From 0dda99c38ed3766a7fa0c38df3bad4e6e91b7e80 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Wed, 18 May 2011 14:15:05 +0000 Subject: [PATCH] code review #1: Extra info on NSEC records only when verbosity is up code review #2: Rename serial_arithmitics_gmtime_r to ldns_serial_arithmitics_gmtime_r (and all the other added functions in util.h) and add to ldns_symbols.def. code review #3: Comment swap of ldns_dnssec_verify_denial_nsec3_match, ldns_verify_rrsig_buffers and ldns_dnssec_verify_denial_nsec3 code review #4: Finishing the sentence in the comment about opt-out handling in function ldns_dnssec_create_nsec3. code review #5: Just do rd-strlen = strlen(rd) once in rr.c code review #6: Moved setting of output variables from acx_nlnetlabs.m4 to configure.ac so acx_nlnetlabs.m4 doesn't have to be merged into NSD and Unbound. --- acx_nlnetlabs.m4 | 6 ------ configure.ac | 10 ++++++++++ dnssec.c | 5 +++-- examples/ldns-rrsig.c | 4 ++-- examples/ldns-verify-zone.c | 12 +++++++----- host2str.c | 2 +- ldns/dnssec_verify.h | 39 +++++++++++++++++++++---------------- ldns/util.h.in | 7 ++++--- ldns_symbols.def | 1 + rr.c | 1 - util.c | 30 ++++++++++++++-------------- 11 files changed, 65 insertions(+), 52 deletions(-) diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index ec5da2a8..147af7f9 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -405,9 +405,6 @@ void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2))); AC_MSG_RESULT($ac_cv_c_format_attribute) if test $ac_cv_c_format_attribute = yes; then AC_DEFINE(HAVE_ATTR_FORMAT, 1, [Whether the C compiler accepts the "format" attribute]) - AC_SUBST(ldns_build_config_have_attr_format, 1) -else - AC_SUBST(ldns_build_config_have_attr_format, 0) fi ])dnl End of ACX_CHECK_FORMAT_ATTRIBUTE @@ -459,9 +456,6 @@ AC_DEFUN([AHX_CONFIG_UNUSED_ATTRIBUTE], AC_MSG_RESULT($ac_cv_c_unused_attribute) if test $ac_cv_c_unused_attribute = yes; then AC_DEFINE(HAVE_ATTR_UNUSED, 1, [Whether the C compiler accepts the "unused" attribute]) - AC_SUBST(ldns_build_config_have_attr_unused, 1) -else - AC_SUBST(ldns_build_config_have_attr_unused, 0) fi ])dnl diff --git a/configure.ac b/configure.ac index 1d9b7d36..45190d03 100644 --- a/configure.ac +++ b/configure.ac @@ -505,6 +505,16 @@ if test "x$HAVE_SSL" = "xyes"; then else AC_SUBST(ldns_build_config_have_ssl, 0) fi +if test "x$ac_cv_c_format_attribute" = "xyes"; then + AC_SUBST(ldns_build_config_have_attr_format, 1) +else + AC_SUBST(ldns_build_config_have_attr_format, 0) +fi +if test "x$ac_cv_c_unused_attribute" = "xyes"; then + AC_SUBST(ldns_build_config_have_attr_unused, 1) +else + AC_SUBST(ldns_build_config_have_attr_unused, 0) +fi AC_CONFIG_FILES([Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config]) diff --git a/dnssec.c b/dnssec.c index 6550a910..0fd9530b 100644 --- a/dnssec.c +++ b/dnssec.c @@ -869,8 +869,9 @@ ldns_dnssec_create_nsec3(ldns_dnssec_name *from, while (cur_rrsets) { /* Do not include obscured rrsets on the delegation point * in the type bitmap. Potentionally not skipping insecure - * delegation should have been done earlier, in - * + * delegation should have been done earlier, in function + * ldns_dnssec_zone_create_nsec3s, or even earlier in: + * ldns_dnssec_zone_sign_nsec3_flg . */ if ( ( on_delegation_point && ( cur_rrsets->type == LDNS_RR_TYPE_NS diff --git a/examples/ldns-rrsig.c b/examples/ldns-rrsig.c index 33376260..e52556b3 100644 --- a/examples/ldns-rrsig.c +++ b/examples/ldns-rrsig.c @@ -180,7 +180,7 @@ main(int argc, char *argv[]) for(i = 0; i < ldns_rr_list_rr_count(rrsig_type); i++) { memset(&incep, 0, sizeof(incep)); - if (serial_arithmitics_gmtime_r( + if (ldns_serial_arithmitics_gmtime_r( ldns_rdf2native_time_t( ldns_rr_rrsig_inception( ldns_rr_list_rr(rrsig_type, i))), @@ -192,7 +192,7 @@ main(int argc, char *argv[]) incep_buf[0] = '\0'; } memset(&expir, 0, sizeof(expir)); - if (serial_arithmitics_gmtime_r( + if (ldns_serial_arithmitics_gmtime_r( ldns_rdf2native_time_t( ldns_rr_rrsig_expiration( ldns_rr_list_rr(rrsig_type, i))), diff --git a/examples/ldns-verify-zone.c b/examples/ldns-verify-zone.c index 88e79d2c..3584ccc9 100644 --- a/examples/ldns-verify-zone.c +++ b/examples/ldns-verify-zone.c @@ -386,11 +386,13 @@ verify_nsec(ldns_rbtree_t *zone_nodes, printf("Error: the NSEC record for "); ldns_rdf_print(stdout, name->name); printf(" points to the wrong next owner name\n"); - printf(" : "); - ldns_rdf_print(stdout, ldns_rr_rdf(name->nsec, 0)); - printf(" i.s.o. "); - ldns_rdf_print(stdout, next_name->name); - printf(".\n"); + if (verbosity >= 4) { + printf(" : "); + ldns_rdf_print(stdout,ldns_rr_rdf(name->nsec, 0)); + printf(" i.s.o. "); + ldns_rdf_print(stdout, next_name->name); + printf(".\n"); + } if (result == LDNS_STATUS_OK) { result = LDNS_STATUS_ERR; } diff --git a/host2str.c b/host2str.c index e2d9c6ee..b5b012f9 100644 --- a/host2str.c +++ b/host2str.c @@ -334,7 +334,7 @@ ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf) char date_buf[16]; memset(&tm, 0, sizeof(tm)); - if (serial_arithmitics_gmtime_r(ldns_rdf2native_int32(rdf), time(NULL), &tm) + if (ldns_serial_arithmitics_gmtime_r(ldns_rdf2native_int32(rdf), time(NULL), &tm) && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) { ldns_buffer_printf(output, "%s", date_buf); } diff --git a/ldns/dnssec_verify.h b/ldns/dnssec_verify.h index 855729bf..a2f275fa 100644 --- a/ldns/dnssec_verify.h +++ b/ldns/dnssec_verify.h @@ -390,25 +390,32 @@ ldns_status ldns_dnssec_verify_denial_nsec3(ldns_rr *rr, bool packet_nodata); /** - * Verifies the already processed data in the buffers - * This function should probably not be used directly. + * Same as ldns_status ldns_dnssec_verify_denial_nsec3 but also returns + * the nsec rr that matched. * - * \param[in] rawsig_buf Buffer containing signature data to use - * \param[in] verify_buf Buffer containing data to verify - * \param[in] key_buf Buffer containing key data to use - * \param[in] algo Signing algorithm - * \return status LDNS_STATUS_OK if the data verifies. Error if not. + * \param[in] rr The (query) RR to check the denial of existence for + * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the + * existence of the RR + * \param[in] rrsigs The RRSIG rr covering the NSEC RRs + * \param[in] packet_rcode The RCODE value of the packet that provided the + * NSEC3 RRs + * \param[in] packet_qtype The original query RR type + * \param[in] packet_nodata True if the providing packet had an empty ANSWER + * section + * \param[in] ldns_rr On match, the given (reference to a) pointer will be set + * to point to the matching nsec resource record. + * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code + * containing the reason they do not otherwise */ ldns_status ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr, - ldns_rr_list *nsecs, - ldns_rr_list *rrsigs, - ldns_pkt_rcode packet_rcode, - ldns_rr_type packet_qtype, - bool packet_nodata, - ldns_rr **match); + ldns_rr_list *nsecs, + ldns_rr_list *rrsigs, + ldns_pkt_rcode packet_rcode, + ldns_rr_type packet_qtype, + bool packet_nodata, + ldns_rr **match); /** - * Same as ldns_status ldns_dnssec_verify_denial_nsec3 but also returns - * the nsec rr that matched. + * Verifies the already processed data in the buffers * This function should probably not be used directly. * * \param[in] rawsig_buf Buffer containing signature data to use @@ -417,8 +424,6 @@ ldns_status ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr, * \param[in] algo Signing algorithm * \return status LDNS_STATUS_OK if the data verifies. Error if not. */ - - ldns_status ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf, ldns_buffer *verify_buf, ldns_buffer *key_buf, diff --git a/ldns/util.h.in b/ldns/util.h.in index d388586e..c7b6c8be 100644 --- a/ldns/util.h.in +++ b/ldns/util.h.in @@ -276,14 +276,15 @@ time_t mktime_from_utc(const struct tm *tm); * That number of seconds is then converted to broken-out time information. * This is especially usefull when converting the inception and expiration * fields of RRSIG records. + * * \param[in] time number of seconds since epoch (midnight, January 1st, 1970) - * to be intepreted as a serial arithmitics number relative to now. + * to be intepreted as a serial arithmitics number relative to now. * \param[in] now number of seconds since epoch (midnight, January 1st, 1970) - * to which the time value is compared to determine the final value. + * to which the time value is compared to determine the final value. * \param[out] result the struct with the broken-out time information * \return result on success or NULL on error */ -struct tm * serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result); +struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result); /** * Seed the random function. diff --git a/ldns_symbols.def b/ldns_symbols.def index 551f2b0c..1ec2e686 100644 --- a/ldns_symbols.def +++ b/ldns_symbols.def @@ -620,6 +620,7 @@ ldns_rr_type2str ldns_rr_uncompressed_size ldns_send ldns_send_buffer +ldns_serial_arithmitics_gmtime_r ldns_set_bit ldns_sha1 ldns_sha1_final diff --git a/rr.c b/rr.c index 5be57851..672525e3 100644 --- a/rr.c +++ b/rr.c @@ -441,7 +441,6 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str, ldns_rr_free(new); return LDNS_STATUS_SYNTAX_RDATA_ERR; } - rd_strlen = strlen(rd); rd_strlen = strlen(rd); strncpy(hex_data_str + cur_hex_data_size, rd, rd_strlen); cur_hex_data_size += rd_strlen; diff --git a/util.c b/util.c index f0a622a3..c57b060f 100644 --- a/util.c +++ b/util.c @@ -243,8 +243,8 @@ mktime_from_utc(const struct tm *tm) #if SIZEOF_TIME_T <= 4 -void -year_and_yday_from_days_since_epoch(int64_t days, struct tm *result) +static void +ldns_year_and_yday_from_days_since_epoch(int64_t days, struct tm *result) { int year = 1970; int new_year; @@ -267,8 +267,8 @@ static const int leap_year_mdays[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; -void -mon_and_mday_from_year_and_yday(struct tm *result) +static void +ldns_mon_and_mday_from_year_and_yday(struct tm *result) { int idays = result->tm_yday; const int *mon_lengths = is_leap_year(result->tm_year) ? @@ -281,8 +281,8 @@ mon_and_mday_from_year_and_yday(struct tm *result) result->tm_mday = idays + 1; } -void -wday_from_year_and_yday(struct tm *result) +static void +ldns_wday_from_year_and_yday(struct tm *result) { result->tm_wday = 4 /* 1-1-1970 was a thursday */ + ((result->tm_year - 1970) % 7) * (365 % 7) @@ -294,7 +294,7 @@ wday_from_year_and_yday(struct tm *result) } } -struct tm * +static struct tm * ldns_gmtime64_r(int64_t clock, struct tm *result) { result->tm_isdst = 0; @@ -305,9 +305,9 @@ ldns_gmtime64_r(int64_t clock, struct tm *result) result->tm_hour = (int) (clock % 24); clock /= 24; - year_and_yday_from_days_since_epoch(clock, result); - mon_and_mday_from_year_and_yday(result); - wday_from_year_and_yday(result); + ldns_year_and_yday_from_days_since_epoch(clock, result); + ldns_mon_and_mday_from_year_and_yday(result); + ldns_wday_from_year_and_yday(result); result->tm_year -= 1900; return result; @@ -315,8 +315,8 @@ ldns_gmtime64_r(int64_t clock, struct tm *result) #endif /* SIZEOF_TIME_T <= 4 */ -int64_t -serial_arithmitics_time(int32_t time, time_t now) +static int64_t +ldns_serial_arithmitics_time(int32_t time, time_t now) { int32_t offset = time - (int32_t) now; return (int64_t) now + offset; @@ -324,13 +324,13 @@ serial_arithmitics_time(int32_t time, time_t now) struct tm * -serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result) +ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result) { #if SIZEOF_TIME_T <= 4 - int64_t secs_since_epoch = serial_arithmitics_time(time, now); + int64_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); return ldns_gmtime64_r(secs_since_epoch, result); #else - time_t secs_since_epoch = serial_arithmitics_time(time, now); + time_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); return gmtime_r(&secs_since_epoch, result); #endif } -- 2.47.3