Commit 528597e9 authored by Mark Andrews's avatar Mark Andrews

record when querytsig is valid

parent 0adc53e4
Pipeline #9951 passed with stages
in 18 minutes and 2 seconds
......@@ -830,6 +830,7 @@ dns_tsig_sign(dns_message_t *msg) {
unsigned char header[DNS_MESSAGE_HEADERLEN];
isc_buffer_t headerbuf;
uint16_t digestbits;
bool querytsig_ok = false;
/*
* If it is a response, we assume that the request MAC
......@@ -876,14 +877,8 @@ dns_tsig_sign(dns_message_t *msg) {
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
querytsig_ok = true;
}
#if defined(__clang__) && \
( __clang_major__ < 3 || \
(__clang_major__ == 3 && __clang_minor__ < 2) || \
(__clang_major__ == 4 && __clang_minor__ < 2))
/* false positive: http://llvm.org/bugs/show_bug.cgi?id=14461 */
else memset(&querytsig, 0, sizeof(querytsig));
#endif
/*
* Digest the header.
......@@ -929,8 +924,7 @@ dns_tsig_sign(dns_message_t *msg) {
}
/* Digest the timesigned and fudge */
isc_buffer_clear(&databuf);
if (tsig.error == dns_tsigerror_badtime) {
INSIST(response);
if (tsig.error == dns_tsigerror_badtime && querytsig_ok) {
tsig.timesigned = querytsig.timesigned;
}
isc_buffer_putuint48(&databuf, tsig.timesigned);
......@@ -981,19 +975,8 @@ dns_tsig_sign(dns_message_t *msg) {
dst_context_destroy(&ctx);
digestbits = dst_key_getbits(key->key);
if (digestbits != 0) {
/*
* XXXRAY: Is this correct? What is the
* expected behavior when digestbits is not an
* integral multiple of 8? It looks like bytes
* should either be (digestbits/8) or
* (digestbits+7)/8.
*
* In any case, for current algorithms,
* digestbits are an integral multiple of 8, so
* it has the same effect as (digestbits/8).
*/
unsigned int bytes = (digestbits + 1) / 8;
if (response && bytes < querytsig.siglen)
unsigned int bytes = (digestbits + 7) / 8;
if (querytsig_ok && bytes < querytsig.siglen)
bytes = querytsig.siglen;
if (bytes > isc_buffer_usedlength(&sigbuf))
bytes = isc_buffer_usedlength(&sigbuf);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment