dns_rdataset_t nsset;
isc_result_t result;
- if (dns_name_equal(name, vctx->origin))
+ if (dns_name_equal(name, vctx->origin)) {
return (ISC_FALSE);
+ }
dns_rdataset_init(&nsset);
result = dns_db_findrdataset(vctx->db, node, vctx->ver,
dns_rdatatype_ns, 0, 0, &nsset, NULL);
if (dns_rdataset_isassociated(&nsset)) {
- if (ttlp != NULL)
+ if (ttlp != NULL) {
*ttlp = nsset.ttl;
+ }
dns_rdataset_disassociate(&nsset);
}
for (result = dns_rdataset_first(keyrdataset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(keyrdataset)) {
+ result = dns_rdataset_next(keyrdataset))
+ {
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(keyrdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &key, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = dns_dnssec_keyfromrdata(vctx->origin, &rdata,
vctx->mctx, &dstkey);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
return (ISC_FALSE);
+ }
if (sig.algorithm != key.algorithm ||
sig.keyid != dst_key_id(dstkey) ||
- !dns_name_equal(&sig.signer, vctx->origin)) {
+ !dns_name_equal(&sig.signer, vctx->origin))
+ {
dst_key_free(&dstkey);
continue;
}
0, vctx->mctx, sigrdata, NULL);
dst_key_free(&dstkey);
if (result == ISC_R_SUCCESS || result == DNS_R_FROMWILDCARD) {
- return(ISC_TRUE);
+ return (ISC_TRUE);
}
}
return (ISC_FALSE);
}
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
- result = dns_rdatasetiter_next(rdsiter)) {
+ result = dns_rdatasetiter_next(rdsiter))
+ {
dns_rdatasetiter_current(rdsiter, &sigrdataset);
if (sigrdataset.type == dns_rdatatype_rrsig &&
sigrdataset.covers == rdataset->type)
+ {
break;
+ }
dns_rdataset_disassociate(&sigrdataset);
}
if (result == ISC_R_SUCCESS) {
"for %s/%s",
namebuf, typebuf);
}
- if (dns_rdataset_isassociated(&sigrdataset))
+ if (dns_rdataset_isassociated(&sigrdataset)) {
dns_rdataset_disassociate(&sigrdataset);
+ }
dns_rdatasetiter_destroy(&rdsiter);
return (ISC_R_SUCCESS);
/*
* Do each element in turn to get a stable sort.
*/
- if (e1->hash < e2->hash)
+ if (e1->hash < e2->hash) {
return (ISC_TRUE);
- if (e1->hash > e2->hash)
+ }
+ if (e1->hash > e2->hash) {
return (ISC_FALSE);
- if (e1->iterations < e2->iterations)
+ }
+ if (e1->iterations < e2->iterations) {
return (ISC_TRUE);
- if (e1->iterations > e2->iterations)
+ }
+ if (e1->iterations > e2->iterations) {
return (ISC_FALSE);
- if (e1->salt_length < e2->salt_length)
+ }
+ if (e1->salt_length < e2->salt_length) {
return (ISC_TRUE);
- if (e1->salt_length > e2->salt_length)
+ }
+ if (e1->salt_length > e2->salt_length) {
return (ISC_FALSE);
- if (e1->next_length < e2->next_length)
+ }
+ if (e1->next_length < e2->next_length) {
return (ISC_TRUE);
- if (e1->next_length > e2->next_length)
+ }
+ if (e1->next_length > e2->next_length) {
return (ISC_FALSE);
+ }
len = e1->salt_length + 2 * e1->next_length;
- if (memcmp(e1 + 1, e2 + 1, len) < 0)
+ if (memcmp(e1 + 1, e2 + 1, len) < 0) {
return (ISC_TRUE);
+ }
return (ISC_FALSE);
}
{
size_t len;
- if (e1->hash != e2->hash)
+ if (e1->hash != e2->hash) {
return (ISC_FALSE);
- if (e1->iterations != e2->iterations)
+ }
+ if (e1->iterations != e2->iterations) {
return (ISC_FALSE);
- if (e1->salt_length != e2->salt_length)
+ }
+ if (e1->salt_length != e2->salt_length) {
return (ISC_FALSE);
- if (e1->next_length != e2->next_length)
+ }
+ if (e1->next_length != e2->next_length) {
return (ISC_FALSE);
+ }
len = e1->salt_length + 2 * e1->next_length;
- if (memcmp(e1 + 1, e2 + 1, len) != 0)
+ if (memcmp(e1 + 1, e2 + 1, len) != 0) {
return (ISC_FALSE);
+ }
return (ISC_TRUE);
}
len = sizeof(*element) + nsec3->next_length * 2 + nsec3->salt_length;
element = isc_mem_get(vctx->mctx, len);
- if (element == NULL)
+ if (element == NULL) {
return (ISC_R_NOMEMORY);
+ }
memset(element, 0, len);
element->hash = nsec3->hash;
element->salt_length = nsec3->salt_length;
*/
for (result = dns_rdataset_first(rdataset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(rdataset)) {
+ result = dns_rdataset_next(rdataset))
+ {
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
nsec3.salt_length == nsec3param->salt_length &&
memcmp(nsec3.salt, nsec3param->salt,
nsec3param->salt_length) == 0)
+ {
break;
+ }
}
if (result != ISC_R_SUCCESS) {
dns_name_format(name, namebuf, sizeof(namebuf));
*/
for (result = dns_rdataset_next(rdataset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(rdataset)) {
+ result = dns_rdataset_next(rdataset))
+ {
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
nsec3.iterations == nsec3param->iterations &&
nsec3.salt_length == nsec3param->salt_length &&
memcmp(nsec3.salt, nsec3param->salt,
- nsec3.salt_length) == 0) {
+ nsec3.salt_length) == 0)
+ {
dns_name_format(name, namebuf, sizeof(namebuf));
zoneverify_log_error(vctx,
"Multiple NSEC3 records with the "
return (ISC_R_SUCCESS);
}
}
- if (result != ISC_R_NOMORE)
+ if (result != ISC_R_NOMORE) {
return (result);
+ }
*vresult = ISC_R_SUCCESS;
for (result = dns_rdataset_first(nsec3paramset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(nsec3paramset)) {
+ result = dns_rdataset_next(nsec3paramset))
+ {
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(nsec3paramset, &rdata);
nsec3param.salt_length == nsec3->salt_length &&
memcmp(nsec3param.salt, nsec3->salt,
nsec3->salt_length) == 0)
+ {
return (ISC_TRUE);
+ }
}
return (ISC_FALSE);
}
isc_buffer_t b;
isc_result_t result;
- if (nsec3paramset == NULL || !dns_rdataset_isassociated(nsec3paramset))
+ if (nsec3paramset == NULL ||
+ !dns_rdataset_isassociated(nsec3paramset))
+ {
return (ISC_R_SUCCESS);
+ }
dns_rdataset_init(&rdataset);
result = dns_db_findrdataset(vctx->db, node, vctx->ver,
dns_rdatatype_nsec3, 0, 0, &rdataset,
NULL);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
return (ISC_R_SUCCESS);
+ }
dns_name_getlabel(name, 0, &hashlabel);
isc_region_consume(&hashlabel, 1);
for (result = dns_rdataset_first(&rdataset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(&rdataset)) {
+ result = dns_rdataset_next(&rdataset))
+ {
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(&rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
- if (nsec3.next_length != isc_buffer_usedlength(&b))
+ if (nsec3.next_length != isc_buffer_usedlength(&b)) {
continue;
+ }
/*
* We only care about NSEC3 records that match a NSEC3PARAM
* record.
*/
- if (!innsec3params(&nsec3, nsec3paramset))
+ if (!innsec3params(&nsec3, nsec3paramset)) {
continue;
+ }
/*
* Record chain.
dns_rdataset_init(&rdataset);
hashname = dns_fixedname_name(&fixed);
result = dns_db_findnsec3node(vctx->db, hashname, ISC_FALSE, &node);
- if (result == ISC_R_SUCCESS)
+ if (result == ISC_R_SUCCESS) {
result = dns_db_findrdataset(vctx->db, node, vctx->ver,
dns_rdatatype_nsec3, 0, 0,
&rdataset, NULL);
+ }
if (result != ISC_R_SUCCESS) {
*optout = ISC_FALSE;
result = ISC_R_SUCCESS;
*optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
done:
- if (dns_rdataset_isassociated(&rdataset))
+ if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
- if (node != NULL)
+ }
+ if (node != NULL) {
dns_db_detachnode(vctx->db, &node);
+ }
return (result);
}
result = dns_rdata_tostruct(rdata, &nsec3param, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
- if (nsec3param.flags != 0)
+ if (nsec3param.flags != 0) {
return (ISC_R_SUCCESS);
+ }
- if (!dns_nsec3_supportedhash(nsec3param.hash))
+ if (!dns_nsec3_supportedhash(nsec3param.hash)) {
return (ISC_R_SUCCESS);
+ }
result = isoptout(vctx, rdata, &optout);
if (result != ISC_R_SUCCESS) {
dns_rdataset_init(&rdataset);
hashname = dns_fixedname_name(&fixed);
result = dns_db_findnsec3node(vctx->db, hashname, ISC_FALSE, &node);
- if (result == ISC_R_SUCCESS)
+ if (result == ISC_R_SUCCESS) {
result = dns_db_findrdataset(vctx->db, node, vctx->ver,
dns_rdatatype_nsec3, 0, 0,
&rdataset, NULL);
+ }
if (result != ISC_R_SUCCESS &&
(!delegation || (empty && !optout) ||
(!empty && dns_nsec_isset(types, dns_rdatatype_ds))))
result = ISC_R_SUCCESS;
done:
- if (dns_rdataset_isassociated(&rdataset))
+ if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
- if (node != NULL)
+ }
+ if (node != NULL) {
dns_db_detachnode(vctx->db, &node);
+ }
return (result);
}
for (result = dns_rdataset_first(nsec3paramset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(nsec3paramset)) {
+ result = dns_rdataset_next(nsec3paramset))
+ {
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(nsec3paramset, &rdata);
break;
}
}
- if (result == ISC_R_NOMORE)
+ if (result == ISC_R_NOMORE) {
result = ISC_R_SUCCESS;
+ }
return (result);
}
}
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
- result = dns_rdatasetiter_next(rdsiter)) {
+ result = dns_rdatasetiter_next(rdsiter))
+ {
dns_rdatasetiter_current(rdsiter, &sigrdataset);
if (sigrdataset.type == dns_rdatatype_rrsig &&
sigrdataset.covers == rdataset->type)
+ {
break;
+ }
dns_rdataset_disassociate(&sigrdataset);
}
if (result != ISC_R_SUCCESS) {
dns_rdatatype_format(rdataset->type, typebuf, sizeof(typebuf));
zoneverify_log_error(vctx, "No signatures for %s/%s",
namebuf, typebuf);
- for (i = 0; i < 256; i++)
- if (vctx->act_algorithms[i] != 0)
+ for (i = 0; i < 256; i++) {
+ if (vctx->act_algorithms[i] != 0) {
vctx->bad_algorithms[i] = 1;
+ }
+ }
result = ISC_R_SUCCESS;
goto done;
}
memset(set_algorithms, 0, sizeof(set_algorithms));
for (result = dns_rdataset_first(&sigrdataset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(&sigrdataset)) {
+ result = dns_rdataset_next(&sigrdataset))
+ {
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_rrsig_t sig;
}
if ((set_algorithms[sig.algorithm] != 0) ||
(vctx->act_algorithms[sig.algorithm] == 0))
+ {
continue;
- if (goodsig(vctx, &rdata, name, keyrdataset, rdataset))
+ }
+ if (goodsig(vctx, &rdata, name, keyrdataset, rdataset)) {
set_algorithms[sig.algorithm] = 1;
+ }
}
result = ISC_R_SUCCESS;
if (memcmp(set_algorithms, vctx->act_algorithms,
- sizeof(set_algorithms))) {
+ sizeof(set_algorithms)))
+ {
dns_name_format(name, namebuf, sizeof(namebuf));
dns_rdatatype_format(rdataset->type, typebuf, sizeof(typebuf));
- for (i = 0; i < 256; i++)
+ for (i = 0; i < 256; i++) {
if ((vctx->act_algorithms[i] != 0) &&
- (set_algorithms[i] == 0)) {
+ (set_algorithms[i] == 0))
+ {
dns_secalg_format(i, algbuf, sizeof(algbuf));
zoneverify_log_error(vctx,
"No correct %s signature "
algbuf, namebuf, typebuf);
vctx->bad_algorithms[i] = 1;
}
+ }
}
done:
if (rdataset.type != dns_rdatatype_rrsig &&
rdataset.type != dns_rdatatype_dnskey &&
(!delegation || rdataset.type == dns_rdatatype_ds ||
- rdataset.type == dns_rdatatype_nsec)) {
+ rdataset.type == dns_rdatatype_nsec))
+ {
result = verifyset(vctx, &rdataset, name, node,
keyrdataset);
if (result != ISC_R_SUCCESS) {
return (result);
}
dns_nsec_setbit(types, rdataset.type, 1);
- if (rdataset.type > maxtype)
+ if (rdataset.type > maxtype) {
maxtype = rdataset.type;
+ }
} else if (rdataset.type != dns_rdatatype_rrsig &&
- rdataset.type != dns_rdatatype_dnskey) {
- if (rdataset.type == dns_rdatatype_ns)
+ rdataset.type != dns_rdatatype_dnskey)
+ {
+ if (rdataset.type == dns_rdatatype_ns) {
dns_nsec_setbit(types, rdataset.type, 1);
+ }
result = check_no_rrsig(vctx, &rdataset, name, node);
if (result != ISC_R_SUCCESS) {
dns_rdataset_disassociate(&rdataset);
dns_rdatasetiter_destroy(&rdsiter);
return (result);
}
- } else
+ } else {
dns_nsec_setbit(types, rdataset.type, 1);
+ }
dns_rdataset_disassociate(&rdataset);
result = dns_rdatasetiter_next(rdsiter);
}
*vresult = tvresult;
}
- if (nsec3paramset != NULL && dns_rdataset_isassociated(nsec3paramset)) {
+ if (nsec3paramset != NULL &&
+ dns_rdataset_isassociated(nsec3paramset))
+ {
result = verifynsec3s(vctx, name, nsec3paramset, delegation,
ISC_FALSE, types, maxtype, &tvresult);
if (result != ISC_R_SUCCESS) {
nsec_exists = ISC_TRUE;
}
- if (dns_rdataset_isassociated(&rdataset))
+ if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
+ }
return (nsec_exists ? ISC_R_FAILURE : ISC_R_SUCCESS);
}
first->salt_length != e->salt_length ||
first->next_length != e->next_length ||
memcmp(first + 1, e + 1, first->salt_length) != 0)
+ {
return (ISC_TRUE);
+ }
return (ISC_FALSE);
}
d1 += first->salt_length + first->next_length;
d2 += e->salt_length;
- if (memcmp(d1, d2, first->next_length) == 0)
+ if (memcmp(d1, d2, first->next_length) == 0) {
return (ISC_TRUE);
+ }
DE_CONST(d1 - first->next_length, sr.base);
sr.length = first->next_length;
while ((e = isc_heap_element(vctx->expected_chains, 1)) != NULL) {
isc_heap_delete(vctx->expected_chains, 1);
- if (f == NULL)
+ if (f == NULL) {
f = isc_heap_element(vctx->found_chains, 1);
+ }
if (f != NULL) {
isc_heap_delete(vctx->found_chains, 1);
*/
while (f != NULL && !chain_compare(e, f)) {
free_element(mctx, f);
- f = isc_heap_element(vctx->found_chains, 1);
- if (f != NULL)
- isc_heap_delete(vctx->found_chains, 1);
+ f = isc_heap_element(
+ vctx->found_chains, 1);
+ if (f != NULL) {
+ isc_heap_delete(
+ vctx->found_chains, 1);
+ }
if (f != NULL && chain_equal(e, f)) {
free_element(mctx, f);
f = NULL;
}
if (first == NULL || newchain(first, e)) {
if (prev != NULL) {
- if (!checknext(vctx, prev, first))
+ if (!checknext(vctx, prev, first)) {
result = ISC_R_FAILURE;
- if (prev != first)
+ }
+ if (prev != first) {
free_element(mctx, prev);
+ }
}
- if (first != NULL)
+ if (first != NULL) {
free_element(mctx, first);
+ }
prev = first = e;
continue;
}
- if (!checknext(vctx, prev, e))
+ if (!checknext(vctx, prev, e)) {
result = ISC_R_FAILURE;
- if (prev != first)
+ }
+ if (prev != first) {
free_element(mctx, prev);
+ }
prev = e;
}
if (prev != NULL) {
- if (!checknext(vctx, prev, first))
+ if (!checknext(vctx, prev, first)) {
result = ISC_R_FAILURE;
- if (prev != first)
+ }
+ if (prev != first) {
free_element(mctx, prev);
+ }
}
- if (first != NULL)
+ if (first != NULL) {
free_element(mctx, first);
+ }
do {
if (f != NULL) {
if (result == ISC_R_SUCCESS) {
free_element(mctx, f);
}
f = isc_heap_element(vctx->found_chains, 1);
- if (f != NULL)
+ if (f != NULL) {
isc_heap_delete(vctx->found_chains, 1);
+ }
} while (f != NULL);
return (result);
nlabels = dns_name_countlabels(name);
if (reln == dns_namereln_commonancestor ||
- reln == dns_namereln_contains) {
+ reln == dns_namereln_contains)
+ {
dns_name_init(&suffix, NULL);
for (i = labels + 1; i < nlabels; i++) {
dns_name_getlabelsequence(name, nlabels - i, i,
&suffix);
if (nsec3paramset != NULL &&
- dns_rdataset_isassociated(nsec3paramset)) {
+ dns_rdataset_isassociated(nsec3paramset))
+ {
result = verifynsec3s(vctx, &suffix,
nsec3paramset,
isdelegation, ISC_TRUE,
for (result = dns_rdataset_first(&vctx->keyset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(&vctx->keyset)) {
+ result = dns_rdataset_next(&vctx->keyset))
+ {
dns_rdataset_current(&vctx->keyset, &rdata);
result = dns_rdata_tostruct(&rdata, &dnskey, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
is_ksk = ISC_TF((dnskey.flags & DNS_KEYFLAG_KSK) != 0);
- if ((dnskey.flags & DNS_KEYOWNER_ZONE) == 0)
+ if ((dnskey.flags & DNS_KEYOWNER_ZONE) == 0) {
;
- else if ((dnskey.flags & DNS_KEYFLAG_REVOKE) != 0) {
+ } else if ((dnskey.flags & DNS_KEYFLAG_REVOKE) != 0) {
if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0 &&
!dns_dnssec_selfsigns(&rdata, vctx->origin,
&vctx->keyset,
&vctx->keysigs, ISC_FALSE,
- vctx->mctx)) {
+ vctx->mctx))
+ {
char namebuf[DNS_NAME_FORMATSIZE];
char buffer[1024];
isc_buffer_t buf;
return (ISC_R_FAILURE);
}
if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0 &&
- vctx->revoked_ksk[dnskey.algorithm] != 255)
+ vctx->revoked_ksk[dnskey.algorithm] != 255)
+ {
vctx->revoked_ksk[dnskey.algorithm]++;
- else if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0 &&
- vctx->revoked_zsk[dnskey.algorithm] != 255)
+ } else if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0 &&
+ vctx->revoked_zsk[dnskey.algorithm] != 255)
+ {
vctx->revoked_zsk[dnskey.algorithm]++;
+ }
} else {
check_dnskey_sigs(vctx, &dnskey, &rdata, is_ksk);
}
"Verifying the zone using the following algorithms:");
for (i = 0; i < 256; i++) {
- if (ignore_kskflag)
+ if (ignore_kskflag) {
vctx->act_algorithms[i] =
(vctx->ksk_algorithms[i] != 0 ||
vctx->zsk_algorithms[i] != 0) ? 1 : 0;
- else
+ } else {
vctx->act_algorithms[i] =
vctx->ksk_algorithms[i] != 0 ? 1 : 0;
+ }
if (vctx->act_algorithms[i] != 0) {
dns_secalg_format(i, algbuf, sizeof(algbuf));
zoneverify_print(vctx, " %s", algbuf);
*/
if ((vctx->ksk_algorithms[i] != 0) ==
(vctx->zsk_algorithms[i] != 0))
+ {
continue;
+ }
dns_secalg_format(i, algbuf, sizeof(algbuf));
zoneverify_log_error(vctx,
"Missing %s for algorithm %s",
dns_db_detachnode(vctx->db, &node);
goto done;
}
- if (*vresult == ISC_R_UNSET)
+ if (*vresult == ISC_R_UNSET) {
*vresult = ISC_R_SUCCESS;
+ }
if (*vresult == ISC_R_SUCCESS) {
*vresult = tvresult;
}
dns_db_detachnode(vctx->db, &node);
goto done;
}
- } else
+ } else {
prevname = dns_fixedname_name(&fprevname);
+ }
dns_name_copy(name, prevname, NULL);
if (*vresult == ISC_R_SUCCESS) {
*vresult = tvresult;
for (result = dns_dbiterator_first(dbiter);
result == ISC_R_SUCCESS;
- result = dns_dbiterator_next(dbiter) ) {
+ result = dns_dbiterator_next(dbiter))
+ {
result = dns_dbiterator_current(dbiter, &node, name);
if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) {
zoneverify_log_error(vctx,
}
result = verify_nsec3_chains(&vctx, mctx);
- if (vresult == ISC_R_UNSET)
+ if (vresult == ISC_R_UNSET) {
vresult = ISC_R_SUCCESS;
- if (result != ISC_R_SUCCESS && vresult == ISC_R_SUCCESS)
+ }
+ if (result != ISC_R_SUCCESS && vresult == ISC_R_SUCCESS) {
vresult = result;
+ }
result = check_bad_algorithms(&vctx);
if (result != ISC_R_SUCCESS) {
projects / thirdparty / bind9.git / commitdiff
