upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 02:39:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

[9.18] fix: dev: standardize CHECK and RETERR macros

Browse source 
previously, there were over 40 separate definitions of CHECK macros, of which most used "goto cleanup", and the rest "goto failure" or "goto out". there were another 10 definitions of RETERR, of which most were identical to CHECK, but some simply returned a result code instead of jumping to a cleanup label.

this has now been standardized throughout the code base: RETERR is for returning an error code in the case of an error, and CHECK is for jumping to a cleanup tag, which is now always called "cleanup". both macros are defined in isc/util.h.

Backport of MR !10472

Merge branch 'each-check-and-cleanup-9.18' into 'bind-9.18'

See merge request isc-projects/bind9!11080
This commit is contained in:
Evan Hunt 2025-12-04 23:07:07 +00:00
commit 83163f39d5
65 changed files with 1116 additions and 1921 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bin/check/check-tool.c
View file

@ -58,13 +58,6 @@
#define CHECK_LOCAL 1
#endif /* ifndef CHECK_LOCAL */
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define ERR_IS_CNAME 1
#define ERR_NO_ADDRESSES 2
#define ERR_LOOKUP_FAILURE 3

7
bin/check/named-checkconf.c
View file

@ -50,13 +50,6 @@ static bool loadplugins = true;
isc_log_t *logc = NULL;
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*% usage */
noreturn static void
usage(void);

7
bin/delv/delv.c
View file

@ -67,13 +67,6 @@
#include <irs/resconf.h>
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define MAXNAME (DNS_NAME_MAXTEXT + 1)
/*

8
bin/named/controlconf.c
View file

@ -801,14 +801,6 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
}
}
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
static isc_result_t
get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
isc_result_t result;

7
bin/named/logconf.c
View file

@ -31,13 +31,6 @@
#include <named/log.h>
#include <named/logconf.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*%
* Set up a logging category according to the named.conf data
* in 'ccat' and add it to 'logconfig'.

7
bin/named/server.c
View file

@ -172,13 +172,6 @@
* Check an operation for failure. Assumes that the function
* using it has a 'result' variable and a 'cleanup' label.
*/
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define TCHECK(op) \
do { \
tresult = (op); \

8
bin/named/statschannel.c
View file

@ -62,14 +62,6 @@
#define STATS_JSON_VERSION_MINOR "7"
#define STATS_JSON_VERSION STATS_JSON_VERSION_MAJOR "." STATS_JSON_VERSION_MINOR
#define CHECK(m) \
do { \
result = (m); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
struct named_statschannel {
/* Unlocked */
isc_httpdmgr_t *httpdmgr;

23
bin/named/tkeyconf.c
View file

@ -28,16 +28,8 @@
#include <isccfg/cfg.h>
#include <named/tkeyconf.h>
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#include <named/log.h>
#include <named/tkeyconf.h>
#define LOG(msg) \
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, \
NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, "%s", msg)
@ -47,12 +39,12 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
dns_tkeyctx_t **tctxp) {
isc_result_t result;
dns_tkeyctx_t *tctx = NULL;
const char *s;
const char *s = NULL;
uint32_t n;
dns_fixedname_t fname;
dns_name_t *name;
dns_name_t *name = NULL;
isc_buffer_t b;
const cfg_obj_t *obj;
const cfg_obj_t *obj = NULL;
int type;
result = dns_tkeyctx_create(mctx, &tctx);
@ -60,7 +52,6 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
return result;
}
obj = NULL;
result = cfg_map_get(options, "tkey-dhkey", &obj);
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
@ -95,8 +86,8 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
name = dns_fixedname_initname(&fname);
RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
RETERR(dst_gssapi_acquirecred(name, false, &tctx->gsscred));
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
CHECK(dst_gssapi_acquirecred(name, false, &tctx->gsscred));
}
obj = NULL;
@ -109,7 +100,7 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
*tctxp = tctx;
return ISC_R_SUCCESS;
failure:
cleanup:
dns_tkeyctx_destroy(&tctx);
return result;
}

5
bin/named/transportconf.c
View file

@ -190,11 +190,6 @@ failure:
return result;
}
#define CHECK(f) \
if ((result = f) != ISC_R_SUCCESS) { \
goto failure; \
}
static isc_result_t
transport_list_fromconfig(const cfg_obj_t *config, dns_transport_list_t *list) {
const cfg_obj_t *obj = NULL;

14
bin/named/zoneconf.c
View file

@ -62,20 +62,6 @@ typedef enum {
allow_update_forwarding
} acl_type_t;
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*%
* Convenience function for configuring a single zone ACL.
*/

8
bin/plugins/filter-a.c
View file

@ -48,14 +48,6 @@
#include <ns/query.h>
#include <ns/types.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Possible values for the settings of filter-a-on-v6 and
* filter-a-on-v4: "no" is NONE, "yes" is FILTER, "break-dnssec"

8
bin/plugins/filter-aaaa.c
View file

@ -48,14 +48,6 @@
#include <ns/query.h>
#include <ns/types.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Possible values for the settings of filter-aaaa-on-v4 and
* filter-aaaa-on-v6: "no" is NONE, "yes" is FILTER, "break-dnssec"

15
bin/tests/system/dlzexternal/driver/driver.c
View file

@ -49,13 +49,6 @@ dlz_dlopen_addrdataset_t dlz_addrdataset;
dlz_dlopen_subrdataset_t dlz_subrdataset;
dlz_dlopen_delrdataset_t dlz_delrdataset;
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define loginfo(...) \
({ \
if ((state != NULL) && (state->log != NULL)) \
@ -258,7 +251,6 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
const char *helper_name;
va_list ap;
char soa_data[sizeof("@ hostmaster.root 123 900 600 86400 3600")];
isc_result_t result;
size_t n;
UNUSED(dlzname);
@ -306,7 +298,8 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
}
if (n >= sizeof(soa_data)) {
CHECK(ISC_R_NOSPACE);
free(state);
return ISC_R_NOSPACE;
}
add_name(state, &state->current[0], state->zone_name, "soa", 3600,
@ -320,10 +313,6 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
*dbdata = state;
return ISC_R_SUCCESS;
failure:
free(state);
return result;
}
/*

13
bin/tests/system/dyndb/driver/util.h
View file

@ -39,19 +39,6 @@
#include "log.h"
#define CLEANUP_WITH(result_code) \
do { \
result = (result_code); \
goto cleanup; \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define CHECKED_MEM_GET(m, target_ptr, s) \
do { \
(target_ptr) = isc_mem_get((m), (s)); \

11
bin/tests/system/dyndb/driver/zone.c
View file

@ -142,8 +142,8 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
/* Return success if the zone is already in the view as expected. */
result = dns_view_findzone(inst->view, dns_zone_getorigin(zone),
&zone_in_view);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto cleanup;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
view_in_zone = dns_zone_getview(zone);
@ -151,7 +151,8 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
/* Zone has a view set -> view should contain the same zone. */
if (zone_in_view == zone) {
/* Zone is already published in the right view. */
CLEANUP_WITH(ISC_R_SUCCESS);
result = ISC_R_SUCCESS;
goto cleanup;
} else if (view_in_zone != inst->view) {
/*
* Un-published inactive zone will have
@ -161,7 +162,7 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
dns_zone_log(zone, ISC_LOG_ERROR,
"zone->view doesn't "
"match data in the view");
CLEANUP_WITH(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
}
@ -169,7 +170,7 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) {
dns_zone_log(zone, ISC_LOG_ERROR,
"cannot publish zone: view already "
"contains another zone with this name");
CLEANUP_WITH(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
run_exclusive_enter(inst, &lock_state);

8
bin/tests/system/hooks/driver/test-async.c
View file

@ -36,14 +36,6 @@
#include <ns/query.h>
#include <ns/types.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Persistent data for use by this module. This will be associated
* with client object address in the hash table, and will remain

18
bin/tests/system/pipelined/pipequeries.c
View file

@ -45,7 +45,7 @@
#include <dns/types.h>
#include <dns/view.h>
#define CHECK(str, x) \
#define CHECKM(str, x) \
{ \
if ((x) != ISC_R_SUCCESS) { \
fprintf(stderr, "I:%s: %s\n", (str), \
@ -91,7 +91,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) {
result = dns_request_getresponse(reqev->request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
CHECK("dns_request_getresponse", result);
CHECKM("dns_request_getresponse", result);
if (response->rcode != dns_rcode_noerror) {
result = dns_result_fromrcode(response->rcode);
@ -108,7 +108,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) {
result = dns_message_sectiontotext(
response, DNS_SECTION_ANSWER, &dns_master_style_simple,
DNS_MESSAGETEXTFLAG_NOCOMMENTS, &outbuf);
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
printf("%.*s", (int)isc_buffer_usedlength(&outbuf),
(char *)isc_buffer_base(&outbuf));
fflush(stdout);
@ -148,7 +148,7 @@ sendquery(isc_task_t *task) {
isc_buffer_add(&buf, strlen(host));
result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
dns_rootname, 0, NULL);
CHECK("dns_name_fromtext", result);
CHECKM("dns_name_fromtext", result);
dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &message);
@ -158,10 +158,10 @@ sendquery(isc_task_t *task) {
message->id = (unsigned short)(random() & 0xFFFF);
result = dns_message_gettempname(message, &qname);
CHECK("dns_message_gettempname", result);
CHECKM("dns_message_gettempname", result);
result = dns_message_gettemprdataset(message, &qrdataset);
CHECK("dns_message_gettemprdataset", result);
CHECKM("dns_message_gettemprdataset", result);
dns_name_clone(dns_fixedname_name(&queryname), qname);
dns_rdataset_makequestion(qrdataset, dns_rdataclass_in,
@ -173,7 +173,7 @@ sendquery(isc_task_t *task) {
have_src ? &srcaddr : NULL, &dstaddr,
DNS_REQUESTOPT_TCP, NULL, TIMEOUT, 0, 0,
task, recvresponse, message, &request);
CHECK("dns_request_create", result);
CHECKM("dns_request_create", result);
return ISC_R_SUCCESS;
}
@ -248,13 +248,13 @@ main(int argc, char *argv[]) {
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.7", &inaddr) != 1) {
CHECK("inet_pton", result);
CHECKM("inet_pton", result);
}
isc_sockaddr_fromin(&srcaddr, &inaddr, 0);
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.4", &inaddr) != 1) {
CHECK("inet_pton", result);
CHECKM("inet_pton", result);
}
isc_sockaddr_fromin(&dstaddr, &inaddr, port);

24
bin/tests/system/rsabigexponent/bigkey.c
View file

@ -58,7 +58,7 @@ RSA *rsa;
BIGNUM *e;
EVP_PKEY *pkey;
#define CHECK(op, msg) \
#define CHECKM(op, msg) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
@ -127,22 +127,20 @@ main(int argc, char **argv) {
name = dns_fixedname_initname(&fname);
isc_buffer_constinit(&buf, "example.", strlen("example."));
isc_buffer_add(&buf, strlen("example."));
CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL), "dns_name_"
"fromtext("
"\"example."
"\")");
CHECKM(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL),
"dns_name_fromtext(\"example.\")");
CHECK(dst_key_buildinternal(name, DNS_KEYALG_RSASHA256, bits,
DNS_KEYOWNER_ZONE, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, pkey, mctx, &key),
"dst_key_buildinternal(...)");
CHECKM(dst_key_buildinternal(name, DNS_KEYALG_RSASHA256, bits,
DNS_KEYOWNER_ZONE, DNS_KEYPROTO_DNSSEC,
dns_rdataclass_in, pkey, mctx, &key),
"dst_key_buildinternal(...)");
CHECK(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
"dst_key_tofile()");
CHECKM(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
"dst_key_tofile()");
isc_buffer_init(&buf, filename, sizeof(filename) - 1);
isc_buffer_clear(&buf);
CHECK(dst_key_buildfilename(key, 0, NULL, &buf), "dst_key_"
"buildfilename()");
CHECKM(dst_key_buildfilename(key, 0, NULL, &buf),
"dst_key_buildfilename()");
printf("%s\n", filename);
dst_key_free(&key);

26
bin/tests/system/tkey/keycreate.c
View file

@ -40,7 +40,7 @@
#include <dns/tsig.h>
#include <dns/view.h>
#define CHECK(str, x) \
#define CHECKM(str, x) \
{ \
if ((x) != ISC_R_SUCCESS) { \
fprintf(stderr, "I:%s: %s\n", (str), \
@ -90,7 +90,7 @@ recvquery(isc_task_t *task, isc_event_t *event) {
result = dns_request_getresponse(reqev->request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
CHECK("dns_request_getresponse", result);
CHECKM("dns_request_getresponse", result);
if (response->rcode != dns_rcode_noerror) {
result = dns_result_fromrcode(response->rcode);
@ -101,19 +101,19 @@ recvquery(isc_task_t *task, isc_event_t *event) {
result = dns_tkey_processdhresponse(query, response, ourkey, &nonce,
&tsigkey, ring);
CHECK("dns_tkey_processdhresponse", result);
CHECKM("dns_tkey_processdhresponse", result);
/*
* Yes, this is a hack.
*/
isc_buffer_init(&keynamebuf, keyname, sizeof(keyname));
result = dst_key_buildfilename(tsigkey->key, 0, "", &keynamebuf);
CHECK("dst_key_buildfilename", result);
CHECKM("dst_key_buildfilename", result);
printf("%.*s\n", (int)isc_buffer_usedlength(&keynamebuf),
(char *)isc_buffer_base(&keynamebuf));
type = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_KEY;
result = dst_key_tofile(tsigkey->key, type, "");
CHECK("dst_key_tofile", result);
CHECKM("dst_key_tofile", result);
dns_message_detach(&query);
dns_message_detach(&response);
@ -141,7 +141,7 @@ sendquery(isc_task_t *task, isc_event_t *event) {
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, ip_address, &inaddr) != 1) {
CHECK("inet_pton", result);
CHECKM("inet_pton", result);
}
isc_sockaddr_fromin(&address, &inaddr, port);
@ -150,18 +150,18 @@ sendquery(isc_task_t *task, isc_event_t *event) {
isc_buffer_add(&namestr, 9);
result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr, NULL,
0, NULL);
CHECK("dns_name_fromtext", result);
CHECKM("dns_name_fromtext", result);
dns_fixedname_init(&ownername);
isc_buffer_constinit(&namestr, ownername_str, strlen(ownername_str));
isc_buffer_add(&namestr, strlen(ownername_str));
result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr,
NULL, 0, NULL);
CHECK("dns_name_fromtext", result);
CHECKM("dns_name_fromtext", result);
isc_buffer_init(&keybuf, keydata, 9);
result = isc_base64_decodestring(keystr, &keybuf);
CHECK("isc_base64_decodestring", result);
CHECKM("isc_base64_decodestring", result);
isc_buffer_usedregion(&keybuf, &r);
@ -169,19 +169,19 @@ sendquery(isc_task_t *task, isc_event_t *event) {
dns_fixedname_name(&keyname), DNS_TSIG_HMACMD5_NAME,
isc_buffer_base(&keybuf), isc_buffer_usedlength(&keybuf), false,
NULL, 0, 0, mctx, ring, &initialkey);
CHECK("dns_tsigkey_create", result);
CHECKM("dns_tsigkey_create", result);
dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
result = dns_tkey_builddhquery(query, ourkey,
dns_fixedname_name(&ownername),
DNS_TSIG_HMACMD5_NAME, &nonce, 3600);
CHECK("dns_tkey_builddhquery", result);
CHECKM("dns_tkey_builddhquery", result);
result = dns_request_create(requestmgr, query, NULL, &address,
DNS_REQUESTOPT_TCP, initialkey, TIMEOUT, 0,
0, task, recvquery, query, &request);
CHECK("dns_request_create", result);
CHECKM("dns_request_create", result);
}
int
@ -242,7 +242,7 @@ main(int argc, char *argv[]) {
type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY;
result = dst_key_fromnamedfile(ourkeyname, NULL, type, mctx, &ourkey);
CHECK("dst_key_fromnamedfile", result);
CHECKM("dst_key_fromnamedfile", result);
isc_buffer_init(&nonce, noncedata, sizeof(noncedata));
isc_nonce_buf(noncedata, sizeof(noncedata));

16
bin/tests/system/tkey/keydelete.c
View file

@ -39,7 +39,7 @@
#include <dns/tsig.h>
#include <dns/view.h>
#define CHECK(str, x) \
#define CHECKM(str, x) \
{ \
if ((x) != ISC_R_SUCCESS) { \
fprintf(stderr, "I:%s: %s\n", (str), \
@ -81,7 +81,7 @@ recvquery(isc_task_t *task, isc_event_t *event) {
result = dns_request_getresponse(reqev->request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
CHECK("dns_request_getresponse", result);
CHECKM("dns_request_getresponse", result);
if (response->rcode != dns_rcode_noerror) {
result = dns_result_fromrcode(response->rcode);
@ -91,7 +91,7 @@ recvquery(isc_task_t *task, isc_event_t *event) {
}
result = dns_tkey_processdeleteresponse(query, response, ring);
CHECK("dns_tkey_processdhresponse", result);
CHECKM("dns_tkey_processdhresponse", result);
dns_message_detach(&query);
dns_message_detach(&response);
@ -113,19 +113,19 @@ sendquery(isc_task_t *task, isc_event_t *event) {
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, ip_address, &inaddr) != 1) {
CHECK("inet_pton", result);
CHECKM("inet_pton", result);
}
isc_sockaddr_fromin(&address, &inaddr, port);
dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
result = dns_tkey_builddeletequery(query, tsigkey);
CHECK("dns_tkey_builddeletequery", result);
CHECKM("dns_tkey_builddeletequery", result);
result = dns_request_create(requestmgr, query, NULL, &address,
DNS_REQUESTOPT_TCP, tsigkey, TIMEOUT, 0, 0,
task, recvquery, query, &request);
CHECK("dns_request_create", result);
CHECKM("dns_request_create", result);
}
int
@ -184,12 +184,12 @@ main(int argc, char **argv) {
type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY;
result = dst_key_fromnamedfile(keyname, NULL, type, mctx, &dstkey);
CHECK("dst_key_fromnamedfile", result);
CHECKM("dst_key_fromnamedfile", result);
result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
DNS_TSIG_HMACMD5_NAME, dstkey, true,
NULL, 0, 0, mctx, ring, &tsigkey);
dst_key_free(&dstkey);
CHECK("dns_tsigkey_createfromkey", result);
CHECKM("dns_tsigkey_createfromkey", result);
(void)isc_app_run();

86
bin/tools/mdig.c
View file

@ -56,7 +56,7 @@
#include <bind9/getaddresses.h>
#define CHECK(str, x) \
#define CHECKM(str, x) \
{ \
if ((x) != ISC_R_SUCCESS) { \
fprintf(stderr, "mdig: %s failed with %s\n", (str), \
@ -222,7 +222,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) {
msgbuf = dns_request_getanswer(reqev->request);
result = dns_request_getresponse(reqev->request, response, parseflags);
CHECK("dns_request_getresponse", result);
CHECKM("dns_request_getresponse", result);
styleflags |= DNS_STYLEFLAG_REL_OWNER;
if (yaml) {
@ -278,7 +278,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) {
48, 80, 8, display_splitwidth,
mctx);
}
CHECK("dns_master_stylecreate2", result);
CHECKM("dns_master_stylecreate2", result);
flags = 0;
if (!display_headers) {
@ -342,7 +342,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) {
printf(" %s:\n", "response_message_data");
result = dns_message_headertotext(response, style, flags, buf);
CHECK("dns_message_headertotext", result);
CHECKM("dns_message_headertotext", result);
} else if (display_comments && !display_short_form) {
printf(";; Got answer:\n");
@ -405,7 +405,7 @@ repopulate_buffer:
isc_buffer_allocate(mctx, &buf, len);
goto repopulate_buffer;
}
CHECK("dns_message_pseudosectiontotext", result);
CHECKM("dns_message_pseudosectiontotext", result);
}
if (display_question && display_headers && !display_short_form) {
@ -414,7 +414,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
}
if (display_answer && !display_short_form) {
@ -423,7 +423,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
} else if (display_answer) {
dns_name_t *name;
dns_rdataset_t *rdataset;
@ -442,14 +442,14 @@ repopulate_buffer:
dns_name_init(&empty_name, NULL);
result = dns_message_firstname(response, DNS_SECTION_ANSWER);
if (result != ISC_R_NOMORE) {
CHECK("dns_message_firstname", result);
CHECKM("dns_message_firstname", result);
}
for (;;) {
if (result == ISC_R_NOMORE) {
break;
}
CHECK("dns_message_nextname", result);
CHECKM("dns_message_nextname", result);
name = NULL;
dns_message_currentname(response, DNS_SECTION_ANSWER,
&name);
@ -467,7 +467,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_rdata_tofmttext", result);
CHECKM("dns_rdata_tofmttext", result);
loopresult =
dns_rdataset_next(rdataset);
dns_rdata_reset(&rdata);
@ -490,7 +490,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
}
if (display_additional && !display_short_form) {
@ -499,7 +499,7 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_sectiontotext", result);
CHECKM("dns_message_sectiontotext", result);
}
if (display_additional && !display_short_form && display_headers) {
@ -511,13 +511,13 @@ repopulate_buffer:
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_pseudosectiontotext", result);
CHECKM("dns_message_pseudosectiontotext", result);
result = dns_message_pseudosectiontotext(
response, DNS_PSEUDOSECTION_SIG0, style, flags, buf);
if (result == ISC_R_NOSPACE) {
goto buftoosmall;
}
CHECK("dns_message_pseudosectiontotext", result);
CHECKM("dns_message_pseudosectiontotext", result);
}
if (display_headers && display_comments && !display_short_form && !yaml)
@ -562,9 +562,9 @@ add_opt(dns_message_t *msg, uint16_t udpsize, uint16_t edns, unsigned int flags,
result = dns_message_buildopt(msg, &rdataset, edns, udpsize, flags,
opts, count);
CHECK("dns_message_buildopt", result);
CHECKM("dns_message_buildopt", result);
result = dns_message_setopt(msg, rdataset);
CHECK("dns_message_setopt", result);
CHECKM("dns_message_setopt", result);
}
static void
@ -592,7 +592,7 @@ sendquery(struct query *query, isc_task_t *task) {
isc_buffer_add(&buf, strlen(query->textname));
result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
dns_rootname, 0, NULL);
CHECK("dns_name_fromtext", result);
CHECKM("dns_name_fromtext", result);
dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &message);
@ -616,10 +616,10 @@ sendquery(struct query *query, isc_task_t *task) {
message->id = (unsigned short)(random() & 0xFFFF);
result = dns_message_gettempname(message, &qname);
CHECK("dns_message_gettempname", result);
CHECKM("dns_message_gettempname", result);
result = dns_message_gettemprdataset(message, &qrdataset);
CHECK("dns_message_gettemprdataset", result);
CHECKM("dns_message_gettemprdataset", result);
dns_name_clone(dns_fixedname_name(&queryname), qname);
dns_rdataset_makequestion(qrdataset, query->rdclass, query->rdtype);
@ -668,7 +668,7 @@ sendquery(struct query *query, isc_task_t *task) {
INSIST(i < DNS_EDNSOPTIONS);
opts[i].code = DNS_OPT_CLIENT_SUBNET;
opts[i].length = (uint16_t)addrl + 4;
CHECK("isc_buffer_allocate", result);
CHECKM("isc_buffer_allocate", result);
isc_buffer_init(&b, ecsbuf, sizeof(ecsbuf));
if (sa->sa_family == AF_INET) {
family = 1;
@ -713,7 +713,7 @@ sendquery(struct query *query, isc_task_t *task) {
isc_buffer_init(&b, cookie, sizeof(cookie));
result = isc_hex_decodestring(query->cookie,
&b);
CHECK("isc_hex_decodestring", result);
CHECKM("isc_hex_decodestring", result);
opts[i].value = isc_buffer_base(&b);
opts[i].length = isc_buffer_usedlength(&b);
} else {
@ -756,7 +756,7 @@ sendquery(struct query *query, isc_task_t *task) {
requestmgr, message, have_src ? &srcaddr : NULL, &dstaddr,
options, NULL, query->timeout, query->udptimeout,
query->udpretries, task, recvresponse, message, &request);
CHECK("dns_request_create", result);
CHECKM("dns_request_create", result);
return ISC_R_SUCCESS;
}
@ -973,7 +973,7 @@ save_opt(struct query *query, char *code, char *value) {
buf = isc_mem_allocate(mctx, strlen(value) / 2 + 1);
isc_buffer_init(&b, buf, strlen(value) / 2 + 1);
result = isc_hex_decodestring(value, &b);
CHECK("isc_hex_decodestring", result);
CHECKM("isc_hex_decodestring", result);
query->ednsopts[query->ednsoptscnt].value = isc_buffer_base(&b);
query->ednsopts[query->ednsoptscnt].length =
isc_buffer_usedlength(&b);
@ -1070,9 +1070,9 @@ reverse_octets(const char *in, char **p, char *end) {
if (dot != NULL) {
isc_result_t result;
result = reverse_octets(dot + 1, p, end);
CHECK("reverse_octets", result);
CHECKM("reverse_octets", result);
result = append(".", 1, p, end);
CHECK("append", result);
CHECKM("append", result);
len = (int)(dot - in);
} else {
len = strlen(in);
@ -1096,7 +1096,7 @@ get_reverse(char *reverse, size_t len, const char *value) {
name = dns_fixedname_initname(&fname);
result = dns_byaddr_createptrname(&addr, options, name);
CHECK("dns_byaddr_createptrname2", result);
CHECKM("dns_byaddr_createptrname2", result);
dns_name_format(name, reverse, (unsigned int)len);
return;
} else {
@ -1110,10 +1110,10 @@ get_reverse(char *reverse, size_t len, const char *value) {
char *p = reverse;
char *end = reverse + len;
result = reverse_octets(value, &p, end);
CHECK("reverse_octets", result);
CHECKM("reverse_octets", result);
/* Append .in-addr.arpa. and a terminating NUL. */
result = append(".in-addr.arpa.", 15, &p, end);
CHECK("append", result);
CHECKM("append", result);
return;
}
}
@ -1230,7 +1230,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&num, value, COMMSIZE,
"buffer size");
CHECK("parse_uint(buffer size)", result);
CHECKM("parse_uint(buffer size)", result);
query->udpsize = num;
break;
case 'r': /* burst */
@ -1346,8 +1346,8 @@ plus_option(char *option, struct query *query, bool global) {
result = parse_uint(&num, value,
255,
"edns");
CHECK("parse_uint(edns)",
result);
CHECKM("parse_uint(edns)",
result);
query->edns = num;
break;
case 'f':
@ -1363,8 +1363,8 @@ plus_option(char *option, struct query *query, bool global) {
result = parse_xint(
&num, value, 0xffff,
"ednsflags");
CHECK("parse_xint(ednsflags)",
result);
CHECKM("parse_xint(ednsflags)",
result);
if (query->edns == -1) {
query->edns = 1;
}
@ -1446,7 +1446,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->udpretries, value,
MAXTRIES - 1, "udpretries");
CHECK("parse_uint(udpretries)", result);
CHECKM("parse_uint(udpretries)", result);
break;
default:
goto invalid_option;
@ -1510,7 +1510,7 @@ plus_option(char *option, struct query *query, bool global) {
if (display_splitwidth) {
display_splitwidth += 3;
}
CHECK("parse_uint(split)", result);
CHECKM("parse_uint(split)", result);
break;
case 'u': /* subnet */
FULLCHECK("subnet");
@ -1528,7 +1528,7 @@ plus_option(char *option, struct query *query, bool global) {
query->edns = 0;
}
result = parse_netprefix(&query->ecs_addr, value);
CHECK("parse_netprefix", result);
CHECKM("parse_netprefix", result);
break;
default:
goto invalid_option;
@ -1551,7 +1551,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->timeout, value, MAXTIMEOUT,
"timeout");
CHECK("parse_uint(timeout)", result);
CHECKM("parse_uint(timeout)", result);
if (query->timeout == 0) {
query->timeout = 1;
}
@ -1566,7 +1566,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->udpretries, value, MAXTRIES,
"udpretries");
CHECK("parse_uint(udpretries)", result);
CHECKM("parse_uint(udpretries)", result);
if (query->udpretries > 0) {
query->udpretries -= 1;
}
@ -1611,7 +1611,7 @@ plus_option(char *option, struct query *query, bool global) {
}
result = parse_uint(&query->udptimeout, value,
MAXTIMEOUT, "udptimeout");
CHECK("parse_uint(udptimeout)", result);
CHECKM("parse_uint(udptimeout)", result);
break;
case 'n':
FULLCHECK("unknownformat");
@ -1742,7 +1742,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
if (hash != NULL) {
result = parse_uint(&num, hash + 1, MAXPORT,
"port number");
CHECK("parse_uint(srcport)", result);
CHECKM("parse_uint(srcport)", result);
srcport = num;
*hash = '\0';
} else {
@ -1770,7 +1770,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
tr.length = strlen(value);
result = dns_rdataclass_fromtext(&rdclass,
(isc_textregion_t *)&tr);
CHECK("dns_rdataclass_fromtext", result);
CHECKM("dns_rdataclass_fromtext", result);
query->rdclass = rdclass;
return value_from_next;
case 'f':
@ -1779,7 +1779,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
case 'p':
GLOBAL();
result = parse_uint(&num, value, MAXPORT, "port number");
CHECK("parse_uint(port)", result);
CHECKM("parse_uint(port)", result);
port = num;
return value_from_next;
case 't':
@ -1787,7 +1787,7 @@ dash_option(const char *option, char *next, struct query *query, bool global,
tr.length = strlen(value);
result = dns_rdatatype_fromtext(&rdtype,
(isc_textregion_t *)&tr);
CHECK("dns_rdatatype_fromtext", result);
CHECKM("dns_rdatatype_fromtext", result);
query->rdtype = rdtype;
return value_from_next;
case 'x':

3
fuzz/dns_rdata_fromwire_text.c
View file

@ -47,7 +47,7 @@ LLVMFuzzerInitialize(int *argc __attribute__((unused)),
isc_lexspecials_t specials;
isc_mem_create(&mctx);
CHECK(isc_lex_create(mctx, 64, &lex));
RETERR(isc_lex_create(mctx, 64, &lex));
memset(specials, 0, sizeof(specials));
specials[0] = 1;
@ -215,5 +215,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
assert(target.used == size);
assert(!memcmp(target.base, data, size));
cleanup:
return 0;
}

5
fuzz/fuzz.h
View file

@ -37,9 +37,4 @@ LLVMFuzzerInitialize(int *argc __attribute__((unused)),
int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
#define CHECK(x) \
if ((x) != ISC_R_SUCCESS) { \
return 0; \
}
ISC_LANG_ENDDECLS

1
fuzz/isc_lex_getmastertoken.c
View file

@ -77,5 +77,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
result = isc_lex_getmastertoken(lex, &token, expect, eol);
} while (result == ISC_R_SUCCESS && token.type != isc_tokentype_eof);
cleanup:
return 0;
}

1
fuzz/isc_lex_gettoken.c
View file

@ -55,5 +55,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
result = isc_lex_gettoken(lex, 0, &token);
} while (result == ISC_R_SUCCESS);
cleanup:
return 0;
}

7
lib/dns/client.c
View file

@ -60,13 +60,6 @@
#define UCTX_MAGIC ISC_MAGIC('U', 'c', 't', 'x')
#define UCTX_VALID(c) ISC_MAGIC_VALID(c, UCTX_MAGIC)
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*%
* DNS client object
*/

11
lib/dns/diff.c
View file

@ -35,13 +35,6 @@
#include <dns/rdatatype.h>
#include <dns/time.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define DIFF_COMMON_LOGARGS \
dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_DIFF
@ -486,7 +479,7 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, bool warn) {
}
return ISC_R_SUCCESS;
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -569,7 +562,7 @@ dns_diff_load(dns_diff_t *diff, dns_addrdatasetfunc_t addfunc,
}
}
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}

253
lib/dns/dnssec.c
View file

@ -46,13 +46,6 @@ isc_stats_t *dns_dnssec_stats;
#define is_response(msg) ((msg->flags & DNS_MESSAGEFLAG_QR) != 0)
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define TYPE_SIGN 0
#define TYPE_VERIFY 1
@ -752,13 +745,13 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node,
*nkeys = 0;
memset(keys, 0, sizeof(*keys) * maxkeys);
dns_rdataset_init(&rdataset);
RETERR(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0,
&rdataset, NULL));
RETERR(dns_rdataset_first(&rdataset));
CHECK(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0,
&rdataset, NULL));
CHECK(dns_rdataset_first(&rdataset));
while (result == ISC_R_SUCCESS && count < maxkeys) {
pubkey = NULL;
dns_rdataset_current(&rdataset, &rdata);
RETERR(dns_dnssec_keyfromrdata(name, &rdata, mctx, &pubkey));
CHECK(dns_dnssec_keyfromrdata(name, &rdata, mctx, &pubkey));
dst_key_setttl(pubkey, rdataset.ttl);
if (!is_zone_key(pubkey) ||
@ -845,9 +838,7 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node,
goto next;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* If a key is marked inactive, skip it
@ -881,7 +872,7 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node,
result = dns_rdataset_next(&rdataset);
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
if (count == 0) {
result = ISC_R_NOTFOUND;
@ -889,7 +880,7 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node,
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -961,25 +952,25 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init(&databuf, data, sizeof(data));
RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0,
&ctx));
CHECK(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0,
&ctx));
/*
* Digest the fields of the SIG - we can cheat and use
* dns_rdata_fromstruct. Since siglen is 0, the digested data
* is identical to dns format.
*/
RETERR(dns_rdata_fromstruct(NULL, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
&databuf));
CHECK(dns_rdata_fromstruct(NULL, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
&databuf));
isc_buffer_usedregion(&databuf, &r);
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
/*
* If this is a response, digest the query.
*/
if (is_response(msg)) {
RETERR(dst_context_adddata(ctx, &msg->query));
CHECK(dst_context_adddata(ctx, &msg->query));
}
/*
@ -988,48 +979,48 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init(&headerbuf, header, sizeof(header));
dns_message_renderheader(msg, &headerbuf);
isc_buffer_usedregion(&headerbuf, &r);
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
/*
* Digest the remainder of the message.
*/
isc_buffer_usedregion(msg->buffer, &r);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
RETERR(dst_key_sigsize(key, &sigsize));
CHECK(dst_key_sigsize(key, &sigsize));
sig.siglen = sigsize;
sig.signature = isc_mem_get(mctx, sig.siglen);
isc_buffer_init(&sigbuf, sig.signature, sig.siglen);
RETERR(dst_context_sign(ctx, &sigbuf));
CHECK(dst_context_sign(ctx, &sigbuf));
dst_context_destroy(&ctx);
rdata = NULL;
RETERR(dns_message_gettemprdata(msg, &rdata));
CHECK(dns_message_gettemprdata(msg, &rdata));
isc_buffer_allocate(msg->mctx, &dynbuf, 1024);
RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
dynbuf));
CHECK(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */, &sig,
dynbuf));
isc_mem_put(mctx, sig.signature, sig.siglen);
dns_message_takebuffer(msg, &dynbuf);
datalist = NULL;
RETERR(dns_message_gettemprdatalist(msg, &datalist));
CHECK(dns_message_gettemprdatalist(msg, &datalist));
datalist->rdclass = dns_rdataclass_any;
datalist->type = dns_rdatatype_sig; /* SIG(0) */
ISC_LIST_APPEND(datalist->rdata, rdata, link);
dataset = NULL;
RETERR(dns_message_gettemprdataset(msg, &dataset));
CHECK(dns_message_gettemprdataset(msg, &dataset));
RUNTIME_CHECK(dns_rdatalist_tordataset(datalist, dataset) ==
ISC_R_SUCCESS);
msg->sig0 = dataset;
return ISC_R_SUCCESS;
failure:
cleanup:
if (dynbuf != NULL) {
isc_buffer_free(&dynbuf);
}
@ -1075,21 +1066,19 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
isc_buffer_usedregion(source, &source_r);
RETERR(dns_rdataset_first(msg->sig0));
CHECK(dns_rdataset_first(msg->sig0));
dns_rdataset_current(msg->sig0, &rdata);
RETERR(dns_rdata_tostruct(&rdata, &sig, NULL));
CHECK(dns_rdata_tostruct(&rdata, &sig, NULL));
signeedsfree = true;
if (sig.labels != 0) {
result = DNS_R_SIGINVALID;
goto failure;
CHECK(DNS_R_SIGINVALID);
}
if (isc_serial_lt(sig.timeexpire, sig.timesigned)) {
result = DNS_R_SIGINVALID;
msg->sig0status = dns_tsigerror_badtime;
goto failure;
CHECK(DNS_R_SIGINVALID);
}
if (msg->fuzzing) {
@ -1099,36 +1088,33 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
}
if (isc_serial_lt((uint32_t)now, sig.timesigned)) {
result = DNS_R_SIGFUTURE;
msg->sig0status = dns_tsigerror_badtime;
goto failure;
CHECK(DNS_R_SIGFUTURE);
} else if (isc_serial_lt(sig.timeexpire, (uint32_t)now)) {
result = DNS_R_SIGEXPIRED;
msg->sig0status = dns_tsigerror_badtime;
goto failure;
CHECK(DNS_R_SIGEXPIRED);
}
if (!dns_name_equal(dst_key_name(key), &sig.signer)) {
result = DNS_R_SIGINVALID;
msg->sig0status = dns_tsigerror_badkey;
goto failure;
CHECK(DNS_R_SIGINVALID);
}
RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false, 0,
&ctx));
CHECK(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false, 0,
&ctx));
/*
* Digest the SIG(0) record, except for the signature.
*/
dns_rdata_toregion(&rdata, &r);
r.length -= sig.siglen;
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
/*
* If this is a response, digest the query.
*/
if (is_response(msg)) {
RETERR(dst_context_adddata(ctx, &msg->query));
CHECK(dst_context_adddata(ctx, &msg->query));
}
/*
@ -1149,21 +1135,21 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
*/
header_r.base = (unsigned char *)header;
header_r.length = DNS_MESSAGE_HEADERLEN;
RETERR(dst_context_adddata(ctx, &header_r));
CHECK(dst_context_adddata(ctx, &header_r));
/*
* Digest all non-SIG(0) records.
*/
r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
RETERR(dst_context_adddata(ctx, &r));
CHECK(dst_context_adddata(ctx, &r));
sig_r.base = sig.signature;
sig_r.length = sig.siglen;
result = dst_context_verify(ctx, &sig_r);
if (result != ISC_R_SUCCESS) {
msg->sig0status = dns_tsigerror_badsig;
goto failure;
goto cleanup;
}
msg->verified_sig = 1;
@ -1174,7 +1160,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
return ISC_R_SUCCESS;
failure:
cleanup:
if (signeedsfree) {
dns_rdata_freestruct(&sig);
}
@ -1395,14 +1381,14 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory,
isc_dir_init(&dir);
isc_buffer_init(&b, namebuf, sizeof(namebuf) - 1);
RETERR(dns_name_tofilenametext(origin, false, &b));
CHECK(dns_name_tofilenametext(origin, false, &b));
len = isc_buffer_usedlength(&b);
namebuf[len] = '\0';
if (directory == NULL) {
directory = ".";
}
RETERR(isc_dir_open(&dir, directory));
CHECK(isc_dir_open(&dir, directory));
dir_open = true;
while (isc_dir_read(&dir) == ISC_R_SUCCESS) {
@ -1479,7 +1465,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory,
continue;
}
RETERR(dns_dnsseckey_create(mctx, &dstkey, &key));
CHECK(dns_dnsseckey_create(mctx, &dstkey, &key));
key->source = dns_keysource_repository;
dns_dnssec_get_hints(key, now);
@ -1498,7 +1484,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory,
result = ISC_R_NOTFOUND;
}
failure:
cleanup:
if (dir_open) {
isc_dir_close(&dir);
}
@ -1658,7 +1644,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory,
goto skip;
}
RETERR(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey));
CHECK(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey));
dst_key_setttl(dnskey, keys.ttl);
if (!is_zone_key(dnskey)) {
@ -1671,7 +1657,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory,
}
if (publickey) {
RETERR(addkey(keylist, &dnskey, savekeys, mctx));
CHECK(addkey(keylist, &dnskey, savekeys, mctx));
goto skip;
}
@ -1683,7 +1669,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory,
if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) {
result = ISC_R_SUCCESS;
}
RETERR(result);
CHECK(result);
/* Now read the private key. */
result = dst_key_fromfile(
@ -1754,15 +1740,13 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory,
if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) {
if (pubkey != NULL) {
RETERR(addkey(keylist, &pubkey, savekeys,
mctx));
CHECK(addkey(keylist, &pubkey, savekeys, mctx));
} else {
RETERR(addkey(keylist, &dnskey, savekeys,
mctx));
CHECK(addkey(keylist, &dnskey, savekeys, mctx));
}
goto skip;
}
RETERR(result);
CHECK(result);
/*
* Whatever the key's default TTL may have
@ -1770,7 +1754,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory,
*/
dst_key_setttl(privkey, dst_key_getttl(dnskey));
RETERR(addkey(keylist, &privkey, savekeys, mctx));
CHECK(addkey(keylist, &privkey, savekeys, mctx));
skip:
if (dnskey != NULL) {
dst_key_free(&dnskey);
@ -1784,20 +1768,20 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory,
}
if (result != ISC_R_NOMORE) {
RETERR(result);
CHECK(result);
}
if (keysigs != NULL && dns_rdataset_isassociated(keysigs)) {
RETERR(mark_active_keys(keylist, keysigs));
CHECK(mark_active_keys(keylist, keysigs));
}
if (soasigs != NULL && dns_rdataset_isassociated(soasigs)) {
RETERR(mark_active_keys(keylist, soasigs));
CHECK(mark_active_keys(keylist, soasigs));
}
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&keys)) {
dns_rdataset_disassociate(&keys);
}
@ -1836,29 +1820,25 @@ dns_dnssec_make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
static isc_result_t
addrdata(dns_rdata_t *rdata, dns_diff_t *diff, const dns_name_t *origin,
dns_ttl_t ttl, isc_mem_t *mctx) {
isc_result_t result;
dns_difftuple_t *tuple = NULL;
RETERR(dns_difftuple_create(mctx, DNS_DIFFOP_ADD, origin, ttl, rdata,
&tuple));
dns_diff_appendminimal(diff, &tuple);
failure:
return result;
return ISC_R_SUCCESS;
}
static isc_result_t
delrdata(dns_rdata_t *rdata, dns_diff_t *diff, const dns_name_t *origin,
dns_ttl_t ttl, isc_mem_t *mctx) {
isc_result_t result;
dns_difftuple_t *tuple = NULL;
RETERR(dns_difftuple_create(mctx, DNS_DIFFOP_DEL, origin, ttl, rdata,
&tuple));
dns_diff_appendminimal(diff, &tuple);
failure:
return result;
return ISC_R_SUCCESS;
}
static isc_result_t
@ -1871,7 +1851,7 @@ publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
dns_rdata_t dnskey = DNS_RDATA_INIT;
dns_rdata_reset(&dnskey);
RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
CHECK(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
dst_key_format(key->key, keystr, sizeof(keystr));
report("Fetching %s (%s) from key %s.", keystr,
@ -1892,7 +1872,7 @@ publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
/* publish key */
result = addrdata(&dnskey, diff, origin, ttl, mctx);
failure:
cleanup:
return result;
}
@ -1911,10 +1891,10 @@ remove_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
report("Removing %s key %s/%d/%s from DNSKEY RRset.", reason, namebuf,
dst_key_id(key->key), alg);
RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
CHECK(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
result = delrdata(&dnskey, diff, origin, ttl, mctx);
failure:
cleanup:
return result;
}
@ -1972,8 +1952,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
dns_rdata_t cdnskeyrdata = DNS_RDATA_INIT;
dns_name_t *origin = dst_key_name(key->key);
RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
CHECK(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
/*
* We construct the SHA-1 version of the record so we can
@ -1983,11 +1963,11 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
* XXXMPA we need to be able to specify the DS algorithms
* to be used here and below with rmkeys.
*/
RETERR(dns_ds_buildrdata(origin, &cdnskeyrdata,
DNS_DSDIGEST_SHA1, dsbuf1, &cds_sha1));
RETERR(dns_ds_buildrdata(origin, &cdnskeyrdata,
DNS_DSDIGEST_SHA256, dsbuf2,
&cds_sha256));
CHECK(dns_ds_buildrdata(origin, &cdnskeyrdata,
DNS_DSDIGEST_SHA1, dsbuf1, &cds_sha1));
CHECK(dns_ds_buildrdata(origin, &cdnskeyrdata,
DNS_DSDIGEST_SHA256, dsbuf2,
&cds_sha256));
/*
* Now that the we have created the DS records convert
@ -2009,8 +1989,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO,
"CDNSKEY for key %s is now published",
keystr);
RETERR(addrdata(&cdnskeyrdata, diff, origin,
cdnskeyttl, mctx));
CHECK(addrdata(&cdnskeyrdata, diff, origin,
cdnskeyttl, mctx));
}
/* Only publish SHA-256 (SHA-1 is deprecated) */
if (!dns_rdataset_isassociated(cds) ||
@ -2021,8 +2001,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
ISC_LOG_INFO,
"CDS for key %s is now published",
keystr);
RETERR(addrdata(&cds_sha256, diff, origin,
cdsttl, mctx));
CHECK(addrdata(&cds_sha256, diff, origin,
cdsttl, mctx));
}
}
@ -2040,8 +2020,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
"CDS (SHA-1) for key %s "
"is now deleted",
keystr);
RETERR(delrdata(&cds_sha1, diff, origin,
cds->ttl, mctx));
CHECK(delrdata(&cds_sha1, diff, origin,
cds->ttl, mctx));
}
if (exists(cds, &cds_sha256)) {
isc_log_write(dns_lctx,
@ -2051,9 +2031,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
"CDS (SHA-256) for key "
"%s is now deleted",
keystr);
RETERR(delrdata(&cds_sha256, diff,
origin, cds->ttl,
mctx));
CHECK(delrdata(&cds_sha256, diff,
origin, cds->ttl, mctx));
}
}
@ -2066,9 +2045,9 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
"CDNSKEY for key %s is "
"now deleted",
keystr);
RETERR(delrdata(&cdnskeyrdata, diff,
origin, cdnskey->ttl,
mctx));
CHECK(delrdata(&cdnskeyrdata, diff,
origin, cdnskey->ttl,
mctx));
}
}
}
@ -2094,24 +2073,24 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(key->key, keystr, sizeof(keystr));
RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
CHECK(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
&cdnskeyrdata));
if (dns_rdataset_isassociated(cds)) {
RETERR(dns_ds_buildrdata(origin, &cdnskeyrdata,
DNS_DSDIGEST_SHA1, dsbuf1,
&cds_sha1));
RETERR(dns_ds_buildrdata(origin, &cdnskeyrdata,
DNS_DSDIGEST_SHA256, dsbuf2,
&cds_sha256));
CHECK(dns_ds_buildrdata(origin, &cdnskeyrdata,
DNS_DSDIGEST_SHA1, dsbuf1,
&cds_sha1));
CHECK(dns_ds_buildrdata(origin, &cdnskeyrdata,
DNS_DSDIGEST_SHA256, dsbuf2,
&cds_sha256));
if (exists(cds, &cds_sha1)) {
isc_log_write(
dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO,
"CDS (SHA-1) for key %s is now deleted",
keystr);
RETERR(delrdata(&cds_sha1, diff, origin,
cds->ttl, mctx));
CHECK(delrdata(&cds_sha1, diff, origin,
cds->ttl, mctx));
}
if (exists(cds, &cds_sha256)) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
@ -2120,8 +2099,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
"CDS (SHA-256) for key %s is now "
"deleted",
keystr);
RETERR(delrdata(&cds_sha256, diff, origin,
cds->ttl, mctx));
CHECK(delrdata(&cds_sha256, diff, origin,
cds->ttl, mctx));
}
}
@ -2132,15 +2111,15 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO,
"CDNSKEY for key %s is now deleted",
keystr);
RETERR(delrdata(&cdnskeyrdata, diff, origin,
cdnskey->ttl, mctx));
CHECK(delrdata(&cdnskeyrdata, diff, origin,
cdnskey->ttl, mctx));
}
}
}
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -2149,13 +2128,13 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey,
dns_name_t *origin, dns_rdataclass_t zclass,
dns_ttl_t ttl, dns_diff_t *diff, isc_mem_t *mctx,
bool expect_cds_delete, bool expect_cdnskey_delete) {
isc_result_t result;
unsigned char dsbuf[5] = { 0, 0, 0, 0, 0 }; /* CDS DELETE rdata */
unsigned char keybuf[5] = { 0, 0, 3, 0, 0 }; /* CDNSKEY DELETE rdata */
char namebuf[DNS_NAME_FORMATSIZE];
dns_rdata_t cds_delete = DNS_RDATA_INIT;
dns_rdata_t cdnskey_delete = DNS_RDATA_INIT;
isc_region_t r;
isc_result_t result;
r.base = keybuf;
r.length = sizeof(keybuf);
@ -2177,7 +2156,7 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey,
"CDS (DELETE) for zone %s is now "
"published",
namebuf);
RETERR(addrdata(&cds_delete, diff, origin, ttl, mctx));
CHECK(addrdata(&cds_delete, diff, origin, ttl, mctx));
}
} else {
if (dns_rdataset_isassociated(cds) && exists(cds, &cds_delete))
@ -2187,8 +2166,8 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey,
"CDS (DELETE) for zone %s is now "
"deleted",
namebuf);
RETERR(delrdata(&cds_delete, diff, origin, cds->ttl,
mctx));
CHECK(delrdata(&cds_delete, diff, origin, cds->ttl,
mctx));
}
}
@ -2201,8 +2180,8 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey,
"CDNSKEY (DELETE) for zone %s is now "
"published",
namebuf);
RETERR(addrdata(&cdnskey_delete, diff, origin, ttl,
mctx));
CHECK(addrdata(&cdnskey_delete, diff, origin, ttl,
mctx));
}
} else {
if (dns_rdataset_isassociated(cdnskey) &&
@ -2213,15 +2192,13 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey,
"CDNSKEY (DELETE) for zone %s is now "
"deleted",
namebuf);
RETERR(delrdata(&cdnskey_delete, diff, origin,
cdnskey->ttl, mctx));
CHECK(delrdata(&cdnskey_delete, diff, origin,
cdnskey->ttl, mctx));
}
}
result = ISC_R_SUCCESS;
failure:
return result;
cleanup:
return ISC_R_SUCCESS;
}
/*
@ -2255,8 +2232,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
if (key->source == dns_keysource_user &&
(key->hint_publish || key->force_publish))
{
RETERR(publish_key(diff, key, origin, ttl, mctx,
report));
CHECK(publish_key(diff, key, origin, ttl, mctx,
report));
}
if (key->source == dns_keysource_zoneapex) {
ttl = dst_key_getttl(key->key);
@ -2330,8 +2307,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
if (key1->source != dns_keysource_zoneapex &&
(key1->hint_publish || key1->force_publish))
{
RETERR(publish_key(diff, key1, origin, ttl,
mctx, report));
CHECK(publish_key(diff, key1, origin, ttl, mctx,
report));
isc_log_write(
dns_lctx, DNS_LOGCATEGORY_DNSSEC,
DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO,
@ -2366,8 +2343,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
/* Match found: remove or update it as needed */
if (key1->hint_remove) {
RETERR(remove_key(diff, key2, origin, ttl, mctx,
"expired", report));
CHECK(remove_key(diff, key2, origin, ttl, mctx,
"expired", report));
ISC_LIST_UNLINK(*keys, key2, link);
if (removed != NULL) {
@ -2390,8 +2367,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
* We need to remove the old version and pull
* in the new one.
*/
RETERR(remove_key(diff, key2, origin, ttl, mctx,
"revoked", report));
CHECK(remove_key(diff, key2, origin, ttl, mctx,
"revoked", report));
ISC_LIST_UNLINK(*keys, key2, link);
if (removed != NULL) {
ISC_LIST_APPEND(*removed, key2, link);
@ -2408,8 +2385,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
dns_dnsseckey_destroy(mctx, &key2);
}
RETERR(publish_key(diff, key1, origin, ttl, mctx,
report));
CHECK(publish_key(diff, key1, origin, ttl, mctx,
report));
ISC_LIST_UNLINK(*newkeys, key1, link);
ISC_LIST_APPEND(*keys, key1, link);
@ -2460,7 +2437,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}

7
lib/dns/dnstap.c
View file

@ -124,13 +124,6 @@ struct dns_dtenv {
isc_stats_t *stats;
};
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
typedef struct ioq {
unsigned int generation;
struct fstrm_iothr_queue *ioq;

278
lib/dns/dst_api.c
View file

@ -68,35 +68,35 @@
#define DST_AS_STR(t) ((t).value.as_textregion.base)
#define NEXTTOKEN(lex, opt, token) \
{ \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
#define NEXTTOKEN(lex, opt, token) \
{ \
CHECK(isc_lex_gettoken(lex, opt, token)); \
}
#define NEXTTOKEN_OR_EOF(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret == ISC_R_EOF) \
break; \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
#define NEXTTOKEN_OR_EOF(lex, opt, token) \
do { \
result = isc_lex_gettoken(lex, opt, token); \
if (result == ISC_R_EOF) { \
break; \
} \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while ((*token).type == isc_tokentype_eol);
#define READLINE(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret == ISC_R_EOF) \
break; \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
#define READLINE(lex, opt, token) \
do { \
result = isc_lex_gettoken(lex, opt, token); \
if (result == ISC_R_EOF) \
break; \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while ((*token).type != isc_tokentype_eol)
#define BADTOKEN() \
{ \
ret = ISC_R_UNEXPECTEDTOKEN; \
goto cleanup; \
#define BADTOKEN() \
{ \
result = ISC_R_UNEXPECTEDTOKEN; \
goto cleanup; \
}
#define NUMERIC_NTAGS (DST_MAX_NUMERIC + 1)
@ -174,13 +174,6 @@ static isc_result_t
addsuffix(char *filename, int len, const char *dirname, const char *ofilename,
const char *suffix);
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto out; \
} while (0)
#define CHECKALG(alg) \
do { \
isc_result_t _r; \
@ -199,39 +192,39 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) {
UNUSED(engine);
memset(dst_t_func, 0, sizeof(dst_t_func));
RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]));
RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
RETERR(dst__openssl_init(engine));
RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1],
DST_ALG_RSASHA1));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1],
DST_ALG_NSEC3RSASHA1));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256],
DST_ALG_RSASHA256));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512],
DST_ALG_RSASHA512));
RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
CHECK(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
CHECK(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
CHECK(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]));
CHECK(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
CHECK(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
CHECK(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
CHECK(dst__openssl_init(engine));
CHECK(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1],
DST_ALG_RSASHA1));
CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1],
DST_ALG_NSEC3RSASHA1));
CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256],
DST_ALG_RSASHA256));
CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512],
DST_ALG_RSASHA512));
CHECK(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
CHECK(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
#ifdef HAVE_OPENSSL_ED25519
RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519]));
CHECK(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519]));
#endif /* ifdef HAVE_OPENSSL_ED25519 */
#ifdef HAVE_OPENSSL_ED448
RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448]));
CHECK(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448]));
#endif /* ifdef HAVE_OPENSSL_ED448 */
#if HAVE_GSSAPI
RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
CHECK(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
#endif /* HAVE_GSSAPI */
dst_initialized = true;
return ISC_R_SUCCESS;
out:
cleanup:
/* avoid immediate crash! */
dst_initialized = true;
dst_lib_destroy();
@ -428,9 +421,6 @@ dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
isc_result_t
dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
isc_result_t ret = ISC_R_SUCCESS;
REQUIRE(dst_initialized);
REQUIRE(VALID_KEY(key));
REQUIRE((type &
(DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE)) != 0);
@ -442,17 +432,11 @@ dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
}
if ((type & DST_TYPE_PUBLIC) != 0) {
ret = write_public_key(key, type, directory);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(write_public_key(key, type, directory));
}
if ((type & DST_TYPE_STATE) != 0) {
ret = write_key_state(key, type, directory);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(write_key_state(key, type, directory));
}
if (((type & DST_TYPE_PRIVATE) != 0) &&
@ -545,32 +529,20 @@ dst_key_fromfile(dns_name_t *name, dns_keytag_t id, unsigned int alg, int type,
key = NULL;
isc_buffer_init(&buf, filename, NAME_MAX);
result = dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf);
if (result != ISC_R_SUCCESS) {
goto out;
}
result = dst_key_fromnamedfile(filename, directory, type, mctx, &key);
if (result != ISC_R_SUCCESS) {
goto out;
}
result = computeid(key);
if (result != ISC_R_SUCCESS) {
goto out;
}
CHECK(dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf));
CHECK(dst_key_fromnamedfile(filename, directory, type, mctx, &key));
CHECK(computeid(key));
if (!dns_name_equal(name, key->key_name) || id != key->key_id ||
alg != key->key_alg)
{
result = DST_R_INVALIDPRIVATEKEY;
goto out;
CHECK(DST_R_INVALIDPRIVATEKEY);
}
*keyp = key;
result = ISC_R_SUCCESS;
out:
cleanup:
if ((key != NULL) && (result != ISC_R_SUCCESS)) {
dst_key_free(&key);
}
@ -607,7 +579,7 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
".key");
INSIST(result == ISC_R_SUCCESS);
RETERR(dst_key_read_public(newfilename, type, mctx, &pubkey));
CHECK(dst_key_read_public(newfilename, type, mctx, &pubkey));
isc_mem_put(mctx, newfilename, newfilenamelen);
/*
@ -633,31 +605,31 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
/* Having no state is valid. */
result = ISC_R_SUCCESS;
}
RETERR(result);
CHECK(result);
}
if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == DST_TYPE_PUBLIC ||
(pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
{
RETERR(computeid(pubkey));
CHECK(computeid(pubkey));
pubkey->modified = false;
*keyp = pubkey;
pubkey = NULL;
goto out;
goto cleanup;
}
RETERR(algorithm_status(pubkey->key_alg));
CHECK(algorithm_status(pubkey->key_alg));
key = get_key_struct(pubkey->key_name, pubkey->key_alg,
pubkey->key_flags, pubkey->key_proto,
pubkey->key_size, pubkey->key_class,
pubkey->key_ttl, mctx);
if (key == NULL) {
RETERR(ISC_R_NOMEMORY);
CHECK(ISC_R_NOMEMORY);
}
if (key->func->parse == NULL) {
RETERR(DST_R_UNSUPPORTEDALG);
CHECK(DST_R_UNSUPPORTEDALG);
}
newfilenamelen = strlen(filename) + 9;
@ -669,11 +641,11 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
".private");
INSIST(result == ISC_R_SUCCESS);
RETERR(isc_lex_create(mctx, 1500, &lex));
RETERR(isc_lex_openfile(lex, newfilename));
CHECK(isc_lex_create(mctx, 1500, &lex));
CHECK(isc_lex_openfile(lex, newfilename));
isc_mem_put(mctx, newfilename, newfilenamelen);
RETERR(key->func->parse(key, lex, pubkey));
CHECK(key->func->parse(key, lex, pubkey));
isc_lex_destroy(&lex);
key->kasp = false;
@ -685,20 +657,20 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
/* Having no state is valid. */
result = ISC_R_SUCCESS;
}
RETERR(result);
CHECK(result);
}
RETERR(computeid(key));
CHECK(computeid(key));
if (pubkey->key_id != key->key_id) {
RETERR(DST_R_INVALIDPRIVATEKEY);
CHECK(DST_R_INVALIDPRIVATEKEY);
}
key->modified = false;
*keyp = key;
key = NULL;
out:
cleanup:
if (pubkey != NULL) {
dst_key_free(&pubkey);
}
@ -853,13 +825,13 @@ dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) {
REQUIRE(buffer != NULL);
if (key->func->parse == NULL) {
RETERR(DST_R_UNSUPPORTEDALG);
CHECK(DST_R_UNSUPPORTEDALG);
}
RETERR(isc_lex_create(key->mctx, 1500, &lex));
RETERR(isc_lex_openbuffer(lex, buffer));
RETERR(key->func->parse(key, lex, NULL));
out:
CHECK(isc_lex_create(key->mctx, 1500, &lex));
CHECK(isc_lex_openbuffer(lex, buffer));
CHECK(key->func->parse(key, lex, NULL));
cleanup:
if (lex != NULL) {
isc_lex_destroy(&lex);
}
@ -895,13 +867,13 @@ dst_key_fromgssapi(const dns_name_t *name, dns_gss_ctx_id_t gssctx,
*/
isc_buffer_allocate(key->mctx, &key->key_tkeytoken,
intoken->length);
RETERR(isc_buffer_copyregion(key->key_tkeytoken, intoken));
CHECK(isc_buffer_copyregion(key->key_tkeytoken, intoken));
}
key->keydata.gssctx = gssctx;
*keyp = key;
result = ISC_R_SUCCESS;
out:
cleanup:
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
}
@ -1050,7 +1022,7 @@ dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits,
dns_rdataclass_t rdclass, isc_mem_t *mctx, dst_key_t **keyp,
void (*callback)(int)) {
dst_key_t *key;
isc_result_t ret;
isc_result_t result;
REQUIRE(dst_initialized);
REQUIRE(dns_name_isabsolute(name));
@ -1076,16 +1048,16 @@ dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits,
return DST_R_UNSUPPORTEDALG;
}
ret = key->func->generate(key, param, callback);
if (ret != ISC_R_SUCCESS) {
result = key->func->generate(key, param, callback);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
ret = computeid(key);
if (ret != ISC_R_SUCCESS) {
result = computeid(key);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
*keyp = key;
@ -1653,13 +1625,12 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
dns_fixedname_t name;
isc_lex_t *lex = NULL;
isc_token_t token;
isc_result_t ret;
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
unsigned int opt = ISC_LEXOPT_DNSMULTILINE | ISC_LEXOPT_ESCAPE;
dns_rdataclass_t rdclass = dns_rdataclass_in;
isc_lexspecials_t specials;
uint32_t ttl = 0;
isc_result_t result;
dns_rdatatype_t keytype;
/*
@ -1670,10 +1641,7 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
*/
/* 1500 should be large enough for any key */
ret = isc_lex_create(mctx, 1500, &lex);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_create(mctx, 1500, &lex));
memset(specials, 0, sizeof(specials));
specials['('] = 1;
@ -1682,10 +1650,7 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
isc_lex_setspecials(lex, specials);
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
ret = isc_lex_openfile(lex, filename);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_openfile(lex, filename));
/* Read the domain name */
NEXTTOKEN(lex, opt, &token);
@ -1703,11 +1668,8 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
dns_fixedname_init(&name);
isc_buffer_init(&b, DST_AS_STR(token), strlen(DST_AS_STR(token)));
isc_buffer_add(&b, strlen(DST_AS_STR(token)));
ret = dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname, 0,
NULL);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname, 0,
NULL));
/* Read the next word: either TTL, class, or 'KEY' */
NEXTTOKEN(lex, opt, &token);
@ -1726,8 +1688,8 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
BADTOKEN();
}
ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
if (ret == ISC_R_SUCCESS) {
result = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
if (result == ISC_R_SUCCESS) {
NEXTTOKEN(lex, opt, &token);
}
@ -1746,22 +1708,16 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
if (((type & DST_TYPE_KEY) != 0 && keytype != dns_rdatatype_key) ||
((type & DST_TYPE_KEY) == 0 && keytype != dns_rdatatype_dnskey))
{
ret = DST_R_BADKEYTYPE;
result = DST_R_BADKEYTYPE;
goto cleanup;
}
isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
ret = dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, false,
mctx, &b, NULL);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, false,
mctx, &b, NULL));
ret = dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx,
keyp);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx,
keyp));
dst_key_setttl(*keyp, ttl);
@ -1769,7 +1725,7 @@ cleanup:
if (lex != NULL) {
isc_lex_destroy(&lex);
}
return ret;
return result;
}
static int
@ -1820,19 +1776,13 @@ isc_result_t
dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
isc_lex_t *lex = NULL;
isc_token_t token;
isc_result_t ret;
isc_result_t result;
unsigned int opt = ISC_LEXOPT_EOL;
ret = isc_lex_create(mctx, 1500, &lex);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_create(mctx, 1500, &lex));
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
ret = isc_lex_openfile(lex, filename);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(isc_lex_openfile(lex, filename));
/*
* Read the comment line.
@ -1884,7 +1834,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
int tag;
NEXTTOKEN_OR_EOF(lex, opt, &token);
if (ret == ISC_R_EOF) {
if (result == ISC_R_EOF) {
break;
}
if (token.type != isc_tokentype_string) {
@ -1937,10 +1887,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
BADTOKEN();
}
ret = dns_time32_fromtext(DST_AS_STR(token), &when);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(dns_time32_fromtext(DST_AS_STR(token), &when));
dst_key_settime(*keyp, tag, when);
goto next;
@ -1958,10 +1905,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
BADTOKEN();
}
ret = keystate_fromtext(DST_AS_STR(token), &state);
if (ret != ISC_R_SUCCESS) {
goto cleanup;
}
CHECK(keystate_fromtext(DST_AS_STR(token), &state));
dst_key_setstate(*keyp, tag, state);
goto next;
@ -1972,13 +1916,13 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) {
}
/* Done, successfully parsed the whole file. */
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
cleanup:
if (lex != NULL) {
isc_lex_destroy(&lex);
}
return ret;
return result;
}
static bool
@ -2342,13 +2286,9 @@ computeid(dst_key_t *key) {
isc_buffer_t dnsbuf;
unsigned char dns_array[DST_KEY_MAXSIZE];
isc_region_t r;
isc_result_t ret;
isc_buffer_init(&dnsbuf, dns_array, sizeof(dns_array));
ret = dst_key_todns(key, &dnsbuf);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(dst_key_todns(key, &dnsbuf));
isc_buffer_usedregion(&dnsbuf, &r);
key->key_id = dst_region_computeid(&r);
@ -2362,7 +2302,7 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags,
isc_buffer_t *source, isc_mem_t *mctx, bool no_rdata,
dst_key_t **keyp) {
dst_key_t *key;
isc_result_t ret;
isc_result_t result;
REQUIRE(dns_name_isabsolute(name));
REQUIRE(source != NULL);
@ -2375,10 +2315,10 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags,
}
if (isc_buffer_remaininglength(source) > 0) {
ret = algorithm_status(alg);
if (ret != ISC_R_SUCCESS) {
result = algorithm_status(alg);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
if (key->func->fromdns == NULL) {
dst_key_free(&key);
@ -2386,10 +2326,10 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags,
}
if (!no_rdata) {
ret = key->func->fromdns(key, source);
if (ret != ISC_R_SUCCESS) {
result = key->func->fromdns(key, source);
if (result != ISC_R_SUCCESS) {
dst_key_free(&key);
return ret;
return result;
}
}
}

99
lib/dns/dst_parse.c
View file

@ -417,7 +417,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
unsigned char *data = NULL;
unsigned int opt = ISC_LEXOPT_EOL;
isc_stdtime_t when;
isc_result_t ret;
isc_result_t result;
bool external = false;
REQUIRE(priv != NULL);
@ -425,20 +425,19 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
priv->nelements = 0;
memset(priv->elements, 0, sizeof(priv->elements));
#define NEXTTOKEN(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto fail; \
#define NEXTTOKEN(lex, opt, token) \
do { \
CHECK(isc_lex_gettoken(lex, opt, token)); \
} while (0)
#define READLINE(lex, opt, token) \
do { \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret == ISC_R_EOF) \
break; \
else if (ret != ISC_R_SUCCESS) \
goto fail; \
#define READLINE(lex, opt, token) \
do { \
result = isc_lex_gettoken(lex, opt, token); \
if (result == ISC_R_EOF) { \
break; \
} else if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while ((*token).type != isc_tokentype_eol)
/*
@ -448,24 +447,24 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
if (token.type != isc_tokentype_string ||
strcmp(DST_AS_STR(token), PRIVATE_KEY_STR) != 0)
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string || (DST_AS_STR(token))[0] != 'v')
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
if (sscanf(DST_AS_STR(token), "v%d.%d", &major, &minor) != 2) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
if (major > DST_MAJOR_VERSION) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
/*
@ -482,16 +481,16 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
if (token.type != isc_tokentype_string ||
strcmp(DST_AS_STR(token), ALGORITHM_STR) != 0)
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
if (token.type != isc_tokentype_number ||
token.value.as_ulong != (unsigned long)dst_key_alg(key))
{
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
READLINE(lex, opt, &token);
@ -503,18 +502,18 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
int tag;
isc_region_t r;
do {
ret = isc_lex_gettoken(lex, opt, &token);
if (ret == ISC_R_EOF) {
result = isc_lex_gettoken(lex, opt, &token);
if (result == ISC_R_EOF) {
goto done;
}
if (ret != ISC_R_SUCCESS) {
goto fail;
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
} while (token.type == isc_tokentype_eol);
if (token.type != isc_tokentype_string) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
if (strcmp(DST_AS_STR(token), "External:") == 0) {
@ -529,8 +528,8 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
if (token.type != isc_tokentype_number) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
dst_key_setnum(key, tag, token.value.as_ulong);
@ -544,14 +543,11 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
ret = dns_time32_fromtext(DST_AS_STR(token), &when);
if (ret != ISC_R_SUCCESS) {
goto fail;
}
CHECK(dns_time32_fromtext(DST_AS_STR(token), &when));
dst_key_settime(key, tag, when);
@ -563,8 +559,8 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
if (tag < 0 && minor > DST_MINOR_VERSION) {
goto next;
} else if (tag < 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
priv->elements[n].tag = tag;
@ -572,10 +568,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
data = isc_mem_get(mctx, MAXFIELDSIZE);
isc_buffer_init(&b, data, MAXFIELDSIZE);
ret = isc_base64_tobuffer(lex, &b, -1);
if (ret != ISC_R_SUCCESS) {
goto fail;
}
CHECK(isc_base64_tobuffer(lex, &b, -1));
isc_buffer_usedregion(&b, &r);
priv->elements[n].length = r.length;
@ -589,30 +582,30 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
done:
if (external && priv->nelements != 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
}
check = check_data(priv, alg, true, external);
if (check < 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
result = DST_R_INVALIDPRIVATEKEY;
goto cleanup;
} else if (check != ISC_R_SUCCESS) {
ret = check;
goto fail;
result = check;
goto cleanup;
}
key->external = external;
return ISC_R_SUCCESS;
fail:
cleanup:
dst__privstruct_free(priv, mctx);
if (data != NULL) {
isc_mem_put(mctx, data, MAXFIELDSIZE);
}
return ret;
return result;
}
isc_result_t

7
lib/dns/dyndb.c
View file

@ -30,13 +30,6 @@
#include <dns/view.h>
#include <dns/zone.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
typedef struct dyndb_implementation dyndb_implementation_t;
struct dyndb_implementation {
isc_mem_t *mctx;

27
lib/dns/gssapictx.c
View file

@ -93,13 +93,6 @@ static gss_OID_desc __gss_spnego_mechanism_oid_desc = {
(r).base = (gb).value; \
} while (0)
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto out; \
} while (0)
static void
name_to_gbuffer(const dns_name_t *name, isc_buffer_t *buffer,
gss_buffer_desc *gbuffer) {
@ -589,8 +582,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
gret = gss_import_name(&minor, &gnamebuf, GSS_C_NO_OID, &gname);
if (gret != GSS_S_COMPLETE) {
gss_err_message(mctx, gret, minor, err_message);
result = ISC_R_FAILURE;
goto out;
CHECK(ISC_R_FAILURE);
}
if (intoken != NULL) {
@ -621,8 +613,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
gss_log(3, "Failure initiating security context");
}
result = ISC_R_FAILURE;
goto out;
CHECK(ISC_R_FAILURE);
}
/*
@ -635,7 +626,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
*/
if (gouttoken.length != 0U) {
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(outtoken, &r));
CHECK(isc_buffer_copyregion(outtoken, &r));
}
if (gret == GSS_S_COMPLETE) {
@ -644,7 +635,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
result = DNS_R_CONTINUE;
}
out:
cleanup:
if (gouttoken.length != 0U) {
(void)gss_release_buffer(&minor, &gouttoken);
}
@ -749,7 +740,7 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
isc_buffer_allocate(mctx, outtoken,
(unsigned int)gouttoken.length);
GBUFFER_TO_REGION(gouttoken, r);
RETERR(isc_buffer_copyregion(*outtoken, &r));
CHECK(isc_buffer_copyregion(*outtoken, &r));
(void)gss_release_buffer(&minor, &gouttoken);
}
@ -759,7 +750,7 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
gss_log(3, "failed gss_display_name: %s",
gss_error_tostring(gret, minor, buf,
sizeof(buf)));
RETERR(ISC_R_FAILURE);
CHECK(ISC_R_FAILURE);
}
/*
@ -781,8 +772,8 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
isc_buffer_init(&namebuf, r.base, r.length);
isc_buffer_add(&namebuf, r.length);
RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname, 0,
NULL));
CHECK(dns_name_fromtext(principal, &namebuf, dns_rootname, 0,
NULL));
if (gnamebuf.length != 0U) {
gret = gss_release_buffer(&minor, &gnamebuf);
@ -798,7 +789,7 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
*ctxout = context;
out:
cleanup:
if (gname != NULL) {
gret = gss_release_name(&minor, &gname);
if (gret != GSS_S_COMPLETE) {

88
lib/dns/journal.c
View file

@ -86,25 +86,6 @@
#define JOURNAL_DEBUG_LOGARGS(n) JOURNAL_COMMON_LOGARGS, ISC_LOG_DEBUG(n)
/*%
* It would be non-sensical (or at least obtuse) to use FAIL() with an
* ISC_R_SUCCESS code, but the test is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAIL(code) \
do { \
result = (code); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define JOURNAL_SERIALSET 0x01U
static isc_result_t
@ -648,14 +629,14 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create,
*/
result = isc_stdio_open(j->filename, "rb+", &fp);
} else {
FAIL(ISC_R_NOTFOUND);
CHECK(ISC_R_NOTFOUND);
}
}
if (result != ISC_R_SUCCESS) {
isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR,
"%s: open: %s", j->filename,
isc_result_totext(result));
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
j->fp = fp;
@ -693,7 +674,7 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create,
} else {
isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR,
"%s: journal format not recognized", j->filename);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
journal_header_decode(&rawheader, &j->header);
@ -745,7 +726,7 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create,
*journalp = j;
return ISC_R_SUCCESS;
failure:
cleanup:
j->magic = 0;
if (j->rawindex != NULL) {
isc_mem_put(j->mctx, j->rawindex,
@ -921,7 +902,7 @@ maybe_fixup_xhdr(dns_journal_t *j, journal_xhdr_t *xhdr, uint32_t serial,
j->recovered = true;
}
failure:
cleanup:
return result;
}
@ -1001,7 +982,7 @@ journal_next(dns_journal_t *j, journal_pos_t *pos) {
pos->serial = xhdr.serial1;
return ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1181,7 +1162,7 @@ dns_journal_begin_transaction(dns_journal_t *j) {
j->state = JOURNAL_STATE_TRANSACTION;
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1272,7 +1253,7 @@ dns_journal_writediff(dns_journal_t *j, dns_diff_t *diff) {
result = ISC_R_SUCCESS;
failure:
cleanup:
if (mem != NULL) {
isc_mem_put(j->mctx, mem, size);
}
@ -1415,7 +1396,7 @@ dns_journal_commit(dns_journal_t *j) {
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1428,7 +1409,7 @@ dns_journal_write_transaction(dns_journal_t *j, dns_diff_t *diff) {
CHECK(dns_journal_writediff(j, diff));
CHECK(dns_journal_commit(j));
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1566,7 +1547,7 @@ dns_journal_rollforward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
"%s: journal file corrupt: missing "
"initial SOA",
j->filename);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
if ((options & DNS_JOURNALOPT_RESIGN) != 0) {
op = (n_soa == 1) ? DNS_DIFFOP_DELRESIGN
@ -1603,7 +1584,7 @@ dns_journal_rollforward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
dns_diff_clear(&diff);
}
failure:
cleanup:
if (ver != NULL) {
dns_db_closeversion(db, &ver,
result == ISC_R_SUCCESS ? true : false);
@ -1709,7 +1690,7 @@ dns_journal_print(isc_mem_t *mctx, uint32_t flags, const char *filename,
"%s: journal file corrupt: missing "
"initial SOA",
j->filename);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
if (print) {
@ -1751,13 +1732,13 @@ dns_journal_print(isc_mem_t *mctx, uint32_t flags, const char *filename,
result = dns_diff_print(&diff, file);
dns_diff_clear(&diff);
}
goto cleanup;
goto done;
failure:
cleanup:
isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR,
"%s: cannot print: journal file corrupt", j->filename);
cleanup:
done:
if (source.base != NULL) {
isc_mem_put(j->mctx, source.base, source.length);
}
@ -1921,7 +1902,7 @@ dns_journal_iter_init(dns_journal_t *j, uint32_t begin_serial,
}
result = ISC_R_SUCCESS;
failure:
cleanup:
j->it.result = result;
return j->it.result;
}
@ -1942,7 +1923,7 @@ dns_journal_first_rr(dns_journal_t *j) {
return read_one_rr(j);
failure:
cleanup:
return result;
}
@ -1976,7 +1957,7 @@ read_one_rr(dns_journal_t *j) {
isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR,
"%s: journal corrupt: empty transaction",
j->filename);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
if (j->header_ver1) {
@ -1992,7 +1973,7 @@ read_one_rr(dns_journal_t *j) {
"expected serial %u, got %u",
j->filename, j->it.current_serial,
xhdr.serial0);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
j->it.xsize = xhdr.size;
@ -2014,7 +1995,7 @@ read_one_rr(dns_journal_t *j) {
"%s: journal corrupt: impossible RR size "
"(%d bytes)",
j->filename, rrhdr.size);
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
CHECK(size_buffer(j->mctx, &j->it.source, rrhdr.size));
@ -2043,7 +2024,7 @@ read_one_rr(dns_journal_t *j) {
* Check that the RR header is there, and parse it.
*/
if (isc_buffer_remaininglength(&j->it.source) < 10) {
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
}
rdtype = isc_buffer_getuint16(&j->it.source);
@ -2056,14 +2037,14 @@ read_one_rr(dns_journal_t *j) {
"%s: journal corrupt: impossible rdlen "
"(%u bytes)",
j->filename, rdlen);
FAIL(ISC_R_FAILURE);
CHECK(ISC_R_FAILURE);
}
/*
* Parse the rdata.
*/
if (isc_buffer_remaininglength(&j->it.source) != rdlen) {
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
}
isc_buffer_setactive(&j->it.source, rdlen);
dns_rdata_reset(&j->it.rdata);
@ -2079,7 +2060,7 @@ read_one_rr(dns_journal_t *j) {
result = ISC_R_SUCCESS;
failure:
cleanup:
j->it.result = result;
return result;
}
@ -2255,7 +2236,7 @@ dns_diff_subtract(dns_diff_t diff[2], dns_diff_t *r) {
ISC_LIST_APPENDLIST(r->tuples, del, link);
ISC_LIST_APPENDLIST(r->tuples, add, link);
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -2347,16 +2328,16 @@ diff_namespace(dns_db_t *dba, dns_dbversion_t *dbvera, dns_db_t *dbb,
next:;
}
if (itresult[0] != ISC_R_NOMORE) {
FAIL(itresult[0]);
CHECK(itresult[0]);
}
if (itresult[1] != ISC_R_NOMORE) {
FAIL(itresult[1]);
CHECK(itresult[1]);
}
INSIST(ISC_LIST_EMPTY(diff[0].tuples));
INSIST(ISC_LIST_EMPTY(diff[1].tuples));
failure:
cleanup:
dns_dbiterator_destroy(&dbit[1]);
cleanup_iterator:
@ -2412,7 +2393,7 @@ dns_db_diffx(dns_diff_t *diff, dns_db_t *dba, dns_dbversion_t *dbvera,
}
}
failure:
cleanup:
if (journal != NULL) {
dns_journal_destroy(&journal);
}
@ -2796,7 +2777,7 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
if (result != ISC_R_SUCCESS &&
result != ISC_R_FILENOTFOUND)
{
goto failure;
CHECK(result);
}
if (rename(filename, backup) == -1) {
goto maperrno;
@ -2807,14 +2788,13 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial,
(void)isc_file_remove(backup);
} else {
maperrno:
result = ISC_R_FAILURE;
goto failure;
CHECK(ISC_R_FAILURE);
}
}
result = ISC_R_SUCCESS;
failure:
cleanup:
(void)isc_file_remove(newname);
if (buf != NULL) {
isc_mem_put(mctx, buf, size);
@ -2851,6 +2831,6 @@ index_to_disk(dns_journal_t *j) {
CHECK(journal_seek(j, sizeof(journal_rawheader_t)));
CHECK(journal_write(j, j->rawindex, rawbytes));
}
failure:
cleanup:
return result;
}

33
lib/dns/keymgr.c
View file

@ -34,13 +34,6 @@
#include <dst/dst.h>
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*
* Set key state to `target` state and change last changed
* to `time`, only if key state has not been set before.
@ -494,9 +487,9 @@ keymgr_createkey(dns_kasp_key_t *kkey, const dns_name_t *origin,
if (dns_kasp_key_ksk(kkey)) {
keyflags |= DNS_KEYFLAG_KSK;
}
RETERR(dst_key_generate(origin, algo, size, 0, keyflags,
DNS_KEYPROTO_DNSSEC, rdclass, mctx,
&newkey, NULL));
CHECK(dst_key_generate(origin, algo, size, 0, keyflags,
DNS_KEYPROTO_DNSSEC, rdclass, mctx,
&newkey, NULL));
/* Key collision? */
conflict = keymgr_keyid_conflict(newkey, keylist);
@ -520,7 +513,7 @@ keymgr_createkey(dns_kasp_key_t *kkey, const dns_name_t *origin,
*dst_key = newkey;
return ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -2238,7 +2231,7 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass,
}
/* See if this key requires a rollover. */
RETERR(keymgr_key_rollover(
CHECK(keymgr_key_rollover(
kkey, active_key, keyring, &newkeys, origin, rdclass,
kasp, lifetime, rollover_allowed, now, nexttime, mctx));
}
@ -2268,14 +2261,14 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass,
}
if (modified && !dkey->purge) {
dns_dnssec_get_hints(dkey, now);
RETERR(dst_key_tofile(dkey->key, options, directory));
CHECK(dst_key_tofile(dkey->key, options, directory));
}
dst_key_setmodified(dkey->key, false);
}
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dir_open) {
isc_dir_close(&dir);
}
@ -2437,7 +2430,7 @@ static void
rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp, isc_stdtime_t now,
isc_buffer_t *buf, bool zsk) {
char timestr[26]; /* Minimal buf as per ctime_r() spec. */
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
isc_stdtime_t active_time = 0;
dst_key_state_t state = NA, goal = NA;
int rrsig, active, retire;
@ -2469,9 +2462,9 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp, isc_stdtime_t now,
state = NA;
(void)dst_key_getstate(key, DST_KEY_DNSKEY, &state);
if (state == RUMOURED || state == OMNIPRESENT) {
ret = dst_key_gettime(key, DST_TIME_DELETE,
&remove_time);
if (ret == ISC_R_SUCCESS) {
result = dst_key_gettime(key, DST_TIME_DELETE,
&remove_time);
if (result == ISC_R_SUCCESS) {
isc_buffer_printf(buf, " Key is retired, will "
"be removed on ");
isc_stdtime_tostring(remove_time, timestr,
@ -2484,8 +2477,8 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp, isc_stdtime_t now,
}
} else {
isc_stdtime_t retire_time = 0;
ret = dst_key_gettime(key, retire, &retire_time);
if (ret == ISC_R_SUCCESS) {
result = dst_key_gettime(key, retire, &retire_time);
if (result == ISC_R_SUCCESS) {
if (now < retire_time) {
if (goal == OMNIPRESENT) {
isc_buffer_printf(buf,

13
lib/dns/masterdump.c
View file

@ -52,19 +52,6 @@
#define DNS_DCTX_MAGIC ISC_MAGIC('D', 'c', 't', 'x')
#define DNS_DCTX_VALID(d) ISC_MAGIC_VALID(d, DNS_DCTX_MAGIC)
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
#define CHECK(x) \
do { \
if ((x) != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
struct dns_master_style {
dns_masterstyle_flags_t flags; /* DNS_STYLEFLAG_* */
unsigned int ttl_column;

13
lib/dns/nsec.c
View file

@ -30,13 +30,6 @@
#include <dst/dst.h>
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
void
dns_nsec_setbit(unsigned char *array, unsigned int type, unsigned int bit) {
unsigned int shift, mask;
@ -189,20 +182,20 @@ dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
dns_rdataset_init(&rdataset);
dns_rdata_init(&rdata);
RETERR(dns_nsec_buildrdata(db, version, node, target, data, &rdata));
CHECK(dns_nsec_buildrdata(db, version, node, target, data, &rdata));
dns_rdatalist_init(&rdatalist);
rdatalist.rdclass = dns_db_class(db);
rdatalist.type = dns_rdatatype_nsec;
rdatalist.ttl = ttl;
ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
RETERR(dns_rdatalist_tordataset(&rdatalist, &rdataset));
CHECK(dns_rdatalist_tordataset(&rdatalist, &rdataset));
result = dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL);
if (result == DNS_R_UNCHANGED) {
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}

151
lib/dns/nsec3.c
View file

@ -41,13 +41,6 @@
#include <dst/dst.h>
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define OPTOUT(x) (((x) & DNS_NSEC3FLAG_OPTOUT) != 0)
#define CREATE(x) (((x) & DNS_NSEC3FLAG_CREATE) != 0)
#define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0)
@ -444,22 +437,16 @@ delnsec3(dns_db_t *db, dns_dbversion_t *version, const dns_name_t *name,
continue;
}
result = dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, name,
rdataset.ttl, &rdata, &tuple);
if (result != ISC_R_SUCCESS) {
goto failure;
}
result = do_one_tuple(&tuple, db, version, diff);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, name,
rdataset.ttl, &rdata, &tuple));
CHECK(do_one_tuple(&tuple, db, version, diff));
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
result = ISC_R_SUCCESS;
failure:
cleanup:
dns_rdataset_disassociate(&rdataset);
cleanup_node:
dns_db_detachnode(db, &node);
@ -532,7 +519,7 @@ find_nsec3(dns_rdata_nsec3_t *nsec3, dns_rdataset_t *rdataset,
break;
}
}
failure:
cleanup:
return result;
}
@ -640,14 +627,14 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
} else if (CREATE(nsec3param->flags) && OPTOUT(flags)) {
result = dns_nsec3_delnsec3(db, version, name,
nsec3param, diff);
goto failure;
goto cleanup;
} else {
maybe_remove_unsecure = true;
}
} else {
dns_rdataset_disassociate(&rdataset);
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
}
}
@ -677,9 +664,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
dns_rdataset_disassociate(&rdataset);
continue;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
if (maybe_remove_unsecure) {
dns_rdataset_disassociate(&rdataset);
@ -691,7 +676,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
if (OPTOUT(nsec3.flags)) {
result = dns_nsec3_delnsec3(db, version, name,
nsec3param, diff);
goto failure;
goto cleanup;
}
goto addnsec3;
} else {
@ -701,7 +686,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
*/
if (OPTOUT(nsec3.flags) && unsecure) {
dns_rdataset_disassociate(&rdataset);
goto failure;
goto cleanup;
}
}
@ -795,7 +780,7 @@ addnsec3:
break;
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
}
@ -824,9 +809,7 @@ addnsec3:
dns_rdataset_disassociate(&rdataset);
continue;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
old_next = nsec3.next;
old_length = nsec3.next_length;
@ -886,7 +869,7 @@ addnsec3:
/* result cannot be ISC_R_NOMORE here */
INSIST(result != ISC_R_NOMORE);
failure:
cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
@ -960,7 +943,7 @@ dns_nsec3_addnsec3s(dns_db_t *db, dns_dbversion_t *version,
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1036,7 +1019,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, const dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
goto failure;
goto cleanup;
}
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
@ -1056,7 +1039,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, const dns_name_t *name,
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -1128,9 +1111,7 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset))
@ -1157,23 +1138,23 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
dns_rdata_reset(&rdata);
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
dns_rdataset_disassociate(&rdataset);
try_private:
if (privatetype == 0) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
result = dns_db_findrdataset(db, node, ver, privatetype, 0,
(isc_stdtime_t)0, &rdataset, NULL);
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset))
@ -1215,12 +1196,12 @@ try_private:
}
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1252,7 +1233,7 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version,
result = dns_db_findrdataset(db, node, version, type, 0, 0, &prdataset,
NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
CHECK(result);
}
result = dns_db_findrdataset(db, node, version,
@ -1261,9 +1242,7 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* Update each active NSEC3 chain.
@ -1287,15 +1266,17 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version,
nsecttl, unsecure, diff));
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
dns_rdataset_disassociate(&rdataset);
try_private:
if (!dns_rdataset_isassociated(&prdataset)) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
/*
* Update each active NSEC3 chain.
*/
@ -1328,10 +1309,10 @@ try_private:
nsecttl, unsecure, diff));
}
if (result == ISC_R_NOMORE) {
success:
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1439,9 +1420,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
goto cleanup_orphaned_ents;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
CHECK(dns_dbiterator_current(dbit, &node, NULL));
CHECK(dns_dbiterator_pause(dbit));
@ -1451,9 +1430,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND) {
goto cleanup_orphaned_ents;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* If we find a existing NSEC3 for this chain then save the
@ -1467,11 +1444,9 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_NOMORE) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
}
CHECK(result);
/*
* Find the previous NSEC3 and update it.
@ -1497,9 +1472,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
dns_rdataset_disassociate(&rdataset);
continue;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* Delete the old previous NSEC3.
@ -1553,11 +1526,10 @@ cleanup_orphaned_ents:
salt_length));
result = dns_dbiterator_seek(dbit, hashname);
if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
CHECK(dns_dbiterator_current(dbit, &node, NULL));
CHECK(dns_dbiterator_pause(dbit));
@ -1566,11 +1538,10 @@ cleanup_orphaned_ents:
(isc_stdtime_t)0, &rdataset, NULL);
dns_db_detachnode(db, &node);
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
result = find_nsec3(&nsec3, &rdataset, nsec3param);
if (result == ISC_R_SUCCESS) {
@ -1580,11 +1551,9 @@ cleanup_orphaned_ents:
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_NOMORE) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
}
CHECK(result);
pass = 0;
do {
@ -1607,9 +1576,7 @@ cleanup_orphaned_ents:
dns_rdataset_disassociate(&rdataset);
continue;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* Delete the old previous NSEC3.
@ -1642,10 +1609,9 @@ cleanup_orphaned_ents:
CHECK(delnsec3(db, version, hashname, nsec3param, diff));
} while (1);
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
@ -1689,9 +1655,7 @@ dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
/*
* Update each active NSEC3 chain.
@ -1716,16 +1680,16 @@ dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version,
try_private:
if (privatetype == 0) {
goto success;
result = ISC_R_SUCCESS;
goto cleanup;
}
result = dns_db_findrdataset(db, node, version, privatetype, 0, 0,
&rdataset, NULL);
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
result = ISC_R_SUCCESS;
goto cleanup;
}
CHECK(result);
/*
* Update each NSEC3 chain being built.
@ -1758,11 +1722,10 @@ try_private:
CHECK(dns_nsec3_delnsec3(db, version, name, &nsec3param, diff));
}
if (result == ISC_R_NOMORE) {
success:
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}

162
lib/dns/opensslecdsa_link.c
View file

@ -51,17 +51,17 @@
#error "P-384 group is not known (NID_secp384r1)"
#endif /* ifndef NID_secp384r1 */
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
#define DST_RET(a) \
{ \
result = a; \
goto cleanup; \
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
static isc_result_t
raw_key_to_ossl(unsigned int key_alg, int private, const unsigned char *key,
size_t key_len, EVP_PKEY **pkey) {
isc_result_t ret;
isc_result_t result;
int status;
const char *groupname;
OSSL_PARAM_BLD *bld = NULL;
@ -141,9 +141,9 @@ raw_key_to_ossl(unsigned int key_alg, int private, const unsigned char *key,
DST_R_OPENSSLFAILURE));
}
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
if (params != NULL) {
OSSL_PARAM_free(params);
}
@ -157,14 +157,14 @@ err:
BN_clear_free(priv);
}
return ret;
return result;
}
#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
*/
static isc_result_t
opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
EVP_MD_CTX *evp_md_ctx;
const EVP_MD *type = NULL;
@ -205,8 +205,8 @@ opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
err:
return ret;
cleanup:
return result;
}
static void
@ -225,7 +225,7 @@ opensslecdsa_destroyctx(dst_context_t *dctx) {
static isc_result_t
opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 ||
@ -250,8 +250,8 @@ opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
}
}
err:
return ret;
cleanup:
return result;
}
static int
@ -269,7 +269,7 @@ BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size) {
static isc_result_t
opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
isc_region_t region;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
@ -320,19 +320,19 @@ opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_region_consume(&region, siglen / 2);
ECDSA_SIG_free(ecdsasig);
isc_buffer_add(sig, siglen);
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
if (sigder != NULL && sigder_alloced != 0) {
isc_mem_put(dctx->mctx, sigder, sigder_alloced);
}
return ret;
return result;
}
static isc_result_t
opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
int status;
unsigned char *cp = sig->base;
@ -388,19 +388,19 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
switch (status) {
case 1:
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
break;
case 0:
ret = dst__openssl_toresult(DST_R_VERIFYFAILURE);
result = dst__openssl_toresult(DST_R_VERIFYFAILURE);
break;
default:
ret = dst__openssl_toresult3(dctx->category,
"EVP_DigestVerifyFinal",
DST_R_VERIFYFAILURE);
result = dst__openssl_toresult3(dctx->category,
"EVP_DigestVerifyFinal",
DST_R_VERIFYFAILURE);
break;
}
err:
cleanup:
if (ecdsasig != NULL) {
ECDSA_SIG_free(ecdsasig);
}
@ -408,12 +408,12 @@ err:
isc_mem_put(dctx->mctx, sigder, sigder_alloced);
}
return ret;
return result;
}
static bool
opensslecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
bool ret;
bool result;
EVP_PKEY *pkey1 = key1->keydata.pkey;
EVP_PKEY *pkey2 = key2->keydata.pkey;
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
@ -464,9 +464,9 @@ opensslecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
ERR_clear_error();
}
ret = true;
result = true;
err:
cleanup:
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
if (eckey1 != NULL) {
EC_KEY_free(eckey1);
@ -483,12 +483,12 @@ err:
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
return ret;
return result;
}
static isc_result_t
opensslecdsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
isc_result_t ret;
isc_result_t result;
int status;
EVP_PKEY *pkey = NULL;
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
@ -577,9 +577,9 @@ opensslecdsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
key->keydata.pkey = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
@ -596,12 +596,12 @@ err:
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
return ret;
return result;
}
static bool
opensslecdsa_isprivate(const dst_key_t *key) {
bool ret;
bool result;
EVP_PKEY *pkey;
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
EC_KEY *eckey;
@ -620,22 +620,22 @@ opensslecdsa_isprivate(const dst_key_t *key) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
eckey = EVP_PKEY_get1_EC_KEY(pkey);
ret = (eckey != NULL && EC_KEY_get0_private_key(eckey) != NULL);
result = (eckey != NULL && EC_KEY_get0_private_key(eckey) != NULL);
if (eckey != NULL) {
EC_KEY_free(eckey);
} else {
ERR_clear_error();
}
#else
ret = (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv) ==
1 &&
priv != NULL);
result = (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
&priv) == 1 &&
priv != NULL);
if (priv != NULL) {
BN_clear_free(priv);
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
return ret;
return result;
}
static void
@ -650,7 +650,7 @@ opensslecdsa_destroy(dst_key_t *key) {
static isc_result_t
opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey;
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
EC_KEY *eckey = NULL;
@ -719,9 +719,9 @@ opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) {
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
isc_buffer_add(data, len);
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
if (eckey != NULL) {
EC_KEY_free(eckey);
@ -735,12 +735,12 @@ err:
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
return ret;
return result;
}
static isc_result_t
opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey = NULL;
isc_region_t r;
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
@ -803,29 +803,29 @@ opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
DST_RET(dst__openssl_toresult(ISC_R_FAILURE));
}
#else
ret = raw_key_to_ossl(key->key_alg, 0, r.base, len, &pkey);
if (ret != ISC_R_SUCCESS) {
DST_RET(ret);
result = raw_key_to_ossl(key->key_alg, 0, r.base, len, &pkey);
if (result != ISC_R_SUCCESS) {
DST_RET(result);
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
isc_buffer_forward(data, len);
key->keydata.pkey = pkey;
key->key_size = len * 4;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
if (eckey != NULL) {
EC_KEY_free(eckey);
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
return ret;
return result;
}
static isc_result_t
opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey;
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
EC_KEY *eckey = NULL;
@ -895,9 +895,9 @@ opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
}
priv.nelements = i;
ret = dst__privstruct_writefile(key, &priv, directory);
result = dst__privstruct_writefile(key, &priv, directory);
err:
cleanup:
if (buf != NULL && privkey != NULL) {
isc_mem_put(key->mctx, buf, BN_num_bytes(privkey));
}
@ -911,7 +911,7 @@ err:
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
return ret;
return result;
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
@ -940,7 +940,7 @@ ecdsa_check(EC_KEY *eckey, EC_KEY *pubeckey) {
#else
static isc_result_t
ecdsa_check(EVP_PKEY **pkey, EVP_PKEY *pubpkey) {
isc_result_t ret = ISC_R_FAILURE;
isc_result_t result = ISC_R_FAILURE;
int status;
size_t pkey_len = 0;
BIGNUM *x = NULL;
@ -1057,7 +1057,7 @@ ecdsa_check(EVP_PKEY **pkey, EVP_PKEY *pubpkey) {
DST_RET(ISC_R_SUCCESS);
}
err:
cleanup:
if (ctx != NULL) {
EVP_PKEY_CTX_free(ctx);
}
@ -1077,7 +1077,7 @@ err:
BN_clear_free(y);
}
return ret;
return result;
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
@ -1186,7 +1186,7 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
static isc_result_t
opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
isc_result_t result;
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
EC_KEY *eckey = NULL;
EC_KEY *pubeckey = NULL;
@ -1200,11 +1200,8 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->key_alg == DST_ALG_ECDSA384);
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, key->mctx,
&priv);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, key->mctx,
&priv));
if (key->external) {
if (priv.nelements != 0 || pub == NULL) {
@ -1236,10 +1233,7 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
if (label != NULL) {
ret = opensslecdsa_fromlabel(key, engine, label, NULL);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(opensslecdsa_fromlabel(key, engine, label, NULL));
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
eckey = EVP_PKEY_get1_EC_KEY(key->keydata.pkey);
@ -1249,28 +1243,22 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
} else {
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
ret = dst__key_to_eckey(key, &eckey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__key_to_eckey(key, &eckey));
ret = load_privkey_from_privstruct(eckey, &priv, privkey_index);
CHECK(load_privkey_from_privstruct(eckey, &priv,
privkey_index));
#else
if (key->keydata.pkey != NULL) {
EVP_PKEY_free(key->keydata.pkey);
key->keydata.pkey = NULL;
}
ret = raw_key_to_ossl(key->key_alg, 1,
CHECK(raw_key_to_ossl(key->key_alg, 1,
priv.elements[privkey_index].data,
priv.elements[privkey_index].length,
&key->keydata.pkey);
&key->keydata.pkey));
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
if (ret != ISC_R_SUCCESS) {
goto err;
}
finalize_key = true;
}
@ -1284,7 +1272,7 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
if (finalize_key) {
ret = finalize_eckey(key, eckey, engine, label);
result = finalize_eckey(key, eckey, engine, label);
}
#else
if (ecdsa_check(&key->keydata.pkey,
@ -1295,11 +1283,11 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
if (finalize_key) {
ret = finalize_eckey(key, engine, label);
result = finalize_eckey(key, engine, label);
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
err:
cleanup:
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
if (pubeckey != NULL) {
EC_KEY_free(pubeckey);
@ -1308,21 +1296,21 @@ err:
EC_KEY_free(eckey);
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
key->keydata.generic = NULL;
}
dst__privstruct_free(&priv, key->mctx);
isc_safe_memwipe(&priv, sizeof(priv));
return ret;
return result;
}
static isc_result_t
opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
const char *pin) {
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
ENGINE *e;
EC_KEY *eckey = NULL;
EC_KEY *pubeckey = NULL;
@ -1395,7 +1383,7 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
key->keydata.pkey = pkey;
pkey = NULL;
err:
cleanup:
if (pubpkey != NULL) {
EVP_PKEY_free(pubpkey);
}
@ -1409,7 +1397,7 @@ err:
EC_KEY_free(eckey);
}
return ret;
return result;
#else
UNUSED(key);
UNUSED(engine);

94
lib/dns/openssleddsa_link.c
View file

@ -38,10 +38,10 @@
#include "dst_parse.h"
#include "openssl_shim.h"
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
#define DST_RET(a) \
{ \
result = a; \
goto cleanup; \
}
#if HAVE_OPENSSL_ED25519
@ -59,7 +59,7 @@
static isc_result_t
raw_key_to_ossl(unsigned int key_alg, int private, const unsigned char *key,
size_t *key_len, EVP_PKEY **pkey) {
isc_result_t ret;
isc_result_t result;
int pkey_type = EVP_PKEY_NONE;
size_t len = 0;
@ -79,9 +79,9 @@ raw_key_to_ossl(unsigned int key_alg, int private, const unsigned char *key,
return ISC_R_NOTIMPLEMENTED;
}
ret = (private ? DST_R_INVALIDPRIVATEKEY : DST_R_INVALIDPUBLICKEY);
result = (private ? DST_R_INVALIDPRIVATEKEY : DST_R_INVALIDPUBLICKEY);
if (*key_len < len) {
return ret;
return result;
}
if (private) {
@ -90,7 +90,7 @@ raw_key_to_ossl(unsigned int key_alg, int private, const unsigned char *key,
*pkey = EVP_PKEY_new_raw_public_key(pkey_type, NULL, key, len);
}
if (*pkey == NULL) {
return dst__openssl_toresult(ret);
return dst__openssl_toresult(result);
}
*key_len = len;
@ -156,7 +156,7 @@ openssleddsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
static isc_result_t
openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
isc_region_t tbsreg;
isc_region_t sigreg;
@ -196,19 +196,19 @@ openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
DST_R_SIGNFAILURE));
}
isc_buffer_add(sig, (unsigned int)siglen);
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_MD_CTX_free(ctx);
isc_buffer_free(&buf);
dctx->ctxdata.generic = NULL;
return ret;
return result;
}
static isc_result_t
openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
isc_result_t ret;
isc_result_t result;
dst_key_t *key = dctx->key;
int status;
isc_region_t tbsreg;
@ -254,23 +254,24 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
switch (status) {
case 1:
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
break;
case 0:
ret = dst__openssl_toresult(DST_R_VERIFYFAILURE);
result = dst__openssl_toresult(DST_R_VERIFYFAILURE);
break;
default:
ret = dst__openssl_toresult3(dctx->category, "EVP_DigestVerify",
DST_R_VERIFYFAILURE);
result = dst__openssl_toresult3(dctx->category,
"EVP_DigestVerify",
DST_R_VERIFYFAILURE);
break;
}
err:
cleanup:
EVP_MD_CTX_free(ctx);
isc_buffer_free(&buf);
dctx->ctxdata.generic = NULL;
return ret;
return result;
}
static bool
@ -294,7 +295,7 @@ openssleddsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
static isc_result_t
openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
int nid = 0, status;
@ -339,11 +340,11 @@ openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
}
key->keydata.pkey = pkey;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
EVP_PKEY_CTX_free(ctx);
return ret;
return result;
}
static bool
@ -412,7 +413,6 @@ openssleddsa_todns(const dst_key_t *key, isc_buffer_t *data) {
static isc_result_t
openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
isc_region_t r;
size_t len;
EVP_PKEY *pkey;
@ -426,10 +426,7 @@ openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
}
len = r.length;
ret = raw_key_to_ossl(key->key_alg, 0, r.base, &len, &pkey);
if (ret != ISC_R_SUCCESS) {
return ret;
}
RETERR(raw_key_to_ossl(key->key_alg, 0, r.base, &len, &pkey));
isc_buffer_forward(data, len);
key->keydata.pkey = pkey;
@ -439,7 +436,7 @@ openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
static isc_result_t
openssleddsa_tofile(const dst_key_t *key, const char *directory) {
isc_result_t ret;
isc_result_t result;
dst_private_t priv;
unsigned char *buf = NULL;
size_t len;
@ -492,13 +489,13 @@ openssleddsa_tofile(const dst_key_t *key, const char *directory) {
}
priv.nelements = i;
ret = dst__privstruct_writefile(key, &priv, directory);
result = dst__privstruct_writefile(key, &priv, directory);
err:
cleanup:
if (buf != NULL) {
isc_mem_put(key->mctx, buf, len);
}
return ret;
return result;
}
static isc_result_t
@ -515,7 +512,7 @@ eddsa_check(EVP_PKEY *pkey, EVP_PKEY *pubpkey) {
static isc_result_t
openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
isc_result_t result;
int i, privkey_index = -1;
const char *engine = NULL, *label = NULL;
EVP_PKEY *pkey = NULL, *pubpkey = NULL;
@ -526,10 +523,7 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->key_alg == DST_ALG_ED448);
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv));
if (key->external) {
if (priv.nelements != 0) {
@ -566,10 +560,7 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
if (label != NULL) {
ret = openssleddsa_fromlabel(key, engine, label, NULL);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(openssleddsa_fromlabel(key, engine, label, NULL));
if (eddsa_check(key->keydata.pkey, pubpkey) != ISC_R_SUCCESS) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
}
@ -581,30 +572,27 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
len = priv.elements[privkey_index].length;
ret = raw_key_to_ossl(key->key_alg, 1,
priv.elements[privkey_index].data, &len, &pkey);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(raw_key_to_ossl(key->key_alg, 1,
priv.elements[privkey_index].data, &len, &pkey));
if (eddsa_check(pkey, pubpkey) != ISC_R_SUCCESS) {
EVP_PKEY_free(pkey);
DST_RET(DST_R_INVALIDPRIVATEKEY);
}
key->keydata.pkey = pkey;
key->key_size = len * 8;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
dst__privstruct_free(&priv, mctx);
isc_safe_memwipe(&priv, sizeof(priv));
return ret;
return result;
}
static isc_result_t
openssleddsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
const char *pin) {
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
isc_result_t ret;
isc_result_t result;
ENGINE *e;
EVP_PKEY *pkey = NULL, *pubpkey = NULL;
int baseid = EVP_PKEY_NONE;
@ -654,16 +642,16 @@ openssleddsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
key->key_size = EVP_PKEY_bits(pkey);
key->keydata.pkey = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
if (pubpkey != NULL) {
EVP_PKEY_free(pubpkey);
}
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
return ret;
return result;
#else /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */
UNUSED(key);
UNUSED(engine);

79
lib/dns/opensslrsa_link.c
View file

@ -42,10 +42,10 @@
#include "dst_parse.h"
#include "openssl_shim.h"
#define DST_RET(a) \
{ \
ret = a; \
goto err; \
#define DST_RET(a) \
{ \
result = a; \
goto cleanup; \
}
static isc_result_t
@ -256,7 +256,7 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
static bool
opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
bool ret;
bool result;
int status;
EVP_PKEY *pkey1 = key1->keydata.pkey;
EVP_PKEY *pkey2 = key2->keydata.pkey;
@ -323,9 +323,9 @@ opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
}
}
ret = true;
result = true;
err:
cleanup:
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
if (rsa1 != NULL) {
RSA_free(rsa1);
@ -354,7 +354,7 @@ err:
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
return ret;
return result;
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
@ -392,7 +392,7 @@ progress_cb(EVP_PKEY_CTX *ctx) {
static isc_result_t
opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
isc_result_t ret;
isc_result_t result;
union {
void *dptr;
void (*fptr)(int);
@ -500,9 +500,9 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
key->keydata.pkey = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
@ -521,7 +521,7 @@ err:
if (e != NULL) {
BN_free(e);
}
return ret;
return result;
}
static bool
@ -584,7 +584,7 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_region_t r;
unsigned int e_bytes;
unsigned int mod_bytes;
isc_result_t ret;
isc_result_t result;
EVP_PKEY *pkey;
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
RSA *rsa;
@ -641,8 +641,8 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_buffer_add(data, e_bytes + mod_bytes);
ret = ISC_R_SUCCESS;
err:
result = ISC_R_SUCCESS;
cleanup:
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
if (rsa != NULL) {
RSA_free(rsa);
@ -655,12 +655,12 @@ err:
BN_free(n);
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
return ret;
return result;
}
static isc_result_t
opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
isc_result_t result;
int status;
isc_region_t r;
unsigned int e_bytes;
@ -778,9 +778,9 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->keydata.pkey = pkey;
pkey = NULL;
ret = ISC_R_SUCCESS;
result = ISC_R_SUCCESS;
err:
cleanup:
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
if (rsa != NULL) {
@ -807,12 +807,12 @@ err:
EVP_PKEY_free(pkey);
}
return ret;
return result;
}
static isc_result_t
opensslrsa_tofile(const dst_key_t *key, const char *directory) {
isc_result_t ret;
isc_result_t result;
dst_private_t priv = { 0 };
unsigned char *bufs[8] = { NULL };
unsigned short i = 0;
@ -952,9 +952,9 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
}
priv.nelements = i;
ret = dst__privstruct_writefile(key, &priv, directory);
result = dst__privstruct_writefile(key, &priv, directory);
err:
cleanup:
for (i = 0; i < ARRAY_SIZE(bufs); i++) {
if (bufs[i] != NULL) {
isc_mem_put(key->mctx, bufs[i],
@ -990,7 +990,7 @@ err:
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
return ret;
return result;
}
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
@ -1053,7 +1053,7 @@ rsa_check(RSA *rsa, RSA *pub) {
#else
static isc_result_t
rsa_check(EVP_PKEY *pkey, EVP_PKEY *pubpkey) {
isc_result_t ret = ISC_R_FAILURE;
isc_result_t result = ISC_R_FAILURE;
int status;
BIGNUM *n1 = NULL, *n2 = NULL;
BIGNUM *e1 = NULL, *e2 = NULL;
@ -1101,7 +1101,7 @@ rsa_check(EVP_PKEY *pkey, EVP_PKEY *pubpkey) {
DST_RET(ISC_R_SUCCESS);
}
err:
cleanup:
if (n1 != NULL) {
BN_free(n1);
}
@ -1115,14 +1115,14 @@ err:
BN_free(e2);
}
return ret;
return result;
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
static isc_result_t
opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
isc_result_t result;
int i;
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
RSA *rsa = NULL, *pubrsa = NULL;
@ -1152,10 +1152,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
mctx = key->mctx;
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
if (ret != ISC_R_SUCCESS) {
goto err;
}
CHECK(dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv));
if (key->external) {
if (priv.nelements != 0 || pub == NULL) {
@ -1405,7 +1402,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->keydata.pkey = pkey;
pkey = NULL;
err:
cleanup:
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
@ -1451,14 +1448,14 @@ err:
BN_clear_free(iqmp);
}
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
if (ret != ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS) {
key->keydata.generic = NULL;
}
dst__privstruct_free(&priv, mctx);
isc_safe_memwipe(&priv, sizeof(priv));
return ret;
return result;
}
static isc_result_t
@ -1466,7 +1463,7 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
const char *pin) {
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE *e = NULL;
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
EVP_PKEY *pkey = NULL, *pubpkey = NULL;
RSA *rsa = NULL, *pubrsa = NULL;
const BIGNUM *ex = NULL;
@ -1520,7 +1517,7 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
key->keydata.pkey = pkey;
pkey = NULL;
err:
cleanup:
if (rsa != NULL) {
RSA_free(rsa);
}
@ -1533,7 +1530,7 @@ err:
if (pubpkey != NULL) {
EVP_PKEY_free(pubpkey);
}
return ret;
return result;
#else /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */
UNUSED(key);
UNUSED(engine);
@ -1651,7 +1648,7 @@ check_algorithm(unsigned char algorithm) {
const EVP_MD *type = NULL;
const unsigned char *sig = NULL;
int status;
isc_result_t ret = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
size_t len;
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
RSA *rsa = NULL;
@ -1769,7 +1766,7 @@ check_algorithm(unsigned char algorithm) {
DST_RET(ISC_R_NOTIMPLEMENTED);
}
err:
cleanup:
BN_free(e);
BN_free(n);
#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
@ -1794,7 +1791,7 @@ err:
EVP_MD_CTX_destroy(evp_md_ctx);
}
ERR_clear_error();
return ret;
return result;
}
isc_result_t

23
lib/dns/private.c
View file

@ -44,13 +44,6 @@
#define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0)
#define NONSEC(x) (((x) & DNS_NSEC3FLAG_NONSEC) != 0)
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*
* Work out if 'param' should be ignored or not (i.e. it is in the process
* of being removed).
@ -126,14 +119,14 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver,
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec, 0,
(isc_stdtime_t)0, &nsecset, NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3param, 0,
(isc_stdtime_t)0, &nsec3paramset, NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
if (dns_rdataset_isassociated(&nsecset) &&
@ -152,8 +145,8 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver,
result = dns_db_findrdataset(db, node, ver, privatetype, 0,
(isc_stdtime_t)0, &privateset,
NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
if (result != ISC_R_NOTFOUND) {
CHECK(result);
}
}
@ -318,7 +311,7 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver,
success:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (dns_rdataset_isassociated(&nsecset)) {
dns_rdataset_disassociate(&nsecset);
}
@ -412,6 +405,6 @@ dns_private_totext(dns_rdata_t *private, isc_buffer_t *buf) {
isc_buffer_putuint8(buf, 0);
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}

7
lib/dns/rbt.c
View file

@ -42,13 +42,6 @@
#include <dns/log.h>
#include <dns/rbt.h>
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define RBT_MAGIC ISC_MAGIC('R', 'B', 'T', '+')
#define VALID_RBT(rbt) ISC_MAGIC_VALID(rbt, RBT_MAGIC)

7
lib/dns/rbtdb.c
View file

@ -65,13 +65,6 @@
#define RBTDB_MAGIC ISC_MAGIC('R', 'B', 'D', '4')
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Note that "impmagic" is not the first four bytes of the struct, so
* ISC_MAGIC_VALID cannot be used.

7
lib/dns/rcode.c
View file

@ -37,13 +37,6 @@
#include <dns/secalg.h>
#include <dns/secproto.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
#define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */
#define TOTEXTONLY 0x01

14
lib/dns/rdata.c
View file

@ -48,13 +48,6 @@
#include <dns/time.h>
#include <dns/ttl.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
#define RETTOK(x) \
do { \
isc_result_t _r = (x); \
@ -64,13 +57,6 @@
} \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define CHECKTOK(op) \
do { \
result = (op); \

239
lib/dns/tkey.c
View file

@ -54,13 +54,6 @@
#define TEMP_BUFFER_SZ 8192
#define TKEY_RANDOM_AMOUNT 16
#define RETERR(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
static void
tkey_log(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
@ -167,7 +160,7 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata,
dns_rdataset_t *newset = NULL;
isc_buffer_t *tmprdatabuf = NULL;
RETERR(dns_message_gettemprdata(msg, &newrdata));
CHECK(dns_message_gettemprdata(msg, &newrdata));
dns_rdata_toregion(rdata, &r);
isc_buffer_allocate(msg->mctx, &tmprdatabuf, r.length);
@ -176,17 +169,17 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata,
dns_rdata_fromregion(newrdata, rdata->rdclass, rdata->type, &newr);
dns_message_takebuffer(msg, &tmprdatabuf);
RETERR(dns_message_gettempname(msg, &newname));
CHECK(dns_message_gettempname(msg, &newname));
dns_name_copy(name, newname);
RETERR(dns_message_gettemprdatalist(msg, &newlist));
CHECK(dns_message_gettemprdatalist(msg, &newlist));
newlist->rdclass = newrdata->rdclass;
newlist->type = newrdata->type;
newlist->ttl = ttl;
ISC_LIST_APPEND(newlist->rdata, newrdata, link);
RETERR(dns_message_gettemprdataset(msg, &newset));
RETERR(dns_rdatalist_tordataset(newlist, newset));
CHECK(dns_message_gettemprdataset(msg, &newset));
CHECK(dns_rdatalist_tordataset(newlist, newset));
ISC_LIST_INIT(newname->list);
ISC_LIST_APPEND(newname->list, newset, link);
@ -195,7 +188,7 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata,
return ISC_R_SUCCESS;
failure:
cleanup:
if (newrdata != NULL) {
if (ISC_LINK_LINKED(newrdata, link)) {
INSIST(newlist != NULL);
@ -430,10 +423,10 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
}
}
RETERR(add_rdata_to_list(msg, keyname, &keyrdata, ttl, namelist));
CHECK(add_rdata_to_list(msg, keyname, &keyrdata, ttl, namelist));
isc_buffer_init(&ourkeybuf, keydata, sizeof(keydata));
RETERR(dst_key_todns(tctx->dhkey, &ourkeybuf));
CHECK(dst_key_todns(tctx->dhkey, &ourkeybuf));
isc_buffer_usedregion(&ourkeybuf, &ourkeyr);
dns_rdata_fromregion(&ourkeyrdata, dns_rdataclass_any,
dns_rdatatype_key, &ourkeyr);
@ -444,16 +437,16 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
/*
* XXXBEW The TTL should be obtained from the database, if it exists.
*/
RETERR(add_rdata_to_list(msg, &ourname, &ourkeyrdata, 0, namelist));
CHECK(add_rdata_to_list(msg, &ourname, &ourkeyrdata, 0, namelist));
RETERR(dst_key_secretsize(tctx->dhkey, &sharedsize));
CHECK(dst_key_secretsize(tctx->dhkey, &sharedsize));
isc_buffer_allocate(msg->mctx, &shared, sharedsize);
result = dst_key_computesecret(pubkey, tctx->dhkey, shared);
if (result != ISC_R_SUCCESS) {
tkey_log("process_dhtkey: failed to compute shared secret: %s",
isc_result_totext(result));
goto failure;
goto cleanup;
}
dst_key_free(&pubkey);
@ -467,10 +460,10 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
r.length = TKEY_RANDOM_AMOUNT;
r2.base = tkeyin->key;
r2.length = tkeyin->keylen;
RETERR(compute_secret(shared, &r2, &r, &secret));
CHECK(compute_secret(shared, &r2, &r, &secret));
isc_buffer_free(&shared);
RETERR(dns_tsigkey_create(
CHECK(dns_tsigkey_create(
name, &tkeyin->algorithm, isc_buffer_base(&secret),
isc_buffer_usedlength(&secret), true, signer, tkeyin->inception,
tkeyin->expire, ring->mctx, ring, NULL));
@ -484,7 +477,7 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
return ISC_R_SUCCESS;
failure:
cleanup:
if (!ISC_LIST_EMPTY(*namelist)) {
free_namelist(msg, namelist);
}
@ -566,7 +559,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
return ISC_R_SUCCESS;
}
if (result != DNS_R_CONTINUE && result != ISC_R_SUCCESS) {
goto failure;
CHECK(result);
}
/*
* XXXDCL Section 4.1.3: Limit GSS_S_CONTINUE_NEEDED to 10 times.
@ -584,8 +577,8 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
#endif /* HAVE_GSSAPI */
uint32_t expire;
RETERR(dst_key_fromgssapi(name, gss_ctx, ring->mctx, &dstkey,
&intoken));
CHECK(dst_key_fromgssapi(name, gss_ctx, ring->mctx, &dstkey,
&intoken));
/*
* Limit keys to 1 hour or the context's lifetime whichever
* is smaller.
@ -597,7 +590,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
expire = now + lifetime;
}
#endif /* HAVE_GSSAPI */
RETERR(dns_tsigkey_createfromkey(
CHECK(dns_tsigkey_createfromkey(
name, &tkeyin->algorithm, dstkey, true, principal, now,
expire, ring->mctx, ring, &tsigkey));
dst_key_free(&dstkey);
@ -639,7 +632,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
return ISC_R_SUCCESS;
failure:
cleanup:
if (tsigkey != NULL) {
dns_tsigkey_detach(&tsigkey);
}
@ -743,26 +736,23 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
dns_rdatatype_tkey, 0, &name,
&tkeyset) != ISC_R_SUCCESS)
{
result = DNS_R_FORMERR;
tkey_log("dns_tkey_processquery: couldn't find a TKEY "
"matching the question");
goto failure;
CHECK(DNS_R_FORMERR);
}
}
result = dns_rdataset_first(tkeyset);
if (result != ISC_R_SUCCESS) {
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
dns_rdata_init(&rdata);
dns_rdataset_current(tkeyset, &rdata);
RETERR(dns_rdata_tostruct(&rdata, &tkeyin, NULL));
CHECK(dns_rdata_tostruct(&rdata, &tkeyin, NULL));
freetkeyin = true;
if (tkeyin.error != dns_rcode_noerror) {
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
/*
@ -779,8 +769,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
} else {
tkey_log("dns_tkey_processquery: query was not "
"properly signed - rejecting");
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
} else {
signer = &tsigner;
@ -814,8 +803,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
if (tctx->domain == NULL && tkeyin.mode != DNS_TKEYMODE_GSSAPI)
{
tkey_log("dns_tkey_processquery: tkey-domain not set");
result = DNS_R_REFUSED;
goto failure;
CHECK(DNS_R_REFUSED);
}
keyname = dns_fixedname_initname(&fkeyname);
@ -843,35 +831,25 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
}
isc_buffer_init(&b, randomtext, sizeof(randomtext));
isc_buffer_add(&b, sizeof(randomtext));
result = dns_name_fromtext(keyname, &b, NULL, 0, NULL);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_name_fromtext(keyname, &b, NULL, 0, NULL));
}
if (tkeyin.mode == DNS_TKEYMODE_GSSAPI) {
/* Yup. This is a hack */
result = dns_name_concatenate(keyname, dns_rootname,
keyname, NULL);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_name_concatenate(keyname, dns_rootname,
keyname, NULL));
} else {
result = dns_name_concatenate(keyname, tctx->domain,
keyname, NULL);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_name_concatenate(keyname, tctx->domain,
keyname, NULL));
}
result = dns_tsigkey_find(&tsigkey, keyname, NULL, ring);
if (result == ISC_R_SUCCESS) {
tkeyout.error = dns_tsigerror_badname;
dns_tsigkey_detach(&tsigkey);
goto failure_with_tkey;
} else if (result != ISC_R_NOTFOUND) {
goto failure;
CHECK(result);
}
} else {
keyname = qname;
@ -880,23 +858,23 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
switch (tkeyin.mode) {
case DNS_TKEYMODE_DIFFIEHELLMAN:
tkeyout.error = dns_rcode_noerror;
RETERR(process_dhtkey(msg, signer, keyname, &tkeyin, tctx,
&tkeyout, ring, &namelist));
CHECK(process_dhtkey(msg, signer, keyname, &tkeyin, tctx,
&tkeyout, ring, &namelist));
break;
case DNS_TKEYMODE_GSSAPI:
tkeyout.error = dns_rcode_noerror;
RETERR(process_gsstkey(msg, keyname, &tkeyin, tctx, &tkeyout,
ring));
CHECK(process_gsstkey(msg, keyname, &tkeyin, tctx, &tkeyout,
ring));
break;
case DNS_TKEYMODE_DELETE:
tkeyout.error = dns_rcode_noerror;
RETERR(process_deletetkey(signer, keyname, &tkeyin, &tkeyout,
ring));
CHECK(process_deletetkey(signer, keyname, &tkeyin, &tkeyout,
ring));
break;
case DNS_TKEYMODE_SERVERASSIGNED:
case DNS_TKEYMODE_RESOLVERASSIGNED:
result = DNS_R_NOTIMP;
goto failure;
goto cleanup;
default:
tkeyout.error = dns_tsigerror_badmode;
}
@ -920,13 +898,11 @@ failure_with_tkey:
if (tkeyout.other != NULL) {
isc_mem_put(tkeyout.mctx, tkeyout.other, tkeyout.otherlen);
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
RETERR(add_rdata_to_list(msg, keyname, &rdata, 0, &namelist));
CHECK(add_rdata_to_list(msg, keyname, &rdata, 0, &namelist));
RETERR(dns_message_reply(msg, true));
CHECK(dns_message_reply(msg, true));
name = ISC_LIST_HEAD(namelist);
while (name != NULL) {
@ -938,7 +914,7 @@ failure_with_tkey:
return ISC_R_SUCCESS;
failure:
cleanup:
if (freetkeyin) {
dns_rdata_freestruct(&tkeyin);
@ -964,28 +940,28 @@ buildquery(dns_message_t *msg, const dns_name_t *name, dns_rdata_tkey_t *tkey,
REQUIRE(name != NULL);
REQUIRE(tkey != NULL);
RETERR(dns_message_gettempname(msg, &qname));
RETERR(dns_message_gettempname(msg, &aname));
CHECK(dns_message_gettempname(msg, &qname));
CHECK(dns_message_gettempname(msg, &aname));
RETERR(dns_message_gettemprdataset(msg, &question));
CHECK(dns_message_gettemprdataset(msg, &question));
dns_rdataset_makequestion(question, dns_rdataclass_any,
dns_rdatatype_tkey);
len = 16 + tkey->algorithm.length + tkey->keylen + tkey->otherlen;
isc_buffer_allocate(msg->mctx, &dynbuf, len);
RETERR(dns_message_gettemprdata(msg, &rdata));
CHECK(dns_message_gettemprdata(msg, &rdata));
RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_tkey, tkey, dynbuf));
CHECK(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_tkey, tkey, dynbuf));
dns_message_takebuffer(msg, &dynbuf);
RETERR(dns_message_gettemprdatalist(msg, &tkeylist));
CHECK(dns_message_gettemprdatalist(msg, &tkeylist));
tkeylist->rdclass = dns_rdataclass_any;
tkeylist->type = dns_rdatatype_tkey;
ISC_LIST_APPEND(tkeylist->rdata, rdata, link);
RETERR(dns_message_gettemprdataset(msg, &tkeyset));
RETERR(dns_rdatalist_tordataset(tkeylist, tkeyset));
CHECK(dns_message_gettemprdataset(msg, &tkeyset));
CHECK(dns_rdatalist_tordataset(tkeylist, tkeyset));
dns_name_copy(name, qname);
dns_name_copy(name, aname);
@ -1007,7 +983,7 @@ buildquery(dns_message_t *msg, const dns_name_t *name, dns_rdata_tkey_t *tkey,
return ISC_R_SUCCESS;
failure:
cleanup:
if (qname != NULL) {
dns_message_puttempname(msg, &qname);
}
@ -1079,11 +1055,11 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key,
tkey.other = NULL;
tkey.otherlen = 0;
RETERR(buildquery(msg, name, &tkey, false));
CHECK(buildquery(msg, name, &tkey, false));
RETERR(dns_message_gettemprdata(msg, &rdata));
CHECK(dns_message_gettemprdata(msg, &rdata));
isc_buffer_allocate(msg->mctx, &dynbuf, 1024);
RETERR(dst_key_todns(key, dynbuf));
CHECK(dst_key_todns(key, dynbuf));
isc_buffer_usedregion(dynbuf, &r);
dns_rdata_fromregion(rdata, dns_rdataclass_any, dns_rdatatype_key, &r);
dns_message_takebuffer(msg, &dynbuf);
@ -1092,7 +1068,7 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key,
dns_name_clone(dst_key_name(key), &keyname);
ISC_LIST_INIT(namelist);
RETERR(add_rdata_to_list(msg, &keyname, rdata, 0, &namelist));
CHECK(add_rdata_to_list(msg, &keyname, rdata, 0, &namelist));
item = ISC_LIST_HEAD(namelist);
while (item != NULL) {
dns_name_t *next = ISC_LIST_NEXT(item, link);
@ -1103,7 +1079,7 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key,
return ISC_R_SUCCESS;
failure:
cleanup:
if (dynbuf != NULL) {
isc_buffer_free(&dynbuf);
@ -1242,12 +1218,12 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
if (rmsg->rcode != dns_rcode_noerror) {
return dns_result_fromrcode(rmsg->rcode);
}
RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
CHECK(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
CHECK(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
freertkey = true;
RETERR(find_tkey(qmsg, &tempname, &qtkeyrdata, DNS_SECTION_ADDITIONAL));
RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
CHECK(find_tkey(qmsg, &tempname, &qtkeyrdata, DNS_SECTION_ADDITIONAL));
CHECK(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
if (rtkey.error != dns_rcode_noerror ||
rtkey.mode != DNS_TKEYMODE_DIFFIEHELLMAN ||
@ -1257,9 +1233,8 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
{
tkey_log("dns_tkey_processdhresponse: tkey mode invalid "
"or error set(1)");
result = DNS_R_INVALIDTKEY;
dns_rdata_freestruct(&qtkey);
goto failure;
CHECK(DNS_R_INVALIDTKEY);
}
dns_rdata_freestruct(&qtkey);
@ -1269,9 +1244,9 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
ourkeyname = NULL;
ourkeyset = NULL;
RETERR(dns_message_findname(rmsg, DNS_SECTION_ANSWER, &keyname,
dns_rdatatype_key, 0, &ourkeyname,
&ourkeyset));
CHECK(dns_message_findname(rmsg, DNS_SECTION_ANSWER, &keyname,
dns_rdatatype_key, 0, &ourkeyname,
&ourkeyset));
result = dns_message_firstname(rmsg, DNS_SECTION_ANSWER);
while (result == ISC_R_SUCCESS) {
@ -1285,7 +1260,7 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
result = dns_message_findtype(theirkeyname, dns_rdatatype_key,
0, &theirkeyset);
if (result == ISC_R_SUCCESS) {
RETERR(dns_rdataset_first(theirkeyset));
CHECK(dns_rdataset_first(theirkeyset));
break;
}
next:
@ -1295,18 +1270,17 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
if (theirkeyset == NULL) {
tkey_log("dns_tkey_processdhresponse: failed to find server "
"key");
result = ISC_R_NOTFOUND;
goto failure;
CHECK(ISC_R_NOTFOUND);
}
dns_rdataset_current(theirkeyset, &theirkeyrdata);
RETERR(dns_dnssec_keyfromrdata(theirkeyname, &theirkeyrdata, rmsg->mctx,
&theirkey));
CHECK(dns_dnssec_keyfromrdata(theirkeyname, &theirkeyrdata, rmsg->mctx,
&theirkey));
RETERR(dst_key_secretsize(key, &sharedsize));
CHECK(dst_key_secretsize(key, &sharedsize));
isc_buffer_allocate(rmsg->mctx, &shared, sharedsize);
RETERR(dst_key_computesecret(theirkey, key, shared));
CHECK(dst_key_computesecret(theirkey, key, shared));
isc_buffer_init(&secret, secretdata, sizeof(secretdata));
@ -1318,7 +1292,7 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
r2.base = NULL;
r2.length = 0;
}
RETERR(compute_secret(shared, &r2, &r, &secret));
CHECK(compute_secret(shared, &r2, &r, &secret));
isc_buffer_usedregion(&secret, &r);
result = dns_tsigkey_create(tkeyname, &rtkey.algorithm, r.base,
@ -1329,7 +1303,7 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
dst_key_free(&theirkey);
return result;
failure:
cleanup:
if (shared != NULL) {
isc_buffer_free(&shared);
}
@ -1370,8 +1344,8 @@ dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg,
if (rmsg->rcode != dns_rcode_noerror) {
return dns_result_fromrcode(rmsg->rcode);
}
RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
CHECK(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
CHECK(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
/*
* Win2k puts the item in the ANSWER section, while the RFC
@ -1384,11 +1358,9 @@ dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg,
result = find_tkey(qmsg, &tkeyname, &qtkeyrdata,
DNS_SECTION_ANSWER);
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
CHECK(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
if (rtkey.error != dns_rcode_noerror ||
rtkey.mode != DNS_TKEYMODE_GSSAPI ||
@ -1399,26 +1371,25 @@ dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg,
rtkey.error);
dumpmessage(qmsg);
dumpmessage(rmsg);
result = DNS_R_INVALIDTKEY;
goto failure;
CHECK(DNS_R_INVALIDTKEY);
}
isc_buffer_init(outtoken, array, sizeof(array));
isc_buffer_init(&intoken, rtkey.key, rtkey.keylen);
RETERR(dst_gssapi_initctx(gname, &intoken, outtoken, context,
ring->mctx, err_message));
CHECK(dst_gssapi_initctx(gname, &intoken, outtoken, context, ring->mctx,
err_message));
RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey,
NULL));
CHECK(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey,
NULL));
RETERR(dns_tsigkey_createfromkey(
CHECK(dns_tsigkey_createfromkey(
tkeyname, DNS_TSIG_GSSAPI_NAME, dstkey, false, NULL,
rtkey.inception, rtkey.expire, ring->mctx, ring, outkey));
dst_key_free(&dstkey);
dns_rdata_freestruct(&rtkey);
return result;
failure:
cleanup:
/*
* XXXSRA This probably leaks memory from rtkey and qtkey.
*/
@ -1444,11 +1415,11 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg,
return dns_result_fromrcode(rmsg->rcode);
}
RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
CHECK(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
CHECK(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
RETERR(find_tkey(qmsg, &tempname, &qtkeyrdata, DNS_SECTION_ADDITIONAL));
RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
CHECK(find_tkey(qmsg, &tempname, &qtkeyrdata, DNS_SECTION_ADDITIONAL));
CHECK(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
if (rtkey.error != dns_rcode_noerror ||
rtkey.mode != DNS_TKEYMODE_DELETE || rtkey.mode != qtkey.mode ||
@ -1457,15 +1428,14 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg,
{
tkey_log("dns_tkey_processdeleteresponse: tkey mode invalid "
"or error set(3)");
result = DNS_R_INVALIDTKEY;
dns_rdata_freestruct(&qtkey);
dns_rdata_freestruct(&rtkey);
goto failure;
CHECK(DNS_R_INVALIDTKEY);
}
dns_rdata_freestruct(&qtkey);
RETERR(dns_tsigkey_find(&tsigkey, tkeyname, &rtkey.algorithm, ring));
CHECK(dns_tsigkey_find(&tsigkey, tkeyname, &rtkey.algorithm, ring));
dns_rdata_freestruct(&rtkey);
@ -1478,7 +1448,7 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg,
*/
dns_tsigkey_detach(&tsigkey);
failure:
cleanup:
return result;
}
@ -1507,19 +1477,19 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
return dns_result_fromrcode(rmsg->rcode);
}
RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
CHECK(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
CHECK(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL));
freertkey = true;
if (win2k) {
RETERR(find_tkey(qmsg, &tkeyname, &qtkeyrdata,
DNS_SECTION_ANSWER));
CHECK(find_tkey(qmsg, &tkeyname, &qtkeyrdata,
DNS_SECTION_ANSWER));
} else {
RETERR(find_tkey(qmsg, &tkeyname, &qtkeyrdata,
DNS_SECTION_ADDITIONAL));
CHECK(find_tkey(qmsg, &tkeyname, &qtkeyrdata,
DNS_SECTION_ADDITIONAL));
}
RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
CHECK(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL));
if (rtkey.error != dns_rcode_noerror ||
rtkey.mode != DNS_TKEYMODE_GSSAPI ||
@ -1527,8 +1497,7 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
{
tkey_log("dns_tkey_processdhresponse: tkey mode invalid "
"or error set(4)");
result = DNS_R_INVALIDTKEY;
goto failure;
CHECK(DNS_R_INVALIDTKEY);
}
isc_buffer_init(&intoken, rtkey.key, rtkey.keylen);
@ -1569,12 +1538,12 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
tkey.otherlen = 0;
dns_message_reset(qmsg, DNS_MESSAGE_INTENTRENDER);
RETERR(buildquery(qmsg, tkeyname, &tkey, win2k));
CHECK(buildquery(qmsg, tkeyname, &tkey, win2k));
return DNS_R_CONTINUE;
}
RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey,
NULL));
CHECK(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey,
NULL));
/*
* XXXSRA This seems confused. If we got CONTINUE from initctx,
@ -1582,7 +1551,7 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
* anything yet.
*/
RETERR(dns_tsigkey_createfromkey(
CHECK(dns_tsigkey_createfromkey(
tkeyname, win2k ? DNS_TSIG_GSSAPIMS_NAME : DNS_TSIG_GSSAPI_NAME,
dstkey, true, NULL, rtkey.inception, rtkey.expire, ring->mctx,
ring, outkey));
@ -1590,7 +1559,7 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
dns_rdata_freestruct(&rtkey);
return result;
failure:
cleanup:
/*
* XXXSRA This probably leaks memory from qtkey.
*/

7
lib/dns/ttl.c
View file

@ -30,13 +30,6 @@
#include <dns/ttl.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
static isc_result_t
bind_ttl(isc_textregion_t *source, uint32_t *ttl);

147
lib/dns/update.c
View file

@ -73,116 +73,6 @@
*/
#define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8)
/*%
* Check an operation for failure. These macros all assume that
* the function using them has a 'result' variable and a 'failure'
* label.
*/
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Fail unconditionally with result 'code', which must not
* be ISC_R_SUCCESS. The reason for failure presumably has
* been logged already.
*
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAIL(code) \
do { \
result = (code); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Fail unconditionally and log as a client error.
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAILC(code, msg) \
do { \
const char *_what = "failed"; \
result = (code); \
switch (result) { \
case DNS_R_NXDOMAIN: \
case DNS_R_YXDOMAIN: \
case DNS_R_YXRRSET: \
case DNS_R_NXRRSET: \
_what = "unsuccessful"; \
} \
update_log(log, zone, LOGLEVEL_PROTOCOL, "update %s: %s (%s)", \
_what, msg, isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define FAILN(code, name, msg) \
do { \
const char *_what = "failed"; \
result = (code); \
switch (result) { \
case DNS_R_NXDOMAIN: \
case DNS_R_YXDOMAIN: \
case DNS_R_YXRRSET: \
case DNS_R_NXRRSET: \
_what = "unsuccessful"; \
} \
if (isc_log_wouldlog(dns_lctx, LOGLEVEL_PROTOCOL)) { \
char _nbuf[DNS_NAME_FORMATSIZE]; \
dns_name_format(name, _nbuf, sizeof(_nbuf)); \
update_log(log, zone, LOGLEVEL_PROTOCOL, \
"update %s: %s: %s (%s)", _what, _nbuf, \
msg, isc_result_totext(result)); \
} \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define FAILNT(code, name, type, msg) \
do { \
const char *_what = "failed"; \
result = (code); \
switch (result) { \
case DNS_R_NXDOMAIN: \
case DNS_R_YXDOMAIN: \
case DNS_R_YXRRSET: \
case DNS_R_NXRRSET: \
_what = "unsuccessful"; \
} \
if (isc_log_wouldlog(dns_lctx, LOGLEVEL_PROTOCOL)) { \
char _nbuf[DNS_NAME_FORMATSIZE]; \
char _tbuf[DNS_RDATATYPE_FORMATSIZE]; \
dns_name_format(name, _nbuf, sizeof(_nbuf)); \
dns_rdatatype_format(type, _tbuf, sizeof(_tbuf)); \
update_log(log, zone, LOGLEVEL_PROTOCOL, \
"update %s: %s/%s: %s (%s)", _what, _nbuf, \
_tbuf, msg, isc_result_totext(result)); \
} \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Fail unconditionally and log as a server error.
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAILS(code, msg) \
do { \
result = (code); \
update_log(log, zone, LOGLEVEL_PROTOCOL, "error: %s: %s", msg, \
isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/**************************************************************************/
typedef struct rr rr_t;
@ -735,7 +625,7 @@ namelist_append_name(dns_diff_t *list, dns_name_t *name) {
CHECK(dns_difftuple_create(list->mctx, DNS_DIFFOP_EXISTS, name, 0,
&dummy_rdata, &tuple));
dns_diff_append(list, &tuple);
failure:
cleanup:
return result;
}
@ -765,7 +655,7 @@ namelist_append_subdomain(dns_db_t *db, dns_name_t *name,
if (result == ISC_R_NOMORE) {
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
@ -836,7 +726,7 @@ uniqify_name_list(dns_diff_t *list) {
} while (1);
p = ISC_LIST_NEXT(p, link);
}
failure:
cleanup:
return result;
}
@ -938,8 +828,7 @@ next_active(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
if (wraps == 2) {
update_log(log, zone, ISC_LOG_ERROR,
"secure zone with no NSECs");
result = DNS_R_BADZONE;
goto failure;
CHECK(DNS_R_BADZONE);
}
}
CHECK(dns_dbiterator_current(dbit, &node, newname));
@ -975,7 +864,7 @@ next_active(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
}
}
} while (!has_nsec);
failure:
cleanup:
if (dbit != NULL) {
dns_dbiterator_destroy(&dbit);
}
@ -1027,7 +916,7 @@ add_nsec(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
CHECK(do_one_tuple(&tuple, db, ver, diff));
INSIST(tuple == NULL);
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -1052,7 +941,7 @@ add_placeholder_nsec(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name, 0, &rdata,
&tuple));
CHECK(do_one_tuple(&tuple, db, ver, diff));
failure:
cleanup:
return result;
}
@ -1074,7 +963,7 @@ find_zone_keys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
nkeys);
dns_zone_unlock_keyfiles(zone);
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -1275,7 +1164,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
result = ISC_R_NOTFOUND;
}
failure:
cleanup:
if (dns_rdataset_isassociated(&rdataset)) {
dns_rdataset_disassociate(&rdataset);
}
@ -1306,9 +1195,8 @@ del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
return ISC_R_SUCCESS;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_rrsig,
dns_rdatatype_dnskey, (isc_stdtime_t)0,
&rdataset, NULL);
@ -1317,9 +1205,7 @@ del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
return ISC_R_SUCCESS;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset))
@ -1363,7 +1249,8 @@ del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
if (result == ISC_R_NOMORE) {
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -1568,7 +1455,7 @@ dns_update_signaturesinc(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
update_log(log, zone, ISC_LOG_ERROR,
"could not get zone keys for secure "
"dynamic update");
goto failure;
goto cleanup;
}
isc_stdtime_get(&state->now);
@ -2012,7 +1899,7 @@ next_state:
if (!state->build_nsec3) {
update_log(log, zone, ISC_LOG_DEBUG(3),
"no NSEC3 chains to rebuild");
goto failure;
goto cleanup;
}
update_log(log, zone, ISC_LOG_DEBUG(3),
@ -2186,7 +2073,7 @@ next_state:
UNREACHABLE();
}
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}

7
lib/dns/view.c
View file

@ -64,13 +64,6 @@
#include <dns/zone.h>
#include <dns/zt.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
#define RESSHUTDOWN(v) \
((atomic_load(&(v)->attributes) & DNS_VIEWATTR_RESSHUTDOWN) != 0)
#define ADBSHUTDOWN(v) \

151
lib/dns/xfrin.c
View file

@ -51,25 +51,6 @@
* Incoming AXFR and IXFR.
*/
/*%
* It would be non-sensical (or at least obtuse) to use FAIL() with an
* ISC_R_SUCCESS code, but the test is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAIL(code) \
do { \
result = (code); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* The states of the *XFR state machine. We handle both IXFR and AXFR
* with a single integrated state machine because they cannot be distinguished
@ -294,7 +275,7 @@ axfr_init(dns_xfrin_ctx_t *xfr) {
dns_rdatacallbacks_init(&xfr->axfr);
CHECK(dns_db_beginload(xfr->db, &xfr->axfr));
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -317,7 +298,7 @@ axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, dns_name_t *name,
CHECK(axfr_apply(xfr));
}
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -335,12 +316,11 @@ axfr_apply(dns_xfrin_ctx_t *xfr) {
if (xfr->maxrecords != 0U) {
result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL);
if (result == ISC_R_SUCCESS && records > xfr->maxrecords) {
result = DNS_R_TOOMANYRECORDS;
goto failure;
CHECK(DNS_R_TOOMANYRECORDS);
}
}
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -353,7 +333,7 @@ axfr_commit(dns_xfrin_ctx_t *xfr) {
CHECK(dns_zone_verifydb(xfr->zone, xfr->db, NULL));
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -364,7 +344,7 @@ axfr_finalize(dns_xfrin_ctx_t *xfr) {
CHECK(dns_zone_replacedb(xfr->zone, xfr->db, true));
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -395,7 +375,7 @@ ixfr_init(dns_xfrin_ctx_t *xfr) {
}
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -419,7 +399,7 @@ ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, dns_name_t *name,
CHECK(ixfr_apply(xfr));
}
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -441,20 +421,16 @@ ixfr_apply(dns_xfrin_ctx_t *xfr) {
if (xfr->maxrecords != 0U) {
result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL);
if (result == ISC_R_SUCCESS && records > xfr->maxrecords) {
result = DNS_R_TOOMANYRECORDS;
goto failure;
CHECK(DNS_R_TOOMANYRECORDS);
}
}
if (xfr->ixfr.journal != NULL) {
result = dns_journal_writediff(xfr->ixfr.journal, &xfr->diff);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_journal_writediff(xfr->ixfr.journal, &xfr->diff));
}
dns_diff_clear(&xfr->diff);
xfr->difflen = 0;
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -473,7 +449,7 @@ ixfr_commit(dns_xfrin_ctx_t *xfr) {
dns_zone_markdirty(xfr->zone);
}
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -500,7 +476,7 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, uint32_t ttl,
dns_rdatatype_format(rdata->type, buf, sizeof(buf));
xfrin_log(xfr, ISC_LOG_NOTICE,
"Unexpected %s record in zone transfer", buf);
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
}
/*
@ -515,7 +491,7 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, uint32_t ttl,
dns_name_format(name, namebuf, sizeof(namebuf));
xfrin_log(xfr, ISC_LOG_DEBUG(3), "SOA name mismatch: '%s'",
namebuf);
FAIL(DNS_R_NOTZONETOP);
CHECK(DNS_R_NOTZONETOP);
}
redo:
@ -524,7 +500,7 @@ redo:
if (rdata->type != dns_rdatatype_soa) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"non-SOA response to SOA query");
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
}
xfr->end_serial = dns_soa_getserial(rdata);
if (!DNS_SERIAL_GT(xfr->end_serial, xfr->ixfr.request_serial) &&
@ -534,7 +510,7 @@ redo:
"requested serial %u, "
"primary has %u, not updating",
xfr->ixfr.request_serial, xfr->end_serial);
FAIL(DNS_R_UPTODATE);
CHECK(DNS_R_UPTODATE);
}
xfr->state = XFRST_GOTSOA;
break;
@ -549,7 +525,7 @@ redo:
if (rdata->type != dns_rdatatype_soa) {
xfrin_log(xfr, ISC_LOG_NOTICE,
"first RR in zone transfer must be SOA");
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
}
/*
* Remember the serial number in the initial SOA.
@ -569,7 +545,7 @@ redo:
"requested serial %u, "
"primary has %u, not updating",
xfr->ixfr.request_serial, xfr->end_serial);
FAIL(DNS_R_UPTODATE);
CHECK(DNS_R_UPTODATE);
}
xfr->firstsoa = *rdata;
if (xfr->firstsoa_data != NULL) {
@ -636,7 +612,7 @@ redo:
"IXFR out of sync: "
"expected serial %u, got %u",
xfr->ixfr.current_serial, soa_serial);
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
} else {
CHECK(ixfr_commit(xfr));
xfr->state = XFRST_IXFR_DELSOA;
@ -646,7 +622,7 @@ redo:
if (rdata->type == dns_rdatatype_ns &&
dns_name_iswildcard(name))
{
FAIL(DNS_R_INVALIDNS);
CHECK(DNS_R_INVALIDNS);
}
CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
break;
@ -671,7 +647,7 @@ redo:
xfrin_log(xfr, ISC_LOG_NOTICE,
"start and ending SOA records "
"mismatch");
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
}
CHECK(axfr_commit(xfr));
xfr->state = XFRST_AXFR_END;
@ -680,13 +656,13 @@ redo:
break;
case XFRST_AXFR_END:
case XFRST_IXFR_END:
FAIL(DNS_R_EXTRADATA);
CHECK(DNS_R_EXTRADATA);
FALLTHROUGH;
default:
UNREACHABLE();
}
result = ISC_R_SUCCESS;
failure:
cleanup:
return result;
}
@ -1010,10 +986,7 @@ get_create_tlsctx(const dns_xfrin_ctx_t *xfr, isc_tlsctx_t **pctx,
* parameters from the configuration file and try to
* store it for further reuse.
*/
result = isc_tlsctx_createclient(&tlsctx);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(isc_tlsctx_createclient(&tlsctx));
tls_versions = dns_transport_get_tls_versions(xfr->transport);
if (tls_versions != 0) {
isc_tlsctx_set_protocols(tlsctx, tls_versions);
@ -1045,12 +1018,8 @@ get_create_tlsctx(const dns_xfrin_ctx_t *xfr, isc_tlsctx_t **pctx,
* CA certificates will be created, just
* as planned.
*/
result = isc_tls_cert_store_create(ca_file,
&store);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(isc_tls_cert_store_create(ca_file,
&store));
} else {
store = found_store;
}
@ -1077,12 +1046,9 @@ get_create_tlsctx(const dns_xfrin_ctx_t *xfr, isc_tlsctx_t **pctx,
* Only SubjectAltName must be checked.
*/
hostname_ignore_subject = true;
result = isc_tlsctx_enable_peer_verification(
CHECK(isc_tlsctx_enable_peer_verification(
tlsctx, false, store, hostname,
hostname_ignore_subject);
if (result != ISC_R_SUCCESS) {
goto failure;
}
hostname_ignore_subject));
/*
* Let's load client certificate and enable
@ -1093,11 +1059,8 @@ get_create_tlsctx(const dns_xfrin_ctx_t *xfr, isc_tlsctx_t **pctx,
if (cert_file != NULL) {
INSIST(key_file != NULL);
result = isc_tlsctx_load_certificate(
tlsctx, key_file, cert_file);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(isc_tlsctx_load_certificate(
tlsctx, key_file, cert_file));
}
}
@ -1171,7 +1134,7 @@ get_create_tlsctx(const dns_xfrin_ctx_t *xfr, isc_tlsctx_t **pctx,
return ISC_R_SUCCESS;
failure:
cleanup:
if (tlsctx != NULL) {
isc_tlsctx_free(&tlsctx);
}
@ -1232,10 +1195,7 @@ xfrin_start(dns_xfrin_ctx_t *xfr) {
connect_xfr, 30000, 0);
break;
case DNS_TRANSPORT_TLS: {
result = get_create_tlsctx(xfr, &tlsctx, &sess_cache);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(get_create_tlsctx(xfr, &tlsctx, &sess_cache));
INSIST(tlsctx != NULL);
isc_nm_tlsdnsconnect(xfr->netmgr, &xfr->sourceaddr,
&xfr->primaryaddr, xfrin_connect_done,
@ -1247,7 +1207,7 @@ xfrin_start(dns_xfrin_ctx_t *xfr) {
return ISC_R_SUCCESS;
failure:
cleanup:
isc_refcount_decrement0(&xfr->connects);
dns_xfrin_detach(&connect_xfr);
return result;
@ -1270,7 +1230,7 @@ render(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t *buf) {
CHECK(dns_message_rendersection(msg, DNS_SECTION_ADDITIONAL, 0));
CHECK(dns_message_renderend(msg));
result = ISC_R_SUCCESS;
failure:
cleanup:
if (cleanup_cctx) {
dns_compress_invalidate(&cctx);
}
@ -1299,13 +1259,13 @@ xfrin_connect_done(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "failed to connect");
goto failure;
goto cleanup;
}
result = isc_nm_xfr_checkperm(handle);
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "connected but unable to transfer");
goto failure;
goto cleanup;
}
zmgr = dns_zone_getmgr(xfr->zone);
@ -1333,7 +1293,7 @@ xfrin_connect_done(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
xfrin_fail(xfr, result, "connected but unable to send");
}
failure:
cleanup:
switch (result) {
case ISC_R_SUCCESS:
break;
@ -1401,8 +1361,7 @@ tuple2msgname(dns_difftuple_t *tuple, dns_message_t *msg, dns_name_t **target) {
*target = name;
return ISC_R_SUCCESS;
failure:
cleanup:
if (rds != NULL) {
dns_rdataset_disassociate(rds);
dns_message_puttemprdataset(msg, &rds);
@ -1501,7 +1460,7 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) {
isc_refcount_increment0(&send_xfr->sends);
isc_nm_send(xfr->handle, &region, xfrin_send_done, send_xfr);
failure:
cleanup:
if (qname != NULL) {
dns_message_puttempname(msg, &qname);
}
@ -1542,7 +1501,7 @@ xfrin_send_done(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
isc_refcount_increment0(&recv_xfr->recvs);
isc_nm_read(recv_xfr->handle, xfrin_recv_done, recv_xfr);
failure:
cleanup:
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "failed sending request data");
}
@ -1629,7 +1588,7 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result,
if (xfr->reqtype == dns_rdatatype_axfr ||
xfr->reqtype == dns_rdatatype_soa)
{
goto failure;
goto cleanup;
}
xfrin_log(xfr, ISC_LOG_DEBUG(3), "got %s, retrying with AXFR",
@ -1658,16 +1617,14 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result,
if (msg->counts[DNS_SECTION_QUESTION] > 1) {
xfrin_log(xfr, ISC_LOG_NOTICE, "too many questions (%u)",
msg->counts[DNS_SECTION_QUESTION]);
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
if ((xfr->state == XFRST_SOAQUERY || xfr->state == XFRST_INITIALSOA) &&
msg->counts[DNS_SECTION_QUESTION] != 1)
{
xfrin_log(xfr, ISC_LOG_NOTICE, "missing question section");
result = DNS_R_FORMERR;
goto failure;
CHECK(DNS_R_FORMERR);
}
for (result = dns_message_firstname(msg, DNS_SECTION_QUESTION);
@ -1679,28 +1636,25 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result,
name = NULL;
dns_message_currentname(msg, DNS_SECTION_QUESTION, &name);
if (!dns_name_equal(name, &xfr->name)) {
result = DNS_R_FORMERR;
xfrin_log(xfr, ISC_LOG_NOTICE,
"question name mismatch");
goto failure;
CHECK(DNS_R_FORMERR);
}
rds = ISC_LIST_HEAD(name->list);
INSIST(rds != NULL);
if (rds->type != xfr->reqtype) {
result = DNS_R_FORMERR;
xfrin_log(xfr, ISC_LOG_NOTICE,
"question type mismatch");
goto failure;
CHECK(DNS_R_FORMERR);
}
if (rds->rdclass != xfr->rdclass) {
result = DNS_R_FORMERR;
xfrin_log(xfr, ISC_LOG_NOTICE,
"question class mismatch");
goto failure;
CHECK(DNS_R_FORMERR);
}
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
/*
@ -1721,14 +1675,14 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result,
if (xfr->reqtype == dns_rdatatype_soa &&
(msg->flags & DNS_MESSAGEFLAG_AA) == 0)
{
FAIL(DNS_R_NOTAUTHORITATIVE);
CHECK(DNS_R_NOTAUTHORITATIVE);
}
result = dns_message_checksig(msg, dns_zone_getview(xfr->zone));
if (result != ISC_R_SUCCESS) {
xfrin_log(xfr, ISC_LOG_DEBUG(3), "TSIG check failed: %s",
isc_result_totext(result));
goto failure;
goto cleanup;
}
for (result = dns_message_firstname(msg, DNS_SECTION_ANSWER);
@ -1753,7 +1707,7 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result,
}
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
if (dns_message_gettsig(msg, &tsigowner) != NULL) {
@ -1779,8 +1733,7 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result,
xfr->state == XFRST_AXFR_END ||
xfr->state == XFRST_IXFR_END)
{
result = DNS_R_EXPECTEDTSIG;
goto failure;
CHECK(DNS_R_EXPECTEDTSIG);
}
}
@ -1850,7 +1803,7 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result,
return;
}
failure:
cleanup:
if (result != ISC_R_SUCCESS) {
xfrin_fail(xfr, result, "failed while receiving responses");
}

470
lib/dns/zone.c
View file

File diff suppressed because it is too large Load diff

7
lib/irs/resconf.c
View file

@ -76,13 +76,6 @@
#define RESCONFMAXLINELEN 256U /*%< max size of a line */
#define RESCONFMAXSORTLIST 10U /*%< max 10 */
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*!
* configuration data structure
*/

7
lib/isc/base32.c
View file

@ -22,13 +22,6 @@
#include <isc/string.h>
#include <isc/util.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
/*@{*/
/*!
* These static functions are also present in lib/dns/rdata.c. I'm not

7
lib/isc/base64.c
View file

@ -21,13 +21,6 @@
#include <isc/string.h>
#include <isc/util.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
/*@{*/
/*!
* These static functions are also present in lib/dns/rdata.c. I'm not

7
lib/isc/hex.c
View file

@ -22,13 +22,6 @@
#include <isc/string.h>
#include <isc/util.h>
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
/*
* BEW: These static functions are copied from lib/dns/rdata.c.
*/

8
lib/isc/httpd.c
View file

@ -37,14 +37,6 @@
#include <zlib.h>
#endif /* ifdef HAVE_ZLIB */
#define CHECK(m) \
do { \
result = (m); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Size the recv buffer to hold at maximum two full buffers from isc_nm_read(),
* so we don't have to handle the truncation.

23
lib/isc/include/isc/util.h
View file

@ -345,6 +345,29 @@ mock_assert(const int result, const char *const expression,
#endif /* UNIT_TESTING */
/*
* Check for ISC_R_SUCCESS. On any other result, jump to a cleanup
* label. (This macro requires the function to define `result`
* and `cleanup:`.)
*/
#define CHECK(r) \
do { \
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*
* Check for ISC_R_SUCCESS and continue if found. For any other
* result, return the result.
*/
#define RETERR(x) \
do { \
isc_result_t _r = (x); \
if (_r != ISC_R_SUCCESS) \
return ((_r)); \
} while (0)
/*%
* Time
*/

8
lib/isccfg/namedconf.c
View file

@ -34,14 +34,6 @@
#define TOKEN_STRING(pctx) (pctx->token.value.as_textregion.base)
/*% Check a return value. */
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/*% Clean up a configuration object if non-NULL. */
#define CLEANUP_OBJ(obj) \
do { \

8
lib/isccfg/parser.c
View file

@ -78,14 +78,6 @@
#define TOKEN_STRING(pctx) (pctx->token.value.as_textregion.base)
/* Check a return value. */
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
/* Clean up a configuration object if non-NULL. */
#define CLEANUP_OBJ(obj) \
do { \

8
lib/ns/hooks.c
View file

@ -34,14 +34,6 @@
#include <ns/log.h>
#include <ns/query.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
struct ns_plugin {
isc_mem_t *mctx;
uv_lib_t handle;

153
lib/ns/update.c
View file

@ -77,34 +77,6 @@
*/
#define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8)
/*%
* Check an operation for failure. These macros all assume that
* the function using them has a 'result' variable and a 'failure'
* label.
*/
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Fail unconditionally with result 'code', which must not
* be ISC_R_SUCCESS. The reason for failure presumably has
* been logged already.
*
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
* from complaining about "end-of-loop code not reached".
*/
#define FAIL(code) \
do { \
result = (code); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*%
* Fail unconditionally and log as a client error.
* The test against ISC_R_SUCCESS is there to keep the Solaris compiler
@ -127,7 +99,7 @@
"update %s: %s (%s)", _what, msg, \
isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
#define PREREQFAILC(code, msg) \
do { \
@ -156,7 +128,7 @@
msg, isc_result_totext(result)); \
} \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
#define PREREQFAILN(code, name, msg) \
do { \
@ -187,7 +159,7 @@
_tbuf, msg, isc_result_totext(result)); \
} \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
#define PREREQFAILNT(code, name, type, msg) \
do { \
@ -206,7 +178,7 @@
update_log(client, zone, LOGLEVEL_PROTOCOL, "error: %s: %s", \
msg, isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
/*
@ -493,7 +465,7 @@ do_diff(dns_diff_t *updates, dns_db_t *db, dns_dbversion_t *ver,
}
return ISC_R_SUCCESS;
failure:
cleanup:
dns_diff_clear(diff);
return result;
}
@ -1063,7 +1035,7 @@ temp_append(dns_diff_t *diff, dns_name_t *name, dns_rdata_t *rdata) {
CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_EXISTS, name, 0,
rdata, &tuple));
ISC_LIST_APPEND(diff->tuples, tuple, link);
failure:
cleanup:
return result;
}
@ -1208,18 +1180,12 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
{
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(&rdataset, &rdata);
result = temp_append(&d_rrs, name, &rdata);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(temp_append(&d_rrs, name, &rdata));
}
if (result != ISC_R_NOMORE) {
goto failure;
}
result = dns_diff_sort(&d_rrs, temp_order);
if (result != ISC_R_SUCCESS) {
goto failure;
goto cleanup;
}
CHECK(dns_diff_sort(&d_rrs, temp_order));
/*
* Collect all update RRs for this name and type
@ -1236,11 +1202,8 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
}
/* Compare the two sorted lists. */
result = temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples),
ISC_LIST_HEAD(d_rrs.tuples));
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples),
ISC_LIST_HEAD(d_rrs.tuples)));
/*
* We are done with the tuples, but we can't free
@ -1253,7 +1216,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
continue;
failure:
cleanup:
dns_diff_clear(&d_rrs);
dns_diff_clear(&u_rrs);
dns_diff_clear(&trash);
@ -1516,7 +1479,7 @@ add_rr_prepare_action(void *data, rr_t *rr) {
dns_diff_append(&ctx->add_diff, &tuple);
}
}
failure:
cleanup:
return result;
}
@ -1584,7 +1547,7 @@ update_soa_serial(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff,
CHECK(do_one_tuple(&addtuple, db, ver, diff));
result = ISC_R_SUCCESS;
failure:
cleanup:
if (addtuple != NULL) {
dns_difftuple_free(&addtuple);
}
@ -1733,7 +1696,7 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) {
}
result = dns_zone_checknames(zone, name, &rdata);
if (result != ISC_R_SUCCESS) {
FAIL(DNS_R_REFUSED);
CHECK(DNS_R_REFUSED);
}
} else if (update_class == dns_rdataclass_any) {
if (ttl != 0 || rdata.length != 0 ||
@ -1750,7 +1713,7 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) {
update_log(client, zone, ISC_LOG_WARNING,
"update RR has incorrect class %d",
update_class);
FAIL(DNS_R_FORMERR);
CHECK(DNS_R_FORMERR);
}
/*
@ -1866,7 +1829,7 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) {
}
}
if (result != ISC_R_NOMORE) {
FAIL(result);
CHECK(result);
}
update_log(client, zone, LOGLEVEL_DEBUG, "update section prescan OK");
@ -1899,7 +1862,7 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) {
dns_zone_gettask(zone, &zonetask);
isc_task_send(zonetask, ISC_EVENT_PTR(&event));
failure:
cleanup:
if (db != NULL) {
dns_db_closeversion(db, &ver, false);
dns_db_detach(&db);
@ -2012,9 +1975,7 @@ ns_update_start(ns_client_t *client, isc_nmhandle_t *handle,
* We can now fail due to a bad signature as we now know
* that we are the primary.
*/
if (sigresult != ISC_R_SUCCESS) {
FAIL(sigresult);
}
CHECK(sigresult);
dns_message_clonebuffer(client->message);
CHECK(send_update_event(client, zone));
break;
@ -2028,7 +1989,7 @@ ns_update_start(ns_client_t *client, isc_nmhandle_t *handle,
}
return;
failure:
cleanup:
if (result == DNS_R_REFUSED) {
inc_stats(client, zone, ns_statscounter_updaterej);
}
@ -2087,7 +2048,7 @@ remove_orphaned_ds(dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff) {
}
result = ISC_R_SUCCESS;
failure:
cleanup:
for (tuple = ISC_LIST_HEAD(temp_diff.tuples); tuple != NULL;
tuple = ISC_LIST_HEAD(temp_diff.tuples))
{
@ -2225,7 +2186,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
goto failure;
goto cleanup;
} else {
CHECK(result);
}
@ -2234,7 +2195,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
if (result == ISC_R_NOTFOUND) {
*flag = false;
result = ISC_R_SUCCESS;
goto failure;
goto cleanup;
}
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
@ -2254,7 +2215,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
result = ISC_R_SUCCESS;
}
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -2281,9 +2242,7 @@ get_iterations(dns_db_t *db, dns_dbversion_t *ver, dns_rdatatype_t privatetype,
if (result == ISC_R_NOTFOUND) {
goto try_private;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset))
@ -2299,7 +2258,7 @@ get_iterations(dns_db_t *db, dns_dbversion_t *ver, dns_rdatatype_t privatetype,
}
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
dns_rdataset_disassociate(&rdataset);
@ -2314,9 +2273,7 @@ try_private:
if (result == ISC_R_NOTFOUND) {
goto success;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(result);
for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset))
@ -2340,14 +2297,14 @@ try_private:
}
}
if (result != ISC_R_NOMORE) {
goto failure;
goto cleanup;
}
success:
*iterationsp = iterations;
result = ISC_R_SUCCESS;
failure:
cleanup:
if (node != NULL) {
dns_db_detachnode(db, &node);
}
@ -2372,8 +2329,7 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
if (!dns_zone_check_dnskey_nsec3(zone, db, ver, diff, NULL, 0)) {
update_log(client, zone, ISC_LOG_ERROR,
"NSEC only DNSKEYs and NSEC3 chains not allowed");
result = DNS_R_REFUSED;
goto failure;
CHECK(DNS_R_REFUSED);
}
/* Verify NSEC3 params */
@ -2381,11 +2337,10 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
if (iterations > dns_nsec3_maxiterations()) {
update_log(client, zone, ISC_LOG_ERROR,
"too many NSEC3 iterations (%u)", iterations);
result = DNS_R_REFUSED;
goto failure;
CHECK(DNS_R_REFUSED);
}
failure:
cleanup:
return result;
}
@ -2660,7 +2615,7 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
}
result = ISC_R_SUCCESS;
failure:
cleanup:
dns_diff_clear(&temp_diff);
return result;
}
@ -2719,7 +2674,7 @@ rollback_private(dns_db_t *db, dns_rdatatype_t privatetype,
}
result = ISC_R_SUCCESS;
failure:
cleanup:
dns_diff_clear(&temp_diff);
return result;
}
@ -2860,7 +2815,7 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype,
}
}
failure:
cleanup:
dns_diff_clear(&temp_diff);
return result;
}
@ -3013,14 +2968,14 @@ update_action(isc_task_t *task, isc_event_t *event) {
UNEXPECTED_ERROR(
"temp entry creation failed: %s",
isc_result_totext(result));
FAIL(ISC_R_UNEXPECTED);
CHECK(ISC_R_UNEXPECTED);
}
} else {
PREREQFAILC(DNS_R_FORMERR, "malformed prerequisite");
}
}
if (result != ISC_R_NOMORE) {
FAIL(result);
CHECK(result);
}
/*
@ -3287,7 +3242,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
if (result != ISC_R_SUCCESS) {
dns_diff_clear(&ctx.del_diff);
dns_diff_clear(&ctx.add_diff);
goto failure;
goto cleanup;
}
result = update_one_rr(
db, ver, &diff, DNS_DIFFOP_ADD,
@ -3299,7 +3254,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
"failed: %s",
isc_result_totext(
result));
goto failure;
goto cleanup;
}
}
}
@ -3390,13 +3345,9 @@ update_action(isc_task_t *task, isc_event_t *event) {
* that are in use (under our control).
*/
if (dns_rdatatype_iskeymaterial(rdata.type)) {
isc_result_t r;
bool inuse = false;
r = dns_zone_dnskey_inuse(zone, &rdata,
&inuse);
if (r != ISC_R_SUCCESS) {
FAIL(r);
}
CHECK(dns_zone_dnskey_inuse(
zone, &rdata, &inuse));
if (inuse) {
char typebuf
[DNS_RDATATYPE_FORMATSIZE];
@ -3423,7 +3374,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
}
}
if (result != ISC_R_NOMORE) {
FAIL(result);
CHECK(result);
}
/*
@ -3442,8 +3393,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
"update rejected: post update name server "
"sanity check failed");
result = DNS_R_REFUSED;
goto failure;
CHECK(DNS_R_REFUSED);
}
}
if (!ISC_LIST_EMPTY(diff.tuples)) {
@ -3452,12 +3402,9 @@ update_action(isc_task_t *task, isc_event_t *event) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
"update rejected: bad %s RRset",
result == DNS_R_BADCDS ? "CDS" : "CDNSKEY");
result = DNS_R_REFUSED;
goto failure;
}
if (result != ISC_R_SUCCESS) {
goto failure;
CHECK(DNS_R_REFUSED);
}
CHECK(result);
}
/*
@ -3499,8 +3446,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
"records removed and "
"'dnssec-secure-to-insecure' "
"not set");
result = DNS_R_REFUSED;
goto failure;
CHECK(DNS_R_REFUSED);
}
}
@ -3533,7 +3479,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
update_log(client, zone, ISC_LOG_ERROR,
"RRSIG/NSEC/NSEC3 update failed: %s",
isc_result_totext(result));
goto failure;
goto cleanup;
}
}
@ -3545,8 +3491,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
"records in zone (%" PRIu64
") exceeds max-records (%u)",
records, maxrecords);
result = DNS_R_TOOMANYRECORDS;
goto failure;
CHECK(DNS_R_TOOMANYRECORDS);
}
}
@ -3674,7 +3619,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
result = ISC_R_SUCCESS;
goto common;
failure:
cleanup:
/*
* The reason for failure should have been logged at this point.
*/

60
lib/ns/xfrout.c
View file

@ -81,7 +81,7 @@
"bad zone transfer request: %s (%s)", msg, \
isc_result_totext(code)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
#define FAILQ(code, msg, question, rdclass) \
@ -96,14 +96,7 @@
"bad zone transfer request: '%s/%s': %s (%s)", \
_buf1, _buf2, msg, isc_result_totext(code)); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) \
goto failure; \
goto cleanup; \
} while (0)
/**************************************************************************/
@ -250,7 +243,7 @@ ixfr_rrstream_create(isc_mem_t *mctx, const char *journal_filename,
*sp = (rrstream_t *)s;
return ISC_R_SUCCESS;
failure:
cleanup:
ixfr_rrstream_destroy((rrstream_t **)(void *)&s);
return result;
}
@ -331,7 +324,7 @@ axfr_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
*sp = (rrstream_t *)s;
return ISC_R_SUCCESS;
failure:
cleanup:
axfr_rrstream_destroy((rrstream_t **)(void *)&s);
return result;
}
@ -451,7 +444,7 @@ soa_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
*sp = (rrstream_t *)s;
return ISC_R_SUCCESS;
failure:
cleanup:
soa_rrstream_destroy((rrstream_t **)(void *)&s);
return result;
}
@ -772,7 +765,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
isc_log_write(XFROUT_COMMON_LOGARGS, ISC_LOG_WARNING,
"%s request denied: %s", mnemonic,
isc_result_totext(result));
goto failure;
goto cleanup;
}
/*
@ -829,7 +822,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
ISC_LOG_ERROR,
"zone transfer '%s/%s' denied",
_buf1, _buf2);
goto failure;
goto cleanup;
}
if (result != ISC_R_SUCCESS) {
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
@ -1171,7 +1164,7 @@ have_stream:
result = ISC_R_SUCCESS;
failure:
cleanup:
if (result == DNS_R_REFUSED) {
inc_stats(client, zone, ns_statscounter_xfrrej);
}
@ -1279,7 +1272,7 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id,
xfr->txmemlen = len;
/*
* These MUST be after the last "goto failure;" / CHECK to
* These MUST be after the last "goto cleanup;" / CHECK to
* prevent a double free by the caller.
*/
xfr->quota = quota;
@ -1387,18 +1380,12 @@ sendstream(xfrout_ctx_t *xfr) {
isc_buffer_add(&xfr->buf, 12 + 4);
qrdataset = NULL;
result = dns_message_gettemprdataset(msg, &qrdataset);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_message_gettemprdataset(msg, &qrdataset));
dns_rdataset_makequestion(qrdataset,
xfr->client->message->rdclass,
xfr->qtype);
result = dns_message_gettempname(msg, &qname);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_message_gettempname(msg, &qname));
isc_buffer_availableregion(&xfr->buf, &r);
INSIST(r.length >= xfr->qname->length);
r.length = xfr->qname->length;
@ -1458,8 +1445,7 @@ sendstream(xfrout_ctx_t *xfr) {
"(%d bytes)",
size);
/* XXX DNS_R_RRTOOLARGE? */
result = ISC_R_NOSPACE;
goto failure;
CHECK(ISC_R_NOSPACE);
}
break;
}
@ -1468,10 +1454,7 @@ sendstream(xfrout_ctx_t *xfr) {
log_rr(name, rdata, ttl); /* XXX */
}
result = dns_message_gettempname(msg, &msgname);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_message_gettempname(msg, &msgname));
isc_buffer_availableregion(&xfr->buf, &r);
INSIST(r.length >= name->length);
r.length = name->length;
@ -1481,20 +1464,14 @@ sendstream(xfrout_ctx_t *xfr) {
/* Reserve space for RR header. */
isc_buffer_add(&xfr->buf, 10);
result = dns_message_gettemprdata(msg, &msgrdata);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_message_gettemprdata(msg, &msgrdata));
isc_buffer_availableregion(&xfr->buf, &r);
r.length = rdata->length;
isc_buffer_putmem(&xfr->buf, rdata->data, rdata->length);
dns_rdata_init(msgrdata);
dns_rdata_fromregion(msgrdata, rdata->rdclass, rdata->type, &r);
result = dns_message_gettemprdatalist(msg, &msgrdl);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_message_gettemprdatalist(msg, &msgrdl));
msgrdl->type = rdata->type;
msgrdl->rdclass = rdata->rdclass;
msgrdl->ttl = ttl;
@ -1507,10 +1484,7 @@ sendstream(xfrout_ctx_t *xfr) {
}
ISC_LIST_APPEND(msgrdl->rdata, msgrdata, link);
result = dns_message_gettemprdataset(msg, &msgrds);
if (result != ISC_R_SUCCESS) {
goto failure;
}
CHECK(dns_message_gettemprdataset(msg, &msgrds));
result = dns_rdatalist_tordataset(msgrdl, msgrds);
INSIST(result == ISC_R_SUCCESS);
@ -1616,7 +1590,7 @@ sendstream(xfrout_ctx_t *xfr) {
/* Advance lasttsig to be the last TSIG generated */
CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig));
failure:
cleanup:
if (msgname != NULL) {
if (msgrds != NULL) {
if (dns_rdataset_isassociated(msgrds)) {

2
tests/dns/rbtdb_test.c
View file

@ -35,11 +35,9 @@
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wshadow"
#undef CHECK
#include "rbtdb.c"
#pragma GCC diagnostic pop
#undef CHECK
#include <tests/dns.h>
const char *ownercase_vectors[12][2] = {

2
tests/dns/update_test.c
View file

@ -38,11 +38,9 @@
*/
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wshadow"
#undef CHECK
#include "update.c"
#pragma GCC diagnostic pop
#undef CHECK
#include <tests/dns.h>
static int