lib/resolve: randomize qname in checkout layer when secret changes

This allows changing of secret in the checkout layer.

diff --git a/lib/resolve.c b/lib/resolve.c
index e7dbca2d0e47f996599cc0fac7ec59d8fef8c4c0..00560d2c3da7976607c21f284422c32699b261ab 100644 (file)
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -139,6 +139,9 @@ KR_CONST static inline bool isletter(unsigned chr)
  */
 static void randomized_qname_case(knot_dname_t * restrict qname, uint32_t secret)
 {
+       if (secret == 0) {
+               return;
+       }
        assert(qname);
        const int len = knot_dname_size(qname) - 2; /* Skip first, last label. */
        for (int i = 0; i < len; ++i) {
@@ -1562,6 +1565,9 @@ int kr_resolve_checkout(struct kr_request *request, struct sockaddr *src,
                return kr_error(EINVAL);
        }
 
+       /* Track changes in minimization secret to enable/disable minimization */
+       uint32_t old_minimization_secret = qry->secret;
+
        /* Run the checkout layers and cancel on failure.
         * The checkout layer doesn't persist the state, so canceled subrequests
         * don't affect the resolution or rest of the processing. */
@@ -1572,6 +1578,12 @@ int kr_resolve_checkout(struct kr_request *request, struct sockaddr *src,
                return kr_error(ECANCELED);
        }
 
+       /* Randomize query case (if secret changed) */
+       knot_dname_t *qname = (knot_dname_t *)knot_pkt_qname(packet);
+       if (qry->secret != old_minimization_secret) {
+               randomized_qname_case(qname, qry->secret);
+       }
+
        /* Write down OPT unless in safemode */
        if (!(qry->flags.SAFEMODE)) {
                ret = edns_put(packet);