Replace DNSSEC_INVALID_SIGNATURE with KNOT_INVALID_SIGNATURE

diff --git a/src/knot/dnssec/rrset-sign.c b/src/knot/dnssec/rrset-sign.c
index ff5a24c42221fe212d662e1845827be90b970c1b..5173e3669075cb66621ac3ca1272d69a97b8bc37 100644 (file)
--- a/src/knot/dnssec/rrset-sign.c
+++ b/src/knot/dnssec/rrset-sign.c
@@ -380,7 +380,7 @@ int knot_check_signature(const knot_rrset_t *covered,
 
        if (!(dnssec_ctx->policy->unsafe & UNSAFE_EXPIRED) &&
            is_expired_signature(rrsig, dnssec_ctx->now, refresh)) {
-               return DNSSEC_INVALID_SIGNATURE;
+               return KNOT_INVALID_SIGNATURE;
        }
 
        if (skip_crypto) {

diff --git a/src/knot/dnssec/rrset-sign.h b/src/knot/dnssec/rrset-sign.h
index 4d346a83af1e31097f133afeb98ce220c73a54aa..b7ebb8320912640893215bea6665f2694a4757d8 100644 (file)
--- a/src/knot/dnssec/rrset-sign.h
+++ b/src/knot/dnssec/rrset-sign.h
@@ -99,7 +99,7 @@ bool knot_synth_rrsig_exists(uint16_t type, const knot_rdataset_t *rrsig_rrs);
  * \param skip_crypto All RRSIGs in this node have been verified, just check validity.
  *
  * \return Error code, KNOT_EOK if successful and the signature is valid.
- * \retval KNOT_DNSSEC_EINVALID_SIGNATURE  The signature is invalid.
+ * \retval KNOT_INVALID_SIGNATURE  The signature is invalid.
  */
 int knot_check_signature(const knot_rrset_t *covered,
                          const knot_rrset_t *rrsigs, size_t pos,

diff --git a/src/libknot/dnssec/error.c b/src/libknot/dnssec/error.c
index 8de47d8a55aba9463155ed211a3d0a4642610845..c678584bd4cb43918cbf4543b3548a5cabcdd445 100644 (file)
--- a/src/libknot/dnssec/error.c
+++ b/src/libknot/dnssec/error.c
@@ -43,7 +43,7 @@ static const error_message_t ERROR_MESSAGES[] = {
 
        { KNOT_ECRYPTO, "signing initialization error" },
        { KNOT_ECRYPTO,         "signing error" },
-       { DNSSEC_INVALID_SIGNATURE,     "invalid signature" },
+       { KNOT_INVALID_SIGNATURE,       "invalid signature" },
 
        { DNSSEC_INVALID_NSEC3_ALGORITHM, "invalid NSEC3 algorithm" },
        { KNOT_ECRYPTO, "NSEC3 hashing error" },

diff --git a/src/libknot/dnssec/error.h b/src/libknot/dnssec/error.h
index b47b40564dcbd89c69f6a220c1a35f3c3592935a..768935eee7a7f560c81126d6e19fee706d39dbcd 100644 (file)
--- a/src/libknot/dnssec/error.h
+++ b/src/libknot/dnssec/error.h
@@ -55,7 +55,7 @@ enum dnssec_error {
 
        KNOT_ECRYPTO,
        KNOT_ECRYPTO,
-       DNSSEC_INVALID_SIGNATURE,
+       KNOT_INVALID_SIGNATURE,
 
        KNOT_EALGORITHM,
        KNOT_ECRYPTO,

diff --git a/src/libknot/dnssec/sign.h b/src/libknot/dnssec/sign.h
index f1f4f001b40636cec474286cd2d69039aa7de7e1..0654dc465bd22544e67fadb374cad50b8b3ce3a8 100644 (file)
--- a/src/libknot/dnssec/sign.h
+++ b/src/libknot/dnssec/sign.h
@@ -95,7 +95,7 @@ int dnssec_sign_write(dnssec_sign_ctx_t *ctx, dnssec_sign_flags_t flags,
  *
  * \return Error code.
  * \retval KNOT_EOK                Validation successful, valid signature.
- * \retval DNSSEC_INVALID_SIGNATURE  Validation successful, invalid signature.
+ * \retval KNOT_INVALID_SIGNATURE  Validation successful, invalid signature.
  */
 int dnssec_sign_verify(dnssec_sign_ctx_t *ctx, bool sign_cmp,
                        const dnssec_binary_t *signature);

diff --git a/src/libknot/dnssec/sign/sign.c b/src/libknot/dnssec/sign/sign.c
index aca96c552442713505fd5fa6018097d749bb8341..b8ffb2939f300326d2a4093e6ed3e7e0de61c0f2 100644 (file)
--- a/src/libknot/dnssec/sign/sign.c
+++ b/src/libknot/dnssec/sign/sign.c
@@ -148,7 +148,7 @@ static int ecdsa_dnssec_to_x509(dnssec_sign_ctx_t *ctx,
        size_t int_size = ecdsa_sign_integer_size(ctx);
 
        if (dnssec->size != 2 * int_size) {
-               return DNSSEC_INVALID_SIGNATURE;
+               return KNOT_INVALID_SIGNATURE;
        }
 
        const dnssec_binary_t value_r = { .size = int_size, .data = dnssec->data };
@@ -345,7 +345,7 @@ int dnssec_sign_verify(dnssec_sign_ctx_t *ctx, bool sign_cmp, const dnssec_binar
                int ret = dnssec_sign_write(ctx, DNSSEC_SIGN_REPRODUCIBLE, &sign);
                if (ret == KNOT_EOK) {
                        ret = dnssec_binary_cmp(&sign, signature)
-                             ? DNSSEC_INVALID_SIGNATURE
+                             ? KNOT_INVALID_SIGNATURE
                              : KNOT_EOK;
                }
                dnssec_binary_free(&sign);
@@ -374,7 +374,7 @@ int dnssec_sign_verify(dnssec_sign_ctx_t *ctx, bool sign_cmp, const dnssec_binar
                                            ctx->sign_algorithm,
                                            0, &data, &raw);
        if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED) {
-               return DNSSEC_INVALID_SIGNATURE;
+               return KNOT_INVALID_SIGNATURE;
        } else if (result < 0) {
                return KNOT_ERROR;
        }

diff --git a/src/libknot/errcode.h b/src/libknot/errcode.h
index 30496d4f1ad89e20e026de3e21f98d777914198e..546f906a3b2f355ebb48ca3c39a78d7ad1219b0e 100644 (file)
--- a/src/libknot/errcode.h
+++ b/src/libknot/errcode.h
@@ -161,6 +161,7 @@ enum knot_error {
        KNOT_INVALID_KEY_SIZE,
        KNOT_INVALID_KEY_ID,
        KNOT_INVALID_KEY_NAME,
+       KNOT_INVALID_SIGNATURE,
        KNOT_NO_PUBLIC_KEY,
        KNOT_NO_PRIVATE_KEY,
        KNOT_NO_READY_KEY,

diff --git a/src/libknot/error.c b/src/libknot/error.c
index d1b17cb4a034cfd310a4885b09eb18b567c9c6c9..ec71814960a8a63d7632625dd1a2eb1486a782ee 100644 (file)
--- a/src/libknot/error.c
+++ b/src/libknot/error.c
@@ -160,6 +160,7 @@ static const struct error errors[] = {
        { KNOT_INVALID_KEY_SIZE,       "invalid key size" },
        { KNOT_INVALID_KEY_ID,         "invalid key ID" },
        { KNOT_INVALID_KEY_NAME,       "invalid key name" },
+       { KNOT_INVALID_SIGNATURE,      "invalid signature" },
        { KNOT_NO_PUBLIC_KEY,          "no public key" },
        { KNOT_NO_PRIVATE_KEY,         "no private key" },
        { KNOT_NO_READY_KEY,           "no key ready for submission" },