
dns_rdata_generic_sig_t sig;
if (msg->verify_attempted == 0)
result = DNS_R_NOTVERIFIEDYET;
result = dns_message_firstname(msg, DNS_SECTION_SIG0);
if (result != ISC_R_SUCCESS)
return (ISC_R_NOTFOUND);
......@@ -2141,19 +2144,19 @@ dns_message_signer(dns_message_t *msg, dns_name_t *signer) {
if (result != ISC_R_SUCCESS)
return (result);
if (msg->sig0status != dns_rcode_noerror)
result = DNS_R_SIGINVALID;
else if (msg->verified_sig0 == 0)
result = DNS_R_NOTVERIFIEDYET;
else
if (msg->verified_sig && msg->sig0status != dns_rcode_noerror)
result = ISC_R_SUCCESS;
else
result = DNS_R_SIGINVALID;
dns_name_toregion(&sig.signer, &r);
dns_name_fromregion(signer, &r);
dns_rdata_freestruct(&sig);
}
else {
dns_name_t *identity;
if (msg->tsigstatus != dns_rcode_noerror)
if (msg->verify_attempted == 0)
result = DNS_R_NOTVERIFIEDYET;
else if (msg->tsigstatus != dns_rcode_noerror)
result = DNS_R_TSIGVERIFYFAILURE;
else if (msg->tsig->error != dns_rcode_noerror)
result = DNS_R_TSIGERRORSET;
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: tsig.c,v 1.46 2000/02/03 23:44:01 halley Exp $
* $Id: tsig.c,v 1.47 2000/03/13 19:27:34 bwelling Exp $
* Principal Author: Brian Wellington
*/
......@@ -562,6 +562,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
if (msg->tsigkey != NULL)
REQUIRE(VALID_TSIG_KEY(msg->tsigkey));
msg->verify_attempted = 1;
if (msg->tcp_continuation)
return(dns_tsig_verify_tcp(source, msg));
......@@ -776,6 +778,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
return (DNS_R_TSIGERRORSET);
}
msg->verified_sig = 1;
return (ISC_R_SUCCESS);
cleanup_key:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment