From: Vladimír Čunát Date: Sat, 15 May 2021 11:33:40 +0000 (+0200) Subject: lib/dnssec/ta: remove trivial kr_ta_covers_qry() X-Git-Tag: v5.4.0~20^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c112290ec99c2ad7ee258fdfcbd6af6341130651;p=thirdparty%2Fknot-resolver.git lib/dnssec/ta: remove trivial kr_ta_covers_qry() --- diff --git a/lib/cache/peek.c b/lib/cache/peek.c index dc7cd7fe3..b154450f4 100644 --- a/lib/cache/peek.c +++ b/lib/cache/peek.c @@ -95,7 +95,7 @@ static uint8_t get_lowest_rank(const struct kr_query *qry, const knot_dname_t *n } else if (!allow_unverified) { /* Records not present under any TA don't have their security * verified at all, so we also accept low ranks in that case. */ - const bool ta_covers = kr_ta_covers_qry(qry->request->ctx, name, type); + const bool ta_covers = kr_ta_closest(qry->request->ctx, name, type); /* ^ TODO: performance? TODO: stype - call sites */ if (ta_covers) { return KR_RANK_INSECURE | KR_RANK_AUTH; diff --git a/lib/dnssec/ta.h b/lib/dnssec/ta.h index d1b1adefa..d7bace69e 100644 --- a/lib/dnssec/ta.h +++ b/lib/dnssec/ta.h @@ -43,18 +43,6 @@ KR_PURE const knot_dname_t * kr_ta_closest(const struct kr_context *ctx, const knot_dname_t *name, const uint16_t type); -/** - * A trivial wrapper around kr_ta_closest - * - * TODO: drop it? The name doesn't feel very suitable either. - */ -static inline -bool kr_ta_covers_qry(struct kr_context *ctx, const knot_dname_t *name, - const uint16_t type) -{ - return kr_ta_closest(ctx, name, type) != NULL; -} - /** * Remove TA from trust store. * @param trust_anchors trust store diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c index cf29f35cd..7621b9007 100644 --- a/lib/layer/iterate.c +++ b/lib/layer/iterate.c @@ -791,7 +791,7 @@ static int process_answer(knot_pkt_t *pkt, struct kr_request *req) next->cname_parent = query; /* Want DNSSEC if and only if it's posible to secure * this name (i.e. iff it is covered by a TA) */ - if (kr_ta_covers_qry(req->ctx, cname, query->stype)) { + if (kr_ta_closest(req->ctx, cname, query->stype)) { next->flags.DNSSEC_WANT = true; } else { next->flags.DNSSEC_WANT = false; diff --git a/lib/layer/validate.c b/lib/layer/validate.c index cdcf97f23..a99ee5884 100644 --- a/lib/layer/validate.c +++ b/lib/layer/validate.c @@ -171,7 +171,7 @@ static int validate_section(kr_rrset_validation_ctx_t *vctx, struct kr_query *qr } if (!knot_dname_is_equal(qry->zone_cut.name, rr->owner)/*optim.*/ - && !kr_ta_covers_qry(qry->request->ctx, rr->owner, rr->type)) { + && !kr_ta_closest(qry->request->ctx, rr->owner, rr->type)) { /* We have NTA "between" our (perceived) zone cut and the RR. */ kr_rank_set(&entry->rank, KR_RANK_INSECURE); continue; diff --git a/lib/resolve.c b/lib/resolve.c index 7c4cb9a1b..213830a6e 100644 --- a/lib/resolve.c +++ b/lib/resolve.c @@ -224,7 +224,7 @@ static int ns_fetch_cut(struct kr_query *qry, const knot_dname_t *requested_name qry->flags.DNSSEC_WANT = false; qry->flags.DNSSEC_INSECURE = true; VERBOSE_MSG(qry, "=> going insecure because parent query is insecure\n"); - } else if (kr_ta_covers_qry(req->ctx, qry->zone_cut.name, KNOT_RRTYPE_NS)) { + } else if (kr_ta_closest(req->ctx, qry->zone_cut.name, KNOT_RRTYPE_NS)) { qry->flags.DNSSEC_WANT = true; } else { qry->flags.DNSSEC_WANT = false; @@ -265,7 +265,7 @@ static int ns_fetch_cut(struct kr_query *qry, const knot_dname_t *requested_name /* Zonecut name can change, check it again * to prevent unnecessary DS & DNSKEY queries */ if (!(qry->flags.DNSSEC_INSECURE) && - kr_ta_covers_qry(req->ctx, cut_found.name, KNOT_RRTYPE_NS)) { + kr_ta_closest(req->ctx, cut_found.name, KNOT_RRTYPE_NS)) { qry->flags.DNSSEC_WANT = true; } else { qry->flags.DNSSEC_WANT = false; @@ -683,7 +683,7 @@ static int resolve_query(struct kr_request *request, const knot_pkt_t *packet) qry->flags.AWAIT_CUT = true; /* Want DNSSEC if it's posible to secure this name (e.g. is covered by any TA) */ if ((knot_wire_get_ad(packet->wire) || knot_pkt_has_dnssec(packet)) && - kr_ta_covers_qry(request->ctx, qry->sname, qtype)) { + kr_ta_closest(request->ctx, qry->sname, qtype)) { qry->flags.DNSSEC_WANT = true; } }