#define FLG_WILDCARD_EXPANSION 0x01 /**< Possibly generated by using wildcard expansion. */
+/** Return t1 <= t2 in 32-bit serial arithmetic (RFC 1982) */
+static inline bool serial_ordered(uint32_t t1, uint32_t t2)
+{
+ return (int32_t)(t2 - t1) >= 0;
+}
+
/**
* Check the RRSIG RR validity according to RFC4035 5.3.1 .
* @param flags The flags are going to be set according to validation result.
if (kr_fails_assert(flags && rrsigs && vctx && vctx->zone_name)) {
return kr_error(EINVAL);
}
- /* bullet 5 */
- if (knot_rrsig_sig_expiration(rrsigs) < vctx->timestamp) {
+ /* bullet 5; also https://www.rfc-editor.org/rfc/rfc4034.html#section-3.1.5 */
+ if (!serial_ordered(vctx->timestamp, knot_rrsig_sig_expiration(rrsigs))) {
vctx->rrs_counters.expired++;
return kr_error(EINVAL);
}
/* bullet 6 */
- if (knot_rrsig_sig_inception(rrsigs) > vctx->timestamp) {
+ if (!serial_ordered(knot_rrsig_sig_inception(rrsigs), vctx->timestamp)) {
vctx->rrs_counters.notyet++;
return kr_error(EINVAL);
}