uint8_t wire_format_name[DNS_WIRE_FOMAT_HOSTNAME_MAX];
DnsResourceRecord **list, *rr;
const char *source, *name;
- gcry_md_hd_t md = NULL;
+ _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
int r, md_algorithm;
size_t k, n = 0;
size_t sig_size = 0;
r = dns_name_to_wire_format(rrsig->rrsig.signer, wire_format_name, sizeof(wire_format_name), true);
if (r < 0)
- goto finish;
+ return r;
fwrite(wire_format_name, 1, r, f);
/* Convert the source of synthesis into wire format */
r = dns_name_to_wire_format(source, wire_format_name, sizeof(wire_format_name), true);
if (r < 0)
- goto finish;
+ return r;
for (k = 0; k < n; k++) {
size_t l;
#endif
case DNSSEC_ALGORITHM_ED448:
*result = DNSSEC_UNSUPPORTED_ALGORITHM;
- r = 0;
- goto finish;
+ return 0;
default:
/* OK, the RRs are now in canonical order. Let's calculate the digest */
md_algorithm = algorithm_to_gcrypt_md(rrsig->rrsig.algorithm);
if (md_algorithm == -EOPNOTSUPP) {
*result = DNSSEC_UNSUPPORTED_ALGORITHM;
- r = 0;
- goto finish;
- }
- if (md_algorithm < 0) {
- r = md_algorithm;
- goto finish;
+ return 0;
}
+ if (md_algorithm < 0)
+ return md_algorithm;
gcry_md_open(&md, md_algorithm, 0);
- if (!md) {
- r = -EIO;
- goto finish;
- }
+ if (!md)
+ return -EIO;
hash_size = gcry_md_get_algo_dlen(md_algorithm);
assert(hash_size > 0);
gcry_md_write(md, sig_data, sig_size);
hash = gcry_md_read(md, 0);
- if (!hash) {
- r = -EIO;
- goto finish;
- }
+ if (!hash)
+ return -EIO;
}
switch (rrsig->rrsig.algorithm) {
break;
#endif
}
-
if (r < 0)
- goto finish;
+ return r;
/* Now, fix the ttl, expiry, and remember the synthesizing source and the signer */
if (r > 0)
else
*result = DNSSEC_VALIDATED;
- r = 0;
-
-finish:
- if (md)
- gcry_md_close(md);
-
- return r;
+ return 0;
}
int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok) {