isc_stdtime_t expire, isc_mem_t *mctx,
dns_tsigkey_t **keyp) {
dns_tsigkey_t *tkey = NULL;
- isc_result_t ret;
+ isc_result_t result;
REQUIRE(keyp != NULL && *keyp == NULL);
REQUIRE(name != NULL);
if (algorithm != DST_ALG_UNKNOWN) {
if (dstkey != NULL && dst_key_alg(dstkey) != algorithm) {
- ret = DNS_R_BADALG;
+ result = DNS_R_BADALG;
goto cleanup_name;
}
} else if (dstkey != NULL) {
- ret = DNS_R_BADALG;
+ result = DNS_R_BADALG;
goto cleanup_name;
}
cleanup_name:
isc_mem_put(mctx, tkey, sizeof(dns_tsigkey_t));
- return (ret);
+ return (result);
}
static void
isc_stdtime_t now;
isc_mem_t *mctx = NULL;
dst_context_t *ctx = NULL;
- isc_result_t ret;
+ isc_result_t result;
unsigned char badtimedata[BADTIMELEN];
unsigned int sigsize = 0;
bool response;
* has validated at this point. This is why we include a
* MAC length > 0 in the reply.
*/
- ret = dst_context_create(key->key, mctx, DNS_LOGCATEGORY_DNSSEC,
- true, 0, &ctx);
- if (ret != ISC_R_SUCCESS) {
- return (ret);
+ result = dst_context_create(
+ key->key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0, &ctx);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
}
/*
INSIST(msg->verified_sig);
- ret = dns_rdataset_first(msg->querytsig);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_rdataset_first(msg->querytsig);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
dns_rdataset_current(msg->querytsig, &querytsigrdata);
- ret = dns_rdata_tostruct(&querytsigrdata, &querytsig,
- NULL);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_rdata_tostruct(&querytsigrdata, &querytsig,
+ NULL);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
isc_buffer_putuint16(&databuf, querytsig.siglen);
if (isc_buffer_availablelength(&databuf) <
querytsig.siglen)
{
- ret = ISC_R_NOSPACE;
+ result = ISC_R_NOSPACE;
goto cleanup_context;
}
isc_buffer_putmem(&databuf, querytsig.signature,
querytsig.siglen);
isc_buffer_usedregion(&databuf, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
querytsig_ok = true;
isc_buffer_init(&headerbuf, header, sizeof(header));
dns_message_renderheader(msg, &headerbuf);
isc_buffer_usedregion(&headerbuf, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
*/
isc_buffer_usedregion(msg->buffer, &r);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
* Digest the name, class, ttl, alg.
*/
dns_name_toregion(key->name, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
isc_buffer_putuint16(&databuf, dns_rdataclass_any);
isc_buffer_putuint32(&databuf, 0); /* ttl */
isc_buffer_usedregion(&databuf, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
dns_name_toregion(&tsig.algorithm, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
}
isc_buffer_putuint48(&databuf, tsig.timesigned);
isc_buffer_putuint16(&databuf, tsig.fudge);
isc_buffer_usedregion(&databuf, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
isc_buffer_putuint16(&databuf, tsig.otherlen);
isc_buffer_usedregion(&databuf, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
if (tsig.otherlen > 0) {
r.length = tsig.otherlen;
r.base = tsig.other;
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
}
}
- ret = dst_key_sigsize(key->key, &sigsize);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_key_sigsize(key->key, &sigsize);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
tsig.signature = isc_mem_get(mctx, sigsize);
isc_buffer_init(&sigbuf, tsig.signature, sigsize);
- ret = dst_context_sign(ctx, &sigbuf);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_sign(ctx, &sigbuf);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_signature;
}
dst_context_destroy(&ctx);
dns_message_gettemprdata(msg, &rdata);
isc_buffer_allocate(msg->mctx, &dynbuf, 512);
- ret = dns_rdata_fromstruct(rdata, dns_rdataclass_any,
- dns_rdatatype_tsig, &tsig, dynbuf);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_rdata_fromstruct(rdata, dns_rdataclass_any,
+ dns_rdatatype_tsig, &tsig, dynbuf);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_dynbuf;
}
if (ctx != NULL) {
dst_context_destroy(&ctx);
}
- return (ret);
+ return (result);
}
isc_result_t
dns_name_t *keyname = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_stdtime_t now;
- isc_result_t ret;
+ isc_result_t result;
dns_tsigkey_t *tsigkey = NULL;
dst_key_t *key = NULL;
unsigned char header[DNS_MESSAGE_HEADERLEN];
*/
keyname = msg->tsigname;
- ret = dns_rdataset_first(msg->tsig);
- if (ret != ISC_R_SUCCESS) {
- return (ret);
+ result = dns_rdataset_first(msg->tsig);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
}
dns_rdataset_current(msg->tsig, &rdata);
- ret = dns_rdata_tostruct(&rdata, &tsig, NULL);
- if (ret != ISC_R_SUCCESS) {
- return (ret);
+ result = dns_rdata_tostruct(&rdata, &tsig, NULL);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
}
dns_rdata_reset(&rdata);
if (response) {
- ret = dns_rdataset_first(msg->querytsig);
- if (ret != ISC_R_SUCCESS) {
- return (ret);
+ result = dns_rdataset_first(msg->querytsig);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
}
dns_rdataset_current(msg->querytsig, &rdata);
- ret = dns_rdata_tostruct(&rdata, &querytsig, NULL);
- if (ret != ISC_R_SUCCESS) {
- return (ret);
+ result = dns_rdata_tostruct(&rdata, &querytsig, NULL);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
}
}
* Find dns_tsigkey_t based on keyname.
*/
if (tsigkey == NULL) {
- ret = ISC_R_NOTFOUND;
+ result = ISC_R_NOTFOUND;
if (ring1 != NULL) {
- ret = dns_tsigkey_find(&tsigkey, keyname,
- &tsig.algorithm, ring1);
+ result = dns_tsigkey_find(&tsigkey, keyname,
+ &tsig.algorithm, ring1);
}
- if (ret == ISC_R_NOTFOUND && ring2 != NULL) {
- ret = dns_tsigkey_find(&tsigkey, keyname,
- &tsig.algorithm, ring2);
+ if (result == ISC_R_NOTFOUND && ring2 != NULL) {
+ result = dns_tsigkey_find(&tsigkey, keyname,
+ &tsig.algorithm, ring2);
}
- if (ret != ISC_R_SUCCESS) {
+ if (result != ISC_R_SUCCESS) {
msg->tsigstatus = dns_tsigerror_badkey;
- ret = dns_tsigkey_create(
+ result = dns_tsigkey_create(
keyname, dns__tsig_algfromname(&tsig.algorithm),
NULL, 0, mctx, &msg->tsigkey);
- if (ret != ISC_R_SUCCESS) {
- return (ret);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
}
tsig_log(msg->tsigkey, 2, "unknown key");
return (DNS_R_TSIGVERIFYFAILURE);
* Check digest length.
*/
alg = dst_key_alg(key);
- ret = dst_key_sigsize(key, &siglen);
- if (ret != ISC_R_SUCCESS) {
- return (ret);
+ result = dst_key_sigsize(key, &siglen);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
}
if (dns__tsig_algvalid(alg)) {
if (tsig.siglen > siglen) {
sig_r.base = tsig.signature;
sig_r.length = tsig.siglen;
- ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
- false, 0, &ctx);
- if (ret != ISC_R_SUCCESS) {
- return (ret);
+ result = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
+ false, 0, &ctx);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
}
if (response) {
isc_buffer_init(&databuf, data, sizeof(data));
isc_buffer_putuint16(&databuf, querytsig.siglen);
isc_buffer_usedregion(&databuf, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
if (querytsig.siglen > 0) {
r.length = querytsig.siglen;
r.base = querytsig.signature;
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
}
*/
header_r.base = (unsigned char *)header;
header_r.length = DNS_MESSAGE_HEADERLEN;
- ret = dst_context_adddata(ctx, &header_r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &header_r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
isc_buffer_usedregion(source, &source_r);
r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
* Digest the key name.
*/
dns_name_toregion(tsigkey->name, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
isc_buffer_putuint16(&databuf, tsig.common.rdclass);
isc_buffer_putuint32(&databuf, msg->tsig->ttl);
isc_buffer_usedregion(&databuf, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
* Digest the key algorithm.
*/
dns_name_toregion(tsigkey->algorithm, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
isc_buffer_putuint16(&databuf, tsig.error);
isc_buffer_putuint16(&databuf, tsig.otherlen);
isc_buffer_usedregion(&databuf, &r);
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
if (tsig.otherlen > 0) {
r.base = tsig.other;
r.length = tsig.otherlen;
- ret = dst_context_adddata(ctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(ctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
}
- ret = dst_context_verify(ctx, &sig_r);
- if (ret == DST_R_VERIFYFAILURE) {
- ret = DNS_R_TSIGVERIFYFAILURE;
+ result = dst_context_verify(ctx, &sig_r);
+ if (result == DST_R_VERIFYFAILURE) {
+ result = DNS_R_TSIGVERIFYFAILURE;
tsig_log(msg->tsigkey, 2,
"signature failed to verify(1)");
goto cleanup_context;
- } else if (ret != ISC_R_SUCCESS) {
+ } else if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
msg->verified_sig = 1;
if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) {
msg->tsigstatus = dns_tsigerror_badtime;
tsig_log(msg->tsigkey, 2, "signature has expired");
- ret = DNS_R_CLOCKSKEW;
+ result = DNS_R_CLOCKSKEW;
goto cleanup_context;
} else if (now + msg->timeadjust < tsig.timesigned - tsig.fudge) {
msg->tsigstatus = dns_tsigerror_badtime;
tsig_log(msg->tsigkey, 2, "signature is in the future");
- ret = DNS_R_CLOCKSKEW;
+ result = DNS_R_CLOCKSKEW;
goto cleanup_context;
}
msg->tsigstatus = dns_tsigerror_badtrunc;
tsig_log(msg->tsigkey, 2,
"truncated signature length too small");
- ret = DNS_R_TSIGVERIFYFAILURE;
+ result = DNS_R_TSIGVERIFYFAILURE;
goto cleanup_context;
}
if (tsig.siglen > 0 && digestbits == 0 && tsig.siglen < siglen)
{
msg->tsigstatus = dns_tsigerror_badtrunc;
tsig_log(msg->tsigkey, 2, "signature length too small");
- ret = DNS_R_TSIGVERIFYFAILURE;
+ result = DNS_R_TSIGVERIFYFAILURE;
goto cleanup_context;
}
}
if (response && tsig.error != dns_rcode_noerror) {
msg->tsigstatus = tsig.error;
if (tsig.error == dns_tsigerror_badtime) {
- ret = DNS_R_CLOCKSKEW;
+ result = DNS_R_CLOCKSKEW;
} else {
- ret = DNS_R_TSIGERRORSET;
+ result = DNS_R_TSIGERRORSET;
}
goto cleanup_context;
}
msg->tsigstatus = dns_rcode_noerror;
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
cleanup_context:
if (ctx != NULL) {
dst_context_destroy(&ctx);
}
- return (ret);
+ return (result);
}
static isc_result_t
dns_name_t *keyname = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_stdtime_t now;
- isc_result_t ret;
+ isc_result_t result;
dns_tsigkey_t *tsigkey = NULL;
dst_key_t *key = NULL;
unsigned char header[DNS_MESSAGE_HEADERLEN];
/*
* Extract and parse the previous TSIG
*/
- ret = dns_rdataset_first(msg->querytsig);
- if (ret != ISC_R_SUCCESS) {
- return (ret);
+ result = dns_rdataset_first(msg->querytsig);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
}
dns_rdataset_current(msg->querytsig, &rdata);
- ret = dns_rdata_tostruct(&rdata, &querytsig, NULL);
- if (ret != ISC_R_SUCCESS) {
- return (ret);
+ result = dns_rdata_tostruct(&rdata, &querytsig, NULL);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
}
dns_rdata_reset(&rdata);
has_tsig = true;
keyname = msg->tsigname;
- ret = dns_rdataset_first(msg->tsig);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_rdataset_first(msg->tsig);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_querystruct;
}
dns_rdataset_current(msg->tsig, &rdata);
- ret = dns_rdata_tostruct(&rdata, &tsig, NULL);
- if (ret != ISC_R_SUCCESS) {
+ result = dns_rdata_tostruct(&rdata, &tsig, NULL);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_querystruct;
}
!dns_name_equal(&tsig.algorithm, &querytsig.algorithm))
{
msg->tsigstatus = dns_tsigerror_badkey;
- ret = DNS_R_TSIGVERIFYFAILURE;
+ result = DNS_R_TSIGVERIFYFAILURE;
tsig_log(msg->tsigkey, 2,
"key name and algorithm do not match");
goto cleanup_querystruct;
* Check digest length.
*/
alg = dst_key_alg(key);
- ret = dst_key_sigsize(key, &siglen);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_key_sigsize(key, &siglen);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_querystruct;
}
if (dns__tsig_algvalid(alg)) {
if (tsig.siglen > siglen) {
tsig_log(tsigkey, 2,
"signature length too big");
- ret = DNS_R_FORMERR;
+ result = DNS_R_FORMERR;
goto cleanup_querystruct;
}
if (tsig.siglen > 0 &&
{
tsig_log(tsigkey, 2,
"signature length below minimum");
- ret = DNS_R_FORMERR;
+ result = DNS_R_FORMERR;
goto cleanup_querystruct;
}
}
}
if (msg->tsigctx == NULL) {
- ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
- false, 0, &msg->tsigctx);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
+ false, 0, &msg->tsigctx);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_querystruct;
}
isc_buffer_init(&databuf, data, sizeof(data));
isc_buffer_putuint16(&databuf, querytsig.siglen);
isc_buffer_usedregion(&databuf, &r);
- ret = dst_context_adddata(msg->tsigctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(msg->tsigctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
if (querytsig.siglen > 0) {
r.length = querytsig.siglen;
r.base = querytsig.signature;
- ret = dst_context_adddata(msg->tsigctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(msg->tsigctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
}
*/
header_r.base = (unsigned char *)header;
header_r.length = DNS_MESSAGE_HEADERLEN;
- ret = dst_context_adddata(msg->tsigctx, &header_r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(msg->tsigctx, &header_r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
} else {
r.length = source_r.length - DNS_MESSAGE_HEADERLEN;
}
- ret = dst_context_adddata(msg->tsigctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(msg->tsigctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
isc_buffer_putuint48(&databuf, tsig.timesigned);
isc_buffer_putuint16(&databuf, tsig.fudge);
isc_buffer_usedregion(&databuf, &r);
- ret = dst_context_adddata(msg->tsigctx, &r);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_context_adddata(msg->tsigctx, &r);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
if (tsig.error != dns_rcode_noerror) {
msg->tsigstatus = tsig.error;
if (tsig.error == dns_tsigerror_badtime) {
- ret = DNS_R_CLOCKSKEW;
+ result = DNS_R_CLOCKSKEW;
} else {
- ret = DNS_R_TSIGERRORSET;
+ result = DNS_R_TSIGERRORSET;
}
} else {
tsig_log(msg->tsigkey, 2, "signature is empty");
- ret = DNS_R_TSIGVERIFYFAILURE;
+ result = DNS_R_TSIGVERIFYFAILURE;
}
goto cleanup_context;
}
- ret = dst_context_verify(msg->tsigctx, &sig_r);
- if (ret == DST_R_VERIFYFAILURE) {
+ result = dst_context_verify(msg->tsigctx, &sig_r);
+ if (result == DST_R_VERIFYFAILURE) {
tsig_log(msg->tsigkey, 2,
"signature failed to verify(2)");
- ret = DNS_R_TSIGVERIFYFAILURE;
+ result = DNS_R_TSIGVERIFYFAILURE;
goto cleanup_context;
- } else if (ret != ISC_R_SUCCESS) {
+ } else if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
msg->verified_sig = 1;
if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) {
msg->tsigstatus = dns_tsigerror_badtime;
tsig_log(msg->tsigkey, 2, "signature has expired");
- ret = DNS_R_CLOCKSKEW;
+ result = DNS_R_CLOCKSKEW;
goto cleanup_context;
} else if (now + msg->timeadjust < tsig.timesigned - tsig.fudge)
{
msg->tsigstatus = dns_tsigerror_badtime;
tsig_log(msg->tsigkey, 2, "signature is in the future");
- ret = DNS_R_CLOCKSKEW;
+ result = DNS_R_CLOCKSKEW;
goto cleanup_context;
}
alg = dst_key_alg(key);
- ret = dst_key_sigsize(key, &siglen);
- if (ret != ISC_R_SUCCESS) {
+ result = dst_key_sigsize(key, &siglen);
+ if (result != ISC_R_SUCCESS) {
goto cleanup_context;
}
if (dns__tsig_algvalid(alg)) {
tsig_log(msg->tsigkey, 2,
"truncated signature length "
"too small");
- ret = DNS_R_TSIGVERIFYFAILURE;
+ result = DNS_R_TSIGVERIFYFAILURE;
goto cleanup_context;
}
if (tsig.siglen > 0 && digestbits == 0 &&
msg->tsigstatus = dns_tsigerror_badtrunc;
tsig_log(msg->tsigkey, 2,
"signature length too small");
- ret = DNS_R_TSIGVERIFYFAILURE;
+ result = DNS_R_TSIGVERIFYFAILURE;
goto cleanup_context;
}
}
if (tsig.error != dns_rcode_noerror) {
msg->tsigstatus = tsig.error;
if (tsig.error == dns_tsigerror_badtime) {
- ret = DNS_R_CLOCKSKEW;
+ result = DNS_R_CLOCKSKEW;
} else {
- ret = DNS_R_TSIGERRORSET;
+ result = DNS_R_TSIGERRORSET;
}
goto cleanup_context;
}
}
msg->tsigstatus = dns_rcode_noerror;
- ret = ISC_R_SUCCESS;
+ result = ISC_R_SUCCESS;
cleanup_context:
/*
* for unsigned messages; it is a running sum till the next
* TSIG signed message.
*/
- if ((ret != ISC_R_SUCCESS || has_tsig) && msg->tsigctx != NULL) {
+ if ((result != ISC_R_SUCCESS || has_tsig) && msg->tsigctx != NULL) {
dst_context_destroy(&msg->tsigctx);
}
cleanup_querystruct:
dns_rdata_freestruct(&querytsig);
- return (ret);
+ return (result);
}
isc_result_t
projects / thirdparty / bind9.git / commitdiff
