From: Miek Gieben Date: Mon, 28 Feb 2005 11:13:55 +0000 (+0000) Subject: some more dnssec function and buffer2wire stuff X-Git-Tag: release-0.50~357 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8402598853993e5fc8fa9f1a581a3873abc413f4;p=thirdparty%2Fldns.git some more dnssec function and buffer2wire stuff --- diff --git a/dnssec.c b/dnssec.c index 600644d5..6d901835 100644 --- a/dnssec.c +++ b/dnssec.c @@ -87,17 +87,19 @@ ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr_list *keys) bool result; ldns_rr *current_key; - /* TODO remove */ - key_buf = NULL; - rrset_buf = NULL; - - /* create a buffer which will certainly hold the + /* create the buffers which will certainly hold the * raw data */ rawsig_buf = ldns_buffer_new(MAX_PACKETLEN); + rrset_buf = ldns_buffer_new(MAX_PACKETLEN); + sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1)); result = false; - (void)ldns_rrsig2buffer_wire(rawsig_buf, rrsig); + if (ldns_rrsig2buffer_wire(rawsig_buf, rrsig) != LDNS_STATUS_OK) { + ldns_buffer_free(rawsig_buf); + ldns_buffer_free(rrset_buf); + return false; + } orig_ttl = ldns_rdf2native_int32( ldns_rr_rdf(rrsig, 3)); @@ -116,11 +118,21 @@ ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr_list *keys) ldns_rr_list_sort(rrset); /* put the rrset in a wirefmt buf */ + if (ldns_rr_list2buffer_wire(rrset_buf, rrset) != LDNS_STATUS_OK) { + ldns_buffer_free(rawsig_buf); + ldns_buffer_free(rrset_buf); + return false; + } for(i = 0; i < ldns_rr_list_rr_count(keys); i++) { current_key = ldns_rr_list_rr(keys, i); - - /* put the key-data in a buffer */ + key_buf = ldns_buffer_new(MAX_PACKETLEN); + /* put the key-data in a buffer, that's the third rdf, with + * the base64 encoded key data */ + if (ldns_rdf2buffer_wire(key_buf, + ldns_rr_rdf(current_key, 3)) != LDNS_STATUS_OK) { + return false; + } switch(sig_algo) { case LDNS_DSA: @@ -136,11 +148,11 @@ ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr_list *keys) rawsig_buf, rrset_buf, key_buf); break; default: - /* no fucking way man! */ + /* do you know this alg?! */ break; } - /* ldns_buffer_free(key_buf); TODO */ + ldns_buffer_free(key_buf); if (result) { /* one of the keys has matched */ break; @@ -149,7 +161,6 @@ ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr_list *keys) ldns_buffer_free(rawsig_buf); ldns_buffer_free(rrset_buf); - return result; } diff --git a/host2wire.c b/host2wire.c index 5ca5b726..ca5555b8 100644 --- a/host2wire.c +++ b/host2wire.c @@ -45,6 +45,20 @@ ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf) return ldns_buffer_status(buffer); } +/* convert a rr list to wireformat */ +ldns_status +ldns_rr_list2buffer_wire(ldns_buffer *buffer, ldns_rr_list *rr_list) +{ + uint16_t rr_count; + uint16_t i; + + rr_count = ldns_rr_list_rr_count(rr_list); + for(i = 0; i < rr_count; i++) { + ldns_rr2buffer_wire(buffer, ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ANY); + } + return ldns_buffer_status(buffer); +} + ldns_status ldns_rr2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr, int section) { @@ -164,7 +178,7 @@ ldns_rr_rdata2buffer_wire(ldns_buffer *buffer, ldns_rr *rr) } #endif - /* now convert all the rdf */ + /* convert all the rdf */ for (i = 0; i < ldns_rr_rd_count(rr); i++) { (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr, i)); } diff --git a/ldns/host2wire.h b/ldns/host2wire.h index 087df404..f4b12866 100644 --- a/ldns/host2wire.h +++ b/ldns/host2wire.h @@ -17,6 +17,7 @@ ldns_status ldns_rr2buffer_wire(ldns_buffer *, const ldns_rr *, int); ldns_status ldns_pkt2buffer_wire(ldns_buffer *, const ldns_pkt *); ldns_status ldns_rr_rdata2buffer_wire(ldns_buffer *, ldns_rr *); ldns_status ldns_rrsig2buffer_wire(ldns_buffer *, ldns_rr *); +ldns_status ldns_rr_list2buffer_wire(ldns_buffer *, ldns_rr_list *); uint8_t *ldns_rdf2wire(const ldns_rdf *, size_t *); uint8_t *ldns_rr2wire(const ldns_rr *, int, size_t *); uint8_t *ldns_pkt2wire(const ldns_pkt *, size_t *); diff --git a/libdns.vim b/libdns.vim index 3b0e77c1..1659e32e 100644 --- a/libdns.vim +++ b/libdns.vim @@ -68,6 +68,7 @@ syn keyword ldnsConstant LDNS_SECTION_QUESTION syn keyword ldnsConstant LDNS_SECTION_ANSWER syn keyword ldnsConstant LDNS_SECTION_AUTHORITY syn keyword ldnsConstant LDNS_SECTION_ADDITIONAL +syn keyword ldnsConstant LDNS_SECTION_ANY syn keyword ldnsConstant MAX_PACKETLEN